php-general Digest 23 Jan 2008 13:54:36 -0000 Issue 5252

[php-general-digest-help]

php-general Digest 23 Jan 2008 13:54:36 -0000 Issue 5252

Topics (messages 267879 through 267903):

Re: password hashing and crypt()
        267879 by: Richard Lynch
        267880 by: Chris
        267885 by: Richard Lynch
        267887 by: Chris
        267894 by: Nathan Nobbe
        267895 by: Robert Cummings

Re: including files outside of document root
        267881 by: Richard Lynch

Re: Using mysql_real_escape_string without connecting to mysql
        267882 by: Richard Lynch
        267884 by: Dotan Cohen

Re: Posting Summary for Week Ending 18 January, 2008: [EMAIL PROTECTED]
        267883 by: Richard Lynch
        267897 by: Per Jessen

sessions/cookies
        267886 by: nihilism machine
        267890 by: Eric Butera
        267892 by: Nathan Nobbe

Re: mssql and latin characters
        267888 by: Eric Butera

Re: PHP SOAP Client formats
        267889 by: Samisa Abeysinghe

Re: Upgrade to PHP5 and having issues with mysql
        267891 by: Robert Cummings

Re: Tool for programmer team
        267893 by: Nathan Nobbe

Re: Foreach
        267896 by: Nathan Nobbe
        267900 by: Eric Butera

successful compiled, but errors at use
        267898 by: Andre Hübner

Re: Resetting drop-downlists in input-fields for texts
        267899 by: Tor Vidvei

Re: Best Approach
        267901 by: Al

Re: re-compiling PHP on Mac OS X
        267902 by: mbneto

DOM API Namespaces - help?
        267903 by: Nathan Rixham

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [EMAIL PROTECTED]


----------------------------------------------------------------------

--- Begin Message ---

On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:
> I always make sure that I use a site specific salt which is just
> appended on the user supplied value.  I started doing that when I read
> that people had created huge databases of hashed values that they can
> just search on.  At least this way no matter what the password isn't a
> dictionary word.  As for if that really adds value in the end I can't
> say as I'm not really a security expert.
>
> Eg. hash('sha256', $input.$salt);

The Bad Guys create humongous databases of every dictionary word with
every possible salt...  So what salt you use does not matter...

So I don't think you are really adding any extra security here...

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

--- End Message ---

--- Begin Message ---

Richard Lynch wrote:

On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:

I always make sure that I use a site specific salt which is just
appended on the user supplied value.  I started doing that when I read
that people had created huge databases of hashed values that they can
just search on.  At least this way no matter what the password isn't a
dictionary word.  As for if that really adds value in the end I can't
say as I'm not really a security expert.

Eg. hash('sha256', $input.$salt);

The Bad Guys create humongous databases of every dictionary word with
every possible salt...  So what salt you use does not matter...

Sure it does. I could use my server name or the application's url, the current time, whatever I like and put all of that in the salt. There's no way they'll have that in their dictionary.

As long as I store the salt I know how to compare it again later.

--
Postgresql & php tutorials
http://www.designmagick.com/

--- End Message ---

--- Begin Message ---

On Tue, January 22, 2008 7:43 pm, Chris wrote:
> Richard Lynch wrote:
>> On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:
>>> I always make sure that I use a site specific salt which is just
>>> appended on the user supplied value.  I started doing that when I
>>> read
>>> that people had created huge databases of hashed values that they
>>> can
>>> just search on.  At least this way no matter what the password
>>> isn't a
>>> dictionary word.  As for if that really adds value in the end I
>>> can't
>>> say as I'm not really a security expert.
>>>
>>> Eg. hash('sha256', $input.$salt);
>>
>> The Bad Guys create humongous databases of every dictionary word
>> with
>> every possible salt...  So what salt you use does not matter...
>
> Sure it does. I could use my server name or the application's url, the
> current time, whatever I like and put all of that in the salt. There's
> no way they'll have that in their dictionary.
>
> As long as I store the salt I know how to compare it again later.

For the algorithms used by crypt(), the salt is IN the crypted value.

If the Bad Guy has the crypted value, they already have the salt.

They can maybe make a dictionary that is MUCH larger with every
possible salt, and do a simple comparison.

Or they can quickly write up a crypt()-based script that extracts the
salt and tries the Top 10,000 passwords for each.

Most Un*x systems come with /usr/share/dict/web2, Webster's second
edition dictionary.

It has only 235,882 words in it.

How many possible salts are there?

DES only lets you have 2 chars, a-z, right?

235,882 X 26 X 26 is not exactly a HUGE database of possible values to
have on hand.

The 1$ and 2$ salts are longer, but I suspect still not THAT much longer.

The salt only increases the difficulty by a factor of X, but doesn't
make it geometrically harder to crack -- So a Bad Guy only has to have
X times as much resources, for a relatively small X.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

--- End Message ---

--- Begin Message ---

Richard Lynch wrote:

On Tue, January 22, 2008 7:43 pm, Chris wrote:

Richard Lynch wrote:

On Sat, January 19, 2008 8:24 pm, Eric Butera wrote:

I always make sure that I use a site specific salt which is just
appended on the user supplied value.  I started doing that when I
read
that people had created huge databases of hashed values that they
can
just search on.  At least this way no matter what the password
isn't a
dictionary word.  As for if that really adds value in the end I
can't
say as I'm not really a security expert.

Eg. hash('sha256', $input.$salt);

The Bad Guys create humongous databases of every dictionary word
with
every possible salt...  So what salt you use does not matter...

Sure it does. I could use my server name or the application's url, the
current time, whatever I like and put all of that in the salt. There's
no way they'll have that in their dictionary.

As long as I store the salt I know how to compare it again later.

For the algorithms used by crypt(), the salt is IN the crypted value.

Yeh - I pointed that out here:
http://marc.info/?l=php-general&m=120095678525654&w=2

But Eric's example was using sha256, not crypt.

--
Postgresql & php tutorials
http://www.designmagick.com/

--- End Message ---

--- Begin Message ---

alright, so you guys have responded and im really appreciative.
you have me thinking now..
so what are the real issues here?

   1. portability
   2. security (obviously)

im wondering now if crypt() is really even so practical.  especially
considering the deal where only 2 characters are prepended as the
salt.
in the article i referenced, what theyve done is written a function
that creates a password with a salt whereby the entire salt
will be used in the resultant hash (actually a definable portion thereof):

define('SALT_LENGTH', 9);

function generateHash($plainText, $salt = null)
{
    if ($salt === null)
    {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else
    {
        $salt = substr($salt, 0, SALT_LENGTH);
    }

    return $salt . sha1($salt . $plainText);
}

i must admit that i didnt realize they were not using crypt() in this
function.
i must have glazed over it :(
after all this discussion, im now mostly looking for a reason to use crypt()
rather than to implement a function such as the one above.  it has the
advantage of a known, consistent algorithm, that will be used to generate
the hash, rather than one that could potentially change on a per system or
future release basis; and the salt isnt limited to 2 characters.

-nathan

--- End Message ---

--- Begin Message ---

On Wed, 2008-01-23 at 00:40 -0500, Nathan Nobbe wrote:
> alright, so you guys have responded and im really appreciative.
> you have me thinking now..
> so what are the real issues here?
> 
>    1. portability
>    2. security (obviously)
> 
> im wondering now if crypt() is really even so practical.  especially
> considering the deal where only 2 characters are prepended as the
> salt.
> in the article i referenced, what theyve done is written a function
> that creates a password with a salt whereby the entire salt
> will be used in the resultant hash (actually a definable portion thereof):
> 
> define('SALT_LENGTH', 9);
> 
> function generateHash($plainText, $salt = null)
> {
>     if ($salt === null)
>     {
>         $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
>     }
>     else
>     {
>         $salt = substr($salt, 0, SALT_LENGTH);
>     }
> 
>     return $salt . sha1($salt . $plainText);
> }
> 
> i must admit that i didnt realize they were not using crypt() in this
> function.
> i must have glazed over it :(
> after all this discussion, im now mostly looking for a reason to use crypt()
> rather than to implement a function such as the one above.  it has the
> advantage of a known, consistent algorithm, that will be used to generate
> the hash, rather than one that could potentially change on a per system or
> future release basis; and the salt isnt limited to 2 characters.

Other than supporting legacy apps that used crypt() I don't see any
reason to use it now.

Cheers,
Rob.
-- 
...........................................................
SwarmBuy.com - http://www.swarmbuy.com

    Leveraging the buying power of the masses!
...........................................................

--- End Message ---

--- Begin Message ---

On Tue, January 22, 2008 7:17 pm, Daniel Brown wrote:
> On Jan 22, 2008 8:09 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:
>> Nothing peeves me more than some badly-conceived web-app with no way
>> to move the include files out of the web-tree.
>
>     You may disagree with me on this here, Rich, but the way I do it
> is to have a single include_files.php file containing all of the files
> that need to be included as a whole, and a single configuration
> variable to set where those files are located.  I know that they don't
> all have to be included in that file, but I find it makes it easier,
> since I use all of them with every page load.

Can I put that include_files.php outside the web-tree as well?

Or is the rest of your application bypassing include_path to force it
to be inside the web-tree?

>     I also employ a function safe_include($filename) that uses a
> combination of file_exists($filename), is_file($filename), and
> is_readable($filename).  If the function fails, no PHP error message
> is output if the file can't be found, and the script doesn't
> necessarily halt.  If it's a critical file, instead a message is
> dispatched to my email, and a friendly message is placed on the site
> informing the user that a technical error has been encountered and
> will be repaired ASAP.

This sounds nifty for your own clients, but I don't think it would
work well for, say, BB or Cake or phpMyAdmin...

I'm pretty sure the authors of those don't want an email from every
broken install... :-)

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

--- End Message ---

--- Begin Message ---

On Tue, January 22, 2008 7:01 pm, Dotan Cohen wrote:
> I have a file of my own functions that I include in many places. One
> of them uses mysql_real_escape_string, however, it may be called in a
> context that will or will not connect to a mysql server, and worse,
> may already be connected. So I must avoid connecting. However, when I
> run the script without connecting I get this error:

Don't do that?
:-)

Can the file really do anything useful without the DB?

When there *IS* a connection, how do you access it?

Can't the file check somehow?

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

--- End Message ---

--- Begin Message ---

On 23/01/2008, Richard Lynch <[EMAIL PROTECTED]> wrote:
>
>
> On Tue, January 22, 2008 7:01 pm, Dotan Cohen wrote:
> > I have a file of my own functions that I include in many places. One
> > of them uses mysql_real_escape_string, however, it may be called in a
> > context that will or will not connect to a mysql server, and worse,
> > may already be connected. So I must avoid connecting. However, when I
> > run the script without connecting I get this error:
>
> Don't do that?
> :-)
>
> Can the file really do anything useful without the DB?

The file defines some of my own functions, like these:

function clean_html ($dirty) {
    $dirty=strip_tags($dirty);
    $clean=htmlentities($dirty);
    return $clean;
}

function clean_mysql ($dirty) {
    $dirty=str_replace ("--", "", $dirty);
    $dirty=str_replace (";", "", $dirty);
    $clean=mysql_real_escape_string($dirty);
    return $clean;
}

I use these functions in many places, so I simply put them all in a
file and include it in each page.

> When there *IS* a connection, how do you access it?

mysql_fetch_array or mysql_result

> Can't the file check somehow?

I suppose that it could, by checking the return of one of the two
functions above. Lucky for me, I always use UTF-8 so I won't get stuck
connecting with one encoding yet doing mysql_real_escape_string with
another, which would be a problem if I had to deal with multiple
encodings.

Dotan Cohen

http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

--- End Message ---

--- Begin Message ---

On Sat, January 19, 2008 12:51 pm, Per Jessen wrote:
> David Powers wrote:
>> When I subscribed to the PHP general mailing list I did not give
>> permission for this. This is an international list, and what you're
>> doing breaks EU privacy laws, and possibly those in other countries
>> too.
>
> Hmm, I'm not so sure about that.  By participating on a public mailing
> list, you accept that your postings and your email-address may be
> essentially be sent to all and sundry.

You'll also have a VERY tough time trying to ram EU privacy laws
through a non-EU court, if Dan is not in the EU...

You *know* it's an international list, so you *know* you cannot expect
your local laws to apply.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

--- End Message ---

--- Begin Message ---

Richard Lynch wrote:

> You'll also have a VERY tough time trying to ram EU privacy laws
> through a non-EU court, if Dan is not in the EU...

Forcing American law on other people of the world has not been a problem
for America, why should it be a problem for the EU? :-(

> You *know* it's an international list, so you *know* you cannot expect
> your local laws to apply.

If anything the applicable law is most probably that of the country in
which the mailserver is located (USA), but local law may perfectly well
apply to individual posters. 


/Per Jessen, Zürich

--- End Message ---

--- Begin Message --- I wrote an authentication class in php4. The sessions dont seem to be working with internet explorer, just with FF. here is the code below, a cookies notice pops up when you try and login:

<?php



class auth {

        var $UserID;
        var $AdminLevel;
        var $FirstName;
        var $LastName;
        var $DateAdded;
        var $MobileTelephone;
        var $LandLineTelephone;

    // Connect to the database
        function auth() {

mysql_connect('','','') or die('ERROR: Could not connect to database');

                mysql_select_db('') or die('ERROR: Could not select database');
        }

    // Attempt to login a user
        function CheckValidUser($Email,$Password) {
                $result = mysql_query('SELECT * FROM Users');
                $Password = $this->encode($Password);

                if (mysql_num_rows($result) != 0) {
                        while($row = mysql_fetch_assoc($result)) {
                                if (!strcmp($row['Email'],$Email)) {
                                        if 
(!strcmp($row['Password'],$Password)) {
                                                // User info stored in Globals
                                                $this->UserID = $row['ID'];
                                                $this->AdminLevel = 
$row['Admin_Level'];
                                                $this->FirstName = 
$row['First_Name'];
                                                $this->LastName = 
$row['Last_Name'];
                                                $this->DateAdded = 
$row['Date_Added'];
                                                $this->MobileTelephone = 
$row['Telephone_Mobile'];
                                                $this->LandLineTelephone = 
$row['Telephone_Land_Line'];
                                                // User info stored in Sessions
                                                session_start();
                                                $_SESSION['Status'] = 
"loggedIn";
                                                $_SESSION['Email'] = 
$row['Email'];
                                                $_SESSION['AdminLevel'] = 
$row['Admin_Level'];
                                                $_SESSION['LandLine'] = 
$row['Telephone_Land_Line'];
                                                $_SESSION['MobileTelephone'] = 
$row['Telephone_Mobile'];
                                                $_SESSION['FirstName'] = 
$row['First_Name'];
                                                $_SESSION['LastName'] = 
$row['Last_Name'];
                                                return true;
                                        }
                                }
                        }
                        header("Location: index.php?error=invalidLogin");
                } else {
                        die('ERROR: No Users in the database!');
                }
        }
        
        // Create a new user account

function CreateUser($Email, $Password, $AdminLevel, $LandLineTelephone, $MobileTelephone, $FirstName, $LastName) {

                $Password = $this->encode($Password);
                $this->AccessLevel = $AdminLevel;
                $DateAdded = date("Y-m-d H:i:s");

mysql_query("INSERT INTO Users (Email, Password, Admin_Level, Date_Added, First_Name, Last_Name, Telephone_Land_Line, Telephone_Mobile) VALUES ('$Email','$Password','$AdminLevel', '$DateAdded', '$FirstName', '$LastName', '$LandLineTelephone', '$MobileTelephone')") or die(mysql_error());

                return $this->UserID = mysql_insert_id();
    }

        // Update a users access level
        function UpdateAccessLevel($ID,$AdminLevel) {

mysql_query("UPDATE Users SET Admin_Level='$AdminLevel' WHERE ID= $ID") or die(mysql_error());

                return true;
        }

    // Delete a user
        function DeleteUser($ID) {
                mysql_query("DELETE FROM Users WHERE ID=$ID") or 
die(mysql_error());
                return true;
        }

    // Get a users access level
        function GetAccessLevel() {
                return $this->AccessLevel;
        }

    // Get a users ID
        function GetUserID() {
                return $this->UserID;
        }
        
        // Log user out
        function LogOut() {
                session_start();
                session_unset();
                session_destroy();
                header("Location: index.php");
        }
        

// Check users access level to see if they have clearance for a certain page

        function CheckUserLevel($RequiredLevel) {
                if ($_SESSION['AdminLevel'] < $RequiredLevel) {
                        if ($_SESSION['AdminLevel'] == 2) {
                                header("Location: financial.php");
                        } else if ($_SESSION['AdminLevel'] == 1) {
                                header("Location: user.php");
                        } else {
                                header("Location: index.php");
                        }
                }
        }
        
        // Check to see if a user is logged in
        function CheckLoggedIn() {
                session_start();
                if ($_SESSION['Status'] != "loggedIn") {
                        header("Location: index.php");
                }
        }

        // Private Methods
        
        function encode($str) {
                return md5(base64_encode($str));
        }
}

?>

--- End Message ---

--- Begin Message ---

On Jan 22, 2008 9:15 PM, nihilism machine <[EMAIL PROTECTED]> wrote:
> I wrote an authentication class in php4. The sessions dont seem to be
> working with internet explorer, just with FF. here is the code below,
> a cookies notice pops up when you try and login:

Hi,

I took a quick look at your code.  I haven't pin-pointed exactly what
the issue is because there is really way too much going on there.  I'd
suggest you look at your error log and see if there are any warnings.
Here is some advice:

- Having a class named "auth" is a bad idea.  Is auth authentication
or authorization?

- The auth class itself really shouldn't be directly accessing the
session or database.  You should write drivers and interfaces that
implement this functionality for you.

- Hard coding header redirects (That aren't absolute by the way) means
you have to modify your authorization class instead of behavior based
on if you log in or not.  That isn't a good idea.

By separating out concerns it will make your class a lot smaller and
easier to work with.  I realize this link I'm posting is called "auth"
too, but that wasn't my choice.  You can see that they have drivers so
that authentication itself is a generic idea and you implement it
against a specific thing such as a mysql users table or htpassword.

http://solarphp.com/package/Solar_Auth

--- End Message ---

--- Begin Message ---

On Jan 22, 2008 9:54 PM, Eric Butera <[EMAIL PROTECTED]> wrote:

> I realize this link I'm posting is called "auth"
> too, but that wasn't my choice.


that was kind of funny after your initial criticizm above, but to solars
credit,
its the auth 'package' so really the name isnt too bad, id say.


>  You can see that they have drivers so
> that authentication itself is a generic idea and you implement it
> against a specific thing such as a mysql users table or htpassword.
>

eric is totally right here; at a quick look at you code, i saw auth, ...
create user,.. database.. cookie; im thinking what exactly is going on here.
the general idea behind a class is to 'encapsulate' things that change into
a
little self-contained unit.  ideally the class doent know how the insides of
other
classes work, nor do other classes know how it works on the inside.  in
order
to realize this, you should strive for classes with a high degree of
cohesion.
http://en.wikipedia.org/wiki/Cohesion_(computer_science)
although there is no real metric for this concept, most people can grasp the
concept and have an idea when code has either a low or high degree of
cohesion.

if you want some advice on your class, i would start by breaking out the
CheckUserLevel(), and CreateUser() methods into a User class, you might
also consider a Session class.
if you want some advice on how to solve your problem here is my suggestion;
you need to isolate the behavior that is not working correctly.  this feat
becomes
difficult when you have lots of variable behaviors in one place.  break your
class
into pieces and test the pieces individually; once they all work
individually, then
they should work as a group without too much effort.  if that isnt working
(when
you get there) then the code that glues it all together is to blame.

-nathan

--- End Message ---

--- Begin Message ---

On Jan 22, 2008 6:00 PM, Leticia Larrosa <[EMAIL PROTECTED]> wrote:
>
> Thanks a lot Eric, I read those links and are really interesting.
>
> The solution of the problem was changing the "OEM character conversion"
> option of MSSql (see attached image) as Frank answer me in PHP-Windows list.
>
> Original answer of Frank:
>
> -----Original Message-----
> From: Frank M. Kromann [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 22, 2008 3:25 PM
> To: Leticia Larrosa
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP-WIN] mssql and latin characters
>
> Hi Leticia,
>
> MS SQL server comes with a set of client tools that allows you to specify
> the encoding. There is a checkbox in the Client Network Tool that allows
> you to enable/disable OEM character conversion. Flipping that for the alias
> you are using to connect to the database should fix the problem.
>
> Remember this must be done on the box where PHP is running if that's
> different from the SQL server box.
>
> - Frank
>
>
> Regards
> Leticia Larrosa
>
>
> -----Original Message-----
> From: Eric Butera [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 21, 2008 5:43 PM
> To: Leticia Larrosa
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] mssql and latin characters
>
> On Jan 20, 2008 9:53 PM, Leticia Larrosa <[EMAIL PROTECTED]> wrote:
> > Hello
> >
> >
> >
> > I have a MSSql 2000 database that have stored data with the follow special
> > characters: ó, í, Ñ, á, é, ú.
> >
> > When I see the data through any MsSql Client I see exactly those
> characters.
> >
> >
> > The Collation of database is: SQL_Latin1_General_CP1_CI_AS
> >
> > I can't change the method of insert data in database.
> >
> >
> >
> > When I get (with MSSQL PHP extension) data that have some of those
> > characters, I get weird characters instead.
> >
> >
> >
> > For example:
> >
> > A data that in database appears as "Girón" is obtained by PHP as "Gir¢n"
> >
> >
> >
> > The problem with the encoding of browser is discarded, because wherever I
> > saw the data appears with weird characters.
> >
> >
> >
> > The code I use to get the data is:
> >
> > <?php
> >
> > mssql_connect('server','user','pass');
> >
> > mssql_select_db('db');
> >
> >
> >
> > $r = mssql_query("select some_column from some_table");
> >
> > $d = mssql_fetch_assoc($r);
> >
> >
> >
> > echo $d['some_column'];
> >
> > ?>
> >
> >
> >
> > My PHP is 4.4.3, and my SO is XP.
> >
> >
> >
> > Other people ask the same as I'm and get no answer proper are:
> >
> >
> >
> <http://www.psicofxp.com/forums/desarrollo-web.264/226703-php-mssql-y-acento
> > s.html>
> >
> http://www.psicofxp.com/forums/desarrollo-web.264/226703-php-mssql-y-acentos
> > .html
> >
> >  <http://www.bdat.net/cuestiones_php/php3/0702.html>
> > http://www.bdat.net/cuestiones_php/php3/0702.html
> >
> >
> >
> <http://www.forosdelweb.com/f18/problemas-con-caracteres-especiales-acentos-
> > php-mssql-server-364345/>
> >
> http://www.forosdelweb.com/f18/problemas-con-caracteres-especiales-acentos-p
> > hp-mssql-server-364345/
> >
> >  <http://markmail.org/message/7rksvz44sj2te5sl>
> > http://markmail.org/message/7rksvz44sj2te5sl
> >
> >  <http://www.phpbuilder.com/board/archive/index.php/t-10208269.html>
> > http://www.phpbuilder.com/board/archive/index.php/t-10208269.html
> >
> >
> >
> >
> >
> > Thanks in advanced.
> >
> > Leticia Larrosa
> >
> >
> > __________________________________________
> >
> > Participe en Universidad 2008.
> > 11 al 15 de febrero del 2008.
> > Palacio de las Convenciones, Ciudad de la Habana, Cuba
> > http://www.universidad2008.cu
>
> Hi Leticia,
>
> You should be using utf-8, really.  What you're dealing with are
> encoding issues.  8bit character sets just can't hold all known
> characters, so people invented lots of them to make up for this.  See
> my links below for an in depth look.  Maybe, just maybe, we can trick
> the browser into showing your text right.  Below the header and the
> meta tag are the key parts to it.
>
> Try this:
> <?php
> header("Content-Type: text/html; charset=iso-8859-1");
> ?>
> <html>
> <head>
> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
> </head>
> <body>
> i18n ftw!
> </body>
> </html>
>
> You might also take a look at:
> http://www.microsoft.com/sql/technologies/php/default.mspx
>
> Also please read this: http://www.phpwact.org/php/i18n/charsets.
>
> And this too: http://talks.php.net/show/wereldveroverend-ffm2004
>
> Have fun!
>
>
> __________ NOD32 2808 (20080120) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>
> __________________________________________
>
> Participe en Universidad 2008.
> 11 al 15 de febrero del 2008.
> Palacio de las Convenciones, Ciudad de la Habana, Cuba
> http://www.universidad2008.cu

Thank you for posting the answer to the list for archives!

--- End Message ---

--- Begin Message --- This is a typical .NET vs. PHP interop problem, and happens because the .NET services (or clients) expect the payload to be namespace qualified as you have figured out. I too have looked into this with PHP SOAP extension, and what I gathered is that the WSDL mode implementation needs to pick the qualifying namespace and make that the default namespace of payload.

However, I could not locate the exact point in C code to fix this.

Samisa...

Michael Gross wrote:

Hi
I have a similar problem, only the other way round: the server is PHP,
the client is C#. I found that the problem is that the
  xmlns="https://api.authorize.net/soap/v1/";
in the "AuthenticateTest"-tag is needed.

I tried to modify the PHP source code, but I had no success yet (it
would be fantastic, if someone could give me a hint where the XML
representation is built).

Michael

Tim Traver wrote:

The problem that I have is that the server that I am talking to (that is not in my control), will accept the following SOAP call

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>

 <soap:Body>
   <AuthenticateTest xmlns="https://api.authorize.net/soap/v1/";>
     <merchantAuthentication>
       <name>name</name>
       <transactionKey>string</transactionKey>
     </merchantAuthentication>
   </AuthenticateTest>
 </soap:Body>
</soap:Envelope>

--- End Message ---

--- Begin Message ---

On Tue, 2008-01-22 at 16:47 -0500, Tom Ray [Lists] wrote:
>
> >   
> This is how I setup mysql:
> #upgrades: cd mysql
> tar -zxf mysql-version-x.tar.gz
> cp -R * /usr/local/mysql
> cd /usr/local/mysql
> chown -R mysql:mysql *
> scripts/mysql_install_db --user=mysql
> /usr/local/mysql/bin/mysqld_safe &
> 
> mysql starts/runs just fine. This server has been upgraded from 3.x to 
> 4.x to 5.0.45 currently. Is there something I'm missing?

Ah, I see. I install from source so don't have the same layout. Hmm, I
don't know what the problem is then :/

Cheers,
Rob.
-- 
...........................................................
SwarmBuy.com - http://www.swarmbuy.com

    Leveraging the buying power of the masses!
...........................................................

--- End Message ---

--- Begin Message ---

On Jan 22, 2008 2:40 AM, Ronald Wiplinger <[EMAIL PROTECTED]> wrote:

> What is a good tool to coordinate a team of programmers efficiently?


that is a big question, primarily because there are many facets of
 coordination with different tools to help out.
obviously version control is one of the fundamental tools of this
coordination.
it lets you do things like maintain 'versions' of your software.  there are
many
ways to leverage this concept.  development version vs production version;
customerA version vs. customerB version and so on.  there is also the nice
aspect where multiple developers can work on the same file simultaneously.
any one of the standard tools (others have already mentioned) cvs, svn, git
will have literature on basic usage of the software and the underlying
concepts.

in general though i think the question of managing efficiently is not the
greatest
perspective.  i would instead focus on managing 'effectively', see the 7
habits of
highly effective people.  and its still somewhat of an art in the end.

To give each one a different part of the project is a start, but it needs to
> get combined at some points to be a working project.


here you are getting into several potential topics as well.  so, the main
thing here
is dependencies.  say 2 developers are given a number of 'components' to
work on.
pretty simple right, look at the requirements, devA gets tasks 1-4, devB
gets tasks
5-8; no problem.  what you need to consider here are the relationships
between the
tasks, in particular, are any of tasks 5-8 dependent upon any of tasks 1-4?
if so,
then devB could end up having to wait for devA to complete a dependent task
before
progress on said dependent task is possible.
your decision here can also have an impact on the design of the software as
a whole.
see, organizing the tasks in such a way that there are no dependencies in
the tasks
devA and devB have (or next to none anyway) then you will get a high degree
of
throughput, because they can both be working on completing different
objectives
simultaneously; its sort of like threading.  i am of the opinion however,
that this can
get you some poorly designed software.  the developers may not be leveraging
the
strengths and covering the weaknesses of each other.  furthermore, its ideal
to divide
software into horizontal layers rather than vertical towers.  its more
complicated, but
you have a better product as a result.  so anyway this topic is a big
overall decision.


> Not to debug code you have written was a hint, to see actually bugs as a
> bug
> and not as a feature.


obviously you will have to debug code you write that isnt working.
generally,
functionality is perceived as 'features' near the beginning of a development
cycle,
and as 'bugs' towards the release of a development cycle.  watch out for
deeming
everything as a bug, because then youll get trapped in a horrible realm
where you
only implement functionality to fix these 'bugs'.  you should have a cycle
with well
defined phases and stick to it.  one important phase is after a major
release, you
need to go through the code, re-organize it, consolidate things and remove
the dust.
this will keep you in good shape for the next round of features (if you
perceive them
as such ;))


> Some hinted let programmer be on different places, others say put them
> together on a big table, ...


probly you should start small with everyone at the same location until you
have the
basics down.


> Where can I find more information about that subject?
>

check out the mythical man month if you get a chance.  its a short book that
is
generally considered as legendary.  its been recommended to me by 2
completely
unrelated millionaires and the dude who wrote the Solar framework;
basically, its key ;)
(but it wont help you to master any of these modern tools)

-nathan

--- End Message ---

--- Begin Message ---

On Jan 18, 2008 5:24 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:

> If you are trying to keep the names and orders in "parallel" you need
> to do something not unlike:
>
> while (list($key, $name) = each($names)){
>  $order = $orders[$key];
>  $query = "update whatever set order = $order where name = '$name'";
> }


just as a mention; spl has a DualIterator class that would be perfect for
this
situation.  i hesitate to mention it though, since ive not found it in any
php
version.  its there in the doc, but not in actual php; what a shame.
http://www.php.net/~helly/php/ext/spl/classDualIterator.html

i can only expect well see it in a subsequent version; that there is a
reason
its not yet made it..

-nathan

--- End Message ---

--- Begin Message ---

On Jan 23, 2008 12:58 AM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> On Jan 18, 2008 5:24 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:
>
> > If you are trying to keep the names and orders in "parallel" you need
> > to do something not unlike:
> >
> > while (list($key, $name) = each($names)){
> >  $order = $orders[$key];
> >  $query = "update whatever set order = $order where name = '$name'";
> > }
>
>
> just as a mention; spl has a DualIterator class that would be perfect for
> this
> situation.  i hesitate to mention it though, since ive not found it in any
> php
> version.  its there in the doc, but not in actual php; what a shame.
> http://www.php.net/~helly/php/ext/spl/classDualIterator.html
>
> i can only expect well see it in a subsequent version; that there is a
> reason
> its not yet made it..
>
> -nathan
>

Maybe someday SPL will become part of the PHP manual too. ;)

--- End Message ---

--- Begin Message ---

Hi List,

my Situation is as follows. I use on suse 10.1 apache2 and php5 as modul and 
php5 as cgi using mod_fcgid
For some tests i also want to have a php4 as second cgi
I compiled with this configure-line:

./configure --prefix=/usr/ --datadir=/usr/share/php/ --bindir=/usr/bin/ 
--libdir=/usr/share/ 
 --with-exec-dir=/usr/lib/php/bin/ \
--with-config-file-path=/etc/php4Cgi 
--with-config-file-scan-dir=/etc/php4-config 
 --enable-force-cgi-redirect --enable-memory-limit \
--enable-sigchild --enable-track-vars --enable-trans-sid --with-mysql=no 
--enable-bcmath 
 --enable-calendar --enable-ctype \
--enable-dbase --enable-exif --enable-filepro --enable-ftp 
--enable-magic-quotes 
 --enable-mbstr-enc-trans --enable-mbstring \
--enable-shmop --enable-sysvsem --enable-sysvshm --enable-wddx --with-gettext 
 --with-gmp --with-mcrypt --with-mcal=/usr/ \
--with-iconv --with-mcrypt --with-zlib --with-bz2 --with-openssl=/usr 
--with-pear 
 --with-pcre-regex --enable-suhosin \
--with-config-file-path=/etc/php4Cgi --enable-discard-path --enable-fastcgi


Compiling etc. was successful. After make i renamed sapi/cgi/php to 
php-4.4.8 and moved it to my location. In apacheconf i activated this 
php-4.4.8 to some file-extensions with AddHandler/Action
The call itself seems to work, but i get an error from php itself if i want 
to parse a phpinfo();

Warning: Unexpected character in input: '' (ASCII=27) state=1 in 
/folders/php-4.4.8 on line 3600

Warning: Unexpected character in input: '' (ASCII=8) state=1 in 
/folders/php-4.4.8 on line 3600

Warning: Unexpected character in input: '' (ASCII=3) state=1 in 
/folders/php-4.4.8 on line 3600

Warning: Unexpected character in input: ' in /folders/php-4.4.8 on line 3600

Warning: Unexpected character in input: ' in /folders/php-4.4.8 on line 3600

Warning: Unexpected character in input: ' in /folders/php-4.4.8 on line 3600

Parse error: syntax error, unexpected T_STRING in /folders/php-4.4.8 on line 
3600

But if i call this php-4.4.8 on console i can parse successful my files.
What goes wrong? I have no idea what i id not correctly.
Can anybody help please?

Thanks
Andre

--- End Message ---

--- Begin Message --- On Mon, 21 Jan 2008 17:23:34 +0100, "Daniel Brown" <[EMAIL PROTECTED]> wrote:

    The only way I can think of that would allow you to do it is to
dynamically-name the fields in the form.  By doing so, AutoComplete
won't be able to recognize the fields, and you should be in good
shape.  In the example I'm sending, keep in mind that input should
still be sanitized properly, and it's by no means as a
copy-and-paste-for-production script.

<?

session_start();

if($_POST && isset($_SESSION['target'])) {
        /*This is just here for demonstration.
        Do your processing as you'd like with the
        POST data here.  There are two methods
        shown.  Note the use of the curly brackets
        and square brackets, as well as the order
        in which they're typed.*/

        /* Method 1: for()
        for($i=0;$i<count(${$_SESSION['target']});$i++) {
                echo ${$_SESSION['target']}[$i]."<br />\n";
        }
        */

        /*Method 2: foreach()
        Further handling would be needed to make the
        variables valid, because $0, $1, $2, etc.,
        are not valid variables. Again, this is only
        for demonstration purposes.*/
        foreach(${$_SESSION['target']} as $p => $v) {
                echo $p.": ".$v."<br />\n";
        }
}

// Define the unique field name for the form, based on Epoch time.
$_SESSION['target'] = "field_".time();

// Adding the brackets after the name will print properly
// in HTML to designate the POST fields as an array.
$html_field = $_SESSION['target']."[]";

?>

<form method="post" action="<?=$_SERVER['PHP_SELF'];?>" />
        Field 1: <input type="text" name="<?=$html_field;?>" /><br />
        Field 2: <input type="text" name="<?=$html_field;?>" /><br />
        Field 3: <input type="text" name="<?=$html_field;?>" /><br />
        <input type="submit" value="Post Now" />
</form>

Thanks a lot!

I have used the method with <form autocomplete="off"> as this method works fine in the browsers I have tested: IE, FireFox and Opera.

If a more specific control over the autocomplete is needed, however, I think your method would provide an excellent solution. In my current project: The autocomplete feature is useful as long as the user works with the same set of exercises, but disturbing when they start on a new set of exercises. If an id that identifies the current set of exercises is given with the url like

http:/.../exercises.php?id=12345

this id could be used while constructing the field names according to your method. Then autocomplete would work as wanted. I will put in on the ToDo-list!

Regards,
Tor

--- End Message ---

--- Begin Message --- PHP's error handler can be set up to automatically send emails. Send them to a dedicated mailbox and then check that mailbox every day.

Miguel Guirao wrote:

Hello fellow members of this list,

There is a couple of rutinary tasks that our servers (different platforms)
perform during the night. Early during the day, we have to check that every
task was performed correctly and without errors. Actually, we do this by
hand, going first to server A (AIX platform), and verifying that the error
logs files have a size of zero (0), which means that there were no errors to
report on the logs, verify that some files have been written to a specific
directory and so on. As I told you before, this is done by hand, many ls
commands, grep’s and more’s here and there!!

On the other hand, I have to do this on a another Windows 2003 server!!

So, I’m thinking on creating a web page on PHP that performs all this tasks
for me, and my fellow co-workers. But, all my experience with PHP is about
working with data on MySQL server, wrting files to a harddisk, sending
e-mails with or without attachments and so on.

Is PHP a correct approach to solve this tedious problem?? Can I access a
servers and get the results of a ls command for instance??

Best Regards,

__________________
Miguel Guirao Aguilera, Linux+, ITIL
Sistemas de Información
Informática R8 - TELCEL
Ext. 7540

--- End Message ---

--- Begin Message ---

Hi,

I've checked all pages and downloaded the php5.2.5.release1.tar.gz (the
latest I found) but I get the same errors

httpd: Syntax error on line 484 of /private/etc/apache2/httpd.conf: Syntax
error on line 8 of /private/etc/apache2/other/entropy-php.conf: Cannot load
/usr/local/php5/libphp5.so into server: dlopen(/usr/local/php5/libphp5.so,
10): Symbol not found: _xmlTextReaderSchemaValidate\n  Referenced from:
/usr/local/php5/libphp5.so\n  Expected in: /usr/lib/libxml2.2.dylib\n

Does anyone have a working .dmg/.tar.gz for 10.5.1 Mac Intel with PDO/Mysql
working?

-thanks.

On Dec 17, 2007 1:23 PM, David Powers <[EMAIL PROTECTED]> wrote:

> Frank Arensmeier wrote:
> > When you install PHP5 with the package from entropy.ch, the new PHP5
> > will install under /usr/local/php5.
>
> The Mac package from entropy.ch is not compatible with Leopard (Mac OS X
> 10.5). Marc Liyanage is working on a Leopard-compatible version. Check
> the forum on his site for the latest details. There's an extremely long
> thread about PHP on Leopard. A command line installation is somewhere
> around page 15 of the thread.
>
> --
> David Powers
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--- End Message ---

--- Begin Message ---

Help??

I need to get the namespaces from the root node of a DomDocument..

<?xml version="1.0" ?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude";>
<para>
  <xi:include href="book.xml">
  </xi:include>
 </para>
</chapter>

I know I can retrieve the namespaceUri from the "xi:include" node using lookupNamespaceURI and ->prefix but I need to get it from where it's defined in "chapter"

but assuming the above file is:
<?xml version="1.0" ?>
<chapter xmlns:xi="http://www.w3.org/2001/XInclude";>
<a />
</chapter>

how would one retrieve xmlns:xi="http://www.w3.org/2001/XInclude";

Thanks in advance!

Nathan

--- End Message ---