From felix at students.poly.edu Mon Dec 1 02:11:52 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Mon, 1 Dec 2003 02:11:52 -0500 Subject: [nycphp-talk] Viewing HTTP Headers In-Reply-To: <3FCAA5E7.5080502@optonline.net> References: <3FCAA5E7.5080502@optonline.net> Message-ID: <20031201021152.0f55b116.felix@students.poly.edu> I was wondering how to do this a few days ago. I found this little program called swiftsurf which is a basic http proxy. Its very easy to setup. As long as one does not use add blocking it works fast. One just needs to set "request 1 answer 1" in the config file to watch all the headers. I like this solution more because it lets me spy on any type of browser i use. On a related note. I generaly test with Firebird but I took a look at IE and it seems to not want to send If-Modified-Since header even when in cache settings i checked of to check on every page access. Or this could be that IE with wine just dont run right ? On Sun, 30 Nov 2003 21:22:32 -0500 Jeff Siegel wrote: > Thought this would be of interest. Jeff Knight told me about Firebird > (I'm running the Windows version) and one of the really cool extensions > allows you to view HTTP headers. Below is some sample output. > > Jeff Siegel > > > ==================================================== > SAMPLE OUTPUT FROM EXTENSION "LIVE HTTP HEADERS" > ==================================================== > > http://192.168.1.112/mrs/admin/login.php > > POST /mrs/admin/login.php HTTP/1.1 > Host: 192.168.1.112 > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) > Gecko/20031007 Firebird/0.7 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Referer: http://192.168.1.112/mrs/admin/login.php > Cookie: PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8 > Content-Type: application/x-www-form-urlencoded > PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8&usrname=&password=&Submit=Submit > > > HTTP/1.x 200 OK > Date: Sun, 31 Oct 2004 01:17:06 GMT > Server: Apache/2.0.40 (Red Hat Linux) > Accept-Ranges: bytes > X-Powered-By: PHP/4.2.2 > Expires: Thu, 19 Nov 1981 08:52:00 GMT > Cache-Control: no-store, no-cache, must-revalidate, post-check=0, > pre-check=0 > Pragma: no-cache > Connection: close > Transfer-Encoding: chunked > Content-Type: text/html; charset=ISO-8859-1 > ---------------------------------------------------------- > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From simon.attila at marketcom.hu Mon Dec 1 07:20:51 2003 From: simon.attila at marketcom.hu (Simon Attila) Date: Mon, 1 Dec 2003 13:20:51 +0100 Subject: [nycphp-talk] Perl problem: $ENV{'HTTP_COOKIE'} is empty when script is used with SSI Message-ID: <003a01c3b805$8f979890$0b01a8c0@simon> Hi, I desperately looking for help in Perl cookie handling. A script reading $ENV{'HTTP_COOKIE'} is working fine when called directly from a browser (IE6), but when it is inserted to a HTML page with SSI, $ENV{'HTTP_COOKIE'} is empty and my authentication fails. What is the problem? How can I solve it? Please CC tip replies to eugenius at freemail.hu. Thanks in advance. Eug. From brian at preston-campbell.com Mon Dec 1 07:51:29 2003 From: brian at preston-campbell.com (Preston-Campbell) Date: Mon, 1 Dec 2003 07:51:29 -0500 Subject: [nycphp-talk] Quick assitance needed Message-ID: <200312010751.29336.brian@preston-campbell.com> A general plea for help with a project -- I need someone (preferably an independent contractor like myself and located in or near the 5 boros) with experience in customizing OSCommerce. I am running short on time for a looming deadline and have some minor details in the completion of a small site. The changes are not cosmetic, the design is 99% there, I am in need of coding and possibly additions to SQL only. Please contact offlist if interested in making a few bucks. I have a detailed list of what is needed. Brian Preston-Campbell From jsiegel1 at optonline.net Mon Dec 1 09:18:23 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 01 Dec 2003 09:18:23 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt Message-ID: <3FCB4DAF.4090709@optonline.net> I may be faced with a situation where I don't have MCrypt for encrypting/decrypting data. I need to store the PIN numbers in a database and be able to retrieve them. Is there some other method I can use instead? I was thinking, perhaps, something like the following: $myPinNumber = "123DGH"; $sSecret = '7R5D1N3V5C4Y6Z2X'; $ary = array('PIN' => $myPinNumber, 'Secret' => $sSecret); $sEncoded = base64_encode(serialize($ary)); Jeff Siegel From nyphp at websapp.com Mon Dec 1 09:25:27 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Mon, 1 Dec 2003 09:25:27 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <3FCB4DAF.4090709@optonline.net> Message-ID: Hi Jeff, That wouldn't really work. decoding the $sEncoded variable would result in a serialized array, thus exposing your PIN. Best, Daniel > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel > Sent: Monday, December 01, 2003 9:18 AM > To: NYPHP Talk > Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt > > > I may be faced with a situation where I don't have MCrypt for > encrypting/decrypting data. I need to store the PIN numbers in a > database and be able to retrieve them. Is there some other method I can > use instead? I was thinking, perhaps, something like the following: > > $myPinNumber = "123DGH"; > $sSecret = '7R5D1N3V5C4Y6Z2X'; > $ary = array('PIN' => $myPinNumber, 'Secret' => > $sSecret); > $sEncoded = base64_encode(serialize($ary)); > > Jeff Siegel > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From csnyder at chxo.com Mon Dec 1 09:35:04 2003 From: csnyder at chxo.com (Chris Snyder) Date: Mon, 01 Dec 2003 09:35:04 -0500 Subject: [nycphp-talk] Viewing HTTP Headers In-Reply-To: <3FCAA5E7.5080502@optonline.net> References: <3FCAA5E7.5080502@optonline.net> Message-ID: <3FCB5198.6070006@chxo.com> Take a look at Pear's Crypt_Xtea package. http://pear.php.net/package/Crypt_Xtea TEA isn't the most trusted algo on the block, but it's probably better than obfuscation. If you're really serious about encrypting values, you need mcrypt (and some way to keep your encryption key secret). csnyder Jeff Siegel wrote: > Thought this would be of interest. Jeff Knight told me about Firebird > (I'm running the Windows version) and one of the really cool > extensions allows you to view HTTP headers. Below is some sample output. > > Jeff Siegel > > > ==================================================== > SAMPLE OUTPUT FROM EXTENSION "LIVE HTTP HEADERS" > ==================================================== > > http://192.168.1.112/mrs/admin/login.php > > POST /mrs/admin/login.php HTTP/1.1 > Host: 192.168.1.112 > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) > Gecko/20031007 Firebird/0.7 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 > > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Connection: keep-alive > Referer: http://192.168.1.112/mrs/admin/login.php > Cookie: PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8 > Content-Type: application/x-www-form-urlencoded > Content-Length: 75 > PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8&usrname=&password=&Submit=Submit > > > > HTTP/1.x 200 OK > Date: Sun, 31 Oct 2004 01:17:06 GMT > Server: Apache/2.0.40 (Red Hat Linux) > Accept-Ranges: bytes > X-Powered-By: PHP/4.2.2 > Expires: Thu, 19 Nov 1981 08:52:00 GMT > Cache-Control: no-store, no-cache, must-revalidate, post-check=0, > pre-check=0 > Pragma: no-cache > Connection: close > Transfer-Encoding: chunked > Content-Type: text/html; charset=ISO-8859-1 > ---------------------------------------------------------- > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Mon Dec 1 09:38:47 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 01 Dec 2003 09:38:47 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: References: Message-ID: <3FCB5277.5090708@optonline.net> Did I forget to mention that it wasn't the *hottest* code in the world? ;) Jeff Daniel Kushner wrote: > Hi Jeff, > > That wouldn't really work. decoding the $sEncoded variable would result in > a serialized array, thus exposing your PIN. > > Best, > Daniel > > > >>-----Original Message----- >>From: talk-bounces at lists.nyphp.org >>[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel >>Sent: Monday, December 01, 2003 9:18 AM >>To: NYPHP Talk >>Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt >> >> >>I may be faced with a situation where I don't have MCrypt for >>encrypting/decrypting data. I need to store the PIN numbers in a >>database and be able to retrieve them. Is there some other method I can >>use instead? I was thinking, perhaps, something like the following: >> >>$myPinNumber = "123DGH"; >>$sSecret = '7R5D1N3V5C4Y6Z2X'; >>$ary = array('PIN' => $myPinNumber, 'Secret' => >>$sSecret); >>$sEncoded = base64_encode(serialize($ary)); >> >>Jeff Siegel >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From bpang at bpang.com Mon Dec 1 09:40:12 2003 From: bpang at bpang.com (Brian Pang) Date: Mon, 01 Dec 2003 09:40:12 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt Message-ID: I do something similar to this when I need to be able to decrypt something. As long as noone gets a hold of your code to reverse engineer it. Is $sSecret user provided or are you re-using that for all records? I usually also append/prepend/insert my own "garbage" strings to the base64_encode results so that a simple base64_decode doesn't quite produce the "encrypted" data. Of course, don't forget to take them out again when you are decrypting. Also, sometimes I base64_encode the base64_encode result, or three times even... or four.. ain't I sneaky? One other thing to do it to get the ord() value for each char before or after base64-ing it, just to mess things up even more. Use chr() to do the reverse. Finally, write the code for this particular piece in the most cryptic manner that you can and don't comment the code. Don't use easy to follow var names like "sEncoded" Use single letters or other nonsense or random strings for var names, and put in lots of other useless code just to make it hard to interpret should anyone get a hold of it. > I may be faced with a situation where I don't have MCrypt for > encrypting/decrypting data. I need to store the PIN numbers in a > database and be able to retrieve them. Is there some other method I can > use instead? I was thinking, perhaps, something like the following: > > $myPinNumber = "123DGH"; > $sSecret = '7R5D1N3V5C4Y6Z2X'; > $ary = array('PIN' => $myPinNumber, 'Secret' => $sSecret); > $sEncoded = base64_encode(serialize($ary)); > > Jeff Siegel > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > From jsiegel1 at optonline.net Mon Dec 1 09:41:09 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 01 Dec 2003 09:41:09 -0500 Subject: [nycphp-talk] Viewing HTTP Headers In-Reply-To: <3FCB5198.6070006@chxo.com> References: <3FCAA5E7.5080502@optonline.net> <3FCB5198.6070006@chxo.com> Message-ID: <3FCB5305.2070009@optonline.net> Thanks for pointing me to this package. Jeff Chris Snyder wrote: > Take a look at Pear's Crypt_Xtea package. > http://pear.php.net/package/Crypt_Xtea > > TEA isn't the most trusted algo on the block, but it's probably better > than obfuscation. If you're really serious about encrypting values, you > need mcrypt (and some way to keep your encryption key secret). > > csnyder > > > Jeff Siegel wrote: > >> Thought this would be of interest. Jeff Knight told me about Firebird >> (I'm running the Windows version) and one of the really cool >> extensions allows you to view HTTP headers. Below is some sample output. >> >> Jeff Siegel >> >> >> ==================================================== >> SAMPLE OUTPUT FROM EXTENSION "LIVE HTTP HEADERS" >> ==================================================== >> >> http://192.168.1.112/mrs/admin/login.php >> >> POST /mrs/admin/login.php HTTP/1.1 >> Host: 192.168.1.112 >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) >> Gecko/20031007 Firebird/0.7 >> Accept: >> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 >> >> Accept-Language: en-us,en;q=0.5 >> Accept-Encoding: gzip,deflate >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >> Keep-Alive: 300 >> Connection: keep-alive >> Referer: http://192.168.1.112/mrs/admin/login.php >> Cookie: PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8 >> Content-Type: application/x-www-form-urlencoded >> Content-Length: 75 >> PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8&usrname=&password=&Submit=Submit >> >> >> >> HTTP/1.x 200 OK >> Date: Sun, 31 Oct 2004 01:17:06 GMT >> Server: Apache/2.0.40 (Red Hat Linux) >> Accept-Ranges: bytes >> X-Powered-By: PHP/4.2.2 >> Expires: Thu, 19 Nov 1981 08:52:00 GMT >> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, >> pre-check=0 >> Pragma: no-cache >> Connection: close >> Transfer-Encoding: chunked >> Content-Type: text/html; charset=ISO-8859-1 >> ---------------------------------------------------------- >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Mon Dec 1 09:47:53 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 01 Dec 2003 09:47:53 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: References: Message-ID: <3FCB5499.5060805@optonline.net> $sSecret would be used for all records. I'm trying to find out if the client has a particular requirement in terms of encrypting since it's sensitive data. "ain't I sneaky?" - Yes! Jeff Brian Pang wrote: > I do something similar to this when I need to be able to decrypt something. > As long as noone gets a hold of your code to reverse engineer it. > > Is $sSecret user provided or are you re-using that for all records? > > I usually also append/prepend/insert my own "garbage" strings to the > base64_encode results so that a simple base64_decode doesn't quite > produce the "encrypted" data. > Of course, don't forget to take them out again when you are decrypting. > Also, sometimes I base64_encode the base64_encode result, or three times > even... or four.. ain't I sneaky? > One other thing to do it to get the ord() value for each char before or > after base64-ing it, just to mess things up even more. Use chr() to do > the reverse. > > Finally, write the code for this particular piece in the most cryptic > manner that you can and don't comment the code. Don't use easy to follow > var names like "sEncoded" Use single letters or other nonsense or > random strings for var names, and put in lots of other useless code just > to make it hard to interpret should anyone get a hold of it. > > > > >>I may be faced with a situation where I don't have MCrypt for >>encrypting/decrypting data. I need to store the PIN numbers in a >>database and be able to retrieve them. Is there some other method I can >>use instead? I was thinking, perhaps, something like the following: >> >>$myPinNumber = "123DGH"; >>$sSecret = '7R5D1N3V5C4Y6Z2X'; >>$ary = array('PIN' => $myPinNumber, 'Secret' => > > $sSecret); > >>$sEncoded = base64_encode(serialize($ary)); >> >>Jeff Siegel >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> >> > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Mon Dec 1 10:20:39 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 1 Dec 2003 10:20:39 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <3FCB4DAF.4090709@optonline.net> Message-ID: <000301c3b81e$ae5c2570$bf8d3818@oberon1> Jeff Siegel: "...faced with a situation where I don't have Mcrypt..." this might be of interest: http://limonez.net/~jure/php/ Author claims it will store and retrieve sensitive info using MD5 hash (looks like it might work) T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From cmerlo at ncc.edu Mon Dec 1 10:34:17 2003 From: cmerlo at ncc.edu (Christopher R. Merlo) Date: Mon, 1 Dec 2003 10:34:17 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: References: Message-ID: <20031201153417.GA17760@ncc.edu> On 2003-12-01 09:40 -0500, Brian Pang wrote: > Finally, write the code for this particular piece in the most cryptic > manner that you can and don't comment the code. Don't use easy to follow > var names like "sEncoded" Use single letters or other nonsense or > random strings for var names, and put in lots of other useless code just > to make it hard to interpret should anyone get a hold of it. This sounds like a recipe for disaster. If anyone *does* break in to your server, you'd get toasted this way. Also, remember: if it's hard for the attacker to interpret, it will be hard for you to interpret next month. Now I don't know if this helps, but on my site, users type in their password, and I compare it with an MD5 sum already in my DB. If the sums match, that means that the user typed in the correct password, and they're authenticated. This way, no cleartext password gets stored anywhere. -- cmerlo at ncc.edu http://turing.matcmp.ncc.edu/~cmerlo Recursion, n: See recursion. See also tail recursion. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From bpang at bpang.com Mon Dec 1 10:44:59 2003 From: bpang at bpang.com (Brian Pang) Date: Mon, 01 Dec 2003 10:44:59 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt Message-ID: I didn't claim that this approach would be fool proof, and I did, I thought, warn against anyone getting a hold of the code as an obvious security flaw. Ideally, one wouldn't have to re-interpret the code, but at least you would know that there's a bunch of crap in there you can ignore. Comparing an MD5 sum stored in a DB also won't reveal what the stored/encrypted data is, which I think is what was being sought here. > This sounds like a recipe for disaster. If anyone *does* break in to > your server, you'd get toasted this way. > > Also, remember: if it's hard for the attacker to interpret, it will be > hard for you to interpret next month. > > Now I don't know if this helps, but on my site, users type in their > password, and I compare it with an MD5 sum already in my DB. If the > sums match, that means that the user typed in the correct password, > and they're authenticated. This way, no cleartext password gets > stored anywhere. From jsiegel1 at optonline.net Mon Dec 1 10:46:51 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 01 Dec 2003 10:46:51 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <20031201153417.GA17760@ncc.edu> References: <20031201153417.GA17760@ncc.edu> Message-ID: <3FCB626B.2020702@optonline.net> Let me explain the situation in a bit more detail...this may help to clarify what I'm trying to accomplish. I'll be storing 50,000 PIN numbers for phone cards. People will receive a card that has an alphanumeric code. They'll enter the code number into a form and receive an email that has a special URL attached. They'll click on the URL and then the associated PIN number will be displayed on the screen. My intention is to do all of this via SSL. My concern is the encrypting/decrypting of the PIN numbers. I can't use one-way encryption since I need to decrypt the data. The alphanumeric codes will also be stored in an encrypted form. Jeff Christopher R. Merlo wrote: > On 2003-12-01 09:40 -0500, Brian Pang wrote: > > >>Finally, write the code for this particular piece in the most cryptic >>manner that you can and don't comment the code. Don't use easy to follow >>var names like "sEncoded" Use single letters or other nonsense or >>random strings for var names, and put in lots of other useless code just >>to make it hard to interpret should anyone get a hold of it. > > > This sounds like a recipe for disaster. If anyone *does* break in to > your server, you'd get toasted this way. > > Also, remember: if it's hard for the attacker to interpret, it will be > hard for you to interpret next month. > > Now I don't know if this helps, but on my site, users type in their > password, and I compare it with an MD5 sum already in my DB. If the > sums match, that means that the user typed in the correct password, > and they're authenticated. This way, no cleartext password gets > stored anywhere. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From cmerlo at ncc.edu Mon Dec 1 10:57:21 2003 From: cmerlo at ncc.edu (Christopher R. Merlo) Date: Mon, 1 Dec 2003 10:57:21 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: References: Message-ID: <20031201155721.GB17760@ncc.edu> On 2003-12-01 10:44 -0500, Brian Pang wrote: > Ideally, one wouldn't have to re-interpret the code, but at least you > would know that there's a bunch of crap in there you can ignore. What I meant is, it will be very hard to debug, maintain, and add new features later, if you obfuscate the code *on purpose*. Lots of us do that anyway, by accident. :) > Comparing an MD5 sum stored in a DB also won't reveal what the > stored/encrypted data is, which I think is what was being sought here. Yeah, I realized that after reading Jeff's last e-mail. Jeff, it sounds like mcrypt is the way to go. Can it become available to you? In other words, can you get the site admin to install it? -- cmerlo at ncc.edu http://turing.matcmp.ncc.edu/~cmerlo Recursion, n: See recursion. See also tail recursion. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From shiflett at php.net Mon Dec 1 10:58:19 2003 From: shiflett at php.net (Chris Shiflett) Date: Mon, 1 Dec 2003 07:58:19 -0800 (PST) Subject: [nycphp-talk] Viewing HTTP Headers In-Reply-To: <20031201021152.0f55b116.felix@students.poly.edu> Message-ID: <20031201155819.47538.qmail@web14306.mail.yahoo.com> --- felix zaslavskiy wrote: > I was wondering how to do this a few days ago. I found this little > program called swiftsurf which is a basic http proxy. Yeah, I wrote something like this several years ago called Protoscope (http://protoscope.org/). I rewrote it in PHP about two years ago to see how stable the sockets extension was, and it's been stagnating ever since. :-) What I liked about mine is that it embeds the HTTP transactions in the content (in addition to logging it), so the bottom of every page has this. It's definitely the most convenient one I've used. What is better about something like the Mozilla plugin is that it can reveal the HTTP for SSL connections, whereas an HTTP proxy cannot (it has to just create a tunnel). This makes it much better, in my opinion. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From shiflett at php.net Mon Dec 1 10:59:59 2003 From: shiflett at php.net (Chris Shiflett) Date: Mon, 1 Dec 2003 07:59:59 -0800 (PST) Subject: [nycphp-talk] Viewing HTTP Headers In-Reply-To: <3FCB5198.6070006@chxo.com> Message-ID: <20031201155959.74295.qmail@web14301.mail.yahoo.com> Was this reply meant for some other thread? If not, I'm very lost. :-) --- Chris Snyder wrote: > Take a look at Pear's Crypt_Xtea package. > http://pear.php.net/package/Crypt_Xtea > > TEA isn't the most trusted algo on the block, but it's probably better > than obfuscation. If you're really serious about encrypting values, you > need mcrypt (and some way to keep your encryption key secret). > > csnyder > > > Jeff Siegel wrote: > > > Thought this would be of interest. Jeff Knight told me about Firebird > > (I'm running the Windows version) and one of the really cool > > extensions allows you to view HTTP headers. Below is some sample > output. > > > > Jeff Siegel > > > > > > ==================================================== > > SAMPLE OUTPUT FROM EXTENSION "LIVE HTTP HEADERS" > > ==================================================== > > > > http://192.168.1.112/mrs/admin/login.php > > > > POST /mrs/admin/login.php HTTP/1.1 > > Host: 192.168.1.112 > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) > > Gecko/20031007 Firebird/0.7 > > Accept: > > > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 > > > > > Accept-Language: en-us,en;q=0.5 > > Accept-Encoding: gzip,deflate > > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > Keep-Alive: 300 > > Connection: keep-alive > > Referer: http://192.168.1.112/mrs/admin/login.php > > Cookie: PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8 > > Content-Type: application/x-www-form-urlencoded > > Content-Length: 75 > > > PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8&usrname=&password=&Submit=Submit > > > > > > > > > HTTP/1.x 200 OK > > Date: Sun, 31 Oct 2004 01:17:06 GMT > > Server: Apache/2.0.40 (Red Hat Linux) > > Accept-Ranges: bytes > > X-Powered-By: PHP/4.2.2 > > Expires: Thu, 19 Nov 1981 08:52:00 GMT > > Cache-Control: no-store, no-cache, must-revalidate, post-check=0, > > pre-check=0 > > Pragma: no-cache > > Connection: close > > Transfer-Encoding: chunked > > Content-Type: text/html; charset=ISO-8859-1 > > ---------------------------------------------------------- ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From tgales at tgaconnect.com Mon Dec 1 11:05:34 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 1 Dec 2003 11:05:34 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <3FCB626B.2020702@optonline.net> Message-ID: <001601c3b824$f69d4020$bf8d3818@oberon1> Jeff Siegel: "> I'll be storing 50,000 PIN numbers ..." Question: "Where will they be stored?" T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From csnyder at chxo.com Mon Dec 1 11:08:22 2003 From: csnyder at chxo.com (csnyder at chxo.com) Date: Mon, 1 Dec 2003 11:08:22 -0500 Subject: [nycphp-talk] Viewing HTTP Headers In-Reply-To: <20031201155959.74295.qmail@web14301.mail.yahoo.com> References: <20031201155959.74295.qmail@web14301.mail.yahoo.com> Message-ID: <1070294902.3fcb677667177@webmail.tuffmail.net> Yes, so sorry-- was meant for the non-mCrypt thread. Not enough coffee yet. Quoting Chris Shiflett : > Was this reply meant for some other thread? If not, I'm very lost. :-) > > --- Chris Snyder wrote: > > Take a look at Pear's Crypt_Xtea package. > > http://pear.php.net/package/Crypt_Xtea > > > > TEA isn't the most trusted algo on the block, but it's probably better > > than obfuscation. If you're really serious about encrypting values, you > > need mcrypt (and some way to keep your encryption key secret). > > > > csnyder > > > > > > Jeff Siegel wrote: > > > > > Thought this would be of interest. Jeff Knight told me about Firebird > > > (I'm running the Windows version) and one of the really cool > > > extensions allows you to view HTTP headers. Below is some sample > > output. > > > > > > Jeff Siegel > > > > > > > > > ==================================================== > > > SAMPLE OUTPUT FROM EXTENSION "LIVE HTTP HEADERS" > > > ==================================================== > > > > > > http://192.168.1.112/mrs/admin/login.php > > > > > > POST /mrs/admin/login.php HTTP/1.1 > > > Host: 192.168.1.112 > > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) > > > Gecko/20031007 Firebird/0.7 > > > Accept: > > > > > > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 > > > > > > > > Accept-Language: en-us,en;q=0.5 > > > Accept-Encoding: gzip,deflate > > > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > > Keep-Alive: 300 > > > Connection: keep-alive > > > Referer: http://192.168.1.112/mrs/admin/login.php > > > Cookie: PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8 > > > Content-Type: application/x-www-form-urlencoded > > > Content-Length: 75 > > > > > > PHPSESSID=d637bd1942ff5262fe4a4a5d0ed443a8&usrname=&password=&Submit=Submit > > > > > > > > > > > > > > HTTP/1.x 200 OK > > > Date: Sun, 31 Oct 2004 01:17:06 GMT > > > Server: Apache/2.0.40 (Red Hat Linux) > > > Accept-Ranges: bytes > > > X-Powered-By: PHP/4.2.2 > > > Expires: Thu, 19 Nov 1981 08:52:00 GMT > > > Cache-Control: no-store, no-cache, must-revalidate, post-check=0, > > > pre-check=0 > > > Pragma: no-cache > > > Connection: close > > > Transfer-Encoding: chunked > > > Content-Type: text/html; charset=ISO-8859-1 > > > ---------------------------------------------------------- > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security Handbook > Coming mid-2004 > HTTP Developer's Handbook > http://httphandbook.org/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > From jsiegel1 at optonline.net Mon Dec 1 11:16:06 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 01 Dec 2003 11:16:06 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <001601c3b824$f69d4020$bf8d3818@oberon1> References: <001601c3b824$f69d4020$bf8d3818@oberon1> Message-ID: <3FCB6946.2000208@optonline.net> In a MySQL table. Jeff Tim Gales wrote: > Jeff Siegel: > "> I'll be storing 50,000 PIN numbers ..." > > Question: "Where will they be stored?" > > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Mon Dec 1 11:15:38 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 01 Dec 2003 11:15:38 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <20031201155721.GB17760@ncc.edu> References: <20031201155721.GB17760@ncc.edu> Message-ID: <3FCB692A.6020601@optonline.net> I found out that the site admin can, indeed, install mcrypt...and I think that's the best way to go. Jeff Christopher R. Merlo wrote: > On 2003-12-01 10:44 -0500, Brian Pang wrote: > > >>Ideally, one wouldn't have to re-interpret the code, but at least you >>would know that there's a bunch of crap in there you can ignore. > > > What I meant is, it will be very hard to debug, maintain, and add new > features later, if you obfuscate the code *on purpose*. Lots of us do > that anyway, by accident. :) > > >>Comparing an MD5 sum stored in a DB also won't reveal what the >>stored/encrypted data is, which I think is what was being sought here. > > > Yeah, I realized that after reading Jeff's last e-mail. Jeff, it > sounds like mcrypt is the way to go. Can it become available to you? > In other words, can you get the site admin to install it? > > > > ------------------------------------------------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jonbaer at jonbaer.net Mon Dec 1 11:33:38 2003 From: jonbaer at jonbaer.net (jon baer) Date: Mon, 1 Dec 2003 11:33:38 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt References: <20031201153417.GA17760@ncc.edu> <3FCB626B.2020702@optonline.net> Message-ID: <005e01c3b828$df836a00$6400a8c0@thinkpad> while you probably already found a solution for this, the most secure method will no doubt be using an offline private key for decryption (or hidden file) ... there is *suppose* to be a GnuPG extenion library designed to make this easier: http://www.gnupg.org/related_software/gpgme/ which would allow for embedding PKI into PHP much easier but I have not seen or heard any updates to whether this library will be out with PHP 5 (or compiled for PHP < 5) ... does anyone know? - jon ----- Original Message ----- From: "Jeff Siegel" To: "NYPHP Talk" Sent: Monday, December 01, 2003 10:46 AM Subject: Re: [nycphp-talk] Encrypt/Decrypt without MCrypt > Let me explain the situation in a bit more detail...this may help to > clarify what I'm trying to accomplish. > > I'll be storing 50,000 PIN numbers for phone cards. People will receive > a card that has an alphanumeric code. They'll enter the code number into > a form and receive an email that has a special URL attached. They'll > click on the URL and then the associated PIN number will be displayed on > the screen. My intention is to do all of this via SSL. > > My concern is the encrypting/decrypting of the PIN numbers. I can't use > one-way encryption since I need to decrypt the data. The alphanumeric > codes will also be stored in an encrypted form. > > Jeff > > Christopher R. Merlo wrote: > > > On 2003-12-01 09:40 -0500, Brian Pang wrote: > > > > > >>Finally, write the code for this particular piece in the most cryptic > >>manner that you can and don't comment the code. Don't use easy to follow > >>var names like "sEncoded" Use single letters or other nonsense or > >>random strings for var names, and put in lots of other useless code just > >>to make it hard to interpret should anyone get a hold of it. > > > > > > This sounds like a recipe for disaster. If anyone *does* break in to > > your server, you'd get toasted this way. > > > > Also, remember: if it's hard for the attacker to interpret, it will be > > hard for you to interpret next month. > > > > Now I don't know if this helps, but on my site, users type in their > > password, and I compare it with an MD5 sum already in my DB. If the > > sums match, that means that the user typed in the correct password, > > and they're authenticated. This way, no cleartext password gets > > stored anywhere. > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Mon Dec 1 11:44:26 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 1 Dec 2003 11:44:26 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <3FCB6946.2000208@optonline.net> Message-ID: <001701c3b82a$627afb70$bf8d3818@oberon1> Question: "Where will they be stored?" Answer: In a MySQL table. When you said you don't have mcrypt I took that to mean the php is not compiled without mcrypt. Can you call the crypto facilities of MySQL? T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From tgales at tgaconnect.com Mon Dec 1 12:11:11 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 1 Dec 2003 12:11:11 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <000301c3b81e$ae5c2570$bf8d3818@oberon1> Message-ID: <001a01c3b82e$20a00430$bf8d3818@oberon1> The author (Jure Koren), didn't claim you could recover the data my mistake from working too fast) still the fragment might have worked in a situation where you want to authenticate someone against a pin number. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jsiegel1 at optonline.net Mon Dec 1 12:37:24 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 01 Dec 2003 12:37:24 -0500 Subject: [nycphp-talk] Encrypt/Decrypt without MCrypt In-Reply-To: <001701c3b82a$627afb70$bf8d3818@oberon1> References: <001701c3b82a$627afb70$bf8d3818@oberon1> Message-ID: <3FCB7C54.6050209@optonline.net> Right. PHP is not compiled with mcrypt. I'd have to look into your other suggestion to see if it would work on the shared server. I wasn't aware of those functions. Jeff Tim Gales wrote: > Question: "Where will they be stored?" > Answer: In a MySQL table. > > When you said you don't have mcrypt > I took that to mean the php is not > compiled without mcrypt. > > Can you call the crypto facilities of > MySQL? > > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From southwell at dneba.com Mon Dec 1 20:33:13 2003 From: southwell at dneba.com (Michael Southwell) Date: Mon, 01 Dec 2003 20:33:13 -0500 Subject: [nycphp-talk] PHundamentals topic #4B: managing php.ini settings Message-ID: <6.0.1.1.2.20031201203111.01b056d8@mail.optonline.net> Last month's PHundamentals topic, what are the most important php.ini settings, generated many good suggestions. Now we turn to managing those settings. On a server we control, that seems straightforward: we modify php.ini. But we may also control some PHP settings using a or directive in httpd.conf, or in .htaccess. What is best practice here? And what is best practice on a server we don't control, where we have access only to our own directories? How can we make certain that our required settings are in effect? Jeff Siegel and Mike Southwell the PHundamentals team From webmaster at localnotion.com Mon Dec 1 20:43:02 2003 From: webmaster at localnotion.com (webmaster at localnotion.com) Date: Tue, 2 Dec 2003 01:43:02 +0000 Subject: [nycphp-talk] shiflett at linux conf Message-ID: <1070329382.65d3ce8603702@webmail.localnotion.com> From: http://www.linuxplanet.com/linuxplanet/reports/5130/1/ "Novell will now go out of its way to make native SuSE a really viable OS," concurred Chris Shiflett, an independent PHP developer, during Apache.Con. "The NetWare kernel is basically dead. Most people got tired of it by around NetWare 4 or 5," he added. From danielc at analysisandsolutions.com Mon Dec 1 21:49:38 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 1 Dec 2003 21:49:38 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! Message-ID: <20031202024938.GA10184@panix.com> SecurityFocus Newsletter #225 VBPortal Friend.PHP Remote E-Mail Relaying Weakness http://www.securityfocus.com/bid/9088 Anthill Remote File Include Vulnerability http://www.securityfocus.com/bid/9095 My_EGallery Module Remote Include Command Injection Vulnerab... http://www.securityfocus.com/bid/9113 Bitfolge Snif Downloads Directory Traversal Vulnerability http://www.securityfocus.com/bid/9121 phpBB search.php SQL Injection Vulnerability http://www.securityfocus.com/bid/9122 [Gee, you'd think that after already having so many vulnerabilities they would have gone through and fixed all their problems. Guess not.] Stay strong and pay close attention... --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From jonbaer at jonbaer.net Mon Dec 1 21:52:14 2003 From: jonbaer at jonbaer.net (jon baer) Date: Mon, 1 Dec 2003 21:52:14 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! References: <20031202024938.GA10184@panix.com> Message-ID: <001501c3b87f$4ae25490$6400a8c0@thinkpad> > phpBB search.php SQL Injection Vulnerability > http://www.securityfocus.com/bid/9122 im just curious - what exactly was the solution that does work and why does it work? someone care to explain: if (intval($search_id)) { vs. $search_id = intval($search_id); if ($search_id) { - jon From shiflett at php.net Mon Dec 1 22:15:32 2003 From: shiflett at php.net (Chris Shiflett) Date: Mon, 1 Dec 2003 19:15:32 -0800 (PST) Subject: [nycphp-talk] shiflett at linux conf In-Reply-To: <1070329382.65d3ce8603702@webmail.localnotion.com> Message-ID: <20031202031532.1878.qmail@web14308.mail.yahoo.com> --- webmaster at localnotion.com wrote: > http://www.linuxplanet.com/linuxplanet/reports/5130/1/ > > "Novell will now go out of its way to make native SuSE a really > viable OS," concurred Chris Shiflett, an independent PHP developer, > during Apache.Con. "The NetWare kernel is basically dead. Most > people got tired of it by around NetWare 4 or 5," he added. That's interesting, considering I never spoke to anyone about SuSE, Novell, Linux on the desktop, or anything relevant to this story. Thanks for the link. While I don't necessarily disagree with the statements attributed to me, I certainly don't agree with them all (I'm not a KDE user, for example), and I am not pleased with having my name used to support someone else's point. This Jacqueline Emigh lady seems to enjoy making up stories. I wrote about her once already here: http://shiflett.org/archive/18 Ugh... Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ >From hans not junk at nyphp.com Mon Dec 1 22:37:04 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 49C07A85FD for ; Mon, 1 Dec 2003 22:37:04 -0500 (EST) Received: (qmail 53963 invoked by uid 89); 2 Dec 2003 03:37:04 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@66.65.174.214) by londo.swishmail.com with AES256-SHA encrypted SMTP; 2 Dec 2003 03:37:04 -0000 Message-ID: <3FCC08DF.9080102 at nyphp.com> Date: Mon, 01 Dec 2003 22:37:03 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] shiflett at linux conf References: <20031202031532.1878.qmail at web14308.mail.yahoo.com> In-Reply-To: <20031202031532.1878.qmail at web14308.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 03:37:04 -0000 Chris Shiflett wrote: > --- webmaster at localnotion.com wrote: > >>http://www.linuxplanet.com/linuxplanet/reports/5130/1/ >> >>"Novell will now go out of its way to make native SuSE a really >>viable OS," concurred Chris Shiflett, an independent PHP developer, >>during Apache.Con. "The NetWare kernel is basically dead. Most >>people got tired of it by around NetWare 4 or 5," he added. > > > That's interesting, considering I never spoke to anyone about SuSE, > Novell, Linux on the desktop, or anything relevant to this story. > > Thanks for the link. While I don't necessarily disagree with the > statements attributed to me, I certainly don't agree with them all (I'm > not a KDE user, for example), and I am not pleased with having my name > used to support someone else's point. This Jacqueline Emigh lady seems to > enjoy making up stories. I wrote about her once already here: > > http://shiflett.org/archive/18 You can't buy that type of press Chris! :) H From shiflett at php.net Mon Dec 1 22:41:47 2003 From: shiflett at php.net (Chris Shiflett) Date: Mon, 1 Dec 2003 19:41:47 -0800 (PST) Subject: [nycphp-talk] shiflett at linux conf In-Reply-To: <3FCC08DF.9080102@nyphp.com> Message-ID: <20031202034147.99135.qmail@web14302.mail.yahoo.com> --- Hans Zaunere wrote: > > This Jacqueline Emigh lady seems to enjoy making up stories. I > > wrote about her once already here: > > > > http://shiflett.org/archive/18 > > You can't buy that type of press Chris! :) Heh, do I want that type of press? I am going to drop her a note. I'll give her the benefit of the doubt and assume she took crappy notes, but dang, surely the Novell/SuSE stuff was on a separate page in her notebook than SCO stuff. :-P Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ >From hans not junk at nyphp.com Mon Dec 1 22:43:47 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id E83FCA85E6 for ; Mon, 1 Dec 2003 22:43:46 -0500 (EST) Received: (qmail 56484 invoked by uid 89); 2 Dec 2003 03:43:46 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@66.65.174.214) by londo.swishmail.com with AES256-SHA encrypted SMTP; 2 Dec 2003 03:43:46 -0000 Message-ID: <3FCC0A71.5090704 at nyphp.com> Date: Mon, 01 Dec 2003 22:43:45 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] security? we don't need no stinkin security! References: <20031202024938.GA10184 at panix.com> <001501c3b87f$4ae25490$6400a8c0 at thinkpad> In-Reply-To: <001501c3b87f$4ae25490$6400a8c0 at thinkpad> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 03:43:47 -0000 jon baer wrote: >>phpBB search.php SQL Injection Vulnerability >>http://www.securityfocus.com/bid/9122 > > > im just curious - what exactly was the solution that does work and why does > it work? someone care to explain: > > if (intval($search_id)) { > vs. > $search_id = intval($search_id); > if ($search_id) { It's not those couple of lines that have the effect. Later in the code $search_id is used in the SQL statement. In the first case, $search_id is used verbatim; in the later, the return value from intval() is used. It's nothing concerning intval() or the structure of the if() - just sloppy programming. H >From hans not junk at nyphp.com Mon Dec 1 22:53:00 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 23CEAA85E6 for ; Mon, 1 Dec 2003 22:53:00 -0500 (EST) Received: (qmail 58630 invoked by uid 89); 2 Dec 2003 03:53:00 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@66.65.174.214) by londo.swishmail.com with AES256-SHA encrypted SMTP; 2 Dec 2003 03:52:59 -0000 Message-ID: <3FCC0C9B.3070607 at nyphp.com> Date: Mon, 01 Dec 2003 22:52:59 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] PHundamentals topic #4B: managing php.ini settings References: <6.0.1.1.2.20031201203111.01b056d8 at mail.optonline.net> In-Reply-To: <6.0.1.1.2.20031201203111.01b056d8 at mail.optonline.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 03:53:00 -0000 > On a server we control, that seems straightforward: we modify php.ini. > But we may also control some PHP settings using a or > directive in httpd.conf, or in .htaccess. What is best > practice here? Personally, I make extensive use of Apache's directive to control PHP's environment and application behavior. Properly using these directives, one can realize a great deal of power only thought to exist in those "other platforms." I especially use the and directives to manipulate certain areas of my application. That said, settings that never need to be manipulated, like register_globals :) I set in php.ini. Other major settings, like output_buffering, or those that can only be set in php.ini, I set in php.ini as well. I take a hybrid approach to settings like include_path, setting it to different values in different places, but with a sound default in php.ini. > And what is best practice on a server we don't control, where we have > access only to our own directories? How can we make certain that our > required settings are in effect? In some cases, you just can't and will have to contact the system administrator. For that with control, .htaccess can be handy, although access to that file may be limited as well. In these cases, these settings have to be dealt with using ini_set() in the application's logic. Determining what settings can be set how and where is vital and explained in http://php.net/ini_set Setting PHP values in Apache's conf files also have added flexibility. Setting a value with php_admin_value or php_admin_flag are non-overrideable elsewhere in the application logic, .htaccess files, or even virtual hosts - only Apache's main server config. More details at http://us3.php.net/configuration.changes H From shiflett at php.net Mon Dec 1 23:40:36 2003 From: shiflett at php.net (Chris Shiflett) Date: Mon, 1 Dec 2003 20:40:36 -0800 (PST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <20031202024938.GA10184@panix.com> Message-ID: <20031202044036.34245.qmail@web14307.mail.yahoo.com> --- Daniel Convissor wrote: > phpBB search.php SQL Injection Vulnerability > http://www.securityfocus.com/bid/9122 > [Gee, you'd think that after already having so many vulnerabilities > they would have gone through and fixed all their problems. Guess > not.] Yeah, someone really needs to write a forum in PHP that doesn't suck. While they're at it, a CMS that doesn't suck would be nice, too. It's a shame that there are Perl applications that fit these needs but no decent PHP representation. Speaking of "don't need no stinkin' security," here are five more reasons not to use IE: http://www.infoworld.com/article/03/11/26/HNnewholesinie_1.html I think IE is beating out the Nukes and phpBB as the software with the worst security model. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From sryBoston at hotmail.com Tue Dec 2 07:36:37 2003 From: sryBoston at hotmail.com (-sry) Date: Tue, 2 Dec 2003 07:36:37 -0500 Subject: [nycphp-talk] newbie - square one Message-ID: Okay, here's a really, REALLY basic question. I always seem to get the high-level stuff and miss the basics (kinda like Algebra stumps me even with a calculator but Calculus I do in my head :*) I've RTFM at php.net - very nice docs, like the searchability and index. Good online reference book. Alas, I want to do my very first PHP page--well, okay, not the first, I did a "Hello world" and phpinfo.php and those went fine and told me a bunch about my installation, all well and interesting, but now I want to do something I can actually USE. Let's say I have a page somepage.html and it has an onLoad(params) function in the BODY tag that currently calls some JavaScript funciton. Elsewhere on the page, I have a bunch of links to a PHP version of somepage.html and want to pass it different "params" for each of the links, each of which will "convert" the JavaScript/HTML behavior into PHP/HTML behavior and do something different with the onLoad() depending on which "params" value is clicked by the user. Never mind if this how to actually do it - I know I should just start with a php page, but I want to do it this way to LEARN, okay? If I change too many things at once, I will get lost on what is actually happening; my debugging habits are old and fixed. I can only change one thing at a time or I miss the problem completely. So for this link, I know I would put "somepage.php?params=value" cause this is the syntax of a query string and how one passes params via HTTP, but.... in the somepage.php, what do I do? Where do I put the first stuff? How do I extract "params" as a variable and get its user-selected value? The documentation seems to imply I would just put: and that the query string will have "created" the variable $params and somehow PHP will "know" what's in the query string and "value" will be defined...really? I don't have to extract some ENV-VAR like old-fashioned CGI processing? And since the assignment I want to do is in the BODY tag, how do I write the body tag with a PHP variable? like this: That didn't seem to do it for me so I must have misread or misunderstood the docs. Enlighten my ignorant self, someone? -sry ---------------------------------------------------------------------- Sarah R. Yoffa http://www.sarahryoffa.com/ sryBoston at hotmail.com "Stupid rules are meant to be changed, not broken." [-sry on sci.space.shuttle, c. 1993] ---------------------------------------------------------------------- From jsiegel1 at optonline.net Tue Dec 2 08:06:24 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 02 Dec 2003 08:06:24 -0500 Subject: [nycphp-talk] newbie - square one In-Reply-To: References: Message-ID: <3FCC8E50.10007@optonline.net> Sarah, "So for this link, I know I would put "somepage.php?params=value" cause this is the syntax of a query string and how one passes params via HTTP, but.... in the somepage.php, what do I do? Where do I put the first stuff? How do I extract "params" as a variable and get its user-selected value? The documentation seems to imply I would just put: " Here's the basics: You've got "somepage.php?params=value". To grab that value you could use something like the following on somepage.php: $sMyValue = $_GET['params']; You could put this at/near the top of the page within the php tags since, I assume, the remainder of the page is based on the user's selection. You'll want to use some sort of test to make sure that the value of $_GET['params'] is a legitimate value since a user can muck around with a value that is appended to a URL. So...if you used a switch statement, (http://us4.php.net/manual/en/control-structures.switch.php) you could have a default value to handle the case where the user has played around. Don't forget that PHP is server-side and Javascript is client-side. I believe some others on the list can address the issue of having the two communicate...in a sense. Please keep in mind, having been burnt badly by this, that some users will intentionally turn off Javascript "just to see what happens" so that, depending on what you're trying to do with the Javascript, it can really create a mess. Jeff Siegel -sry wrote: > Okay, here's a really, REALLY basic question. I always seem to > get the high-level stuff and miss the basics (kinda like Algebra > stumps me even with a calculator but Calculus I do in my head :*) > > I've RTFM at php.net - very nice docs, like the searchability and > index. Good online reference book. Alas, I want to do my very > first PHP page--well, okay, not the first, I did a "Hello world" and > phpinfo.php and those went fine and told me a bunch about my > installation, all well and interesting, but now I want to do something > I can actually USE. > > Let's say I have a page somepage.html and it has an onLoad(params) > function in the BODY tag that currently calls some JavaScript > funciton. Elsewhere on the page, I have a bunch of links to a PHP version > of somepage.html and want to pass it different "params" for each of the > links, each of which will "convert" the JavaScript/HTML behavior into > PHP/HTML behavior and do something different with the onLoad() > depending on which "params" value is clicked by the user. > > Never mind if this how to actually do it - I know I should just start > with a php page, but I want to do it this way to LEARN, okay? > If I change too many things at once, I will get lost on what is > actually happening; my debugging habits are old and fixed. I can > only change one thing at a time or I miss the problem completely. > > So for this link, I know I would put "somepage.php?params=value" > cause this is the syntax of a query string and how one passes params > via HTTP, but.... in the somepage.php, what do I do? Where do > I put the first stuff? How do I extract "params" as > a variable and get its user-selected value? > > The documentation seems to imply I would just put: > > $params=value; > ... > ?> > > and that the query string will have "created" the variable $params > and somehow PHP will "know" what's in the query string and > "value" will be defined...really? I don't have to extract some > ENV-VAR like old-fashioned CGI processing? > > And since the assignment I want to do is in the BODY tag, how > do I write the body tag with a PHP variable? like this: > > $params=value; > echo " ?> > > That didn't seem to do it for me so I must have misread or > misunderstood the docs. Enlighten my ignorant self, someone? > > -sry > ---------------------------------------------------------------------- > Sarah R. Yoffa > http://www.sarahryoffa.com/ > sryBoston at hotmail.com > "Stupid rules are meant to be changed, not broken." > [-sry on sci.space.shuttle, c. 1993] > ---------------------------------------------------------------------- > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jlacey at att.net Tue Dec 2 08:07:50 2003 From: jlacey at att.net (John Lacey) Date: Tue, 02 Dec 2003 06:07:50 -0700 Subject: [nycphp-talk] newbie - square one In-Reply-To: References: Message-ID: <3FCC8EA6.1080300@att.net> -sry wrote: > So for this link, I know I would put "somepage.php?params=value" > cause this is the syntax of a query string and how one passes params > via HTTP, but.... in the somepage.php, what do I do? Where do > I put the first stuff? How do I extract "params" as > a variable and get its user-selected value? > > The documentation seems to imply I would just put: > > $params=value; > ... > ?> > > And since the assignment I want to do is in the BODY tag, how > do I write the body tag with a PHP variable? like this: > > $params=value; > echo " ?> there's a lot going on here, but let's start with the body tag syntax example: > the above is php embedded in an html tag rather than html being "embedded" (echo) in a php statement so far as your debugging style, it seems to me that it is right on... I've always found that changing more than one variable at a time sometimes masks valuable information that could be gleaned with just a little more patience. try putting a value in the $onload variable and observe results -- oftentimes that will lead to your next question along the discovery process hope that helps a little John From jsiegel1 at optonline.net Tue Dec 2 09:04:47 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 02 Dec 2003 09:04:47 -0500 Subject: [nycphp-talk] NYPHP PARTY TIME!! Message-ID: <3FCC9BFF.5050400@optonline.net> NYPHP is organizing a holiday party for the evening of December 16th and you're invited! Please let us know if you'd like to attend by sending an email to me off-list. We'll be sending out more details within the next few days. Jeff Siegel >From hans not junk at nyphp.com Tue Dec 2 09:31:34 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id A58F6A85E6 for ; Tue, 2 Dec 2003 09:31:34 -0500 (EST) Received: (qmail 6140 invoked by uid 89); 2 Dec 2003 14:31:34 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 2 Dec 2003 14:31:34 -0000 Message-ID: <3FCCA28D.4070706 at nyphp.com> Date: Tue, 02 Dec 2003 09:32:45 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] security? we don't need no stinkin security! References: <20031202044036.34245.qmail at web14307.mail.yahoo.com> In-Reply-To: <20031202044036.34245.qmail at web14307.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 14:31:35 -0000 Chris Shiflett wrote: > --- Daniel Convissor wrote: > >>phpBB search.php SQL Injection Vulnerability >>http://www.securityfocus.com/bid/9122 >>[Gee, you'd think that after already having so many vulnerabilities >>they would have gone through and fixed all their problems. Guess >>not.] > > > Yeah, someone really needs to write a forum in PHP that doesn't suck. > While they're at it, a CMS that doesn't suck would be nice, too. It's a > shame that there are Perl applications that fit these needs but no decent > PHP representation. I think the interesting thing is that these types of applications do exist in PHP. In passing, I've seen some excellent software, written in house, and kept private. It's really a matter of public domain stuff, and a sense of a strong - public - community. PHP vs Perl is akin to BSD vs Linux - we all know which one is better, but the BSD guys just don't care to talk about it so much :) In the end, this is what NYPHP - and now NYCBUG - seek to promote - community. H From bpang at bpang.com Tue Dec 2 09:52:59 2003 From: bpang at bpang.com (Brian Pang) Date: Tue, 02 Dec 2003 09:52:59 -0500 Subject: [nycphp-talk] newbie - square one Message-ID: I'm going to skip straight to the php. With this code, you are initializing $params as a variable with value. > $params=value; > ... > ?> However you are passing ?params=value in the query string. You can access the query string variable directly as $_GET['params']. > and that the query string will have "created" the variable $params > and somehow PHP will "know" what's in the query string and > "value" will be defined...really? I don't have to extract some > ENV-VAR like old-fashioned CGI processing? This only happens if register_globals is turned on in your php_ini. Don't rely on it. Do it the right way with $_GET['params']. Change this: > $params=value; > echo " ?> to: It's MUCH easier to drop PHP vars into html this way, rather than echoing out the full line with escaped quotes, etc. From tgales at tgaconnect.com Tue Dec 2 10:45:24 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 2 Dec 2003 10:45:24 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <20031202044036.34245.qmail@web14307.mail.yahoo.com> Message-ID: <005b01c3b8eb$4dc7f040$bf8d3818@oberon1> Chris Shiflett wrote: "Yeah, someone really needs to write a forum in PHP that doesn't suck." and "It's a shame that there are Perl applications that fit these needs but no decent PHP representation." I have been meaning to take a look at the following: http://www.yabbse.org/ It is a php conversion of YABB at http://www.yabbforum.com/ YABB was done in Perl and is highly touted (at least at Tucows) YABBSE was done in PHP. What caught my eye was the following quote from the yabbse.org page: "I checked my bandwidth with YaBB SE and its over 2 days 338 mb. When I had YaBB gold it was close to a GIG a day" If the guy who said that is really on the level (I don't doubt his honesty but there may have been fewer users doing fewer things) that would mean PHP is approaching six times more efficient than Perl. I wish I could find time to check the two implementations to see where PHP is more efficient than Perl. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From shiflett at php.net Tue Dec 2 10:57:55 2003 From: shiflett at php.net (Chris Shiflett) Date: Tue, 2 Dec 2003 07:57:55 -0800 (PST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <005b01c3b8eb$4dc7f040$bf8d3818@oberon1> Message-ID: <20031202155755.35499.qmail@web14301.mail.yahoo.com> --- Tim Gales wrote: > I have been meaning to take a look at the following: > http://www.yabbse.org/ > > It is a php conversion of YABB That sounds interesting. I might go check out a demo. To be fair, FUDforum is pretty good. My complaints with it are: 1. Too complicated to use (maybe partly because of point 2) 2. Fugly! They need someone like Jeff Knight to completely redo the entire presentation layer. Underneath, it's really not so bad, and it's insanely fast. > What caught my eye was the following quote from the yabbse.org page: > "I checked my bandwidth with YaBB SE and its over 2 days 338 mb. > When I had YaBB gold it was close to a GIG a day" > > If the guy who said that is really on the level (I don't doubt his > honesty but there may have been fewer users doing fewer things) > that would mean PHP is approaching six times more efficient than > Perl. I don't think he means more efficient. Bandwidth usage like that only suggests that YaBB SE spits out less markup. That's a good thing, but it could (theoretically) take twice as long to do so. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From joshmccormack at travelersdiary.com Tue Dec 2 11:04:16 2003 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Tue, 2 Dec 2003 10:04:16 -0600 (CST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <20031202155755.35499.qmail@web14301.mail.yahoo.com> Message-ID: On Tue, 2 Dec 2003, Chris Shiflett wrote: > To be fair, FUDforum is pretty good. My complaints with it are: > > 1. Too complicated to use (maybe partly because of point 2) > 2. Fugly! They need someone like Jeff Knight to completely redo the entire > presentation layer. > > Underneath, it's really not so bad, and it's insanely fast. > Chris FUDforum has a very interesting feature for meshing with mailing list programs, like Mailman. I agree it's pretty ugly. Josh From tgales at tgaconnect.com Tue Dec 2 11:20:33 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 2 Dec 2003 11:20:33 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <20031202155755.35499.qmail@web14301.mail.yahoo.com> Message-ID: <005d01c3b8f0$39cb9150$bf8d3818@oberon1> Chris Shiflett writes: "> I don't think he means more efficient. Bandwidth usage like > that only suggests that YaBB SE spits out less markup. That's > a good thing, but it could (theoretically) take twice as long > to do so. :-)" I mean more efficient -- if you can get the same content out with less markup how else do you describe it (other than being more efficient) T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From keith.richardson at thompsonhealth.com Tue Dec 2 11:21:00 2003 From: keith.richardson at thompsonhealth.com (Keith Richardson) Date: Tue, 2 Dec 2003 11:21:00 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <4A34D0947B38AF4D8629DA86655D5906915394@ffth-exc01.thompsonhealth.org> Message-ID: <4A34D0947B38AF4D8629DA86655D5906C131@ffth-exc01.thompsonhealth.org> I have used a lot of forums, and vbulletin seems the most feature-rific, and with 3.0 beta, uses better password encryption than just plain md5. its not free, but our forum community loves it. so we had to buy a new license when we moved domains :P ahh well. www.forumsx.net -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of joshmccormack at travelersdiary.com Sent: Tuesday, December 02, 2003 11:04 AM To: NYPHP Talk Subject: RE: [nycphp-talk] security? we don't need no stinkin security! On Tue, 2 Dec 2003, Chris Shiflett wrote: > To be fair, FUDforum is pretty good. My complaints with it are: > > 1. Too complicated to use (maybe partly because of point 2) > 2. Fugly! They need someone like Jeff Knight to completely redo the entire > presentation layer. > > Underneath, it's really not so bad, and it's insanely fast. > Chris FUDforum has a very interesting feature for meshing with mailing list programs, like Mailman. I agree it's pretty ugly. Josh _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From adam at trachtenberg.com Tue Dec 2 11:29:57 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 2 Dec 2003 11:29:57 -0500 (EST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <005d01c3b8f0$39cb9150$bf8d3818@oberon1> References: <005d01c3b8f0$39cb9150$bf8d3818@oberon1> Message-ID: On Tue, 2 Dec 2003, Tim Gales wrote: > Chris Shiflett writes: > "> I don't think he means more efficient. Bandwidth usage like > > that only suggests that YaBB SE spits out less markup. That's > > a good thing, but it could (theoretically) take twice as long > > to do so. :-)" > > I mean more efficient -- if you can get the same content > out with less markup how else do you describe it > (other than being more efficient) You're both right! Getting the same content with less markup is more bandwidth efficient, but if it requires twice as many CPU cycles to generate the output then there may also be a decrease in processing efficiency. Chris's point was that you can't measure the net efficiency of the system by only looking at one source. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From shiflett at php.net Tue Dec 2 11:38:13 2003 From: shiflett at php.net (Chris Shiflett) Date: Tue, 2 Dec 2003 08:38:13 -0800 (PST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <005d01c3b8f0$39cb9150$bf8d3818@oberon1> Message-ID: <20031202163813.17076.qmail@web14302.mail.yahoo.com> --- Tim Gales wrote: > I mean more efficient -- if you can get the same content > out with less markup how else do you describe it (other > than being more efficient) Maybe it's just a difference of interpretation, but let's take some clearer examples: foo.php: bar.php: I would say that bar.php is more efficient, but foo.php produces less markup. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From Kbedi at inta.org Tue Dec 2 11:45:31 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Tue, 2 Dec 2003 11:45:31 -0500 Subject: [nycphp-talk] Help with mysql select within a select query Message-ID: Hi there can someone tell me why this query below is not working in mysql 4.0.16 its a select within a select query. If this syntax below is not correct, is there a work around for this. Considering tblA has alot of fields including ID(Primary Key) and ID1 as another field Query: Select * from tblA where id in (select max(id) from tblA where id>=76 and id<=109 group by id1) Regards, Kshitij Bedi Web Admin International Trademark Association From shiflett at php.net Tue Dec 2 11:45:49 2003 From: shiflett at php.net (Chris Shiflett) Date: Tue, 2 Dec 2003 08:45:49 -0800 (PST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: Message-ID: <20031202164549.39510.qmail@web14308.mail.yahoo.com> --- Adam Maccabee Trachtenberg wrote: > Getting the same content with less markup is more bandwidth > efficient, but if it requires twice as many CPU cycles to > generate the output then there may also be a decrease in > processing efficiency. That's a good point. I guess I always think of "efficient" referring to performance (processing performance, to be specific). Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From henry at beewh.com Tue Dec 2 11:56:48 2003 From: henry at beewh.com (Henry Ponce) Date: Tue, 2 Dec 2003 11:56:48 -0500 Subject: [nycphp-talk] Help with mysql select within a select query In-Reply-To: References: Message-ID: <200312021156.48424.henry@beewh.com> mysql doesn't support subselects. try using another type of query... you can check in google, there is plenty of info. Henry From nyphp at websapp.com Tue Dec 2 12:08:30 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Tue, 2 Dec 2003 12:08:30 -0500 Subject: [nycphp-talk] Apache Auth question Message-ID: Hey, A directory has an .htaccess with basic httpd authentication. Example: AuthType Basic AuthName "By Invitation Only" AuthUserFile /usr/local/apache/passwd/passwords Require user rbowen sungo How can this authentication be excluded for a subdirectory? Best, Daniel >From hans not junk at nyphp.com Tue Dec 2 12:13:39 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id ED1A2A85FD for ; Tue, 2 Dec 2003 12:13:38 -0500 (EST) Received: (qmail 57073 invoked by uid 89); 2 Dec 2003 17:13:38 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 2 Dec 2003 17:13:38 -0000 Message-ID: <3FCCC889.3060103 at nyphp.com> Date: Tue, 02 Dec 2003 12:14:49 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] security? we don't need no stinkin security! References: <20031202163813.17076.qmail at web14302.mail.yahoo.com> In-Reply-To: <20031202163813.17076.qmail at web14302.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 17:13:39 -0000 Chris Shiflett wrote: > --- Tim Gales wrote: > >>I mean more efficient -- if you can get the same content >>out with less markup how else do you describe it (other >>than being more efficient) > > > Maybe it's just a difference of interpretation, but let's take some > clearer examples: > > foo.php: > sleep(5); > echo 'foo'; > ?> > > bar.php: > sleep(1); > echo 'barbarbarbarbar'; > ?> > > I would say that bar.php is more efficient, but foo.php produces less > markup. Not to nit-pick, but why would bar.php be more efficient? foo.php is sleeping, thus taking no CPU cycles. Maybe if foo.php was for( $i = 0; $i < 1000000000; ++$i ); echo 'foo'; ? :) H >From hans not junk at nyphp.com Tue Dec 2 12:35:22 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id A49CFA85FD for ; Tue, 2 Dec 2003 12:35:22 -0500 (EST) Received: (qmail 63966 invoked by uid 89); 2 Dec 2003 17:35:22 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 2 Dec 2003 17:35:22 -0000 Message-ID: <3FCCCDA1.8010203 at nyphp.com> Date: Tue, 02 Dec 2003 12:36:33 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] translating behaviors from JavaScript to PHP References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 17:35:23 -0000 -sry wrote: > [ repost - sent to the wrong list ] > > >>Hiya listies, >> >>Seems like PHP is a bit of a sledgehammer for web design, >>but I like it so far :) Sledgehammer? Maybe an ice-pic... >>I'm currently giving my brain a rest from the Flash/text >>protection thingy and revisiting a CSS design issue I'm >>trying to learn (positioning vs tables). I'm doing this vis a >>vis my personal web site. Since I like to keep code as >>modularized as possible, I separated out my JavaScript >>(for mouseover behavior and other sillyness) into a .js file. >>As a mechanism for putting my hands on some PHP as I >>learn it, I figured I'd take the existing page design and >>behavior and "translate" it into a PHP implementation. Keep in mind that PHP runs strictly on the server - the browser is never aware of any PHP code. Granted, you can use PHP to generate the client-side code the browser then reads and parses, but translating between Javascript and PHP - in a linear sense - is not possible. H From tgales at tgaconnect.com Tue Dec 2 12:46:58 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 2 Dec 2003 12:46:58 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: Message-ID: <006d01c3b8fc$496fd100$bf8d3818@oberon1> Adam writes: "You're both right!" Thanks, I mostly deal with systems that are are i/o bound (with cpu power to spare) -- where it is just taken for granted that it is worth spending cpu time to compress something before sending it out. I have gotten into the (bad) habit of calling that 'more efficient'. Like the man in orthopedic shoes said, "I stand corrected." T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com > From jlacey at att.net Tue Dec 2 12:59:16 2003 From: jlacey at att.net (John Lacey) Date: Tue, 02 Dec 2003 10:59:16 -0700 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <20031202044036.34245.qmail@web14307.mail.yahoo.com> References: <20031202044036.34245.qmail@web14307.mail.yahoo.com> Message-ID: <3FCCD2F4.2030302@att.net> Chris Shiflett wrote: > --- Daniel Convissor wrote: > >>phpBB search.php SQL Injection Vulnerability >>http://www.securityfocus.com/bid/9122 >>[Gee, you'd think that after already having so many vulnerabilities >>they would have gone through and fixed all their problems. Guess >>not.] > > > Yeah, someone really needs to write a forum in PHP that doesn't suck. > While they're at it, a CMS that doesn't suck would be nice, too. It's a > shame that there are Perl applications that fit these needs but no decent > PHP representation. > and speaking of that, BB's CMS's and the like have very well-defined things that they "need to do"... wouldn't it be nice if well-designed secure components (pcom?) were available that one could go to the 'lego box' and pull out what you need to put it together... From nyphp at enobrev.com Tue Dec 2 13:01:56 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Tue, 2 Dec 2003 13:01:56 -0500 Subject: [nycphp-talk] Help with mysql select within a select query In-Reply-To: <200312021156.48424.henry@beewh.com> Message-ID: > mysql doesn't support subselects. try using another type of query... I was under the impression that you could in the where clause, although I'm not sure if you can use it with an 'in' statement. I know you can't use it in the SELECT part of a statement (as a field), though. In the manual http://www.mysql.com/doc/en/Subqueries.html And a tutorial http://www.devshed.com/Server_Side/MySQL/MySQL_Subqueries -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Henry Ponce Sent: Tuesday, December 02, 2003 11:57 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Help with mysql select within a select query mysql doesn't support subselects. try using another type of query... you can check in google, there is plenty of info. Henry _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Tue Dec 2 13:18:50 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 2 Dec 2003 13:18:50 -0500 Subject: [nycphp-talk] Help with mysql select within a select query In-Reply-To: Message-ID: <006e01c3b900$bf9ecda0$bf8d3818@oberon1> Mark Armendariz writes: "In the manual http://www.mysql.com/doc/en/Subqueries.html" When reading or quoting from the manual, be careful to check the version numbers of the MySQL to which you want to apply information from the documentation -- some features may not be supported in earlier versions. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From nyphp at enobrev.com Tue Dec 2 13:34:48 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Tue, 2 Dec 2003 13:34:48 -0500 Subject: [nycphp-talk] Help with mysql select within a select query In-Reply-To: <006e01c3b900$bf9ecda0$bf8d3818@oberon1> Message-ID: A HA.. Good catch.. A bit of pre-coffee dyslexia (saw 4.1, not 4.0)... My apologies. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Tim Gales Sent: Tuesday, December 02, 2003 1:19 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Help with mysql select within a select query Mark Armendariz writes: "In the manual http://www.mysql.com/doc/en/Subqueries.html" When reading or quoting from the manual, be careful to check the version numbers of the MySQL to which you want to apply information from the documentation -- some features may not be supported in earlier versions. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From lists at prusak.com Tue Dec 2 13:42:15 2003 From: lists at prusak.com (Ophir Prusak) Date: Tue, 2 Dec 2003 13:42:15 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! References: <006d01c3b8fc$496fd100$bf8d3818@oberon1> Message-ID: <01e801c3b904$0916c200$5356a8c0@CPXPDEV10> It's all a question of how you define efficient in regards to serving web pages. Some people might says it's much resources you use. Some people might say it's how long it takes to serve a web page. In my book, it's all about how many web pages per second I can serve AND how long it takes to serve a page. If solution A has better numbers for both criteria than solution B, then I'd say it's more efficient. If solution A has better numbers than solution B for one of the criteria but worse numbers for the other criteria, then it's really a question of what's important to you. ophir From jsiegel1 at optonline.net Tue Dec 2 14:50:22 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 02 Dec 2003 14:50:22 -0500 Subject: [nycphp-talk] NYPHP Holiday Party Menu & Venue!!! Message-ID: <3FCCECFE.40604@optonline.net> The NYPHP Holiday Party will be on December 16th at 6:30pm at the Hard Rock Cafe, 221 West 57th Street, New York. The cost is $20.00 per person to be paid at the door. The menu for the party is listed below. You *must* let us know if you are going to attend so please contact me off-list so I can add your name to the guest list. Jeff Siegel *******The Party Menu************ CHOICE OF ENTREES: HRC Country Char-Broiled Burger with Cheese and/or Bacon HRC Natural Veggie Burger Grilled Chicken Breast Sandwich HRC Caesar Salad Pig Sandwich DESSERT: Homestyle Chocolate Cake CHOICE OF BEVERAGE: Coffee, Tea or Soft Drink Alcoholic beverages are not included. Note: Sandwiches and Burger Platters include french fries, lettuce, tomato and red onion. From dmintz at davidmintz.org Tue Dec 2 14:58:57 2003 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 2 Dec 2003 14:58:57 -0500 (EST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FCCD2F4.2030302@att.net> Message-ID: On Tue, 2 Dec 2003, John Lacey wrote: > > Chris Shiflett wrote: > > > > Yeah, someone really needs to write a forum in PHP that doesn't suck. > > While they're at it, a CMS that doesn't suck would be nice, too. It's a > > shame that there are Perl applications that fit these needs but no decent > > PHP representation. > > > > and speaking of that, BB's CMS's and the like have very > well-defined things that they "need to do"... wouldn't it be > nice if well-designed secure components (pcom?) were > available that one could go to the 'lego box' and pull out > what you need to put it together... > That's why, after a fair amount of poking around, I've decided to go with Moveable Type (http://moveabletype.org/) as my blogware with which to join this latest craze in narcissism and self-indulgence. I found it encouraging to read that it requires a whole slew of well-exercised, mature CPAN modules. To me that means the developers are not reinventing the proverbial wheel and compromising security, reliability, etc., in the process. (Oh yeah, I also used a little ad hominem non-reasoning: that Jeremy Zawodny dude, who seems to know a lot of stuff judging from his writings, really likes PHP, yet he uses MT.) --- David Mintz http://davidmintz.org/ ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! Please use dmintz at davidmintz.org "Anybody else got a problem with Webistics?" Sopranos 24:17 From dmintz at davidmintz.org Tue Dec 2 15:02:34 2003 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 2 Dec 2003 15:02:34 -0500 (EST) Subject: [nycphp-talk] Help with mysql select within a select query In-Reply-To: Message-ID: On Tue, 2 Dec 2003, Mark Armendariz wrote: > > I was under the impression that you could in the where clause, although I'm > not sure if you can use it with an 'in' statement. I know you can't use it > in the SELECT part of a statement (as a field), though. > http://www.mysql.com/doc/en/Subqueries.html seems to say subqueries are supported as of version 4.1 --- David Mintz http://davidmintz.org/ ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! Please use dmintz at davidmintz.org "Anybody else got a problem with Webistics?" Sopranos 24:17 From dmintz at davidmintz.org Tue Dec 2 15:40:29 2003 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 2 Dec 2003 15:40:29 -0500 (EST) Subject: [nycphp-talk] PEAR DB_Cache question In-Reply-To: Message-ID: I've been studying the recipe in the Cookbook, which is the closest thing to documentation that I've been able to find for DB_Cache, other than in the source. So here's what I don't understand. Say you're using the 'file' container -- a disk-based cache. When you call the constructor like so $db = new Cache_DB('file',array('cache_dir'=>'/my/cache_dir/'),86400); you're telling it where to cache data. Fine. Then you do a query -- call it query_1. Suppose in the course of the same script you want to cache the results of another query_2. Further suppose that at some point you want to be able to flush() the cached results of query_1, but not query_2. If you just say flush('db_cache') then you flush the cached results of ~both~ queries. Are we supposed to set cache_dir to different values for each query before querying and/or calling flush? I haven't found any setter method for doing that, and although I realize that in PHP 4 you can can access object variables directly, I wonder if code written that way might break in PHP 5. I guess you could also create a new Cache_DB instance with different arguments for each query, but that seems wasteful. I hope this is coherent -- if I sound confused it's because I am confused. The more general problem is that my application relies on some MySQL tables that get updated many times a day, and some tables that get updated a few times a year. Hence my interest in DB_Cache. Many TIA, --- David Mintz http://davidmintz.org/ ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! Please use dmintz at davidmintz.org "Anybody else got a problem with Webistics?" Sopranos 24:17 From adam at trachtenberg.com Tue Dec 2 16:16:23 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 2 Dec 2003 16:16:23 -0500 (EST) Subject: [nycphp-talk] PEAR DB_Cache question In-Reply-To: References: Message-ID: On Tue, 2 Dec 2003, David Mintz wrote: > I've been studying the recipe in the Cookbook, which is the closest thing > to documentation that I've been able to find for DB_Cache, other than in > the source. I've often found that PHP Cookbook is the only documention for PEAR packages. Of course, it means when people ask me questions about the recipes, I'm forced to re-read to source to rememeber why I wrote what I did. Even worse, Dave wrote that recipe. :) > you're telling it where to cache data. Fine. Then you do a query -- call > it query_1. Suppose in the course of the same script you want to cache the > results of another query_2. Further suppose that at some point you want to > be able to flush() the cached results of query_1, but not query_2. If you > just say flush('db_cache') then you flush the cached results of ~both~ > queries. Right. I believe the assumption is that you want to flush the cache when you update your data and that all datasets have similar update windows. > The more general problem is that my application relies on some MySQL > tables that get updated many times a day, and some tables that get updated > a few times a year. Hence my interest in DB_Cache. Can't you set up two caches? One for the frequently updated data and one for the few times a year updated data? Or only cache the few times a year data and don't bother caching the frequently updated data at all? -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From ttoomey at ydnt.com Tue Dec 2 16:23:01 2003 From: ttoomey at ydnt.com (Tim Toomey) Date: Tue, 2 Dec 2003 15:23:01 -0600 Subject: [nycphp-talk] NYPHP Holiday Party Menu & Venue!!! References: <3FCCECFE.40604@optonline.net> Message-ID: <009401c3b91a$7ac51350$7600a8c0@timmerslaptop> I want to go buy I'm in Chicago :( -Tim ----- Original Message ----- From: "Jeff Siegel" To: "NYPHP Talk" Sent: Tuesday, December 02, 2003 1:50 PM Subject: [nycphp-talk] NYPHP Holiday Party Menu & Venue!!! > The NYPHP Holiday Party will be on December 16th at 6:30pm at the Hard > Rock Cafe, 221 West 57th Street, New York. The cost is $20.00 per person > to be paid at the door. The menu for the party is listed below. You > *must* let us know if you are going to attend so please contact me > off-list so I can add your name to the guest list. > > Jeff Siegel > > *******The Party Menu************ > > CHOICE OF ENTREES: > HRC Country Char-Broiled Burger with Cheese and/or Bacon > HRC Natural Veggie Burger > Grilled Chicken Breast Sandwich > HRC Caesar Salad > Pig Sandwich > > DESSERT: > Homestyle Chocolate Cake > > CHOICE OF BEVERAGE: > Coffee, Tea or Soft Drink > > Alcoholic beverages are not included. > > Note: Sandwiches and Burger Platters include french fries, lettuce, > tomato and red onion. > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From dmintz at davidmintz.org Tue Dec 2 16:40:17 2003 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 2 Dec 2003 16:40:17 -0500 (EST) Subject: [nycphp-talk] PEAR DB_Cache question In-Reply-To: Message-ID: On Tue, 2 Dec 2003, Adam Maccabee Trachtenberg wrote: > On Tue, 2 Dec 2003, David Mintz wrote: > > > I've been studying the recipe in the Cookbook, which is the closest thing > > to documentation that I've been able to find for DB_Cache, other than in > > the source. > > I've often found that PHP Cookbook is the only documention for PEAR > packages. Of course, it means when people ask me questions about the > recipes, I'm forced to re-read to source to rememeber why I wrote what > I did. Even worse, Dave wrote that recipe. :) Ha! Speaking of which, in case you're considering coming out with another edition someday, a suggestion/question: wouldn't you want to use $db->setConnection($dsn) in this recipe, which "[registers] a database connection for connect on demand"? I can't understand why anyone would want to use the unconditional connect() when they're only planning to SELECT, if the whole point is to save db overhead. (Then again I've hardly mastered the internals ergo don't know what I'm talking about (-: ) > > > If you just say flush('db_cache') then you flush the cached > > results of ~both~ queries. > > > Right. I believe the assumption is that you want to flush the cache > when you update your data and that all datasets have similar update windows. > > > > The more general problem is that my application relies on some MySQL > > tables that get updated many times a day, and some tables that get updated > > a few times a year. Hence my interest in DB_Cache. > > Can't you set up two caches? One for the frequently updated data and > one for the few times a year updated data? Or only cache the few times > a year data and don't bother caching the frequently updated data at > all? > Yes, certainly. I plan not to cache the frequently-updated at all, and cache the quasi-static, but I guess I was trying to tune the caching more finely than this class thinks I need to. So it seems the answer is, blow away the whole cache when you flush(), and don't worry about it, you're still realizing big big savings. Thanks again Adam. Love that book! Now back to the kitchen. --- David Mintz http://davidmintz.org/ ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! Please use dmintz at davidmintz.org "Anybody else got a problem with Webistics?" Sopranos 24:17 From adam at trachtenberg.com Tue Dec 2 16:45:43 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 2 Dec 2003 16:45:43 -0500 (EST) Subject: [nycphp-talk] PEAR DB_Cache question In-Reply-To: References: Message-ID: On Tue, 2 Dec 2003, David Mintz wrote: > Ha! Speaking of which, in case you're considering coming out with another > edition someday, a suggestion/question: wouldn't you want to use > $db->setConnection($dsn) in this recipe, which "[registers] a database > connection for connect on demand"? I can't understand why anyone would > want to use the unconditional connect() when they're only planning to > SELECT, if the whole point is to save db overhead. (Then again I've hardly > mastered the internals ergo don't know what I'm talking about (-: ) Thanks for the tip. I will add this to this giant TODO list for the Second Edition. FWIW, here are the most likely answers to any similar questions: 1) That feature wasn't available when we wrote the book. 2) We weren't smart enough to realize that feature was available when we wrote the book. Usually, if we saw something you shouldn't do, we mentioned it. If a feature is omitted, and it seems smart to use it, you probably should. :) -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From sryBoston at hotmail.com Wed Dec 3 07:43:11 2003 From: sryBoston at hotmail.com (-sry) Date: Wed, 3 Dec 2003 07:43:11 -0500 Subject: [nycphp-talk] translating behaviors from JavaScript to PHP References: <3FCCCDA1.8010203@nyphp.com> Message-ID: On Tuesday, December 02, 2003 12:36 PM "Hans Zaunere" > -sry wrote: > > [ repost - sent to the wrong list ] > > [snip] > >>vis my personal web site. Since I like to keep code as > >>modularized as possible, I separated out my JavaScript > >>(for mouseover behavior and other sillyness) into a .js file. > >>As a mechanism for putting my hands on some PHP as I > >>learn it, I figured I'd take the existing page design and > >>behavior and "translate" it into a PHP implementation. > > Keep in mind that PHP runs strictly on the server - the > browser is never aware of any PHP code. Granted, you > can use PHP to generate the client-side code the browser > then reads and parses, but translating between Javascript > and PHP - in a linear sense - is not possible. I guess my subject line wording is a bit misleading. I don't mean a LITERAL translation. I meant to say I am trying to translate my thinking into how to design the same results/behavior with a different approach, a PHP approach. There is always more than one way to skin any cat and I am not used to thinking in PHP terms--as is apparent from my newbie post where I was embedding HTML in PHP rather than PHP into HTML which seems obvious now that some of you have pointed it out to me :-) Thanks for the tips, guys. I'm asking for more "tips" like this, how to approach, in PHP, doing things like overwriting DIVs to dynamically load content or how to replace stylesheets based on user prefs using PHP rather than JS...such as the JS code described at: http://www.alistapart.com/articles/alternate/ Maybe some of these behaviors are simply not appropriate for a PHP implementation - I dunno - that's why I'm asking for your opinions :) Maybe it'd better to ask, how would I go about "retooling" existing functionality from JS to PHP? Assuming the functionality is *not* specifically better-suited for a client-side scripting. Better way to ask? :) -sry From keith.richardson at thompsonhealth.com Wed Dec 3 07:54:54 2003 From: keith.richardson at thompsonhealth.com (Keith Richardson) Date: Wed, 3 Dec 2003 07:54:54 -0500 Subject: [nycphp-talk] translating behaviors from JavaScript to PHP In-Reply-To: <4A34D0947B38AF4D8629DA86655D59069153AD@ffth-exc01.thompsonhealth.org> Message-ID: <4A34D0947B38AF4D8629DA86655D5906C2A2@ffth-exc01.thompsonhealth.org> In my opinion, to accomplish that I would probabally use sessions, or a get variable. in the top, you would have something like this: Then where you display the style sheet, you would do something like this in the html code: So when you have a list of stylesheets to use, it just reloads the page, say index.php, as index.php?stylesheet=red - and it will load the red style sheet. If they did not enter a style sheet, or it is not one of your options, then it would load the default style sheet. the thing with this one, is that you have to pass the get variable to each page that you want to have customized style sheets, which can be a lot of reworking, because you have to add something like this to each link: Links This prints out the ?stylesheet=red (as an example) after the link, if red is selected. if there is no option, it wont print anything after the link. The other way to do it is with sessions, which for me is easier. on the top of the page, do something like Then where you display the style sheet, you would do something like this in the html code: This way, you can change the stylesheet with the GET request, say page.php?stylesheet=red - and it will change the stylesheet in the users session. Since the sessions are saved for the browser session, it will keep the session variables for each page that the user loads, and thus keeping their selected style with each page, without having to add any more get requests. If it were me, I would add the php code that checks the session variables/get variables in an include file, say change_css.php - and include it on the top of every file, or in your header file. This way its easier to add another option for a different CSS. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of -sry Sent: Wednesday, December 03, 2003 7:43 AM To: NYPHP Talk Subject: Re: [nycphp-talk] translating behaviors from JavaScript to PHP On Tuesday, December 02, 2003 12:36 PM "Hans Zaunere" > -sry wrote: > > [ repost - sent to the wrong list ] > > [snip] > >>vis my personal web site. Since I like to keep code as > >>modularized as possible, I separated out my JavaScript > >>(for mouseover behavior and other sillyness) into a .js file. > >>As a mechanism for putting my hands on some PHP as I > >>learn it, I figured I'd take the existing page design and > >>behavior and "translate" it into a PHP implementation. > > Keep in mind that PHP runs strictly on the server - the > browser is never aware of any PHP code. Granted, you > can use PHP to generate the client-side code the browser > then reads and parses, but translating between Javascript > and PHP - in a linear sense - is not possible. I guess my subject line wording is a bit misleading. I don't mean a LITERAL translation. I meant to say I am trying to translate my thinking into how to design the same results/behavior with a different approach, a PHP approach. There is always more than one way to skin any cat and I am not used to thinking in PHP terms--as is apparent from my newbie post where I was embedding HTML in PHP rather than PHP into HTML which seems obvious now that some of you have pointed it out to me :-) Thanks for the tips, guys. I'm asking for more "tips" like this, how to approach, in PHP, doing things like overwriting DIVs to dynamically load content or how to replace stylesheets based on user prefs using PHP rather than JS...such as the JS code described at: http://www.alistapart.com/articles/alternate/ Maybe some of these behaviors are simply not appropriate for a PHP implementation - I dunno - that's why I'm asking for your opinions :) Maybe it'd better to ask, how would I go about "retooling" existing functionality from JS to PHP? Assuming the functionality is *not* specifically better-suited for a client-side scripting. Better way to ask? :) -sry _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Wed Dec 3 08:07:51 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 3 Dec 2003 08:07:51 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FCCD2F4.2030302@att.net> Message-ID: <009a01c3b99e$75995420$bf8d3818@oberon1> John Lacey writes: ".. wouldn't it be nice if well-designed secure components (pcom?) were available that one could go to the 'lego box' and pull out what you need to put it together..." Are you saying that Pear doesn't dot this? T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From sryBoston at hotmail.com Wed Dec 3 08:15:59 2003 From: sryBoston at hotmail.com (-sry) Date: Wed, 3 Dec 2003 08:15:59 -0500 Subject: [nycphp-talk] translating behaviors from JavaScript to PHP References: <4A34D0947B38AF4D8629DA86655D5906C2A2@ffth-exc01.thompsonhealth.org> Message-ID: Wow, Keith, thanks for the lesson!! This is *EXACTLY* what I wanted - a comparison of approaches and the PHP solution to a parallel JS situation. And I agree, sessions are much easier to manage for anything that forces a reload of a page otherwise. Will be studying this and probably trying something out with it this weekend. Stay tuned... :) -sry ----- Original Message ----- From: "Keith Richardson" To: "'NYPHP Talk'" Sent: Wednesday, December 03, 2003 7:54 AM Subject: RE: [nycphp-talk] translating behaviors from JavaScript to PHP > In my opinion, to accomplish that I would probabally use sessions, or a get > variable. > > in the top, you would have something like this: > > > $current_stylesheet = "default.css"; > > if (!empty($_GET['stylesheet'])) > { > switch($_GET['stylesheet']) > { > case "red": > $current_stylesheet = "red.css"; > break; > case "blue": > $current_stylesheet = "blue.css"; > break; > } > } > ?> > Then where you display the style sheet, you would do something like this in > the html code: > > type="text/css" href="" /> > > > So when you have a list of stylesheets to use, it just reloads the page, say > index.php, as index.php?stylesheet=red - and it will load the red style > sheet. If they did not enter a style sheet, or it is not one of your > options, then it would load the default style sheet. > > the thing with this one, is that you have to pass the get variable to each > page that you want to have customized style sheets, which can be a lot of > reworking, because you have to add something like this to each link: > print("?stylesheet=".$_GET['stylesheet']); } ?>">Links > > This prints out the ?stylesheet=red (as an example) after the link, if red > is selected. if there is no option, it wont print anything after the link. > > The other way to do it is with sessions, which for me is easier. > > on the top of the page, do something like > session_name("mysite.com_css"); > session_start(); > > if (empty($_SESSION['stylesheet'])) > $_SESSION['stylesheet'] = "default.css"; > > if (!empty($_GET['stylesheet'])) > { > switch($_GET['stylesheet']) > { > case "red": > $_SESSION['stylesheet'] = "red.css"; > break; > case "blue": > $_SESSION['stylesheet'] = "blue.css"; > break; > } > } > > ?> > > Then where you display the style sheet, you would do something like this in > the html code: > > type="text/css" href="" /> > > This way, you can change the stylesheet with the GET request, say > page.php?stylesheet=red - and it will change the stylesheet in the users > session. Since the sessions are saved for the browser session, it will keep > the session variables for each page that the user loads, and thus keeping > their selected style with each page, without having to add any more get > requests. > > If it were me, I would add the php code that checks the session > variables/get variables in an include file, say change_css.php - and include > it on the top of every file, or in your header file. This way its easier to > add another option for a different CSS. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of -sry > Sent: Wednesday, December 03, 2003 7:43 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] translating behaviors from JavaScript to PHP > > > > On Tuesday, December 02, 2003 12:36 PM > "Hans Zaunere" > > -sry wrote: > > > [ repost - sent to the wrong list ] > > > [snip] > > >>vis my personal web site. Since I like to keep code as > > >>modularized as possible, I separated out my JavaScript > > >>(for mouseover behavior and other sillyness) into a .js file. > > >>As a mechanism for putting my hands on some PHP as I > > >>learn it, I figured I'd take the existing page design and > > >>behavior and "translate" it into a PHP implementation. > > > > Keep in mind that PHP runs strictly on the server - the > > browser is never aware of any PHP code. Granted, you > > can use PHP to generate the client-side code the browser > > then reads and parses, but translating between Javascript > > and PHP - in a linear sense - is not possible. > > I guess my subject line wording is a bit misleading. I don't > mean a LITERAL translation. I meant to say I am trying > to translate my thinking into how to design the same > results/behavior with a different approach, a PHP approach. > There is always more than one way to skin any cat and I > am not used to thinking in PHP terms--as is apparent from > my newbie post where I was embedding HTML in PHP > rather than PHP into HTML which seems obvious now > that some of you have pointed it out to me :-) Thanks for > the tips, guys. > > I'm asking for more "tips" like this, how to approach, in > PHP, doing things like overwriting DIVs to dynamically > load content or how to replace stylesheets based on > user prefs using PHP rather than JS...such as the JS > code described at: > > http://www.alistapart.com/articles/alternate/ > > Maybe some of these behaviors are simply not appropriate > for a PHP implementation - I dunno - that's why I'm asking > for your opinions :) > > Maybe it'd better to ask, how would I go about "retooling" > existing functionality from JS to PHP? Assuming the > functionality is *not* specifically better-suited for a client-side > scripting. Better way to ask? :) > > -sry > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From sryBoston at hotmail.com Wed Dec 3 08:18:04 2003 From: sryBoston at hotmail.com (-sry) Date: Wed, 3 Dec 2003 08:18:04 -0500 Subject: [nycphp-talk] newbie - square one References: <3FCC8E50.10007@optonline.net> Message-ID: Thanks to Jeff, John and Brian for the getting me started tutorials here - and for straightening me out on what to embed in what ;-) Yes, I am dyslexic but I think it's more than I'm not used to thinking in terms of a parsed language, having not used Perl for more than 4 or 5 years. Gotta get my brain back into it. Thanks again for all your help guys!! -sry From csnyder at chxo.com Wed Dec 3 08:34:05 2003 From: csnyder at chxo.com (Chris Snyder) Date: Wed, 03 Dec 2003 08:34:05 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <009a01c3b99e$75995420$bf8d3818@oberon1> References: <009a01c3b99e$75995420$bf8d3818@oberon1> Message-ID: <3FCDE64D.10606@chxo.com> Tim Gales wrote: >John Lacey writes: >".. wouldn't it be > nice if well-designed secure components (pcom?) were > available that one could go to the 'lego box' and pull out > what you need to put it together..." > >Are you saying that Pear doesn't dot this? > > "Well-designed" and "secure" mean different things to different folks, but classes generic enough to be used as lego blocks have a hard time earning those descriptions. From tgales at tgaconnect.com Wed Dec 3 08:47:34 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 3 Dec 2003 08:47:34 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FCDE64D.10606@chxo.com> Message-ID: <000001c3b9a4$01bec340$bf8d3818@oberon1> chris Snyder writes: > "Well-designed" and "secure" mean different things to > different folks, > but classes generic enough to be used as lego blocks have a hard time > earning those descriptions. > Guilty (again) of being sloppy and inexact. What I meant to say is doesn't the PFC at PEAR aim at this goal? And to what degree do people think the PEAR Foundation Classes have achieved that goal. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From sryBoston at hotmail.com Wed Dec 3 09:40:12 2003 From: sryBoston at hotmail.com (-sry) Date: Wed, 3 Dec 2003 09:40:12 -0500 Subject: [nycphp-talk] newbie - square one References: Message-ID: > See, I told you this was a better place to get questions answered than > the wwwac. > Hey! Now don't go comparing apples to oranges--wwwac is still better for plenty of things, if nothing else, the wwwacies themselves! :) We have lots of fun over there and occasionally get some work done, too! For the focused topic of PHP or PHP/mySQL, yes, this is HEAVEN :-) So glad I found you guys. Jeff, thanks for the list of books - I have no money for any books right now but the Great American Public Library system seems to keep themselves pretty well-stocked on computer-related things here in Cambridge. Big surprise, huh? <> I'll see what I can find. I think O'Reilly needs to have a "large consumer's club" or "Book of the Month" club where if you buy at least 8 books a year, you get one free or something :-D The only things besides clothes that I have paid to ship internationally (no less than 3 times) are my computer and engineering books--more than half of them ORA. I want something back, darnit. -sry From jsiegel1 at optonline.net Wed Dec 3 10:01:00 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 03 Dec 2003 10:01:00 -0500 Subject: [nycphp-talk] newbie - square one In-Reply-To: References: Message-ID: <3FCDFAAC.6070201@optonline.net> Hope the list works for you...when you have the money. :) Jeff -sry wrote: >>See, I told you this was a better place to get questions answered than >>the wwwac. >> > > > Hey! Now don't go comparing apples to oranges--wwwac is still > better for plenty of things, if nothing else, the wwwacies themselves! :) > We have lots of fun over there and occasionally get some work > done, too! For the focused topic of PHP or PHP/mySQL, yes, > this is HEAVEN :-) So glad I found you guys. > > Jeff, thanks for the list of books - I have no money for any books > right now but the Great American Public Library system seems to > keep themselves pretty well-stocked on computer-related things > here in Cambridge. Big surprise, huh? <> > > I'll see what I can find. I think O'Reilly needs to have a "large > consumer's club" or "Book of the Month" club where if you buy > at least 8 books a year, you get one free or something :-D The > only things besides clothes that I have paid to ship internationally > (no less than 3 times) are my computer and engineering > books--more than half of them ORA. I want something back, > darnit. > > -sry > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From bpang at bpang.com Wed Dec 3 10:11:38 2003 From: bpang at bpang.com (Brian Pang) Date: Wed, 03 Dec 2003 10:11:38 -0500 Subject: books? we don't need no stinkin' books! - Was: Re: [nycphp-talk] newbie - square one Message-ID: apologies to the authors in the crowd :) > Hope the list works for you...when you have the money. :) > > I have no money for any books From jonbaer at jonbaer.net Wed Dec 3 10:23:04 2003 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 3 Dec 2003 10:23:04 -0500 Subject: books? we don't need no stinkin' books! - Was: Re: [nycphp-talk]newbie - square one References: Message-ID: <007001c3b9b1$59123020$6400a8c0@thinkpad> > > > I have no money for any books http://www.jonbaer.net/books :-) Sorry for the spam ... happy holidays ... - jon From jeffknight at mac.com Wed Dec 3 10:36:22 2003 From: jeffknight at mac.com (PUTAMARE) Date: Wed, 3 Dec 2003 10:36:22 -0500 Subject: [nycphp-talk] newbie - square one In-Reply-To: References: Message-ID: <72727138-25A6-11D8-879A-000393B9FB36@mac.com> On Dec 3, 2003, at 9:40 AM, -sry wrote: > I'll see what I can find. I think O'Reilly needs to have a "large > consumer's club" or "Book of the Month" club where if you buy > at least 8 books a year, you get one free or something have you looked into the Safari Bookshelf? 15/mo. isn't bad... http://safari.oreilly.com Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From jlacey at att.net Wed Dec 3 12:05:17 2003 From: jlacey at att.net (John Lacey) Date: Wed, 03 Dec 2003 10:05:17 -0700 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <009a01c3b99e$75995420$bf8d3818@oberon1> References: <009a01c3b99e$75995420$bf8d3818@oberon1> Message-ID: <3FCE17CD.6050902@att.net> Tim Gales wrote: > ".. wouldn't it be > nice if well-designed secure components (pcom?) were > available that one could go to the 'lego box' and pull out > what you need to put it together..." > > Are you saying that Pear doesn't do this? nope, was more of a comment about the stuff out there of questionable quality from a security standpoint In fact, I use PEAR when I'm teaching noobie PHP fundamentals to give the people a standard for coding after we've thrown something together that "works" John From shawn at shawnlawyer.com Wed Dec 3 12:36:54 2003 From: shawn at shawnlawyer.com (Shawn Lawyer) Date: Wed, 3 Dec 2003 12:36:54 -0500 Subject: [nycphp-talk] newbie - square one References: <72727138-25A6-11D8-879A-000393B9FB36@mac.com> Message-ID: <00c101c3b9c4$206def30$ae40c718@Della> moo, Web references are the best, but when trying to learn, sometimes it can be better to just have a book. Can't connect in the subway ya know, and that's my favorite place to read. I sometimes hop on the 1/9 and ride it till I get back to where I start. FREAK I have known the feeling of not having money for books, and it being the season for giving, I have a few books you might like and I don't need. If you don't mind traveling for them, they're yours. Shawn Lawyer btw is anyone else on twc/earthlink and having problems sending From dmintz at davidmintz.org Wed Dec 3 15:32:20 2003 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 3 Dec 2003 15:32:20 -0500 (EST) Subject: [nycphp-talk] holy sh!t [gossip] In-Reply-To: Message-ID: I'm astounded to see this output: Parse error: parse error, expecting `','' or `';'' in /usr/local/www/pearweb/public_html/index.php on line 68 at this location: http://pear.php.net/ (I will try to email someone there. Maybe it will have been fixed up by the time you read this.) --- David Mintz http://davidmintz.org/ ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! Please use dmintz at davidmintz.org "Anybody else got a problem with Webistics?" Sopranos 24:17 From tom at supertom.com Wed Dec 3 15:37:41 2003 From: tom at supertom.com (tom at supertom.com) Date: Wed, 03 Dec 2003 15:37:41 -0500 Subject: [nycphp-talk] holy sh!t [gossip] In-Reply-To: Message-ID: You are right - and that is crazy!!! Heads are gonna roll in PHP land! :-) BTW, I am quite jealous of the holiday party you NY-PHPer's are throwing - I wish I could make it. Don't know anywhere on Long Island where I can get a pig sandwich! Tom *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of David Mintz Sent: Wednesday, December 03, 2003 3:32 PM To: NYPHP Talk Subject: [nycphp-talk] holy sh!t [gossip] I'm astounded to see this output: Parse error: parse error, expecting `','' or `';'' in /usr/local/www/pearweb/public_html/index.php on line 68 at this location: http://pear.php.net/ (I will try to email someone there. Maybe it will have been fixed up by the time you read this.) --- David Mintz http://davidmintz.org/ ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! Please use dmintz at davidmintz.org "Anybody else got a problem with Webistics?" Sopranos 24:17 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tom at supertom.com Wed Dec 3 15:45:42 2003 From: tom at supertom.com (tom at supertom.com) Date: Wed, 03 Dec 2003 15:45:42 -0500 Subject: [nycphp-talk] PHP ASP comparison In-Reply-To: Message-ID: Hey folks, Ok, guys, I know I've seen this time in again across the web, but now I actually have a need (doing a presentation for a course I am taking, and I bet I can use this content for a future LIPHP meeting) for this type of info. Stats on speed, performance, easy of use, features, support etc. I will do my share of googling for this info, I promise, but I figured someone out there may have some good links right at there fingertips which is why I am asking first. And hey, I bet many of us on the list would enjoy a good discussion about this type of thing. Nowhere did I mention that my presentation had to be objective. Just kidding. :-) Any help is greatly appreciated! Tom Long Island PHP Users Group http://www.liphp.org *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php From shiflett at php.net Wed Dec 3 16:01:16 2003 From: shiflett at php.net (Chris Shiflett) Date: Wed, 3 Dec 2003 13:01:16 -0800 (PST) Subject: [nycphp-talk] PHP ASP comparison In-Reply-To: Message-ID: <20031203210116.33641.qmail@web14304.mail.yahoo.com> This is a decent link: http://php.weblogs.com/php_vs_asp I admit that I haven't actually read it (I never give ASP any thought), but I saw that there are some links to other comparisons at the bottom. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From tom at supertom.com Wed Dec 3 16:06:54 2003 From: tom at supertom.com (tom at supertom.com) Date: Wed, 03 Dec 2003 16:06:54 -0500 Subject: [nycphp-talk] PHP ASP comparison In-Reply-To: <20031203210116.33641.qmail@web14304.mail.yahoo.com> Message-ID: See, I knew someone would have a great link - I hadn't even heard of that one before. Thanks, Chris! Tom *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Chris Shiflett Sent: Wednesday, December 03, 2003 4:01 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PHP ASP comparison This is a decent link: http://php.weblogs.com/php_vs_asp I admit that I haven't actually read it (I never give ASP any thought), but I saw that there are some links to other comparisons at the bottom. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From nyphp at enobrev.com Wed Dec 3 16:23:21 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Wed, 3 Dec 2003 16:23:21 -0500 Subject: [nycphp-talk] PHP ASP comparison In-Reply-To: <20031203210116.33641.qmail@web14304.mail.yahoo.com> Message-ID: Here's on involving .net The article: http://www.sitepoint.com/article/870 And a rebuttal: http://www.edwardbear.org/serendipity/archives/1178_NET_vs_PHP_again_and_aga in.html Mark -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris Shiflett Sent: Wednesday, December 03, 2003 4:01 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PHP ASP comparison This is a decent link: http://php.weblogs.com/php_vs_asp I admit that I haven't actually read it (I never give ASP any thought), but I saw that there are some links to other comparisons at the bottom. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dmintz at davidmintz.org Wed Dec 3 16:25:17 2003 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 3 Dec 2003 16:25:17 -0500 (EST) Subject: [nycphp-talk] holy sh!t [gossip] In-Reply-To: Message-ID: Damn, they fixed it already. (-: On Wed, 3 Dec 2003, David Mintz wrote: > > I'm astounded to see this output: > > Parse error: parse error, expecting `','' or `';'' in > /usr/local/www/pearweb/public_html/index.php on line 68 > > at this location: http://pear.php.net/ > > (I will try to email someone there. Maybe it will have been fixed up by > the time you read this.) > > --- > David Mintz > http://davidmintz.org/ > ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! > Please use dmintz at davidmintz.org > > > "Anybody else got a problem with Webistics?" > > Sopranos 24:17 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > --- David Mintz http://davidmintz.org/ ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! Please use dmintz at davidmintz.org "Anybody else got a problem with Webistics?" Sopranos 24:17 From jsiegel1 at optonline.net Wed Dec 3 16:34:40 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 03 Dec 2003 16:34:40 -0500 Subject: [nycphp-talk] PHP ASP comparison In-Reply-To: References: Message-ID: <3FCE56F0.1020802@optonline.net> Just to round things out, there is the article that used to be on the Microsoft site that compared ASP.net to PHP. It's always good to know what the other side thinks. See: http://www.msdnaa.net/Resources/display.aspx?ResID=2315 This used to be on the MSDN site but seems to have been removed and placed on the site noted above. Jeff Siegel tom at supertom.com wrote: > See, I knew someone would have a great link - I hadn't even heard of that > one before. > > Thanks, Chris! > > Tom > > > > > > *************************************************** > What's Tom listening to right now? Find out here: > http://www.supertom.com/current_track.php > > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Chris Shiflett > Sent: Wednesday, December 03, 2003 4:01 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] PHP ASP comparison > > > This is a decent link: > > http://php.weblogs.com/php_vs_asp > > I admit that I haven't actually read it (I never give ASP any thought), > but I saw that there are some links to other comparisons at the bottom. > > Hope that helps. > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security Handbook > Coming mid-2004 > HTTP Developer's Handbook > http://httphandbook.org/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From dorgan at optonline.net Wed Dec 3 19:05:28 2003 From: dorgan at optonline.net (Donald J. Organ IV) Date: Wed, 03 Dec 2003 19:05:28 -0500 Subject: [nycphp-talk] Browser Based Code Editors References: <72727138-25A6-11D8-879A-000393B9FB36@mac.com> <00c101c3b9c4$206def30$ae40c718@Della> Message-ID: <000d01c3b9fa$53a460b0$c801a8c0@dj> Does anyone know of any browser based code editors for ColdFusion something that woudl except the tab key? From suzerain at suzerain.com Wed Dec 3 20:48:31 2003 From: suzerain at suzerain.com (Marc Antony Vose) Date: Wed, 3 Dec 2003 20:48:31 -0500 Subject: [nycphp-talk] multilingual strategies In-Reply-To: <09B074D7-063E-11D8-8A2B-0003930D07F2@email.smith.edu> References: <09B074D7-063E-11D8-8A2B-0003930D07F2@email.smith.edu> Message-ID: Hi there. I develop sites with my own custom publishing engine that I've been adding to since about 1998...all in PHP. My goals are to keep it as modular as possible, so I can easily plug in different bits of functionality, and provide my clients with the greatest amount of flexibility in terms of what it can be used for. So, with that mindset, I'm interested in how people here have approached multilingual sites in a PHP/MySQL environment? In particular, I have an upcoming cultural project that will be translated into an unknown number of languages, and only in bits and pieces. So, at any given point in the content hierarchy, the system will need to look for a preferred language, and if it isn't found, go to the next on the list, and so on. (This is similar to the way Mac OS X works if any of you have used it.) The content will vary in terms of scope, length and type; right now, I tend to utilize MySQL for text data storage about 80% of the time, and the other 20% of the time I store textual content in text files, as serialized PHP objects. I always store graphics in the filesystem. So, I have my own ideas on how I am going to approach this, but here are my questions. How do you handle multilingual sites? Do you tend to store data in text files, in a database, or some other way? Do you maintain different entire databases for each language, or different tables in the same database, or just different columns in the same table(s)? Looking for abstract answers here about strategy. Thanks much, -- Marc Antony Vose http://www.suzerain.com/ Never underestimate the power of human stupidity. -- Lazarus Long From csnyder at chxo.com Wed Dec 3 21:04:57 2003 From: csnyder at chxo.com (Chris Snyder) Date: Wed, 03 Dec 2003 21:04:57 -0500 Subject: [nycphp-talk] multilingual strategies In-Reply-To: References: <09B074D7-063E-11D8-8A2B-0003930D07F2@email.smith.edu> Message-ID: <3FCE9649.6030003@chxo.com> Marc Antony Vose wrote: > How do you handle multilingual sites? Do you tend to store data in > text files, in a database, or some other way? Do you maintain > different entire databases for each language, or different tables in > the same database, or just different columns in the same table(s)? > I'm currently a fan of creating records in a separate table, one for each translation of a document. The translations table is keyed on the document id and language code so there can't be multiple same-language translations of something. On lookup, if the user's language is different from the document's language, some logic handles the lookup and, if a record is found, the original content is replaced with the translated content. One suggestion: consider using valid locales as your language codes so that you can use them with strftime() to format dates. Just using "en" or "es" might not be enough depending on your OS. csnyder From shawn at shawnlawyer.com Wed Dec 3 18:05:48 2003 From: shawn at shawnlawyer.com (Shawn Lawyer) Date: Wed, 3 Dec 2003 18:05:48 -0500 Subject: [nycphp-talk] dinner help References: Message-ID: <000601c3ba0e$68c2a100$ae40c718@Della> moo, i lost the email to rsvp to the dinner. life is crazy, i've been in a mad rush trying to get all my stuff ready for columbia u next semester. heh a programmer going to a med school. i need the info, i remember something about hard rock cafe and 20 bucks but don't know time or where nyc hard rock cafe is?? thanks shawn From adam at trachtenberg.com Wed Dec 3 21:35:21 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Wed, 3 Dec 2003 21:35:21 -0500 (EST) Subject: [nycphp-talk] multilingual strategies In-Reply-To: <3FCE9649.6030003@chxo.com> References: <09B074D7-063E-11D8-8A2B-0003930D07F2@email.smith.edu> <3FCE9649.6030003@chxo.com> Message-ID: On Wed, 3 Dec 2003, Chris Snyder wrote: > Marc Antony Vose wrote: > > > How do you handle multilingual sites? Do you tend to store data in > > text files, in a database, or some other way? Do you maintain > > different entire databases for each language, or different tables in > > the same database, or just different columns in the same table(s)? Some of the techniques I used to use are documented here: http://www.onlamp.com/pub/a/php/2002/11/28/php_i18n.html I don't think this meshes well with your setup, but I pass it along anyway. > One suggestion: consider using valid locales as your language codes so > that you can use them with strftime() to format dates. Just using "en" > or "es" might not be enough depending on your OS. You should definitely use locales. People are really picky about this. I would also suggest that you look into the GNU gettext library. You can build it as a PHP extension and I would guess that gettext is very efficient, if this is major concern to you. It also allows you to handle all sorts of pluralization and other oddities without needing to write your own. -adam PS: Oblig. PHP Cookbook Reference: Chapter 16. -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From lists at ny-tech.net Wed Dec 3 21:47:14 2003 From: lists at ny-tech.net (Nasir Zubair) Date: Wed, 3 Dec 2003 21:47:14 -0500 Subject: [nycphp-talk] dinner help In-Reply-To: <000601c3ba0e$68c2a100$ae40c718@Della> Message-ID: <000701c3ba10$eee84b70$6401a8c0@main> http://nyphp.org/ :-) - Nasir > -----Original Message----- > From: Shawn Lawyer [mailto:shawn at shawnlawyer.com] > Sent: Wednesday, December 03, 2003 6:06 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] dinner help > > > moo, > > i lost the email to rsvp to the dinner. life is crazy, i've > been in a mad rush trying to get all my stuff ready for > columbia u next semester. heh a programmer going to a med > school. i need the info, i remember something about hard rock > cafe and 20 bucks but don't know time or where nyc hard rock cafe is?? > > thanks > shawn > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > From jlacey at att.net Wed Dec 3 21:56:50 2003 From: jlacey at att.net (John Lacey) Date: Wed, 03 Dec 2003 19:56:50 -0700 Subject: [nycphp-talk] dinner help In-Reply-To: <000701c3ba10$eee84b70$6401a8c0@main> References: <000701c3ba10$eee84b70$6401a8c0@main> Message-ID: <3FCEA272.900@att.net> Nasir Zubair wrote: > http://nyphp.org/ > > :-) > > - Nasir > >> >>moo, >> >>i lost the email to rsvp to the dinner. life is crazy, i've >>been in a mad rush trying to get all my stuff ready for >>columbia u next semester. heh a programmer going to a med >>school. i need the info, i remember something about hard rock >>cafe and 20 bucks but don't know time or where nyc hard rock cafe is?? >> >>thanks >>shawn man, if I wuz comin' to new yawk city, I'd make a beeline to the best Jewish Deli for a Corn Beef, Cole Slaw and Russian Dressing on Rye... with a pickle on the side of course damn, being from Phila and having worked in the City from time to time, I sure miss East Coast food.. ya just can't get a good sammich out here in Colorado :( John From southwell at dneba.com Wed Dec 3 23:17:46 2003 From: southwell at dneba.com (Michael Southwell) Date: Wed, 03 Dec 2003 23:17:46 -0500 Subject: [nycphp-talk] dinner help In-Reply-To: <3FCEA272.900@att.net> References: <000701c3ba10$eee84b70$6401a8c0@main> <3FCEA272.900@att.net> Message-ID: <6.0.1.1.2.20031203231656.01b38710@mail.optonline.net> At 09:56 PM 12/3/2003, you wrote: >damn, being from Phila and having worked in the City from time to time, I >sure miss East Coast food.. ya just can't get a good sammich out here in >Colorado :( ah, but your skiing is better! Michael G. Southwell ================================= DNEBA Enterprises 81 South Road Bloomingdale, NJ 07403-1419 973/492-7873 (voice and fax) southwell at dneba.com http://www.dneba.com ====================================================== From xml at aumcomputers.com Thu Dec 4 06:25:04 2003 From: xml at aumcomputers.com (Anirudh Zala) Date: Thu, 4 Dec 2003 16:55:04 +0530 Subject: [nycphp-talk] multilingual strategies References: <09B074D7-063E-11D8-8A2B-0003930D07F2@email.smith.edu> Message-ID: <01bd01c3ba59$6f89e6b0$0164a8c0@com1> Hi, We have been providing multilingual support for websites since 4 years. To store language variables we use File system instead of DB, as DB access for each and every page is not recommended from performance point of view in general sense. Just think how many DB interactions you will need for each and every request if you store language variables in DB. We don't do embedded programming, rather we keep pur PHP code and GUI part separately, hence we store all language variables in 1 php file depnding upon how much language support u require. While displaying those language specific items, we store language variable in session variable or in cookie at client side and use it across our all php files. Whenever new language is selected (by flag or caption name) 1,2 or 3 or 4 will be stored in session which will determine which language file is to be included. My structure is like below. ....Config variables or Config files ....Language files say 1.inc or 2.inc (1 and 2 are stored in session) ....Other files or Main code ....Parse your language variables here ....Print out put to browser For exmaple your 1.inc file (which is in english) contains variables like below $cap[hello]="Hello"; $msg[hello]="Welcome to Foo site"; And 2.inc (which is in spanish langauge) contains variables like below $cap[hello]="Hola"; $msg[hello]="Welcome ... .. site"; And similarly 3.inc, 4.inc etc.. While GUI part your html files contains variables like this {WELCOME} {WELCOME_MSG} Finally 1 of your common parsing file, like ** rFastTemplate.php** in our case using "assign" method, will parse php realted variables into html template and will send output to browser. code can be like below: [.....code.....includable files..code...] $tp->assign(array(WELCOME=>$cap[hello],WELCOME_MSG=>$msg[hello])); [...print output...] By this way effieceint multilingual implementation can be achieved without any extra efforts. Maximum benefit is that we don't require DB connections here, as this system is absolutely dependent upon File system. Thanks Anirudh Zala ------------------------------------------------------------------------- Anirudh Zala (Project Manager), Tel: +91 281 2451894 AUM Computers, 317 Star Plaza, anirudh at aumcomputers.com Rajkot-360001, Gujarat, INDIA http://www.aspl.info ------------------------------------------------------------------------- ----- Original Message ----- From: "Marc Antony Vose" To: "NYPHP Talk" Sent: Thursday, 04 December, 2003 7:18 AM Subject: [nycphp-talk] multilingual strategies > Hi there. > > I develop sites with my own custom publishing engine that I've been > adding to since about 1998...all in PHP. My goals are to keep it as > modular as possible, so I can easily plug in different bits of > functionality, and provide my clients with the greatest amount of > flexibility in terms of what it can be used for. > > So, with that mindset, I'm interested in how people here have > approached multilingual sites in a PHP/MySQL environment? In > particular, I have an upcoming cultural project that will be > translated into an unknown number of languages, and only in bits and > pieces. So, at any given point in the content hierarchy, the system > will need to look for a preferred language, and if it isn't found, go > to the next on the list, and so on. > > (This is similar to the way Mac OS X works if any of you have used it.) > > The content will vary in terms of scope, length and type; right now, > I tend to utilize MySQL for text data storage about 80% of the time, > and the other 20% of the time I store textual content in text files, > as serialized PHP objects. I always store graphics in the filesystem. > > So, I have my own ideas on how I am going to approach this, but here > are my questions. > > How do you handle multilingual sites? Do you tend to store data in > text files, in a database, or some other way? Do you maintain > different entire databases for each language, or different tables in > the same database, or just different columns in the same table(s)? > > Looking for abstract answers here about strategy. > > Thanks much, > > -- > Marc Antony Vose > http://www.suzerain.com/ > > Never underestimate the power of human stupidity. > -- Lazarus Long > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jlacey at att.net Thu Dec 4 08:07:28 2003 From: jlacey at att.net (John Lacey) Date: Thu, 04 Dec 2003 06:07:28 -0700 Subject: [nycphp-talk] dinner help In-Reply-To: <6.0.1.1.2.20031203231656.01b38710@mail.optonline.net> References: <000701c3ba10$eee84b70$6401a8c0@main> <3FCEA272.900@att.net> <6.0.1.1.2.20031203231656.01b38710@mail.optonline.net> Message-ID: <3FCF3190.7060209@att.net> Michael Southwell wrote: > At 09:56 PM 12/3/2003, you wrote: > >> damn, being from Phila and having worked in the City from time to >> time, I sure miss East Coast food.. ya just can't get a good sammich >> out here in Colorado :( > > > ah, but your skiing is better! > > true dat Michael... Steamboat Spring's champagne powder is a pleasure to do a face plant in :)) btw, I worked for Steamboat's Ski and Resort Corp for a year and 2 summers on their central reservations system -- AT&T Unix with an Informix back end... tough job but someone had to do it :) >From hans not junk at nyphp.com Thu Dec 4 10:32:16 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 0A735A85F0 for ; Thu, 4 Dec 2003 10:32:16 -0500 (EST) Received: (qmail 44558 invoked by uid 89); 4 Dec 2003 15:32:15 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 4 Dec 2003 15:32:15 -0000 Message-ID: <3FCF53C3.8010308 at nyphp.com> Date: Thu, 04 Dec 2003 10:33:23 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] dinner help References: <000701c3ba10$eee84b70$6401a8c0 at main> <3FCEA272.900 at att.net> <6.0.1.1.2.20031203231656.01b38710 at mail.optonline.net> <3FCF3190.7060209 at att.net> In-Reply-To: <3FCF3190.7060209 at att.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 15:32:16 -0000 John Lacey wrote: > > > Michael Southwell wrote: > >> At 09:56 PM 12/3/2003, you wrote: >> >>> damn, being from Phila and having worked in the City from time to >>> time, I sure miss East Coast food.. ya just can't get a good sammich >>> out here in Colorado :( >> >> >> >> ah, but your skiing is better! >> >> > > true dat Michael... Steamboat Spring's champagne powder is a pleasure to > do a face plant in :)) > > btw, I worked for Steamboat's Ski and Resort Corp for a year and 2 > summers on their central reservations system -- AT&T Unix with an > Informix back end... tough job but someone had to do it :) There's already a PHP Cruise. I think a PHP Ski Trip with tutorials, sessions, powder and hot chocolate would be great :) H >From hans not junk at nyphp.com Thu Dec 4 10:39:29 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 7794DA85F0 for ; Thu, 4 Dec 2003 10:39:29 -0500 (EST) Received: (qmail 46777 invoked by uid 89); 4 Dec 2003 15:39:29 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 4 Dec 2003 15:39:29 -0000 Message-ID: <3FCF5575.2080904 at nyphp.com> Date: Thu, 04 Dec 2003 10:40:37 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] newbie - square one References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 15:39:29 -0000 -sry wrote: >>See, I told you this was a better place to get questions answered than >>the wwwac. >> > > Hey! Now don't go comparing apples to oranges--wwwac is still > better for plenty of things, if nothing else, the wwwacies themselves! :) > We have lots of fun over there and occasionally get some work > done, too! For the focused topic of PHP or PHP/mySQL, yes, > this is HEAVEN :-) So glad I found you guys. You should also check out the NYFE (New York Front End) list, also at http://nyphp.org/lists It focuses on client-side coding and interaction between PHP and client side languages - crazy guys, but they're great :) > Jeff, thanks for the list of books - I have no money for any books > right now but the Great American Public Library system seems to > keep themselves pretty well-stocked on computer-related things > here in Cambridge. Big surprise, huh? <> > > I'll see what I can find. I think O'Reilly needs to have a "large > consumer's club" or "Book of the Month" club where if you buy > at least 8 books a year, you get one free or something :-D The > only things besides clothes that I have paid to ship internationally > (no less than 3 times) are my computer and engineering > books--more than half of them ORA. I want something back, > darnit. NYPHP's book review program might help. We've got a couple great books left and request more from the publishers. The books are free, but we ask that you write a short review of the book. See http://nyphp.org/library for more. Hans >From hans not junk at nyphp.com Thu Dec 4 10:47:43 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id D31D3A85FD for ; Thu, 4 Dec 2003 10:47:42 -0500 (EST) Received: (qmail 49263 invoked by uid 89); 4 Dec 2003 15:47:42 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 4 Dec 2003 15:47:42 -0000 Message-ID: <3FCF5762.9040403 at nyphp.com> Date: Thu, 04 Dec 2003 10:48:50 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] security? we don't need no stinkin security! References: <009a01c3b99e$75995420$bf8d3818 at oberon1> <3FCE17CD.6050902 at att.net> In-Reply-To: <3FCE17CD.6050902 at att.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 15:47:43 -0000 John Lacey wrote: > > Tim Gales wrote: > >> ".. wouldn't it be nice if well-designed secure components (pcom?) >> were available that one could go to the 'lego box' and pull out what >> you need to put it together..." >> >> Are you saying that Pear doesn't do this? I would say PEAR doesn't do this for a number of reasons. For one, PEAR is not modular (component) based. It's a framework with a great deal of interdependancy that provides a large and varied set of functionality. PEAR doesn't provide isolated functionality - it's all PEAR or nothing. More of an erector set than legos? :) PCOMs, or any component based system, are isolated from each other. There are no dependancies between components, and each provides a very specific set of functionality - yet, the functionality is generic (could be used and reused in any environment). Personally, and not to come down on PEAR or CPAN too much, but a large, complex and interconnected framework is more prone to security issues, not to mention performance and maintainability. A component model allows specific functionality to be extremely well tested, maintained and deployed. My 2 cents, H From tgales at tgaconnect.com Thu Dec 4 11:49:57 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 4 Dec 2003 11:49:57 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FCF5762.9040403@nyphp.com> Message-ID: <000801c3ba86$a6e3d940$bf8d3818@oberon1> H writes: "...PEAR doesn't do this for a number of reasons..." Is it fair to characterize your response as: 1) Not modular (too interconnected) 2) Complex (large) making it: 2a) hard to maintain 2b) slow 2c) prone to security flaws T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com > From shiflett at php.net Thu Dec 4 12:11:17 2003 From: shiflett at php.net (Chris Shiflett) Date: Thu, 4 Dec 2003 09:11:17 -0800 (PST) Subject: [nycphp-talk] Syndication Message-ID: <20031204171117.55055.qmail@web14309.mail.yahoo.com> We're getting some attention: http://www.phpmag.net/itr/news/psecom,id,12865,nodeid,113.html Maybe sites will soon be syndicating our phundamentals as well. Do we have an XML feed for those, or would it be worth even considering such a thing? Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From bpang at bpang.com Thu Dec 4 12:18:33 2003 From: bpang at bpang.com (Brian Pang) Date: Thu, 04 Dec 2003 12:18:33 -0500 Subject: [nycphp-talk] Syndication Message-ID: I guess we better start watching what we say if the world will be watching... :) > We're getting some attention: > > http://www.phpmag.net/itr/news/psecom,id,12865,nodeid,113.html >From hans not junk at nyphp.com Thu Dec 4 13:18:35 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 9F896A85F0 for ; Thu, 4 Dec 2003 13:18:35 -0500 (EST) Received: (qmail 6500 invoked by uid 89); 4 Dec 2003 18:18:35 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 4 Dec 2003 18:18:35 -0000 Message-ID: <3FCF7ABF.3070906 at nyphp.com> Date: Thu, 04 Dec 2003 13:19:43 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: [nycphp-talk] [Fwd: MySQL 4.1.1 has been released] X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 18:18:36 -0000 FYI -------- Original Message -------- Subject: MySQL 4.1.1 has been released Date: Thu, 4 Dec 2003 16:23:56 +0100 (CET) From: Lenz Grimmer To: announce at lists.mysql.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, MySQL 4.1.1, a new version of the popular Open Source/Free Software database management system, has been released. It is now available in source and binary form for a number of platforms from our download pages at http://www.mysql.com/downloads/ and mirror sites. Note that not all mirror sites may be up to date at this point in time - if you can't find this version on some mirror, please try again later or choose another download site. This is the second Alpha development release of the 4.1 tree, adding many new features (see below) and fixing recently discovered bugs. Please refer to our bug database at http://bugs.mysql.com/ for more details about the individual bugs fixed in this version. As this code is currently labeled "Alpha", we do not recommend that this version be used in production environments yet! However, we encourage you to test and evaluate it and, more importantly, report any bugs or observations to our bug tracking database at http://bugs.mysql.com/. Please note, that for us to resolve a bug report, a reproducible test is required. See "How to report a bug" at http://bugs.mysql.com/how-to-report.php for more details before filing a bug report. We appreciate your support! For a more detailed list of features in MySQL 4.1, please see http://www.mysql.com/doc/en/MySQL_4.1_Nutshell.html News from the ChangeLog: Functionality added or changed: * Added `IGNORE' option for `DELETE' statement. * The MySQL source distribution now also includes the MySQL Internals Manual `internals.texi'. * Added `mysql_set_server_option()' C API client function to allow multiple statement handling in the server to be enabled or disabled. * The `mysql_next_result()' C API function now returns `-1' if there are no more result sets. * Renamed `CLIENT_MULTI_QUERIES' connect option flag to `CLIENT_MULTI_STATEMENTS'. To allow for a transition period, the old option will continue to be recognized for a while. * Require `DEFAULT' before table and database default character set. This enables us to use `ALTER TABLE table_name ... CHARACTER SET=...' to change the character set for all `CHAR', `VARCHAR', and `TEXT' columns in a table. * Added `MATCH ... AGAINST( ... WITH QUERY EXPANSION)' and the `ft_query_expansion_limit' server variable. * Removed unused `ft_max_word_len_for_sort' server variable. * Full-text search now supports multi-byte character sets and the Unicode `utf8' character set. (The Unicode `ucs2' character set is not yet supported.) * Phrase search in `MATCH ... AGAINST ( ... IN BOOLEAN MODE)' no longer matches partial words. * Added aggregate function `BIT_XOR()' for bitwise XOR operations. * Replication over SSL now works. * The `START SLAVE' statement now supports an `UNTIL' clause for specifying that the slave SQL thread should be started but run only until it reaches a given position in the master's binary logs or in the slave's relay logs. * Produce warnings even for single-row `INSERT' statements, not just for multiple-row `INSERT' statements. Previously, it was necessary to set `SQL_WARNINGS=1' to generate warnings for single-row statements. * Added `delimiter' (`\d') command to the `mysql' command-line client for changing the statement delimiter (terminator). The default delimiter is semicolon. * `CHAR', `VARCHAR', and `TEXT' columns now have lengths measured in characters rather than in bytes. The character size depends on the column's character set. This means, for example, that a `CHAR(n)' column for a multi-byte character set will take more storage than before. Similarly, index values on such columns are measured in characters, not bytes. * The `DATABASE()' function now returns `NULL' rather than the empty string if there is no database selected. * Added `--sql-mode=NO_AUTO_VALUE_ON_ZERO' option to suppress the usual behaviour of generating the next sequence number when zero is stored in an `AUTO_INCREMENT' column. With this mode enabled, zero is stored as zero; only storing `NULL' generates a sequence number. * *Warning: Incompatible change!* Client authentication now is based on 41-byte passwords in the `user' table, not 45-byte passwords as in 4.1.0. Any 45-byte passwords created for 4.1.0 must be reset after running the `mysql_fix_privilege_tables' script. * *Warning: Incompatible change!* Renamed the C API `mysql_prepare_result()' function to `mysql_get_metadata()' as the old name was confusing. * Added `DROP USER 'username'@'hostname'' statement to drop an account that has no privileges. * The interface to aggregated UDF functions has changed a bit. You must now declare a `xxx_clear()' function for each aggregate function `XXX()'. * The `CONCAT_WS()' function no longer skips empty strings. * Added new `ADDTIME()', `DATE()', `DATEDIFF()', `LAST_DAY()', `MAKEDATE()', `MAKETIME()', `MICROSECOND()', `SUBTIME()', `TIME()', `TIMEDIFF()', `TIMESTAMP()', `UTC_DATE()', `UTC_TIME()', `UTC_TIMESTAMP()', and `WEEKOFYEAR()' functions. * Added new syntax for `ADDDATE()' and `SUBDATE()'. The second argument now may be a number representing the number of days to be added to or subtracted from the first date argument. * Added new `type' values `DAY_MICROSECOND', `HOUR_MICROSECOND', `MINUTE_MICROSECOND', `SECOND_MICROSECOND', and `MICROSECOND' for `DATE_ADD()', `DATE_SUB()', and `EXTRACT()'. * Added new `%f' microseconds format specifier for `DATE_FORMAT()' and `TIME_FORMAT()'. * All queries in which at least one `SELECT' does not use indexes properly now are written to the slow query log when long log format is used. * It is now possible to create a `MERGE' table from `MyISAM' tables in different databases. Formerly, all the `MyISAM' tables had to be in the same database, and the `MERGE' table had to be created in that database as well. * Added new `COMPRESS()', `UNCOMPRESS()', and `UNCOMPRESSED_LENGTH()' functions. * When doing `SET sql_mode='mode'' for a complex mode (like `ANSI'), we now update the `sql_mode' variable to include all the individual options implied by the complex mode. * Added the OLAP (On-Line Analytical Processing) function `ROLLUP', which provides summary rows for each `GROUP BY' level. * Added `SQLSTATE' codes for all server errors. * Added `mysql_sqlstate()' and `mysql_stmt_sqlstate()' C API client functions that return the `SQLSTATE' error code for the last error. * `TIME' columns with hour values greater than 24 were returned incorrectly to the client. * `ANALYZE', `OPTIMIZE', `REPAIR', and `FLUSH' statements are now stored in the binary log and thus replicated to slaves. This logging does not occur if the optional `NO_WRITE_TO_BINLOG' keyword (or its alias `LOCAL') is given. Exceptions are that `FLUSH LOGS', `FLUSH MASTER', `FLUSH SLAVE', and `FLUSH TABLES WITH READ LOCK' are not logged in any case. For a syntax example, see *Note `FLUSH': FLUSH. * New global variable `RELAY_LOG_PURGE' to enable or disable automatic relay log purging. * `LOAD DATA' now produces warnings that can be fetched with `SHOW WARNINGS'. * Added support for syntax `CREATE TABLE table2 (LIKE table1)' that creates an empty table `table2' with a definition that is exactly the same as `table1', including any indexes. * `CREATE TABLE table_name (...) TYPE=storage_engine' now generates a warning if the named storage engine is not available. The table is still created as a `MyISAM' table, as before. * Most subqueries are now much faster than before. * Added `PURGE BINARY LOGS' as an alias for `PURGE MASTER LOGS'. * Disabled the `PURGE LOGS' statement that was added in in version 4.1.0. The statement now should be issued as `PURGE MASTER LOGS' or `PURGE BINARY LOGS'. * Added `SHOW BDB LOGS' as an alias for `SHOW LOGS'. * Added `SHOW MASTER LOGS' (which had been deleted in version 4.1.0) as an alias for `SHOW BINARY LOGS'. * Added `Slave_IO_State' and `Seconds_Behind_Master' columns to the output of `SHOW SLAVE STATUS'. `Slave_IO_State' indicates the state of the slave I/O thread, and `Seconds_Behind_Master' indicates the number of seconds by which the slave is late compared to the master. * `--lower-case-table-names=1' now also makes aliases case insensitive. (Bug #534) Bugs fixed: * Fixed a bug in privilege handling that caused connections from certain IP addresses to be assigned incorrect database-level privileges. A connection could be assigned the database privileges of the previous successful authentication from one of those IP addresses, even if the IP address username and database name were different. (Bug #1636) * Error-handling functions were not called properly when an error resulted from `[CREATE | REPLACE| INSERT] ... SELECT' statements. * `HASH', `BTREE', `RTREE', `ERRORS', and `WARNINGS' no longer are reserved words. (Bug #724) * Fix for bug in `ROLLUP' when all tables were `const' tables. (Bug #714) * Fixed a bug in `UNION' that prohibited `NULL' values from being inserted into result set columns where the first `SELECT' of the `UNION' retrieved `NOT NULL' columns. * Fixed name resolution of columns of reduced subqueries in unions. (Bug #745) * Fixed memory overrun in subqueries in select list with `WHERE' clause bigger than outer query `WHERE' clause. (Bug #726) * Fixed a bug that caused `MyISAM' tables with `FULLTEXT' indexes created in 4.0.x to be unreadable in 4.1.x. * Fixed a data loss bug in `REPAIR TABLE ... USE_FRM' when used with tables that contained `TIMESTAMP' columns and were created in 4.0.x. * Fixed reduced subquery processing in `ORDER BY'/`GROUP BY' clauses. (Bug #442) * Fixed name resolution of outer columns of subquery in `INSERT'/`REPLACE' statements. (Bug #446) * Fixed bug in marking columns of reduced subqueries. (Bug #679) * Fixed a bug that made `CREATE FULLTEXT INDEX' syntax illegal. * Fixed a crash when a `SELECT' that required a temporary table (marked by `Using temporary' in `EXPLAIN' output) was used as a derived table in `EXPLAIN' command. (Bug #251) * Fixed a rare table corruption bug in `DELETE' from a big table with a *new* (created by MySQL-4.1) full-text index. * `LAST_INSERT_ID()' now returns 0 if the last `INSERT' statement didn't insert any rows. * Fixed missing last character in function output. (Bug #447) * Fixed a rare replication bug when a transaction spanned two or more relay logs, and the slave was stopped while executing the part of the transaction that was in the second or later relay log. Then replication would resume at the beginning of the second or later relay log, which was incorrect. (It should resume at `BEGIN', in the first relay log.) (Bug #53) * `CONNECTION_ID()' now is properly replicated. (Bug #177) * The new `PASSWORD()' function in 4.1 is now properly replicated. (Bug #344) * Fixed bug with doubly freed memory. * Fixed crashing bug in `UNION' operations that involved temporary tables. * Fixed a crashing bug in `DERIVED TABLES' when `EXPLAIN' is used on a `DERIVED TABLES' with a join. * Fixed a crashing bug in `DELETE' with `ORDER BY' and `LIMIT' caused by an uninitialized array of reference pointers. * Fixed a bug in the `USER()' function caused by an error in the size of the allocated string. * Fixed a crashing bug when attempting to create a table containing a spatial (GIS) column with a storage engine that does not support spatial types. * Fixed a crashing bug in `UNION' caused by the empty select list and a non-existent column being used in some of the individual `SELECT' statements. * Fixed a replication bug with a 3.23 master and a 4.0 slave: The slave lost the replicated temporary tables if `FLUSH LOGS' was issued on the master. (Bug #254) * Fixed a security bug: A server compiled without SSL support still allowed connections by users that had the `REQUIRE SSL' option specified for their accounts. * When an undefined user variable was used in a updating query on the master (such as `INSERT INTO t VALUES(@a)', where `@a' had never been set by this connection before), the slave could replicate the query incorrectly if a previous transaction on the master used a user variable of the same name. (Bug #1331) * Fixed bug with prepared statements: Using the `?' prepared statement parameter as the argument to certain functions or statement clauses caused a server crash when `mysql_prepare()' was invoked. (Bug #1500) Additional notes: * Due to a bug in the getpeername() system call on 64bit HP-UX, we currently do not provide 64bit binaries for HP-UX (IA64 and PA-RISC). We are working closely with HP on investigating this issue. Bye, LenZ - -- Lenz Grimmer Senior Production Engineer MySQL GmbH, http://www.mysql.de/ Hamburg, Germany For technical support contracts, visit https://order.mysql.com/?ref=mlgr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/z1GMSVDhKrJykfIRAqj6AJ0XZRNpyLxDYXySbCBXjl7xsjsKtQCffq/r HCLqP/o23PAcxvpH5Htq+Ho= =glpu -----END PGP SIGNATURE----- -- MySQL Announce Mailing List For list archives: http://lists.mysql.com/announce To unsubscribe: http://lists.mysql.com/announce?unsub=hans at nyphp.org >From hans not junk at nyphp.com Thu Dec 4 13:20:11 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 6DF7AA85F0 for ; Thu, 4 Dec 2003 13:20:11 -0500 (EST) Received: (qmail 7204 invoked by uid 89); 4 Dec 2003 18:20:11 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 4 Dec 2003 18:20:11 -0000 Message-ID: <3FCF7B1F.1020308 at nyphp.com> Date: Thu, 04 Dec 2003 13:21:19 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] Syndication References: <20031204171117.55055.qmail at web14309.mail.yahoo.com> In-Reply-To: <20031204171117.55055.qmail at web14309.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 18:20:11 -0000 Chris Shiflett wrote: > We're getting some attention: > > http://www.phpmag.net/itr/news/psecom,id,12865,nodeid,113.html > > Maybe sites will soon be syndicating our phundamentals as well. Do we have > an XML feed for those, or would it be worth even considering such a thing? We don't - and it would :) We already have an aggreation page at http://nyphp.org/content/rss/ but nothing to feed our content out. H >From hans not junk at nyphp.com Thu Dec 4 13:21:44 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id CDA82A85FD for ; Thu, 4 Dec 2003 13:21:44 -0500 (EST) Received: (qmail 7739 invoked by uid 89); 4 Dec 2003 18:21:44 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 4 Dec 2003 18:21:44 -0000 Message-ID: <3FCF7B7C.40202 at nyphp.com> Date: Thu, 04 Dec 2003 13:22:52 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] security? we don't need no stinkin security! References: <000801c3ba86$a6e3d940$bf8d3818 at oberon1> In-Reply-To: <000801c3ba86$a6e3d940$bf8d3818 at oberon1> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 18:21:45 -0000 Tim Gales wrote: > H writes: > "...PEAR doesn't do this for a number of reasons..." > > Is it fair to characterize your response as: > > 1) Not modular (too interconnected) > 2) Complex (large) making it: > 2a) hard to maintain > 2b) slow > 2c) prone to security flaws Yes, albeit taken out of context it sounds very harsh :) In all, I feel that these points hold true in any environment, PHP/PEAR or not. H From danielk at us.ibm.com Thu Dec 4 14:47:23 2003 From: danielk at us.ibm.com (Daniel Krook) Date: Thu, 4 Dec 2003 14:47:23 -0500 Subject: [nycphp-talk] Syndication In-Reply-To: <3FCF7B1F.1020308@nyphp.com> Message-ID: Creating our own feed would be easier than it was to create the aggregator. And we can reuse much of the same code that we currently use for "Hot Threads" on the left nav. I actually threw together an RSS 2.0 feed last night for one of my own sites in less than 20 minutes - right after discovering the coolness that is FeedDemon (from the guy that wrote HomeSite and currently develops TopStyle) http://bradsoft.com/feeddemon/ I say we tack it on to next week's development meeting agenda. > We don't - and it would :) We already have an aggreation page at > http://nyphp.org/content/rss/ but nothing to feed our content out. > > H Daniel Krook, Application Developer, Production Services, ibm.com 1133 Westchester Avenue, White Plains, NY 10604 Tel: (914) 642-4474, Tieline 224-4474 danielk at us.ibm.com Personal: http://info.krook.org/ Persona: http://w3.ibm.com/persona/users/9/0/x/90MC212-P.html From Kbedi at inta.org Thu Dec 4 14:54:28 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 4 Dec 2003 14:54:28 -0500 Subject: [nycphp-talk] Smarty String Comparison Message-ID: Hi there Can someone tell me how to do case insensitive string comparison in smarty templates. and also how to trim strings while comparing them. For e.g. {if $var == "Var"} Display {/if} if this is the statement how to I change it so that it trims $var and does a case insensitive compare with "Var" From adam at trachtenberg.com Thu Dec 4 14:57:30 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Thu, 4 Dec 2003 14:57:30 -0500 (EST) Subject: [nycphp-talk] Smarty String Comparison In-Reply-To: References: Message-ID: On Thu, 4 Dec 2003, Kshitij Bedi wrote: > For e.g. > {if $var == "Var"} Display {/if} Does something like this work? {if $var|lower == "var"} Display {/if} -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From keith.richardson at thompsonhealth.com Thu Dec 4 14:58:37 2003 From: keith.richardson at thompsonhealth.com (Keith Richardson) Date: Thu, 4 Dec 2003 14:58:37 -0500 Subject: [nycphp-talk] Smarty String Comparison In-Reply-To: <4A34D0947B38AF4D8629DA86655D59069153D7@ffth-exc01.thompsonhealth.org> Message-ID: <4A34D0947B38AF4D8629DA86655D5906C13A@ffth-exc01.thompsonhealth.org> You would need to change the case of the string, say strtolower($var) == "var" if you want to compare a substring, use the function substr ($var, $start, $end) so if you wanted to compare the first 3 characters of $var to see if they matched var, you would do if (strtolower(substr($var,0,3)) == "var") { dosomething; } -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 04, 2003 2:54 PM To: 'NYPHP Talk' Subject: [nycphp-talk] Smarty String Comparison Hi there Can someone tell me how to do case insensitive string comparison in smarty templates. and also how to trim strings while comparing them. For e.g. {if $var == "Var"} Display {/if} if this is the statement how to I change it so that it trims $var and does a case insensitive compare with "Var" _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Kbedi at inta.org Thu Dec 4 15:02:26 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 4 Dec 2003 15:02:26 -0500 Subject: [nycphp-talk] Smarty String Comparison Message-ID: Would the strtolower function work inside a smarty template? -----Original Message----- From: Keith Richardson [mailto:keith.richardson at thompsonhealth.com] Sent: Thursday, December 04, 2003 2:59 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Smarty String Comparison You would need to change the case of the string, say strtolower($var) == "var" if you want to compare a substring, use the function substr ($var, $start, $end) so if you wanted to compare the first 3 characters of $var to see if they matched var, you would do if (strtolower(substr($var,0,3)) == "var") { dosomething; } -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 04, 2003 2:54 PM To: 'NYPHP Talk' Subject: [nycphp-talk] Smarty String Comparison Hi there Can someone tell me how to do case insensitive string comparison in smarty templates. and also how to trim strings while comparing them. For e.g. {if $var == "Var"} Display {/if} if this is the statement how to I change it so that it trims $var and does a case insensitive compare with "Var" _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From keith.richardson at thompsonhealth.com Thu Dec 4 15:04:27 2003 From: keith.richardson at thompsonhealth.com (Keith Richardson) Date: Thu, 4 Dec 2003 15:04:27 -0500 Subject: [nycphp-talk] Smarty String Comparison In-Reply-To: <4A34D0947B38AF4D8629DA86655D59069153DA@ffth-exc01.thompsonhealth.org> Message-ID: <4A34D0947B38AF4D8629DA86655D5906C13B@ffth-exc01.thompsonhealth.org> Sorry, i just did it in php :/ the thing was solved in a previous post before i sent it, then realized it was about smarty :/ it can be found http://smarty.php.net/manual/en/language.modifier.lower.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 04, 2003 3:02 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Smarty String Comparison Would the strtolower function work inside a smarty template? -----Original Message----- From: Keith Richardson [mailto:keith.richardson at thompsonhealth.com] Sent: Thursday, December 04, 2003 2:59 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Smarty String Comparison You would need to change the case of the string, say strtolower($var) == "var" if you want to compare a substring, use the function substr ($var, $start, $end) so if you wanted to compare the first 3 characters of $var to see if they matched var, you would do if (strtolower(substr($var,0,3)) == "var") { dosomething; } -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 04, 2003 2:54 PM To: 'NYPHP Talk' Subject: [nycphp-talk] Smarty String Comparison Hi there Can someone tell me how to do case insensitive string comparison in smarty templates. and also how to trim strings while comparing them. For e.g. {if $var == "Var"} Display {/if} if this is the statement how to I change it so that it trims $var and does a case insensitive compare with "Var" _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Kbedi at inta.org Thu Dec 4 15:07:53 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 4 Dec 2003 15:07:53 -0500 Subject: [nycphp-talk] Smarty String Comparison Message-ID: Thanks, This worked for me trim(strtolower($var) == "var" -----Original Message----- From: Kshitij Bedi [mailto:Kbedi at inta.org] Sent: Thursday, December 04, 2003 3:02 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Smarty String Comparison Would the strtolower function work inside a smarty template? -----Original Message----- From: Keith Richardson [mailto:keith.richardson at thompsonhealth.com] Sent: Thursday, December 04, 2003 2:59 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Smarty String Comparison You would need to change the case of the string, say strtolower($var) == "var" if you want to compare a substring, use the function substr ($var, $start, $end) so if you wanted to compare the first 3 characters of $var to see if they matched var, you would do if (strtolower(substr($var,0,3)) == "var") { dosomething; } -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 04, 2003 2:54 PM To: 'NYPHP Talk' Subject: [nycphp-talk] Smarty String Comparison Hi there Can someone tell me how to do case insensitive string comparison in smarty templates. and also how to trim strings while comparing them. For e.g. {if $var == "Var"} Display {/if} if this is the statement how to I change it so that it trims $var and does a case insensitive compare with "Var" _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Kbedi at inta.org Thu Dec 4 15:09:38 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 4 Dec 2003 15:09:38 -0500 Subject: [nycphp-talk] Smarty String Comparison Message-ID: Thank you Keith -----Original Message----- From: Keith Richardson [mailto:keith.richardson at thompsonhealth.com] Sent: Thursday, December 04, 2003 3:04 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Smarty String Comparison Sorry, i just did it in php :/ the thing was solved in a previous post before i sent it, then realized it was about smarty :/ it can be found http://smarty.php.net/manual/en/language.modifier.lower.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 04, 2003 3:02 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Smarty String Comparison Would the strtolower function work inside a smarty template? -----Original Message----- From: Keith Richardson [mailto:keith.richardson at thompsonhealth.com] Sent: Thursday, December 04, 2003 2:59 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Smarty String Comparison You would need to change the case of the string, say strtolower($var) == "var" if you want to compare a substring, use the function substr ($var, $start, $end) so if you wanted to compare the first 3 characters of $var to see if they matched var, you would do if (strtolower(substr($var,0,3)) == "var") { dosomething; } -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 04, 2003 2:54 PM To: 'NYPHP Talk' Subject: [nycphp-talk] Smarty String Comparison Hi there Can someone tell me how to do case insensitive string comparison in smarty templates. and also how to trim strings while comparing them. For e.g. {if $var == "Var"} Display {/if} if this is the statement how to I change it so that it trims $var and does a case insensitive compare with "Var" _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dmintz at davidmintz.org Thu Dec 4 17:58:44 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 4 Dec 2003 17:58:44 -0500 (EST) Subject: [nycphp-talk] PEAR (was: ..we don't need no stinkin security!) In-Reply-To: <3FCF7B7C.40202@nyphp.com> Message-ID: What does anyone else think of PEAR? Here I was believing the hype about the great quality... and increasingly, using PEAR. Just now I've been playing with the Auth package and it certainly is not hard to set up. ergo, from my point of view, not inordinately complex. I assume you Cookbook guys have nothing against PEAR, n'est-ce pas? On Thu, 4 Dec 2003, Hans Zaunere wrote: > > > Tim Gales wrote: > > > H writes: > > "...PEAR doesn't do this for a number of reasons..." > > > > Is it fair to characterize your response as: > > > > 1) Not modular (too interconnected) > > 2) Complex (large) making it: > > 2a) hard to maintain > > 2b) slow > > 2c) prone to security flaws > > Yes, albeit taken out of context it sounds very harsh :) > > In all, I feel that these points hold true in any environment, PHP/PEAR or not. > --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" Sopranos 24:17 From jlacey at att.net Thu Dec 4 18:21:40 2003 From: jlacey at att.net (John Lacey) Date: Thu, 04 Dec 2003 16:21:40 -0700 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FCDE64D.10606@chxo.com> References: <009a01c3b99e$75995420$bf8d3818@oberon1> <3FCDE64D.10606@chxo.com> Message-ID: <3FCFC184.4020306@att.net> Chris Snyder wrote: > Tim Gales wrote: > >> John Lacey writes: >> ".. wouldn't it be nice if well-designed secure components (pcom?) >> were available that one could go to the 'lego box' and pull out what >> you need to put it together..." >> >> Are you saying that Pear doesn't dot this? >> >> > "Well-designed" and "secure" mean different things to different folks, > but classes generic enough to be used as lego blocks have a hard time > earning those descriptions. > > answering one generalization with another wasn't exactly what I had in mind, but on the other hand, I probably deserved it John From jsiegel1 at optonline.net Thu Dec 4 18:56:00 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 04 Dec 2003 18:56:00 -0500 Subject: [nycphp-talk] For the NYPHP Party Message-ID: <3FCFC990.3080903@optonline.net> Since it is mentioned on the home page of the site that the party will make it possible to "Put faces to email address"...I thought it might be a good idea if we wore name tags that had our email address on it. Whadda ya think? Jeff Siegel -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jlacey at att.net Thu Dec 4 19:34:50 2003 From: jlacey at att.net (John Lacey) Date: Thu, 04 Dec 2003 17:34:50 -0700 Subject: [nycphp-talk] For the NYPHP Party In-Reply-To: <3FCFC990.3080903@optonline.net> References: <3FCFC990.3080903@optonline.net> Message-ID: <3FCFD2AA.5070200@att.net> SOME_L33T_DUDE_FROM_HELL'S_KITCHEN_AT_NOSPAM_REMOVE_THIS_BEFORE_SENDING at WHOKNOWSWHERE.ORG I couldn't resist :) Jeff Siegel wrote: > Since it is mentioned on the home page of the site that the party will > make it possible to "Put faces to email address"...I thought it might be > a good idea if we wore name tags that had our email address on it. > > Whadda ya think? > > Jeff Siegel > From dmintz at davidmintz.org Thu Dec 4 19:37:40 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 4 Dec 2003 19:37:40 -0500 (EST) Subject: [nycphp-talk] For the NYPHP Party In-Reply-To: <3FCFC990.3080903@optonline.net> Message-ID: Better yet, a tag that says: "From: Firstname Lastname " On Thu, 4 Dec 2003, Jeff Siegel wrote: > Since it is mentioned on the home page of the site that the party will > make it possible to "Put faces to email address"...I thought it might be > a good idea if we wore name tags that had our email address on it. > > Whadda ya think? --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" Sopranos 24:17 From jsiegel1 at optonline.net Thu Dec 4 20:18:41 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 04 Dec 2003 20:18:41 -0500 Subject: [nycphp-talk] For the NYPHP Party In-Reply-To: References: Message-ID: <3FCFDCF1.5010404@optonline.net> Excellent!! Anyone wanna volunteer to make up these tags? I have the list of attendees. Jeff Siegel David Mintz wrote: > Better yet, a tag that says: > > "From: Firstname Lastname " > > On Thu, 4 Dec 2003, Jeff Siegel wrote: > > >>Since it is mentioned on the home page of the site that the party will >>make it possible to "Put faces to email address"...I thought it might be >>a good idea if we wore name tags that had our email address on it. >> >>Whadda ya think? > > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" > > Sopranos 24:17 > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From felix at students.poly.edu Thu Dec 4 20:11:23 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Thu, 4 Dec 2003 20:11:23 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <005b01c3b8eb$4dc7f040$bf8d3818@oberon1> References: <20031202044036.34245.qmail@web14307.mail.yahoo.com> <005b01c3b8eb$4dc7f040$bf8d3818@oberon1> Message-ID: <20031204201123.54497283.felix@students.poly.edu> What about vBulletin ? Its pretty good and does not cost that much. On Tue, 2 Dec 2003 10:45:24 -0500 "Tim Gales" wrote: > Chris Shiflett wrote: > "Yeah, someone really needs to write a forum in PHP that doesn't suck." > and "It's a shame that there are Perl applications that fit these needs > but no decent PHP representation." > > I have been meaning to take a look at the following: > http://www.yabbse.org/ > > It is a php conversion of YABB at > http://www.yabbforum.com/ > > YABB was done in Perl and is highly > touted (at least at Tucows) > > YABBSE was done in PHP. > > What caught my eye was the following quote from > the yabbse.org page: > "I checked my bandwidth with YaBB SE and its over 2 days 338 mb. When I > had YaBB gold it was close to a GIG a day" > > If the guy who said that is really on the level (I don't doubt his > honesty but there may have been fewer users doing fewer things) > that would mean PHP is approaching six times more efficient than > Perl. > > I wish I could find time to check the two implementations to > see where PHP is more efficient than Perl. > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Thu Dec 4 21:22:51 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 4 Dec 2003 21:22:51 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <20031204201123.54497283.felix@students.poly.edu> Message-ID: <002401c3bad6$af3b69a0$bf8d3818@oberon1> felix zaslavskiy writes: > What about vBulletin ? > Its pretty good and does not cost that much. > Yes, vBulletin does looks pretty good. And I think it was under consideration for NYPHP. I am not sure why it wasn't chosen. (I do recall Hans saying something like buying a license for something was definitely an option -- so price was not an issue) The impression I got was that some members already were experienced with Invision -- so we went with that. Anyway the present forum (Invision) is a short term solution -- the long term solution is going to be to build as Chris Shiflett put it earlier ('twas oft thought but ne're so well expressed) "...a forum in PHP that doesn't suck." Maybe you could start a topic in the NYPHP forums describing vBulletins best features. In it you could ask for opinions about which features people think would be of most value for the new forum which is in the works. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From lists at ny-tech.net Thu Dec 4 21:28:56 2003 From: lists at ny-tech.net (Nasir Zubair) Date: Thu, 4 Dec 2003 21:28:56 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <002401c3bad6$af3b69a0$bf8d3818@oberon1> Message-ID: <000301c3bad7$89f00790$6401a8c0@main> > Yes, vBulletin does looks pretty good. And I > think it was under consideration for NYPHP. > > I am not sure why it wasn't chosen. > (I do recall Hans saying something > like buying a license for something > was definitely an option -- so price > was not an issue) > The impression I got was that some > members already were experienced with > Invision -- so we went with that. I believe it was mentioned that the main reason for picking IPB was that it is "opensource". I can't recall where it was said, but am pretty sure that I can find the message :-) From felix at students.poly.edu Thu Dec 4 21:38:17 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Thu, 4 Dec 2003 21:38:17 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <002401c3bad6$af3b69a0$bf8d3818@oberon1> References: <20031204201123.54497283.felix@students.poly.edu> <002401c3bad6$af3b69a0$bf8d3818@oberon1> Message-ID: <20031204213817.2ad22ace.felix@students.poly.edu> I am not too experienced with forums as far as aministrating them and such. I noticed forums with large numbers of posts choose vBulletin. For example sitepointforums.com has over a million posts and straightdope.com has over 4million posts. What I like about vBulletin is that its very user friendly. It just works like you would expect it too so you would never think the software is getting in the way. When the software becomes so instictive that you stop knowing its there then you know its pretty user friendly. On Thu, 4 Dec 2003 21:22:51 -0500 "Tim Gales" wrote: > felix zaslavskiy writes: > > What about vBulletin ? > > Its pretty good and does not cost that much. > > > Yes, vBulletin does looks pretty good. And I > think it was under consideration for NYPHP. > > I am not sure why it wasn't chosen. > (I do recall Hans saying something > like buying a license for something > was definitely an option -- so price > was not an issue) > The impression I got was that some > members already were experienced with > Invision -- so we went with that. > > Anyway the present forum (Invision) is a short term > solution -- the long term solution is going to be > to build as Chris Shiflett put it earlier > ('twas oft thought but ne're so well expressed) > "...a forum in PHP that doesn't suck." > > Maybe you could start a topic in the NYPHP > forums describing vBulletins best features. > In it you could ask for opinions about which > features people think would be of most value > for the new forum which is in the works. > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From danielc at analysisandsolutions.com Thu Dec 4 22:17:19 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 4 Dec 2003 22:17:19 -0500 Subject: [nycphp-talk] PEAR (was: ..we don't need no stinkin security!) In-Reply-To: References: <3FCF7B7C.40202@nyphp.com> Message-ID: <20031205031719.GA29512@panix.com> Heya: On Thu, Dec 04, 2003 at 05:58:44PM -0500, David Mintz wrote: > > What does anyone else think of PEAR? I've been using the DB package for the ST Parser sports data project, because I want my program to run on lots of different DBMS's. This package in particular is good, and with a bit of touch up work, could be great. I have tried, and continue try, to contribute to it. Unfortunately, the developers could do a better job of listening, accepting submissions and answering a few obscure, but key, questions which would help me help them. I think I'm close to getting some improvements in there. Fortunately, there are some energenic new people involved. Plus, each package has a different maintainer, so mileage may vary. Also, a new governing body has been established to help coordinate/plan things. Standards for documentation and other things have been put in place, which is great. Well, that's all for now, --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From lists at ny-tech.net Thu Dec 4 23:19:36 2003 From: lists at ny-tech.net (Nasir Zubair) Date: Thu, 4 Dec 2003 23:19:36 -0500 Subject: [nycphp-talk] Searching DMOZ using PHP. Message-ID: <000601c3bae6$ff4a7520$6401a8c0@main> Hello everyone, I did a project about a year ago which interfaced with DMOZ for DMOZ directories and search results. What client wanted was to list results from his own database on top and then list DMOZ results. I implemented a fairly straight forward caching system for the categories since they are not updated as often. But the searching part is directly fetched from DMOZ for every search. Here is what I used back then to get search results: =============================== // prepare search URL for DMOZ. $searchurl = $searchurl . $searchstring . ($start == "" ? "" : "&start=" . $start ) . ($morecat == "" ? "" : "&morecat=" . $morecat); $fp = fopen( $searchurl, "r" ); $html = join( "", file( $searchurl ) ); fclose ( $fp ); =============================== I have been contacted by the client to revise the code. Along with a few other things, search results retrieval from DMOZ needs to be looked at again and optimized. I need suggestions as to how I can change the above code to make it better. Storing RDF dump on the local server is out of the question, as the site is on a shared server and will not have enough disk space to fit the dump onto disk/database. Thanks, Nasir From danielc at analysisandsolutions.com Thu Dec 4 23:48:43 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 4 Dec 2003 23:48:43 -0500 Subject: [nycphp-talk] Searching DMOZ using PHP. In-Reply-To: <000601c3bae6$ff4a7520$6401a8c0@main> References: <000601c3bae6$ff4a7520$6401a8c0@main> Message-ID: <20031205044843.GA7146@panix.com> On Thu, Dec 04, 2003 at 11:19:36PM -0500, Nasir Zubair wrote: > $searchurl = $searchurl . $searchstring . ($start == "" ? "" : "&start=" . > $start ) . > ($morecat == "" ? "" : "&morecat=" . $morecat); In that syntax, use ' instead of ". I'd break that up for clarity. But, of course, that's a style question... $searchurl = $searchurl . $searchstring; if ($start) { $searchurl .= "&start=$start"; } if ($morecat) { $searchurl .= "&morecat=$morecat"; } Some folks might change those if's into one liners, but "that's not my style." > $fp = fopen( $searchurl, "r" ); > $html = join( "", file( $searchurl ) ); > fclose ( $fp ); $html = file_get_contents($searchurl); --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From shawn at shawnlawyer.com Fri Dec 5 09:22:13 2003 From: shawn at shawnlawyer.com (Shawn Lawyer) Date: Fri, 5 Dec 2003 09:22:13 -0500 Subject: [nycphp-talk] For the NYPHP Party References: <3FCFDCF1.5010404@optonline.net> Message-ID: <000901c3bb3b$2dd7ae40$ae40c718@Della> moo, i'll make the. what about the printing though. i'd be doing it in illustrator. they could be printed at say knikos or anywhere that there is a printer that can print eps. shawn lawyer ----- Original Message ----- From: "Jeff Siegel" To: "NYPHP Talk" Sent: Thursday, December 04, 2003 8:18 PM Subject: Re: [nycphp-talk] For the NYPHP Party > Excellent!! > > Anyone wanna volunteer to make up these tags? I have the list of attendees. > > Jeff Siegel > > David Mintz wrote: > > > Better yet, a tag that says: > > > > "From: Firstname Lastname " > > > > On Thu, 4 Dec 2003, Jeff Siegel wrote: > > > > > >>Since it is mentioned on the home page of the site that the party will > >>make it possible to "Put faces to email address"...I thought it might be > >>a good idea if we wore name tags that had our email address on it. > >> > >>Whadda ya think? > > > > > > > > --- > > David Mintz > > http://davidmintz.org/ > > > > "Anybody else got a problem with Webistics?" > > > > Sopranos 24:17 > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > -- > Found on the Simpson's Website: "Ooooooh, they have the internet on > computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at websapp.com Fri Dec 5 09:36:52 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Fri, 5 Dec 2003 09:36:52 -0500 Subject: [nycphp-talk] For the NYPHP Party In-Reply-To: <000901c3bb3b$2dd7ae40$ae40c718@Della> Message-ID: > moo, > i'll make the. what about the printing though. i'd be doing it > in illustrator. they could be printed at say knikos or anywhere > that there is a printer that can print eps. > shawn lawyer Hi Shawn, New York PHP has a budget for these things. Try to get a quote for Kinkos and let me know how much it is. Best, Daniel From jeffb at uniquephoto.com Fri Dec 5 10:36:21 2003 From: jeffb at uniquephoto.com (Jeff Barrett) Date: Fri, 5 Dec 2003 10:36:21 -0500 Subject: [nycphp-talk] array of object being passed by reference problem Message-ID: I have the following test script: setVar($i); $this->objs[] = $o; } } function setVar( $id ) { $this->junk = $id; print "set ".$this->junk."
"; } function getObjs() { return $this->objs; } function printall() { foreach($this->objs as $pos => $o ) { print "print ".$o->junk."
"; } } } $obj = new testObj(); $obj->populate(); $objs = &$obj->getObjs(); print "
"; foreach($objs as $pos => $o ) { print $o->junk."
"; } foreach( $objs as $pos => $o ) { $o->setVar("aa".$pos); print "
"; } foreach( $objs as $pos => $o ) { print $o->junk."
"; } $obj->printall(); ?> Which is putting out the following to the screen: set 0 set 1 set 2 set 3 set 4 0 1 2 3 4 set aa0 set aa1 set aa2 set aa3 set aa4 0 1 2 3 4 print 0 print 1 print 2 print 3 print 4 The problem, after the set aa0...aa4 lines I should not be seeing 0...4 and print 0...print 1. I should be seeing aa0...aa4 and print aa0...print aa4. The problem seems to lie in how I am passing the array of objects to the calling program and then having those changes be a part of the object, seems like I am just changing a copy of the object since the changes are not sticking. Any help with this would be greatly appreciated. Thanks, Jeff Barrett Email: jeffb at uniquephoto.com IM: jeffreyabarrett Phone: 973-377-5555 ext 205 From dmintz at davidmintz.org Fri Dec 5 11:27:07 2003 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 5 Dec 2003 11:27:07 -0500 (EST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <000801c3ba86$a6e3d940$bf8d3818@oberon1> Message-ID: On Thu, 4 Dec 2003, Tim Gales wrote: > Is it fair to characterize your response as: > > 1) Not modular (too interconnected) > Help out a comparative beginner here. Why is interdependency a bad thing? If A, B and C depend on Y, it means they are all (re-)using Y, which leads -- does it not? -- into the virtuous circle of code re-use: code getting used, bugs getting discovered, followed by bugs getting fixed, leading to more robust code, hence more re-use. Yeah, I can see where parsing and loading 2500 lines of code of which you only need %10 is a performance hit in an interpreted language, -- leaner and meaner equals faster. But doesn't hardware evolve in the direction of faster, and isn't PHP itself's performance being improved so that it's ever faster at loading PHP code? Thanks. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" Sopranos 24:17 From adam at trachtenberg.com Fri Dec 5 11:34:09 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Fri, 5 Dec 2003 11:34:09 -0500 (EST) Subject: [nycphp-talk] array of object being passed by reference problem In-Reply-To: References: Message-ID: On Fri, 5 Dec 2003, Jeff Barrett wrote: > The problem seems to lie in how I am passing the array of objects to the > calling program and then having those changes be a part of the object, seems > like I am just changing a copy of the object since the changes are not > sticking. Any help with this would be greatly appreciated. Welcome to life with PHP 4. Your code does what you want under PHP 5. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From shiflett at php.net Fri Dec 5 11:48:01 2003 From: shiflett at php.net (Chris Shiflett) Date: Fri, 5 Dec 2003 08:48:01 -0800 (PST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: Message-ID: <20031205164802.24768.qmail@web14305.mail.yahoo.com> --- David Mintz wrote: > Help out a comparative beginner here. Why is interdependency a bad > thing? If A, B and C depend on Y, it means they are all (re-)using Y, > which leads -- does it not? -- into the virtuous circle of code > re-use: code getting used, bugs getting discovered, followed by bugs > getting fixed, leading to more robust code, hence more re-use. I think the argument goes something like this: Each module should do one thing and do it well (ala Unix philosophy). For example, on a Unix system, I can grep through the output of ps by doing something likethis: ps | grep foo Both grep and foo are independent, but they can be combined. Code can work in much the same way. If grep cannot be used without ps, or if ps cannot be used without grep, this would be seen by many as a shortcoming. Hope that helps. I can elaborate, but that's the basic idea. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From dmintz at davidmintz.org Fri Dec 5 11:53:01 2003 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 5 Dec 2003 11:53:01 -0500 (EST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <20031205164802.24768.qmail@web14305.mail.yahoo.com> Message-ID: On Fri, 5 Dec 2003, Chris Shiflett wrote: > I think the argument goes something like this: > > Each module should do one thing and do it well (ala Unix philosophy). For > example, on a Unix system, I can grep through the output of ps by doing > something likethis: > > ps | grep foo > > Both grep and foo are independent, but they can be combined. Code can work > in much the same way. If grep cannot be used without ps, or if ps cannot > be used without grep, this would be seen by many as a shortcoming. > > Hope that helps. I can elaborate, but that's the basic idea. I get it. Thanks. David From dmintz at davidmintz.org Fri Dec 5 12:07:18 2003 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 5 Dec 2003 12:07:18 -0500 (EST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: Message-ID: On second thought: Suppose -- just hypothetically -- I write a shell script that greps the ps output for a user-specified string. I could say, here's my shell script and you're welcome to use it, but it depends on ps and grep being installed on your system. Is it not a good shell script? Should it have its own ps and grep functionality built in, independently? fwiw, I'm not arguing for argument's sake, just trying to learn stuff from y'all. thanks. On Fri, 5 Dec 2003, David Mintz wrote: > On Fri, 5 Dec 2003, Chris Shiflett wrote: > > > I think the argument goes something like this: > > > > Each module should do one thing and do it well (ala Unix philosophy). For > > example, on a Unix system, I can grep through the output of ps by doing > > something likethis: > > > > ps | grep foo > > > > Both grep and foo are independent, but they can be combined. Code can work > > in much the same way. If grep cannot be used without ps, or if ps cannot > > be used without grep, this would be seen by many as a shortcoming. > > > > Hope that helps. I can elaborate, but that's the basic idea. > > I get it. Thanks. > > David > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > --- David Mintz http://davidmintz.org/ ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! Please use dmintz at davidmintz.org "Anybody else got a problem with Webistics?" Sopranos 24:17 From csnyder at chxo.com Fri Dec 5 12:35:50 2003 From: csnyder at chxo.com (Chris Snyder) Date: Fri, 05 Dec 2003 12:35:50 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: References: Message-ID: <3FD0C1F6.7030802@chxo.com> David Mintz wrote: >Yeah, I can see where parsing and loading 2500 lines of code of which you >only need %10 is a performance hit in an interpreted language, -- leaner >and meaner equals faster. But doesn't hardware evolve in the direction of >faster, and isn't PHP itself's performance being improved so that it's >ever faster at loading PHP code? > > It's not just the performance hit -- which can be significant (fear the Smarty demo) -- there may be security implications as well. (back to the subject line?) For rapid development or prototyping, there is no question that (re)using classes a la Pear is an attractive option. Certainly for specialized tasks (parsing mp3 ID3 tags comes to mind). But at some point, you have to take a hard look at the 90% that you're not using, and consider writing bespoke classes. Do this a few times and you begin to see Pear as not so useful. The nice thing about OO is that the rewrite only has to implement the bits of the original API that your application uses. Not painless, but not so bad, either. Unless the class you're replacing had an inefficient way of doing things... csnyder From csnyder at chxo.com Fri Dec 5 12:37:34 2003 From: csnyder at chxo.com (Chris Snyder) Date: Fri, 05 Dec 2003 12:37:34 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: References: Message-ID: <3FD0C25E.1020406@chxo.com> David Mintz wrote: >Should it have >its own ps and grep functionality built in, independently? > > No -- but it should allow me to easily configure the path to both ps and grep, just in case I want to use superPs and superGrep instead. From jlacey at att.net Fri Dec 5 12:37:56 2003 From: jlacey at att.net (John Lacey) Date: Fri, 05 Dec 2003 10:37:56 -0700 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FD0C1F6.7030802@chxo.com> References: <3FD0C1F6.7030802@chxo.com> Message-ID: <3FD0C274.5000309@att.net> Chris Snyder wrote: >> > It's not just the performance hit -- which can be significant (fear the > Smarty demo) -- there may be security implications as well. (back to the > subject line?) > Chris, can you elaborate on the Smarty performance a tad? thanks, John From shiflett at php.net Fri Dec 5 12:43:24 2003 From: shiflett at php.net (Chris Shiflett) Date: Fri, 5 Dec 2003 09:43:24 -0800 (PST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: Message-ID: <20031205174324.20439.qmail@web14310.mail.yahoo.com> --- David Mintz wrote: > Suppose -- just hypothetically -- I write a shell script that greps > the ps output for a user-specified string. I could say, here's my > shell script and you're welcome to use it, but it depends on ps and > grep being installed on your system. Is it not a good shell script? I think it's a fine shell script, but it might not be such a good module, if that makes sense. If someone comes along and decides that they want the functionality of ps, grep, and something else, they should use grep and ps separately rather than your script. I'm not saying I'm dead set on this approach, but I understand the argument. On the other side, such abstraction can potentially be a good thing. I think it really depends on the situation and your personal preference. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From james at surgam.net Fri Dec 5 12:49:12 2003 From: james at surgam.net (James Wetterau) Date: Fri, 05 Dec 2003 12:49:12 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! Message-ID: <200312051749.hB5HnCV08921@panix2.panix.com> David Mintz says: ... > > Suppose -- just hypothetically -- I write a shell script that greps the ps > output for a user-specified string. I could say, here's my shell script > and you're welcome to use it, but it depends on ps and grep being > installed on your system. Is it not a good shell script? Should it have > its own ps and grep functionality built in, independently? I would say it should certainly not have that functionality built in, since anywhere you can run your shell script, including Windows using Cygwin or the like, you can get ps or grep. So why reinvent the wheel? The codebase behind ps and grep is likely to have benefited from all kinds of improvements over the years. However, compatibility is a somewhat knotty problem, which things like Posix attempt to address. There will always be tradeoffs in such decisions. An example of an interesting decision to the contrary occurred when Tom Christiansen of Perl fame got fed up with the absence of consistent shell tools for use in Perl scripting of systems tasks. He spearheaded an effort under the name "Perl Power Tools" to re-write in pure Perl a lot of the typical tools you might find in /bin, /usr/bin and /usr/local/bin on a BSD system. The idea was that when done, anywhere you could run Perl you could always have cat, grep, find, tset, stty, ls -- even awk -- by loading the appropriate Perl module, in case the tools weren't available in native C implementations. I'm not sure what came of that project. However, I think it is interesting that the effort recognized the value of the particular historic Unix tool set and didn't attempt to redesign them. The notion was to deal with systems where there might well not be a a ps or grep yet, which is probably not the case when shell scripting. Another interesting alternative approach is embodied in the "BusyBox" tool: http://www.busybox.net/downloads/BusyBox.html BusyBox unifies the executable, but keeps the separate interface. BusyBox is also meeting a niche need: very constrained memory environments that want the traditional Unix toolkit. In my humble opinion, issues of what to keep separate, what to unify, where interface lines should be drawn, when to reuse, when to reimplement, and how best to modularize code are the most complex area of freedom to deal with intelligently in just about any programming task, and there is no simple rule for doing it right. Your individual situation should always guide your decision. > fwiw, I'm not arguing for argument's sake, just trying to learn stuff from > y'all. thanks. > > On Fri, 5 Dec 2003, David Mintz wrote: > > > On Fri, 5 Dec 2003, Chris Shiflett wrote: > > > > > I think the argument goes something like this: > > > > > > Each module should do one thing and do it well (ala Unix philosophy). For > > > example, on a Unix system, I can grep through the output of ps by doing > > > something likethis: > > > > > > ps | grep foo > > > > > > Both grep and foo are independent, but they can be combined. Code can wor k > > > in much the same way. If grep cannot be used without ps, or if ps cannot > > > be used without grep, this would be seen by many as a shortcoming. > > > > > > Hope that helps. I can elaborate, but that's the basic idea. > > > > I get it. Thanks. > > > > David > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > --- > David Mintz > http://davidmintz.org/ > ATTN Everybody: dmintz at panix.com will be unplugged as of 01-Dec-2003! > Please use dmintz at davidmintz.org > > > "Anybody else got a problem with Webistics?" > > Sopranos 24:17 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From csnyder at chxo.com Fri Dec 5 12:51:43 2003 From: csnyder at chxo.com (Chris Snyder) Date: Fri, 05 Dec 2003 12:51:43 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FD0C274.5000309@att.net> References: <3FD0C1F6.7030802@chxo.com> <3FD0C274.5000309@att.net> Message-ID: <3FD0C5AF.2000107@chxo.com> John Lacey wrote: > Chris, can you elaborate on the Smarty performance a tad? > At the September meeting we ran Smarty through the Zend IDE's profiler, and compared the results with PHPLib. The results were striking -- it's not the most efficient approach. Daniel Kushner might have saved the actual numbers somewhere. It's a totally subjective measurement, of course. As David points out, efficiency becomes less of a concern with each hardware upgrade. And for a server that gets up to a few thousand hits an hour, no worries. There's part of me that says a request can take up to a second before I really care, but there's no way you can get away with that on a large site, or a big shared server. From jlacey at att.net Fri Dec 5 13:06:04 2003 From: jlacey at att.net (John Lacey) Date: Fri, 05 Dec 2003 11:06:04 -0700 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FD0C5AF.2000107@chxo.com> References: <3FD0C1F6.7030802@chxo.com> <3FD0C274.5000309@att.net> <3FD0C5AF.2000107@chxo.com> Message-ID: <3FD0C90C.7010305@att.net> Chris Snyder wrote: > At the September meeting we ran Smarty through the Zend IDE's profiler, > and compared the results with PHPLib. The results were striking -- it's > not the most efficient approach. Daniel Kushner might have saved the > actual numbers somewhere. > > It's a totally subjective measurement, of course. As David points out, > efficiency becomes less of a concern with each hardware upgrade. And for > a server that gets up to a few thousand hits an hour, no worries. > There's part of me that says a request can take up to a second before I > really care, but there's no way you can get away with that on a large > site, or a big shared server. thanks, I've exchanged a few msgs with a developer on a Sourceforge project I'm interested in, and suggested he either use Smarty or at least put the table and form handling logic in classes (it was in reference to an internationalization issue, since the code is not structured to handle it) he balked at the Smarty idea (performance) and your remarks caught my attention -- Daniel, are those numbers still around? From nyphp at websapp.com Fri Dec 5 13:10:58 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Fri, 5 Dec 2003 13:10:58 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FD0C90C.7010305@att.net> Message-ID: > > he balked at the Smarty idea (performance) and your remarks > caught my attention -- > > Daniel, are those numbers still around? I haven't got them (I think). I'll re-profile the code and post in on the New York PHP website. --Daniel From jlacey at att.net Fri Dec 5 13:13:31 2003 From: jlacey at att.net (John Lacey) Date: Fri, 05 Dec 2003 11:13:31 -0700 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: References: Message-ID: <3FD0CACB.5080900@att.net> thanks -- and there is a prize for the first person who volunteers to change the Subject line on all these posts :) Daniel Kushner wrote: >>he balked at the Smarty idea (performance) and your remarks >>caught my attention -- >> >>Daniel, are those numbers still around? > > > I haven't got them (I think). I'll re-profile the code and post in on the > New York PHP website. > > --Daniel > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > >From hans not junk at nyphp.com Fri Dec 5 13:18:17 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id EB2EEA8603 for ; Fri, 5 Dec 2003 13:18:17 -0500 (EST) Received: (qmail 19322 invoked by uid 89); 5 Dec 2003 18:18:17 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 5 Dec 2003 18:18:17 -0000 Message-ID: <3FD0CC2C.2080202 at nyphp.com> Date: Fri, 05 Dec 2003 13:19:24 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] security? we don't need no stinkin security! References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2003 18:18:18 -0000 David Mintz wrote: > > On second thought: > > Suppose -- just hypothetically -- I write a shell script that greps the ps > output for a user-specified string. I could say, here's my shell script > and you're welcome to use it, but it depends on ps and grep being > installed on your system. Is it not a good shell script? Should it have > its own ps and grep functionality built in, independently? I think it's key to cut a distinction between code reuse, modularity, and frameworks. PEAR is a framework. Just as in a house, if a load-bearing beam is removed, the structure will crumble. This is the typical architecture of a framework. However, imagine if you could build a house with no load-bearing beams. The house, and the functionality it provides, is a composite of many smaller beams - and if one is removed or changed, the structure and functionality withstands. Sure, each beam is dependent on it's peers to operate fully and deliver the ultimate functionality required, but it's not totally integrated - there might be plastic beams, wood beams, steel, etc. And, each beam can be reused to shape the total structure differently - this is a modular or component based architecture. In essence, it's not easy, nor would it make sense [1], to only use a piece of a framework - it's all or nothing - and the PEAR/CPAN model is akin to this. It is important to remember, however, that sometimes this is the correct model - take FreeBSD ports collection... :) While there is a great deal of dependency, it's a "closed" system - no one is using the ports system to develop an ecommerce site, then a login system and a mailing list. H [1] because of loads of overhead in code you're never using, security issues, and maintenance issues From adam at trachtenberg.com Fri Dec 5 14:34:07 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Fri, 5 Dec 2003 14:34:07 -0500 (EST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FD0C5AF.2000107@chxo.com> References: <3FD0C1F6.7030802@chxo.com> <3FD0C274.5000309@att.net> <3FD0C5AF.2000107@chxo.com> Message-ID: On Fri, 5 Dec 2003, Chris Snyder wrote: > At the September meeting we ran Smarty through the Zend IDE's profiler, > and compared the results with PHPLib. The results were striking -- it's > not the most efficient approach. Daniel Kushner might have saved the > actual numbers somewhere. FWIW, from what I've heard, Smarty performance is significantly improved when you use apc, or some similar opcode caching product. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From jonbaer at jonbaer.net Fri Dec 5 15:46:21 2003 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 5 Dec 2003 15:46:21 -0500 Subject: [nycphp-talk] osCommerce (Gift Certificates + Shipping) Message-ID: <003a01c3bb70$d7b35010$6400a8c0@thinkpad> trying to figure something out w/ oscommerce ... i added a gift certificate module for my site and then added USPS web api for shipping calculation + figured to hack and edit the usps module to accept a weight of 0 lbs to just display $0 cost (for electronic goods) ... does this sound right? or could i have done this without editing the shipment module? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From geek at invisiblemute.com Fri Dec 5 15:58:02 2003 From: geek at invisiblemute.com (=?iso-8859-1?B?aW52aXNpYmxlbXV0ZQ==?=) Date: Fri, 05 Dec 2003 15:58:02 -0500 Subject: =?iso-8859-1?B?UmU6IFtueXBocC10YWxrXSBzZWN1cml0eT8gd2UgZG9uJ3QgbmVlZCBubyBzdGlua2luIHNlY3VyaXR5IQ==?= Message-ID: <20031205205802.24879.qmail@hosting33.com> -------Original Message------- > From: Tim Gales <tgales at tgaconnect.com> > Subject: RE: [nycphp-talk] security? we don't need no stinkin security! > Sent: 04 Dec 2003 21:22:51 > > felix zaslavskiy writes: > > What about vBulletin ? > > Its pretty good and does not cost that much. > > > Yes, vBulletin does looks pretty good. And I > think it was under consideration for NYPHP. Sorry if I missed the beginning of this conversation (just joined), but does phpBB have serious problems, limitations or security holes that I'm not aware of? i'm' -------------- next part -------------- An HTML attachment was scrubbed... URL: From shiflett at php.net Fri Dec 5 16:04:33 2003 From: shiflett at php.net (Chris Shiflett) Date: Fri, 5 Dec 2003 13:04:33 -0800 (PST) Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <20031205205802.24879.qmail@hosting33.com> Message-ID: <20031205210433.60705.qmail@web14310.mail.yahoo.com> --- invisiblemute wrote: > Sorry if I missed the beginning of this conversation (just joined), > but does phpBB have serious problems, limitations or security holes > that I'm not aware of? It's slow, the code is a mess, and it is a frequent visitor of Dan's Security Focus PHP vulnerability updates. It looks good, though. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From sklar at sklar.com Fri Dec 5 16:26:35 2003 From: sklar at sklar.com (David Sklar) Date: Fri, 5 Dec 2003 16:26:35 -0500 Subject: [nycphp-talk] security? we don't need no stinkin security! In-Reply-To: <3FD0CC2C.2080202@nyphp.com> Message-ID: David Mintz wrote: > > Suppose -- just hypothetically -- I write a shell script that greps > the ps output for a user-specified string. I could say, here's my > shell script and you're welcome to use it, but it depends on ps and > grep being installed on your system. Is it not a good shell script? > Should it have its own ps and grep functionality built in, > independently? Aside from the suggestions others made about being able to drop in new versions of ps and grep for flexibility, I'll point out that ps, grep, and whatever shell your script is written for *do* have dependencies, e.g. libc. They don't each include their own I/O routines, signal handling, memory management, etc. I think part of the difficulty with this discussion w/r/t PHP is the fuzzy line the core PHP distribution provides between traditional language features and added functionality (i.e. there is setcookie() so you don't have to make your own cookie headers with header(), but you can't write new cookies to $_COOKIE like you can create new session variables by writing to $_SESSION; or even the fact that there is a bundledd session module) and the competing standards for add-on frameworks that handle a set (itself fuzzily defined) of "standard" web programming tasks like form handling, error management, templating, and so on. Which flows nicely into what Hans wrote: > I think it's key to cut a distinction between code reuse, modularity, > and frameworks. > > PEAR is a framework. Just as in a house, if a load-bearing beam > is removed, the structure will crumble. This is the typical > architecture of a framework. PHP doesn't provide everything you need for a web framework (IMHO there are good arguments for and against this) so there are various possible frameworks out there. For most projects, I think that the benefit of choosing something widely known and good enough far outweighs the potential speed or customization benefits from writing your own. David From enunez at tiaa-cref.org Fri Dec 5 17:36:36 2003 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Fri, 5 Dec 2003 15:36:36 -0700 Subject: [nycphp-talk] array of object being passed by reference proble m Message-ID: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9DC3@msxnyusr01.msx.ops.tiaa-cref.org> Jeff buddy!! Remember me? :) "foreach" isn't object friendly... It's giving you copies to modify!! Here is a work around for what you want to achieve.. Change line: $o->setVar("aa".$pos); To: $objs[$pos]->setVar("aa".$pos); This will yield the results you want. I tried it, works like a champ. Remember: modification of array elements via indices is your php4 friend especially when dealing with objects! :) Eddy Nu?ez Tel: 718-614-7033 -----Original Message----- From: Jeff Barrett [mailto:jeffb at uniquephoto.com] Sent: Friday, December 05, 2003 10:36 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] array of object being passed by reference problem I have the following test script: setVar($i); $this->objs[] = $o; } } function setVar( $id ) { $this->junk = $id; print "set ".$this->junk."
"; } function getObjs() { return $this->objs; } function printall() { foreach($this->objs as $pos => $o ) { print "print ".$o->junk."
"; } } } $obj = new testObj(); $obj->populate(); $objs = &$obj->getObjs(); print "
"; foreach($objs as $pos => $o ) { print $o->junk."
"; } foreach( $objs as $pos => $o ) { $o->setVar("aa".$pos); print "
"; } foreach( $objs as $pos => $o ) { print $o->junk."
"; } $obj->printall(); ?> Which is putting out the following to the screen: set 0 set 1 set 2 set 3 set 4 0 1 2 3 4 set aa0 set aa1 set aa2 set aa3 set aa4 0 1 2 3 4 print 0 print 1 print 2 print 3 print 4 The problem, after the set aa0...aa4 lines I should not be seeing 0...4 and print 0...print 1. I should be seeing aa0...aa4 and print aa0...print aa4. The problem seems to lie in how I am passing the array of objects to the calling program and then having those changes be a part of the object, seems like I am just changing a copy of the object since the changes are not sticking. Any help with this would be greatly appreciated. Thanks, Jeff Barrett Email: jeffb at uniquephoto.com IM: jeffreyabarrett Phone: 973-377-5555 ext 205 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk ************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** From geek at invisiblemute.com Fri Dec 5 19:19:35 2003 From: geek at invisiblemute.com (=?iso-8859-1?B?aW52aXNpYmxlbXV0ZQ==?=) Date: Fri, 05 Dec 2003 19:19:35 -0500 Subject: [nycphp-talk] PHP bulletin board, a new order, suggestions? Message-ID: <20031206001935.13064.qmail@hosting33.com> > From: Chris Shiflett <shiflett at php.net> > --- invisiblemute wrote: > > Sorry if I missed the beginning of this conversation (just joined), > > but does phpBB have serious problems, limitations or security holes > > that I'm not aware of? > > It's slow, the code is a mess, and it is a frequent visitor of Dan's > Security Focus PHP vulnerability updates. > > It looks good, though. :-) > Chris Crap! After hunting high and low that's what I went with for a recent project. I agree, it does look really nice and skins very easily. I'm surprised I haven't seen a product that functions like YahooGroups. Bulletin boards are nice but I think it's a fabulous idea to mesh with listserv like behavior. Has anyone come across something like this? Or better yet is there a solution that would seemlessly integrate with a product like EZMLM (I know I'm hoping for a lot here). Thanks. i'm' -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.net Fri Dec 5 21:26:18 2003 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 5 Dec 2003 21:26:18 -0500 Subject: [nycphp-talk] PHP bulletin board, a new order, suggestions? References: <20031206001935.13064.qmail@hosting33.com> Message-ID: <006701c3bba0$5a6c14e0$6400a8c0@thinkpad> Well ... Ive recently modded phpBB (which despite the contrary) to accept "forum subscriptions" which takes the place of a mailing list. Ive notice that *no* board does this which I found suprising. Basically on the profile Ive added subscriptions: [ ] Forum Name In which its more or less like "Notify me of replies in this forum/category" (vs. thread) ... then in the email have a reply link back to the board ... The other pretty neat feature is using the bad words regex replacements to cross link into your FAQ or a glossary for defining words. (or anything to help newbies without getting more intermediate/advance users frustrated in broad topics/forums) ... I find all php boards code crap - but either one once you have a know of what each part does u can really just run + go with it ... the security mess is all over the place i think, its not something that just pertains to that app ... - jon ----- Original Message ----- From: invisiblemute To: shiflett at php.net ; NYPHP Talk Sent: Friday, December 05, 2003 7:19 PM Subject: [nycphp-talk] PHP bulletin board, a new order, suggestions? > From: Chris Shiflett > --- invisiblemute wrote: > > Sorry if I missed the beginning of this conversation (just joined), > > but does phpBB have serious problems, limitations or security holes > > that I'm not aware of? > > It's slow, the code is a mess, and it is a frequent visitor of Dan's > Security Focus PHP vulnerability updates. > > It looks good, though. :-) > Chris Crap! After hunting high and low that's what I went with for a recent project. I agree, it does look really nice and skins very easily. I'm surprised I haven't seen a product that functions like YahooGroups. Bulletin boards are nice but I think it 's a fabulous idea to mesh with listserv like behavior. Has anyone come across something like this? Or better yet is there a solution that would seemlessly integrate with a product like EZMLM (I know I'm hoping for a lot here). Thanks. i'm' ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From geek at invisiblemute.com Sat Dec 6 01:26:33 2003 From: geek at invisiblemute.com (=?iso-8859-1?B?aW52aXNpYmxlbXV0ZQ==?=) Date: Sat, 06 Dec 2003 01:26:33 -0500 Subject: [nycphp-talk] OT: Free HD to a good home (Ultra SCSI-3) Message-ID: <20031206062633.2885.qmail@hosting33.com> Was given a HD but haven't been able to use it. Can't bring myself to just toss it so please give a shout. Would be happy to meet up with anyone in person to give away for free, preferably around 32nd, 14th, or 110th near Mt. Sinai. It has a weird connection with what I am guessing the power contacts on either side of the SCSI connection instead of a Molex (?) connector like most drives. So I'm guessing this drive came out of a portable unit and would need such a housing. - - - Quantum Atlas II Atlas II 3.5-inch, 7200 RPM hard disk drives are top-performing devices that meet the needs of high-end storage subsystems, video servers, and workstations. The drives offer high capacity and feature the most advanced technology for exceptional performance and higher areal density. Atlas II drives have the industry's fastest seek time for a 9.1 gigabyte (GB) drive at 8 (milliseconds) ms. The drives are offered with an Ultra SCSI-3 interface. Storage Capacity: 4.5 GB Average Seek Time: as low as 8.0 ms Rotational Speed: 7200 RPM Interface Options: Ultra SCSI-3 - - - Disclaimer: This wasn't my drive and I've never used it or tested it. I make no guarentees on whether or not this thing works. I only pray that there isn't some weird crap on there like twisted porn or illegal junk. Please promise me that the first thing you'll do is format it. It could be infected for all I know. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlacey at att.net Sat Dec 6 16:37:43 2003 From: jlacey at att.net (John Lacey) Date: Sat, 06 Dec 2003 14:37:43 -0700 Subject: [nycphp-talk] sqlite utility and reloading a dump Message-ID: <3FD24C27.2070205@att.net> Hello all, I understand there are a couple people working on PHP5 on the list, so I'll begin here. In the process of converting a PHP application that uses MySQL to use SQLite, I naturally started with converting the schema into something that SQLite understood, e.g. INTEGER PRIMARY KEY for auto_increment and so forth. The file I am working with was created by phpMyAdmin which of course escapes single quotes within single-quoted strings with \' In firing up the sqlite.exe utility on a W2KPro box, I was getting "unrecognized token" errors. SQLite lets you read in a file with the command ".read FILENAME", once sqlite is invoked. I traced the error detection to the tokenizer.c file where an illegal token flag was being set when checking the \' sequence with a case statement of case '\'': I then went and downloaded sqlite version 2.8.7 -- just releases -- same indication. After going back and forth several times with SQLite's author, D. Richard Hipp, who was very responsive, he allowed that I could submit an enhancement to have a PRAGMA which turn on backslash escapes. My question is: hasn't this behavior come up before in light of the fact that SQLite is being included in PHP5? thanks, John From danielc at analysisandsolutions.com Sat Dec 6 17:24:33 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 6 Dec 2003 17:24:33 -0500 Subject: [nycphp-talk] sqlite utility and reloading a dump In-Reply-To: <3FD24C27.2070205@att.net> References: <3FD24C27.2070205@att.net> Message-ID: <20031206222433.GA18650@panix.com> Hi John: On Sat, Dec 06, 2003 at 02:37:43PM -0700, John Lacey wrote: > > My question is: hasn't this behavior come up before in light > of the fact that SQLite is being included in PHP5? When escaping "'" without the use of an ESCAPE clause, most DBMS's, and perhaps the SQL-99 standard itself, use "''" MySQL kind of made up it's own thing by doing "\'" Do note, you can also use "''" in MySQL (at least in version 4.0, maybe in 3.2x too). The drag is mysqldump puts "\'" in there. That should be classified as a bug. --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From jlacey at att.net Sat Dec 6 17:28:44 2003 From: jlacey at att.net (John Lacey) Date: Sat, 06 Dec 2003 15:28:44 -0700 Subject: [nycphp-talk] sqlite utility and reloading a dump In-Reply-To: <20031206222433.GA18650@panix.com> References: <3FD24C27.2070205@att.net> <20031206222433.GA18650@panix.com> Message-ID: <3FD2581C.7070308@att.net> Daniel Convissor wrote: > > When escaping "'" without the use of an ESCAPE clause, most DBMS's, and > perhaps the SQL-99 standard itself, use "''" > > MySQL kind of made up it's own thing by doing "\'" Do note, you can also > use "''" in MySQL (at least in version 4.0, maybe in 3.2x too). > yeah, I pointed out the "''" method of escaping to the SQLite author (Hipp), and mentioned that the \' is used too > The drag is mysqldump puts "\'" in there. That should be classified as a > bug. > well, D. Richard Hipp is correct in pointing that out, but wanted to get a workaround before something hits the fan J From adam at trachtenberg.com Sat Dec 6 17:32:02 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Sat, 6 Dec 2003 17:32:02 -0500 (EST) Subject: [nycphp-talk] sqlite utility and reloading a dump In-Reply-To: <3FD2581C.7070308@att.net> References: <3FD24C27.2070205@att.net> <20031206222433.GA18650@panix.com> <3FD2581C.7070308@att.net> Message-ID: On Sat, 6 Dec 2003, John Lacey wrote: > well, D. Richard Hipp is correct in pointing that out, but > wanted to get a workaround before something hits the fan Have you tried running mysqldump with the --fields-escaped-by parameter? Maybe you can make MySQL ouput '' instead of \'. Note: I have no idea if this command actually does this, I was just browsing the manual. http://www.mysql.com/doc/en/mysqldump.html -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From joshmccormack at travelersdiary.com Sat Dec 6 17:32:07 2003 From: joshmccormack at travelersdiary.com (Josh McCormack) Date: Sat, 06 Dec 2003 17:32:07 -0500 Subject: [nycphp-talk] PHP bulletin board, a new order, suggestions? In-Reply-To: <20031206001935.13064.qmail@hosting33.com> References: <20031206001935.13064.qmail@hosting33.com> Message-ID: <3FD258E7.4020705@travelersdiary.com> fudforum has a very interesting mailing list/newsgroup integration thing. Also, what about having a mailing list like Mailman, with some nice archiving programs running (mhonarc, etc), and have a web-to-mail script to allow browsers to participate. I know there can be security issues with allowing people to send mail through web pages, but could be done. Josh invisiblemute wrote: > > From: Chris Shiflett > > --- invisiblemute wrote: > > > Sorry if I missed the beginning of this conversation (just joined), > > > but does phpBB have serious problems, limitations or security holes > > > that I'm not aware of? > > > > It's slow, the code is a mess, and it is a frequent visitor of Dan's > > Security Focus PHP vulnerability updates. > > > > It looks good, though. :-) > > Chris > > Crap! After hunting high and low that's what I went with for a recent > project. I agree, it does look really nice and skins very easily. > > I'm surprised I haven't seen a product that functions like YahooGroups. > Bulletin boards are nice but I think it 's a fabulous idea to mesh with > listserv like behavior. Has anyone come across something like this? Or > better yet is there a solution that would seemlessly integrate with a > product like EZMLM (I know I'm hoping for a lot here). Thanks. > > i'm' > > > ------------------------------------------------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jlacey at att.net Sat Dec 6 18:06:06 2003 From: jlacey at att.net (John Lacey) Date: Sat, 06 Dec 2003 16:06:06 -0700 Subject: [nycphp-talk] sqlite utility and reloading a dump In-Reply-To: References: <3FD24C27.2070205@att.net> <20031206222433.GA18650@panix.com> <3FD2581C.7070308@att.net> Message-ID: <3FD260DE.8020303@att.net> Adam Maccabee Trachtenberg wrote: > > Have you tried running mysqldump with the --fields-escaped-by > parameter? Maybe you can make MySQL ouput '' instead of \'. > > Note: I have no idea if this command actually does this, I was just > browsing the manual. > > http://www.mysql.com/doc/en/mysqldump.html in this case, I'm working with a file that comes packaged with an application -- in one of my emails to Mr. Hipp, I included a link to the php manual addslashes() function with the info about magic quotes, etc, etc. From danielc at analysisandsolutions.com Sat Dec 6 18:15:21 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 6 Dec 2003 18:15:21 -0500 Subject: [nycphp-talk] sqlite utility and reloading a dump In-Reply-To: References: <3FD24C27.2070205@att.net> <20031206222433.GA18650@panix.com> <3FD2581C.7070308@att.net> Message-ID: <20031206231521.GA21390@panix.com> On Sat, Dec 06, 2003 at 05:32:02PM -0500, Adam Maccabee Trachtenberg wrote: > > Have you tried running mysqldump with the --fields-escaped-by > parameter? Maybe you can make MySQL ouput '' instead of \'. I think that's for what fields are enclosed in, such as the double quotes in the following "field1", "field2" --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From adam at trachtenberg.com Sat Dec 6 18:29:38 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Sat, 6 Dec 2003 18:29:38 -0500 (EST) Subject: [nycphp-talk] sqlite utility and reloading a dump In-Reply-To: <20031206231521.GA21390@panix.com> References: <3FD24C27.2070205@att.net> <20031206222433.GA18650@panix.com> <3FD2581C.7070308@att.net> <20031206231521.GA21390@panix.com> Message-ID: On Sat, 6 Dec 2003, Daniel Convissor wrote: > On Sat, Dec 06, 2003 at 05:32:02PM -0500, Adam Maccabee Trachtenberg wrote: > > > > Have you tried running mysqldump with the --fields-escaped-by > > parameter? Maybe you can make MySQL ouput '' instead of \'. > > I think that's for what fields are enclosed in, such as the double quotes > in the following > "field1", "field2" Probably. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From tech_learner at yahoo.com Sun Dec 7 23:09:50 2003 From: tech_learner at yahoo.com (Tech_learner) Date: Sun, 7 Dec 2003 20:09:50 -0800 (PST) Subject: [nycphp-talk] Fwd: [PHP Classes] Released new book review: Building Custom PHP Extensions Message-ID: <20031208040950.99015.qmail@web14311.mail.yahoo.com> PHP Classes wrote:To: tech_learner at yahoo.com Subject: [PHP Classes] Released new book review: Building Custom PHP Extensions Date: 8 Dec 2003 02:30:35 -0000 From: PHP Classes Released new book review: Building Custom PHP Extensions --------------------------------- --------------------------------- You are getting this message because you voluntarily subscribed to the PHP Classes site. To change your newsletter or alert messages delivery options, see the instructions at the bottom of this message. --------------------------------- Title Building Custom PHP Extensions Author Blake Schwendiman Publisher Lulu Press Sales ranking Week:9All time:109 --------------------------------- ReviewerManuel LemosRead this review --------------------------------- PHP Classes site tip of the dayLatest security vulnerabilities by e-mailKnow about the latest security vulnerabilities before the hackers compromise your site. Read about other interesting tips --------------------------------- If you are not interested in receiving any more messages like this one, or want to switch the message format between text and HTML, go to the user options page and change the respective delivery options. --------------------------------- For more information send a message to info at phpclasses.org.Copyright (c) 1999-2003 PHP Classes --------------------------------- Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeffb at uniquephoto.com Mon Dec 8 09:58:40 2003 From: jeffb at uniquephoto.com (Jeff Barrett) Date: Mon, 8 Dec 2003 09:58:40 -0500 Subject: [nycphp-talk] array of object being passed by reference problem In-Reply-To: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9DC3@msxnyusr01.msx.ops.tiaa-cref.org> Message-ID: Eddy, Definitely remember you! I found that out the hard way and my boss found a very interesting aspect that I had never used and only seen once or twice in C type code. function & method1() { return $this->arrayOfPointers; } Notice the & before the method1, that does some nice magic. Makes the function return pointers, not so sure how it makes that determination yet. Trying return & $this->arrayOfPointers; gives a syntax error. I am also curious to find out what the difference is when you preceded the constructor with the &, does it have global effects? Those more detailed questions will have to wait until I get this project done. Thanks for the help Eddy. Jeff > Jeff buddy!! Remember me? :) > > "foreach" isn't object friendly... It's giving you copies to modify!! > Here is a work around for what you want to achieve.. > > Change line: $o->setVar("aa".$pos); > > To: $objs[$pos]->setVar("aa".$pos); > > This will yield the results you want. I tried it, works like a champ. > Remember: modification of array elements via indices is your php4 friend > especially when dealing with objects! :) > > Eddy Nu?ez > Tel: 718-614-7033 > > From tgales at tgaconnect.com Mon Dec 8 10:38:33 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 8 Dec 2003 10:38:33 -0500 Subject: [nycphp-talk] Connection to MySQL 4.1.X with php 5.0b2 running windows xp Message-ID: <000201c3bda1$56fa1480$bf8d3818@oberon1> Has anybody loaded the php_mysql extension under windows? I wanted to test/experiment with something using a php client connection to MySQL 4.1.0 (alpha). I am using a precompiled php 5.0b2 dated 30-Oct-2003. If I check the dependencies of the php_mysql.dll it seems like in the php4ts.dll library '_zend_hash_add_or_update' and 'OnUpdateLong' are both unresolved. As a footnote both the php4ts.dll and the php_mysl.dll are the ones which came with the precompiled php (in a zip file) Any ideas/comments would be appreciated. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From danielc at analysisandsolutions.com Mon Dec 8 11:28:49 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 8 Dec 2003 11:28:49 -0500 Subject: [nycphp-talk] array of object being passed by reference problem In-Reply-To: References: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9DC3@msxnyusr01.msx.ops.tiaa-cref.org> Message-ID: <20031208162849.GA14268@panix.com> Hi Jeff: On Mon, Dec 08, 2003 at 09:58:40AM -0500, Jeff Barrett wrote: > > function & method1() > { > return $this->arrayOfPointers; > } > > Notice the & before the method1, that does some nice magic. Makes the > function return pointers, Do note a few things. They're called "references," which are kind of like pointers, but aren't true pointers. Establishing a function like that is termed "returning by reference." Only return variables from such methods. Most people use the style with the & is next to the function name: "function &method()" Finally, the reference isn't created unless the call to the function says it should via the =&: $foo =& method1(); --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From jlacey at att.net Mon Dec 8 11:43:27 2003 From: jlacey at att.net (John Lacey) Date: Mon, 08 Dec 2003 09:43:27 -0700 Subject: [nycphp-talk] sqlite update Message-ID: <3FD4AA2F.2080507@att.net> FYI, Since the scheme to fix the MySQL \' issue with a PRAGMA (PRAGMA backslash_escapes=ON;) will be off by default, I sent a msg to Marc Delisle -- phpMyAdmin developer. He said he'd add a feature to support two single quote exports. so, the SQLite utility will be covered by an option to honor one of the MySQL escape methods (\') and the phpMyAdmin app. will be able to optionally use two single quotes when exporting John >From hans not junk at nyphp.com Mon Dec 8 15:07:10 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 5C645A85F7 for ; Mon, 8 Dec 2003 15:07:10 -0500 (EST) Received: (qmail 20741 invoked by uid 89); 8 Dec 2003 20:07:10 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@66.65.174.214) by londo.swishmail.com with AES256-SHA encrypted SMTP; 8 Dec 2003 20:07:10 -0000 Message-ID: <3FD4D9EA.20707 at nyphp.com> Date: Mon, 08 Dec 2003 15:07:06 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: tgales at tgaconnect.com, NYPHP Talk Subject: Re: [nycphp-talk] Connection to MySQL 4.1.X with php 5.0b2 running windows xp References: <000201c3bda1$56fa1480$bf8d3818 at oberon1> In-Reply-To: <000201c3bda1$56fa1480$bf8d3818 at oberon1> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2003 20:07:10 -0000 Tim Gales wrote: > Has anybody loaded the php_mysql extension under windows? > I wanted to test/experiment with something using a php client > connection to MySQL 4.1.0 (alpha). > > I am using a precompiled php 5.0b2 > dated 30-Oct-2003. > > If I check the dependencies of the php_mysql.dll > it seems like in the php4ts.dll library > '_zend_hash_add_or_update' and 'OnUpdateLong' > are both unresolved. I'm not too familiar with the Windows precompiled binaries (although I've had PHP4 and MySQL humming along under WinXP) but if you're using a PHP 5 beta, why is it php4ts.dll? Might be something to check out, and/or go to http://snaps.php.net and get the latest and greatest. H From danielc at analysisandsolutions.com Mon Dec 8 15:13:51 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 8 Dec 2003 15:13:51 -0500 Subject: [nycphp-talk] Connection to MySQL 4.1.X with php 5.0b2 running windows xp In-Reply-To: <3FD4D9EA.20707@nyphp.com> References: <000201c3bda1$56fa1480$bf8d3818@oberon1> <3FD4D9EA.20707@nyphp.com> Message-ID: <20031208201351.GB7170@panix.com> Folks: On Mon, Dec 08, 2003 at 03:07:06PM -0500, Hans Zaunere wrote: > > I'm not too familiar with the Windows precompiled binaries (although I've > had PHP4 and MySQL humming along under WinXP) but if you're using a PHP 5 > beta, why is it php4ts.dll? Might be something to check out Very observant Hans. Those names are correct for now. This DLL naming matter has been brought up to the developers, but there has been no indication as to whether or not this will change. I hope it does get modified because it would make it possible to easily run PHP 4 and PHP 5 on the same machine. Later, --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Mon Dec 8 18:01:30 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 8 Dec 2003 18:01:30 -0500 Subject: [nycphp-talk] SecurityFocus Newsletter #226 Message-ID: <20031208230130.GA21476@panix.com> PieterPost Unauthorized E-mail Account Access Vulnerability http://www.securityfocus.com/bid/9128 CuteNews Debug Query Information Disclosure Weakness http://www.securityfocus.com/bid/9130 -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From danporcher at earthlink.net Mon Dec 8 17:43:34 2003 From: danporcher at earthlink.net (Daniel Porcher) Date: Mon, 8 Dec 2003 17:43:34 -0500 Subject: [nycphp-talk] Date problems running PHP on IRIX In-Reply-To: <3FD4D9EA.20707@nyphp.com> Message-ID: I thought the 1969 date limitiation was just a Windows issue, but I have just run into the same problem on a client's web site hosted by Rapidsite. Rapidsite is hosting a PHP CGI implementation on Apache on IRIX on a SGI server. Here's the test code: echo formatdate("1970-01-30"); echo "
"; echo formatdate("1969-01-30"); echo "
"; echo formatdate("1959-01-30"); echo "
"; function formatdate($szdate) { if (isset($szdate) && ($szdate != "0000-00-00")) { $date = strtotime($szdate); $arrdate = getdate($date); $rtn = checkdate($arrdate['mon'], $arrdate['mday'] , $arrdate['year']); if($rtn) { return ($arrdate['mon'] . "/" . $arrdate['mday'] . "/" . $arrdate['year']); }else{ return $szdate; } } return ""; } The results I get on Rapidsite is: 1/30/1970 12/31/1969 12/31/1969 I ran the same code on another host and got the correct results 1/30/1970 1/30/1969 1/30/1959 Has anybody seen this problem before? Is there a work around? Thanks, Dan Daniel Porcher President Watershed Web Design Phone: (609) 466-0266 Fax: (609) 466-2701 From jsiegel1 at optonline.net Tue Dec 9 06:31:54 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 09 Dec 2003 06:31:54 -0500 Subject: [nycphp-talk] NYPHP Holiday Party RSVP Deadline Message-ID: <3FD5B2AA.8070501@optonline.net> The RSVP *deadline* for the NYPHP party is Sunday, Dec. 14th. If you haven't yet RSVP'ed, please do so now. Details are below. Jeff Siegel ================================== Join New York PHP for some Holiday cheer! The NYPHP Holiday Party will be on December 16th at 6:30pm at the Hard Rock Cafe, 221 West 57th Street, New York. The cost is $20.00 per person to be paid at the door which includes selection from the menu below. You must contact us in advance if you'll be attending. RSVP to party at nyphp.org All are welcome! When: December 16th at 6:30pm Where: Hard Rock Cafe, 221 West 57th Street, New York The Party Menu Choice of Entrees: HRC Country Char-Broiled Burger with Cheese and/or Bacon HRC Natural Veggie Burger Grilled Chicken Breast Sandwich HRC Caesar Salad Pig Sandwich Dessert: Homestyle Chocolate Cake Choice of Beverage: Coffee, Tea or Soft Drink >From hans not junk at nyphp.com Tue Dec 9 10:53:38 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 90A7FA85E6 for ; Tue, 9 Dec 2003 10:53:38 -0500 (EST) Received: (qmail 32928 invoked by uid 89); 9 Dec 2003 15:53:38 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 9 Dec 2003 15:53:38 -0000 Message-ID: <3FD5F03F.6010402 at nyphp.com> Date: Tue, 09 Dec 2003 10:54:39 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] Date problems running PHP on IRIX References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2003 15:53:38 -0000 Daniel Porcher wrote: > I thought the 1969 date limitiation was just a Windows issue, but I have No no.. it stems from the UNIX timestamp being a signed 32bit int - I think Windows just copied that. > just run into the same problem on a client's web site hosted by Rapidsite. > Rapidsite is hosting a PHP CGI implementation on Apache on IRIX on a SGI > server. That's a nice combination :) > Here's the test code: > > echo formatdate("1970-01-30"); > echo "
"; > echo formatdate("1969-01-30"); > echo "
"; > echo formatdate("1959-01-30"); > echo "
"; > > > function formatdate($szdate) > { > if (isset($szdate) && ($szdate != "0000-00-00")) > { > $date = strtotime($szdate); > $arrdate = getdate($date); > $rtn = checkdate($arrdate['mon'], $arrdate['mday'] , > $arrdate['year']); > if($rtn) > { > return ($arrdate['mon'] . "/" . $arrdate['mday'] . > "/" . $arrdate['year']); > }else{ > return $szdate; > } > } > return ""; > > } > > The results I get on Rapidsite is: > > 1/30/1970 > 12/31/1969 > 12/31/1969 Basically, some of the functions you use in formatdate() are using the UNIX timestamp behind the scenes. For the most part, these can't handle anything before the Epoch (something like the last second in 1969 - a good year). > I ran the same code on another host and got the correct results > > 1/30/1970 > 1/30/1969 > 1/30/1959 Obviously, this is platform dependant. Out of curiosity, what os/architecture was able to handle this (it means the time operations can use a negative number - most cannot). Basically, it's summed up in the Note at http://us2.php.net/strtotime > Has anybody seen this problem before? Is there a work around? The only workaround is to use a "real" date format (like a date format in MySQL/Oracle) or implement some of your own time/date manipulation functions - this begins to be painfull very quickly, so I's recommended a different time/date storage format :) H >From hans not junk at nyphp.com Tue Dec 9 10:55:21 2003 Return-Path: Received: from londo.swishmail.com (londo.swishmail.com [209.10.110.95]) by virtu.nyphp.org (Postfix) with ESMTP id 1E2E5A85E6 for ; Tue, 9 Dec 2003 10:55:21 -0500 (EST) Received: (qmail 33453 invoked by uid 89); 9 Dec 2003 15:55:21 -0000 Received: from unknown (HELO nyphp.com) (hans not junk at nyphp.com@128.122.155.151) by londo.swishmail.com with AES256-SHA encrypted SMTP; 9 Dec 2003 15:55:21 -0000 Message-ID: <3FD5F0A6.2020000 at nyphp.com> Date: Tue, 09 Dec 2003 10:56:22 -0500 From: Hans Zaunere User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: NYPHP Talk Subject: Re: [nycphp-talk] Connection to MySQL 4.1.X with php 5.0b2 running windows xp References: <000201c3bda1$56fa1480$bf8d3818 at oberon1> <3FD4D9EA.20707 at nyphp.com> <20031208201351.GB7170 at panix.com> In-Reply-To: <20031208201351.GB7170 at panix.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2003 15:55:21 -0000 Daniel Convissor wrote: > Folks: > > On Mon, Dec 08, 2003 at 03:07:06PM -0500, Hans Zaunere wrote: > >>I'm not too familiar with the Windows precompiled binaries (although I've >>had PHP4 and MySQL humming along under WinXP) but if you're using a PHP 5 >>beta, why is it php4ts.dll? Might be something to check out > > > Very observant Hans. Those names are correct for now. Eek. > This DLL naming matter has been brought up to the developers, but there > has been no indication as to whether or not this will change. Eek again - it has to. Calling a file php4 when it's php5 is just - well - insane. > I hope it does get modified because it would make it possible to easily > run PHP 4 and PHP 5 on the same machine. And for sanity and common sense reasons :) H From adam at trachtenberg.com Tue Dec 9 10:57:45 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 9 Dec 2003 10:57:45 -0500 (EST) Subject: [nycphp-talk] Connection to MySQL 4.1.X with php 5.0b2 running windows xp In-Reply-To: <3FD5F0A6.2020000@nyphp.com> References: <000201c3bda1$56fa1480$bf8d3818@oberon1> <3FD4D9EA.20707@nyphp.com> <20031208201351.GB7170@panix.com> <3FD5F0A6.2020000@nyphp.com> Message-ID: On Tue, 9 Dec 2003, Hans Zaunere wrote: > > This DLL naming matter has been brought up to the developers, but there > > has been no indication as to whether or not this will change. > > Eek again - it has to. Calling a file php4 when it's php5 is just - well - insane. I think this will be fixed for Beta 3, which should be out in a week or so. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From amiller at hollywood101.com Tue Dec 9 16:17:25 2003 From: amiller at hollywood101.com (Alan T. Miller) Date: Tue, 9 Dec 2003 14:17:25 -0700 Subject: [nycphp-talk] Framework Question - Site Configuration Message-ID: <042001c3be99$d809f1f0$640a0a0a@webdev> Framework question. I had an idea that if I were to store many of the web site configuration values in the web server environment, such as database connection parameters, default email address, company address and major site links in each apache server virtual host environment, this information would be resident in the server memory, and subsequent requests would require less over head than creating a large configuration file that would be loaded and parsed at runtime each time a script on our site ran. For example. In my apache config I set the values in the following manner... setEnv DATABASE_NAME = "somedatabase" setEnv DATABASE_USER = "someuser" setEnv DATABASE_PASS = "somepass" setEnv LINK_HOME_PAGE = "/index.php" setEnv LINK_SITE_MAP = "/site-map.php" setEnv EMAIL_DEFAULT = "info at foo.com" setEnv EMAIL_SALES = "sales at foo.com" setEnv PATH_PHOTOS = "/photos/" setEnv PATH_GIFS = "/gifs/" To access these from my scripts, I can use the following... $_SERVER['DATABASE_NAME'] $_SERVER['DATABASE_USER'] $_SERVER['DATABASE_PASS] $_SERVER['LINK_HOME_PAGE'] $_SERVER['LINK_SITE_MAP] Because they are resident in the memory of the server, the server does not have to parse the file each time a request is made for the virtual host. However, this is proving to be a pain because there are other scripts that run from CRON etc, that do not run from the virtual host environment, and for those scripts, I have ended up duplicating my efforts by creating another configuration file for our site. This means I have to update changes to the configuration twice. I was thinking that it would may be easier to ditch this effort and go with a standard configuration file in PHP that I can include for the site and scripts that run outsode the virtual environment. Perhaps something like the following... and then access the values in the script using their constant values or perhaps store the values in an array such as... 'somedatabase', 'DATABASE_USER' => 'someuser', 'LINK_SITE_MAP' => '/site_map.php' ); ?> I would like to hear all your thoughts on this issue. I have about 100 configuration directives I would like to be able to store in one place. I would be curious how others have dealt with simular issues. Are there advantagaes to using an array for config values as mentioned above over lets say defining constants? Ideas, suggestions? Thanks. From dmintz at davidmintz.org Tue Dec 9 17:18:17 2003 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 9 Dec 2003 17:18:17 -0500 (EST) Subject: [nycphp-talk] Framework Question - Site Configuration In-Reply-To: <042001c3be99$d809f1f0$640a0a0a@webdev> References: <042001c3be99$d809f1f0$640a0a0a@webdev> Message-ID: On Tue, 9 Dec 2003, Alan T. Miller wrote: > > I was thinking that it would may be easier to ditch this effort and go with > a standard configuration file in PHP that I can include for the site and > scripts that run outsode the virtual environment. Perhaps something like the > following... > > > define(DATABASE_NAME,'somedatabase'); > define(DATABASE_USER,'someuser'); > define(LINK_SITE_MAP,'/site-map.php'); > > ?> > > and then access the values in the script using their constant values or > perhaps store the values in an array such as... > > > $site = array( > 'DATABASE_NAME' => 'somedatabase', > 'DATABASE_USER' => 'someuser', > 'LINK_SITE_MAP' => '/site_map.php' > ); > > ?> > > I would like to hear all your thoughts on this issue. I have about 100 > configuration directives I would like to be able to store in one place. I > would be curious how others have dealt with simular issues. Are there > advantagaes to using an array for config values as mentioned above over lets > say defining constants? One thing I have experimented with is saving configs in a plain text config file in the format that parse_ini_file likes. Then you can do this if you want $cfg = parse_ini_file('/path/to/config.conf'); foreach($cfg as $key => $value) { define($key,$value); } ...or not. Works for me. One nice thing is that you if you happen to use Perl as well for some reason, there's the Config::General module that can also read the same config file. (The one gotcha is the different comment syntax). In any case you should be able to achieve the objective of centralizing the config info. But I've seen other apps use both of the approaches you refer to above. TMTOWTDI, as they say. HTH, --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" Sopranos 24:17 From shiflett at php.net Tue Dec 9 17:56:40 2003 From: shiflett at php.net (Chris Shiflett) Date: Tue, 9 Dec 2003 14:56:40 -0800 (PST) Subject: [nycphp-talk] Framework Question - Site Configuration In-Reply-To: Message-ID: <20031209225640.71192.qmail@web14303.mail.yahoo.com> --- David Mintz wrote: > TMTOWTDI You traitor! :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jsiegel1 at optonline.net Tue Dec 9 18:00:32 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 09 Dec 2003 18:00:32 -0500 Subject: [nycphp-talk] Framework Question - Site Configuration In-Reply-To: <042001c3be99$d809f1f0$640a0a0a@webdev> References: <042001c3be99$d809f1f0$640a0a0a@webdev> Message-ID: <3FD65410.5060303@optonline.net> Personally, I prefer using constants defined in a config file. Since, by convention, constants are normally all in CAPS, then mispelling a constant name immediately throws up a parse error. In addition, it's a visual indicator to me that its value has been set "somewhere" in my app. It would seem that using an array, one could inadvertantly change the value whereas once a constant is defined, that's that...no mucking around with its value. Jeff Siegel Alan T. Miller wrote: > Framework question. > > I had an idea that if I were to store many of the web site configuration > values in the web server environment, such as database connection > parameters, default email address, company address and major site links in > each apache server virtual host environment, this information would be > resident in the server memory, and subsequent requests would require less > over head than creating a large configuration file that would be loaded and > parsed at runtime each time a script on our site ran. > > For example. In my apache config I set the values in the following manner... > > setEnv DATABASE_NAME = "somedatabase" > setEnv DATABASE_USER = "someuser" > setEnv DATABASE_PASS = "somepass" > setEnv LINK_HOME_PAGE = "/index.php" > setEnv LINK_SITE_MAP = "/site-map.php" > setEnv EMAIL_DEFAULT = "info at foo.com" > setEnv EMAIL_SALES = "sales at foo.com" > setEnv PATH_PHOTOS = "/photos/" > setEnv PATH_GIFS = "/gifs/" > > To access these from my scripts, I can use the following... > > $_SERVER['DATABASE_NAME'] > $_SERVER['DATABASE_USER'] > $_SERVER['DATABASE_PASS] > $_SERVER['LINK_HOME_PAGE'] > $_SERVER['LINK_SITE_MAP] > > Because they are resident in the memory of the server, the server does not > have to parse the file each time a request is made for the virtual host. > > However, this is proving to be a pain because there are other scripts that > run from CRON etc, that do not run from the virtual host environment, and > for those scripts, I have ended up duplicating my efforts by creating > another configuration file for our site. This means I have to update changes > to the configuration twice. > > I was thinking that it would may be easier to ditch this effort and go with > a standard configuration file in PHP that I can include for the site and > scripts that run outsode the virtual environment. Perhaps something like the > following... > > > define(DATABASE_NAME,'somedatabase'); > define(DATABASE_USER,'someuser'); > define(LINK_SITE_MAP,'/site-map.php'); > > ?> > > and then access the values in the script using their constant values or > perhaps store the values in an array such as... > > > $site = array( > 'DATABASE_NAME' => 'somedatabase', > 'DATABASE_USER' => 'someuser', > 'LINK_SITE_MAP' => '/site_map.php' > ); > > ?> > > I would like to hear all your thoughts on this issue. I have about 100 > configuration directives I would like to be able to store in one place. I > would be curious how others have dealt with simular issues. Are there > advantagaes to using an array for config values as mentioned above over lets > say defining constants? > > Ideas, suggestions? > > Thanks. > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From lance.listserv at optimost.com Tue Dec 9 18:18:31 2003 From: lance.listserv at optimost.com (Lance Lovette) Date: Tue, 9 Dec 2003 18:18:31 -0500 Subject: [nycphp-talk] Framework Question - Site Configuration In-Reply-To: <042001c3be99$d809f1f0$640a0a0a@webdev> Message-ID: <004401c3beaa$c2c60160$0910010a@lance> If you have the ability to compile extensions into PHP and you're not running under Windows you may find useful an extension I wrote that is one solution to this problem (and more). http://pwee.sourceforge.net/ Note that I haven't yet compiled it under anything later than PHP 4.2.1. Lance -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Alan T. Miller Sent: Tuesday, December 09, 2003 4:17 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] Framework Question - Site Configuration Framework question. I had an idea that if I were to store many of the web site configuration values in the web server environment, such as database connection parameters, default email address, company address and major site links in each apache server virtual host environment, this information would be resident in the server memory, and subsequent requests would require less over head than creating a large configuration file that would be loaded and parsed at runtime each time a script on our site ran. For example. In my apache config I set the values in the following manner... setEnv DATABASE_NAME = "somedatabase" setEnv DATABASE_USER = "someuser" setEnv DATABASE_PASS = "somepass" setEnv LINK_HOME_PAGE = "/index.php" setEnv LINK_SITE_MAP = "/site-map.php" setEnv EMAIL_DEFAULT = "info at foo.com" setEnv EMAIL_SALES = "sales at foo.com" setEnv PATH_PHOTOS = "/photos/" setEnv PATH_GIFS = "/gifs/" To access these from my scripts, I can use the following... $_SERVER['DATABASE_NAME'] $_SERVER['DATABASE_USER'] $_SERVER['DATABASE_PASS] $_SERVER['LINK_HOME_PAGE'] $_SERVER['LINK_SITE_MAP] Because they are resident in the memory of the server, the server does not have to parse the file each time a request is made for the virtual host. However, this is proving to be a pain because there are other scripts that run from CRON etc, that do not run from the virtual host environment, and for those scripts, I have ended up duplicating my efforts by creating another configuration file for our site. This means I have to update changes to the configuration twice. I was thinking that it would may be easier to ditch this effort and go with a standard configuration file in PHP that I can include for the site and scripts that run outsode the virtual environment. Perhaps something like the following... and then access the values in the script using their constant values or perhaps store the values in an array such as... 'somedatabase', 'DATABASE_USER' => 'someuser', 'LINK_SITE_MAP' => '/site_map.php' ); ?> I would like to hear all your thoughts on this issue. I have about 100 configuration directives I would like to be able to store in one place. I would be curious how others have dealt with simular issues. Are there advantagaes to using an array for config values as mentioned above over lets say defining constants? Ideas, suggestions? Thanks. _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From lists at ny-tech.net Tue Dec 9 18:49:13 2003 From: lists at ny-tech.net (Nasir Zubair) Date: Tue, 9 Dec 2003 18:49:13 -0500 Subject: [nycphp-talk] Framework Question - Site Configuration In-Reply-To: <042001c3be99$d809f1f0$640a0a0a@webdev> Message-ID: <000601c3beaf$0de56ec0$6401a8c0@main> I have used both the CONSTANTS and array. To be frank, arrays have proven to be a PITA. And as Jeff has pointed out, they stand out from rest of the code being in all caps. Put 'em all in one text/php file, and use auto_prepend: php_value auto_prepend /home/usr/includes/config.inc (with correct path to inc file ). If you rather stick with your current setup, you can try to transfer all the directives from httpd.conf to a local .htaccess file, that way your directives will not be in affect globally. - Nasir > -----Original Message----- > From: Alan T. Miller [mailto:amiller at hollywood101.com] > Sent: Tuesday, December 09, 2003 4:17 PM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] Framework Question - Site Configuration > > > Framework question. > > I had an idea that if I were to store many of the web site > configuration values in the web server environment, such as > database connection parameters, default email address, > company address and major site links in each apache server > virtual host environment, this information would be resident > in the server memory, and subsequent requests would require > less over head than creating a large configuration file that > would be loaded and parsed at runtime each time a script on > our site ran. > > For example. In my apache config I set the values in the > following manner... > > setEnv DATABASE_NAME = "somedatabase" > setEnv DATABASE_USER = "someuser" > setEnv DATABASE_PASS = "somepass" > setEnv LINK_HOME_PAGE = "/index.php" > setEnv LINK_SITE_MAP = "/site-map.php" > setEnv EMAIL_DEFAULT = "info at foo.com" > setEnv EMAIL_SALES = "sales at foo.com" > setEnv PATH_PHOTOS = "/photos/" > setEnv PATH_GIFS = "/gifs/" > > To access these from my scripts, I can use the following... > > $_SERVER['DATABASE_NAME'] > $_SERVER['DATABASE_USER'] > $_SERVER['DATABASE_PASS] > $_SERVER['LINK_HOME_PAGE'] > $_SERVER['LINK_SITE_MAP] > > Because they are resident in the memory of the server, the > server does not have to parse the file each time a request is > made for the virtual host. > > However, this is proving to be a pain because there are other > scripts that run from CRON etc, that do not run from the > virtual host environment, and for those scripts, I have ended > up duplicating my efforts by creating another configuration > file for our site. This means I have to update changes to the > configuration twice. > > I was thinking that it would may be easier to ditch this > effort and go with a standard configuration file in PHP that > I can include for the site and scripts that run outsode the > virtual environment. Perhaps something like the following... > > > define(DATABASE_NAME,'somedatabase'); > define(DATABASE_USER,'someuser'); > define(LINK_SITE_MAP,'/site-map.php'); > > ?> > > and then access the values in the script using their constant > values or perhaps store the values in an array such as... > > > $site = array( > 'DATABASE_NAME' => 'somedatabase', > 'DATABASE_USER' => 'someuser', > 'LINK_SITE_MAP' => '/site_map.php' > ); > > ?> > > I would like to hear all your thoughts on this issue. I have > about 100 configuration directives I would like to be able to > store in one place. I would be curious how others have dealt > with simular issues. Are there advantagaes to using an array > for config values as mentioned above over lets say defining constants? > > Ideas, suggestions? > > Thanks. > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > From danporcher at earthlink.net Tue Dec 9 20:09:20 2003 From: danporcher at earthlink.net (Daniel Porcher) Date: Tue, 9 Dec 2003 20:09:20 -0500 Subject: [nycphp-talk] Date problems running PHP on IRIX In-Reply-To: <3FD5F03F.6010402@nyphp.com> Message-ID: Hans asked: >> Out of curiosity, what os/architecture was able to handle this >> it means the time operations can use a negative number - most cannot). The site that succesfully handled pre-epoch dates is hosted by Hostway. They describe their platform thusly: Dual Pentium III Linux (RedHat 7.2 based ) Apache 1.3.27 PHP CGI Thanks for the help, Dan Daniel Porcher President Watershed Web Design Phone: (609) 466-0266 Fax: (609) 466-2701 From wiw at nyc.rr.com Wed Dec 10 01:49:00 2003 From: wiw at nyc.rr.com (Bill Wolf) Date: Wed, 10 Dec 2003 01:49:00 -0500 Subject: [nycphp-talk] looking for mailing list software or service Message-ID: <200312100649.hBA6n6gt006765@nycsmtp3out.rdc-nyc.rr.com> I need to setup a simple mailing list for someone. One way, no discussions. Users need to be able to subscribe/unsubscribe themselves. And a relatively easy administration module for adding users and sending mail to be used by novices. The site's host is Interland on an NT account but they do supposedly have PHP access as well as CGI (although ASP would be good too). Any suggestions for either packages that are cheap/free or 3'rd party services that would host the list for them? Thanks -Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.net Wed Dec 10 02:09:52 2003 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 10 Dec 2003 02:09:52 -0500 Subject: [nycphp-talk] looking for mailing list software or service References: <200312100649.hBA6n6gt006765@nycsmtp3out.rdc-nyc.rr.com> Message-ID: <015201c3beec$9bb5d450$6400a8c0@thinkpad> if security/pki is not an issue/concern: http://www.phpwebhosting.com @ $9.95 per month has mailing lists ... http://www.phpwebhosting.com/email.html - jon ----- Original Message ----- From: Bill Wolf To: talk at lists.nyphp.org Sent: Wednesday, December 10, 2003 1:49 AM Subject: [nycphp-talk] looking for mailing list software or service I need to setup a simple mailing list for someone. One way, no discussions. Users need to be able to subscribe/unsubscribe themselves. And a relatively easy administration module for adding users and sending mail to be used by novices. The site's host is Interland on an NT account but they do supposedly have PHP access as well as CGI (although ASP would be good too). Any suggestions for either packages that are cheap/free or 3'rd party services that would host the list for them? Thanks -Bill ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From wiw at nyc.rr.com Wed Dec 10 12:13:33 2003 From: wiw at nyc.rr.com (Bill Wolf) Date: Wed, 10 Dec 2003 12:13:33 -0500 Subject: [nycphp-talk] looking for mailing list software or service In-Reply-To: <20031210170003.5EFF2A8770@virtu.nyphp.org> Message-ID: <200312101713.hBAHDYgt013893@nycsmtp3out.rdc-nyc.rr.com> Thanks. I think I'd prefer to set something up on their existing webserver account though. Any recommendation for packages? ---------------------------------------------------------------------- Message: 1 Date: Wed, 10 Dec 2003 02:09:52 -0500 From: "jon baer" Subject: Re: [nycphp-talk] looking for mailing list software or service To: "NYPHP Talk" Message-ID: <015201c3beec$9bb5d450$6400a8c0 at thinkpad> Content-Type: text/plain; charset="iso-8859-1" if security/pki is not an issue/concern: http://www.phpwebhosting.com @ $9.95 per month has mailing lists ... http://www.phpwebhosting.com/email.html - jon From tgales at tgaconnect.com Wed Dec 10 12:46:49 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 10 Dec 2003 12:46:49 -0500 Subject: [nycphp-talk] looking for mailing list software or service In-Reply-To: <200312100649.hBA6n6gt006765@nycsmtp3out.rdc-nyc.rr.com> Message-ID: <005a01c3bf45$970f8050$bf8d3818@oberon1> what is the name of the 'mail agent' (on unix it might be 'sendmail') Is it really hosted on NT -- don't you mean Windows 2000 (2003) server? Are you using BackOfficeServer, SmallBusinessServer, Exchange Sever (what release), or what? Also how hard is it to effect changes in the environment (e.g. will you have privileges to make dns record changes or does Interland do it for you -- and how long does it take them) Without more specifics on your environment it is hard to help. However, this link might be of some use: http://www.scriptsearch.com/PHP/Scripts_and_Programs/Mailing_List_Manageme nt/ T. Gales & Associates Helping People Connect with Technology http://www.tgaconnect.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Bill Wolf Sent: Wednesday, December 10, 2003 1:49 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] looking for mailing list software or service I need to setup a simple mailing list for someone. One way, no discussions. Users need to be able to subscribe/unsubscribe themselves. And a relatively easy administration module for adding users and sending mail to be used by novices. The site's host is Interland on an NT account but they do supposedly have PHP access as well as CGI (although ASP would be good too). Any suggestions for either packages that are cheap/free or 3'rd party services that would host the list for them? Thanks -Bill From Ryan.Cozzubbo at yale.edu Wed Dec 10 16:37:54 2003 From: Ryan.Cozzubbo at yale.edu (Cozzubbo, Ryan) Date: Wed, 10 Dec 2003 16:37:54 -0500 Subject: [nycphp-talk] looking for mailing list software or service Message-ID: If you are looking for a commercial solution, try www.lyris.com , they have a package called listmanager for nt/2k/red hat. A free version is available to try out (but with limitations such as, creation of one list, and a max of 200 members). -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Tim Gales Sent: Wednesday, December 10, 2003 12:47 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] looking for mailing list software or service what is the name of the 'mail agent' (on unix it might be 'sendmail') Is it really hosted on NT -- don't you mean Windows 2000 (2003) server? Are you using BackOfficeServer, SmallBusinessServer, Exchange Sever (what release), or what? Also how hard is it to effect changes in the environment (e.g. will you have privileges to make dns record changes or does Interland do it for you -- and how long does it take them) Without more specifics on your environment it is hard to help. However, this link might be of some use: http://www.scriptsearch.com/PHP/Scripts_and_Programs/Mailing_List_Manage me nt/ T. Gales & Associates Helping People Connect with Technology http://www.tgaconnect.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Bill Wolf Sent: Wednesday, December 10, 2003 1:49 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] looking for mailing list software or service I need to setup a simple mailing list for someone. One way, no discussions. Users need to be able to subscribe/unsubscribe themselves. And a relatively easy administration module for adding users and sending mail to be used by novices. The site's host is Interland on an NT account but they do supposedly have PHP access as well as CGI (although ASP would be good too). Any suggestions for either packages that are cheap/free or 3'rd party services that would host the list for them? Thanks -Bill _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jonbaer at jonbaer.net Wed Dec 10 16:50:06 2003 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 10 Dec 2003 16:50:06 -0500 Subject: [nycphp-talk] looking for mailing list software or service References: Message-ID: <001d01c3bf67$9388f930$6400a8c0@thinkpad> the only "php" package i know off is an interface to ezmlm ... http://www.unixpimps.org/software/ezmlm-php/ - jon From rich at f1central.net Wed Dec 10 17:59:09 2003 From: rich at f1central.net (Rich Gray) Date: Wed, 10 Dec 2003 23:59:09 +0100 Subject: [nycphp-talk] Framework Question - Site Configuration In-Reply-To: <3FD65410.5060303@optonline.net> Message-ID: > > Personally, I prefer using constants defined in a config file. Since, by > convention, constants are normally all in CAPS, then mispelling a > constant name immediately throws up a parse error. In addition, it's a > visual indicator to me that its value has been set "somewhere" in my > app. It would seem that using an array, one could inadvertantly change > the value whereas once a constant is defined, that's that...no mucking > around with its value. > > Jeff Siegel yep -- also CONSTANTS are globally scoped... so do not need any prior declaration in functions... Rich From southwell at dneba.com Wed Dec 10 18:18:19 2003 From: southwell at dneba.com (Michael Southwell) Date: Wed, 10 Dec 2003 18:18:19 -0500 Subject: [nycphp-talk] need help with input type="file" Message-ID: <6.0.1.1.2.20031210181352.01b56dd8@mail.optonline.net> The following works perfectly if name is input type="text" but doesn't return anything if type="file," although the browse box is created and works. What (no doubt something simple) am I missing? ------------------------
Filename:


Michael G. Southwell ================================= DNEBA Enterprises 81 South Road Bloomingdale, NJ 07403-1419 973/492-7873 (voice and fax) southwell at dneba.com http://www.dneba.com ====================================================== From lists at ny-tech.net Wed Dec 10 18:35:55 2003 From: lists at ny-tech.net (Nasir Zubair) Date: Wed, 10 Dec 2003 18:35:55 -0500 Subject: [nycphp-talk] need help with input type="file" In-Reply-To: <6.0.1.1.2.20031210181352.01b56dd8@mail.optonline.net> Message-ID: <000601c3bf76$5d215ea0$6401a8c0@main> Try this: $name = $_FILES['name']['name']; The first "['name']" is the name of your file field. The second 'name' is for accessing the name of uploaded file. http://www.php.net/manual/en/features.file-upload.php - Nasir > -----Original Message----- > From: Michael Southwell [mailto:southwell at dneba.com] > Sent: Wednesday, December 10, 2003 6:18 PM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] need help with input type="file" > > > The following works perfectly if name is input type="text" > but doesn't > return anything if type="file," although the browse box is > created and > works. What (no doubt something simple) am I missing? > ------------------------ > $execute=$_POST[execute]; > > if (!isset($execute)){ //first time through > WriteForm(); > } > else { //here from post > $name=$_POST[name]; > echo "The submitted filename is ".$name; > } > > function WriteForm(){ > global $name; > ?> >
action="browsebox.php"> > > Filename:
> size="75" />
>
> >
> } > ?> > > > Michael G. Southwell ================================= > DNEBA Enterprises > 81 South Road > Bloomingdale, NJ 07403-1419 > 973/492-7873 (voice and fax) > southwell at dneba.com > http://www.dneba.com > ====================================================== > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > From lists at prusak.com Wed Dec 10 20:00:44 2003 From: lists at prusak.com (Ophir Prusak) Date: Wed, 10 Dec 2003 20:00:44 -0500 Subject: [nycphp-talk] Looking for PHP help desk system Message-ID: <00f501c3bf82$3afcde10$5356a8c0@CPXPDEV10> Hi all, I'm looking for an open source help desk / support / ticketing system written in PHP. Preferably free, but it doesn't have to be free. We just need to be able to modify it to our needs. Here is a list of features that it would ideally have: 0. Web capture of new tickets. 1. Email capture of new tickets. 2. You can send back replies or the info via email. 3. Customizable ticket workflow. 4. Highly customizable: Categories request types, statuses, etc. 5. Reporting tools and trends: How many requests of type X in past month, etc. 6. Good permissioning system (admin can define who can do what). 7. Internal notes. 8. Sending email and notes to user groups. I checked on sourceforge.net, but was wondering if anyone knows of other alternatives. Thanx, Ophir -------------- next part -------------- An HTML attachment was scrubbed... URL: From felix at students.poly.edu Wed Dec 10 22:04:58 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Wed, 10 Dec 2003 22:04:58 -0500 Subject: [nycphp-talk] Looking for PHP help desk system In-Reply-To: <00f501c3bf82$3afcde10$5356a8c0@CPXPDEV10> References: <00f501c3bf82$3afcde10$5356a8c0@CPXPDEV10> Message-ID: <20031210220458.6b8fa973.felix@students.poly.edu> On Wed, 10 Dec 2003 20:00:44 -0500 "Ophir Prusak" wrote: > Hi all, > > I'm looking for an open source help desk / support / ticketing system written in PHP. > Preferably free, but it doesn't have to be free. We just need to be able to modify it to our needs. > > Here is a list of features that it would ideally have: > > 0. Web capture of new tickets. > 1. Email capture of new tickets. > 2. You can send back replies or the info via email. > 3. Customizable ticket workflow. > 4. Highly customizable: Categories request types, statuses, etc. > 5. Reporting tools and trends: How many requests of type X in past month, etc. > 6. Good permissioning system (admin can define who can do what). > 7. Internal notes. > 8. Sending email and notes to user groups. > > I checked on sourceforge.net, but was wondering if anyone knows of other alternatives. I generaly find freshmeat.net a better place to start looking. > > Thanx, > Ophir From jonbaer at jonbaer.net Wed Dec 10 22:36:47 2003 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 10 Dec 2003 22:36:47 -0500 Subject: [nycphp-talk] Looking for PHP help desk system References: <00f501c3bf82$3afcde10$5356a8c0@CPXPDEV10> Message-ID: <002001c3bf98$0165f860$6400a8c0@thinkpad> I haven't tried it yet (tried everything else under the sun) for osCommerce: http://www.oscommerce.com/community/contributions,936 -snip- * A completely new and updated support ticketing system for use with osc 2.2 * Includes, support for multi admins, multi department, multi status, multi priority, multi langauge * Full ticket management admin consol, with ticket history * Full ticket history on customer side is displayed -snip- - jon ----- Original Message ----- From: Ophir Prusak To: NYPHP Talk Sent: Wednesday, December 10, 2003 8:00 PM Subject: [nycphp-talk] Looking for PHP help desk system Hi all, I'm looking for an open source help desk / support / ticketing system written in PHP. Preferably free, but it doesn't have to be free. We just need to be able to modify it to our needs. Here is a list of features that it would ideally have: 0. Web capture of new tickets. 1. Email capture of new tickets. 2. You can send back replies or the info via email. 3. Customizable ticket workflow. 4. Highly customizable: Categories request types, statuses, etc. 5. Reporting tools and trends: How many requests of type X in past month, etc. 6. Good permissioning system (admin can define who can do what). 7. Internal notes. 8. Sending email and notes to user groups. I checked on sourceforge.net, but was wondering if anyone knows of other alternatives. Thanx, Ophir ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From nyphp at enobrev.com Wed Dec 10 23:26:33 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Wed, 10 Dec 2003 23:26:33 -0500 Subject: [nycphp-talk] Looking for PHP help desk system In-Reply-To: <002001c3bf98$0165f860$6400a8c0@thinkpad> Message-ID: I've built a closed source one for a client a few months back. Has just about all you're asking for except the reporting. Email me off list and I'll give you a tour. Mark _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of jon baer Sent: Wednesday, December 10, 2003 10:37 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Looking for PHP help desk system I haven't tried it yet (tried everything else under the sun) for osCommerce: http://www.oscommerce.com/community/contributions,936 -snip- * A completely new and updated support ticketing system for use with osc 2.2 * Includes, support for multi admins, multi department, multi status, multi priority, multi langauge * Full ticket management admin consol, with ticket history * Full ticket history on customer side is displayed -snip- - jon ----- Original Message ----- From: Ophir Prusak To: NYPHP Talk Sent: Wednesday, December 10, 2003 8:00 PM Subject: [nycphp-talk] Looking for PHP help desk system Hi all, I'm looking for an open source help desk / support / ticketing system written in PHP. Preferably free, but it doesn't have to be free. We just need to be able to modify it to our needs. Here is a list of features that it would ideally have: 0. Web capture of new tickets. 1. Email capture of new tickets. 2. You can send back replies or the info via email. 3. Customizable ticket workflow. 4. Highly customizable: Categories request types, statuses, etc. 5. Reporting tools and trends: How many requests of type X in past month, etc. 6. Good permissioning system (admin can define who can do what). 7. Internal notes. 8. Sending email and notes to user groups. I checked on sourceforge.net, but was wondering if anyone knows of other alternatives. Thanx, Ophir _____ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From wiw at nyc.rr.com Wed Dec 10 23:47:41 2003 From: wiw at nyc.rr.com (Bill Wolf) Date: Wed, 10 Dec 2003 23:47:41 -0500 Subject: [nycphp-talk] looking for mailing list software or service In-Reply-To: <20031211033711.84B15A8794@virtu.nyphp.org> Message-ID: <200312110447.hBB4lhgt007201@nycsmtp3out.rdc-nyc.rr.com> Thanks for the replies Win2K / NT - same basic thing, different version. This server's W2K fwiw. None of the MS backoffice stuff is setup. It has IIS, ASP.net with basic ODBC, MySQL or SQL Server, PHP, CGI - and Qmail with the lists function disabled. I looked at Lyris. It can get very expensive. The commercial version of Topica seems a bit more reasonable at around $225 a year. It's also really friendly. For a different site, I have one of those really cheap $4/month Linux hosts. It has Mailman 2.1 which seems quite extensive - maybe too much so. I've been trying to customize and simplify the screens the end user sees but it's been pretty hard. They don't need to see all of the things related to open discussions, digests, or managing their user options. But even if I get it right the admin piece is still going to be a little confusing for the people maintaining the lists. Ideally I'd like something simpler than Mailmain. More user friendly. And hopefully where I don't have to pay 200 every year. I've seen a lot of other PHP and ASP based list managers on Hotscripts.com. Just wondering if there are any standouts that people here have implemented. Kind regards -Bill -----Original Message----- Message: 2 Date: Wed, 10 Dec 2003 12:46:49 -0500 From: "Tim Gales" Subject: RE: [nycphp-talk] looking for mailing list software or service To: "'NYPHP Talk'" Message-ID: <005a01c3bf45$970f8050$bf8d3818 at oberon1> Content-Type: text/plain; charset="us-ascii" what is the name of the 'mail agent' (on unix it might be 'sendmail') Is it really hosted on NT -- don't you mean Windows 2000 (2003) server? Are you using BackOfficeServer, SmallBusinessServer, Exchange Sever (what release), or what? Also how hard is it to effect changes in the environment (e.g. will you have privileges to make dns record changes or does Interland do it for you -- and how long does it take them) Without more specifics on your environment it is hard to help. However, this link might be of some use: http://www.scriptsearch.com/PHP/Scripts_and_Programs/Mailing_List_Manageme nt/ T. Gales & Associates Helping People Connect with Technology http://www.tgaconnect.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Bill Wolf Sent: Wednesday, December 10, 2003 1:49 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] looking for mailing list software or service I need to setup a simple mailing list for someone. One way, no discussions. Users need to be able to subscribe/unsubscribe themselves. And a relatively easy administration module for adding users and sending mail to be used by novices. The site's host is Interland on an NT account but they do supposedly have PHP access as well as CGI (although ASP would be good too). Any suggestions for either packages that are cheap/free or 3'rd party services that would host the list for them? Thanks -Bill From danielc at analysisandsolutions.com Wed Dec 10 23:58:45 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 10 Dec 2003 23:58:45 -0500 Subject: [nycphp-talk] need help with input type="file" In-Reply-To: <6.0.1.1.2.20031210181352.01b56dd8@mail.optonline.net> References: <6.0.1.1.2.20031210181352.01b56dd8@mail.optonline.net> Message-ID: <20031211045845.GA151@panix.com> Hi Michael: On Wed, Dec 10, 2003 at 06:18:19PM -0500, Michael Southwell wrote: Nasir answered the question regarding where to find the file info. Can I give you some style advice that will garner you better performance and acceptance amongst the larger programming community? * Put a space around the equals sign when doing assignments -- making it more readable. * Put single quotes around the array's keys -- averting PHP having to waste time trying to find a constant named "name" that doesn't exist then having to guess that you mean't the string "name." > $name=$_POST[name]; $name = $_POST['name']; * Finally, don't waste code, execution time or memory by reassigning the post variables. Just use $_POST['name'] where you need it. If you need to use it in a string, put {} around it like this echo "The submitted filename is {$_POST['name']}"; or break it out like this echo 'The submitted filename ' . is {$_POST['name']}; Take note of the single quotes vs the double quotes. Enjoy, --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From keith.richardson at thompsonhealth.com Thu Dec 11 07:34:17 2003 From: keith.richardson at thompsonhealth.com (Keith Richardson) Date: Thu, 11 Dec 2003 07:34:17 -0500 Subject: [nycphp-talk] Looking for PHP help desk system In-Reply-To: <00f501c3bf82$3afcde10$5356a8c0@CPXPDEV10> Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B27D@ffth-exc01.thompsonhealth.org> Here we use Tracksolve - by SI Media. http://www.simedia.com/tracksolve/ it is currently $549.95 for the zend encrypted one, but about in july we bought the developer edition - $1000 for the un-encrypted program. I think its really slick, and works great. We are in the process of implementing it, and adding any new features we feel are necessary to our hospital. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Ophir Prusak Sent: Wednesday, December 10, 2003 8:01 PM To: NYPHP Talk Subject: [nycphp-talk] Looking for PHP help desk system Hi all, I'm looking for an open source help desk / support / ticketing system written in PHP. Preferably free, but it doesn't have to be free. We just need to be able to modify it to our needs. Here is a list of features that it would ideally have: 0. Web capture of new tickets. 1. Email capture of new tickets. 2. You can send back replies or the info via email. 3. Customizable ticket workflow. 4. Highly customizable: Categories request types, statuses, etc. 5. Reporting tools and trends: How many requests of type X in past month, etc. 6. Good permissioning system (admin can define who can do what). 7. Internal notes. 8. Sending email and notes to user groups. I checked on sourceforge.net, but was wondering if anyone knows of other alternatives. Thanx, Ophir From keith.richardson at thompsonhealth.com Thu Dec 11 07:46:42 2003 From: keith.richardson at thompsonhealth.com (Keith Richardson) Date: Thu, 11 Dec 2003 07:46:42 -0500 Subject: [nycphp-talk] configuring image library for php 4.3.2/apache/linux Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B27F@ffth-exc01.thompsonhealth.org> Most of the web servers I have worked on that have been linux have been shared hosting, with all of the php libs included. I just bought a dedicated server from ev1servers.net, and consolidated our sites onto 1 server. I noticed that my image functions were displaying red x's instead of showing graphs. I run the script directly, http://www.replaysx.net/ratingbar.php?rating=0 , and I get: Fatal error: Call to undefined function: imagecreate() in /home/replaysx/public_html/ratingbar.php on line 136 My phpinfo is at http://www.keithjr.net/phpinfo.php The only servers that I configured php for were Mac OS X and Windows 2000 under IIS 5, and all of the functions came compiled with the version that I downloaded for Mac OS X, and you can add extentions in Win2k with the php.ini. I searched for a bit, and I am coming up short on how to add the image library support. Im sure all of you on here have done it multiple times, so I figured that this would be the shortest route to my answer :) thank you all! Keith Richardson www.keithjr.net From tgales at tgaconnect.com Thu Dec 11 08:38:49 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 11 Dec 2003 08:38:49 -0500 Subject: [nycphp-talk] configuring image library for php 4.3.2/apache/linux In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B27F@ffth-exc01.thompsonhealth.org> Message-ID: <007f01c3bfec$1c246480$bf8d3818@oberon1> Keith Richardson writes: "I am coming up short on how to add the image library support" try reading: http://www.boutell.com/gd/ and http://www.boutell.com/gd/faq.html T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From tgales at tgaconnect.com Thu Dec 11 08:47:38 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 11 Dec 2003 08:47:38 -0500 Subject: [nycphp-talk] configuring image library for php 4.3.2/apache/linux In-Reply-To: <007f01c3bfec$1c246480$bf8d3818@oberon1> Message-ID: <008601c3bfed$579012c0$bf8d3818@oberon1> Keith Richardson writes: "I am coming up short on how to add the image library support" also look at: http://www.php.net/~rasmus/gd.html you might want to change the above to something like: 1) download GD 2.0.15 2) untar it (tar zxvf gd-2.0.15.tar.gz) 3) cd to the gd directory (gd/gd-2.0.15) 4) Change the makefile libs to be LIBS=libgd.a -lpng -lz -ljpeg -lfreetype -lm 5) make libgd.a 6) Build PHP using these flags: --with-gd=/home/gd/gd-2.0.15 (or wherrever you put the gd lib) --with-freetype-dir=/usr --enable-gd-native-ttf --enable-gd-imgstrttf --with-jpeg-dir=/usr --with-png-dir=/usr --with-zlib Warning: I never did this but it might work... Good luck. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From Kbedi at inta.org Thu Dec 11 09:52:08 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 11 Dec 2003 09:52:08 -0500 Subject: [nycphp-talk] HTTP Headers Message-ID: I am making a online publication go live which has a lot of accented characters can someone tell me what headers should I use. Also if someone could explain how these headers work and what basically mime types are and what should be the default http headers that I should be using that would be great :-) Thanks in advance Kshitij Bedi Web Administrator International Trademark Association New York, NY USA From csnyder at chxo.com Thu Dec 11 10:17:03 2003 From: csnyder at chxo.com (Chris Snyder) Date: Thu, 11 Dec 2003 10:17:03 -0500 Subject: [nycphp-talk] HTTP Headers In-Reply-To: References: Message-ID: <3FD88A6F.5030209@chxo.com> Welcome to the world of Web Administration. Please see ftp://ftp.isi.edu/in-notes/rfc2616.txt for details. Also, Google for "introduction to http" or "web fundamentals". Good luck! Kshitij Bedi wrote: >I am making a online publication go live which has a lot of accented >characters can someone tell me what headers should I use. >Also if someone could explain how these headers work and what basically mime >types are and what should be the default http headers that I should be using >that would be great :-) > >Thanks in advance > >Kshitij Bedi >Web Administrator >International Trademark Association >New York, NY USA >_______________________________________________ >talk mailing list >talk at lists.nyphp.org >http://lists.nyphp.org/mailman/listinfo/talk > > From cynthia at nemesis2.com Thu Dec 11 11:08:11 2003 From: cynthia at nemesis2.com (Cynthia LaPier) Date: Thu, 11 Dec 2003 11:08:11 -0500 Subject: [nycphp-talk] Looking for PHP help desk system Message-ID: <1071158891.3fd8966bca4ab@nemesis2.com> You can also check this one out: http://ticketlogger.com/ Has some nice features and it uses PHP! Quoting jon baer : > I haven't tried it yet (tried everything else under the sun) for osCommerce: > > http://www.oscommerce.com/community/contributions,936 > > -snip- > * A completely new and updated support ticketing system for use with osc 2.2 > * Includes, support for multi admins, multi department, multi status, multi > priority, multi langauge > * Full ticket management admin consol, with ticket history > * Full ticket history on customer side is displayed > -snip- > > - jon > > ----- Original Message ----- > From: Ophir Prusak > To: NYPHP Talk > Sent: Wednesday, December 10, 2003 8:00 PM > Subject: [nycphp-talk] Looking for PHP help desk system > > > Hi all, > > I'm looking for an open source help desk / support / ticketing system > written in PHP. > Preferably free, but it doesn't have to be free. We just need to be able to > modify it to our needs. > > Here is a list of features that it would ideally have: > > 0. Web capture of new tickets. > 1. Email capture of new tickets. > 2. You can send back replies or the info via email. > 3. Customizable ticket workflow. > 4. Highly customizable: Categories request types, statuses, etc. > 5. Reporting tools and trends: How many requests of type X in past month, > etc. > 6. Good permissioning system (admin can define who can do what). > 7. Internal notes. > 8. Sending email and notes to user groups. > > I checked on sourceforge.net, but was wondering if anyone knows of other > alternatives. > > Thanx, > Ophir > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ From jeffknight at mac.com Thu Dec 11 10:39:04 2003 From: jeffknight at mac.com (PUTAMARE) Date: Thu, 11 Dec 2003 10:39:04 -0500 Subject: [nycphp-talk] configuring image library for php 4.3.2/apache/linux In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B27F@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B27F@ffth-exc01.thompsonhealth.org> Message-ID: <26C0329C-2BF0-11D8-872B-000393B9FB36@mac.com> try this: http://www.onlamp.com/pub/a/php/2003/03/27/php_gd.html On Dec 11, 2003, at 7:46 AM, Keith Richardson wrote: > Most of the web servers I have worked on that have been linux have been > shared hosting, with all of the php libs included. I just bought a > dedicated > server from ev1servers.net, and consolidated our sites onto 1 server. > > I noticed that my image functions were displaying red x's instead of > showing > graphs. I run the script directly, > http://www.replaysx.net/ratingbar.php?rating=0 , and I get: > > Fatal error: Call to undefined function: imagecreate() in > /home/replaysx/public_html/ratingbar.php on line 136 > > My phpinfo is at http://www.keithjr.net/phpinfo.php > > The only servers that I configured php for were Mac OS X and Windows > 2000 > under IIS 5, and all of the functions came compiled with the version > that I > downloaded for Mac OS X, and you can add extentions in Win2k with the > php.ini. > > I searched for a bit, and I am coming up short on how to add the image > library support. Im sure all of you on here have done it multiple > times, so > I figured that this would be the shortest route to my answer :) > > thank you all! > > Keith Richardson > www.keithjr.net > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From dan at mx2pro.com Thu Dec 11 10:55:30 2003 From: dan at mx2pro.com (Dan Horning) Date: Thu, 11 Dec 2003 10:55:30 -0500 Subject: [nycphp-talk] looking for mailing list software or service In-Reply-To: <200312110447.hBB4lhgt007201@nycsmtp3out.rdc-nyc.rr.com> Message-ID: <20031211155534.13841A8799@virtu.nyphp.org> Let me make it a little simpler... If all you need is a simple web interface that emails out to a list that's "one-way" (admin --> user) MyMail --> http://www.CodingClick.com Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office) 1-518-383-7877 (Home) > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Bill Wolf > Sent: Wednesday, December 10, 2003 11:48 PM > To: talk at lists.nyphp.org > Subject: RE: [nycphp-talk] looking for mailing list software or service > > Thanks for the replies > > Win2K / NT - same basic thing, different version. This > server's W2K fwiw. > > None of the MS backoffice stuff is setup. It has IIS, > ASP.net with basic > ODBC, MySQL or SQL Server, PHP, CGI - and Qmail with the > lists function > disabled. > > I looked at Lyris. It can get very expensive. The > commercial version of > Topica seems a bit more reasonable at around $225 a year. > It's also really > friendly. > > For a different site, I have one of those really cheap > $4/month Linux hosts. > It has Mailman 2.1 which seems quite extensive - maybe too > much so. I've > been trying to customize and simplify the screens the end > user sees but it's > been pretty hard. They don't need to see all of the things > related to open > discussions, digests, or managing their user options. But > even if I get it > right the admin piece is still going to be a little confusing > for the people > maintaining the lists. > > Ideally I'd like something simpler than Mailmain. More user > friendly. And > hopefully where I don't have to pay 200 every year. > > I've seen a lot of other PHP and ASP based list managers on > Hotscripts.com. > Just wondering if there are any standouts that people here > have implemented. > > Kind regards > -Bill > > > > -----Original Message----- > > Message: 2 > Date: Wed, 10 Dec 2003 12:46:49 -0500 > From: "Tim Gales" > Subject: RE: [nycphp-talk] looking for mailing list software or service > To: "'NYPHP Talk'" > Message-ID: <005a01c3bf45$970f8050$bf8d3818 at oberon1> > Content-Type: text/plain; charset="us-ascii" > > what is the name of the 'mail agent' > (on unix it might be 'sendmail') > > Is it really hosted on NT -- don't you mean Windows 2000 > (2003) server? > > Are you using BackOfficeServer, SmallBusinessServer, Exchange > Sever (what > release), or what? > > Also how hard is it to effect changes in the environment > (e.g. will you have > privileges to make dns record changes or does Interland do it > for you -- and > how long does it take them) > > Without more specifics on your environment it is hard to help. > > However, this link might be of some use: > http://www.scriptsearch.com/PHP/Scripts_and_Programs/Mailing_L > ist_Manageme > nt/ > > T. Gales & Associates > Helping People Connect with Technology > http://www.tgaconnect.com > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] > On Behalf Of Bill Wolf > Sent: Wednesday, December 10, 2003 1:49 AM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] looking for mailing list software or service > > > I need to setup a simple mailing list for someone. One way, > no discussions. > Users need to be able to subscribe/unsubscribe themselves. > And a relatively easy administration module for adding users > and sending > mail to be used by novices. > > The site's host is Interland on an NT account but they do > supposedly have > PHP access as well as CGI (although ASP would be good too). > Any suggestions > for either packages that are cheap/free or 3'rd party > services that would > host the list for them? > > > Thanks > -Bill > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From dmintz at davidmintz.org Thu Dec 11 11:21:37 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 11 Dec 2003 11:21:37 -0500 (EST) Subject: [nycphp-talk] looking for mailing list software or service In-Reply-To: <20031211155534.13841A8799@virtu.nyphp.org> References: <20031211155534.13841A8799@virtu.nyphp.org> Message-ID: On Thu, 11 Dec 2003, Dan Horning wrote: > Let me make it a little simpler... > If all you need is a simple web interface that emails out to a list that's "one-way" (admin --> user) > > MyMail --> http://www.CodingClick.com > > FWIW -- myabe this will save someone some pain. I've nearly gone nuckin' futs looking for the download itself, and it seems to be here http://www.codingclick.com/MyMail_BETA302.zip according to http://forum.codingclick.com/showthread.php?s=0054f31c687ef3f3493a53ee92ecb379&threadid=733 --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" Sopranos 24:17 From jonbaer at jonbaer.net Thu Dec 11 12:00:29 2003 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 11 Dec 2003 12:00:29 -0500 Subject: [nycphp-talk] Looking for graphical CMS ... Message-ID: <003501c3c008$4802f2d0$6400a8c0@thinkpad> i had tried to create an OO-based graphical CMS where if under certain conditions of who was logged on would give an EditableImage(url) type of deal when the admin clicked the image they would be allowed to replace the image ... unfortunatley some of my javascript failed to work on a Mac ... does anyone know of a similar cross-platform package? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From dmintz at davidmintz.org Thu Dec 11 12:12:31 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 11 Dec 2003 12:12:31 -0500 (EST) Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: References: <20031211155534.13841A8799@virtu.nyphp.org> Message-ID: Basic question. What is/are the recommended strategies for dealing with the lost update problem in a PHP/MySQL application? The scenario I'm thinking of is not the old shirt inventory example which can be solved with relative as opposed to absolute updates. I'm thinking: User1 requests a page containing a form populated by a row of John Customer's data from a table; so does User2. User1 updates John Customer's work phone in the form and User2 updates John Customer's home phone. User1 submits form/updates table, then User2 does likewise, overwriting User1's update. I've done considerable RTFM and I'm conversant with locks, transactions, etc. I'm uncertain about how to put it all together in a web app, i.e., with lots of short-lived independent scripts running in a stateless environment. The possible approaches I can think of are a little cumbersome -- I'll spare you, for the sake of brevity. Any pointers to tutorials, articles etc are appreciated. Thanks. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From sklar at sklar.com Thu Dec 11 12:29:32 2003 From: sklar at sklar.com (David Sklar) Date: Thu, 11 Dec 2003 12:29:32 -0500 Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: Message-ID: On Thursday, December 11, 2003 12:13 PM, wrote: > Basic question. What is/are the recommended strategies for dealing > with the lost update problem in a PHP/MySQL application? The scenario > I'm thinking of is not the old shirt inventory example which can be > solved with relative as opposed to absolute updates. I'm thinking: > User1 requests a page containing a form populated by a row of John > Customer's data from a table; so does User2. User1 updates John > Customer's work phone in the form and User2 updates John Customer's > home phone. User1 submits form/updates table, then User2 does > likewise, overwriting User1's update. 1. Include a "last_update" column in the table. This can be a timestamp or just a monotonically increasing integer that changes with each update. 2. When you read the record and display the form, include the last_update value as a hidden field in the form.* 3. When the form is submitted, check to see that the last_update value submitted with the form is the same as the value in the database before updating.** 4. If the values don't match, take some application-appropriate behavior, like silently overwriting with the new data; re-presenting the form to the user with fields highlighted that have changed; etc. 5. If the values do match, then save the data, including a new value for the last_update column. * You may want to obfuscate or encrypt the value when you include it in the form to discourage tampering. ** Obviously, you need to read the last_update value and have your UPDATE occur with no other updates sneaking in between them. If you're using InnoDB tables, use a transaction, otherwise, lock the table for writing before you read the last_update value and then unlock it after you either write the new data or decide that you can't write because it's changed. David From Kbedi at inta.org Thu Dec 11 12:44:48 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 11 Dec 2003 12:44:48 -0500 Subject: [nycphp-talk] Character Sets Message-ID: Which one is better to use and why or From eric.cogswell at innlink.com Thu Dec 11 12:42:22 2003 From: eric.cogswell at innlink.com (Cogswell, Eric) Date: Thu, 11 Dec 2003 11:42:22 -0600 Subject: [nycphp-talk] MySQL concurrency 101 Message-ID: I ran into the same problem not too long ago. Solved it by sending in the "old" field values along with the actual form values entered by the user. And so on. Then, when you receive the form, check the user-entered value against the "old" value. If they are different, then save the new value to the db, otherwise don't touch it. Basically, you only update the information that was changed by the user. If user1 updates the home phone number and user2 updates the work phone number, their repsective data will not be overwritten by the other because it wasn't changed on their form. It seems to be working pretty well for me so far. -Eric -----Original Message----- From: David Mintz [mailto:dmintz at davidmintz.org] Sent: Thursday, December 11, 2003 11:13 AM To: NYPHP Talk Subject: [nycphp-talk] MySQL concurrency 101 Basic question. What is/are the recommended strategies for dealing with the lost update problem in a PHP/MySQL application? The scenario I'm thinking of is not the old shirt inventory example which can be solved with relative as opposed to absolute updates. I'm thinking: User1 requests a page containing a form populated by a row of John Customer's data from a table; so does User2. User1 updates John Customer's work phone in the form and User2 updates John Customer's home phone. User1 submits form/updates table, then User2 does likewise, overwriting User1's update. I've done considerable RTFM and I'm conversant with locks, transactions, etc. I'm uncertain about how to put it all together in a web app, i.e., with lots of short-lived independent scripts running in a stateless environment. The possible approaches I can think of are a little cumbersome -- I'll spare you, for the sake of brevity. Any pointers to tutorials, articles etc are appreciated. Thanks. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Thu Dec 11 12:44:29 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 11 Dec 2003 12:44:29 -0500 Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: Message-ID: <008901c3c00e$6e3ad390$bf8d3818@oberon1> David Sklar writes: "...Include a "last_update" column in the table. This can be a timestamp or just a monotonically increasing integer that changes with each update..." As a footnote if you go the timestamp route: "When MySQL is running in MAXDB mode, TIMESTAMP behaves like DATETIME. No automatic updating of TIMESTAMP columns occurs, as described in the following paragraphs. MySQL can be run in MAXDB mode as of version 4.1.1. See section 4.1.1 mysqld Command-line Options." http://www.mysql.com/doc/en/DATETIME.html also you might try searching on optimistic concurrent lock(ing) or 'dirty reads' for more background info. here's something that might be of value: http://www.mysql.com/documentation/maxdb/65/dd6525ed951542936005e01e2b489e /content.htm The optimistic lock, like the name implies, figures the record in question is probably not being accessed -- then at the last moment makes sure somehow that the data hasn't been altered. HTH T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From dmintz at davidmintz.org Thu Dec 11 12:46:24 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 11 Dec 2003 12:46:24 -0500 (EST) Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: References: Message-ID: On Thu, 11 Dec 2003, David Sklar wrote: > On Thursday, December 11, 2003 12:13 PM, wrote: > > > Basic question. What is/are the recommended strategies for dealing > > with the lost update problem in a PHP/MySQL application? > 1. Include a "last_update" column in the table. This can be a timestamp or > just a monotonically increasing integer that changes with each update. > > 2. When you read the record and display the form, include the last_update > value as a hidden field in the form.* > > 3. When the form is submitted, check to see that the last_update value > submitted with the form is the same as the value in the database before > updating.** > > 4. If the values don't match, take some application-appropriate behavior, > like silently overwriting with the new data; re-presenting the form to the > user with fields highlighted that have changed; etc. > > 5. If the values do match, then save the data, including a new value for the > last_update column. I thank you sir. This sounds sound. I read/heard about this technique someplace before but I think I was thinking, yeah but what if two users SELECT the same data simultaneously. Answer: not your problem. If they both try to write one of them will just have to suffer a little inconvenience, for data integrity's sake. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From dmintz at davidmintz.org Thu Dec 11 12:48:49 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 11 Dec 2003 12:48:49 -0500 (EST) Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: References: Message-ID: On Thu, 11 Dec 2003, Cogswell, Eric wrote: > I ran into the same problem not too long ago. Solved it by sending in > the "old" field values along with the actual form values entered by the > user. > > > > > > > I thought about that -- even done something like that when I wanted to avoided needless UPDATE statements. But I had that filed in the category of "too cumbersome" (-: --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From sklar at sklar.com Thu Dec 11 12:55:01 2003 From: sklar at sklar.com (David Sklar) Date: Thu, 11 Dec 2003 12:55:01 -0500 Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: Message-ID: > yeah but what if two > users SELECT the same data simultaneously. Answer: not your problem. > If they both try to write one of them will just have to suffer a > little inconvenience, for data integrity's sake. Depending on how much work you want to do to prevent users from having to do some work, you can eliminate the user inconvenience in certain circumstances. For example, if the two users have relative permissions or roles where it makes sense for one of them to overwrite the others' changes, then you don't have to re-prompt. Or, if both users updates can be mutually compatible, then you can save both of them with no changes. If both users have edited a text field, you can behave like CVS -- use diff to see if the users have made changes only to non-intersecting parts of the text field and if so, silently save both sets of changes. However, in practice, the "little inconvenience" that users may suffer in this situation is usually a good thing. Simultaneous conflicting alteration of data by two people probably means there is a workflow or business problem with human communication and human organization -- so if your application highlights it, the humans involved can work to fix it. ("Oh, you're handling the updates for the customers that live in Connecticut? I though I was supposed to be doing those."). David From tgales at tgaconnect.com Thu Dec 11 13:05:42 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 11 Dec 2003 13:05:42 -0500 Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: <008901c3c00e$6e3ad390$bf8d3818@oberon1> Message-ID: <008c01c3c011$65680a00$bf8d3818@oberon1> "The optimistic lock, " should have been "An optimistic locking technique," Tim G. From dmintz at davidmintz.org Thu Dec 11 14:04:20 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 11 Dec 2003 14:04:20 -0500 (EST) Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: References: Message-ID: On Thu, 11 Dec 2003, David Sklar wrote: > > Or, if both users updates can be mutually compatible, then you can save both > of them with no changes. If both users have edited a text field, you can > behave like CVS -- use diff to see if the users have made changes only to > non-intersecting parts of the text field and if so, silently save both sets > of changes. Ooh, now that's got class! my my my I do like this talk at lists.nyphp.org (-: --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From sklar at sklar.com Thu Dec 11 16:37:04 2003 From: sklar at sklar.com (David Sklar) Date: Thu, 11 Dec 2003 16:37:04 -0500 Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: Message-ID: On Thursday, December 11, 2003 2:04 PM, wrote: > On Thu, 11 Dec 2003, David Sklar wrote: > >> >> Or, if both users updates can be mutually compatible, then you can >> save both of them with no changes. If both users have edited a text >> field, you can behave like CVS -- use diff to see if the users have >> made changes only to non-intersecting parts of the text field and if >> so, silently save both sets of changes. > > > Ooh, now that's got class! If you want to be *really* classy, poke around in the source to diff: --> ftp://ftp.gnu.org/pub/gnu/diffutils/diffutils-2.8.1.tar.gz And then add a function to PHP to do this without calling an external program...! > my my my I do like this talk at lists.nyphp.org > > (-: :) David From adam at trachtenberg.com Thu Dec 11 16:44:10 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Thu, 11 Dec 2003 16:44:10 -0500 (EST) Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: References: Message-ID: On Thu, 11 Dec 2003, David Sklar wrote: > > Ooh, now that's got class! > > If you want to be *really* classy, poke around in the source to diff: > --> ftp://ftp.gnu.org/pub/gnu/diffutils/diffutils-2.8.1.tar.gz > > And then add a function to PHP to do this without calling an external > program...! It would be even cooler to write a UDF to do this automagically. I wonder if that's possible. Sounds like a fun hack. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From sklar at sklar.com Thu Dec 11 16:59:04 2003 From: sklar at sklar.com (David Sklar) Date: Thu, 11 Dec 2003 16:59:04 -0500 Subject: [nycphp-talk] MySQL concurrency 101 In-Reply-To: Message-ID: >>> Ooh, now that's got class! >> >> If you want to be *really* classy, poke around in the source to diff: >> --> ftp://ftp.gnu.org/pub/gnu/diffutils/diffutils-2.8.1.tar.gz >> >> And then add a function to PHP to do this without calling an external >> program...! > > It would be even cooler to write a UDF to do this automagically. I > wonder if that's possible. AFAIK, UDFs can't (or, more specifically, shouldn't) access data other than the specific arguments they're passed. So I think the answer is no. You definitely can't, from within a UDF, begin a transaction or table lock that applies retroactively to include the current query that fired off the UDF. > Sounds like a fun hack. Absolutely, either way (PHP or MySQL) David From jmusil at villagevoice.com Thu Dec 11 18:24:06 2003 From: jmusil at villagevoice.com (Jim Musil) Date: Thu, 11 Dec 2003 18:24:06 -0500 Subject: [nycphp-talk] Open Source Helpdesk Message-ID: I'm looking for recommendations for a simple helpdesk application that runs on PHP/mySQL. -- James Musil Senior Developer Village Voice Media 36 Cooper Square New York, NY 10003 (212) 475-3300 ext 14003 JMusil at villagevoice.com From jsiegel1 at optonline.net Thu Dec 11 20:02:11 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 11 Dec 2003 20:02:11 -0500 Subject: [nycphp-talk] Headers problem/Firebird Message-ID: <3FD91393.7080706@optonline.net> Just wondering why the headers below work well with IE but not with Firebird. While in both cases they prompt the user to save a file to disk, in the case of Firebird it tries to save the file (named partslist.csv) with a "php" extension. Header("Content-type: text/csv\n"); Header("Content-Disposition: attachment; filename=\"$sFileName\""); Header("Pragma: no-cache"); Header("Expires: 0"); Jeff Siegel From lists at ny-tech.net Thu Dec 11 20:46:08 2003 From: lists at ny-tech.net (Nasir Zubair) Date: Thu, 11 Dec 2003 20:46:08 -0500 Subject: [nycphp-talk] Headers problem/Firebird In-Reply-To: <3FD91393.7080706@optonline.net> Message-ID: <000001c3c051$b8461330$6401a8c0@main> Try text/plain instead. I have a script that uses that same headers with but the content-type used it text/plain and it seems to be working pretty good, even in FB. > -----Original Message----- > From: Jeff Siegel [mailto:jsiegel1 at optonline.net] > Sent: Thursday, December 11, 2003 8:02 PM > To: NYPHP Talk > Subject: [nycphp-talk] Headers problem/Firebird > > > Just wondering why the headers below work well with IE but not with > Firebird. While in both cases they prompt the user to save a file to > disk, in the case of Firebird it tries to save the file (named > partslist.csv) with a "php" extension. > > > Header("Content-type: text/csv\n"); > Header("Content-Disposition: attachment; > filename=\"$sFileName\""); > > Header("Pragma: no-cache"); > Header("Expires: 0"); > > Jeff Siegel > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > From felix at students.poly.edu Thu Dec 11 21:00:02 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Thu, 11 Dec 2003 21:00:02 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? Message-ID: <20031211210002.21ad9a36.felix@students.poly.edu> I was wondering what people find most convinient for to do this ? Do you use just php sessions with few own helper functions, PEAR::Auth,other library, or completely homegrown ? I personaly find php sessions a bit aukward to use because of the a bit none-intuative api that it has. Felix From nyphp at enobrev.com Thu Dec 11 21:45:21 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Thu, 11 Dec 2003 21:45:21 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <20031211210002.21ad9a36.felix@students.poly.edu> Message-ID: I'm actaully also interested as I'm in the process of rebuilding my login class to fit a larger scheme of control and some better security options. I'd originally learned a lot about php authentication through sites as well as PAT's patUser class (http://www.php-tools.de/site.php?file=patUser/overview.xml), which is one of the better one's I've personally read over. Mark -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy Sent: Thursday, December 11, 2003 9:00 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? I was wondering what people find most convinient for to do this ? Do you use just php sessions with few own helper functions, PEAR::Auth,other library, or completely homegrown ? I personaly find php sessions a bit aukward to use because of the a bit none-intuative api that it has. Felix _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dmintz at davidmintz.org Thu Dec 11 22:16:52 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 11 Dec 2003 22:16:52 -0500 (EST) Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <20031211210002.21ad9a36.felix@students.poly.edu> References: <20031211210002.21ad9a36.felix@students.poly.edu> Message-ID: On Thu, 11 Dec 2003, felix zaslavskiy wrote: > I was wondering what people find most convinient for to do this ? > Do you use just php sessions with few own helper functions, > PEAR::Auth,other library, or completely homegrown ? I've been known to roll my own but it sucked and isn't recommended (-: Ask Hans about pauth (yo Hans!) -- which btw I started looking at and didn't quite grok it, then my attention got diverted away. I've also been playing a bit with PEAR::Auth, which after much research (read: asking people here) I think is probably Good Enough but the documentation is sparse (though not as sparse as in some PEAR packages). Then I got interested in PhpDocumentor because although scrolling through the source of PEAR::Auth might be enlightening, I wanted *documentation*. PhpDocumentor worked great on my Linux box, seems broken on my Win2k -- but I digress. PEAR::Auth certainly gets you started quickly & painlessly. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From felix at students.poly.edu Thu Dec 11 22:44:11 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Thu, 11 Dec 2003 22:44:11 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: References: <20031211210002.21ad9a36.felix@students.poly.edu> Message-ID: <20031211224411.5913afbf.felix@students.poly.edu> > I'm actaully also interested as I'm in the process of rebuilding my login > class to fit a larger scheme of control and some better security options. What do you mean by larger scheme of control ? > I'd originally learned a lot about php authentication through sites as well > as PAT's patUser class > (http://www.php-tools.de/site.php?file=patUser/overview.xml), I took a look at it and its very well writen. I like and dont like some things arount it because. > which is one > of the better one's I've personally read over. > > Mark > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of felix zaslavskiy > Sent: Thursday, December 11, 2003 9:00 PM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > I was wondering what people find most convinient for to do this ? Do you use > just php sessions with few own helper functions, PEAR::Auth,other library, > or completely homegrown ? > > I personaly find php sessions a bit aukward to use because of the a bit > none-intuative api that it has. > > Felix > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at enobrev.com Thu Dec 11 23:05:56 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Thu, 11 Dec 2003 23:05:56 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <20031211224411.5913afbf.felix@students.poly.edu> Message-ID: Yeah, I'm not 100% behind their implementation, but it touches on quite a bit, and actaully a fun read in comparison to a good dea lof code I run into. BY control I meant by adding permissions and group control to my current class, rather than just logged in / not and basic session management. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy Sent: Thursday, December 11, 2003 10:44 PM To: NYPHP Talk Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > I'm actaully also interested as I'm in the process of rebuilding my > login class to fit a larger scheme of control and some better security options. What do you mean by larger scheme of control ? > I'd originally learned a lot about php authentication through sites as > well as PAT's patUser class > (http://www.php-tools.de/site.php?file=patUser/overview.xml), I took a look at it and its very well writen. I like and dont like some things arount it because. > which is one > of the better one's I've personally read over. > > Mark > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy > Sent: Thursday, December 11, 2003 9:00 PM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > I was wondering what people find most convinient for to do this ? Do > you use just php sessions with few own helper functions, > PEAR::Auth,other library, or completely homegrown ? > > I personaly find php sessions a bit aukward to use because of the a > bit none-intuative api that it has. > > Felix > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From felix at students.poly.edu Thu Dec 11 23:45:21 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Thu, 11 Dec 2003 23:45:21 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: References: <20031211224411.5913afbf.felix@students.poly.edu> Message-ID: <20031211234521.13255989.felix@students.poly.edu> I was thinkig in terms of general security functions we have Authentication and Access Controls. The system has to store representations of users identities. Groups are also representations of users because they users who represent many users. The function of authentication is for users from outside the system to prove who they are. On the other Access Controls is a function that is separate from Authentication. System can store the rules for access controls as permissions. Would it not make sence to place those two functions in two separate modules or libraries instead of bunching it all in one place? On Thu, 11 Dec 2003 23:05:56 -0500 "Mark Armendariz" wrote: > Yeah, I'm not 100% behind their implementation, but it touches on quite a > bit, and actaully a fun read in comparison to a good dea lof code I run > into. BY control I meant by adding permissions and group control to my > current class, rather than just logged in / not and basic session > management. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of felix zaslavskiy > Sent: Thursday, December 11, 2003 10:44 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > > > I'm actaully also interested as I'm in the process of rebuilding my > > login class to fit a larger scheme of control and some better security > options. > What do you mean by larger scheme of control ? > > > > I'd originally learned a lot about php authentication through sites as > > well as PAT's patUser class > > (http://www.php-tools.de/site.php?file=patUser/overview.xml), > > I took a look at it and its very well writen. I like and dont like some > things arount it because. > > > which is one > > of the better one's I've personally read over. > > > > Mark > > > > -----Original Message----- > > From: talk-bounces at lists.nyphp.org > > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy > > Sent: Thursday, December 11, 2003 9:00 PM > > To: talk at lists.nyphp.org > > Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > > > I was wondering what people find most convinient for to do this ? Do > > you use just php sessions with few own helper functions, > > PEAR::Auth,other library, or completely homegrown ? > > > > I personaly find php sessions a bit aukward to use because of the a > > bit none-intuative api that it has. > > > > Felix > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at enobrev.com Fri Dec 12 01:08:29 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 12 Dec 2003 01:08:29 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <20031211234521.13255989.felix@students.poly.edu> Message-ID: You make a good point. I guess the reason they seem to have come together in my mind is a current job for instance. Where I have user groups who are allowed to log into site a and some into site b and some who can log into both. And THEN they are allowed more detailed permissions within the sites. I wouldn't have an issue using 2 libraries by any means but they seem as if they would access similar funtionality, as well as the same data. Maybe I could have them bot hextend a user class of sorts (althouhg I'm still questioning if I want to use DAO classes, vs. sql in the classes. On a similar note, do you know of any good examples of an access control class? I have some ideas of how I might do it, but no need to recreate the wheel, if at least while planning as im anal about writing my own stuff. Mark -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy Sent: Thursday, December 11, 2003 11:45 PM To: NYPHP Talk Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? I was thinkig in terms of general security functions we have Authentication and Access Controls. The system has to store representations of users identities. Groups are also representations of users because they users who represent many users. The function of authentication is for users from outside the system to prove who they are. On the other Access Controls is a function that is separate from Authentication. System can store the rules for access controls as permissions. Would it not make sence to place those two functions in two separate modules or libraries instead of bunching it all in one place? On Thu, 11 Dec 2003 23:05:56 -0500 "Mark Armendariz" wrote: > Yeah, I'm not 100% behind their implementation, but it touches on > quite a bit, and actaully a fun read in comparison to a good dea lof > code I run into. BY control I meant by adding permissions and group > control to my current class, rather than just logged in / not and > basic session management. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy > Sent: Thursday, December 11, 2003 10:44 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > > > I'm actaully also interested as I'm in the process of rebuilding my > > login class to fit a larger scheme of control and some better > > security > options. > What do you mean by larger scheme of control ? > > > > I'd originally learned a lot about php authentication through sites > > as well as PAT's patUser class > > (http://www.php-tools.de/site.php?file=patUser/overview.xml), > > I took a look at it and its very well writen. I like and dont like > some things arount it because. > > > which is one > > of the better one's I've personally read over. > > > > Mark > > > > -----Original Message----- > > From: talk-bounces at lists.nyphp.org > > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy > > Sent: Thursday, December 11, 2003 9:00 PM > > To: talk at lists.nyphp.org > > Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > > > I was wondering what people find most convinient for to do this ? Do > > you use just php sessions with few own helper functions, > > PEAR::Auth,other library, or completely homegrown ? > > > > I personaly find php sessions a bit aukward to use because of the a > > bit none-intuative api that it has. > > > > Felix > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Fri Dec 12 06:35:37 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 12 Dec 2003 06:35:37 -0500 Subject: [nycphp-talk] Headers problem/Firebird In-Reply-To: <000001c3c051$b8461330$6401a8c0@main> References: <000001c3c051$b8461330$6401a8c0@main> Message-ID: <3FD9A809.5050906@optonline.net> Hmmmm...it still wants to save it as a php file but even with the suggested change. Jeff Nasir Zubair wrote: > Try text/plain instead. I have a script that uses that same headers with > but the content-type used it text/plain and it seems to be working pretty > good, even in FB. > > > >>-----Original Message----- >>From: Jeff Siegel [mailto:jsiegel1 at optonline.net] >>Sent: Thursday, December 11, 2003 8:02 PM >>To: NYPHP Talk >>Subject: [nycphp-talk] Headers problem/Firebird >> >> >>Just wondering why the headers below work well with IE but not with >>Firebird. While in both cases they prompt the user to save a file to >>disk, in the case of Firebird it tries to save the file (named >>partslist.csv) with a "php" extension. >> >> >> Header("Content-type: text/csv\n"); >> Header("Content-Disposition: attachment; >>filename=\"$sFileName\""); >> >> Header("Pragma: no-cache"); >> Header("Expires: 0"); >> >>Jeff Siegel >> >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk >> >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From keith.richardson at thompsonhealth.com Fri Dec 12 07:34:25 2003 From: keith.richardson at thompsonhealth.com (Keith Richardson) Date: Fri, 12 Dec 2003 07:34:25 -0500 Subject: [nycphp-talk] Headers problem/Firebird In-Reply-To: <3FD91393.7080706@optonline.net> Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B280@ffth-exc01.thompsonhealth.org> to force a download for a warcraft 3 replay file through my download script I use: header("Content-type: application/force-download"); header("Content-Disposition: filename=\"".$replayid." - $filename\""); $path = "/home/war3com/public_html/replays/files/".$replayid.".w3g"; $fp = fopen($path, 'r'); fpassthru($fp); fclose($fp); This seems to always force a download, and I read that it will force it no matter what extention it is. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel Sent: Thursday, December 11, 2003 8:02 PM To: NYPHP Talk Subject: [nycphp-talk] Headers problem/Firebird Just wondering why the headers below work well with IE but not with Firebird. While in both cases they prompt the user to save a file to disk, in the case of Firebird it tries to save the file (named partslist.csv) with a "php" extension. Header("Content-type: text/csv\n"); Header("Content-Disposition: attachment; filename=\"$sFileName\""); Header("Pragma: no-cache"); Header("Expires: 0"); Jeff Siegel _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Fri Dec 12 08:06:21 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 12 Dec 2003 08:06:21 -0500 Subject: [nycphp-talk] Headers problem/Firebird In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B280@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B280@ffth-exc01.thompsonhealth.org> Message-ID: <3FD9BD4D.3070900@optonline.net> Firebird is not having a problem with getting the file to download. The interesting thing is that Firebird insists on adding a "php" extension to the file name when the user is prompted to save the file to disk. Jeff Keith Richardson wrote: > to force a download for a warcraft 3 replay file through my download script > I use: > > header("Content-type: application/force-download"); > header("Content-Disposition: filename=\"".$replayid." - $filename\""); > $path = "/home/war3com/public_html/replays/files/".$replayid.".w3g"; > $fp = fopen($path, 'r'); > fpassthru($fp); > fclose($fp); > > This seems to always force a download, and I read that it will force it no > matter what extention it is. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel > Sent: Thursday, December 11, 2003 8:02 PM > To: NYPHP Talk > Subject: [nycphp-talk] Headers problem/Firebird > > > Just wondering why the headers below work well with IE but not with > Firebird. While in both cases they prompt the user to save a file to > disk, in the case of Firebird it tries to save the file (named > partslist.csv) with a "php" extension. > > > Header("Content-type: text/csv\n"); > Header("Content-Disposition: attachment; filename=\"$sFileName\""); > > Header("Pragma: no-cache"); > Header("Expires: 0"); > > Jeff Siegel > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From keith.richardson at thompsonhealth.com Fri Dec 12 08:29:43 2003 From: keith.richardson at thompsonhealth.com (Keith Richardson) Date: Fri, 12 Dec 2003 08:29:43 -0500 Subject: [nycphp-talk] Headers problem/Firebird In-Reply-To: <3FD9BD4D.3070900@optonline.net> Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B282@ffth-exc01.thompsonhealth.org> I had a problem with the beta versions of Safari - it was always saving it as the name of the download script by default, not the filename sent. maybe its some sort of problem like that? apple ended up fixing it in their final release. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel Sent: Friday, December 12, 2003 8:06 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Headers problem/Firebird Firebird is not having a problem with getting the file to download. The interesting thing is that Firebird insists on adding a "php" extension to the file name when the user is prompted to save the file to disk. Jeff Keith Richardson wrote: > to force a download for a warcraft 3 replay file through my download script > I use: > > header("Content-type: application/force-download"); > header("Content-Disposition: filename=\"".$replayid." - $filename\""); > $path = "/home/war3com/public_html/replays/files/".$replayid.".w3g"; > $fp = fopen($path, 'r'); > fpassthru($fp); > fclose($fp); > > This seems to always force a download, and I read that it will force it no > matter what extention it is. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel > Sent: Thursday, December 11, 2003 8:02 PM > To: NYPHP Talk > Subject: [nycphp-talk] Headers problem/Firebird > > > Just wondering why the headers below work well with IE but not with > Firebird. While in both cases they prompt the user to save a file to > disk, in the case of Firebird it tries to save the file (named > partslist.csv) with a "php" extension. > > > Header("Content-type: text/csv\n"); > Header("Content-Disposition: attachment; filename=\"$sFileName\""); > > Header("Pragma: no-cache"); > Header("Expires: 0"); > > Jeff Siegel > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Fri Dec 12 08:39:59 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 12 Dec 2003 08:39:59 -0500 Subject: [nycphp-talk] Headers problem/Firebird In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B282@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B282@ffth-exc01.thompsonhealth.org> Message-ID: <3FD9C52F.1050407@optonline.net> Quite honestly, it's not a big problem since my client doesn't use Firebird and downloads are only down by the website admin who uses IE. Jeff Keith Richardson wrote: > I had a problem with the beta versions of Safari - it was always saving it > as the name of the download script by default, not the filename sent. maybe > its some sort of problem like that? apple ended up fixing it in their final > release. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel > Sent: Friday, December 12, 2003 8:06 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Headers problem/Firebird > > > Firebird is not having a problem with getting the file to download. The > interesting thing is that Firebird insists on adding a "php" extension > to the file name when the user is prompted to save the file to disk. > > Jeff > > Keith Richardson wrote: > > >>to force a download for a warcraft 3 replay file through my download > > script > >>I use: >> >> header("Content-type: application/force-download"); >> header("Content-Disposition: filename=\"".$replayid." - $filename\""); >> $path = "/home/war3com/public_html/replays/files/".$replayid.".w3g"; >> $fp = fopen($path, 'r'); >> fpassthru($fp); >> fclose($fp); >> >>This seems to always force a download, and I read that it will force it no >>matter what extention it is. >> >>-----Original Message----- >>From: talk-bounces at lists.nyphp.org >>[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel >>Sent: Thursday, December 11, 2003 8:02 PM >>To: NYPHP Talk >>Subject: [nycphp-talk] Headers problem/Firebird >> >> >>Just wondering why the headers below work well with IE but not with >>Firebird. While in both cases they prompt the user to save a file to >>disk, in the case of Firebird it tries to save the file (named >>partslist.csv) with a "php" extension. >> >> >> Header("Content-type: text/csv\n"); >> Header("Content-Disposition: attachment; filename=\"$sFileName\""); >> >> Header("Pragma: no-cache"); >> Header("Expires: 0"); >> >>Jeff Siegel >> >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> > > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From lists at prusak.com Fri Dec 12 09:21:31 2003 From: lists at prusak.com (Ophir Prusak) Date: Fri, 12 Dec 2003 09:21:31 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? References: Message-ID: <00a601c3c0bb$3db64a80$5356a8c0@CPXPDEV10> I haven't played with it yet, but this looks interesting: http://phpgacl.sourceforge.net/ ----- Original Message ----- From: "Mark Armendariz" To: "'NYPHP Talk'" Sent: Friday, December 12, 2003 1:08 AM Subject: RE: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > You make a good point. I guess the reason they seem to have come together > in my mind is a current job for instance. Where I have user groups who are > allowed to log into site a and some into site b and some who can log into > both. And THEN they are allowed more detailed permissions within the sites. > I wouldn't have an issue using 2 libraries by any means but they seem as if > they would access similar funtionality, as well as the same data. Maybe I > could have them bot hextend a user class of sorts (althouhg I'm still > questioning if I want to use DAO classes, vs. sql in the classes. > > On a similar note, do you know of any good examples of an access control > class? I have some ideas of how I might do it, but no need to recreate the > wheel, if at least while planning as im anal about writing my own stuff. > > Mark > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of felix zaslavskiy > Sent: Thursday, December 11, 2003 11:45 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > I was thinkig in terms of general security functions we have Authentication > and Access Controls. The system has to store representations of users > identities. Groups are also representations of users because they users who > represent many users. The function of authentication is for users from > outside the system to prove who they are. On the other Access Controls is a > function that is separate from Authentication. System can store the rules > for access controls as permissions. Would it not make sence to place those > two functions in two separate modules or libraries instead of bunching it > all in one place? > > On Thu, 11 Dec 2003 23:05:56 -0500 > "Mark Armendariz" wrote: > > > Yeah, I'm not 100% behind their implementation, but it touches on > > quite a bit, and actaully a fun read in comparison to a good dea lof > > code I run into. BY control I meant by adding permissions and group > > control to my current class, rather than just logged in / not and > > basic session management. > > > > -----Original Message----- > > From: talk-bounces at lists.nyphp.org > > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy > > Sent: Thursday, December 11, 2003 10:44 PM > > To: NYPHP Talk > > Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > > > > > > I'm actaully also interested as I'm in the process of rebuilding my > > > login class to fit a larger scheme of control and some better > > > security > > options. > > What do you mean by larger scheme of control ? > > > > > > > I'd originally learned a lot about php authentication through sites > > > as well as PAT's patUser class > > > (http://www.php-tools.de/site.php?file=patUser/overview.xml), > > > > I took a look at it and its very well writen. I like and dont like > > some things arount it because. > > > > > which is one > > > of the better one's I've personally read over. > > > > > > Mark > > > > > > -----Original Message----- > > > From: talk-bounces at lists.nyphp.org > > > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy > > > Sent: Thursday, December 11, 2003 9:00 PM > > > To: talk at lists.nyphp.org > > > Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > > > > > I was wondering what people find most convinient for to do this ? Do > > > you use just php sessions with few own helper functions, > > > PEAR::Auth,other library, or completely homegrown ? > > > > > > I personaly find php sessions a bit aukward to use because of the a > > > bit none-intuative api that it has. > > > > > > Felix > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > > > > > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From enunez at tiaa-cref.org Fri Dec 12 12:36:34 2003 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Fri, 12 Dec 2003 12:36:34 -0500 Subject: [nycphp-talk] Need help with JS Message-ID: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9DCE@msxnyusr01.msx.ops.tiaa-cref.org> Gotta love Javascript... I have been trying to figure out for last 2 hours and good part of yesterday how to measure the amount of scrolling you've done on a browser window. I know about the event object, it doesn't doesn't have any properties that indicate how many pixels you've scrolled nor does it indicate if you scrolled up or down. I know I could just capture keypresses and figure it out but looking for a clean solution, capturing keypresses seems too much like a work-around. Sorry for OT...Thanks... -Eddy ************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From joshmccormack at travelersdiary.com Fri Dec 12 13:05:49 2003 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Fri, 12 Dec 2003 12:05:49 -0600 (CST) Subject: [nycphp-talk] Need help with JS In-Reply-To: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9DCE@msxnyusr01.msx.ops.tiaa-cref.org> Message-ID: On Fri, 12 Dec 2003, Nunez, Eddy wrote: > > Gotta love Javascript... > I have been trying to figure out for last 2 hours and good part of yesterday > how to measure the amount of scrolling you've done on a browser window. > > I know about the event object, it doesn't doesn't have any properties that > indicate how many pixels you've scrolled nor does it indicate if you > scrolled > up or down. > > I know I could just capture keypresses and figure it out but looking for a > clean solution, capturing keypresses seems too much like a work-around. > > Sorry for OT...Thanks... > > -Eddy http://codepunk.hardwar.org.uk/ajs02.htm "This tutorial will show you how to detect how far down or across a page a viewer has scrolled." http://www.dithered.com/javascript/window_properties/index.html "Description Retrieving the dimensions of a window or how far a window has been scrolled requires looking at a different property in all the major browsers. This script creates one function for each quantity to simplify the process." Hope that helps. Josh From nyphp at enobrev.com Fri Dec 12 14:49:23 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 12 Dec 2003 14:49:23 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <00a601c3c0bb$3db64a80$5356a8c0@CPXPDEV10> Message-ID: Just finished reading through phpgacl doc. Pretty well written, (esp. if your'e a star wars fan). It seems they include system login as a permission as well, although I see how the actual login stuff (session mngmnt, user query / matching etc) can very well be it's own entity. I've still y t to page through the code, btu the doc is very enlightening on Access Control in general. Thanks for the link! Mark -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Ophir Prusak Sent: Friday, December 12, 2003 9:22 AM To: NYPHP Talk Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? I haven't played with it yet, but this looks interesting: http://phpgacl.sourceforge.net/ ----- Original Message ----- From: "Mark Armendariz" To: "'NYPHP Talk'" Sent: Friday, December 12, 2003 1:08 AM Subject: RE: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > You make a good point. I guess the reason they seem to have come together > in my mind is a current job for instance. Where I have user groups who are > allowed to log into site a and some into site b and some who can log into > both. And THEN they are allowed more detailed permissions within the sites. > I wouldn't have an issue using 2 libraries by any means but they seem as if > they would access similar funtionality, as well as the same data. Maybe I > could have them bot hextend a user class of sorts (althouhg I'm still > questioning if I want to use DAO classes, vs. sql in the classes. > > On a similar note, do you know of any good examples of an access control > class? I have some ideas of how I might do it, but no need to recreate the > wheel, if at least while planning as im anal about writing my own stuff. > > Mark > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of felix zaslavskiy > Sent: Thursday, December 11, 2003 11:45 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > I was thinkig in terms of general security functions we have Authentication > and Access Controls. The system has to store representations of users > identities. Groups are also representations of users because they users who > represent many users. The function of authentication is for users from > outside the system to prove who they are. On the other Access Controls is a > function that is separate from Authentication. System can store the rules > for access controls as permissions. Would it not make sence to place those > two functions in two separate modules or libraries instead of bunching it > all in one place? > > On Thu, 11 Dec 2003 23:05:56 -0500 > "Mark Armendariz" wrote: > > > Yeah, I'm not 100% behind their implementation, but it touches on > > quite a bit, and actaully a fun read in comparison to a good dea lof > > code I run into. BY control I meant by adding permissions and group > > control to my current class, rather than just logged in / not and > > basic session management. > > > > -----Original Message----- > > From: talk-bounces at lists.nyphp.org > > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy > > Sent: Thursday, December 11, 2003 10:44 PM > > To: NYPHP Talk > > Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > > > > > > I'm actaully also interested as I'm in the process of rebuilding my > > > login class to fit a larger scheme of control and some better > > > security > > options. > > What do you mean by larger scheme of control ? > > > > > > > I'd originally learned a lot about php authentication through sites > > > as well as PAT's patUser class > > > (http://www.php-tools.de/site.php?file=patUser/overview.xml), > > > > I took a look at it and its very well writen. I like and dont like > > some things arount it because. > > > > > which is one > > > of the better one's I've personally read over. > > > > > > Mark > > > > > > -----Original Message----- > > > From: talk-bounces at lists.nyphp.org > > > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy > > > Sent: Thursday, December 11, 2003 9:00 PM > > > To: talk at lists.nyphp.org > > > Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > > > > > I was wondering what people find most convinient for to do this ? Do > > > you use just php sessions with few own helper functions, > > > PEAR::Auth,other library, or completely homegrown ? > > > > > > I personaly find php sessions a bit aukward to use because of the a > > > bit none-intuative api that it has. > > > > > > Felix > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > > > > > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From nyphp at enobrev.com Fri Dec 12 16:31:32 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 12 Dec 2003 16:31:32 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: Message-ID: So here's my thoughts for a permissions system. Don't read below this if you're uninterested, but if you do, let me know if I'm on a good track or if I'm just plain nuts. Tables: users ----- user_id group_id // for a userS to group (either or, see below) Username, etc... groups ------ group_id parent_id group_title x_users_groups // for userS to groupS (either or, see above) -------------- user_id group_id sections -------- section_id section_title permissions ----------- permission_id permission_title [read, write, view, update, delete, etc] x_group_permissions ------------------- section_id group_id permission_id precedence user_perms ---------- section_id user_id perm_id Ex. Can_do('news', 'view', $login->get_user_id()); Function Can_do($section, $perm, $user_id) { // Check user perms if allowed (user perms get top priority) - if yes, return true ... // Check user group perms if allowed (precedence field sets priority in case of multiple groups) - if yes return true ... // Loop through groups and check parent(s), if yes, return true ... return false } That's the very basics I've got in ink. Mark From felix at students.poly.edu Fri Dec 12 18:03:06 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Fri, 12 Dec 2003 18:03:06 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: References: Message-ID: <20031212180306.0bf587da.felix@students.poly.edu> I read the manual for phpGacl and its interesting stuff. It seems to be designed to give high grained permissions. Their administrative interface is hard to figure out. I am thinking of a simpler Access Control List that is easier to administer. We will have : Actions, Objects, Groups , and Users Each group contains of a list of Actions to Objects mappings. Each mapping signifies Allow and absence of it signifies Deny. so for example: Group Regular User { Read -> Pages } Group Admin User { Read-> Pages, Modify-> Pages, Delete-> Pages } This would work well if there is not so many Objects so we tread each module of the application as an Object. On Fri, 12 Dec 2003 16:31:32 -0500 "Mark Armendariz" wrote: > So here's my thoughts for a permissions system. Don't read below this if > you're uninterested, but if you do, let me know if I'm on a good track or if > I'm just plain nuts. > > Tables: > > users > ----- > user_id > group_id // for a userS to group (either or, see below) > Username, etc... > > groups > ------ > group_id > parent_id > group_title > > x_users_groups // for userS to groupS (either or, see above) > -------------- > user_id > group_id > > sections > -------- > section_id > section_title > > permissions > ----------- > permission_id > permission_title [read, write, view, update, delete, etc] > > x_group_permissions > ------------------- > section_id > group_id > permission_id > precedence > > user_perms > ---------- > section_id > user_id > perm_id > > > > Ex. Can_do('news', 'view', $login->get_user_id()); > > Function Can_do($section, $perm, $user_id) { > > // Check user perms if allowed (user perms get top priority) - if > yes, return true > > ... > > // Check user group perms if allowed (precedence field sets priority > in case of multiple groups) - if yes return true > > ... > > // Loop through groups and check parent(s), if yes, return true > > ... > > return false > } > > > That's the very basics I've got in ink. > > Mark > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at enobrev.com Fri Dec 12 18:30:19 2003 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 12 Dec 2003 18:30:19 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <20031212180306.0bf587da.felix@students.poly.edu> Message-ID: Hmm.. Seems similar to my quickie drawing (consider permissions table as "Actions" and sections table as "Objects"), which in my mind at least, says I'm on the right track. I tend to think better in database tables and data relationships than in objects, I guess. Thanks for giving it a look! Mark -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of felix zaslavskiy Sent: Friday, December 12, 2003 6:03 PM To: NYPHP Talk Subject: Re: [nycphp-talk] What UserLogin/Auth mechanism do you use ? I read the manual for phpGacl and its interesting stuff. It seems to be designed to give high grained permissions. Their administrative interface is hard to figure out. I am thinking of a simpler Access Control List that is easier to administer. We will have : Actions, Objects, Groups , and Users Each group contains of a list of Actions to Objects mappings. Each mapping signifies Allow and absence of it signifies Deny. so for example: Group Regular User { Read -> Pages } Group Admin User { Read-> Pages, Modify-> Pages, Delete-> Pages } This would work well if there is not so many Objects so we tread each module of the application as an Object. On Fri, 12 Dec 2003 16:31:32 -0500 "Mark Armendariz" wrote: > So here's my thoughts for a permissions system. Don't read below this > if you're uninterested, but if you do, let me know if I'm on a good > track or if I'm just plain nuts. > > Tables: > > users > ----- > user_id > group_id // for a userS to group (either or, see below) > Username, etc... > > groups > ------ > group_id > parent_id > group_title > > x_users_groups // for userS to groupS (either or, see above) > -------------- > user_id > group_id > > sections > -------- > section_id > section_title > > permissions > ----------- > permission_id > permission_title [read, write, view, update, delete, etc] > > x_group_permissions > ------------------- > section_id > group_id > permission_id > precedence > > user_perms > ---------- > section_id > user_id > perm_id > > > > Ex. Can_do('news', 'view', $login->get_user_id()); > > Function Can_do($section, $perm, $user_id) { > > // Check user perms if allowed (user perms get top priority) - if > yes, return true > > ... > > // Check user group perms if allowed (precedence field sets priority > in case of multiple groups) - if yes return true > > ... > > // Loop through groups and check parent(s), if yes, return true > > ... > > return false > } > > > That's the very basics I've got in ink. > > Mark > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From hans at newyorkphp.com Sat Dec 13 13:54:14 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Sat, 13 Dec 2003 13:54:14 -0500 Subject: [nycphp-talk] Framework Question - Site Configuration Message-ID: <688BD1502D7CA547800722B3501F62BB295F9F@ms03.mailstreet2003.net> > Framework question. > > I had an idea that if I were to store many of the web site > configuration > values in the web server environment, such as database connection > parameters, default email address, company address and major > site links in > each apache server virtual host environment, this information would be > resident in the server memory, and subsequent requests would > require less > over head than creating a large configuration file that would > be loaded and > parsed at runtime each time a script on our site ran. Very true. Something to keep in mind, however, is the visibility of sensitive data (like passwords). Not only could someone read the httpd.conf itself (depending on permissions, of course) but the $_SERVER array containing the passwords, etc. is globally available in any PHP script running under that environment. > For example. In my apache config I set the values in the > following manner... > > setEnv DATABASE_NAME = "somedatabase" > setEnv DATABASE_USER = "someuser" > setEnv DATABASE_PASS = "somepass" > setEnv LINK_HOME_PAGE = "/index.php" > setEnv LINK_SITE_MAP = "/site-map.php" > setEnv EMAIL_DEFAULT = "info at foo.com" > setEnv EMAIL_SALES = "sales at foo.com" > setEnv PATH_PHOTOS = "/photos/" > setEnv PATH_GIFS = "/gifs/" > > To access these from my scripts, I can use the following... > > $_SERVER['DATABASE_NAME'] > $_SERVER['DATABASE_USER'] > $_SERVER['DATABASE_PASS] > $_SERVER['LINK_HOME_PAGE'] > $_SERVER['LINK_SITE_MAP] > > Because they are resident in the memory of the server, the > server does not > have to parse the file each time a request is made for the > virtual host. > > However, this is proving to be a pain because there are other > scripts that > run from CRON etc, that do not run from the virtual host > environment, and > for those scripts, I have ended up duplicating my efforts by creating > another configuration file for our site. This means I have to > update changes > to the configuration twice. > > I was thinking that it would may be easier to ditch this > effort and go with > a standard configuration file in PHP that I can include for > the site and > scripts that run outsode the virtual environment. Perhaps > something like the > following... > > > define(DATABASE_NAME,'somedatabase'); > define(DATABASE_USER,'someuser'); > define(LINK_SITE_MAP,'/site-map.php'); > > ?> > > and then access the values in the script using their constant > values or > perhaps store the values in an array such as... > > > $site = array( > 'DATABASE_NAME' => 'somedatabase', > 'DATABASE_USER' => 'someuser', > 'LINK_SITE_MAP' => '/site_map.php' > ); > > ?> > > I would like to hear all your thoughts on this issue. I have about 100 > configuration directives I would like to be able to store in > one place. I > would be curious how others have dealt with simular issues. Are there > advantagaes to using an array for config values as mentioned > above over lets > say defining constants? While define() is more expensive, performance wise, than simply declaring a variable, using constants elsewhere in the script is faster than variables (or so Zeev told me once). > Ideas, suggestions? Don't forget that Apache can include other files as other conf files. So, for example, you could have a series of php.app.conf files with your SetEnv directives which could also be included from cron/cli php scripts and parsed. True, maybe a little messy on the cli side, but worth some thought. Of course, the "cool" way of implementing this is with shared memory. More complex, but probably the ultimate in speedy configuration and flexibility. For instance, you could have a set of scripts to manage configuration directives, in shared memory - the config could change, and applications would see them in real time. I had some scripts to do this, but they're not ready for show. That said, PHP's shared memory extension has some weaknesses for this type of application, and a custom C extension would really be the way to do it. Sorry for the crazy wrapping folks - if anyone knows how to get Outlook 2003 to wrap plain-text messages normally, please contact me offlist :) H From hans at newyorkphp.com Sat Dec 13 14:16:53 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Sat, 13 Dec 2003 14:16:53 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? Message-ID: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> > > I was wondering what people find most convinient for to do this ? > > Do you use just php sessions with few own helper functions, > > PEAR::Auth,other library, or completely homegrown ? I use my own - pAuth :) Roles based is the way to go... > I've been known to roll my own but it sucked and isn't recommended (-: > > Ask Hans about pauth (yo Hans!) -- which btw I started looking at and > didn't quite grok it, then my attention got diverted away. Ahh, speaking of which... There's an older version at http://cvs.nyphp.org/cvsweb.cgi/pauth/ and I have a much improved version that I'll be committing sometime. That said, the pAuth version in CVS should work well as is. After going through numerous iterations of authorization schemes (not authentication - that's fairly straightforward) I'm sold on roles based. At my primary intranet site, the level of granuality for authorization is huge - numerous projects, each with subtle differences in operation, permissions and users. Initially, I took a URL matching approach, which then failed because different users need to see different aspects of a page (or even different filesystem files) related to a single URL - simply, URL -> filesystem translations are troublesome. I had hacked in action based authorization, but it quickly became clear that heavy authorization logic should not be in an umbrella type of model. [1] The roles model is simple - it simply answers that someone can play a role (or group of roles) or not. Determining what to do is left up to the application. This offers the ultimate in granuality. A single page can offer the logic, or a higher include can for a group of pages. So far, pAuth has worked smashingly, and I'm anxious to get the revised version online. H [1] There's an exception to this. If using an application server type of environment, where everything is an action to begin with, then it makes sense to add authorization logic there. Generally, however, most sites, especially smaller ones, are just a series of GET and POST requests, which aren't a concrete way to determine what type of action is actually occuring. From csnyder at chxo.com Sat Dec 13 15:17:23 2003 From: csnyder at chxo.com (Chris Snyder) Date: Sat, 13 Dec 2003 15:17:23 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> Message-ID: <3FDB73D3.1070708@chxo.com> Hans Zaunere wrote: >After going through numerous iterations of authorization schemes (not >authentication - that's fairly straightforward) I'm sold on roles based. > >The roles model is simple - it simply answers that someone can play a >role (or group of roles) or not. Determining what to do is left up to >the application. > I agree 100% -- after taking a look at an early version of pAuth, I hacked together my own roles-based solution and have been quite happy with it. An in-code example looks something like: $editcontrols = ''; if ( $auth->hasRole('calendar::editor') ) { $editcontrols = "url?action=edit\">edit $this->type"; } So if I assign user foo a role of editor in the calendar domain, then foo will see the edit link when he is logged-in. At the top of the edit script, I'll require a the editor role like so: $auth->requireRole('calendar::editor'); If the user trying to execute the edit script isn't a calendar::editor, they get redirected to a no-access page and execution halts. The role name is arbitrary, but using a domain::class notation gives you a lot of flexibility-- the auth object can automatically discover the current domain ( $auth->requireRole('editor') ) and you can define a class policy that says, for example, editors inherit the access rights of contributors. I code in a super-domain (all) and a super-class (admin), so if some user has the role all::admin, they can do anything anywhere. csnyder From dorgan at optonline.net Sun Dec 14 03:16:27 2003 From: dorgan at optonline.net (Donald J. Organ IV) Date: Sun, 14 Dec 2003 03:16:27 -0500 Subject: [nycphp-talk] File Uploads References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> <3FDB73D3.1070708@chxo.com> Message-ID: <000e01c3c21a$921ce010$c801a8c0@dj> What would be the best way using PHP to accept file uploads of around 250MB ? From southwell at dneba.com Sun Dec 14 10:43:36 2003 From: southwell at dneba.com (Michael Southwell) Date: Sun, 14 Dec 2003 10:43:36 -0500 Subject: [nycphp-talk] File Uploads In-Reply-To: <000e01c3c21a$921ce010$c801a8c0@dj> References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> <3FDB73D3.1070708@chxo.com> <000e01c3c21a$921ce010$c801a8c0@dj> Message-ID: <6.0.1.1.2.20031214104028.01b7a590@mail.optonline.net> Nasir Zubair's manual reference, in answer to my recent similar but more general question, will serve to answer yours as well; the comments following the manual page deal specifically with your problem: http://www.php.net/manual/en/features.file-upload.php At 03:16 AM 12/14/2003, you wrote: >What would be the best way using PHP to accept file uploads of around 250MB ? >_______________________________________________ >talk mailing list >talk at lists.nyphp.org >http://lists.nyphp.org/mailman/listinfo/talk Michael G. Southwell ================================= DNEBA Enterprises 81 South Road Bloomingdale, NJ 07403-1419 973/492-7873 (voice and fax) southwell at dneba.com http://www.dneba.com ====================================================== From dmintz at davidmintz.org Sun Dec 14 12:04:04 2003 From: dmintz at davidmintz.org (David Mintz) Date: Sun, 14 Dec 2003 12:04:04 -0500 (EST) Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> Message-ID: On Sat, 13 Dec 2003, Hans Zaunere wrote: > > There's an older version at http://cvs.nyphp.org/cvsweb.cgi/pauth/ and I > have a much improved version that I'll be committing sometime. That > said, the pAuth version in CVS should work well as is. How about giving us a little tutorial on it at a NYPHP meeting one of these days? --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From dmintz at davidmintz.org Sun Dec 14 12:07:02 2003 From: dmintz at davidmintz.org (David Mintz) Date: Sun, 14 Dec 2003 12:07:02 -0500 (EST) Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <3FDB73D3.1070708@chxo.com> References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> <3FDB73D3.1070708@chxo.com> Message-ID: On Sat, 13 Dec 2003, Chris Snyder wrote: > An in-code example looks something like: > > $editcontrols = ''; > if ( $auth->hasRole('calendar::editor') ) { > $editcontrols = "url?action=edit\">edit > $this->type"; > } One (stupid?) question. Of what class is $this an instance? From hans at newyorkphp.com Sun Dec 14 12:21:45 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Sun, 14 Dec 2003 12:21:45 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? Message-ID: <688BD1502D7CA547800722B3501F62BB296025@ms03.mailstreet2003.net> talk-bounces at lists.nyphp.org wrote: > On Sat, 13 Dec 2003, Hans Zaunere wrote: >> >> There's an older version at > http://cvs.nyphp.org/cvsweb.cgi/pauth/ and I >> have a much improved version that I'll be committing sometime. That >> said, the pAuth version in CVS should work well as is. > > How about giving us a little tutorial on it at a NYPHP meeting one of these days? Sure. Maybe even the December meeting, if you'll be there? H From csnyder at chxo.com Sun Dec 14 12:32:28 2003 From: csnyder at chxo.com (Chris Snyder) Date: Sun, 14 Dec 2003 12:32:28 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> <3FDB73D3.1070708@chxo.com> Message-ID: <3FDC9EAC.7070205@chxo.com> David Mintz wrote: >On Sat, 13 Dec 2003, Chris Snyder wrote: > >>n in-code example looks something like: >> >>$editcontrols = ''; >>if ( $auth->hasRole('calendar::editor') ) { >> $editcontrols = "url?action=edit\">edit >>$this->type"; >>} >> >> > >One (stupid?) question. Of what class is $this an instance? > > Doesn't matter for the example, it's a red herring and I should have used $obj or something. But since you asked, that scheme is from an experiemental CMS named Berylium, which evals code and displays templates within the context of the object requested in the URL. In a Berylium template, $this refers to the requested object, be it directory, document, image, etc. As confusing as it might be in a code example, it makes a lot of sense in context. From dmintz at davidmintz.org Sun Dec 14 12:51:55 2003 From: dmintz at davidmintz.org (David Mintz) Date: Sun, 14 Dec 2003 12:51:55 -0500 (EST) Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? In-Reply-To: <688BD1502D7CA547800722B3501F62BB296025@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB296025@ms03.mailstreet2003.net> Message-ID: On Sun, 14 Dec 2003, Hans Zaunere wrote: > > How about giving us a little tutorial on it at a NYPHP meeting one of > these days? > > Sure. Maybe even the December meeting, if you'll be there? Hmmmm, 23-December 2003? OK! I'm sure it will beat the hell out of such alternatives as shopping and standing in long lines :-) --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jsiegel1 at optonline.net Sun Dec 14 16:41:33 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sun, 14 Dec 2003 16:41:33 -0500 Subject: [nycphp-talk] NYPHP Party RSVP DEADLINE TONIGHT!!! Message-ID: <3FDCD90D.6020000@optonline.net> The RSVP *deadline* for the NYPHP party is **TONIGHT**!! If you haven't yet RSVP'ed, please do so now. Details are below. Jeff Siegel ================================== Join New York PHP for some Holiday cheer! The NYPHP Holiday Party will be on December 16th at 6:30pm at the Hard Rock Cafe, 221 West 57th Street, New York. The cost is $20.00 per person to be paid at the door which includes selection from the menu below. **** You must contact us in advance if you'll be attending. RSVP to party at nyphp.org **** All are welcome! When: December 16th at 6:30pm Where: Hard Rock Cafe, 221 West 57th Street, New York The Party Menu Choice of Entrees: HRC Country Char-Broiled Burger with Cheese and/or Bacon HRC Natural Veggie Burger Grilled Chicken Breast Sandwich HRC Caesar Salad Pig Sandwich Dessert: Homestyle Chocolate Cake Choice of Beverage: Coffee, Tea or Soft Drink From danielc at analysisandsolutions.com Sun Dec 14 21:50:31 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 14 Dec 2003 21:50:31 -0500 Subject: [nycphp-talk] File Uploads In-Reply-To: <000e01c3c21a$921ce010$c801a8c0@dj> References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> <3FDB73D3.1070708@chxo.com> <000e01c3c21a$921ce010$c801a8c0@dj> Message-ID: <20031215025031.GA26793@panix.com> Hi: On Sun, Dec 14, 2003 at 03:16:27AM -0500, Donald J. Organ IV wrote: > What would be the best way using PHP to accept file uploads of around 250MB On a web server connected to a person trying to do the upload that has a T3. --Dan "not the greatest joke" Convissor -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From jlacey at att.net Sun Dec 14 21:54:11 2003 From: jlacey at att.net (John Lacey) Date: Sun, 14 Dec 2003 19:54:11 -0700 Subject: [nycphp-talk] File Uploads In-Reply-To: <20031215025031.GA26793@panix.com> References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> <3FDB73D3.1070708@chxo.com> <000e01c3c21a$921ce010$c801a8c0@dj> <20031215025031.GA26793@panix.com> Message-ID: <3FDD2253.9080201@att.net> Daniel Convissor wrote: > Hi: > > On Sun, Dec 14, 2003 at 03:16:27AM -0500, Donald J. Organ IV wrote: > > >>What would be the best way using PHP to accept file uploads of around 250MB > > > On a web server connected to a person trying to do the upload that has a > T3. > > --Dan "not the greatest joke" Convissor > well, I wuz gonna suggest the postal service, but I figgurd I'd get stomped.. stamped? John :) From jlacey at att.net Sun Dec 14 21:58:55 2003 From: jlacey at att.net (John Lacey) Date: Sun, 14 Dec 2003 19:58:55 -0700 Subject: [nycphp-talk] file uploads Message-ID: <3FDD236F.5080008@att.net> but seriously Donald, if you'd like, I can send you a file or two to look at that would give you the mechanics of it at least... I 'have' heard of people uploading 400MB graphics files for what it's worth. John From jsiegel1 at optonline.net Sun Dec 14 22:17:24 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sun, 14 Dec 2003 22:17:24 -0500 Subject: [nycphp-talk] File Uploads In-Reply-To: <3FDD2253.9080201@att.net> References: <688BD1502D7CA547800722B3501F62BB295FA8@ms03.mailstreet2003.net> <3FDB73D3.1070708@chxo.com> <000e01c3c21a$921ce010$c801a8c0@dj> <20031215025031.GA26793@panix.com> <3FDD2253.9080201@att.net> Message-ID: <3FDD27C4.1070407@optonline.net> I was going to suggest Filezilla. Jeff Siegel John Lacey wrote: > > > Daniel Convissor wrote: > >> Hi: >> >> On Sun, Dec 14, 2003 at 03:16:27AM -0500, Donald J. Organ IV wrote: >> >> >>> What would be the best way using PHP to accept file uploads of around >>> 250MB >> >> >> >> On a web server connected to a person trying to do the upload that has >> a T3. >> >> --Dan "not the greatest joke" Convissor >> > > well, I wuz gonna suggest the postal service, but I figgurd I'd get > stomped.. stamped? > > John :) > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dorgan at optonline.net Sun Dec 14 22:17:56 2003 From: dorgan at optonline.net (Donald J. Organ IV) Date: Sun, 14 Dec 2003 22:17:56 -0500 Subject: [nycphp-talk] file uploads References: <3FDD236F.5080008@att.net> Message-ID: <004a01c3c2ba$08f62300$c801a8c0@dj> yes a file or two would be a great help, personally i would tell the client to use an ftp server but that is not what they want ----- Original Message ----- From: "John Lacey" To: "NYPHP Talk" Sent: Sunday, December 14, 2003 9:58 PM Subject: [nycphp-talk] file uploads > > but seriously Donald, if you'd like, I can send you a file > or two to look at that would give you the mechanics of it at > least... I 'have' heard of people uploading 400MB graphics > files for what it's worth. > > John > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jlacey at att.net Sun Dec 14 22:28:00 2003 From: jlacey at att.net (John Lacey) Date: Sun, 14 Dec 2003 20:28:00 -0700 Subject: [nycphp-talk] file uploads In-Reply-To: <004a01c3c2ba$08f62300$c801a8c0@dj> References: <3FDD236F.5080008@att.net> <004a01c3c2ba$08f62300$c801a8c0@dj> Message-ID: <3FDD2A40.9040203@att.net> okie, I'll send them off-list -- if you have any questions, just shoot me an email to my jlacey at att.net addy Donald J. Organ IV wrote: > yes a file or two would be a great help, personally i would tell the client > to use an ftp server but that is not what they want > > ----- Original Message ----- > From: "John Lacey" > To: "NYPHP Talk" > Sent: Sunday, December 14, 2003 9:58 PM > Subject: [nycphp-talk] file uploads > > > >>but seriously Donald, if you'd like, I can send you a file >>or two to look at that would give you the mechanics of it at >>least... I 'have' heard of people uploading 400MB graphics >>files for what it's worth. >> >>John >> >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From lists at ny-tech.net Mon Dec 15 00:02:18 2003 From: lists at ny-tech.net (Nasir Zubair) Date: Mon, 15 Dec 2003 00:02:18 -0500 Subject: [nycphp-talk] file uploads In-Reply-To: <3FDD2A40.9040203@att.net> Message-ID: <001201c3c2c8$9e9be350$6401a8c0@main> John, Would it be possible for you to send the files to me too. I am also interested in finding out how to do it. - Nasir > -----Original Message----- > From: John Lacey [mailto:jlacey at att.net] > Sent: Sunday, December 14, 2003 10:28 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] file uploads > > > > okie, I'll send them off-list -- if you have any questions, > just shoot me an email to my jlacey at att.net addy > > > Donald J. Organ IV wrote: > > > yes a file or two would be a great help, personally i would > tell the > > client to use an ftp server but that is not what they want > > > > ----- Original Message ----- > > From: "John Lacey" > > To: "NYPHP Talk" > > Sent: Sunday, December 14, 2003 9:58 PM > > Subject: [nycphp-talk] file uploads > > > > > > > >>but seriously Donald, if you'd like, I can send you a file > >>or two to look at that would give you the mechanics of it > at least... > >>I 'have' heard of people uploading 400MB graphics files for > what it's > >>worth. > >> > >>John > >> > >> > >>_______________________________________________ > >>talk mailing list > >>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > From jlacey at att.net Mon Dec 15 00:24:38 2003 From: jlacey at att.net (John Lacey) Date: Sun, 14 Dec 2003 22:24:38 -0700 Subject: [nycphp-talk] file uploads In-Reply-To: <001201c3c2c8$9e9be350$6401a8c0@main> References: <001201c3c2c8$9e9be350$6401a8c0@main> Message-ID: <3FDD4596.1040906@att.net> Nasir Zubair wrote: > John, > > Would it be possible for you to send the files to me too. I am also > interested in finding out how to do it. > > - Nasir > > here's a php file and an htm "save file screen" that shows the major parts if you look in the add_question.php.htm file's source, you'll see some code near the bottom with hidden fields like "MAX_FILE_SIZE" etc... that's the browser picture in the functions.inc.php file you'll see a little ways from the top a "pt_check_image" function -- that's the server-side story... John -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlacey at att.net Mon Dec 15 00:32:23 2003 From: jlacey at att.net (John Lacey) Date: Sun, 14 Dec 2003 22:32:23 -0700 Subject: [nycphp-talk] file uploads In-Reply-To: <3FDD4596.1040906@att.net> References: <001201c3c2c8$9e9be350$6401a8c0@main> <3FDD4596.1040906@att.net> Message-ID: <3FDD4767.3020805@att.net> John Lacey wrote: > > > Nasir Zubair wrote: > >> John, >> >> Would it be possible for you to send the files to me too. I am also >> interested in finding out how to do it. >> >> - Nasir >> >> > > here's a php file and an htm "save file screen" that shows the major parts > > if you look in the add_question.php.htm file's source, you'll see some > code near the bottom with hidden fields like "MAX_FILE_SIZE" etc... > that's the browser picture > > in the functions.inc.php file you'll see a little ways from the top a > "pt_check_image" function -- that's the server-side story... > > John > also, don't forget about the file uploads in php.ini file -- here's a section from one of mine: (note the max file size, change it to whatever you need) ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; ; Whether to allow HTTP file uploads. file_uploads = On ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). upload_tmp_dir = ".;C:\XAMPP\xampp\tmp" ; Maximum allowed size for uploaded files. upload_max_filesize = 2M also, I recall something about a problem with large file uploads and the script max_execution_time, but I believe that was fixed in a later version of php From bpang at bpang.com Mon Dec 15 00:36:25 2003 From: bpang at bpang.com (Brian Pang) Date: Mon, 15 Dec 2003 00:36:25 -0500 Subject: [nycphp-talk] file uploads Message-ID: I think for starters you would need to change the php.ini settings post_max_size = 250M upload_max_filesize = 250M max_execution_time = 600 or however many seconds you think it would take to upload 250M file_uploads = 1 (of course) still, I'm not sure how you would get around memory_limit It would seem wrong to set this to 250M or is an uploaded file not restricted by this paramater? other than that, I can't think of anything special that the script would require. please share what the solution is to get 400mb files > John, > > Would it be possible for you to send the files to me too. I am also > interested in finding out how to do it. > > - Nasir > > > okie, I'll send them off-list -- if you have any questions, > > just shoot me an email to my jlacey at att.net addy > > > > > > Donald J. Organ IV wrote: > > > > > yes a file or two would be a great help, personally i would > > tell the > > > client to use an ftp server but that is not what they want > > > > > > ----- Original Message ----- > > > From: "John Lacey" > > > To: "NYPHP Talk" > > > Sent: Sunday, December 14, 2003 9:58 PM > > > Subject: [nycphp-talk] file uploads > > > > > > > > > > > >>but seriously Donald, if you'd like, I can send you a file > > >>or two to look at that would give you the mechanics of it > > at least... > > >>I 'have' heard of people uploading 400MB graphics files for > > what it's > > >>worth. > > >> > > >>John > > >> > > >> From jlacey at att.net Mon Dec 15 00:45:49 2003 From: jlacey at att.net (John Lacey) Date: Sun, 14 Dec 2003 22:45:49 -0700 Subject: [nycphp-talk] file uploads In-Reply-To: References: Message-ID: <3FDD4A8D.7030509@att.net> Brian Pang wrote: > I think for starters you would need to change the php.ini settings > > post_max_size = 250M since the encoding type is set to multipart form data, enctype="multipart/form-data" I don't think you have to worry about the post_max_size... someone else step in here if I'm off base on this.. > upload_max_filesize = 250M > > max_execution_time = 600 > or however many seconds you think it would take to upload 250M > > file_uploads = 1 (of course) > > still, I'm not sure how you would get around > memory_limit > It would seem wrong to set this to 250M > or is an uploaded file not restricted by this paramater? it gets written to a tmp file John From rinaudomatteo at msn.com Mon Dec 15 05:06:25 2003 From: rinaudomatteo at msn.com (rinaudomatteo) Date: Mon, 15 Dec 2003 11:06:25 +0100 Subject: [nycphp-talk] file uploads In-Reply-To: <3FDD4A8D.7030509@att.net> Message-ID: <000601c3c2f3$19206220$4700a8c0@silicia.it> Hi all. Please pardon my English, I'm an Italian guy. IMHO the best solution would be a PHP-managed FTP upload (e.g. ftp_put, etc.) See: http://it.php.net/manual/en/ref.ftp.php For a form-based-upload, however: Instead of using: 'max_execution_time = 600' (unpolite) you should set a time limit in the PHP script: set_time_limit(0) in order to avoid: 1) some more modification to the php.ini file if the file to be uploaded grows in size; 2) any time-limit-is-over troubles during script execution. file_uploads = 1 (obviously) post_max_size MUST BE LARGER THAN upload_max_filesize upload_max_filesize = 250M or what you want memory_limit SHOULD BE LARGER THAN post_max_size or should set to '-1' for no memory limit. Note that PHP must be compiled with the ' --enable-memory-limit' in the 'configure' options. Best regards, Matt Matteo Rinaudo Software Developer Silicia s.r.l. via V. di Marco, 8 90143 PALERMO - Italy tel. +39 91 730 85 73 int. 104 "Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker." - (Eric S. Raymond) --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.551 / Virus Database: 343 - Release Date: 11/12/2003 From natrindex at yahoo.com Mon Dec 15 16:53:08 2003 From: natrindex at yahoo.com (charlie wang) Date: Mon, 15 Dec 2003 13:53:08 -0800 (PST) Subject: [nycphp-talk] Anyone from New Jersey attend the NYPHP Party? Message-ID: <20031215215308.45080.qmail@web13703.mail.yahoo.com> I live in Harrison, work in Metuchen, NJ. Anyone from Jersey want to go to NYPHP party, knows how to get there by train, PATH, drive, please give me some direction. Everytime I drive to NY got lost and hanging out for few hours. Thanks. --------------------------------- Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Mon Dec 15 19:17:37 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 15 Dec 2003 19:17:37 -0500 Subject: [nycphp-talk] Anyone from New Jersey attend the NYPHP Party? In-Reply-To: <20031215215308.45080.qmail@web13703.mail.yahoo.com> References: <20031215215308.45080.qmail@web13703.mail.yahoo.com> Message-ID: <20031216001737.GA16548@panix.com> On Mon, Dec 15, 2003 at 01:53:08PM -0800, charlie wang wrote: > I live in Harrison, work in Metuchen, NJ. Anyone from Jersey want to go > to NYPHP party, knows how to get there by train, PATH, drive, please PATH to WTC -- OR -- NJ Transit to Penn Station NY E train to Columbus Circle (59th St) (People to whom the 7th Ave line is more convenient, such as people taking the LIRR, take the 1 train uptown to 59th / Columbus Cir) Head south on Broadway (with traffic) or 8th Ave (against traffic) Turn left (east) on 57th St. Don't cross 57th St. Hard Rock is a few steps away -- between Broadway and 7th Ave. --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Tue Dec 16 03:25:24 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 16 Dec 2003 03:25:24 -0500 Subject: [nycphp-talk] multiple vulnerabilites Message-ID: <20031216082524.GA16933@panix.com> Security Focus Newsletter 227 Programmers' Hamburger Vulnerabilities http://moo.ex/help Come to the Hard Rock Cafe to see this happen first hand... Xoops Multiple Vulnerabilities http://www.securityfocus.com/bid/9166 Land Down Under Auth.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/9168 Chris Travers Hermes Unspecified File Include Vulnerability http://www.securityfocus.com/bid/9173 Bitfolge Snif Index.PHP Path Cross-Site Scripting Vulnerabil... http://www.securityfocus.com/bid/9179 Ben's Guestbook HTML Injection Vulnerability http://www.securityfocus.com/bid/9183 Mantis Multiple Unspecified Cross-Site Scripting Vulnerabili... http://www.securityfocus.com/bid/9184 Mambo Server user.php Script Unauthorized Access Vulnerabili... http://www.securityfocus.com/bid/9193 Mambo Open Source 4.0.14 Server SQL Injection Vulnerability http://www.securityfocus.com/bid/9196 Mambo Open Source PollBooth.PHP Multiple SQL Injection Vulne... http://www.securityfocus.com/bid/9197 Viva PHP! --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From hans at newyorkphp.com Tue Dec 16 12:16:41 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Tue, 16 Dec 2003 12:16:41 -0500 Subject: [nycphp-talk] Load Balancing Insight Message-ID: <00a001c3c3f8$5f6f20d0$979b7a80@hzaunere> Hi all, I wanted to pass on this thread from the FreeBSD-Hackers mailing list: http://marc.theaimsgroup.com/?t=107148893200001&r=1&w=2 They mention some very interesting tools and techniques. Thoughts, suggestions or experiences from AMPers here? Also, the mention of FreeBSD is a perfect segue for the attached message. NYC now has a BSD group to complement Linux, PHP, etc. Please take a look at http://nycbug.org and hop on the mailing list: http://lists.nycbug.org See everyone at the party tonight, Hans -------------- next part -------------- An embedded message was scrubbed... From: "G. Rosamond" Subject: NYC BSD User Group Date: Tue, 16 Dec 2003 11:59:19 -0500 Size: 2747 URL: From suzerain at suzerain.com Tue Dec 16 12:15:05 2003 From: suzerain at suzerain.com (Marc Antony Vose) Date: Tue, 16 Dec 2003 12:15:05 -0500 Subject: [nycphp-talk] verify unicode text exists In-Reply-To: <20031216082524.GA16933@panix.com> References: <20031216082524.GA16933@panix.com> Message-ID: hi there: in my scripts, i generally do a simple little check like this if i want to make sure something was inputted in a field, or in this case i am looping through an array and removing any index that lacks at least some text: if( !ereg("[[:alnum:]]+",$desc_contents[$x]) ){ array_splice($desc_contents,$x,1); } anyway, that is enough for anything i want to do in english. however, i am now dealing with some korean and bulgarian text, and this fails, because those characters are not part of "alnum". at the moment, i've replaced it with a check of "strlen($text)>0", but if the text was ";@ #^&*" it would pass the test. so, i'm interested in how people deal with this sort of situation? i need to check that at least some valid characters (i.e., for human readable content) were inputted into a form, or exist in some variable, but that will work for any language in the world, when the text in question is known to be unicode. cheers, -- Marc Antony Vose http://www.suzerain.com/ They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin From adam at trachtenberg.com Tue Dec 16 12:23:50 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 16 Dec 2003 12:23:50 -0500 (EST) Subject: [nycphp-talk] verify unicode text exists In-Reply-To: References: <20031216082524.GA16933@panix.com> Message-ID: On Tue, 16 Dec 2003, Marc Antony Vose wrote: > however, i am now dealing with some korean and bulgarian text, and > this fails, because those characters are not part of "alnum". at the > moment, i've replaced it with a check of "strlen($text)>0", but if > the text was ";@ #^&*" it would pass the test. > > so, i'm interested in how people deal with this sort of situation? PHP does not have native Unicode support. However, you should check out the mbstring extension: http://www.php.net/mbstring -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From lists at prusak.com Tue Dec 16 17:58:44 2003 From: lists at prusak.com (Ophir Prusak) Date: Tue, 16 Dec 2003 17:58:44 -0500 Subject: [nycphp-talk] Dynamic Forms Message-ID: <010901c3c428$288533e0$5356a8c0@CPXPDEV10> Hi All, I just found out that a project we're working on needs to support user customizable fields. In other words, lets say we have a User form where we store user data. The system has built in mandatory fields like: Username (text) First name (text) Last name (text) Birthdate (date) Country (pulldown) We need to give the system admin a web interface to add their own fields so they could add their own fields like: division (pulldown) boss's name (text) married (checkbox) etc. Has anyone here already implemented something like this ? Is there a "simple" solution to this ? Anyone know of any packages that do this ? I looked at a couple of open source survey packages which have this type of functionality, but ideally I'd like to find something simpler. Thanx Ophir -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.net Tue Dec 16 17:57:28 2003 From: jonbaer at jonbaer.net (jon baer) Date: Tue, 16 Dec 2003 17:57:28 -0500 Subject: [nycphp-talk] AdSense scripts? Message-ID: <008f01c3c427$fae758a0$6400a8c0@thinkpad> im stucking between the client wanting adsense integrated (no problem) vs. the designer wanting it to look their way (problem), after figuring out google's adsense through their javascript includes ive noticed i can suck in, fopen, the content and preg_replace some data without a problem ... is there a script/class already out there for modifying the layout? (its also stated in google that modification is not really allowed, but its really the same code passing through php) ... anyone else have experience w/ it? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From ejp at well.com Tue Dec 16 22:17:05 2003 From: ejp at well.com (Edward Potter) Date: Tue, 16 Dec 2003 22:17:05 -0500 Subject: [nycphp-talk] Dynamic Forms In-Reply-To: <010901c3c428$288533e0$5356a8c0@CPXPDEV10> References: <010901c3c428$288533e0$5356a8c0@CPXPDEV10> Message-ID: <7D6C1729-303F-11D8-A980-000393D9EBFA@well.com> At this point, I sometimes think, maybe spend an hour with the site manager person and show them how to code some php input template code. They can mount the whole thing in BBEdit or Homesite. Maybe week 1 they add a simple field, week 2 a drop down, etc. They can also use phpAdmin or something similar to do all the field management. Sometimes you have to give clients what they need vs what they ask for. Painful for some, but worth it in the end. On the other hand, the code is probably not that hard to write. You have to code for every permutation, but once you do that, just play it back based on form input. Write to an open file. Over-writing your html template each time. - ed On Dec 16, 2003, at 5:58 PM, Ophir Prusak wrote: > Hi All, > ? > I just found out that a project we're working on needs to support user > customizable fields. > ? > In other words, lets say we have a User form where we store user data. > The system has built in mandatory fields like: > Username (text) > First name (text) > Last name (text) > Birthdate (date) > Country (pulldown) > ? > We need to give the system admin a web interface to add their own > fields so they could add their own fields?like: > division (pulldown) > boss's name (text) > married (checkbox) > etc. > ? > Has anyone here already implemented something like this ? > Is there a "simple" solution to this ? > Anyone know of any packages that do this ? > ? > I looked at a couple of open source survey packages which have this > type of functionality, but ideally I'd like to find something simpler. > ? > Thanx > Ophir > ? > ? > ? > ? > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > //--------------------------------------- ejp at well.com http://www.exitart.org http://mygoo.typepad.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 3115 bytes Desc: not available URL: From tech_learner at yahoo.com Wed Dec 17 03:07:41 2003 From: tech_learner at yahoo.com (Tech_learner) Date: Wed, 17 Dec 2003 00:07:41 -0800 (PST) Subject: [nycphp-talk] Fwd: [php-xml] Review your secure PHP Session Implementation Message-ID: <20031217080741.85557.qmail@web14307.mail.yahoo.com> hope this helps. --------------------------------- Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded message was scrubbed... From: midjamie at yahoo.com Subject: [php-xml] Review your secure PHP Session Implementation Date: Wed, 17 Dec 2003 06:06:39 -0000 Size: 4352 URL: From Keith.Richardson at thompsonhealth.com Wed Dec 17 08:05:05 2003 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Wed, 17 Dec 2003 08:05:05 -0500 Subject: [nycphp-talk] AdSense scripts? Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B28B@ffth-exc01.thompsonhealth.org> I use google's adsense - and just use the generated code. If it were me, id store the values in a text file, or a mysql database. Then i would have a php file that i would include, say google.php - that would read the data in from the database, and then have a function, say print_adcode() that would print out the javascript adcode. I think that should be all that you would need - but I havent played with it much myself other than getting the initial colors :) But for client, I would have to say the same thing, just suck the users data out of the mysql database, stick it in a session, and work it that way. Have default data, so that if the client doesnt want the colors to change, then the designer has it their way :P -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of jon baer Sent: Tuesday, December 16, 2003 5:57 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] AdSense scripts? im stucking between the client wanting adsense integrated (no problem) vs. the designer wanting it to look their way (problem), after figuring out google's adsense through their javascript includes ive noticed i can suck in, fopen, the content and preg_replace some data without a problem ... is there a script/class already out there for modifying the layout? (its also stated in google that modification is not really allowed, but its really the same code passing through php) ... anyone else have experience w/ it? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From northcloud2000 at yahoo.com Wed Dec 17 09:14:06 2003 From: northcloud2000 at yahoo.com (Cloud N.) Date: Wed, 17 Dec 2003 06:14:06 -0800 (PST) Subject: [nycphp-talk] I need help Message-ID: <20031217141406.81316.qmail@web42005.mail.yahoo.com> Hello, everyone, I need some help to figure out how to implement below issue. I want to put some text which should be Arch with Radius in a dynamically created image. What can I do for it? I appreciate for all replies. Rena __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ From Keith.Richardson at thompsonhealth.com Wed Dec 17 09:32:15 2003 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Wed, 17 Dec 2003 09:32:15 -0500 Subject: [nycphp-talk] I need help Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745E348@ffth-exc01.thompsonhealth.org> I looked through the image functions, and dont see anything that you would do what you want. But there are some things. What I would do - is calculate the path of the text along the arc, and how long each of the characters are. Then you would get the bottom-left coordinates of each image, and the rotation angle. I would then load a separate image script, that would load the image of just that character, and then rotate it, and stick it in on the arc where you want it. It sounds like a lot of math, but it is :P Maybe someone made/will make a function to do this :P -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Cloud N. Sent: Wednesday, December 17, 2003 9:14 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] I need help Hello, everyone, I need some help to figure out how to implement below issue. I want to put some text which should be Arch with Radius in a dynamically created image. What can I do for it? I appreciate for all replies. Rena __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Kbedi at inta.org Wed Dec 17 10:40:45 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Wed, 17 Dec 2003 10:40:45 -0500 Subject: [nycphp-talk] Code Charge Message-ID: Has anyone here used codecharge? If yes what do you think about it. From jeffknight at mac.com Wed Dec 17 10:41:25 2003 From: jeffknight at mac.com (PUTAMARE) Date: Wed, 17 Dec 2003 10:41:25 -0500 Subject: [nycphp-talk] shout out Message-ID: <78FB51E2-30A7-11D8-BEAD-000393B9FB36@mac.com> Thanks to Senior Siegel for orchestrating last night's nerdtacular event! Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From agfische at email.smith.edu Wed Dec 17 10:52:14 2003 From: agfische at email.smith.edu (Aaron Fischer) Date: Wed, 17 Dec 2003 10:52:14 -0500 Subject: [nycphp-talk] shout out In-Reply-To: <78FB51E2-30A7-11D8-BEAD-000393B9FB36@mac.com> References: <78FB51E2-30A7-11D8-BEAD-000393B9FB36@mac.com> Message-ID: I second that notion! -Aaron On Dec 17, 2003, at 10:41 AM, PUTAMARE wrote: > Thanks to Senior Siegel for orchestrating last night's nerdtacular > event! > > Jeff Knight > jeff not junkmail at lushmedia.com > 212/213-6558 x 203 > LUSH media > 110 W 40th St #1502 > New York, NY 10018 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Wed Dec 17 12:30:17 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 12:30:17 -0500 Subject: [nycphp-talk] shout out In-Reply-To: References: <78FB51E2-30A7-11D8-BEAD-000393B9FB36@mac.com> Message-ID: <3FE092A9.9020806@optonline.net> Thanks! Great to me! Hope the trip back home went smoothly. Jeff Aaron Fischer wrote: > I second that notion! > > -Aaron > > On Dec 17, 2003, at 10:41 AM, PUTAMARE wrote: > >> Thanks to Senior Siegel for orchestrating last night's nerdtacular event! >> >> Jeff Knight >> jeff not junkmail at lushmedia.com >> 212/213-6558 x 203 >> LUSH media >> 110 W 40th St #1502 >> New York, NY 10018 >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Wed Dec 17 12:32:23 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 12:32:23 -0500 Subject: [nycphp-talk] shout out In-Reply-To: <3FE092A9.9020806@optonline.net> References: <78FB51E2-30A7-11D8-BEAD-000393B9FB36@mac.com> <3FE092A9.9020806@optonline.net> Message-ID: <3FE09327.2000203@optonline.net> Cheesh!...I was up too late...my message ("Great to me!") is incoherent and I'm the one who wrote it! Jeff Siegel Jeff Siegel wrote: > Thanks! Great to me! Hope the trip back home went smoothly. > > Jeff > > Aaron Fischer wrote: > >> I second that notion! >> >> -Aaron >> >> On Dec 17, 2003, at 10:41 AM, PUTAMARE wrote: >> >>> Thanks to Senior Siegel for orchestrating last night's nerdtacular >>> event! >>> >>> Jeff Knight >>> jeff not junkmail at lushmedia.com >>> 212/213-6558 x 203 >>> LUSH media >>> 110 W 40th St #1502 >>> New York, NY 10018 >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >> >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Wed Dec 17 12:32:53 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 12:32:53 -0500 Subject: [nycphp-talk] shout out In-Reply-To: <78FB51E2-30A7-11D8-BEAD-000393B9FB36@mac.com> References: <78FB51E2-30A7-11D8-BEAD-000393B9FB36@mac.com> Message-ID: <3FE09345.9080607@optonline.net> I enjoyed doing it. Sorta my payback for the help I've gotten from the group. Jeff PUTAMARE wrote: > Thanks to Senior Siegel for orchestrating last night's nerdtacular event! > > Jeff Knight > jeff not junkmail at lushmedia.com > 212/213-6558 x 203 > LUSH media > 110 W 40th St #1502 > New York, NY 10018 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jonbaer at jonbaer.net Wed Dec 17 12:53:02 2003 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 17 Dec 2003 12:53:02 -0500 Subject: [nycphp-talk] AdSense scripts? References: <05F6C3B4CA00D7419D1708F36A9F7745B28B@ffth-exc01.thompsonhealth.org> Message-ID: <00a101c3c4c6$9dae9960$6400a8c0@thinkpad> this seems like a good idea ... but unfortunatley (i think?) the ads are pretty random / dynamic so it might be hard, maybe i could take a 100 impressions and then rotate the db? thanks for the suggestion. - jon ----- Original Message ----- From: "Keith J Richardson" To: "NYPHP Talk" Sent: Wednesday, December 17, 2003 8:05 AM Subject: RE: [nycphp-talk] AdSense scripts? I use google's adsense - and just use the generated code. If it were me, id store the values in a text file, or a mysql database. Then i would have a php file that i would include, say google.php - that would read the data in from the database, and then have a function, say print_adcode() that would print out the javascript adcode. I think that should be all that you would need - but I havent played with it much myself other than getting the initial colors :) But for client, I would have to say the same thing, just suck the users data out of the mysql database, stick it in a session, and work it that way. Have default data, so that if the client doesnt want the colors to change, then the designer has it their way :P -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of jon baer Sent: Tuesday, December 16, 2003 5:57 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] AdSense scripts? im stucking between the client wanting adsense integrated (no problem) vs. the designer wanting it to look their way (problem), after figuring out google's adsense through their javascript includes ive noticed i can suck in, fopen, the content and preg_replace some data without a problem ... is there a script/class already out there for modifying the layout? (its also stated in google that modification is not really allowed, but its really the same code passing through php) ... anyone else have experience w/ it? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From danielc at analysisandsolutions.com Wed Dec 17 13:10:18 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 17 Dec 2003 13:10:18 -0500 Subject: [nycphp-talk] anyone else ill? Message-ID: <20031217181017.GA28449@panix.com> Hi Folks: How come the latest Security Focus news letter didn't warn me about the bug I cought last night? As i was leaving the Hard Rock, I was starting to feel ill. By the time I went to bed, I had a full blown feever. I'm a little better now, but not great. I hope no one else came down with this. Enjoy, --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From Keith.Richardson at thompsonhealth.com Wed Dec 17 13:23:11 2003 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Wed, 17 Dec 2003 13:23:11 -0500 Subject: [nycphp-talk] AdSense scripts? Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B28D@ffth-exc01.thompsonhealth.org> I did notice that google caches some of the colors/layouts - i changed it from vertical to horizontal on one site, and the box showed up horizontal, but the ads went vertical, so i had a bunch of white space. i hope it doesnt keep the colors the same for each page, and when someone gets it changed to their pref, the rest of them have to deal with pink and purple :P -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of jon baer Sent: Wednesday, December 17, 2003 12:53 PM To: NYPHP Talk Subject: Re: [nycphp-talk] AdSense scripts? this seems like a good idea ... but unfortunatley (i think?) the ads are pretty random / dynamic so it might be hard, maybe i could take a 100 impressions and then rotate the db? thanks for the suggestion. - jon ----- Original Message ----- From: "Keith J Richardson" To: "NYPHP Talk" Sent: Wednesday, December 17, 2003 8:05 AM Subject: RE: [nycphp-talk] AdSense scripts? I use google's adsense - and just use the generated code. If it were me, id store the values in a text file, or a mysql database. Then i would have a php file that i would include, say google.php - that would read the data in from the database, and then have a function, say print_adcode() that would print out the javascript adcode. I think that should be all that you would need - but I havent played with it much myself other than getting the initial colors :) But for client, I would have to say the same thing, just suck the users data out of the mysql database, stick it in a session, and work it that way. Have default data, so that if the client doesnt want the colors to change, then the designer has it their way :P -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of jon baer Sent: Tuesday, December 16, 2003 5:57 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] AdSense scripts? im stucking between the client wanting adsense integrated (no problem) vs. the designer wanting it to look their way (problem), after figuring out google's adsense through their javascript includes ive noticed i can suck in, fopen, the content and preg_replace some data without a problem ... is there a script/class already out there for modifying the layout? (its also stated in google that modification is not really allowed, but its really the same code passing through php) ... anyone else have experience w/ it? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From csnyder at chxo.com Wed Dec 17 13:26:40 2003 From: csnyder at chxo.com (csnyder at chxo.com) Date: Wed, 17 Dec 2003 13:26:40 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: <20031217181017.GA28449@panix.com> References: <20031217181017.GA28449@panix.com> Message-ID: <1071685600.3fe09fe072683@webmail.tuffmail.net> You had the Pig Sandwich didn't you? Sorry, couldn't resist. If you started to feel bad on your way home, you probably didn't catch it there, you just spread it to the rest of us... Hope you feel better, Dan. Great to see everyone last night! Quoting Daniel Convissor : > Hi Folks: > > How come the latest Security Focus news letter didn't warn me about the > bug I cought last night? > > As i was leaving the Hard Rock, I was starting to feel ill. By the time I > went to bed, I had a full blown feever. I'm a little better now, but not > great. > > I hope no one else came down with this. > > Enjoy, > > --Dan > > -- > FREE scripts that make web and database programming easier > http://www.analysisandsolutions.com/software/ > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > From jsiegel1 at optonline.net Wed Dec 17 13:35:15 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 13:35:15 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: <1071685600.3fe09fe072683@webmail.tuffmail.net> References: <20031217181017.GA28449@panix.com> <1071685600.3fe09fe072683@webmail.tuffmail.net> Message-ID: <3FE0A1E3.9000201@optonline.net> Just to clarify items. 1) *I* had the pig sandwich. 2) I feel fine. Jeff Siegel csnyder at chxo.com wrote: > You had the Pig Sandwich didn't you? > > Sorry, couldn't resist. If you started to feel bad on your way home, you > probably didn't catch it there, you just spread it to the rest of us... > > Hope you feel better, Dan. Great to see everyone last night! > > > > Quoting Daniel Convissor : > > >>Hi Folks: >> >>How come the latest Security Focus news letter didn't warn me about the >>bug I cought last night? >> >>As i was leaving the Hard Rock, I was starting to feel ill. By the time I >>went to bed, I had a full blown feever. I'm a little better now, but not >>great. >> >>I hope no one else came down with this. >> >>Enjoy, >> >>--Dan >> >>-- >> FREE scripts that make web and database programming easier >> http://www.analysisandsolutions.com/software/ >> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y >> 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> >> > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Wed Dec 17 13:36:27 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 13:36:27 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: <20031217181017.GA28449@panix.com> References: <20031217181017.GA28449@panix.com> Message-ID: <3FE0A22B.4060805@optonline.net> It's because it's a "Windows" thing. ;) Get PLENTY of rest...both my kids have gotten over something that had put them out of commission for five days. (Miraculously I hadn't come down it.) Jeff Siegel Daniel Convissor wrote: > Hi Folks: > > How come the latest Security Focus news letter didn't warn me about the > bug I cought last night? > > As i was leaving the Hard Rock, I was starting to feel ill. By the time I > went to bed, I had a full blown feever. I'm a little better now, but not > great. > > I hope no one else came down with this. > > Enjoy, > > --Dan > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From agfische at email.smith.edu Wed Dec 17 13:37:12 2003 From: agfische at email.smith.edu (Aaron Fischer) Date: Wed, 17 Dec 2003 13:37:12 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: <20031217181017.GA28449@panix.com> References: <20031217181017.GA28449@panix.com> Message-ID: <074B2FC6-30C0-11D8-AF7C-0003930D07F2@email.smith.edu> I'm feeling a little nauseous, but it's due to the fact that my car rental company charged me for 2 days instead of one... :-) (I had the veggie sandwich) -Aaron On Dec 17, 2003, at 1:10 PM, Daniel Convissor wrote: > Hi Folks: > > How come the latest Security Focus news letter didn't warn me about the > bug I cought last night? > > As i was leaving the Hard Rock, I was starting to feel ill. By the > time I > went to bed, I had a full blown feever. I'm a little better now, but > not > great. > > I hope no one else came down with this. > > Enjoy, > > --Dan > > -- > FREE scripts that make web and database programming easier > http://www.analysisandsolutions.com/software/ > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From danielc at analysisandsolutions.com Wed Dec 17 13:39:57 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 17 Dec 2003 13:39:57 -0500 Subject: [nycphp-talk] I need help In-Reply-To: <20031217141406.81316.qmail@web42005.mail.yahoo.com> References: <20031217141406.81316.qmail@web42005.mail.yahoo.com> Message-ID: <20031217183957.GA3613@panix.com> Hi Rena: On Wed, Dec 17, 2003 at 06:14:06AM -0800, Cloud N. wrote: > > I want to put some text which should be Arch with > Radius in a dynamically created image. What can I do > for it? Jeff Knight gave a great presentation on the GD Library functions in PHP. GD will do exactly what you want. --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From csnyder at chxo.com Wed Dec 17 13:59:34 2003 From: csnyder at chxo.com (csnyder at chxo.com) Date: Wed, 17 Dec 2003 13:59:34 -0500 Subject: [nycphp-talk] I need help In-Reply-To: <20031217183957.GA3613@panix.com> References: <20031217141406.81316.qmail@web42005.mail.yahoo.com> <20031217183957.GA3613@panix.com> Message-ID: <1071687574.3fe0a7963422d@webmail.tuffmail.net> Quoting Daniel Convissor : > Hi Rena: > > On Wed, Dec 17, 2003 at 06:14:06AM -0800, Cloud N. wrote: > > > > I want to put some text which should be Arch with > > Radius in a dynamically created image. What can I do > > for it? > > Jeff Knight gave a great presentation on the GD Library functions in PHP. > GD will do exactly what you want. > Even rotating the text? Anyway, that presentation (can't point to it enough) is at: http://nyphp.org/content/presentations/GDintro/gd1.php From dmintz at davidmintz.org Wed Dec 17 14:22:04 2003 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 17 Dec 2003 14:22:04 -0500 (EST) Subject: [nycphp-talk] anyone else ill? In-Reply-To: <3FE0A22B.4060805@optonline.net> References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> Message-ID: Since we're on the topic, I thought the food was awful. (Bright side: the contrast between the crappiness of the food and the superb quality of the conversation helped underscore the latter (-:) I ate pig sandwich. Had a bit of, ahem, digestive issues today but nothing significant. We all gotta promise -- PROMISE! -- to stay healthy. Being sick sucks. Thanks for a great evening. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jsiegel1 at optonline.net Wed Dec 17 14:41:29 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 14:41:29 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> Message-ID: <3FE0B169.7050102@optonline.net> But the camaraderie was great!! And in light of the "special treatment" we received there...let's just say we'll select a different venue for next year. Jeff Siegel David Mintz wrote: > Since we're on the topic, I thought the food was awful. (Bright side: > the contrast between the crappiness of the food and the superb quality of > the conversation helped underscore the latter (-:) I ate pig sandwich. Had > a bit of, ahem, digestive issues today but nothing significant. > > We all gotta promise -- PROMISE! -- to stay healthy. Being sick sucks. > > Thanks for a great evening. > > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From agfische at email.smith.edu Wed Dec 17 15:36:24 2003 From: agfische at email.smith.edu (Aaron Fischer) Date: Wed, 17 Dec 2003 15:36:24 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: <3FE0B169.7050102@optonline.net> References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> <3FE0B169.7050102@optonline.net> Message-ID: The round tables actually worked out pretty well as people hopped around from one table to the other. I like that part. It was great to meet as many of y'all listmembers as possible. Look forward to seeing photos. Apparently I took the prize for "guy who travelled the longest distance..." :-) -Aaron On Dec 17, 2003, at 2:41 PM, Jeff Siegel wrote: > But the camaraderie was great!! > > And in light of the "special treatment" we received there...let's just > say we'll select a different venue for next year. > > Jeff Siegel From jsiegel1 at optonline.net Wed Dec 17 16:03:25 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 16:03:25 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> <3FE0B169.7050102@optonline.net> Message-ID: <3FE0C49D.10005@optonline.net> Damn! Did we forget to give you your trophy??!! ;) Jeff Siegel Aaron Fischer wrote: > The round tables actually worked out pretty well as people hopped around > from one table to the other. I like that part. It was great to meet as > many of y'all listmembers as possible. > > Look forward to seeing photos. Apparently I took the prize for "guy who > travelled the longest distance..." :-) > > -Aaron > > On Dec 17, 2003, at 2:41 PM, Jeff Siegel wrote: > >> But the camaraderie was great!! >> >> And in light of the "special treatment" we received there...let's just >> say we'll select a different venue for next year. >> >> Jeff Siegel > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jeffknight at mac.com Wed Dec 17 16:14:31 2003 From: jeffknight at mac.com (PUTAMARE) Date: Wed, 17 Dec 2003 16:14:31 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> <3FE0B169.7050102@optonline.net> Message-ID: <01958A98-30D6-11D8-8B0D-000393B9FB36@mac.com> On Dec 17, 2003, at 3:36 PM, Aaron Fischer wrote: > Look forward to seeing photos. http://homepage.mac.com/jeffknight/PhotoAlbum2.html Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From agfische at email.smith.edu Wed Dec 17 16:15:23 2003 From: agfische at email.smith.edu (Aaron Fischer) Date: Wed, 17 Dec 2003 16:15:23 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: <3FE0C49D.10005@optonline.net> References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> <3FE0B169.7050102@optonline.net> <3FE0C49D.10005@optonline.net> Message-ID: <2096EF0A-30D6-11D8-AF7C-0003930D07F2@email.smith.edu> Hhhmm, well Mike Dewitt bought me drink(s) at the bar, that works for me! :-) -Aaron On Dec 17, 2003, at 4:03 PM, Jeff Siegel wrote: > Damn! Did we forget to give you your trophy??!! ;) > > Jeff Siegel > > Aaron Fischer wrote: > >> The round tables actually worked out pretty well as people hopped >> around from one table to the other. I like that part. It was great >> to meet as many of y'all listmembers as possible. >> Look forward to seeing photos. Apparently I took the prize for "guy >> who travelled the longest distance..." :-) >> -Aaron >> On Dec 17, 2003, at 2:41 PM, Jeff Siegel wrote: >>> But the camaraderie was great!! >>> >>> And in light of the "special treatment" we received there...let's >>> just say we'll select a different venue for next year. >>> >>> Jeff Siegel >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jeffknight at mac.com Wed Dec 17 16:18:00 2003 From: jeffknight at mac.com (PUTAMARE) Date: Wed, 17 Dec 2003 16:18:00 -0500 Subject: [nycphp-talk] I need help In-Reply-To: <1071687574.3fe0a7963422d@webmail.tuffmail.net> References: <20031217141406.81316.qmail@web42005.mail.yahoo.com> <20031217183957.GA3613@panix.com> <1071687574.3fe0a7963422d@webmail.tuffmail.net> Message-ID: <7DE90F44-30D6-11D8-8B0D-000393B9FB36@mac.com> On Dec 17, 2003, at 1:59 PM, csnyder at chxo.com wrote: > Even rotating the text? I'd love to be wrong, but I think not. I believe you have to split the string into individual characters and "do the math" for each character's x & y coordinates and rotation. Not fun at all, unless of course you like math... Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From jsiegel1 at optonline.net Wed Dec 17 16:24:59 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 16:24:59 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: <2096EF0A-30D6-11D8-AF7C-0003930D07F2@email.smith.edu> References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> <3FE0B169.7050102@optonline.net> <3FE0C49D.10005@optonline.net> <2096EF0A-30D6-11D8-AF7C-0003930D07F2@email.smith.edu> Message-ID: <3FE0C9AB.9070606@optonline.net> So you *did* get the trophy! ;) Jeff Aaron Fischer wrote: > Hhhmm, well Mike Dewitt bought me drink(s) at the bar, that works for > me! :-) > > -Aaron > > On Dec 17, 2003, at 4:03 PM, Jeff Siegel wrote: > >> Damn! Did we forget to give you your trophy??!! ;) >> >> Jeff Siegel >> >> Aaron Fischer wrote: >> >>> The round tables actually worked out pretty well as people hopped >>> around from one table to the other. I like that part. It was great >>> to meet as many of y'all listmembers as possible. >>> Look forward to seeing photos. Apparently I took the prize for "guy >>> who travelled the longest distance..." :-) >>> -Aaron >>> On Dec 17, 2003, at 2:41 PM, Jeff Siegel wrote: >>> >>>> But the camaraderie was great!! >>>> >>>> And in light of the "special treatment" we received there...let's >>>> just say we'll select a different venue for next year. >>>> >>>> Jeff Siegel >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >> >> >> -- >> Found on the Simpson's Website: >> "Ooooooh, they have the internet on computers now!" >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Wed Dec 17 16:51:15 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 17 Dec 2003 16:51:15 -0500 Subject: [nycphp-talk] I need help In-Reply-To: <20031217141406.81316.qmail@web42005.mail.yahoo.com> Message-ID: <000601c3c4e7$e60da810$bf8d3818@oberon1> Rena writes: "I want to put some text which should be Arch" If the users could have an svg viewer enabled/installed maybe 'text-textOnPath' could work look here: http://www.zvon.org/HowTo/Output/BEtestsuite_text-textOnPath-BE-03.php T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jsiegel1 at optonline.net Wed Dec 17 17:47:35 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 17:47:35 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: <01958A98-30D6-11D8-8B0D-000393B9FB36@mac.com> References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> <3FE0B169.7050102@optonline.net> <01958A98-30D6-11D8-8B0D-000393B9FB36@mac.com> Message-ID: <3FE0DD07.1040504@optonline.net> Hmmm...I don't remember a pool table. Jeff PUTAMARE wrote: > On Dec 17, 2003, at 3:36 PM, Aaron Fischer wrote: > >> Look forward to seeing photos. > > > http://homepage.mac.com/jeffknight/PhotoAlbum2.html > > Jeff Knight > jeff not junkmail at lushmedia.com > 212/213-6558 x 203 > LUSH media > 110 W 40th St #1502 > New York, NY 10018 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dmintz at davidmintz.org Wed Dec 17 17:52:27 2003 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 17 Dec 2003 17:52:27 -0500 (EST) Subject: [nycphp-talk] anyone else ill? In-Reply-To: <3FE0DD07.1040504@optonline.net> References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> <3FE0B169.7050102@optonline.net> <01958A98-30D6-11D8-8B0D-000393B9FB36@mac.com> <3FE0DD07.1040504@optonline.net> Message-ID: On Wed, 17 Dec 2003, Jeff Siegel wrote: > Hmmm...I don't remember a pool table. > > Jeff > What did I tell you about over-indulging? --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jsiegel1 at optonline.net Wed Dec 17 18:05:51 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 17 Dec 2003 18:05:51 -0500 Subject: [nycphp-talk] anyone else ill? In-Reply-To: References: <20031217181017.GA28449@panix.com> <3FE0A22B.4060805@optonline.net> <3FE0B169.7050102@optonline.net> <01958A98-30D6-11D8-8B0D-000393B9FB36@mac.com> <3FE0DD07.1040504@optonline.net> Message-ID: <3FE0E14F.5000902@optonline.net> When your right...your right. ;) Jeff David Mintz wrote: > On Wed, 17 Dec 2003, Jeff Siegel wrote: > > >>Hmmm...I don't remember a pool table. >> >>Jeff >> > > > What did I tell you about over-indulging? > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From hans at newyorkphp.com Thu Dec 18 08:23:59 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Thu, 18 Dec 2003 08:23:59 -0500 Subject: [nycphp-talk] shout out Message-ID: <688BD1502D7CA547800722B3501F62BB3F4CF2@ms03.mailstreet2003.net> > Thanks to Senior Siegel for orchestrating last night's nerdtacular > event! Same here. Great time Siegel. Thank you, H From hans at newyorkphp.com Thu Dec 18 09:20:48 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Thu, 18 Dec 2003 09:20:48 -0500 Subject: [nycphp-talk] What UserLogin/Auth mechanism do you use ? Message-ID: <688BD1502D7CA547800722B3501F62BB3F4CFE@ms03.mailstreet2003.net> > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Mintz > Sent: Sunday, December 14, 2003 12:52 PM > To: NYPHP Talk > Subject: RE: [nycphp-talk] What UserLogin/Auth mechanism do you use ? > > On Sun, 14 Dec 2003, Hans Zaunere wrote: > > > > How about giving us a little tutorial on it at a NYPHP > meeting one of > > these days? > > > > Sure. Maybe even the December meeting, if you'll be there? > > > Hmmmm, 23-December 2003? OK! I'm sure it will beat the hell > out of such > alternatives as shopping and standing in long lines :-) Well, I'm not sure how fun reviewing authorization code can be, but we'll give it a shot :) If there's time after the other presentations on Tuesday, I'll give an intro to pAuth. H From mjdewitt at alexcommgrp.com Thu Dec 18 09:24:59 2003 From: mjdewitt at alexcommgrp.com (DeWitt, Michael) Date: Thu, 18 Dec 2003 09:24:59 -0500 Subject: [nycphp-talk] My Holiday Party pictures are posted Message-ID: You can see them at http://www.nyphp.org/content/gallery/albums.php If you have some pictures of the night, add them on, or email them to me (with captions if you want), and I will hang them. Thank you very much Jeff Siegel for a great night out! Mike From Kbedi at inta.org Thu Dec 18 10:30:34 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 18 Dec 2003 10:30:34 -0500 Subject: [nycphp-talk] CodeCharge Software for PHP Applications Message-ID: Has anyone here used codecharge? If yes what do you think about it. From tom at supertom.com Thu Dec 18 10:29:47 2003 From: tom at supertom.com (tom at supertom.com) Date: Thu, 18 Dec 2003 10:29:47 -0500 Subject: [nycphp-talk] CodeCharge Software for PHP Applications In-Reply-To: Message-ID: I have used it, but not to build any big applications. About a year and a half ago, I would say. Like with any generation tool, they will save you alot of time *until* you need to change something, in which case, you will need to be a PHP expert to do. If I remember correctly, it used the db connection classes from phplib. I remember the interface being a little clunky, but again, that was while ago that I used it. Why didn't I adopt it as a development tool? Well, I already have my own generation mechanism. :-) *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 18, 2003 10:31 AM To: 'NYPHP Talk' Subject: [nycphp-talk] CodeCharge Software for PHP Applications Has anyone here used codecharge? If yes what do you think about it. _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Kbedi at inta.org Thu Dec 18 10:39:37 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 18 Dec 2003 10:39:37 -0500 Subject: [nycphp-talk] CodeCharge Software for PHP Applications Message-ID: What kind of a generation mechanism do you use tom -----Original Message----- From: tom at supertom.com [mailto:tom at supertom.com] Sent: Thursday, December 18, 2003 10:30 AM To: NYPHP Talk Subject: RE: [nycphp-talk] CodeCharge Software for PHP Applications I have used it, but not to build any big applications. About a year and a half ago, I would say. Like with any generation tool, they will save you alot of time *until* you need to change something, in which case, you will need to be a PHP expert to do. If I remember correctly, it used the db connection classes from phplib. I remember the interface being a little clunky, but again, that was while ago that I used it. Why didn't I adopt it as a development tool? Well, I already have my own generation mechanism. :-) *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 18, 2003 10:31 AM To: 'NYPHP Talk' Subject: [nycphp-talk] CodeCharge Software for PHP Applications Has anyone here used codecharge? If yes what do you think about it. _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Kbedi at inta.org Thu Dec 18 10:40:15 2003 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 18 Dec 2003 10:40:15 -0500 Subject: [nycphp-talk] CodeCharge Software for PHP Applications Message-ID: I am currently using smarty for my applications and want to find out if switching to this application would be a good idea. -----Original Message----- From: tom at supertom.com [mailto:tom at supertom.com] Sent: Thursday, December 18, 2003 10:30 AM To: NYPHP Talk Subject: RE: [nycphp-talk] CodeCharge Software for PHP Applications I have used it, but not to build any big applications. About a year and a half ago, I would say. Like with any generation tool, they will save you alot of time *until* you need to change something, in which case, you will need to be a PHP expert to do. If I remember correctly, it used the db connection classes from phplib. I remember the interface being a little clunky, but again, that was while ago that I used it. Why didn't I adopt it as a development tool? Well, I already have my own generation mechanism. :-) *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Thursday, December 18, 2003 10:31 AM To: 'NYPHP Talk' Subject: [nycphp-talk] CodeCharge Software for PHP Applications Has anyone here used codecharge? If yes what do you think about it. _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dmintz at davidmintz.org Thu Dec 18 11:16:20 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 18 Dec 2003 11:16:20 -0500 (EST) Subject: [nycphp-talk] My Holiday Party pictures are posted In-Reply-To: References: Message-ID: Nice job of turning around those pictures so promptly, Jeff and Mike! That Gallery package looks pretty slick too, I keep meaning to start playing with it... althought didn't Dan "Buzzkiller" C. post a security notice a while back about some vulnerability in it? On Thu, 18 Dec 2003, DeWitt, Michael wrote: > You can see them at http://www.nyphp.org/content/gallery/albums.php > > If you have some pictures of the night, add them on, or email them to me > (with captions if you want), and I will hang them. > > Thank you very much Jeff Siegel for a great night out! --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From dmintz at davidmintz.org Thu Dec 18 11:34:53 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 18 Dec 2003 11:34:53 -0500 (EST) Subject: [nycphp-talk] Gallery (was Re: My Holiday Party pictures are posted) In-Reply-To: References: Message-ID: On Thu, 18 Dec 2003, David Mintz wrote: > > That Gallery package looks pretty slick too, I keep meaning to start > playing with it... althought didn't Dan "Buzzkiller" C. post a security > notice a while back about some vulnerability in it? Oops, that seems to have been addressed in the current release. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From northcloud2000 at yahoo.com Thu Dec 18 11:53:18 2003 From: northcloud2000 at yahoo.com (Cloud N.) Date: Thu, 18 Dec 2003 08:53:18 -0800 (PST) Subject: [nycphp-talk] (no subject) Message-ID: <20031218165318.92544.qmail@web42004.mail.yahoo.com> Hello, Are there anyone who can tell me how come it is? Thanks alot in advance. I try to input some text from first page (sendText.php), then pass the text to second file (recText.php) to generate an image, then shows the image up in first page, but those texts don't be added to the image. If I put some fixed text in second file (recText.php - commend out ling 6-8), it works (it mekes sense). How can I check what variables be passed to second file? any function can do it? Rena ---------- two parts code are below: -----------
Input new content for top line:     
Input new content for middle line:
Input new content for bottom line:


"); ?>
-------------- __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ From bpang at bpang.com Thu Dec 18 12:11:07 2003 From: bpang at bpang.com (Brian Pang) Date: Thu, 18 Dec 2003 12:11:07 -0500 Subject: [nycphp-talk] (no subject) Message-ID: the $_POST vars are only scoped to the sendText.php file you can't get them from recText.php instead... call recText.php like this recText.php?cont_mid=.....etc since this is a GET, change $_POST in recText.php to $_GET > Hello, > > Are there anyone who can tell me how come it is? > Thanks alot in advance. > > I try to input some text from first page > (sendText.php), then pass the text to second file > (recText.php) to generate an image, then shows the > image up in first page, but those texts don't be added > to the image. If I put some fixed text in second file > (recText.php - commend out ling 6-8), it works (it > mekes sense). How can I check what variables be passed > to second file? any function can do it? > > > Rena > ---------- > > two parts code are below: > > ----------- > // sendText.php > ?> > > > >
action=""> > > > > >
> > > > > > > > > > > >
> Input new content for top line: >      >
>
> Input new content for middle line: >
>
> Input new content for bottom line: > size=10>
>
> name='submit'> > >
>
>
> if($_POST['send'] == "true") > echo ("

"); > ?> >
> > > >
>
> > > -------------- > // recText.php > > $c_top = "this is top"; > $c_mid = "this is middle"; > $c_btm = "this is bottom"; > > $c_top = $_POST['cont_top']; // line 6 > $c_mid = $_POST['cont_mid']; // line 7 > $c_btm = $_POST['cont_bottom']; // line 8 > > $new_id = "newImage"; > > $imgCache = @ImageCreateFromPNG ("$new_id.png"); > > if($imgCache) // if existing > { > ImagePNG($imgCache); > } > else // if not existing > { > // create image > > $image = imagecreate(270, 270); > $white = imagecolorallocate($image, 255, > 255, 255); > $red = imagecolorallocate($image, 255, > 0, 0); > $black = imagecolorallocate($image, 0, 0, > 0); > $Tan = imagecolorallocate($image, 222, > 184, 135); > > imagefilledarc($image, 135, 135, 270, 270, 0, > 360 , $black, IMG_ARC_PIE); > > > Imagettftext($image, 10, 0, 100, 50, > $red,'arial.ttf', $c_top); > Imagettftext($image, 20, 0, 70, 130, > $red,'arial.ttf', $c_mid); > Imagettftext($image, 10, 0, 100, 210, > $red,'arial.ttf', $c_btm); > > header('Content-type: image/png'); > ImagePng($image, "$new_id.png"); > $imgcache = @ImageCreateFromPNG > ("$new_id.png"); > ImagePNG($imgcache); > imagedestroy($image); > } //end of imgCache > > ?> > > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > From jsiegel1 at optonline.net Thu Dec 18 12:14:36 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 18 Dec 2003 12:14:36 -0500 Subject: [nycphp-talk] shout out In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F4CF2@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB3F4CF2@ms03.mailstreet2003.net> Message-ID: <3FE1E07C.2030904@optonline.net> You're welcome. Jeff Hans Zaunere wrote: >>Thanks to Senior Siegel for orchestrating last night's nerdtacular >>event! > > > Same here. Great time Siegel. > > Thank you, > > H > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Thu Dec 18 12:14:59 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 18 Dec 2003 12:14:59 -0500 Subject: [nycphp-talk] My Holiday Party pictures are posted In-Reply-To: References: Message-ID: <3FE1E093.1030408@optonline.net> You're quite welcome...and the pics are great! Jeff DeWitt, Michael wrote: > You can see them at http://www.nyphp.org/content/gallery/albums.php > > If you have some pictures of the night, add them on, or email them to me > (with captions if you want), and I will hang them. > > Thank you very much Jeff Siegel for a great night out! > > Mike > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From Keith.Richardson at thompsonhealth.com Thu Dec 18 12:13:32 2003 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Thu, 18 Dec 2003 12:13:32 -0500 Subject: [nycphp-talk] (no subject) Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B28F@ffth-exc01.thompsonhealth.org> Even with the post variables not workng poperly, I erased the post variables and used the defaults. This shows just a black circle, and thats it. It also caches the image, so if you do a change, you have to go and remove the newImage.png file, so it stinks for testing it :P -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Brian Pang Sent: Thursday, December 18, 2003 12:11 PM To: NYPHP Talk Subject: Re: [nycphp-talk] (no subject) the $_POST vars are only scoped to the sendText.php file you can't get them from recText.php instead... call recText.php like this recText.php?cont_mid=.....etc since this is a GET, change $_POST in recText.php to $_GET > Hello, > > Are there anyone who can tell me how come it is? > Thanks alot in advance. > > I try to input some text from first page > (sendText.php), then pass the text to second file > (recText.php) to generate an image, then shows the > image up in first page, but those texts don't be added > to the image. If I put some fixed text in second file > (recText.php - commend out ling 6-8), it works (it > mekes sense). How can I check what variables be passed > to second file? any function can do it? > > > Rena > ---------- > > two parts code are below: > > ----------- > // sendText.php > ?> > > > >
action=""> > > > > >
> > > > > > > > > > > >
> Input new content for top line: >      >
>
> Input new content for middle line: >
>
> Input new content for bottom line: > size=10>
>
> name='submit'> > >
>
>
> if($_POST['send'] == "true") > echo ("

"); > ?> >
> > > >
>
> > > -------------- > // recText.php > > $c_top = "this is top"; > $c_mid = "this is middle"; > $c_btm = "this is bottom"; > > $c_top = $_POST['cont_top']; // line 6 > $c_mid = $_POST['cont_mid']; // line 7 > $c_btm = $_POST['cont_bottom']; // line 8 > > $new_id = "newImage"; > > $imgCache = @ImageCreateFromPNG ("$new_id.png"); > > if($imgCache) // if existing > { > ImagePNG($imgCache); > } > else // if not existing > { > // create image > > $image = imagecreate(270, 270); > $white = imagecolorallocate($image, 255, > 255, 255); > $red = imagecolorallocate($image, 255, > 0, 0); > $black = imagecolorallocate($image, 0, 0, > 0); > $Tan = imagecolorallocate($image, 222, > 184, 135); > > imagefilledarc($image, 135, 135, 270, 270, 0, > 360 , $black, IMG_ARC_PIE); > > > Imagettftext($image, 10, 0, 100, 50, > $red,'arial.ttf', $c_top); > Imagettftext($image, 20, 0, 70, 130, > $red,'arial.ttf', $c_mid); > Imagettftext($image, 10, 0, 100, 210, > $red,'arial.ttf', $c_btm); > > header('Content-type: image/png'); > ImagePng($image, "$new_id.png"); > $imgcache = @ImageCreateFromPNG > ("$new_id.png"); > ImagePNG($imgcache); > imagedestroy($image); > } //end of imgCache > > ?> > > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Thu Dec 18 14:40:48 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 18 Dec 2003 14:40:48 -0500 Subject: [nycphp-talk] Spring time party?? Message-ID: <3FE202C0.40704@optonline.net> Is there any interest in having a spring time party that's NOT at the Hard Rock? Here are two possibilities: a) meet on a weekend at Central Park. We would need a permit for a large gathering and we can reserve a "space" for our own use. We can't barbecue (which would be nice) but perhaps we can think about a six-foot hero or something like that. However, alcohol is, for the most part, verboten (see: http://www.nycgovparks.org/sub_things_to_do/events/ev_faqs_manhattan.html) b) sunny Port Washington is only 40 minutes by train and we can do the dogs/burgers/beer thing at my home and we don't need a permit. Any other ideas? Jeff Siegel -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Thu Dec 18 14:50:03 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 18 Dec 2003 14:50:03 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <3FE202C0.40704@optonline.net> Message-ID: <001701c3c5a0$22b28570$bf8d3818@oberon1> Jeff Siegel writes: "sunny Port Washington is only 40 minutes by train and we can do the dogs/burgers/beer" As Homer says: "Hmmmmmm... beeer!" P.S. Thanks a lot for your effort to make the Christmas party a success. (I had a great time) T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From tom at supertom.com Thu Dec 18 15:02:49 2003 From: tom at supertom.com (tom at supertom.com) Date: Thu, 18 Dec 2003 15:02:49 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <3FE202C0.40704@optonline.net> Message-ID: Hey, if you have it in Port Washington, a bet a bunch of LIPHPer's would go. We like beer too, you know. :-) Tom http://www.liphp.org *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel Sent: Thursday, December 18, 2003 2:41 PM To: NYPHP Talk Subject: [nycphp-talk] Spring time party?? Is there any interest in having a spring time party that's NOT at the Hard Rock? Here are two possibilities: a) meet on a weekend at Central Park. We would need a permit for a large gathering and we can reserve a "space" for our own use. We can't barbecue (which would be nice) but perhaps we can think about a six-foot hero or something like that. However, alcohol is, for the most part, verboten (see: http://www.nycgovparks.org/sub_things_to_do/events/ev_faqs_manhattan.html) b) sunny Port Washington is only 40 minutes by train and we can do the dogs/burgers/beer thing at my home and we don't need a permit. Any other ideas? Jeff Siegel -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Thu Dec 18 15:22:11 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 18 Dec 2003 15:22:11 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <001701c3c5a0$22b28570$bf8d3818@oberon1> References: <001701c3c5a0$22b28570$bf8d3818@oberon1> Message-ID: <3FE20C73.80107@optonline.net> Keep in mind that Corona is my beer of choice...when it comes to accompanying dogs on grill. Jeff P.S. You're welcome. Tim Gales wrote: > Jeff Siegel writes: > "sunny Port Washington is only 40 minutes by train and we can do the > dogs/burgers/beer" > > As Homer says: "Hmmmmmm... beeer!" > > P.S. > Thanks a lot for your effort to make > the Christmas party a success. > (I had a great time) > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Thu Dec 18 15:23:36 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 18 Dec 2003 15:23:36 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: References: Message-ID: <3FE20CC8.1070902@optonline.net> Sounds good to me! Now...if we can get the Manhattanites on board.... Jeff tom at supertom.com wrote: > Hey, if you have it in Port Washington, a bet a bunch of LIPHPer's would go. > > We like beer too, you know. :-) > > Tom > http://www.liphp.org > > > > > > *************************************************** > What's Tom listening to right now? Find out here: > http://www.supertom.com/current_track.php > > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel > Sent: Thursday, December 18, 2003 2:41 PM > To: NYPHP Talk > Subject: [nycphp-talk] Spring time party?? > > > Is there any interest in having a spring time party that's NOT at the > Hard Rock? Here are two possibilities: > a) meet on a weekend at Central Park. We would need a permit for a > large gathering and we can reserve a "space" for our own use. We can't > barbecue (which would be nice) but perhaps we can think about a six-foot > hero or something like that. However, alcohol is, for the most part, > verboten > (see: > http://www.nycgovparks.org/sub_things_to_do/events/ev_faqs_manhattan.html) > > b) sunny Port Washington is only 40 minutes by train and we can do the > dogs/burgers/beer thing at my home and we don't need a permit. > > Any other ideas? > > Jeff Siegel -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jeffknight at mac.com Thu Dec 18 15:52:29 2003 From: jeffknight at mac.com (PUTAMARE) Date: Thu, 18 Dec 2003 15:52:29 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <3FE202C0.40704@optonline.net> References: <3FE202C0.40704@optonline.net> Message-ID: <180FACF8-319C-11D8-8B0D-000393B9FB36@mac.com> On Dec 18, 2003, at 2:40 PM, Jeff Siegel wrote: > However, alcohol is, for the most part, verboten That is not an option. Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From tgales at tgaconnect.com Thu Dec 18 16:05:22 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 18 Dec 2003 16:05:22 -0500 Subject: [nycphp-talk] This will make a nice holiday present for Linux aficionados Message-ID: <001901c3c5aa$a71f89c0$bf8d3818@oberon1> Linux 2.6 Arrives By Steven J. Vaughan-Nichols December 18, 2003 Linus Torvalds released the long-awaited Linux 2.6 on Wednesday night http://www.eweek.com/article2/0,4149,1417238,00.asp?kc=EWNWS121803DTX1K000 0599. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From agfische at email.smith.edu Thu Dec 18 16:09:41 2003 From: agfische at email.smith.edu (Aaron Fischer) Date: Thu, 18 Dec 2003 16:09:41 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <3FE202C0.40704@optonline.net> References: <3FE202C0.40704@optonline.net> Message-ID: <7F18B912-319E-11D8-8C02-0003930D07F2@email.smith.edu> While the park things sounds appealing I would have to agree with JK that verboten and alcohol != a feasible option. Your house sounds great despite the fact that it's 40 minutes in the wrong direction! ;-) -Aaron On Dec 18, 2003, at 2:40 PM, Jeff Siegel wrote: > Is there any interest in having a spring time party that's NOT at the > Hard Rock? Here are two possibilities: > a) meet on a weekend at Central Park. We would need a permit for a > large gathering and we can reserve a "space" for our own use. We can't > barbecue (which would be nice) but perhaps we can think about a > six-foot hero or something like that. However, alcohol is, for the > most part, verboten > (see: > http://www.nycgovparks.org/sub_things_to_do/events/ > ev_faqs_manhattan.html) > > b) sunny Port Washington is only 40 minutes by train and we can do > the dogs/burgers/beer thing at my home and we don't need a permit. > > Any other ideas? > > Jeff Siegel From jeffknight at mac.com Thu Dec 18 16:29:31 2003 From: jeffknight at mac.com (PUTAMARE) Date: Thu, 18 Dec 2003 16:29:31 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <3FE202C0.40704@optonline.net> References: <3FE202C0.40704@optonline.net> Message-ID: <4448BFB2-31A1-11D8-8B0D-000393B9FB36@mac.com> I haven't been in a couple of years myself, but I used to enjoy group camping here: http://www.nps.gov/fiis/Camping/camping.html http://www.watchhillfi.com/camping.htm We can definitely drink (there is a liquor store a ten minute walk from the campsite) & eat (BBQ!). The group site is a large circle big enough to accommodate even the largest nerdathon. As camping goes, it is probably the most comfortable place I've been. Nearby restaurant/grocery store/liquor store, solar-heated showers, etc. The ground is sand and quite comfortable, and the constant sound of the ocean always makes me sleep well (especially with a belly-full of that devil juice). To get to the island, you need to take a ferry from Patchogue (about an hour from Penn Station). The location is mainly a dockage for boat people (why do those people spend so much money to sit at a dock and watch tv?), but has a small shack for coffee and bacon egg & cheezes for those of us unwilling to make our own in the a.m. On Dec 18, 2003, at 2:40 PM, Jeff Siegel wrote: > Is there any interest in having a spring time party that's NOT at the > Hard Rock? Here are two possibilities: > a) meet on a weekend at Central Park. We would need a permit for a > large gathering and we can reserve a "space" for our own use. We can't > barbecue (which would be nice) but perhaps we can think about a > six-foot hero or something like that. However, alcohol is, for the > most part, verboten > (see: > http://www.nycgovparks.org/sub_things_to_do/events/ > ev_faqs_manhattan.html) > > b) sunny Port Washington is only 40 minutes by train and we can do > the dogs/burgers/beer thing at my home and we don't need a permit. > > Any other ideas? > > Jeff Siegel > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From csnyder at chxo.com Thu Dec 18 16:54:09 2003 From: csnyder at chxo.com (csnyder at chxo.com) Date: Thu, 18 Dec 2003 16:54:09 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <4448BFB2-31A1-11D8-8B0D-000393B9FB36@mac.com> References: <3FE202C0.40704@optonline.net> <4448BFB2-31A1-11D8-8B0D-000393B9FB36@mac.com> Message-ID: <1071784449.3fe222016c299@webmail.tuffmail.net> But is there a WiFi connection???!? Quoting PUTAMARE : > > To get to the island, you need to take a ferry from Patchogue (about an > hour from Penn Station). The location is mainly a dockage for boat > people (why do those people spend so much money to sit at a dock and > watch tv?), but has a small shack for coffee and bacon egg & cheezes > for those of us unwilling to make our own in the a.m. > From dmintz at davidmintz.org Thu Dec 18 17:22:51 2003 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 18 Dec 2003 17:22:51 -0500 (EST) Subject: [nycphp-talk] Spring time party?? In-Reply-To: <180FACF8-319C-11D8-8B0D-000393B9FB36@mac.com> References: <3FE202C0.40704@optonline.net> <180FACF8-319C-11D8-8B0D-000393B9FB36@mac.com> Message-ID: On Thu, 18 Dec 2003, PUTAMARE wrote: > On Dec 18, 2003, at 2:40 PM, Jeff Siegel wrote: > > However, alcohol is, for the most part, verboten > > That is not an option. > if (! $party->hasBeer()) { die("f*ck that."); } --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From shiflett at php.net Thu Dec 18 17:27:26 2003 From: shiflett at php.net (Chris Shiflett) Date: Thu, 18 Dec 2003 14:27:26 -0800 (PST) Subject: [nycphp-talk] Review your secure PHP Session Implementation In-Reply-To: <20031217080741.85557.qmail@web14307.mail.yahoo.com> Message-ID: <20031218222726.52109.qmail@web14308.mail.yahoo.com> --- Tech_learner wrote: > > To: php-xml at yahoogroups.com > From: midjamie at yahoo.com > Date: Wed, 17 Dec 2003 06:06:39 -0000 > Subject: [php-xml] Review your secure PHP Session Implementation > > For all you avid PHP enthusiasts in here, i thought i should point you > folks to an interesting article that read this morning on 'Session > Security in PHP'. The article is is actually the cover story of the > PHP Magazine Digital Issue, which can itself be downloaded free from > https://www.entwickler.com/ssl/phppdf/ > > Most interestingly, the author Chris Shiflett who wrote the cover > story, has been kind enough to accept submissions from people who > think they have a secure PHP session implementation. He is even > willing to review each of those implementations personally. This > oppurtunity should definitely be used by every PHP progammer > interested in writing secure PHP Code. I'm glad to see that someone noticed that. :-) Only one person has taken advantage of my offer so far, so it's not exactly a big hit. Oh well, it's the thought that counts, right? Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From hans at newyorkphp.com Thu Dec 18 18:41:21 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Thu, 18 Dec 2003 18:41:21 -0500 Subject: [nycphp-talk] Review your secure PHP Session Implementation Message-ID: <688BD1502D7CA547800722B3501F62BB3F4EDE@ms03.mailstreet2003.net> > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris Shiflett > Sent: Thursday, December 18, 2003 5:27 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Review your secure PHP Session > Implementation > > --- Tech_learner wrote: > > > > To: php-xml at yahoogroups.com > > From: midjamie at yahoo.com > > Date: Wed, 17 Dec 2003 06:06:39 -0000 > > Subject: [php-xml] Review your secure PHP Session Implementation > > > > For all you avid PHP enthusiasts in here, i thought i should point you > > folks to an interesting article that read this morning on 'Session > > Security in PHP'. The article is is actually the cover story of the > > PHP Magazine Digital Issue, which can itself be downloaded free from > > https://www.entwickler.com/ssl/phppdf/ > > > > Most interestingly, the author Chris Shiflett who wrote the cover > > story, has been kind enough to accept submissions from people who > > think they have a secure PHP session implementation. He is even > > willing to review each of those implementations personally. This > > oppurtunity should definitely be used by every PHP progammer > > interested in writing secure PHP Code. > > I'm glad to see that someone noticed that. :-) > > Only one person has taken advantage of my offer so far, so it's not > exactly a big hit. Oh well, it's the thought that counts, right? You never looked at my, uhh, "submission" which I clean up especially for that previous thread :) http://lists.nyphp.org/pipermail/talk/2003-November/006318.html H From shiflett at php.net Thu Dec 18 18:47:51 2003 From: shiflett at php.net (Chris Shiflett) Date: Thu, 18 Dec 2003 15:47:51 -0800 (PST) Subject: [nycphp-talk] Review your secure PHP Session Implementation In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F4EDE@ms03.mailstreet2003.net> Message-ID: <20031218234751.36296.qmail@web14304.mail.yahoo.com> --- Hans Zaunere wrote: > You never looked at my, uhh, "submission" which I clean up especially > for that previous thread :) > > http://lists.nyphp.org/pipermail/talk/2003-November/006318.html Heh, well my benevolence has its bounds, but only due to a lack of time, not because I'm not a nice guy. :-) I'm willing to review code that accompanies a description of the implementation or just the description. I don't want to dig through lots of files of raw code just to figure out your approach, when you could easily just tell me. It seems like a poor use of our collective time. :-) I also admit that my motivation is lessened by the lack of interest more than my lack of time. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From agfische at email.smith.edu Thu Dec 18 18:53:25 2003 From: agfische at email.smith.edu (Aaron Fischer) Date: Thu, 18 Dec 2003 18:53:25 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: References: <3FE202C0.40704@optonline.net> <180FACF8-319C-11D8-8B0D-000393B9FB36@mac.com> Message-ID: <5EEEACFC-31B5-11D8-A0B6-000A95AF25D2@email.smith.edu> Most excellent DM. -A On Dec 18, 2003, at 5:22 PM, David Mintz wrote: > if (! $party->hasBeer()) { die("f*ck that."); } From hans at newyorkphp.com Thu Dec 18 19:03:14 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Thu, 18 Dec 2003 19:03:14 -0500 Subject: [nycphp-talk] Review your secure PHP Session Implementation Message-ID: <688BD1502D7CA547800722B3501F62BB3F4EE5@ms03.mailstreet2003.net> > --- Hans Zaunere wrote: > > You never looked at my, uhh, "submission" which I clean up > especially for that previous thread :) > > > > http://lists.nyphp.org/pipermail/talk/2003-November/006318.html > > Heh, well my benevolence has its bounds, but only due to a > lack of time, not because I'm not a nice guy. :-) > > I'm willing to review code that accompanies a description of the > implementation or just the description. I don't want to dig > through lots > of files of raw code just to figure out your approach, when you could > easily just tell me. It seems like a poor use of our > collective time. :-) Ahh, a couple files have moved into that directory since the original post. The whole thing is http://posit.nyphp.org/~praxis/pas/pas.ss.psh > I also admit that my motivation is lessened by the lack of > interest more than my lack of time. Well Chris, you had asked me to elaborate on it last month. H From jsiegel1 at optonline.net Thu Dec 18 19:18:03 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 18 Dec 2003 19:18:03 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <4448BFB2-31A1-11D8-8B0D-000393B9FB36@mac.com> References: <3FE202C0.40704@optonline.net> <4448BFB2-31A1-11D8-8B0D-000393B9FB36@mac.com> Message-ID: <3FE243BB.9030804@optonline.net> Um...er...not sure if I want to share a tent with you. ;) Jeff PUTAMARE wrote: > I haven't been in a couple of years myself, but I used to enjoy group > camping here: > > http://www.nps.gov/fiis/Camping/camping.html > http://www.watchhillfi.com/camping.htm > > We can definitely drink (there is a liquor store a ten minute walk from > the campsite) & eat (BBQ!). The group site is a large circle big enough > to accommodate even the largest nerdathon. As camping goes, it is > probably the most comfortable place I've been. Nearby > restaurant/grocery store/liquor store, solar-heated showers, etc. The > ground is sand and quite comfortable, and the constant sound of the > ocean always makes me sleep well (especially with a belly-full of that > devil juice). > > To get to the island, you need to take a ferry from Patchogue (about an > hour from Penn Station). The location is mainly a dockage for boat > people (why do those people spend so much money to sit at a dock and > watch tv?), but has a small shack for coffee and bacon egg & cheezes > for those of us unwilling to make our own in the a.m. > > > On Dec 18, 2003, at 2:40 PM, Jeff Siegel wrote: > >> Is there any interest in having a spring time party that's NOT at the >> Hard Rock? Here are two possibilities: >> a) meet on a weekend at Central Park. We would need a permit for >> a large gathering and we can reserve a "space" for our own use. We >> can't barbecue (which would be nice) but perhaps we can think about >> a six-foot hero or something like that. However, alcohol is, for the >> most part, verboten >> (see: http://www.nycgovparks.org/sub_things_to_do/events/ >> ev_faqs_manhattan.html) >> >> b) sunny Port Washington is only 40 minutes by train and we can >> do the dogs/burgers/beer thing at my home and we don't need a permit. >> >> Any other ideas? >> >> Jeff Siegel >> -- >> Found on the Simpson's Website: >> "Ooooooh, they have the internet on computers now!" >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > Jeff Knight > jeff not junkmail at lushmedia.com > 212/213-6558 x 203 > LUSH media > 110 W 40th St #1502 > New York, NY 10018 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jeffknight at mac.com Thu Dec 18 19:43:42 2003 From: jeffknight at mac.com (PUTAMARE) Date: Thu, 18 Dec 2003 19:43:42 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <3FE243BB.9030804@optonline.net> References: <3FE202C0.40704@optonline.net> <4448BFB2-31A1-11D8-8B0D-000393B9FB36@mac.com> <3FE243BB.9030804@optonline.net> Message-ID: <64F6B4DC-31BC-11D8-A41C-000393B9FB36@mac.com> On Dec 18, 2003, at 7:18 PM, Jeff Siegel wrote: > Um...er...not sure if I want to share a tent with you. ;) I'm sure the offer wasn't even implied... Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From jsiegel1 at optonline.net Thu Dec 18 19:51:41 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 18 Dec 2003 19:51:41 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <7F18B912-319E-11D8-8C02-0003930D07F2@email.smith.edu> References: <3FE202C0.40704@optonline.net> <7F18B912-319E-11D8-8C02-0003930D07F2@email.smith.edu> Message-ID: <3FE24B9D.9050903@optonline.net> Aaron, Excuse me...but *I* happen to think that it is 40 minutes in the RIGHT direction. Did I forget to mention that, a mere 40 minutes in the "wrong" direction, you can be at the dock that overlooks the harbor and Long Island sound...or did I forget to mention the local seafood restaurants at the dock...or our local steak houses...or our sushi restaurants (3 of them)...our Thai restaurant...or our Italian restaurants (too many to count)...or our Mexican/Central American restaurants (2 of them)...or our pubs with great food (again...too many to count)...or our Chinese restaurants (too many to count) and the restaurant service in general where you don't get treated like we did in HRC. And when I want to see the "big" world, besides being able to be in Manhattan in 40 minutes with a single train ride, I could be in downtown Flushing (25 minutes) where the food rivals ANYTHING you may find in Manhattan's Chinatown...in fact...it's hard to classify downtown Flushing as a little Chinatown since you can get Thai, Vietnamese, Korean and many other types of food at great prices. A few additional minutes and you can be at Shea Stadium (very handy when I went to the Springsteen concert) or at the Tennis Center. NOW what do you have to say for yourself! Jeff P.S. Notice how I controlled myself and didn't say that *you* lived 3 hours in the wrong direction? How's that for self-restraint? (Ooops...darn...I said it.) P.P.S. On a more serious note, downtown Flushing would be a great place to meet to get some fantastic food. Aaron Fischer wrote: > While the park things sounds appealing I would have to agree with JK > that verboten and alcohol != a feasible option. Your house sounds > great despite the fact that it's 40 minutes in the wrong direction! ;-) > > -Aaron > > On Dec 18, 2003, at 2:40 PM, Jeff Siegel wrote: > >> Is there any interest in having a spring time party that's NOT at the >> Hard Rock? Here are two possibilities: >> a) meet on a weekend at Central Park. We would need a permit for >> a large gathering and we can reserve a "space" for our own use. We >> can't barbecue (which would be nice) but perhaps we can think about >> a six-foot hero or something like that. However, alcohol is, for the >> most part, verboten >> (see: http://www.nycgovparks.org/sub_things_to_do/events/ >> ev_faqs_manhattan.html) >> >> b) sunny Port Washington is only 40 minutes by train and we can >> do the dogs/burgers/beer thing at my home and we don't need a permit. >> >> Any other ideas? >> >> Jeff Siegel > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Thu Dec 18 19:52:43 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 18 Dec 2003 19:52:43 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <64F6B4DC-31BC-11D8-A41C-000393B9FB36@mac.com> References: <3FE202C0.40704@optonline.net> <4448BFB2-31A1-11D8-8B0D-000393B9FB36@mac.com> <3FE243BB.9030804@optonline.net> <64F6B4DC-31BC-11D8-A41C-000393B9FB36@mac.com> Message-ID: <3FE24BDB.9050702@optonline.net> But you said "...I used to enjoy group camping here..." so I just assumed....... Jeff PUTAMARE wrote: > On Dec 18, 2003, at 7:18 PM, Jeff Siegel wrote: > >> Um...er...not sure if I want to share a tent with you. ;) > > > I'm sure the offer wasn't even implied... > > > Jeff Knight > jeff not junkmail at lushmedia.com > 212/213-6558 x 203 > LUSH media > 110 W 40th St #1502 > New York, NY 10018 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From felix at students.poly.edu Thu Dec 18 20:53:24 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Thu, 18 Dec 2003 20:53:24 -0500 Subject: [nycphp-talk] Review your secure PHP Session Implementation In-Reply-To: <20031218222726.52109.qmail@web14308.mail.yahoo.com> References: <20031217080741.85557.qmail@web14307.mail.yahoo.com> <20031218222726.52109.qmail@web14308.mail.yahoo.com> Message-ID: <20031218205324.608bf30d.felix@students.poly.edu> On Thu, 18 Dec 2003 14:27:26 -0800 (PST) Chris Shiflett wrote: > --- Tech_learner wrote: > > > > To: php-xml at yahoogroups.com > > From: midjamie at yahoo.com > > Date: Wed, 17 Dec 2003 06:06:39 -0000 > > Subject: [php-xml] Review your secure PHP Session Implementation > > > > For all you avid PHP enthusiasts in here, i thought i should point you > > folks to an interesting article that read this morning on 'Session > > Security in PHP'. The article is is actually the cover story of the > > PHP Magazine Digital Issue, which can itself be downloaded free from > > https://www.entwickler.com/ssl/phppdf/ > > > > Most interestingly, the author Chris Shiflett who wrote the cover > > story, has been kind enough to accept submissions from people who > > think they have a secure PHP session implementation. He is even > > willing to review each of those implementations personally. This > > oppurtunity should definitely be used by every PHP progammer > > interested in writing secure PHP Code. > > I'm glad to see that someone noticed that. :-) > > Only one person has taken advantage of my offer so far, so it's not > exactly a big hit. Oh well, it's the thought that counts, right? > I am interested in doing a library to faciliate secure sessions and authentication. From agfische at email.smith.edu Thu Dec 18 22:28:45 2003 From: agfische at email.smith.edu (Aaron Fischer) Date: Thu, 18 Dec 2003 22:28:45 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <3FE24B9D.9050903@optonline.net> References: <3FE202C0.40704@optonline.net> <7F18B912-319E-11D8-8C02-0003930D07F2@email.smith.edu> <3FE24B9D.9050903@optonline.net> Message-ID: <73B7DD9D-31D3-11D8-A0B6-000A95AF25D2@email.smith.edu> Heh. Feeling touchy? Otra cerveza para usted? -A On Dec 18, 2003, at 7:51 PM, Jeff Siegel wrote: > Excuse me...but *I* happen to think that it is 40 minutes in the RIGHT > direction. Did I forget to mention that, a mere 40 minutes in the > "wrong" direction, you can be at the dock that overlooks the harbor > and Long Island sound...or did I forget to mention the local seafood > restaurants at the dock...or our local steak houses...or our sushi > restaurants (3 of them)...our Thai restaurant...or our Italian > restaurants (too many to count)...or our Mexican/Central American > restaurants (2 of them)...or our pubs with great food (again...too > many to count)...or our Chinese restaurants (too many to count) and > the restaurant service in general where you don't get treated like we > did in HRC. > > And when I want to see the "big" world, besides being able to be in > Manhattan in 40 minutes with a single train ride, I could be in > downtown Flushing (25 minutes) where the food rivals ANYTHING you may > find in Manhattan's Chinatown...in fact...it's hard to classify > downtown Flushing as a little Chinatown since you can get Thai, > Vietnamese, Korean and many other types of food at great prices. A few > additional minutes and you can be at Shea Stadium (very handy when I > went to the Springsteen concert) or at the Tennis Center. > > NOW what do you have to say for yourself! > > Jeff > P.S. Notice how I controlled myself and didn't say that *you* lived 3 > hours in the wrong direction? How's that for self-restraint? > (Ooops...darn...I said it.) > > P.P.S. On a more serious note, downtown Flushing would be a great > place to meet to get some fantastic food. From shiflett at php.net Thu Dec 18 23:21:48 2003 From: shiflett at php.net (Chris Shiflett) Date: Thu, 18 Dec 2003 20:21:48 -0800 (PST) Subject: [nycphp-talk] Review your secure PHP Session Implementation In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F4EE5@ms03.mailstreet2003.net> Message-ID: <20031219042148.1119.qmail@web14308.mail.yahoo.com> --- Hans Zaunere wrote: > Ahh, a couple files have moved into that directory since the original > post. The whole thing is http://posit.nyphp.org/~praxis/pas/pas.ss.psh That looks much more focused. :-) I'll have a look and consider this submission number two. > > I also admit that my motivation is lessened by the lack of > > interest more than my lack of time. > > Well Chris, you had asked me to elaborate on it last month. I'm not sure what you mean, but I meant the lack of interest in my offer in general, not your lack of interest. And yes, asking for elaboration sounds like something I would say, since deciphering someone's intentions from code alone is more time consuming and error-prone. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From danielc at analysisandsolutions.com Fri Dec 19 00:24:13 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 19 Dec 2003 00:24:13 -0500 Subject: [nycphp-talk] database date formats Message-ID: <20031219052413.GA20277@panix.com> Hi Folks: I'd mentioned to a few folks that I was working on determing how to foramt dates in a wide variety of database systems. Well, I FINALLY got it all together! http://www.analysisandsolutions.com/code/dates.htm Enjoy, --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409 From jonbaer at jonbaer.net Fri Dec 19 00:33:31 2003 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 19 Dec 2003 00:33:31 -0500 Subject: [nycphp-talk] Google/Adsense -> PHP Message-ID: <000701c3c5f1$a39e8110$6400a8c0@thinkpad> greetings ... sounds like i missed a great party :-\ i have a quick question ... below is something i currently have on 2 websites which now want to integrate Google AdSense and im trying to figure it out ... first both sites use Session URL rewrite ... -snip- Your website is using session ID's in the URL. If your web pages use session ID's, you may not receive targeted ads on those pages. Since this session ID - and therefore the URL - changes every time a different user views a page, the URL will not be in the index and will be queued to be crawled. Once the URL is crawled, however, the session will most likely have expired. This means that pages seen by the users are never in the index. You will need to remove the session ID's in order to display targeted ads. -snip- However their crawler lists a User-Agent as: Mediapartners-Google* So does anyone think I could create a single dynamic page/catalog (acting like static) for that user agent and then redirecting all other requests to the main site? (http://www.website.com/google.php) ... Offhand (I forgot the robots.txt syntax to direct all requests to that location, anyone know?) Will research more but wanted to see how others were handling the same situation ... - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From jsiegel1 at optonline.net Fri Dec 19 05:20:22 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 19 Dec 2003 05:20:22 -0500 Subject: [nycphp-talk] Spring time party?? In-Reply-To: <73B7DD9D-31D3-11D8-A0B6-000A95AF25D2@email.smith.edu> References: <3FE202C0.40704@optonline.net> <7F18B912-319E-11D8-8C02-0003930D07F2@email.smith.edu> <3FE24B9D.9050903@optonline.net> <73B7DD9D-31D3-11D8-A0B6-000A95AF25D2@email.smith.edu> Message-ID: <3FE2D0E6.4070400@optonline.net> One too many cerveza. ;) Jeff Aaron Fischer wrote: > Heh. Feeling touchy? > > Otra cerveza para usted? > > -A > > On Dec 18, 2003, at 7:51 PM, Jeff Siegel wrote: > >> Excuse me...but *I* happen to think that it is 40 minutes in the RIGHT >> direction. Did I forget to mention that, a mere 40 minutes in the >> "wrong" direction, you can be at the dock that overlooks the harbor >> and Long Island sound...or did I forget to mention the local seafood >> restaurants at the dock...or our local steak houses...or our sushi >> restaurants (3 of them)...our Thai restaurant...or our Italian >> restaurants (too many to count)...or our Mexican/Central American >> restaurants (2 of them)...or our pubs with great food (again...too >> many to count)...or our Chinese restaurants (too many to count) and >> the restaurant service in general where you don't get treated like we >> did in HRC. >> >> And when I want to see the "big" world, besides being able to be in >> Manhattan in 40 minutes with a single train ride, I could be in >> downtown Flushing (25 minutes) where the food rivals ANYTHING you may >> find in Manhattan's Chinatown...in fact...it's hard to classify >> downtown Flushing as a little Chinatown since you can get Thai, >> Vietnamese, Korean and many other types of food at great prices. A few >> additional minutes and you can be at Shea Stadium (very handy when I >> went to the Springsteen concert) or at the Tennis Center. >> >> NOW what do you have to say for yourself! >> >> Jeff >> P.S. Notice how I controlled myself and didn't say that *you* lived 3 >> hours in the wrong direction? How's that for self-restraint? >> (Ooops...darn...I said it.) >> >> P.P.S. On a more serious note, downtown Flushing would be a great >> place to meet to get some fantastic food. > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Fri Dec 19 05:23:21 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 19 Dec 2003 05:23:21 -0500 Subject: [nycphp-talk] Google/Adsense -> PHP In-Reply-To: <000701c3c5f1$a39e8110$6400a8c0@thinkpad> References: <000701c3c5f1$a39e8110$6400a8c0@thinkpad> Message-ID: <3FE2D199.5050406@optonline.net> I've always gone here (http://www.robotstxt.org/wc/robots.html) to deal with robots questions. Jeff Siegel jon baer wrote: > greetings ... > > sounds like i missed a great party :-\ > > i have a quick question ... below is something i currently have on 2 > websites which now want to integrate Google AdSense and im trying to figure > it out ... first both sites use Session URL rewrite ... > > -snip- > Your website is using session ID's in the URL. > If your web pages use session ID's, you may not receive targeted ads on > those pages. Since this session ID - and therefore the URL - changes every > time a different user views a page, the URL will not be in the index and > will be queued to be crawled. Once the URL is crawled, however, the session > will most likely have expired. This means that pages seen by the users are > never in the index. You will need to remove the session ID's in order to > display targeted ads. > -snip- > > However their crawler lists a User-Agent as: > Mediapartners-Google* > > So does anyone think I could create a single dynamic page/catalog (acting > like static) for that user agent and then redirecting all other requests to > the main site? (http://www.website.com/google.php) ... > > Offhand (I forgot the robots.txt syntax to direct all requests to that > location, anyone know?) > > Will research more but wanted to see how others were handling the same > situation ... > > - jon > > pgp key: http://www.jonbaer.net/jonbaer.asc > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jlacey at att.net Fri Dec 19 09:16:59 2003 From: jlacey at att.net (John Lacey) Date: Fri, 19 Dec 2003 07:16:59 -0700 Subject: [nycphp-talk] database date formats In-Reply-To: <20031219052413.GA20277@panix.com> References: <20031219052413.GA20277@panix.com> Message-ID: <3FE3085B.9040702@att.net> Daniel Convissor wrote: > Hi Folks: > > I'd mentioned to a few folks that I was working on determing how to foramt > dates in a wide variety of database systems. Well, I FINALLY got it all > together! > > http://www.analysisandsolutions.com/code/dates.htm > thanks Dan -- great stuff I'm finishing a port of an app from MySQL to SQLite for the 'exercise' and I'm doing the date/time cleanup at the moment John From jonbaer at jonbaer.net Fri Dec 19 11:54:11 2003 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 19 Dec 2003 11:54:11 -0500 Subject: [nycphp-talk] Google/Adsense -> PHP References: <000701c3c5f1$a39e8110$6400a8c0@thinkpad> <3FE2D199.5050406@optonline.net> Message-ID: <00b201c3c650$b9e45c60$6400a8c0@thinkpad> Does/would this work w/ robots effectively? User-Agent: googlebot Disallow: User-Agent: Mediapartners-Google* Disallow: @ top of the page: if (preg_match("/Google/i", $_SERVER['HTTP_USER_AGENT'])) { header("Location: google.php"); exit(); } - jon ----- Original Message ----- From: "Jeff Siegel" To: "NYPHP Talk" Sent: Friday, December 19, 2003 5:23 AM Subject: Re: [nycphp-talk] Google/Adsense -> PHP > I've always gone here (http://www.robotstxt.org/wc/robots.html) to deal > with robots questions. > > Jeff Siegel > > jon baer wrote: > > > greetings ... > > > > sounds like i missed a great party :-\ > > > > i have a quick question ... below is something i currently have on 2 > > websites which now want to integrate Google AdSense and im trying to figure > > it out ... first both sites use Session URL rewrite ... > > > > -snip- > > Your website is using session ID's in the URL. > > If your web pages use session ID's, you may not receive targeted ads on > > those pages. Since this session ID - and therefore the URL - changes every > > time a different user views a page, the URL will not be in the index and > > will be queued to be crawled. Once the URL is crawled, however, the session > > will most likely have expired. This means that pages seen by the users are > > never in the index. You will need to remove the session ID's in order to > > display targeted ads. > > -snip- > > > > However their crawler lists a User-Agent as: > > Mediapartners-Google* > > > > So does anyone think I could create a single dynamic page/catalog (acting > > like static) for that user agent and then redirecting all other requests to > > the main site? (http://www.website.com/google.php) ... > > > > Offhand (I forgot the robots.txt syntax to direct all requests to that > > location, anyone know?) > > > > Will research more but wanted to see how others were handling the same > > situation ... > > > > - jon > > > > pgp key: http://www.jonbaer.net/jonbaer.asc > > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tech at protchkocreative.com Fri Dec 19 13:22:58 2003 From: tech at protchkocreative.com (tech at protchkocreative.com) Date: Fri, 19 Dec 2003 13:22:58 -0500 Subject: [nycphp-talk] Need page refresh solution after form data processing Message-ID: <1071858178.3fe342020c371@www.protchkocreative.com> I am trying unsuccessfully to eliminate the browser warning that it "can't refresh the page without re-submitting the form data" when refreshing my form page after it is submitted. Though refreshing the page wouldn't be typical, I want to eliminate any potential user confusion. Browser: IE6 The form is processed as:
which then takes some action in the form: if($beenSubmitted) { //concatenate results ... //mail results } AND serves the form again! I have some sense it has to do with caching of header info. I have unsuccessfully tried various header("xyz'); statements after processing the form and before serving the HTML, including many suggested in the documentation. I have googled. Again, haven't found suggestion that works, or that I'm implementing correctly. I am not very knowledgable in the smoke 'n mirrors of HTTP headers. I appreciate any thoughts on this. Scott Protchko tech at protchkocreative.com From nyphp at websapp.com Fri Dec 19 13:28:53 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Fri, 19 Dec 2003 13:28:53 -0500 Subject: [nycphp-talk] Need page refresh solution after form data processing In-Reply-To: <1071858178.3fe342020c371@www.protchkocreative.com> Message-ID: Scott, After processing the form, you can redirect (header('Location: page.php'); exit;) to another page that has some 'Form has been processed' message. If the user hits refresh, he/she won't be resubmitting the form. Best, Daniel Kushner > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of > tech at protchkocreative.com > Sent: Friday, December 19, 2003 1:23 PM > To: NYPHP Talk mailing list > Subject: [nycphp-talk] Need page refresh solution after form data > processing > > > > I am trying unsuccessfully to eliminate the browser warning that > it "can't > refresh the page without re-submitting the form data" when > refreshing my form > page after it is submitted. Though refreshing the page wouldn't > be typical, I > want to eliminate any potential user confusion. > Browser: IE6 > > The form is processed as: > METHOD="POST"> > > which then takes some action in the form: > > if($beenSubmitted) { > //concatenate results > ... > //mail results > } > > AND serves the form again! > > I have some sense it has to do with caching of header info. I have > unsuccessfully tried various header("xyz'); statements after > processing the > form and before serving the HTML, including many suggested in the > documentation. I have googled. Again, haven't found suggestion > that works, or > that I'm implementing correctly. I am not very knowledgable in > the smoke 'n > mirrors of HTTP headers. > > I appreciate any thoughts on this. > Scott Protchko > tech at protchkocreative.com > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From Keith.Richardson at thompsonhealth.com Fri Dec 19 13:58:13 2003 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Fri, 19 Dec 2003 13:58:13 -0500 Subject: [nycphp-talk] Need page refresh solution after form data processing Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B290@ffth-exc01.thompsonhealth.org> If you would wish to have the page show the origional form with a success variable - then you could have the mail sent, and header back to itself with a get variable, say header("location: ".$_SERVER['PHP_SELF']."?success=true"); or success = false, which then the form page would check to see if the variable exists, and display a message: if (!empty($_GET['success'])) { if ($_GET['success'] == "true") { print("Your mail has been sent"); } else { print("Your mail was not sent."); } } hope that helps any. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Daniel Kushner Sent: Friday, December 19, 2003 1:29 PM To: NYPHP Talk Subject: RE: [nycphp-talk] Need page refresh solution after form data processing Scott, After processing the form, you can redirect (header('Location: page.php'); exit;) to another page that has some 'Form has been processed' message. If the user hits refresh, he/she won't be resubmitting the form. Best, Daniel Kushner > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of > tech at protchkocreative.com > Sent: Friday, December 19, 2003 1:23 PM > To: NYPHP Talk mailing list > Subject: [nycphp-talk] Need page refresh solution after form data > processing > > > > I am trying unsuccessfully to eliminate the browser warning that > it "can't > refresh the page without re-submitting the form data" when > refreshing my form > page after it is submitted. Though refreshing the page wouldn't > be typical, I > want to eliminate any potential user confusion. > Browser: IE6 > > The form is processed as: > METHOD="POST"> > > which then takes some action in the form: > > if($beenSubmitted) { > //concatenate results > ... > //mail results > } > > AND serves the form again! > > I have some sense it has to do with caching of header info. I have > unsuccessfully tried various header("xyz'); statements after > processing the > form and before serving the HTML, including many suggested in the > documentation. I have googled. Again, haven't found suggestion > that works, or > that I'm implementing correctly. I am not very knowledgable in > the smoke 'n > mirrors of HTTP headers. > > I appreciate any thoughts on this. > Scott Protchko > tech at protchkocreative.com > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From danielc at analysisandsolutions.com Fri Dec 19 14:07:04 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 19 Dec 2003 14:07:04 -0500 Subject: [nycphp-talk] Need page refresh solution after form data processing In-Reply-To: References: <1071858178.3fe342020c371@www.protchkocreative.com> Message-ID: <20031219190701.GB3245@panix.com> On Fri, Dec 19, 2003 at 01:28:53PM -0500, Daniel Kushner wrote: > header('Location: page.php'); You mean... header('Location: http://domain/path/page.php'); While the shorthand usually works, it's not guaranteed to do so. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From nyphp at websapp.com Fri Dec 19 14:11:23 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Fri, 19 Dec 2003 14:11:23 -0500 Subject: [nycphp-talk] Need page refresh solution after form data processing In-Reply-To: <20031219190701.GB3245@panix.com> Message-ID: Yep (from w3): The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. For 201 (Created) responses, the Location is that of the new resource which was created by the request. For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource. The field value consists of a single absolute URI. Location = "Location" ":" absoluteURI An example is: Location: http://www.w3.org/pub/WWW/People.html > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Daniel Convissor > Sent: Friday, December 19, 2003 2:07 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Need page refresh solution after form data > processing > > > On Fri, Dec 19, 2003 at 01:28:53PM -0500, Daniel Kushner wrote: > > > header('Location: page.php'); > > You mean... > header('Location: http://domain/path/page.php'); > > While the shorthand usually works, it's not guaranteed to do so. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Fri Dec 19 15:18:35 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 19 Dec 2003 15:18:35 -0500 Subject: [nycphp-talk] Google/Adsense -> PHP In-Reply-To: <00b201c3c650$b9e45c60$6400a8c0@thinkpad> References: <000701c3c5f1$a39e8110$6400a8c0@thinkpad> <3FE2D199.5050406@optonline.net> <00b201c3c650$b9e45c60$6400a8c0@thinkpad> Message-ID: <3FE35D1B.6020405@optonline.net> I believe you can go here http://tool.motoricerca.info/robots-checker.phtml to check the syntax. I can't speak about the code...but if were trying to do this I'd look inside some of the weblogs to see what the googlebot looks like in terms of the user agent. Jeff jon baer wrote: > Does/would this work w/ robots effectively? > > User-Agent: googlebot > Disallow: > > User-Agent: Mediapartners-Google* > Disallow: > > @ top of the page: > > if (preg_match("/Google/i", $_SERVER['HTTP_USER_AGENT'])) { > header("Location: google.php"); > exit(); > } > > - jon > > ----- Original Message ----- > From: "Jeff Siegel" > To: "NYPHP Talk" > Sent: Friday, December 19, 2003 5:23 AM > Subject: Re: [nycphp-talk] Google/Adsense -> PHP > > > >>I've always gone here (http://www.robotstxt.org/wc/robots.html) to deal >>with robots questions. >> >>Jeff Siegel >> >>jon baer wrote: >> >> >>>greetings ... >>> >>>sounds like i missed a great party :-\ >>> >>>i have a quick question ... below is something i currently have on 2 >>>websites which now want to integrate Google AdSense and im trying to > > figure > >>>it out ... first both sites use Session URL rewrite ... >>> >>>-snip- >>>Your website is using session ID's in the URL. >>>If your web pages use session ID's, you may not receive targeted ads on >>>those pages. Since this session ID - and therefore the URL - changes > > every > >>>time a different user views a page, the URL will not be in the index and >>>will be queued to be crawled. Once the URL is crawled, however, the > > session > >>>will most likely have expired. This means that pages seen by the users > > are > >>>never in the index. You will need to remove the session ID's in order to >>>display targeted ads. >>>-snip- >>> >>>However their crawler lists a User-Agent as: >>>Mediapartners-Google* >>> >>>So does anyone think I could create a single dynamic page/catalog > > (acting > >>>like static) for that user agent and then redirecting all other requests > > to > >>>the main site? (http://www.website.com/google.php) ... >>> >>>Offhand (I forgot the robots.txt syntax to direct all requests to that >>>location, anyone know?) >>> >>>Will research more but wanted to see how others were handling the same >>>situation ... >>> >>>- jon >>> >>>pgp key: http://www.jonbaer.net/jonbaer.asc >>>fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 >>> >>>_______________________________________________ >>>talk mailing list >>>talk at lists.nyphp.org >>>http://lists.nyphp.org/mailman/listinfo/talk >>> >> >>-- >>Found on the Simpson's Website: >>"Ooooooh, they have the internet on computers now!" >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From fb at intldef.org Fri Dec 19 16:01:47 2003 From: fb at intldef.org (FB`) Date: Fri, 19 Dec 2003 16:01:47 -0500 Subject: [nycphp-talk] Google/Adsense -> PHP References: <000701c3c5f1$a39e8110$6400a8c0@thinkpad><3FE2D199.5050406@optonline.net> <00b201c3c650$b9e45c60$6400a8c0@thinkpad> Message-ID: <014a01c3c673$50f46b00$1901a8c0@ybsweb> That will be returned as a 302, and word is that G likes 301s better than 302s. So you might benefit from adding header("HTTP/1.1 301 Moved Permanently"); before the Location header. FB` ----- Original Message ----- From: "jon baer" To: "NYPHP Talk" Sent: Friday, December 19, 2003 11:54 AM Subject: Re: [nycphp-talk] Google/Adsense -> PHP > Does/would this work w/ robots effectively? > > User-Agent: googlebot > Disallow: > > User-Agent: Mediapartners-Google* > Disallow: > > @ top of the page: > > if (preg_match("/Google/i", $_SERVER['HTTP_USER_AGENT'])) { > header("Location: google.php"); > exit(); > } > > - jon > > ----- Original Message ----- > From: "Jeff Siegel" > To: "NYPHP Talk" > Sent: Friday, December 19, 2003 5:23 AM > Subject: Re: [nycphp-talk] Google/Adsense -> PHP > > > > I've always gone here (http://www.robotstxt.org/wc/robots.html) to deal > > with robots questions. > > > > Jeff Siegel > > > > jon baer wrote: > > > > > greetings ... > > > > > > sounds like i missed a great party :-\ > > > > > > i have a quick question ... below is something i currently have on 2 > > > websites which now want to integrate Google AdSense and im trying to > figure > > > it out ... first both sites use Session URL rewrite ... > > > > > > -snip- > > > Your website is using session ID's in the URL. > > > If your web pages use session ID's, you may not receive targeted ads on > > > those pages. Since this session ID - and therefore the URL - changes > every > > > time a different user views a page, the URL will not be in the index and > > > will be queued to be crawled. Once the URL is crawled, however, the > session > > > will most likely have expired. This means that pages seen by the users > are > > > never in the index. You will need to remove the session ID's in order to > > > display targeted ads. > > > -snip- > > > > > > However their crawler lists a User-Agent as: > > > Mediapartners-Google* > > > > > > So does anyone think I could create a single dynamic page/catalog > (acting > > > like static) for that user agent and then redirecting all other requests > to > > > the main site? (http://www.website.com/google.php) ... > > > > > > Offhand (I forgot the robots.txt syntax to direct all requests to that > > > location, anyone know?) > > > > > > Will research more but wanted to see how others were handling the same > > > situation ... > > > > > > - jon > > > > > > pgp key: http://www.jonbaer.net/jonbaer.asc > > > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 > > > > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > > -- > > Found on the Simpson's Website: > > "Ooooooh, they have the internet on computers now!" > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jlacey at att.net Fri Dec 19 17:56:59 2003 From: jlacey at att.net (John Lacey) Date: Fri, 19 Dec 2003 15:56:59 -0700 Subject: [nycphp-talk] good book place Message-ID: <3FE3823B.5030805@att.net> Hi, I know y'all probably appreciate cheapie books like I do, so here's a link for those folks who haven't seen this site: http://www.bargainbookco.com/ enjoy, John From xml at aumcomputers.com Fri Dec 19 23:45:49 2003 From: xml at aumcomputers.com (Anirudh Zala) Date: Sat, 20 Dec 2003 10:15:49 +0530 Subject: [nycphp-talk] Load Balancing Insight References: <00a001c3c3f8$5f6f20d0$979b7a80@hzaunere> Message-ID: <008c01c3c6b4$2ec98ec0$0164a8c0@com1> Try LVS for your load balancing solution, it's seems long term solution. To know more about LVS visit this http://www.ultramonkey.org/papers/lvs_tutorial/stuff/lvs_tutorial.pdf Thanks Anirudh Zala ----- Original Message ----- From: "Hans Zaunere" To: Sent: Tuesday, 16 December, 2003 10:46 PM Subject: [nycphp-talk] Load Balancing Insight > > Hi all, > > I wanted to pass on this thread from the FreeBSD-Hackers mailing list: > > http://marc.theaimsgroup.com/?t=107148893200001&r=1&w=2 > > They mention some very interesting tools and techniques. Thoughts, > suggestions or experiences from AMPers here? > > Also, the mention of FreeBSD is a perfect segue for the attached message. > NYC now has a BSD group to complement Linux, PHP, etc. Please take a look > at http://nycbug.org and hop on the mailing list: http://lists.nycbug.org > > See everyone at the party tonight, > > Hans > ---------------------------------------------------------------------------- ---- > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From geek at invisiblemute.com Sun Dec 21 01:16:56 2003 From: geek at invisiblemute.com (=?iso-8859-1?Q?invisiblemute?=) Date: Sun, 21 Dec 2003 01:16:56 -0500 Subject: [nycphp-talk] Where are the Hardware Expos? Message-ID: <20031221061656.11379.qmail@hosting33.com> Can anyone point me to the right place to find out where all the expos are in the City? It's been a while since I've had to shop for hardware and I'm not sure where to go. Online it seems to that most geeks like New Egg. But it would be nice to get some crazy deal at an expo. Thanks, Jasper -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.net Sun Dec 21 01:46:09 2003 From: jonbaer at jonbaer.net (jon baer) Date: Sun, 21 Dec 2003 01:46:09 -0500 Subject: [nycphp-talk] Where are the Hardware Expos? References: <20031221061656.11379.qmail@hosting33.com> Message-ID: <005101c3c78e$1e025a60$6400a8c0@thinkpad> Normally MarketPro puts on good expos from what I heard, im planning to try to grab another laptop @ one in jersey ... http://www.marketpro.com/pages/east/ - jon ----- Original Message ----- From: invisiblemute To: talk at lists.nyphp.org Sent: Sunday, December 21, 2003 1:16 AM Subject: [nycphp-talk] Where are the Hardware Expos? Can anyone point me to the right place to find out where all the expos are in the City? It's been a while since I've had to shop for hardware and I'm not sure where to go. Online it seems to that most geeks like New Egg. But it would be nice to get some crazy deal at an expo. Thanks, Jasper ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From felix at students.poly.edu Sun Dec 21 22:06:01 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Sun, 21 Dec 2003 22:06:01 -0500 Subject: [nycphp-talk] prevention of csrf attack Message-ID: <20031221220601.6d01d53f.felix@students.poly.edu> I recently read chris shiflett article on csrf attack in phparchetect and it got me thinking about prevention techinques. Chris refered to as shared secret with a token that is stored in hidden field. I dont quite consider it to be shared secret but in any case there is easy way to get around it. -Attacker would first request a form on his own and receive a token. -Then attacket will trick a user to use his form with the token that is retrived by himself earlier. -Attacker can retrive a valid token right before presenting fake form to user, so timeout of token wont prevent much. I been thinking of a better solution but so far i have not come up with a perfect one but here is one i came up so far. Every page will have a hidden token sent to it by server which can be put in a hidden filed. It would be created something like this : $token= md5(SID . $server_secret . $randome_num); echo "" echo "" Client Browser then can use javascript to construct a authenication code for each url. location.href= url + '?rn='+random_num +'&auc=' + md5(token+url+cookie_sid()); Server can easily verify auc but one cannot be calculated by anyone other then the server. Attacker can do a replay if he can get the urls of user from http logs. The attacker cannot though do a replay without knowing the sid of the user. So I think the csrf on its own is prevented. If its combined with xss or looking at logs then its cant prevent but still makes it more difficult. From ace at synace.com Sun Dec 21 23:22:59 2003 From: ace at synace.com (ace) Date: Sun, 21 Dec 2003 23:22:59 -0500 Subject: [nycphp-talk] php5 classes & financial aid Message-ID: <003e01c3c843$49003420$0300a8c0@acepc> I would like to know about any financial aid that may be offered for the NY-PHP courses. I am currently unemployed/self employed, trying to make any possible living as a php developer, systems administrator, and network administrator. I've been working with pup for about 6 years and have developed many applications, websites, and scripts, including several GEL projects. I am looking to learn more about PHP5 and OOP so that I can become a more valuable php developer, hopefully resulting in a permanent position somewhere. I also plan to develop a large class library and an interface for that library, to ease php development for beginner developers (the sourceforge project & .com are already in place). I am far beyond basic concepts and have learned a great deal from the web and free sources. However, I would like to have some legitimate php training on my resume to justify the skills that I list. If anyone knows of any grants, scholarships, or other funds available to lower working class, low income persons, please send me information. I would love to have the opportunity to expand my skills, and be ahead of the php5 oop revolution and become a much needed asset in the marketplace. -mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From shiflett at php.net Mon Dec 22 01:01:42 2003 From: shiflett at php.net (Chris Shiflett) Date: Sun, 21 Dec 2003 22:01:42 -0800 (PST) Subject: [nycphp-talk] prevention of csrf attack In-Reply-To: <20031221220601.6d01d53f.felix@students.poly.edu> Message-ID: <20031222060142.59631.qmail@web14306.mail.yahoo.com> --- felix zaslavskiy wrote: > I recently read chris shiflett article on csrf attack in phparchetect > and it got me thinking about prevention techinques. Great. :-) > Chris refered to as shared secret with a token that is stored in > hidden field. I dont quite consider it to be shared secret but in any > case there is easy way to get around it. > > -Attacker would first request a form on his own and receive a token. > -Then attacket will trick a user to use his form with the token that > is retrived by himself earlier. > -Attacker can retrive a valid token right before presenting fake form > to user, so timeout of token wont prevent much. This is a weakness that I purposely include in my talks, but I don't think the article had such a weakness. I only include it in the talk to help drive home the fact that every implementation can be strengthened, and it gives me a question to ask to see whether anyone is paying attention. :-) At any rate, this particular weakness is easily resolved by making the token only shared between the server and the legitimate user (rather than just keeping a pool of valid tokens). By storing this value in the user's session, it requires that the attacker guess that user's specific token. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From felix at students.poly.edu Mon Dec 22 01:57:02 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Mon, 22 Dec 2003 01:57:02 -0500 Subject: [nycphp-talk] prevention of csrf attack In-Reply-To: <20031222060142.59631.qmail@web14306.mail.yahoo.com> References: <20031221220601.6d01d53f.felix@students.poly.edu> <20031222060142.59631.qmail@web14306.mail.yahoo.com> Message-ID: <20031222015702.5c791d72.felix@students.poly.edu> > > At any rate, this particular weakness is easily resolved by making the > token only shared between the server and the legitimate user (rather than > just keeping a pool of valid tokens). By storing this value in the user's > session, it requires that the attacker guess that user's specific token. That only complicates things a little because now the attacker has to retrive the secret token using the session id of the user. So the first fake request has to be to request the form page grabe the token and then resubmit second fake request with the token. So I come to the conclusion that my method can work if its make generic and that EVERY request in the session needs to have the second token with the session id. This way the attacker would not get a change to perform the first fake request in order to grab a token at no time. I think i am going to write an implementation of this. From tech at protchkocreative.com Mon Dec 22 08:39:42 2003 From: tech at protchkocreative.com (tech at protchkocreative.com) Date: Mon, 22 Dec 2003 08:39:42 -0500 Subject: [nycphp-talk] Thanks RE: Need page refresh solution Message-ID: <1072100382.3fe6f41e668f7@www.protchkocreative.com> Thanks for suggestions re: refreshing a form page that's been processed. I was trying to avoid redirecting to another page after submitting the form and would prefer to process through action="" The end-user usability is most effective if they can: * submit the request form * have the data processed * and have the form reload...so they can submit another request if necessary. I may have no choice but to do it in 2 steps. 1)submit and redirect to acknowledgement page; 2)and then redirect/link back to clean form. I'm still curious about what causes the browser to resubmit the form data if you refresh the form page after submitting. Can't you flush the previous header info. I've tried resetting the form variables... and even changing HTTP status. If anyone knows of any concise HTTP header references/explanations, I'd appreciate the guidance. Thanks again for suggestions. Regards and happy holidays! Scott Protchko tech at protchkocreative.com From tgales at tgaconnect.com Mon Dec 22 08:50:42 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 22 Dec 2003 08:50:42 -0500 Subject: [nycphp-talk] Thanks RE: Need page refresh solution In-Reply-To: <1072100382.3fe6f41e668f7@www.protchkocreative.com> Message-ID: <000f01c3c892$97a41840$bf8d3818@oberon1> Scott Protchko writes: "...I'm still curious about what causes the browser to resubmit the form data..." Have you seen this: "Protoscope is a utility that aids Web developers by revealing the HTTP communication in their own applications..." at: http://sourceforge.net/projects/protoscope/ T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com > From jsiegel1 at optonline.net Mon Dec 22 09:06:41 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 22 Dec 2003 09:06:41 -0500 Subject: [nycphp-talk] Thanks RE: Need page refresh solution In-Reply-To: <1072100382.3fe6f41e668f7@www.protchkocreative.com> References: <1072100382.3fe6f41e668f7@www.protchkocreative.com> Message-ID: <3FE6FA71.2000404@optonline.net> "If anyone knows of any concise HTTP header references/explanations" You should check out Chris Shiflett's book "HTTP Developer's Handbook" (see: http://shiflett.org). Cleared up a number of issues for me. Jeff Siegel tech at protchkocreative.com wrote: > Thanks for suggestions re: refreshing a form page that's been processed. > I was trying to avoid redirecting to another page after submitting the form and > would prefer to process through action="" > > The end-user usability is most effective if they can: > * submit the request form > * have the data processed > * and have the form reload...so they can submit another request if necessary. > > I may have no choice but to do it in 2 steps. 1)submit and redirect to > acknowledgement page; 2)and then redirect/link back to clean form. > > I'm still curious about what causes the browser to resubmit the form data if > you refresh the form page after submitting. Can't you flush the previous header > info. I've tried resetting the form variables... and even changing HTTP status. > > If anyone knows of any concise HTTP header references/explanations, I'd > appreciate the guidance. > > Thanks again for suggestions. > Regards and happy holidays! > Scott Protchko > tech at protchkocreative.com > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From hans at newyorkphp.com Mon Dec 22 10:39:37 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Mon, 22 Dec 2003 10:39:37 -0500 Subject: [nycphp-talk] Casting and list Message-ID: <688BD1502D7CA547800722B3501F62BB3F5338@ms03.mailstreet2003.net> Good morning, I'm using list() (http://us4.php.net/list) to put the values from a mysql_fetch_row() call into separate variables - yes, it's trivial. However, I need some the elements to be casted to ints. I'm aware of the various workarounds, but what I'd really like to do is: list( (int) $id,$name, (int) $somenumber) = mysql_fetch_row($result); Of course, this throws a parse error. Is anyone aware of any clever tricks that keeps a nearly identical syntax? Or, maybe this could be a feature request (although it won't do me any good today :) What I'm doing now is: list($id,$name,$somenumber) = mysql_fetch_row($result); $id = (int) $id; $somenumber = (int) $somenumber; But I just don't like that, especially with tons of columns from the DB, big loops, etc... Thanks, H From geek at invisiblemute.com Mon Dec 22 12:49:44 2003 From: geek at invisiblemute.com (=?iso-8859-1?Q?invisiblemute?=) Date: Mon, 22 Dec 2003 12:49:44 -0500 Subject: =?iso-8859-1?Q?[nycphp-talk] Recommend Books on Classes?= Message-ID: <20031222174945.502.qmail@hosting33.com> Any recommendations for good books on classes? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nyphp at websapp.com Mon Dec 22 12:53:58 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Mon, 22 Dec 2003 12:53:58 -0500 Subject: [nycphp-talk] Recommend Books on Classes In-Reply-To: <20031222174945.502.qmail@hosting33.com> Message-ID: Not an introduction, but a must have for your library: Design Patterns http://www.amazon.com/exec/obidos/tg/detail/-/0201633612/102-0598606-9302519 ?v=glance --Daniel -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of invisiblemute Sent: Monday, December 22, 2003 12:50 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] Recommend Books on Classes Any recommendations for good books on classes? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jsiegel1 at optonline.net Mon Dec 22 12:59:45 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 22 Dec 2003 12:59:45 -0500 Subject: [nycphp-talk] preg_match and extended ASCII Message-ID: <3FE73111.1070008@optonline.net> I'm using preg_match to verify form data. I'm not sure how to handle accented characters, e.g., an "e" with an accent as in Mazda Proteg?. Obviously the following pattern ( '/^[a-z0-9()\/\'"|&,. -]{2,55}$/i' ) doesn't cut it. I had tried [[:alnum:]] but that didn't do it either. Jeff Siegel From jeffknight at mac.com Mon Dec 22 13:22:34 2003 From: jeffknight at mac.com (PUTAMARE) Date: Mon, 22 Dec 2003 13:22:34 -0500 Subject: [nycphp-talk] Casting and list In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F5338@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB3F5338@ms03.mailstreet2003.net> Message-ID: How about defining an array at the top of all the variables you want to cast as an integer $intVars = array('id', 'somenumber'); then a simple ist($id,$name,$somenumber) = mysql_fetch_row($result); foreach ($inVars as $iv) $$iv = (int) $$iv ; should do the trick.. or you could make two SQL calls, one for things you want to be integers and the other for everything else, followed by an array_map casting the contents of the integer-only call (returned as an associative array, mind you) to int. $intVars = mysql_fetch_row($resultIntOnly); $intVars = array_map('cast2int',$intVars); foreach ($intVars as $intVarName => $intVarValue) $$intVarName = (int) $intVarValue ; list($name) = mysql_fetch_row($resultEverythingElse); But I'm sure there are ways you can get really crazy: $allVars = mysql_fetch_assoc($result); foreach ($allVars as $allVarName => $allVarValue) if (is_numeric($allVarValue) and (intval($allVarValue) == $allVarValue)) { $$allVarName = (int) $allVarValue ; } else { $$allVarName = $allVarValue ; } providing you with the opportunity to really obfuscate your code with $row = mysql_fetch_row($result); foreach ($row as $key => $value) $$key = (is_numeric($value) and (intval($value) == $value))?(int) $value:$value; That should get the legibility fairies panties in a knot! On Dec 22, 2003, at 10:39 AM, Hans Zaunere wrote: > > Good morning, > > I'm using list() (http://us4.php.net/list) to put the values from a > mysql_fetch_row() call into separate variables - yes, it's trivial. > > However, I need some the elements to be casted to ints. I'm aware of > the various workarounds, but what I'd really like to do is: > > list( (int) $id,$name, (int) $somenumber) = mysql_fetch_row($result); > > Of course, this throws a parse error. Is anyone aware of any clever > tricks that keeps a nearly identical syntax? Or, maybe this could be a > feature request (although it won't do me any good today :) What I'm > doing now is: > > list($id,$name,$somenumber) = mysql_fetch_row($result); > > $id = (int) $id; > $somenumber = (int) $somenumber; > > > But I just don't like that, especially with tons of columns from the > DB, > big loops, etc... > > Thanks, > > H > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From Thomas.Freedman at ubs.com Mon Dec 22 13:26:13 2003 From: Thomas.Freedman at ubs.com (Freedman, Tom S.) Date: Mon, 22 Dec 2003 13:26:13 -0500 Subject: [nycphp-talk] preg_match and extended ASCII Message-ID: Though it doesn't really answer how to check for them, you might be better off using a negative search pattern... looks like there's more characters you DON'T want than things you DO want, anyway. -----Original Message----- From: Jeff Siegel [mailto:jsiegel1 at optonline.net] Sent: Monday, December 22, 2003 1:00 PM To: NYPHP Talk Subject: [nycphp-talk] preg_match and extended ASCII I'm using preg_match to verify form data. I'm not sure how to handle accented characters, e.g., an "e" with an accent as in Mazda Proteg?. Obviously the following pattern ( '/^[a-z0-9()\/\'"|&,. -]{2,55}$/i' ) doesn't cut it. I had tried [[:alnum:]] but that didn't do it either. Jeff Siegel _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk Please do not transmit orders or instructions regarding a UBS account by email. The information provided in this email or any attachments is not an official transaction confirmation or account statement. For your protection, do not include account numbers, Social Security numbers, credit card numbers, passwords or other non-public information in your email. Because the information contained in this message may be privileged, confidential, proprietary or otherwise protected from disclosure, please notify us immediately by replying to this message and deleting it from your computer if you have received this communication in error. Thank you. UBS Financial Services Inc. UBS International Inc. From jeffknight at mac.com Mon Dec 22 13:26:41 2003 From: jeffknight at mac.com (PUTAMARE) Date: Mon, 22 Dec 2003 13:26:41 -0500 Subject: [nycphp-talk] Casting and list In-Reply-To: References: <688BD1502D7CA547800722B3501F62BB3F5338@ms03.mailstreet2003.net> Message-ID: <63B9C658-34AC-11D8-B781-000393B9FB36@mac.com> On Dec 22, 2003, at 1:22 PM, PUTAMARE wrote: > foreach ($row as $key => $value) $$key = (is_numeric($value) and > (intval($value) == $value))?(int) $value:$value; probably should be if (is_array($row)) foreach ($row as $key => $value) $$key = (is_numeric($value) and (intval($value) == $value))?(int) $value:$value; Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From crisscott at netzero.com Mon Dec 22 13:29:35 2003 From: crisscott at netzero.com (Scott Mattocks) Date: Mon, 22 Dec 2003 13:29:35 -0500 Subject: [nycphp-talk] Form field length vs. Database field length Message-ID: <3FE7380F.9010305@netzero.com> Hello, We are having some trouble with submitting user data into the database. We have a database with a set field length and we want to be able to store user information such as name and address. We have checks in place to prevent users from submitting a 50 charachter string when the db only accepts 30, but we run into problems when they submit special characters. We want to avoid xss so we call htmlspecialchars() on any data before we insert it into the database. But if the field takes 10 charachters and a user submits 'Scott & Ed' their info won't get put into the db becuase the string gets turned into 'Scott & Ed' which is too long. Choping off the charachters after the limit will leave you with some strange results, not to mention the wrong data. We could extend all of the field lengths this seems like a waste of space and poor practice. Adding 4 chars of space is no big deal but what if the user entered 10 &'s? Then we have to make the field 5 times as big as we are going to need for 99.9% of the data. Asking the user to change the input data won't work because as far as they know, 'Scott & Ed' fits within the length requirements for that field. Does anyone have any tips or tricks for this type of problem? Thanks in advance, Scott Mattocks From jeffknight at mac.com Mon Dec 22 13:43:45 2003 From: jeffknight at mac.com (PUTAMARE) Date: Mon, 22 Dec 2003 13:43:45 -0500 Subject: [nycphp-talk] Form field length vs. Database field length In-Reply-To: <3FE7380F.9010305@netzero.com> References: <3FE7380F.9010305@netzero.com> Message-ID: On Dec 22, 2003, at 1:29 PM, Scott Mattocks wrote: > Does anyone have any tips or tricks for this type of problem? How about a first step of replacing all & with + ? Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From crisscott at netzero.com Mon Dec 22 13:50:48 2003 From: crisscott at netzero.com (Scott Mattocks) Date: Mon, 22 Dec 2003 13:50:48 -0500 Subject: [nycphp-talk] Form field length vs. Database field length In-Reply-To: References: <3FE7380F.9010305@netzero.com> Message-ID: <3FE73D08.8000303@netzero.com> & was just my example character but replacing characters makes for incorrect data. For instance 'Bob & Joe's Towing' is different from 'Bob and Joe's Towing' and 'Bob + Joe's Towing'. We want the data to be as accurate as possible. It is a sublte distinction but if Bob and Joe want to use & in their company name then we shouldn't change it. Scott Mattocks PUTAMARE wrote: > On Dec 22, 2003, at 1:29 PM, Scott Mattocks wrote: > >> Does anyone have any tips or tricks for this type of problem? > > > How about a first step of replacing all & with + ? > > > Jeff Knight > jeff not junkmail at lushmedia.com > 212/213-6558 x 203 > LUSH media > 110 W 40th St #1502 > New York, NY 10018 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > From hans at newyorkphp.com Mon Dec 22 13:52:55 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Mon, 22 Dec 2003 13:52:55 -0500 Subject: [nycphp-talk] Casting and list Message-ID: <688BD1502D7CA547800722B3501F62BB3F53C9@ms03.mailstreet2003.net> > How about defining an array at the top of all the variables > you want to cast as an integer > > $intVars = array('id', 'somenumber'); > > then a simple > > ist($id,$name,$somenumber) = mysql_fetch_row($result); > foreach ($inVars as $iv) $$iv = (int) $$iv ; That's not a bad idea. > or you could make two SQL calls, one for things you want to > be integers and the other for everything else, followed by an array_map > casting the contents of the integer-only call (returned as an associative array, > mind you) to int. Ehh, negative on the two SQL calls. I do have a function that attempts to do this type of thing. It's a type-sensitive mysql_fetch_row() (which is really what I'd like): http://pcomd.net/mysql_get_row but it's a little heavy and annoying in some ways. Alas, the yin-yang of a type-less language. Thanks Jeff - that array up top might be a nice maintainable way to workaround this so that future generations can read the code :) H From tom at supertom.com Mon Dec 22 13:53:38 2003 From: tom at supertom.com (tom at supertom.com) Date: Mon, 22 Dec 2003 13:53:38 -0500 Subject: [nycphp-talk] Form field length vs. Database field length In-Reply-To: <3FE73D08.8000303@netzero.com> Message-ID: FYI, I wanted to see how the "big guys" handled this, so I went to the yellow pages on Yahoo. They seem to just convert the ampersand to 'and' and vice versa. It hasn't come up for me, but I would probably do the same if it did. Tom http://www.liphp.org *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Scott Mattocks Sent: Monday, December 22, 2003 1:51 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Form field length vs. Database field length & was just my example character but replacing characters makes for incorrect data. For instance 'Bob & Joe's Towing' is different from 'Bob and Joe's Towing' and 'Bob + Joe's Towing'. We want the data to be as accurate as possible. It is a sublte distinction but if Bob and Joe want to use & in their company name then we shouldn't change it. Scott Mattocks PUTAMARE wrote: > On Dec 22, 2003, at 1:29 PM, Scott Mattocks wrote: > >> Does anyone have any tips or tricks for this type of problem? > > > How about a first step of replacing all & with + ? > > > Jeff Knight > jeff not junkmail at lushmedia.com > 212/213-6558 x 203 > LUSH media > 110 W 40th St #1502 > New York, NY 10018 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From hans at newyorkphp.com Mon Dec 22 14:00:18 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Mon, 22 Dec 2003 14:00:18 -0500 Subject: [nycphp-talk] Form field length vs. Database field length Message-ID: <688BD1502D7CA547800722B3501F62BB3F53CD@ms03.mailstreet2003.net> > We are having some trouble with submitting user data into the > database. We have a database with a set field length and we want to > be able to store user information such as name and address. We have checks in > place to prevent users from submitting a 50 charachter string when the > db only accepts 30, but we run into problems when they submit special > characters. We want to avoid xss so we call htmlspecialchars() on any > data before we insert it into the database. But if the field The best bet might be to use egress htmlspecialchars() calls. That is to say, only call htmlspecialchars() when you're about to display the data, rather than before storing it. HTML entities won't have any negative effect on SQL statements (but yeah, use mysql_real_escape_string() or similar). H From tgales at tgaconnect.com Mon Dec 22 14:21:27 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 22 Dec 2003 14:21:27 -0500 Subject: [nycphp-talk] PHP 5 Beta 3 Released Message-ID: <002c01c3c8c0$cc16fb00$bf8d3818@oberon1> PHP 5 Beta 3 released 21 Dec 2003 http://www.php.net/downloads.php T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From crisscott at netzero.com Mon Dec 22 14:33:43 2003 From: crisscott at netzero.com (Scott Mattocks) Date: Mon, 22 Dec 2003 14:33:43 -0500 Subject: [nycphp-talk] Form field length vs. Database field length In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F53CD@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB3F53CD@ms03.mailstreet2003.net> Message-ID: <3FE74717.3000002@netzero.com> > That is to say, only call htmlspecialchars() when you're about to display the > data, rather than before storing it. That is probably what we will end up doing, but I don't like it. I would rather only mess with the data when it is submitted but it doesn't seem like that is going to be possible. Thanks Scott Mattocks From hans at newyorkphp.com Mon Dec 22 14:40:29 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Mon, 22 Dec 2003 14:40:29 -0500 Subject: [nycphp-talk] Form field length vs. Database field length Message-ID: <688BD1502D7CA547800722B3501F62BB3F53FB@ms03.mailstreet2003.net> > > That is to say, only call htmlspecialchars() when you're > about to display the data, rather than before storing it. > > That is probably what we will end up doing, but I don't like it. I > would rather only mess with the data when it is submitted but > it doesn't seem like that is going to be possible. I hear that, although see it differently. The type of data messing you speak of is a display issue that's not related to the data itself. If data accuracey is important, as it generally is, and is in this case, you wouldn't want to store transformed data, i.e., it's impossible to ever know what the original data was. Just different ways of looking at it. H From sklar at sklar.com Mon Dec 22 14:39:53 2003 From: sklar at sklar.com (David Sklar) Date: Mon, 22 Dec 2003 14:39:53 -0500 Subject: [nycphp-talk] Form field length vs. Database field length In-Reply-To: <3FE74717.3000002@netzero.com> Message-ID: >> That is to say, only call htmlspecialchars() when you're about to >> display the data, rather than before storing it. > > That is probably what we will end up doing, but I don't like it. I > would rather only mess with the data when it is submitted but it > doesn't seem like that is going to be possible. Hans's suggesting is definitely the way to go. You should store data in the database in as unmodified a form as possible (Just like you mentioned that you don't want to arbitrarily replace &'s with +'s in busines names). The encoding is entirely display dependant -- when you pull data out of the database and you need to display it safely as HTML, call htmlspecialchars(). When you pull data out of the database and you want to use it as plain text (in an internal report or e-mail message), don't do anything to it. When you pull data out of the database and you want to generate a CSV file, you do the CSV encoding transformations with commas and quotes and whatnot. But in the database, the data should not be pre-modified to accomodate any particular display encoding scheme. David From jsiegel1 at optonline.net Mon Dec 22 14:51:38 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 22 Dec 2003 14:51:38 -0500 Subject: [nycphp-talk] preg_match and extended ASCII In-Reply-To: References: Message-ID: <3FE74B4A.1090604@optonline.net> That's a possibility. Jeff Freedman, Tom S. wrote: > Though it doesn't really answer how to check for them, you might be better > off using a negative search pattern... looks like there's more characters > you DON'T want than things you DO want, anyway. > > -----Original Message----- > From: Jeff Siegel [mailto:jsiegel1 at optonline.net] > Sent: Monday, December 22, 2003 1:00 PM > To: NYPHP Talk > Subject: [nycphp-talk] preg_match and extended ASCII > > I'm using preg_match to verify form data. I'm not sure how to handle > accented characters, e.g., an "e" with an accent as in Mazda Proteg?. > Obviously the following pattern ( '/^[a-z0-9()\/\'"|&,. -]{2,55}$/i' ) > doesn't cut it. I had tried [[:alnum:]] but that didn't do it either. > > Jeff Siegel > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > Please do not transmit orders or instructions regarding a UBS account by > email. The information provided in this email or any attachments is not an > official transaction confirmation or account statement. For your protection, > do not include account numbers, Social Security numbers, credit card > numbers, passwords or other non-public information in your email. Because > the information contained in this message may be privileged, confidential, > proprietary or otherwise protected from disclosure, please notify us > immediately by replying to this message and deleting it from your computer > if you have received this communication in error. Thank you. > > UBS Financial Services Inc. > UBS International Inc. > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jayeshsh at ceruleansky.com Mon Dec 22 15:45:33 2003 From: jayeshsh at ceruleansky.com (Jayesh Sheth) Date: Mon, 22 Dec 2003 15:45:33 -0500 Subject: [nycphp-talk] MySQL is very smart - but why does this work? Message-ID: <3FE757ED.6080203@ceruleansky.com> Hello all, I discovered the following accidentally, and it does what I want. The thing is, I would not expect MySQL to behave in this way. I have a table called "archives". The archives table has a column called "genre_match", which contains either a single number, or a comma separated list of numbers. If run the following query: SELECT * FROM archives WHERE genre_match = 2 it selects the rows whose genre_match column has the following info - 2 - 2, 34, 96 - 14, 2, 25 but it does not select the rows whose genre_match column contains the following info - 12 - 22 - 32, 45, 19 If I put quotes around the 2, it does not work. I.E: SELECT * FROM archives WHERE genre_match = '2' I am unbelievably pleased with the result, but I am wondering why MySQL behaves in such a (clever) way. I was trying to do this with LIKE, but that was not working. (And ideas on dong the same thing with LIKE would be greatly appreciated). Thanks in advance, - Jay From hans at newyorkphp.com Mon Dec 22 16:17:29 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Mon, 22 Dec 2003 16:17:29 -0500 Subject: [nycphp-talk] Casting and list Message-ID: <688BD1502D7CA547800722B3501F62BB3F5459@ms03.mailstreet2003.net> > to do this type of thing. It's a type-sensitive mysql_fetch_row() > (which is really what I'd like): > > http://pcomd.net/mysql_get_row > > but it's a little heavy and annoying in some ways. Alas, the yin-yang > of a type-less language. In case anyone is interested, I ended up just revising the above PCOM to be more robust. After the revision, I dropped the function into our development intranet site and it's running smoothly without any performance change - of course, it is an intranet :) The actual castings done by mysql_get_row() are documented in the source - it's just a type cast mysql_fetch_row(). H From nyphp at websapp.com Mon Dec 22 16:30:24 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Mon, 22 Dec 2003 16:30:24 -0500 Subject: [nycphp-talk] Casting and list In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F5459@ms03.mailstreet2003.net> Message-ID: Hans, Assuming that this code will be executed on every (or most) database queries, it would be much more efficient to use a switch statement instead of all those else/if's. There should also optimally be a catch all, just incase all if's are false. --Daniel > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Hans Zaunere > Sent: Monday, December 22, 2003 4:17 PM > To: NYPHP Talk > Subject: RE: [nycphp-talk] Casting and list > > > > > to do this type of thing. It's a type-sensitive mysql_fetch_row() > > (which is really what I'd like): > > > > http://pcomd.net/mysql_get_row > > > > but it's a little heavy and annoying in some ways. Alas, the yin-yang > > of a type-less language. > > In case anyone is interested, I ended up just revising the above PCOM to > be more robust. After the revision, I dropped the function into our > development intranet site and it's running smoothly without any > performance change - of course, it is an intranet :) The actual > castings done by mysql_get_row() are documented in the source - it's > just a type cast mysql_fetch_row(). > > H > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From hans at newyorkphp.com Mon Dec 22 16:39:32 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Mon, 22 Dec 2003 16:39:32 -0500 Subject: [nycphp-talk] Casting and list Message-ID: <688BD1502D7CA547800722B3501F62BB3F546A@ms03.mailstreet2003.net> > > > to do this type of thing. It's a type-sensitive mysql_fetch_row() > > > (which is really what I'd like): > > > > > > http://pcomd.net/mysql_get_row > > Assuming that this code will be executed on every (or most) database > queries, it would be much more efficient to use a switch > statement instead of all those else/if's. I was on the fence about this, too. From what I've heard/read/understood, switch statements become more efficient than if/else when there are about 4 or more test cases (switch statements have a considerable overhead to setup). This is from C, so frankly I don't know if it holds true under PHP, too. I'd be interested to see both cases run through some profiler and I'll change the PCOM accordingly :) > There should also optimally be a catch all, just incase all if's are false. The catch all is implied. If the type isn't known, the type should be a string, which is what mysql_fetch_row() itself always returns - so no need to do any casting. H From nyphp at websapp.com Mon Dec 22 16:47:31 2003 From: nyphp at websapp.com (Daniel Kushner) Date: Mon, 22 Dec 2003 16:47:31 -0500 Subject: [nycphp-talk] Casting and list In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F546A@ms03.mailstreet2003.net> Message-ID: > I was on the fence about this, too. From what I've > heard/read/understood, switch statements become more efficient than > if/else when there are about 4 or more test cases (switch statements > have a considerable overhead to setup). This is from C, so frankly I > don't know if it holds true under PHP, too. I'd be interested to see > both cases run through some profiler and I'll change the PCOM > accordingly :) > > > There should also optimally be a catch all, just incase all if's are > false. Could you send me some stand-alone code (2 versions) that I could abuse in the Zend Profiler? > The catch all is implied. If the type isn't known, the type should be a > string, which is what mysql_fetch_row() itself always returns - so no > need to do any casting. IMHO PCOM would be more robust the less it relies on other API's. But I guess that the chances of mysql_fetch_row() changing it's behavior is very remote. --Daniel From dmintz at davidmintz.org Mon Dec 22 22:38:36 2003 From: dmintz at davidmintz.org (David Mintz) Date: Mon, 22 Dec 2003 22:38:36 -0500 (EST) Subject: [nycphp-talk] meeting tomorrow (attn: Hans) In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F546A@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB3F546A@ms03.mailstreet2003.net> Message-ID: Hey Hans I think I'm probably gonna miss the 2003-12-23 meeting -- I mention this just because it was I who was publicly asking you for a spiel on pAuth, so it would be rather ungracious of me to fail silently to show up for it. Gotta go home and take care of this: http://davidmintz.org/gabi.450.jpg -- so her mommy can hit the gym (-: --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jonbaer at jonbaer.net Tue Dec 23 03:07:29 2003 From: jonbaer at jonbaer.net (jon baer) Date: Tue, 23 Dec 2003 03:07:29 -0500 Subject: [nycphp-talk] PHP 5 install questions ... Message-ID: <000501c3c92b$cf9a2bb0$6400a8c0@thinkpad> since i had no luck w/ the previous 2 betas i tried the 3rd ... it seems to be working smoothly although i have one small install question ... there is no more built in mysql anymore so i enabled php_mysql.dll but what/or how do you enable libmysql.dll? is it needed or is it for mysqli stuff (mysql > 4.1) i had really been hoping there would be an easier way to run php4/5 side by side and use .php5 files for testing (btw im extremely happy that much of my work was backward compatible) ... @ the moment i have a small script renaming php4ts.dll back and forth - in case of anything ... anyone else have solutions? i would have been nice to have php5ts.dll + LoadModule php5_module c:\php5\sapi\php5apache2.dll one thing i noticed is that my apache logs got completely filled up w/ php notices on exceptions (i normally handle error handling page by page, but not normally on an included definition page - so i end up w/something like: PHP Notice: Use of undefined constant FOO - assumed 'FOO') - normal? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From felix at students.poly.edu Tue Dec 23 04:31:42 2003 From: felix at students.poly.edu (felix zaslavskiy) Date: Tue, 23 Dec 2003 04:31:42 -0500 Subject: [nycphp-talk] PHP 5 install questions ... In-Reply-To: <000501c3c92b$cf9a2bb0$6400a8c0@thinkpad> References: <000501c3c92b$cf9a2bb0$6400a8c0@thinkpad> Message-ID: <20031223043142.1cb90ba8.felix@students.poly.edu> > i had really been hoping there would be an easier way to run php4/5 side by > side and use .php5 files for testing (btw im extremely happy that much of my > work was backward compatible) ... @ the moment i have a small script > renaming php4ts.dll back and forth - in case of anything ... anyone else > have solutions? i would have been nice to have php5ts.dll + LoadModule > php5_module c:\php5\sapi\php5apache2.dll > > one thing i noticed is that my apache logs got completely filled up w/ php > notices on exceptions (i normally handle error handling page by page, but > not normally on an included definition page - so i end up w/something like: > PHP Notice: Use of undefined constant FOO - assumed 'FOO') - normal? I been wanting to give php5 a try also. So I will experiment also. I think its a good idea to have php5 work with .php5 files. Its possible to configure apache to do this. I can let you know once i get it done for myself. It may be possilbe to direct all the Error stuff from php to a different log file i have to look into that. felix From hans at newyorkphp.com Tue Dec 23 08:21:18 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Tue, 23 Dec 2003 08:21:18 -0500 Subject: [nycphp-talk] Casting and list Message-ID: <688BD1502D7CA547800722B3501F62BB3F551D@ms03.mailstreet2003.net> > Could you send me some stand-alone code (2 versions) that I > could abuse in the Zend Profiler? See two files, attached. > IMHO PCOM would be more robust the less it relies on other > API's. But I guess that the chances of mysql_fetch_row() changing it's > behavior is very remote. My thinking - on both points - exactly. H -------------- next part -------------- A non-text attachment was scrubbed... Name: mysql_get_row.switch.pcom Type: application/octet-stream Size: 2171 bytes Desc: mysql_get_row.switch.pcom URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: mysql_get_row.ifelse.pcom Type: application/octet-stream Size: 2109 bytes Desc: mysql_get_row.ifelse.pcom URL: From hans at newyorkphp.com Tue Dec 23 08:24:32 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Tue, 23 Dec 2003 08:24:32 -0500 Subject: [nycphp-talk] MySQL is very smart - but why does this work? Message-ID: <688BD1502D7CA547800722B3501F62BB3F551E@ms03.mailstreet2003.net> > SELECT * FROM archives WHERE genre_match = 2 > > it selects the rows whose genre_match column has the following info > - 2 > - 2, 34, 96 > - 14, 2, 25 To be honest, I'm not sure why that works - but I wouldn't rely on it. My initial guess is that some esoteric cast behavior is surfacing, since that behavior is undocumented AFAIK. I'd recommend doing it The Right Way (tm). H From hans at newyorkphp.com Tue Dec 23 08:26:05 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Tue, 23 Dec 2003 08:26:05 -0500 Subject: [nycphp-talk] meeting tomorrow (attn: Hans) Message-ID: <688BD1502D7CA547800722B3501F62BB3F551F@ms03.mailstreet2003.net> > I think I'm probably gonna miss the 2003-12-23 meeting -- I > mention this > just because it was I who was publicly asking you for a spiel > on pAuth, so > it would be rather ungracious of me to fail silently to show > up for it. No problem - thanks for the note. I think I'll be doing a brief talk on pAuth anyway since a couple others have expressed interest in hearing about it. If I miss you tonight David, have a nice holiday - and see you next year :) H From sailer at bnl.gov Tue Dec 23 08:31:19 2003 From: sailer at bnl.gov (Tim Sailer) Date: Tue, 23 Dec 2003 08:31:19 -0500 Subject: [nycphp-talk] MySQL is very smart - but why does this work? In-Reply-To: <688BD1502D7CA547800722B3501F62BB3F551E@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB3F551E@ms03.mailstreet2003.net> Message-ID: <20031223133119.GA20468@bnl.gov> On Tue, Dec 23, 2003 at 08:24:32AM -0500, Hans Zaunere wrote: > > SELECT * FROM archives WHERE genre_match = 2 > > > > it selects the rows whose genre_match column has the following info > > - 2 > > - 2, 34, 96 > > - 14, 2, 25 > > To be honest, I'm not sure why that works - but I wouldn't rely on it. > My initial guess is that some esoteric cast behavior is surfacing, since > that behavior is undocumented AFAIK. I'd recommend doing it The Right > Way (tm). I agree. It looks like the server is casting it to the 'set' type. I would play with that, since it's looking like that kind of behavior is what you want. Like Hans said, don't rely on undocumented behaviour. Tim -- Tim Sailer Information and Special Technologies Program Office of CounterIntelligence Brookhaven National Laboratory (631) 344-3001 From geek at invisiblemute.com Tue Dec 23 10:14:07 2003 From: geek at invisiblemute.com (=?iso-8859-1?Q?invisiblemute?=) Date: Tue, 23 Dec 2003 10:14:07 -0500 Subject: =?iso-8859-1?Q?[nycphp-talk] meeting tomorrow (attn: Hans)?= Message-ID: <20031223151407.7.qmail@hosting33.com> > Gotta go home and take care of this: > http://davidmintz.org/gabi.450.jpg -- so her mommy can hit the gym (-: > Awwwwwwww :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From geek at invisiblemute.com Tue Dec 23 11:06:31 2003 From: geek at invisiblemute.com (=?iso-8859-1?Q?invisiblemute?=) Date: Tue, 23 Dec 2003 11:06:31 -0500 Subject: [nycphp-talk] Ticketing and Bug Tracking software Message-ID: <20031223160631.16635.qmail@hosting33.com> Recommendations on ticketing and bug tracking software (preferably in PHP)? I've only ever used Bugzilla which I thought was pretty useful and nice once you got used to the clunky interface. Thanks. Jasper -------------- next part -------------- An HTML attachment was scrubbed... URL: From tgales at tgaconnect.com Tue Dec 23 11:11:03 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 23 Dec 2003 11:11:03 -0500 Subject: [nycphp-talk] Ticketing and Bug Tracking software In-Reply-To: <20031223160631.16635.qmail@hosting33.com> Message-ID: <005b01c3c96f$5d90f640$bf8d3818@oberon1> Please look into mantis at: http://mantisbt.sourceforge.net/ I am presently trying to set up some infrastructure (like bug tracking) and need some help. If you could learn Mantis real quick -- that would be a big help... T. Gales & Associates Helping People Connect with Technology http://www.tgaconnect.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of invisiblemute Sent: Tuesday, December 23, 2003 11:07 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] Ticketing and Bug Tracking software Recommendations on ticketing and bug tracking software (preferably in PHP)? I've only ever used Bugzilla which I thought was pretty useful and nice once you got used to the clunky interface. Thanks. Jasper From sailer at bnl.gov Tue Dec 23 11:43:13 2003 From: sailer at bnl.gov (Tim Sailer) Date: Tue, 23 Dec 2003 11:43:13 -0500 Subject: [nycphp-talk] Ticketing and Bug Tracking software In-Reply-To: <20031223160631.16635.qmail@hosting33.com> References: <20031223160631.16635.qmail@hosting33.com> Message-ID: <20031223164313.GA4270@bnl.gov> On Tue, Dec 23, 2003 at 11:06:31AM -0500, invisiblemute wrote: > Recommendations on ticketing and bug tracking software (preferably in PHP)? I've only ever used Bugzilla which I thought was pretty useful and nice once you got used to the clunky interface. Thanks. One of the best free ones out there is 'Request Tracker'. Not php, but great stuff anyway. Tim -- Tim Sailer Information and Special Technologies Program Office of CounterIntelligence Brookhaven National Laboratory (631) 344-3001 From geek at invisiblemute.com Tue Dec 23 12:17:34 2003 From: geek at invisiblemute.com (=?iso-8859-1?Q?invisiblemute?=) Date: Tue, 23 Dec 2003 12:17:34 -0500 Subject: =?iso-8859-1?Q?RE: [nycphp-talk] Ticketing and Bug Tracking software?= Message-ID: <20031223171735.17313.qmail@hosting33.com> -------Original Message------- > From: Tim Gales > > I forgot to specifically say that the infrastructure > stuff I am working on is for the Clew project Very cool. Looking forward to helping out as much as I can... "Um, Hans? How many sugars did you want in your coffee?" > written php code (the guys at NYPHP are > pretty talented). One look at any of my code and people will think I'm retarded. > If you want to learn how to program -- the best way > is to look at good code. ( I expect to lean a lot > from this project -- that's why I got involved). Hehe... good code? I don't have anyone smart to tell me what's written well and what's not. > Anyway, even bug-tracking is more glamorous > than what I' m doing right now. I'm in the bling-bling life of on-line forms and surveys. I'm a former designer who has fallen from grace. Tried to throw in a little artistic flair with fading yellow background. "Change it back to the solid yellow." "Dave, my mind is going. I can feel it. I can feel it. My mind is going. There is no question about it. I can feel it. I can feel it. I can feel it. I?m afraid." > >>If ?you could learn Mantis real quick -- > >> that would be a big help.. Sure, we're installing it here at work at this very moment. Thanks for the recommendation. Jasper -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.net Tue Dec 23 12:26:20 2003 From: jonbaer at jonbaer.net (jon baer) Date: Tue, 23 Dec 2003 12:26:20 -0500 Subject: [nycphp-talk] MySQL is very smart - but why does this work? References: <688BD1502D7CA547800722B3501F62BB3F551E@ms03.mailstreet2003.net> <20031223133119.GA20468@bnl.gov> Message-ID: <002d01c3c979$e1974980$6400a8c0@thinkpad> im just curious, what is the column type from your example? it seems that it is the 'normal' way to insert data using a set if the column is setup for that specific type ... in which case it seems you use (or are suppose to use) FIND_IN_SET() ... http://www.mysql.com/doc/en/SET.html - jon From jonbaer at jonbaer.net Tue Dec 23 12:44:21 2003 From: jonbaer at jonbaer.net (jon baer) Date: Tue, 23 Dec 2003 12:44:21 -0500 Subject: [nycphp-talk] Where to get more PHP5 examples? Message-ID: <006a01c3c97c$661adcb0$6400a8c0@thinkpad> http://www.php.net/NEWS_PHP_5_0_0b3.txt can anyone give examples or explain the usages for these 2 features: * Added possibility to call PHP functions as XSLT-functions. (Christian) * Added possibility to prevent PHP from registering variables when input filter support is used. (Derick) - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From lists at ny-tech.net Tue Dec 23 12:52:38 2003 From: lists at ny-tech.net (Nasir Zubair) Date: Tue, 23 Dec 2003 12:52:38 -0500 Subject: [nycphp-talk] Ticketing and Bug Tracking software In-Reply-To: <20031223160631.16635.qmail@hosting33.com> Message-ID: <000a01c3c97d$8f8a3400$6401a8c0@main> I'm using PerlDesk ( http://www.perldesk.com ). It is perl, and not free anymore. I got a license as compensation for some work I did for a client. The best one to date is Desk Pro by www.deskpro.com , php/mysql. They just released version 2, and it looks overwhelmingly fantastic. It is $795. You get full source which you can customize for your own need. My employer has been using 1.1 for over 2 years. They have modified it so much that it isn't possible for them to upgrade to version 2. -----Original Message----- From: invisiblemute [mailto:geek at invisiblemute.com] Sent: Tuesday, December 23, 2003 11:07 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] Ticketing and Bug Tracking software Recommendations on ticketing and bug tracking software (preferably in PHP)? I've only ever used Bugzilla which I thought was pretty useful and nice once you got used to the clunky interface. Thanks. Jasper From jonbaer at jonbaer.net Tue Dec 23 12:54:27 2003 From: jonbaer at jonbaer.net (jon baer) Date: Tue, 23 Dec 2003 12:54:27 -0500 Subject: [nycphp-talk] Software experts find MySQL code exceptionally clean Message-ID: <007901c3c97d$cf4c3980$6400a8c0@thinkpad> http://searchenterpriselinux.techtarget.com/originalContent/0,289142,sid39_g ci941817,00.html a pretty good read ... the report itself can be downloaded @ http://www.reasoning.com/downloads/mysql.html reasoning seems to do pretty good audits, does php itself go to third-parties like that? i just like the fact that a company would not turn around and explain that "your auditing sucks vs. your code sucks" and simply just fix the problems, i find alot of open coded projects can benefit like that. - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From shiflett at php.net Tue Dec 23 14:16:54 2003 From: shiflett at php.net (Chris Shiflett) Date: Tue, 23 Dec 2003 11:16:54 -0800 (PST) Subject: [nycphp-talk] prevention of csrf attack In-Reply-To: <20031222015702.5c791d72.felix@students.poly.edu> Message-ID: <20031223191654.39439.qmail@web14309.mail.yahoo.com> --- felix zaslavskiy wrote: > > > At any rate, this particular weakness is easily resolved by making > > the token only shared between the server and the legitimate user > > (rather than just keeping a pool of valid tokens). By storing this > > value in the user's session, it requires that the attacker guess > > that user's specific token. > > That only complicates things a little because now the attacker has to > retrive the secret token using the session id of the user. So the > first fake request has to be to request the form page grabe the token > and then resubmit second fake request with the token. Well, now you're combining attacks and making a very big assumption: that the session management mechanism is weak. If someone can impersonate the legitimate user, a CSRF attack is not even necessary, so no intelligent attacker is going to bother trying after that point. CSRF attacks are generally only useful when impersonation is more difficult. To clarify this, recall that CSRF attacks are basically a way to trick the legitimate user into sending a request of your choosing. If you can make the application believe that you are the legitimate user, there is no longer any need for CSRF, because you can now do whatever you want, and the application will mistake your identity. I recently wrote an article about session security in PHP Magazine that you can download for free from http://www.phpmag.net/ssl/phppdf/. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From danielc at analysisandsolutions.com Tue Dec 23 15:29:23 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 23 Dec 2003 15:29:23 -0500 Subject: [nycphp-talk] preg_match and extended ASCII In-Reply-To: <3FE73111.1070008@optonline.net> References: <3FE73111.1070008@optonline.net> Message-ID: <20031223202923.GA9008@panix.com> Hi Jeff: On Mon, Dec 22, 2003 at 12:59:45PM -0500, Jeff Siegel wrote: > I'm using preg_match to verify form data. I'm not sure how to handle > accented characters, e.g., an "e" with an accent as in Mazda Proteg?. > Obviously the following pattern ( '/^[a-z0-9()\/\'"|&,. -]{2,55}$/i' ) > doesn't cut it. I had tried [[:alnum:]] but that didn't do it either. You can add acceptable foreign character ranges in there. Putting the following in would allow all foreign chars: ?-??-??-? But, that may not come through nicely via email. So, assuming a character set of ISO-8859-1: ORDINAL: 192-214 216-246 248-255 HEX: c0-d6 d8-f6 f8-ff OCTAL: 300-326 330-366 370-377 All of these provide coverage for case sensitive matches, so is overkill for the case insensitive pattern you proposed, but this isn't a big deal. You can also put the hex representations in preg using \xhh syntax (so "\xc0" for example) and octals in via \ddd syntax (ie: "\300"). Enjoy, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From joshmccormack at travelersdiary.com Tue Dec 23 15:28:48 2003 From: joshmccormack at travelersdiary.com (Josh McCormack) Date: Tue, 23 Dec 2003 15:28:48 -0500 Subject: [nycphp-talk] php5 classes & financial aid In-Reply-To: <003e01c3c843$49003420$0300a8c0@acepc> References: <003e01c3c843$49003420$0300a8c0@acepc> Message-ID: <3FE8A580.8080000@travelersdiary.com> There's a program in NY that's sponsored by the City and State - I think the org is called the Workers Consortium, or something like that. They offer money for classes to make you employable. The classes have to be on an approved list of some sort though, so someone at NYPHP would have to check into getting that done. Josh ace wrote: > I would like to know about any financial aid that may be offered for the > NY-PHP courses. > I am currently unemployed/self employed, trying to make any possible > living as a php developer, systems administrator, and network > administrator. > I've been working with pup for about 6 years and have developed many > applications, websites, and scripts, including several GEL projects. > I am looking to learn more about PHP5 and OOP so that I can become > a more valuable php developer, hopefully resulting in a permanent > position somewhere. > I also plan to develop a large class library and an interface for that > library, to ease php development for beginner developers > (the sourceforge project & .com are already in place). > > I am far beyond basic concepts and have learned a great deal from the > web and free sources. > However, I would like to have some legitimate php training on my resume > to justify the skills that I list. > If anyone knows of any grants, scholarships, or other funds available to > lower working class, low income persons, please send me information. > I would love to have the opportunity to expand my skills, and be ahead > of the php5 oop revolution and become a much needed asset in the > marketplace. > > -mike > > > ------------------------------------------------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From northcloud2000 at yahoo.com Tue Dec 23 15:34:40 2003 From: northcloud2000 at yahoo.com (Cloud N.) Date: Tue, 23 Dec 2003 12:34:40 -0800 (PST) Subject: [nycphp-talk] I need help In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745E348@ffth-exc01.thompsonhealth.org> Message-ID: <20031223203440.3111.qmail@web42003.mail.yahoo.com> Hello, Keith J Richardson, Thanks for your message. It is a good hint. Happy holiday. Rena --- Keith J Richardson wrote: > I looked through the image functions, and dont see > anything that you would do what you want. But there > are some things. > > What I would do - is calculate the path of the text > along the arc, and how long each of the characters > are. Then you would get the bottom-left coordinates > of each image, and the rotation angle. > > I would then load a separate image script, that > would load the image of just that character, and > then rotate it, and stick it in on the arc where you > want it. > > It sounds like a lot of math, but it is :P Maybe > someone made/will make a function to do this :P > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of > Cloud N. > Sent: Wednesday, December 17, 2003 9:14 AM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] I need help > > > Hello, everyone, > > I need some help to figure out how to implement > below > issue. > > I want to put some text which should be Arch with > Radius in a dynamically created image. What can I do > for it? > > I appreciate for all replies. > > Rena > > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ From danielc at analysisandsolutions.com Tue Dec 23 15:35:13 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 23 Dec 2003 15:35:13 -0500 Subject: [nycphp-talk] Form field length vs. Database field length In-Reply-To: <3FE74717.3000002@netzero.com> References: <688BD1502D7CA547800722B3501F62BB3F53CD@ms03.mailstreet2003.net> <3FE74717.3000002@netzero.com> Message-ID: <20031223203513.GB9008@panix.com> On Mon, Dec 22, 2003 at 02:33:43PM -0500, Scott Mattocks wrote: > >That is to say, only call htmlspecialchars() when you're about to display > >the data, rather than before storing it. > > That is probably what we will end up doing, but I don't like it. I > would rather only mess with the data when it is submitted but it doesn't > seem like that is going to be possible. And what if some charming individual on staff (or whatever) that has direct access to the database decides to (maliciously?) update data directly? In short, data needs to be cleaned up before being displayed. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Tue Dec 23 15:45:42 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 23 Dec 2003 15:45:42 -0500 Subject: [nycphp-talk] PHP 5 install questions ... In-Reply-To: <000501c3c92b$cf9a2bb0$6400a8c0@thinkpad> References: <000501c3c92b$cf9a2bb0$6400a8c0@thinkpad> Message-ID: <20031223204542.GC9008@panix.com> Hi Jon: On Tue, Dec 23, 2003 at 03:07:29AM -0500, jon baer wrote: > > it seems to be working smoothly although i have one small install question > ... there is no more built in mysql anymore so i enabled php_mysql.dll but > what/or how do you enable libmysql.dll? is it needed or is it for mysqli > stuff (mysql > 4.1) MySQL is in the windows builds. Just go into php.ini and remove the ";" in front of "extension=php_mysql.dll" > i had really been hoping there would be an easier way to run php4/5 side by > side Tell me about it. I've heard this will be fixed. > one thing i noticed is that my apache logs got completely filled up w/ php > notices on exceptions (i normally handle error handling page by page, but > not normally on an included definition page - so i end up w/something like: > PHP Notice: Use of undefined constant FOO - assumed 'FOO') - normal? Guess your error reporting settings (either in the scripts or in php.ini) are different. Anyway, notices are good to know about. You really should address them. So, set error reporting to E_ALL. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From jonbaer at jonbaer.net Tue Dec 23 15:45:44 2003 From: jonbaer at jonbaer.net (jon baer) Date: Tue, 23 Dec 2003 15:45:44 -0500 Subject: [nycphp-talk] Native PHP functions in MySQL? Message-ID: <002501c3c995$bd01d5b0$6400a8c0@thinkpad> i noticed this project just recently: http://freshmeat.net/projects/judf/?topic_id=66 basically a wrapper using mysql w/ CREATE FUNCTION foo RETURNS STRING SONAME "foo.so"; to run Java natively ... so you could do this: mysql> SELECT foo("classes/MyClasss", COLUMN1, COLUMN2) FROM foobar; i wonder what the major advantages of this really are or if its overkill, im assuming the same thing could be done w/ php ... but beyond filtering what would it be good for? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From dcech at phpwerx.net Tue Dec 23 16:28:04 2003 From: dcech at phpwerx.net (Dan Cech) Date: Tue, 23 Dec 2003 16:28:04 -0500 Subject: [nycphp-talk] Form field length vs. Database field length In-Reply-To: <20031223203513.GB9008@panix.com> References: <688BD1502D7CA547800722B3501F62BB3F53CD@ms03.mailstreet2003.net> <3FE74717.3000002@netzero.com> <20031223203513.GB9008@panix.com> Message-ID: <3FE8B364.8040600@phpwerx.net> Amen to that, I just finished an email to Jeff on this very subject, should be appearing in a PHundamental very soon. Essentially though, htmlentities or any other type of content encoding should be done when text is output to whatever format it is being output to. If you decided in the future sometime to output your data in pdf, you would have to go through and unhtmlentities (html_entity_decode) everything, no fun. Dan Cech Daniel Convissor wrote: > On Mon, Dec 22, 2003 at 02:33:43PM -0500, Scott Mattocks wrote: > >>>That is to say, only call htmlspecialchars() when you're about to display >>>the data, rather than before storing it. >> >>That is probably what we will end up doing, but I don't like it. I >>would rather only mess with the data when it is submitted but it doesn't >>seem like that is going to be possible. > > > And what if some charming individual on staff (or whatever) that has > direct access to the database decides to (maliciously?) update data > directly? > > In short, data needs to be cleaned up before being displayed. > > --Dan > From agfische at email.smith.edu Tue Dec 23 19:26:44 2003 From: agfische at email.smith.edu (Aaron Fischer) Date: Tue, 23 Dec 2003 19:26:44 -0500 Subject: [nycphp-talk] Form field length vs. Database field length In-Reply-To: <3FE8B364.8040600@phpwerx.net> References: <688BD1502D7CA547800722B3501F62BB3F53CD@ms03.mailstreet2003.net> <3FE74717.3000002@netzero.com> <20031223203513.GB9008@panix.com> <3FE8B364.8040600@phpwerx.net> Message-ID: This was an interesting thread to follow and one that I would definitely appreciate seeing in PHundamentals. Let's go Jeff! :-) -Aaron On Dec 23, 2003, at 4:28 PM, Dan Cech wrote: > I just finished an email to Jeff on this very subject, should be > appearing in a PHundamental very soon. From dan at mx2pro.com Thu Dec 25 19:53:03 2003 From: dan at mx2pro.com (Dan Horning) Date: Thu, 25 Dec 2003 19:53:03 -0500 Subject: [nycphp-talk] Happy Holidays to all. Message-ID: <20031226005338.D6800A85A6@virtu.nyphp.org> Happy holidays to you and your loved ones May the joy within be abundant and freely given to all Happy New Year!!!!! Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office) 1-518-383-7877 (Home) From jsiegel1 at optonline.net Fri Dec 26 09:03:38 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 26 Dec 2003 09:03:38 -0500 Subject: [nycphp-talk] preg_match and extended ASCII In-Reply-To: <20031223202923.GA9008@panix.com> References: <3FE73111.1070008@optonline.net> <20031223202923.GA9008@panix.com> Message-ID: <3FEC3FBA.5020009@optonline.net> Thanks! That worked fine! Jeff Daniel Convissor wrote: > Hi Jeff: > > On Mon, Dec 22, 2003 at 12:59:45PM -0500, Jeff Siegel wrote: > >>I'm using preg_match to verify form data. I'm not sure how to handle >>accented characters, e.g., an "e" with an accent as in Mazda Proteg?. >>Obviously the following pattern ( '/^[a-z0-9()\/\'"|&,. -]{2,55}$/i' ) >>doesn't cut it. I had tried [[:alnum:]] but that didn't do it either. > > > You can add acceptable foreign character ranges in there. Putting the > following in would allow all foreign chars: ?-??-??-? > > But, that may not come through nicely via email. So, assuming a character > set of ISO-8859-1: > ORDINAL: 192-214 216-246 248-255 > HEX: c0-d6 d8-f6 f8-ff > OCTAL: 300-326 330-366 370-377 > > All of these provide coverage for case sensitive matches, so is overkill > for the case insensitive pattern you proposed, but this isn't a big deal. > > You can also put the hex representations in preg using \xhh syntax (so > "\xc0" for example) and octals in via \ddd syntax (ie: "\300"). > > Enjoy, > > --Dan > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dcech at phpwerx.net Fri Dec 26 12:11:55 2003 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 26 Dec 2003 12:11:55 -0500 Subject: [nycphp-talk] Native PHP functions in MySQL? In-Reply-To: <002501c3c995$bd01d5b0$6400a8c0@thinkpad> References: <002501c3c995$bd01d5b0$6400a8c0@thinkpad> Message-ID: <3FEC6BDB.3000600@phpwerx.net> Actually there is a UDF which can execute PHP code already. Written by David Sklar, you can find it here: As for usefulness, it could be very handy if you wanted to for instance implement partial order nested sets: There are plenty of situations where the ability to execute php code could be a Good Thing, though for most cases the same results can be achieved with SQL-99 stored procedures, which are supported in MySQL 5.x and much more portable than embedded php code. Dan Cech jon baer wrote: > i noticed this project just recently: > > http://freshmeat.net/projects/judf/?topic_id=66 > > basically a wrapper using mysql w/ CREATE FUNCTION foo RETURNS STRING > SONAME "foo.so"; to run Java natively ... so you could do this: > > mysql> SELECT foo("classes/MyClasss", COLUMN1, COLUMN2) FROM foobar; > > i wonder what the major advantages of this really are or if its overkill, im > assuming the same thing could be done w/ php ... but beyond filtering what > would it be good for? > > - jon > > pgp key: http://www.jonbaer.net/jonbaer.asc > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From csnyder at chxo.com Fri Dec 26 13:48:39 2003 From: csnyder at chxo.com (Chris Snyder) Date: Fri, 26 Dec 2003 13:48:39 -0500 Subject: [nycphp-talk] Native PHP functions in MySQL? In-Reply-To: <3FEC6BDB.3000600@phpwerx.net> References: <002501c3c995$bd01d5b0$6400a8c0@thinkpad> <3FEC6BDB.3000600@phpwerx.net> Message-ID: <3FEC8287.8000506@chxo.com> Wow, thanks Dan! An excellent Boxing Day gift to those of us without Oracle. :-) I'm just beginning to wrap my head around the Nested Set approach, having always used a Materialized Path. It's always nice to find that there's more than one way to do it. The clew project (NYPHP's new mailing list / forum) uses a Celko-style Nested Set to store the message heirarchy, courtesy of Hans Zaunere's pNSM class. Once we work through the implementation and have it up and running, it would be a great idea to take a shot at the Partial Order approach spelled out by Tropashko, using myphp to do the math. csnyder Dan Cech wrote: > Actually there is a UDF which can execute PHP code already. Written > by David Sklar, you can find it here: > > > > As for usefulness, it could be very handy if you wanted to for > instance implement partial order nested sets: > > > > There are plenty of situations where the ability to execute php code > could be a Good Thing, though for most cases the same results can be > achieved with SQL-99 stored procedures, which are supported in MySQL > 5.x and much more portable than embedded php code. > > Dan Cech > > jon baer wrote: > >> i noticed this project just recently: >> >> http://freshmeat.net/projects/judf/?topic_id=66 >> >> basically a wrapper using mysql w/ CREATE FUNCTION foo RETURNS STRING >> SONAME "foo.so"; to run Java natively ... so you could do this: >> >> mysql> SELECT foo("classes/MyClasss", COLUMN1, COLUMN2) FROM foobar; >> >> i wonder what the major advantages of this really are or if its >> overkill, im >> assuming the same thing could be done w/ php ... but beyond filtering >> what >> would it be good for? >> >> - jon >> >> pgp key: http://www.jonbaer.net/jonbaer.asc >> fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From dcech at phpwerx.net Fri Dec 26 14:03:02 2003 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 26 Dec 2003 14:03:02 -0500 Subject: [nycphp-talk] Native PHP functions in MySQL? In-Reply-To: <3FEC8287.8000506@chxo.com> References: <002501c3c995$bd01d5b0$6400a8c0@thinkpad> <3FEC6BDB.3000600@phpwerx.net> <3FEC8287.8000506@chxo.com> Message-ID: <3FEC85E6.4040008@phpwerx.net> Yeah, I've seen a little of the clew discussion, I'm kinda new to the whole nyphp thing so I'm a little behind. Why did you decide on Nested Sets? I have had good success in the past with Modified Preorder Traversal Trees in MySQL and Postgres, basically a mixture of Nested Sets and adjacency tables, with the advantages (and disadvantages) of both. They seem to be to be a little more robust than vanilla nested sets, as well as giving you more options for retrieving data. For a sample implementation see phpGACL, we haven't released a version using the new trees yet, but everything is in CVS and undergoing final testing prior to release. I also have an implementation of all the functions required for Tropashko's Partial Order Nested Sets in PHP, might have to have a play with those when I get some free time. Dan Chris Snyder wrote: > Wow, thanks Dan! An excellent Boxing Day gift to those of us without > Oracle. :-) > > I'm just beginning to wrap my head around the Nested Set approach, > having always used a Materialized Path. It's always nice to find that > there's more than one way to do it. > > The clew project (NYPHP's new mailing list / forum) uses a Celko-style > Nested Set to store the message heirarchy, courtesy of Hans Zaunere's > pNSM class. Once we work through the implementation and have it up and > running, it would be a great idea to take a shot at the Partial Order > approach spelled out by Tropashko, using myphp to do the math. > > csnyder > > > Dan Cech wrote: > >> Actually there is a UDF which can execute PHP code already. Written >> by David Sklar, you can find it here: >> >> >> >> As for usefulness, it could be very handy if you wanted to for >> instance implement partial order nested sets: >> >> >> >> There are plenty of situations where the ability to execute php code >> could be a Good Thing, though for most cases the same results can be >> achieved with SQL-99 stored procedures, which are supported in MySQL >> 5.x and much more portable than embedded php code. >> >> Dan Cech >> >> jon baer wrote: >> >>> i noticed this project just recently: >>> >>> http://freshmeat.net/projects/judf/?topic_id=66 >>> >>> basically a wrapper using mysql w/ CREATE FUNCTION foo RETURNS STRING >>> SONAME "foo.so"; to run Java natively ... so you could do this: >>> >>> mysql> SELECT foo("classes/MyClasss", COLUMN1, COLUMN2) FROM foobar; >>> >>> i wonder what the major advantages of this really are or if its >>> overkill, im >>> assuming the same thing could be done w/ php ... but beyond filtering >>> what >>> would it be good for? >>> >>> - jon >>> >>> pgp key: http://www.jonbaer.net/jonbaer.asc >>> fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Fri Dec 26 14:05:43 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 26 Dec 2003 14:05:43 -0500 Subject: [nycphp-talk] Native PHP functions in MySQL? In-Reply-To: <3FEC8287.8000506@chxo.com> Message-ID: <000601c3cbe3$43429e80$bf8d3818@oberon1> Chris Snyder writes: "...it would be a great idea to take a shot at the Partial Order approach spelled out by Tropashko, using myphp to do the math." I am not so certain a PHP function will bring more to the table than a udf written in C. I hesitate to say anything because unlike you ("... wrap[ing] my head around the Nested Set approach...") I am rapping my head against the nested set model. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From dcech at phpwerx.net Fri Dec 26 14:15:30 2003 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 26 Dec 2003 14:15:30 -0500 Subject: [nycphp-talk] Native PHP functions in MySQL? In-Reply-To: <3FEC85E6.4040008@phpwerx.net> References: <002501c3c995$bd01d5b0$6400a8c0@thinkpad> <3FEC6BDB.3000600@phpwerx.net> <3FEC8287.8000506@chxo.com> <3FEC85E6.4040008@phpwerx.net> Message-ID: <3FEC88D2.9020408@phpwerx.net> Sorry, should have given you a couple of URLs in my last post: phpGACL: http://phpgacl.sourceforge.net/ (interesting code can be checked out of anonymous cvs) Modified Preorder Traversal Trees: http://www.sitepoint.com/article/1105/ Dan Cech Dan Cech wrote: > Yeah, I've seen a little of the clew discussion, I'm kinda new to the > whole nyphp thing so I'm a little behind. > > Why did you decide on Nested Sets? I have had good success in the past > with Modified Preorder Traversal Trees in MySQL and Postgres, basically > a mixture of Nested Sets and adjacency tables, with the advantages (and > disadvantages) of both. They seem to be to be a little more robust than > vanilla nested sets, as well as giving you more options for retrieving > data. > > For a sample implementation see phpGACL, we haven't released a version > using the new trees yet, but everything is in CVS and undergoing final > testing prior to release. > > I also have an implementation of all the functions required for > Tropashko's Partial Order Nested Sets in PHP, might have to have a play > with those when I get some free time. > > Dan > > Chris Snyder wrote: > >> Wow, thanks Dan! An excellent Boxing Day gift to those of us without >> Oracle. :-) >> >> I'm just beginning to wrap my head around the Nested Set approach, >> having always used a Materialized Path. It's always nice to find that >> there's more than one way to do it. >> >> The clew project (NYPHP's new mailing list / forum) uses a Celko-style >> Nested Set to store the message heirarchy, courtesy of Hans Zaunere's >> pNSM class. Once we work through the implementation and have it up and >> running, it would be a great idea to take a shot at the Partial Order >> approach spelled out by Tropashko, using myphp to do the math. >> >> csnyder >> >> >> Dan Cech wrote: >> >>> Actually there is a UDF which can execute PHP code already. Written >>> by David Sklar, you can find it here: >>> >>> >>> >>> As for usefulness, it could be very handy if you wanted to for >>> instance implement partial order nested sets: >>> >>> >>> >>> There are plenty of situations where the ability to execute php code >>> could be a Good Thing, though for most cases the same results can be >>> achieved with SQL-99 stored procedures, which are supported in MySQL >>> 5.x and much more portable than embedded php code. >>> >>> Dan Cech >>> >>> jon baer wrote: >>> >>>> i noticed this project just recently: >>>> >>>> http://freshmeat.net/projects/judf/?topic_id=66 >>>> >>>> basically a wrapper using mysql w/ CREATE FUNCTION foo RETURNS STRING >>>> SONAME "foo.so"; to run Java natively ... so you could do this: >>>> >>>> mysql> SELECT foo("classes/MyClasss", COLUMN1, COLUMN2) FROM foobar; >>>> >>>> i wonder what the major advantages of this really are or if its >>>> overkill, im >>>> assuming the same thing could be done w/ php ... but beyond >>>> filtering what >>>> would it be good for? >>>> >>>> - jon >>>> >>>> pgp key: http://www.jonbaer.net/jonbaer.asc >>>> fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 >>>> >>>> _______________________________________________ >>>> talk mailing list >>>> talk at lists.nyphp.org >>>> http://lists.nyphp.org/mailman/listinfo/talk >>>> >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >> >> >> >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Fri Dec 26 14:27:21 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 26 Dec 2003 14:27:21 -0500 Subject: [nycphp-talk] Native PHP functions in MySQL? In-Reply-To: <3FEC6BDB.3000600@phpwerx.net> Message-ID: <000701c3cbe6$487db3a0$bf8d3818@oberon1> Dan Cech writes: > Actually there is a UDF which can execute PHP code already. > Written by > David Sklar, ... > >As for usefulness, it could be very handy if you wanted to for instance >implement partial order nested sets... Great post! It is the embodiment of a 'gestalt' in that it puts two things together in such a way as to form something (usually an idea) which is greater than the sum of its parts. A 'gestalt' tends to make you want to say 'Aha'... I certainly exclaimed just that after reading your post... T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From adam at trachtenberg.com Fri Dec 26 15:46:17 2003 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Fri, 26 Dec 2003 15:46:17 -0500 (EST) Subject: [nycphp-talk] Where to get more PHP5 examples? In-Reply-To: <006a01c3c97c$661adcb0$6400a8c0@thinkpad> References: <006a01c3c97c$661adcb0$6400a8c0@thinkpad> Message-ID: On Tue, 23 Dec 2003, jon baer wrote: > * Added possibility to call PHP functions as XSLT-functions. (Christian) You have an XSLT stylesheet. You want to translate an XML document. As part of the transformation you want to call some PHP function to grab text out of a database, format code, return a DOM object, etc. I haven't gotten around to writing up a nice description of this, but if you've got the tarball check out ext/xsl/xslt011.* for examples. It's pretty neat. > * Added possibility to prevent PHP from registering variables when input > filter support is used. (Derick) I actually don't remember what this is. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From danielc at analysisandsolutions.com Sat Dec 27 00:55:08 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 27 Dec 2003 00:55:08 -0500 Subject: [nycphp-talk] security focus again Message-ID: <20031227055507.GA16832@panix.com> Stuff from this past week... osCommerce SQL Injection Vulnerability http://www.securityfocus.com/bid/9211 osCommerce osCsid Parameter Cross-Site Scripting Vulnerabili... http://www.securityfocus.com/bid/9238 W-Agora Multiple Remote Vulnerabilities http://www.securityfocus.com/bid/9226 Aardvark Topsites PHP Multiple Vulnerabilities http://www.securityfocus.com/bid/9231 Invision Power Top Site List Offset SQL Injection Vulnerabil... http://www.securityfocus.com/bid/9229 Invision Power Board Index.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/9232 Autorank PHP Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/9251 Michael Dean Double Choco Latte Multiple Module Remote File ... http://www.securityfocus.com/bid/9235 SOLMETRA SPAW Editor spaw_control.class.PHP Remote PHP File ... http://www.securityfocus.com/bid/9247 -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From southwell at dneba.com Mon Dec 29 22:44:50 2003 From: southwell at dneba.com (Michael Southwell) Date: Mon, 29 Dec 2003 22:44:50 -0500 Subject: [nycphp-talk] need help with magic-quotes for PHundamentals Message-ID: <6.0.1.1.2.20031229224205.01c02290@mail.optonline.net> I'm finishing up the article on php.ini settings to which many of you have contributed over the past month and a half, and I need a bit more help on this one issue. There seems to be a consensus that the three magic_quotes settings should be off except in certain very limited circumstances. 1. is this accurate? 2. what are (examples of) those very limited circumstances? Michael G. Southwell ================================= DNEBA Enterprises 81 South Road Bloomingdale, NJ 07403-1419 973/492-7873 (voice and fax) southwell at dneba.com http://www.dneba.com ====================================================== From dcech at phpwerx.net Mon Dec 29 22:50:13 2003 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 29 Dec 2003 22:50:13 -0500 Subject: [nycphp-talk] need help with magic-quotes for PHundamentals In-Reply-To: <6.0.1.1.2.20031229224205.01c02290@mail.optonline.net> References: <6.0.1.1.2.20031229224205.01c02290@mail.optonline.net> Message-ID: <3FF0F5F5.4080407@phpwerx.net> 1. Yes. 2. Can't think of any right now. Dan Cech Michael Southwell wrote: > I'm finishing up the article on php.ini settings to which many of you > have contributed over the past month and a half, and I need a bit more > help on this one issue. > > There seems to be a consensus that the three magic_quotes settings > should be off except in certain very limited circumstances. > 1. is this accurate? > 2. what are (examples of) those very limited circumstances? > > Michael G. Southwell ================================= > DNEBA Enterprises > 81 South Road > Bloomingdale, NJ 07403-1419 > 973/492-7873 (voice and fax) > southwell at dneba.com > http://www.dneba.com > ====================================================== > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From danielc at analysisandsolutions.com Tue Dec 30 00:11:57 2003 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 30 Dec 2003 00:11:57 -0500 Subject: [nycphp-talk] need help with magic-quotes for PHundamentals In-Reply-To: <6.0.1.1.2.20031229224205.01c02290@mail.optonline.net> References: <6.0.1.1.2.20031229224205.01c02290@mail.optonline.net> Message-ID: <20031230051157.GA8685@panix.com> On Mon, Dec 29, 2003 at 10:44:50PM -0500, Michael Southwell wrote: > 1. is this accurate? Yes. > 2. what are (examples of) those very limited circumstances? You're a lousy/lazy/sloppy programmer. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From dmintz at davidmintz.org Tue Dec 30 09:30:26 2003 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 30 Dec 2003 09:30:26 -0500 (EST) Subject: [nycphp-talk] need help with magic-quotes for PHundamentals In-Reply-To: <20031230051157.GA8685@panix.com> References: <6.0.1.1.2.20031229224205.01c02290@mail.optonline.net> <20031230051157.GA8685@panix.com> Message-ID: On Tue, 30 Dec 2003, Daniel Convissor wrote: > On Mon, Dec 29, 2003 at 10:44:50PM -0500, Michael Southwell wrote: > > > 1. is this accurate? > > Yes. > > > > 2. what are (examples of) those very limited circumstances? > > You're a lousy/lazy/sloppy programmer. You call this is a "very limited circumstance"? Seriously though, folks.... it raises the question why does PHP have this feature[?] at all? Maybe it's in the same bag as register_globals -- i.e., seemed like a good idea at the time. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From southwell at dneba.com Tue Dec 30 09:38:26 2003 From: southwell at dneba.com (Michael Southwell) Date: Tue, 30 Dec 2003 09:38:26 -0500 Subject: [nycphp-talk] need help with magic-quotes for PHundamentals In-Reply-To: <20031230051157.GA8685@panix.com> References: <6.0.1.1.2.20031229224205.01c02290@mail.optonline.net> <20031230051157.GA8685@panix.com> Message-ID: <6.0.1.1.2.20031230093558.01c2f8e8@mail.optonline.net> At 12:11 AM 12/30/2003, you wrote: >On Mon, Dec 29, 2003 at 10:44:50PM -0500, Michael Southwell wrote: > > > 1. is this accurate? > >Yes. > > > > 2. what are (examples of) those very limited circumstances? > >You're a lousy/lazy/sloppy programmer. ya gotta love this guy - he always goes straight to the heart of the issue! :-) ok, I've got enough info. Watch for an announcement soon about the beta of this article. >--Dan > >-- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 >_______________________________________________ >talk mailing list >talk at lists.nyphp.org >http://lists.nyphp.org/mailman/listinfo/talk Michael G. Southwell ================================= DNEBA Enterprises 81 South Road Bloomingdale, NJ 07403-1419 973/492-7873 (voice and fax) southwell at dneba.com http://www.dneba.com ====================================================== From tgales at tgaconnect.com Tue Dec 30 10:07:33 2003 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 30 Dec 2003 10:07:33 -0500 Subject: [nycphp-talk] need help with magic-quotes for PHundamentals In-Reply-To: Message-ID: <000a01c3cee6$a795fb10$bf8d3818@oberon1> David Mintz writes: "...Maybe it's in the same bag as register_globals -- i.e., seemed like a good idea at the time..." from http://www.php.net/release_4_1_0.php "...we've decided to attempt a far-reaching change, and deprecate register_globals..." I don't know of movement to deprecate the 'magic' stuff. magic quotes provides another way to 'skin the cat' -- i.e. it is a non-orthogonal language feature. Orthogonality comes from the mathematic property of some arrays. "Of or relating to a matrix whose transpose equals its inverse" http://dictionary.reference.com/search?q=orthogonal Harry Fuecks suggests: That if you never use stripslashes you can avoid doing things the 'six way' in places and the 'half a dozen way' in others. (at least that's my interpetation) You can read it at: http://www.webmasterstop.com/tutorials/magic-quotes.shtml if you\'re interested. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From dmintz at davidmintz.org Tue Dec 30 16:22:12 2003 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 30 Dec 2003 16:22:12 -0500 (EST) Subject: [nycphp-talk] need help with magic-quotes for PHundamentals In-Reply-To: <000a01c3cee6$a795fb10$bf8d3818@oberon1> References: <000a01c3cee6$a795fb10$bf8d3818@oberon1> Message-ID: On Tue, 30 Dec 2003, Tim Gales wrote: > i.e. it is a non-orthogonal language feature. > > Orthogonality comes from the mathematic property of some arrays. > "Of or relating to a matrix whose transpose equals its inverse" > http://dictionary.reference.com/search?q=orthogonal > I think I\'ll take your word for it (-: > Harry Fuecks suggests: > That if you never use stripslashes you can avoid doing things > the 'six way' in places and the 'half a dozen way' in others. > (at least that's my interpetation) > > You can read it at: > http://www.webmasterstop.com/tutorials/magic-quotes.shtml > if you\'re interested. Yes, I see he says "In retrospect, the PHP crew probably wish they'd never provided magic_quotes..." --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From hans at newyorkphp.com Wed Dec 31 12:28:18 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Wed, 31 Dec 2003 12:28:18 -0500 Subject: [nycphp-talk] Software experts find MySQL code exceptionally clean Message-ID: <688BD1502D7CA547800722B3501F62BB59DA8F@ms03.mailstreet2003.net> > http://searchenterpriselinux.techtarget.com/originalContent/0, > 289142,sid39_g > ci941817,00.html > > a pretty good read ... > > the report itself can be downloaded @ > http://www.reasoning.com/downloads/mysql.html Uplifting report - MySQL is good stuff :) > reasoning seems to do pretty good audits, does php itself go > to third-parties like that? i just like the fact that a I *seem* to remember at one point there was an audit in process from a couple OpenBSD folks of PHP. I'm not sure where it stands, or even if it's continuing. Maybe we can push reasoning to take on the complete AMP suite (Apache is probably pretty well set, but PHP would benefit from it). H From hans at newyorkphp.com Wed Dec 31 12:38:50 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Wed, 31 Dec 2003 12:38:50 -0500 Subject: [nycphp-talk] need help with magic-quotes for PHundamentals Message-ID: <688BD1502D7CA547800722B3501F62BB59DA97@ms03.mailstreet2003.net> > I'm finishing up the article on php.ini settings to which > many of you have contributed over the past month and a half, > and I need a bit more help on this one issue. > > There seems to be a consensus that the three magic_quotes > settings should be off except in certain very limited circumstances. > 1. is this accurate? No.. they should never be on... > 2. what are (examples of) those very limited circumstances? Exactly. :) Not to beat a dead horse, but I think a lot of PHP's "convenience" settings (like register_globals, magic_this and magic_that) fall into the "it seemed like a good idea at the time" department. For the most part, the php.ini-recommended is the way to go - http://cvs.php.net/co.php/php-src/php.ini-recommended?login=2&r=1.148 H From jonbaer at jonbaer.net Wed Dec 31 12:56:22 2003 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 31 Dec 2003 12:56:22 -0500 Subject: [nycphp-talk] Software experts find MySQL code exceptionally clean References: <688BD1502D7CA547800722B3501F62BB59DA8F@ms03.mailstreet2003.net> Message-ID: <001d01c3cfc7$66dac240$6400a8c0@thinkpad> >>> it's continuing. Maybe we can push reasoning to take on the complete AMP suite (Apache is probably pretty well set, but PHP would benefit from it). <<< indeed it would benefit the selling point of using open source in the 'enterprise' w/ more professional audit reports (vs. just regular articles) ... i also wish the same principles would then afterwards be applied to open source packages themselves ... - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From dmintz at davidmintz.org Wed Dec 31 13:07:49 2003 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 31 Dec 2003 13:07:49 -0500 (EST) Subject: [nycphp-talk] Software experts find MySQL code exceptionally clean In-Reply-To: <688BD1502D7CA547800722B3501F62BB59DA8F@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB59DA8F@ms03.mailstreet2003.net> Message-ID: On Wed, 31 Dec 2003, Hans Zaunere wrote: > I *seem* to remember at one point there was an audit in process from a > couple OpenBSD folks of PHP. I'm not sure where it stands, or even if > it's continuing. Maybe we can push reasoning to take on the complete > AMP suite (Apache is probably pretty well set, but PHP would benefit > from it). I seem to remember seeing something on Slashdot about an audit of Apache 2.something where they found it had substantially more... what do they call them? D/KLSC (for Defects per Thousand Lines of Source Code)? ... than Apache 1.3.something. Then came the musings and speculation: you know how we anthropomorphize software all the time (it 'complains', 'dies', you 'kill' a process, it 'thinks' this or 'doesn't care' about that...). Well perhaps the life cycle metaphor is more apt than we thought. Could it be that software -- even the venerable Apache httpd -- eventually gets old and starts losing its teeth, libido,.etc.? --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jsiegel1 at optonline.net Wed Dec 31 13:17:41 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 31 Dec 2003 13:17:41 -0500 Subject: [nycphp-talk] PHP as CGI Binary Message-ID: <3FF312C5.3030304@optonline.net> In an impending project, I will most likely have to use PHP as a CGI Binary in a shared server environment. Just wondering what kind of "gotchas" I should look out for. Jeff Siegel From jonbaer at jonbaer.net Wed Dec 31 15:41:49 2003 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 31 Dec 2003 15:41:49 -0500 Subject: [nycphp-talk] Any PHP5-related books out? Message-ID: <008401c3cfde$83fef780$6400a8c0@thinkpad> greetings ... i was just wondering if there are any new php books out dealing w/ just php5 (or early adaptor stuff) ... or if there is anything ahead for publications in 2004? happy new year everyone + thanks for providing an extremely informative, educational, and insightful programming list ... - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From shiflett at php.net Wed Dec 31 15:53:55 2003 From: shiflett at php.net (Chris Shiflett) Date: Wed, 31 Dec 2003 12:53:55 -0800 (PST) Subject: [nycphp-talk] Any PHP5-related books out? In-Reply-To: <008401c3cfde$83fef780$6400a8c0@thinkpad> Message-ID: <20031231205355.70534.qmail@web14303.mail.yahoo.com> --- jon baer wrote: > i was just wondering if there are any new php books out dealing w/ > just php5 (or early adaptor stuff) ... or if there is anything ahead > for publications in 2004? I'd say the majority of them will be published in 2004. I know of at least two right now: one from O'Reilly and one from Sams. There are four NYPHPers involved in the O'Reilly one. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jonbaer at jonbaer.net Wed Dec 31 16:31:25 2003 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 31 Dec 2003 16:31:25 -0500 Subject: [nycphp-talk] Any PHP5-related books out? References: <20031231205355.70534.qmail@web14303.mail.yahoo.com> Message-ID: <000b01c3cfe5$71cff3a0$6400a8c0@thinkpad> > I'd say the majority of them will be published in 2004. I know of at least > two right now: one from O'Reilly and one from Sams. There are four > NYPHPers involved in the O'Reilly one. Cool ... Id take it will be something coming out @ same time as the Security Handbook? Is there any approx. dates? - jon From joel at tagword.com Wed Dec 31 16:42:34 2003 From: joel at tagword.com (Joel De Gan) Date: Wed, 31 Dec 2003 16:42:34 -0500 Subject: [nycphp-talk] Software experts find MySQL code exceptionally clean In-Reply-To: References: <688BD1502D7CA547800722B3501F62BB59DA8F@ms03.mailstreet2003.net> Message-ID: <1072906953.3206.11.camel@bezel> On Wed, 2003-12-31 at 13:07, David Mintz wrote: > that...). Well perhaps the life cycle metaphor is more apt than we > thought. Could it be that software -- even the venerable Apache httpd -- > eventually gets old and starts losing its teeth, libido,.etc.? I like this idea and I am highly amused by the comic fodder it provides. In particular in regards to MS products. Take, for one example, Outlook and it's battle with viagra (read spam).. :) -- joeldg - developer, Intercosmos media group. http://lucifer.intercosmos.net From shiflett at php.net Wed Dec 31 16:58:41 2003 From: shiflett at php.net (Chris Shiflett) Date: Wed, 31 Dec 2003 13:58:41 -0800 (PST) Subject: [nycphp-talk] Any PHP5-related books out? In-Reply-To: <000b01c3cfe5$71cff3a0$6400a8c0@thinkpad> Message-ID: <20031231215841.22277.qmail@web14311.mail.yahoo.com> --- jon baer wrote: > Cool ... Id take it will be something coming out @ same time as the > Security Handbook? Is there any approx. dates? I'd bet money that the PHP 5 book will be out before mine. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From hans at newyorkphp.com Wed Dec 31 17:41:31 2003 From: hans at newyorkphp.com (Hans Zaunere) Date: Wed, 31 Dec 2003 17:41:31 -0500 Subject: [nycphp-talk] PHP as CGI Binary Message-ID: <688BD1502D7CA547800722B3501F62BB59DB32@ms03.mailstreet2003.net> > In an impending project, I will most likely have to use PHP > as a CGI Binary in a shared server environment. Just > wondering what kind of "gotchas" I should look out for. Depending on the complexity and scope of the project, the differences are generally minimal from what I've seen. The big one is permissions - CGI scripts can be run as their owner/group, rather than that of Apache itself. Another thing to consider is that each request to a CGI script is it's own process, which then exits when finished. This probably isn't hugely important in most cases, but something to keep in mind. Also, Apache specific functions (http://php.net/apache) aren't available. Lastly, if the script works on the command line, it'll generally work as a CGI (since the CGI/CLI versions of PHP are closely related, vs the Apache SAPI). H From sklar at sklar.com Wed Dec 31 17:55:39 2003 From: sklar at sklar.com (David Sklar) Date: Wed, 31 Dec 2003 17:55:39 -0500 (EST) Subject: [nycphp-talk] Any PHP5-related books out? In-Reply-To: <20031231205355.70534.qmail@web14303.mail.yahoo.com> Message-ID: On Wed, 31 Dec 2003, Chris Shiflett wrote: > --- jon baer wrote: > > i was just wondering if there are any new php books out dealing w/ > > just php5 (or early adaptor stuff) ... or if there is anything ahead > > for publications in 2004? > > I'd say the majority of them will be published in 2004. I know of at least > two right now: one from O'Reilly and one from Sams. There are four > NYPHPers involved in the O'Reilly one. In addition to the books that Chris mentioned, Learning PHP (O'Reilly) will cover PHP 5. It will be available probably in May or June. There is also some PHP 5 stuff (a chapter on SimpleXML, highlights of PHP5 features and compatibility of other modules and accelerators) in Essential PHP Tools (Apress) which will be out in March. David From jsiegel1 at optonline.net Wed Dec 31 19:04:40 2003 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 31 Dec 2003 19:04:40 -0500 Subject: [nycphp-talk] PHP as CGI Binary In-Reply-To: <688BD1502D7CA547800722B3501F62BB59DB32@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB59DB32@ms03.mailstreet2003.net> Message-ID: <3FF36418.6000104@optonline.net> Hans, Thanks for the info. For the most part, it seems there isn't too much to be concerned about (I won't be using any of the Apache specific functions). What about setting my own php.ini file? I'd like to turn off magic_quotes and register_globals (and probably a few other things). Should I just code around this or can I safely overwrite the php.ini file that is in cgi-bin? Jeff P.S. The interesting thing, when I try to view the php.ini file that is in cgi-bin, I only see a few settings. Hans Zaunere wrote: >>In an impending project, I will most likely have to use PHP >>as a CGI Binary in a shared server environment. Just >>wondering what kind of "gotchas" I should look out for. > > > Depending on the complexity and scope of the project, the differences > are generally minimal from what I've seen. The big one is permissions - > CGI scripts can be run as their owner/group, rather than that of Apache > itself. > > Another thing to consider is that each request to a CGI script is it's > own process, which then exits when finished. This probably isn't hugely > important in most cases, but something to keep in mind. Also, Apache > specific functions (http://php.net/apache) aren't available. Lastly, if > the script works on the command line, it'll generally work as a CGI > (since the CGI/CLI versions of PHP are closely related, vs the Apache > SAPI). > > H > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!"