php-general Digest 11 Sep 2009 07:06:57 -0000 Issue 6333
Topics (messages 297870 through 297885):
Re: Hoping for a hand with a login script
297870 by: Robert Cummings
297871 by: Bob McConnell
297872 by: Bastien Koert
297874 by: Ben Dunlap
297875 by: Ben Dunlap
297883 by: Paul M Foster
Re: Performance of while(true) loop
297873 by: Jim Lucas
Reading files in PHP 5.3.0
297876 by: Steve Brown
297880 by: Tommy Pham
Re: [Formaldehyde] The Most Basic Ajax - PHP Error Debugger
297877 by: Andrea Giammarchi
Creating alphanumeric id for a table
297878 by: aveev
297879 by: Ben Dunlap
297884 by: Bastien Koert
String scrambling
297881 by: Ron Piggott
297882 by: Eddie Drapkin
PHP configuration values
297885 by: Arno Kuhl
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Ben Dunlap wrote:
So I'm trying to set up a small website that includes a store (
www.rareintaglio.com), i have all of my HTML hammed out and now I'm working
on creating an admin login for the sites owner to input data from a back
I would really strongly advise against building your own
authentication system. I'm currently regretting the fact that I did
the same, a few years ago, for a couple of systems I still support.
There are just too many things that can go wrong, especially if you're
new to PHP and MySQL in general. Just to begin with, the code you
posted currently suffers from a really basic SQL injection
vulnerability and your database is likely be compromised within hours
of your site getting any kind of significant traffic. That's
completely distinct from the more basic syntax trouble.
Perhaps paradoxically, the more experience you gain with these things,
the less inclined you will be, most likely, to try to roll your own
AAA.
There are lots of open-source PHP frameworks out there that should be
able to take care of authentication and access-control for you --
CodeIgniter, Zend Framework, and Solar come immediately to mind as
packages that I've either heard good things about, or suspect are
solid because of the authors involved. I'm sure there are several
other good ones also.
I find the more experienced I get, the more I have to wrap/plug into
various authentication systems with custom authentication (MediaWiki,
WordPress, PHPMyAdmin, Mantis, SquirrelMail, etc, etc). In some cases
it's a straight up plugin process, in others it's wrapping with my own
AccessControls management system.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
From: Ben Dunlap
>
>> So I'm trying to set up a small website that includes a store (
>> www.rareintaglio.com), i have all of my HTML hammed out and now I'm
working
>> on creating an admin login for the sites owner to input data from a
back
>
> I would really strongly advise against building your own
> authentication system. I'm currently regretting the fact that I did
> the same, a few years ago, for a couple of systems I still support.
> There are just too many things that can go wrong, especially if you're
> new to PHP and MySQL in general. Just to begin with, the code you
> posted currently suffers from a really basic SQL injection
> vulnerability and your database is likely be compromised within hours
> of your site getting any kind of significant traffic. That's
> completely distinct from the more basic syntax trouble.
>
> Perhaps paradoxically, the more experience you gain with these things,
> the less inclined you will be, most likely, to try to roll your own
> AAA.
>
> There are lots of open-source PHP frameworks out there that should be
> able to take care of authentication and access-control for you --
> CodeIgniter, Zend Framework, and Solar come immediately to mind as
> packages that I've either heard good things about, or suspect are
> solid because of the authors involved. I'm sure there are several
> other good ones also.
>
> http://codeigniter.com/
> http://framework.zend.com/
> http://www.solarphp.com/
While I have not looked at the last two, there is one thing that bothers
me about your recommendation of codeigniter. Authentication is a basic
function that should be used for any web site with interactive features.
There is such a universal need for this function that there should be
several packages available to provide it. But I believe that telling
someone to adopt a complete portal system like CI just to get basic
authentication is gross overkill. There has to be a better way to
provide this core functionality without installing a monster package
that will be 95% superfluous to their needs.
Yes, I have installed codeigniter. I am still trying to figure out why I
would want to use it.
Bob McConnell
--- End Message ---
--- Begin Message ---
On Thu, Sep 10, 2009 at 12:21 PM, Ben Dunlap <[email protected]> wrote:
>> So I'm trying to set up a small website that includes a store (
>> www.rareintaglio.com), i have all of my HTML hammed out and now I'm working
>> on creating an admin login for the sites owner to input data from a back
simple folder protection should work well and be very simple to implement
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
> several packages available to provide it. But I believe that telling
> someone to adopt a complete portal system like CI just to get basic
> authentication is gross overkill. There has to be a better way to
> provide this core functionality without installing a monster package
> that will be 95% superfluous to their needs.
I mentioned CI because it got the second-most votes on a very popular
Stack Overflow question asking for PHP-framework recommendations. The
most-upvoted answer discussed Zend Framework, although it's hard to
tell whether it was a good review of ZF, or a negative one, on
balance:
http://stackoverflow.com/questions/2648/what-php-framework-would-you-choose-for-a-new-application-and-why
Without knowing more about the OP's requirements, it's hard to say
whether CI's other functionality would be largely superfluous. You
might be right, though, and I guess my point was just to recommend
that the OP look at existing, mature, free, open-source solutions
before possibly reinventing the wheel.
I would recommend this to anyone looking to build any sort of web app.
Could be that nothing out there will end up serving your purposes, but
just the experience of looking at existing frameworks, seeing how
they're structured, reviewing some of their code, etc., is still
likely to be valuable.
Ben
--- End Message ---
--- Begin Message ---
> I would recommend this to anyone looking to build any sort of web app.
> Could be that nothing out there will end up serving your purposes, but
... and, on further investigation, it looks like CI, surprisingly
enough, doesn't actually have pre-built authentication and access
control (although it does do session management). Solar and ZF do seem
to have their own auth/access-control, though.
Ben
--- End Message ---
--- Begin Message ---
On Thu, Sep 10, 2009 at 01:00:19PM -0400, Bob McConnell wrote:
> From: Ben Dunlap
<snip>
> >
> > http://codeigniter.com/
> > http://framework.zend.com/
> > http://www.solarphp.com/
>
> While I have not looked at the last two, there is one thing that bothers
> me about your recommendation of codeigniter. Authentication is a basic
> function that should be used for any web site with interactive features.
> There is such a universal need for this function that there should be
> several packages available to provide it. But I believe that telling
> someone to adopt a complete portal system like CI just to get basic
> authentication is gross overkill. There has to be a better way to
> provide this core functionality without installing a monster package
> that will be 95% superfluous to their needs.
>
> Yes, I have installed codeigniter. I am still trying to figure out why I
> would want to use it.
Moreover, I'm using CI right now, and as far as I know, it does *no*
user authentication. I had to write my own routines, using their session
class to save the user data.
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
APseudoUtopia wrote:
> Hey list,
>
> I have a php cli script that listens on a UDP socket and, when data is
> sent to the socket, the script inserts it into a database. I'm using
> the real BSD socket functions, not fsock.
>
> The script runs socket_create(), then socket_bind(). Then it starts a
> while(TRUE) loop. Within the loop, it runs socket_recvfrom(). I have
> it running 24/7 inside a screen window.
>
> I'm curious as to the cpu/memory/etc usage of a while(true) loop. The
> `top` command shows that the process is in the sbwait state (the OS is
> FreeBSD). I'm contemplating adding a usleep or even a sleep inside to
> loop. Would this be beneficial? I'm not too sure of how the internals
> of PHP work in terms of loops and such.
>
> Thanks.
>
Here is something I wrote a few years ago. I still have this running on
my system today...
#!/usr/local/bin/php -q
<?php
error_reporting(E_ALL);
ini_set('display_errors', 'On');
// Set time limit to indefinite execution
set_time_limit(0);
// Set the ip and port we will listen on
define('LISTEN_IP', 'x.x.x.x'); // IP to listin on
define('LISTEN_PORT', 28000); // Port number to listen on
define('PACKET_SIZE', 512); // 512 bytes
define('SOCKET_TIMOUT', 2); // In Seconds
/* Open a server socket to port 1234 on localhost */
if ( $socket = @stream_socket_server('udp://'.LISTEN_IP.':'.LISTEN_PORT,
$errno, $errstr, STREAM_SERVER_BIND) ) {
echo "Running!!!\n";
while ( true ) {
// Output something to the screen to indicate that it is running
echo '.';
/* Get the exact same packet again, but remove it from the buffer
* this time.
*/
$buff = stream_socket_recvfrom($socket, PACKET_SIZE, 0, $remote_ip);
# Checking to see if someone is sending an invalid packet to my
# server
# Minimum packet size is 4 bytes
if ( strlen($buff) <= 4 ) {
continue;
}
print_r($buff);
}
fclose($socket);
}
echo "Done!!!\n";
###################END
Until recently, I was using screen also, but I have now switched over to
a new start/stop script. I run OpenBSD 4.3 & 4.5 on most of my boxes.
Once configured, this shell script can start/stop/status the given process.
I have been told that this does not start a /true/ daemon. But for me
it is close enough.
change the 4 variables at the top, just under the set -e line, and you
should have it.
Let me know if you have any problems.
#! /bin/ksh
#
# tms_daemon
#
# Starts a listening daemon that acts as a Tribes Master Server
#
# Author: Jim Lucas <[email protected]>
#
# Version: 0.0.1
#
set -e
DESC="Name of service"
DAEMON=/path/to/file.php
PIDFILE=/var/run/<NAME>.pid
SCRIPTNAME=tms_daemon
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
#
# Function that starts the daemon/service.
#
d_start() {
if [ -f $PIDFILE ]; then
echo "$DESC already running: PID# `cat $PIDFILE`"
exit 1
else
echo -n "Starting $DESC"
nohup $DAEMON 2>&1 1>/dev/null &
sleep 0.5
ps aux | grep $DAEMON | grep -v grep | awk -F' ' '{print $2} ' >
$PIDFILE
echo ". [`cat $PIDFILE`]"
fi
}
#
# Function that stops the daemon/service.
#
d_stop() {
if [ -f $PIDFILE ]; then
echo -n "Stopping $DESC"
kill `cat $PIDFILE`
rm $PIDFILE
echo "."
else
echo "$DESC is not running"
exit 1
fi
}
case "$1" in
start)
d_start
;;
stop)
d_stop
;;
status)
if [ -f $PIDFILE ]; then
echo "$DESC is running: PID# `cat $PIDFILE`"
else
echo "$DESC is not running"
fi
;;
cleanup)
PID="`ps aux | grep $DAEMON | grep -v grep | awk -F' ' '{print $2}'`"
kill $PID
rm $PIDFILE
;;
restart|force-reload)
d_stop
sleep 0.5
d_start
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
##############END
Jim Lucas
--- End Message ---
--- Begin Message ---
I've been beating my head against a wall all day and can't figure this
one out. The code below worked perfectly in PHP5.2.4. However, I
recently upgraded to PHP5.3.0 and this code no longer works.
The function below accepts the path to a text file containing headers
from a cUrl session (example attached). Basically this function opens
to log file, looks for certain headers and captures some information
from that line. When called on the attached file (or any log file for
that matter), the following is output:
array(2) {
["ResponseCode"]=>
NULL
["ErrorMessage"]=>
NULL
}
Which means that nothing is getting read from the file.
Now, I'm going to qualify all of this by saying I'm running OSX Snow
Leopard, so I'm fully prepared to believe that Apple fucked something
up in it, as they have done to third party packages on other occasions
in the past. Well... to be fair, they don't usually fuck up third
party packages, rather they introduce "enhancements" to the OS that
prevents certain packages from working correctly and could care less
that they broke it.
So did anything change in PHP5.3.0 that would preclude the code below
from working? Am I going crazy? Or did Apple f...@# something up in
this release?
Thanks,
Steve
BEGIN CODE
==========
function parseResponseHeaders($header_file) {
$http_found = $error_found = false;
$http_reponse = $error_message = NULL;
$response = array();
$response['ResponseCode'] = NULL;
$response['ErrorMessage'] = NULL;
if (!is_file($header_file) || !is_readable($header_file)) {
return $response;
}
$fin = fopen($header_file, 'r');
while ($line = fgets($fin)) {
var_dump($line);
if (substr($line, 0, 4) == 'HTTP') {
$line_explode = explode(' ', $line);
$response['ResponseCode'] = preg_replace('/\D/', '',
$line_explode[1]);
if ($response['ResponseCode'] != 100) {
$http_found = true;
}
}
if (substr($line, 0, 16) == 'X-Error-Message:') {
$line_explode = explode(' ', $line);
array_shift($line_explode);
$response['ErrorMessage'] = join(' ', $line_explode);
$error_found = true;
}
}
fclose($fin);
var_dump($response);
return $response;
}
HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Date: Thu, 10 Sep 2009 20:57:43 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 PHP/5.2.8
X-Powered-By: PHP/5.2.8
Vary: Accept-Encoding
Content-Length: 1630
Content-Type: text/html
--- End Message ---
--- Begin Message ---
--- On Thu, 9/10/09, Steve Brown <[email protected]> wrote:
> From: Steve Brown <[email protected]>
> Subject: [PHP] Reading files in PHP 5.3.0
> To: [email protected]
> Date: Thursday, September 10, 2009, 4:13 PM
> I've been beating my head against a
> wall all day and can't figure this
> one out. The code below worked perfectly in
> PHP5.2.4. However, I
> recently upgraded to PHP5.3.0 and this code no longer
> works.
>
> The function below accepts the path to a text file
> containing headers
> from a cUrl session (example attached). Basically
> this function opens
> to log file, looks for certain headers and captures some
> information
> from that line. When called on the attached file (or
> any log file for
> that matter), the following is output:
>
> array(2) {
> ["ResponseCode"]=>
> NULL
> ["ErrorMessage"]=>
> NULL
> }
>
> Which means that nothing is getting read from the file.
>
> Now, I'm going to qualify all of this by saying I'm running
> OSX Snow
> Leopard, so I'm fully prepared to believe that Apple fucked
> something
> up in it, as they have done to third party packages on
> other occasions
> in the past. Well... to be fair, they don't usually
> fuck up third
> party packages, rather they introduce "enhancements" to the
> OS that
> prevents certain packages from working correctly and could
> care less
> that they broke it.
>
> So did anything change in PHP5.3.0 that would preclude the
> code below
> from working? Am I going crazy? Or did Apple
> f...@# something up in
> this release?
>
> Thanks,
> Steve
>
> BEGIN CODE
> ==========
> function parseResponseHeaders($header_file) {
> $http_found = $error_found = false;
> $http_reponse = $error_message = NULL;
>
> $response = array();
> $response['ResponseCode'] = NULL;
> $response['ErrorMessage'] = NULL;
>
> if (!is_file($header_file) ||
> !is_readable($header_file)) {
> return $response;
> }
>
> $fin = fopen($header_file, 'r');
> while ($line = fgets($fin)) {
> var_dump($line);
>
What does var_dump($line); tell you?
Regards,
Tommy
> if (substr($line, 0,
> 4) == 'HTTP') {
>
> $line_explode = explode(' ', $line);
>
> $response['ResponseCode'] = preg_replace('/\D/', '',
> $line_explode[1]);
> if
> ($response['ResponseCode'] != 100) {
>
> $http_found = true;
> }
> }
>
> if (substr($line, 0,
> 16) == 'X-Error-Message:') {
>
> $line_explode = explode(' ', $line);
>
> array_shift($line_explode);
>
> $response['ErrorMessage'] = join(' ', $line_explode);
>
> $error_found = true;
> }
> }
> fclose($fin);
>
> var_dump($response);
> return $response;
> }
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Being something nobody thought before I was expecting some comment ... zero
Ajax developers here?
Anyway, to make things even more simple I have released the Zero Config client
side file, which works with most known browsers, IE included, and it does not
require a single change in existent code, libraries included.
Enjoy (if any) http://code.google.com/p/formaldehyde/
From: [email protected]
To: [email protected]
Subject: [Formaldehyde] The Most Basic Ajax - PHP Error Debugger
Date: Sat, 5 Sep 2009 19:41:53 +0200
Hi everybody,
I'd love to receive your feedback about my last zero dependencies, easily
integrable, scalable, fast, lightweight, etc etc Ajax / PHP debugger.
The project has Mit Style License and it is hosted in Google Code:
http://code.google.com/p/formaldehyde/
While this is my blog announcement:
http://webreflection.blogspot.com/2009/09/formaldehyde-ajax-php-error-debugger.html
I hope you'll appreciate the code, the concept, and the simplicity, but here I
am to know your concerns, or generally speaking, your opinion.
Best Regards,
Andrea Giammarchi
With Windows Live, you can organize, edit, and share your photos.
_________________________________________________________________
Share your memories online with anyone you want.
http://www.microsoft.com/middleeast/windows/windowslive/products/photos-share.aspx?tab=1
--- End Message ---
--- Begin Message ---
I want to create user generated id like this :
AAA0001
AAA0002
...
AAA0009
AAA0010
where the id consists of 3 alphanumeric characters and 4 numerical digits in
the beginning (for numerical digit, it can grow like this AAA10001). I try
to use php script to generate id like this, where I use the following
script.
<?
function generate_id($num) {
$start_dig = 4;
$num_dig = strlen($num);
$id = $num;
if($num_dig <= $start_dig) {
$num_zero = $start_dig - $num_dig;
for($i=0;$i< $num_zero; $i++) {
$id = '0' . $id;
}
}
$id = 'AAA' . $id;
return $id;
}
$app_id = generate_id(1);
?>
I assume that I can get increment value/sequence from db (I used harcoded
increment value in the code above (generate_id(1))),
but I don't know how I can get this incremental value from db.I use mysql
5.0.
Or has anyone had another solution to create this alphanumeric id ?
Any help would be much appreciated
Thanks
--
View this message in context:
http://www.nabble.com/Creating-alphanumeric-id-for-a-table-tp25391939p25391939.html
Sent from the PHP - General mailing list archive at Nabble.com.
--- End Message ---
--- Begin Message ---
> I assume that I can get increment value/sequence from db (I used harcoded
> increment value in the code above (generate_id(1))),
> but I don't know how I can get this incremental value from db.I use mysql
> 5.0.
If you're thinking of retrieving the newest value of an AUTO_INCREMENT
column, immediately after inserting a row, there are different ways to
do this depending on how you're connecting to MySQL.
PDO, for example, has a method called lastInsertId():
http://us2.php.net/manual/en/pdo.lastinsertid.php
And the mysql_* family of functions has mysql_insert_id(), etc.
Ben
--- End Message ---
--- Begin Message ---
Note that this approach has risks around race conditions. Anytime you
have a construct for the id you run the risk of having it create
duplicate ids. You will need to handle that.
Bastien
Sent from my iPod
On Sep 10, 2009, at 6:49 PM, Ben Dunlap <[email protected]>
wrote:
I assume that I can get increment value/sequence from db (I used
harcoded
increment value in the code above (generate_id(1))),
but I don't know how I can get this incremental value from db.I use
mysql
5.0.
If you're thinking of retrieving the newest value of an AUTO_INCREMENT
column, immediately after inserting a row, there are different ways to
do this depending on how you're connecting to MySQL.
PDO, for example, has a method called lastInsertId():
http://us2.php.net/manual/en/pdo.lastinsertid.php
And the mysql_* family of functions has mysql_insert_id(), etc.
Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
Is there a function in PHP which scrambles strings?
Example:
$string = "Hello";
Output might be: ehlol
Ron
--- End Message ---
--- Begin Message ---
On Thu, Sep 10, 2009 at 8:57 PM, Ron Piggott <[email protected]> wrote:
> Is there a function in PHP which scrambles strings?
>
> Example:
>
> $string = "Hello";
>
> Output might be: ehlol
>
> Ron
http://www.php.net/manual/en/function.str-shuffle.php
--- End Message ---
--- Begin Message ---
I'm having some problems with the way my service provider is implementing
FastCGI. My tests show that local configuration values are no longer used,
even though those are the values reported by php when the script queries a
setting (e.g. register_globals). In fact all settings done by script or in
.htaccess are ignored, though reported to be in effect by php. I seem to
remember seeing somewhere that local values are supposed to override master
values but I can't find the reference right now. Can anyone please tell me
how local vs. master values are supposed to work, or point me to a
definitive reference.
Cheers
Arno
--- End Message ---
