php-general Digest 28 Dec 2004 01:19:57 -0000 Issue 3194

[php-general-digest-help]

php-general Digest 28 Dec 2004 01:19:57 -0000 Issue 3194

Topics (messages 205202 through 205224):

Recommend a free shopping cart app?
        205202 by: Bosky, Dave
        205205 by: Matthew Weier O'Phinney

Re: negative numbers
        205203 by: Greg Donald
        205217 by: Ford, Mike

Re: $HTTP_POST array
        205204 by: Burhan Khalid

Re: A serious bug? "or" operator gives out diffferent results depending on 
order of operands
        205206 by: Jose M.Herrera
        205218 by: Rory Browne
        205224 by: Thomas Goyne

How to set an absolute include path?
        205207 by: Brian Dunning
        205208 by: Brian Dunning
        205209 by: Jay Blanchard
        205210 by: John Holmes
        205211 by: John Nichel
        205213 by: Jordi Canals
        205223 by: Jeffery Fernandez

Re: emailing files...
        205212 by: Manuel Lemos

OpenSource -webshop?
        205214 by: Wiberg

LDAP_SEARCH filter syntax help
        205215 by: jtennyson.att.net
        205216 by: jtennyson.att.net

Making includes and requires safe.
        205219 by: Todd Cary
        205220 by: Jay Blanchard

PHP based Apache admin tool?
        205221 by: Brian Dunning
        205222 by: M. Sokolewicz

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        php-general@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

I was looking for a nice 'Free' shopping cart app that I can plug into my
website and wanted some recommendations.

I've written some good ones in Cold Fusion and don't feel like converting
them to PHP at the moment.

 

Thanks,

Dave

 



HTC Disclaimer:  The information contained in this message may be privileged 
and confidential and protected from disclosure. If the reader of this message 
is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that 
any dissemination, distribution or copying of this communication is strictly 
prohibited.  If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer.  
Thank you.

--- End Message ---

--- Begin Message ---

* Dave Bosky <[EMAIL PROTECTED]>:
> I was looking for a nice 'Free' shopping cart app that I can plug into my
> website and wanted some recommendations.

osCommerce and ZenCart are both very nice -- the latter is derived from
the former, by the way. They require a bit of work to integrate with an
existing site, but both are highly configurable.

-- 
Matthew Weier O'Phinney           | mailto:[EMAIL PROTECTED]
Webmaster and IT Specialist       | http://www.garden.org
National Gardening Association    | http://www.kidsgardening.com
802-863-5251 x156                 | http://nationalgardenmonth.org

--- End Message ---

--- Begin Message ---

On Mon, 27 Dec 2004 18:16:21 +0800, Jason Wong <[EMAIL PROTECTED]> wrote:
> ternary:
> 
>    $doo = -20;
>    for ($i = 1; $i < 10000000; $i++) {
>        $dah = ($doo < 0) ? - $doo : $doo;
>    }
> 
> abs():
> 
>    $doo = -20;
>    for ($i = 1; $i < 10000000; $i++) {
>        $dah = abs($doo);
>    }
> 
> It turns out that abs() is slightly faster - as you might have guessed,
> otherwise I wouldn't be posting this ;-)
> 
> ternary = 14.67 secs
> abs()   = 14.10 secs


With PHP 5.03 I found the exact opposite results, ternary is slightly faster:

> time ./ternary.php ;time ./abs.php 

real    0m53.242s
user    0m26.655s
sys     0m0.017s

real    0m53.625s
user    0m26.732s
sys     0m0.019s


There has to be more overhead in calling a function than not,
especially after seeing the function.


PHP_FUNCTION(abs)
{
    zval **value;

    if (ZEND_NUM_ARGS()!=1||zend_get_parameters_ex(1, &value)==FAILURE) {
        WRONG_PARAM_COUNT;
    }

    convert_scalar_to_number_ex(value);

    if (Z_TYPE_PP(value) == IS_DOUBLE) {
        RETURN_DOUBLE(fabs(Z_DVAL_PP(value)));
    } else if (Z_TYPE_PP(value) == IS_LONG) {
        if (Z_LVAL_PP(value) == LONG_MIN) {
            RETURN_DOUBLE(-(double)LONG_MIN);
        } else {
            RETURN_LONG(Z_LVAL_PP(value) < 0 ? -Z_LVAL_PP(value) :
Z_LVAL_PP(value));
        }
    }

    RETURN_FALSE;
}


-- 
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/

--- End Message ---

--- Begin Message ---

To view the terms under which this email is distributed, please go to 
http://disclaimer.leedsmet.ac.uk/email.htm



> -----Original Message-----
> From: Jason Wong
> Sent: 27/12/04 10:16
> 
> On Monday 27 December 2004 12:40, Richard Lynch wrote:
> 
> > If you want to mimic the behaviour of abs (allowing for positive
> numbers)
> > and performance was an issue, that:
> > $x = ($x < 0) ? - $x : $x;
> >
> > is most likely faster than abs()
> 
> Having nothing better to do I decided to benchmark this:
> 
> ternary:
> 
>     $doo = -20;
>     for ($i = 1; $i < 10000000; $i++) {
>         $dah = ($doo < 0) ? - $doo : $doo;
>     }
> 
> abs():
> 
>     $doo = -20;
>     for ($i = 1; $i < 10000000; $i++) {
>         $dah = abs($doo);
>     }

That's not a valid benchmark, since only on the first pass through the loop
is $doo negative.  Personally, I'd want to test it with equal numbers of
positive and negative values, and I'd want to know the contribution of the
loop and value-setup overhead, so I'd write it like this:

    $t = microtime();
    $oh = $t[1] + $t[0];
    for ($i=1; $i<10000000; $i++) {
        $doo = 20 * ($i%2?-1:1);
    }
    $t = microtime();
    $oh = $t[1] + $t[0] -$oh;

    $t = microtime();
    $tern = $t[1] + $t[0];
    for ($i=1; $i<10000000; $i++) {
        $doo = 20 * ($i%2?-1:1);
        $dah = ($doo<0) ? -$doo : $doo;
    }
    $t = microtime();
    $tern = $t[1] + $t[0] -$tern;

    $t = microtime();
    $abs = $t[1] + $t[0];
    for ($i=1; $i<10000000; $i++) {
        $doo = 20 * ($i%2?-1:1);
        $dah = abs($doo);
    }
    $t = microtime();
    $tern = $t[1] + $t[0] - $abs;

    echo "<p>Overhead = ", number_format($oh, 2), "sec<br />\n";
    echo "Ternary = ", number_format($tern, 2),
         " sec; less overhead = ", number_format($tern-$oh, 2),
         " sec<br />\n";
    echo "Abs() = ", number_format($abs, 2),
         " sec; less overhead = ", number_format($abs-$oh, 2),
         " sec\n</p>";

I don't have access to a php system right now, or I'd run it (just out of
curiosity!).  Anyone who wants to grab the above and test it is welcome...
;)

Cheers!

Mike

--- End Message ---

--- Begin Message --- kalinga wrote:

Dear all,
Is it possible to pass the entire $HTTP_POST array to a function of a class
as a variable?

Use $_POST -- its automatically in scope of every function (you don't need to pass it).

You can pass any array to a function.
--- End Message ---

--- Begin Message ---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rory Browne wrote:
| I think what Jose is trying to say, is that because 'or' has a lower
| precidence than =, you are interpreting the expression wrong.

Yes, I was trying to say that. The () are very important when you need
to use OR, AND, ||, &&, etc...

Bye!, Merry Christmas and a happy new year for all!!

- --
Jose Miguel Herrera M.  -  User #246070 counter.li.org
Est.Ing.Civil Informatica - UTFSM
Valparaiso, Chile -  http://www.inf.utfsm.cl/~jherrera
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB0DJ/l/j2VHFHn8wRAp7DAJwOKLs64UJMDiLFpOv/4vJ494UZxgCeJPzh
WTBDqE0yj4abqyM9Nabjm4Y=
=sH6h
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

I think what this highlights is that the or operator isn't supposed to
be used in that way. It is simply supposed to be used to add a back
door to failed function calls.
ie
mysql_connect(args) or die("mysql connection failed")

If you want to return true when either $a or $b is true, then use ||.
eg

$ret = $a || $b;
return $a || $b; // although 'or' would work here too

In the end, whilst you should try to have a general idea of the
precidence operators, for the purpose of debugging other peoples code,
you should always parentisize your own.

Generally however there is no need to parentisize everything to the
right of the assignment operator(=), since besides 'and', 'or', 'xor',
and the comma operator. The only time I see the need to parentisize
everything to the right is when using the xor operator, since there is
no equivlent above the = operator.

Check out http://www.php.net/manual/en/language.operators.logical.php
and follow the link to operator Precidence.

Sorry if you recieved this twice. I forgot to cc it to the list first
time around.

--- End Message ---

--- Begin Message --- On Mon, 27 Dec 2004 21:19:39 +0000, Rory Browne <[EMAIL PROTECTED]> wrote:

Generally however there is no need to parentisize everything to the
right of the assignment operator(=), since besides 'and', 'or', 'xor',
and the comma operator. The only time I see the need to parentisize
everything to the right is when using the xor operator, since there is
no equivlent above the = operator.

$a = $b ^^ $c;

--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

http://www.smempire.org
--- End Message ---

--- Begin Message --- Is there a command that will set the include path to the web server root?

I'm trying to set up a directory structure where include files will be called from all different folder depths, so I'll need to call them absolutely like:

  include('/includes/file.php');

where the above will work no matter from which level it's called. Thanks...

- Brian
--- End Message ---

--- Begin Message --- I should add that I'd heard that the following will set the include_path to the server root, no matter where you call includes from:

ini_set ("include_path", ini_get ("include_path") . ':../:../../:../../../:../../../../');

But this doesn't seem to be doing it for me. Also my development server is Windows and my production server is BSD, in case that affects things...
--- End Message ---

--- Begin Message ---

[snip]
Is there a command that will set the include path to the web server 
root?

I'm trying to set up a directory structure where include files will be 
called from all different folder depths, so I'll need to call them 
absolutely like:

   include('/includes/file.php');

where the above will work no matter from which level it's called. 
Thanks...
[/snip]

Just define one, using http://www.php.net/define

--- End Message ---

--- Begin Message --- Brian Dunning wrote:

Is there a command that will set the include path to the web server root?

I'm trying to set up a directory structure where include files will be called from all different folder depths, so I'll need to call them absolutely like:

  include('/includes/file.php');

where the above will work no matter from which level it's called. Thanks...

That should work from anywhere it's called because it's an absolute path, but I doubt you have an "includes" directory at the root level, do you?

Either way, you can set the include path in php.ini, an .htaccess file or using ini_set().

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com
--- End Message ---

--- Begin Message --- Brian Dunning wrote:

Is there a command that will set the include path to the web server root?

I'm trying to set up a directory structure where include files will be called from all different folder depths, so I'll need to call them absolutely like:

  include('/includes/file.php');

where the above will work no matter from which level it's called. Thanks...

- Brian

You can set your include path in a variety of ways...

.htaccess (per directory/vhost)
httpd.conf (per vhost)
php.ini (global)
ini_set() (per script)

--
John C. Nichel
�berGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]

--- End Message ---

--- Begin Message ---

On Mon, 27 Dec 2004 08:27:25 -0800, Brian Dunning
<[EMAIL PROTECTED]> wrote:

> Is there a command that will set the include path to the web server
> root?
 
set_include_path($_SERVER['DOCUMENT_ROOT'];

> I'm trying to set up a directory structure where include files will be
> called from all different folder depths, so I'll need to call them
> absolutely like:
> 
>    include('/includes/file.php');

include ('includes/file.php');
Note that there is no slash at the begining.

> where the above will work no matter from which level it's called.
> Thanks...

Think this two instructions will help you to solve this. I have not
tested today but used similar solutions on the past.

Best regards,
Jordi.

--- End Message ---

--- Begin Message ---

Brian Dunning wrote:

I should add that I'd heard that the following will set the include_path to the server root, no matter where you call includes from:

ini_set ("include_path", ini_get ("include_path") . ':../:../../:../../../:../../../../');

But this doesn't seem to be doing it for me. Also my development server is Windows and my production server is BSD, in case that affects things...

Since you problem is also needs to be OS independent, I have written a short article about this subject. It covers both windows and linux based servers as the path to a folder is a bit different when it comes to windows. http://melbourne.ug.php.net/content/view/55/62/

cheers,
Jeffery
http://melbourne.ug.php.net

--- End Message ---

--- Begin Message ---

Hello,

on 12/27/2004 05:50 AM Gregory Machin said the following:

I would like to email some log files as attachments, all the examples
use an html page with a file input box, how can i do it without the
file input box.

You may want to try the message composing and sending class. It lets you attach files to the messages specifying their file names (on your server disk). Take a look at the test_attachment_message.php example:

http://www.phpclasses.org/mimemessage

--

Regards,
Manuel Lemos

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/

Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html

--- End Message ---

--- Begin Message ---

Hi there!

I have a thougt of making my site OpenSource. It's a webshop, so I'm
unsecure about the
security... Maybe someone will use the sourcecode for malicious attacks
instead of making
the code better? What are your thoughts about this? *curious*

/G
@varupiraten.se
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.5 - Release Date: 2004-12-26

--- End Message ---

--- Begin Message ---

Hello,

I am just starting to familiarize myself with LDAP and I am having problems 
with a simple search when using a filter with multiple criteria. I'm trying to 
return distinguishedname attribute when a match exists for both samaccountname 
AND telephonenumber.  The syntax I am using is:

ldapsearch <connect string> 
(&(samaccountname=johndoe)(telephonenumber=555-555-5555)) distinguishedname

I keep getting this error:
(telephonenumber was unexpected at this time.

Thanks in advance,

Jason

--- End Message ---

--- Begin Message ---

Hello,

I am just starting to familiarize myself with LDAP and I am having problems 
with a simple search when using a filter with multiple criteria. I'm trying to 
return distinguishedname attribute when a match exists for both samaccountname 
AND telephonenumber.  The syntax I am using is:

ldapsearch <connect string> 
(&(samaccountname=johndoe)(telephonenumber=555-555-5555)) distinguishedname

I keep getting this error:
(telephonenumber was unexpected at this time.

Thanks in advance,

Jason

--- End Message ---

--- Begin Message --- I received the following and I would like to know what is meant by "making includes and requires safe":

[Quote]

News Story by Peter Sayer

DECEMBER 27, 2004 (IDG NEWS SERVICE) - The latest version of the Santy worm poses an elevated risk to many Web sites built using the PHP scripting language, and protection of those sites may involve individually recoding them, security experts warned over the weekend.

Early versions of the Santy worm exploited a specific bug in a bulletin-board software package called phpBB, and their attacks could be prevented by applying a patch to the software (see story). However, the security flaw exploited by newer versions of the worm such as Santy.C or Santy.E is more general, and can occur anywhere a site designer has left the door open for the inclusion of arbitrary files into PHP scripts, experts at K-OTik Security in Montpellier, France, warned.

Santy.C and Santy.E behave so differently from Santy.A that K-OTik is renaming the worm PhpInclude.Worm in its advisories, the company said yesterday. The worm doesn't exploit the vulnerabilities in phpBB targeted by its predecessor, instead aiming for a wider range of common programming errors in PHP Web pages. It uses search engines including Google, Yahoo and AOL to identify exploitable Web pages written in PHP that use the functions "include()" and "require()" in an insecure manner, K-OTik said.

These functions can be used to embed the contents of a file in a Web page. If the site designer used them without sufficient checking of the parameters passed to the function, then an attacker could exploit them to incorporate an arbitrary file in the Web page, rather than the limited range presumably intended by the site designer. From there, depending on the configuration of the Web server, the attacker could move on to take control of the entire machine, K-OTik warned.

To prevent these attacks, it may be necessary to recode the site to use the include() and require() functions in a safe manner.

Eliminating the security flaws exploited by the newer versions of Santy involves no new tricks, and is simply a matter of applying long-known sound programming principles.
--- End Message ---

--- Begin Message ---

[snip]
To prevent these attacks, it may be necessary to recode the site to use 
the include() and require() functions in a safe manner.
[/snip]

>From http://www.php.net/include

"If "URL fopen wrappers" are enabled in PHP (which they are in the
default configuration), you can specify the file to be included using a
URL (via HTTP or other supported wrapper - see Appendix L for a list of
protocols) instead of a local pathname. If the target server interprets
the target file as PHP code, variables may be passed to the included
file using a URL request string as used with HTTP GET. This is not
strictly speaking the same thing as including the file and having it
inherit the parent file's variable scope; the script is actually being
run on the remote server and the result is then being included into the
local script."

"Example 16-7. include() through HTTP

<?php

/* This example assumes that www.example.com is configured to parse .php
 * files and not .txt files. Also, 'Works' here means that the variables
 * $foo and $bar are available within the included file. */

// Won't work; file.txt wasn't handled by www.example.com as PHP
include 'http://www.example.com/file.txt?foo=1&bar=2';

// Won't work; looks for a file named 'file.php?foo=1&bar=2' on the
// local filesystem.
include 'file.php?foo=1&bar=2';

// Works.
include 'http://www.example.com/file.php?foo=1&bar=2';

$foo = 1;
$bar = 2;
include 'file.txt';  // Works.
include 'file.php';  // Works.

?>  "

--- End Message ---

--- Begin Message --- Is there any such thing as a PHP based GUI tool for administering Apache? I've searched high & low and found nothing.

- Brian
--- End Message ---

--- Begin Message --- Brian Dunning wrote:

Is there any such thing as a PHP based GUI tool for administering Apache? I've searched high & low and found nothing.

- Brian

administering what exactly?
--- End Message ---