php-general Digest 9 Nov 2010 02:39:35 -0000 Issue 7028
Topics (messages 309369 through 309388):
Re: simple photo gallery
309369 by: Tommy Pham
309387 by: Tom Sparks
Re: ignore_repeated_errors has no effect
309370 by: Tommy Pham
309372 by: Tommy Pham
Re: Is session_start() using encrypted cookies with HTTPS
309371 by: Tommy Pham
309373 by: Adam Richardson
309375 by: Bastien
Re: Newbie looking for a project
309374 by: Daniel P. Brown
Template engines
309376 by: Hansen, Mike
309377 by: Daniel P. Brown
309378 by: Steve Staples
309379 by: Robert Cummings
309380 by: Michael Shadle
309381 by: Bastien
309382 by: Robert Cummings
309383 by: Peter Lind
309384 by: Michael Shadle
309386 by: knl.bitflop.com
309388 by: David McGlone
Vermis The Issue Tracking System
309385 by: Lukasz Cepowski
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
> -----Original Message-----
> From: Ashley Sheridan [mailto:[email protected]]
> Sent: Sunday, November 07, 2010 2:55 AM
> To: Tom Sparks
> Cc: [email protected]
> Subject: Re: [PHP] simple photo gallery
>
> On Sun, 2010-11-07 at 02:31 -0800, Tom Sparks wrote:
>
> > I am looking for a simple photo gallery like this
> http://www.lavrsen.dk/webcam/cam1/movecam.php
> >
> > I want to use it in place of apache autoindex
> >
> >
> > tom_a_sparks
> > "It's a nerdy thing I like to do"
> >
> >
> >
> >
>
> Erm, is there a question in there?
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
I think Tom is look a very basic photo gallery like the link. However, the
link just shows updated pictures from a webcam. Tom, is that you want?
Looking for something that will get pictures periodically from your cam (either
web or cctv) and post online? Or looking for a more useful (read robust) photo
gallery where you can have multiple albums - the albums can be protected via
invite only - or the have ability to send the digital copy to a photo studio
for a hard copy? The photo gallery can have other features such as slideshow,
purchase & download, etc... And the gallery can also take pictures from your
web cam also...?
Regards,
Tommy
--- End Message ---
--- Begin Message ---
--- On Mon, 8/11/10, Tommy Pham <[email protected]> wrote:
> From: Tommy Pham <[email protected]>
> Subject: RE: [PHP] simple photo gallery
> To: [email protected], "'Tom Sparks'" <[email protected]>
> Cc: [email protected]
> Received: Monday, 8 November, 2010, 11:11 PM
> > -----Original Message-----
> > From: Ashley Sheridan [mailto:[email protected]]
> > Sent: Sunday, November 07, 2010 2:55 AM
> > To: Tom Sparks
> > Cc: [email protected]
> > Subject: Re: [PHP] simple photo gallery
> >
> > On Sun, 2010-11-07 at 02:31 -0800, Tom Sparks wrote:
> >
> > > I am looking for a simple photo gallery like
> this
> > http://www.lavrsen.dk/webcam/cam1/movecam.php
> > >
> > > I want to use it in place of apache autoindex
> > >
> > >
> > > tom_a_sparks
> > > "It's a nerdy thing I like to do"
> > >
> > >
> > >
> > >
> >
> > Erm, is there a question in there?
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
>
> I think Tom is look a very basic photo gallery like the
> link. However, the link just shows updated pictures
> from a webcam. Tom, is that you want?
not the webcamera part, the gallery layout well be following the Design rule
for Camera File system, and it well be run on a network camera (with hard drive)
> Looking
> for something that will get pictures periodically from your
> cam (either web or cctv) and post online?
no
> Or looking
> for a more useful (read robust) photo gallery where you can
> have multiple albums - the albums can be protected via
> invite only - or the have ability to send the digital copy
> to a photo studio for a hard copy? The photo gallery
> can have other features such as slideshow, purchase &
> download, etc... And the gallery can also take
> pictures from your web cam also...?
I am going to be using gallery2 for my website, but this is for my custom made
elphel camera
>
> Regards,
> Tommy
tom_a_sparks
"It's a nerdy thing I like to do"
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf
> Of Simon Marchi
> Sent: Sunday, November 07, 2010 8:45 AM
> To: Andre Polykanine; [email protected]
> Subject: Re: [PHP] ignore_repeated_errors has no effect
>
> Hi,
>
> Just a precision, I don't want to modify the user's code, I would like to
> configure my server properly so it does not happen again even if another
> user makes a similar mistake.
>
> Thanks,
>
> Simon
Simon,
This I find next to impossible to achieve. As I figure it like this,
imagine that your server is a perfectly fine tuned sports car. The driver
(the user and his/her app) is an experienced, lack of racing training, or
doesn't understand the concept of racing and decides to push the car to
limit. I'd say that the car will break down or end up in a big crash 99.9%
of the time. Thus, if wish you to maintain high availability as a
provider, I strongly suggest you to inform the user to fix his/her app. As
for changing that setting of ignore repeated errors, you're just letting
buggy apps slide by, which can be both a stability and security issue, IMHO.
Regards,
Tommy
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Tommy Pham [mailto:[email protected]]
> Sent: Monday, November 08, 2010 4:25 AM
> To: 'Simon Marchi'; 'Andre Polykanine'; '[email protected]'
> Subject: RE: [PHP] ignore_repeated_errors has no effect
>
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]] On Behalf
> Of
> > Simon Marchi
> > Sent: Sunday, November 07, 2010 8:45 AM
> > To: Andre Polykanine; [email protected]
> > Subject: Re: [PHP] ignore_repeated_errors has no effect
> >
> > Hi,
> >
> > Just a precision, I don't want to modify the user's code, I would like
> > to configure my server properly so it does not happen again even if
> > another user makes a similar mistake.
> >
> > Thanks,
> >
> > Simon
>
> Simon,
>
> This I find next to impossible to achieve. As I figure it like this,
imagine that
> your server is a perfectly fine tuned sports car. The driver (the user
and
> his/her app) is an experienced, lack of racing training, or doesn't
understand
> the concept of racing and decides to push the car to limit. I'd say that
the car
> will break down or end up in a big crash 99.9% of the time. Thus, if
wish you
> to maintain high availability as a provider, I strongly suggest you to
inform
> the user to fix his/her app. As for changing that setting of ignore
repeated
> errors, you're just letting buggy apps slide by, which can be both a
stability
> and security issue, IMHO.
>
> Regards,
> Tommy
Sorry, that above should read as 'inexperienced' instead of 'experience'...
I've been up late too long :p
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Adam Richardson [mailto:[email protected]]
> Sent: Sunday, November 07, 2010 2:22 PM
> To: PHP-General
> Subject: Re: [PHP] Is session_start() using encrypted cookies with HTTPS
>
> On Sun, Nov 7, 2010 at 2:39 PM, Yannick Warnier
> <[email protected]>wrote:
>
> > Hi all,
> >
> > It came to my attention through the Netcraft newsletter[1] that
> > cookies in a web application are not always sent encrypted when a
> > server is contacted through HTTPS.
> >
>
> Not quite. Requests and responses over HTTPS are encrypted, including the
> cookie header. However, in the resource you cited, there were security
> issues because auth cookies were sent even over standard requests. The
> browser has to be told (through the flag) that the cookie should only be
sent
> on encrypted requests.
>
>
> >
> > Would someone know the internals of that function and whether there is
> > a way to force it to secure=true when the connection is made through
> > HTTPS? Or maybe my question doesn't make sense because I am missing
> > the point on how it works?
> >
>
> Call this function with the appropriate settings before you call
> session_start() (or make some changes to php.ini):
> http://php.net/manual/en/function.session-set-cookie-params.php
>
>
> >
> > I develop an open-source application which can be used through both
> > HTTP and HTTPS, so I'm a bit worried about not having this question
> > answered in the doc for session_start().
> >
>
> Perhaps a link could be added to the documentation, although the function
> session_set_cookie_params() does appear in the secondary navigation in
> the left column, and not all sessions use cookies.
>
>
> >
> > Thanks,
> >
> > Yannick Warnier
> >
> > [1]
> >
> > http://news.netcraft.com/archives/2010/11/03/github-moves-to-ssl-but-r
> > emains-firesheepable.html
> > [2] http://www.php.net/setcookie
> > [3] http://www.php.net/session-start
> >
>
> Hope this helps,
>
> Adam
>
> --
> Nephtali: PHP web framework that functions beautifully
> http://nephtaliproject.com
Couldn't Yannick also use $_SERVER['HTTPS'] and take action for the session
and cookies accordingly?
Regards,
Tommy
--- End Message ---
--- Begin Message ---
>
> Couldn't Yannick also use $_SERVER['HTTPS'] and take action for the
> session
> and cookies accordingly?
>
> Regards,
> Tommy
Not to my understanding.
When a visitor makes a request, the browser must determine which cookies are
appropriate for transmitting in the request. By the time PHP processes the
request, it's too late if a packet sniffer has intercepted an unencrypted
request. Even if you carefully use $_SERVER['HTTP'] to manually set up
session tracking with your own cookie, subsequent unencrypted requests would
be vulnerable without the flag.
The secure flag for cookies is precisely for situations where you want to
help the browser understand that a particular cookie should be protected.
However, people can run into trouble by assuming that this automatically
means that a cookie is only transmitted over HTTPS requests. For most
browsers, this is the default behavior, but the RFC isn't as demanding as
one might expect:
http://www.ietf.org/rfc/rfc2965.txt
===================================
Secure
OPTIONAL.
The Secure attribute (with no value) directs the user
agent to use only (unspecified) secure means to contact the origin
server whenever it sends back this cookie, to protect the
confidentially and authenticity of the information in the cookie.
*The user agent (possibly with user interaction) MAY determine what
level of security it considers appropriate for "secure" cookies
[emphasis added]*. The Secure attribute should be considered security
advice from the server to the user agent, indicating that it is in the
session's interest to protect the cookie contents. When it sends a
"secure" cookie back to a server, *the user agent SHOULD use no less
than the same level of security as was used when it received the
cookie from the server [emphasis added]*.
=========================================
So, use the flag, but remember it's not a fix-all.
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
On 2010-11-08, at 9:58 AM, Adam Richardson <[email protected]> wrote:
>>
>> Couldn't Yannick also use $_SERVER['HTTPS'] and take action for the
>> session
>> and cookies accordingly?
>>
>> Regards,
>> Tommy
>
>
> Not to my understanding.
>
> When a visitor makes a request, the browser must determine which cookies are
> appropriate for transmitting in the request. By the time PHP processes the
> request, it's too late if a packet sniffer has intercepted an unencrypted
> request. Even if you carefully use $_SERVER['HTTP'] to manually set up
> session tracking with your own cookie, subsequent unencrypted requests would
> be vulnerable without the flag.
>
> The secure flag for cookies is precisely for situations where you want to
> help the browser understand that a particular cookie should be protected.
> However, people can run into trouble by assuming that this automatically
> means that a cookie is only transmitted over HTTPS requests. For most
> browsers, this is the default behavior, but the RFC isn't as demanding as
> one might expect:
>
> http://www.ietf.org/rfc/rfc2965.txt
>
> ===================================
>
> Secure
>
> OPTIONAL.
>
> The Secure attribute (with no value) directs the user
> agent to use only (unspecified) secure means to contact the origin
> server whenever it sends back this cookie, to protect the
> confidentially and authenticity of the information in the cookie.
> *The user agent (possibly with user interaction) MAY determine what
> level of security it considers appropriate for "secure" cookies
> [emphasis added]*. The Secure attribute should be considered security
> advice from the server to the user agent, indicating that it is in the
> session's interest to protect the cookie contents. When it sends a
> "secure" cookie back to a server, *the user agent SHOULD use no less
> than the same level of security as was used when it received the
> cookie from the server [emphasis added]*.
>
> =========================================
>
> So, use the flag, but remember it's not a fix-all.
>
> Adam
>
> --
> Nephtali: PHP web framework that functions beautifully
> http://nephtaliproject.com
If the cookie needs to be encrypted, why not just encrypt it and worry less
about the transport layer? Or just down one hash value id cookie and pull back
the secure data for action just on the server?
Bastien
--- End Message ---
--- Begin Message ---
On Mon, Nov 8, 2010 at 06:29, Ashim Kapoor <[email protected]> wrote:
>
> Writing apps on my own is fun but it's fruit is only for me to benefit
> from,but yes if nothing else I should do that.
Not at all, many others can benefit from it as well. Tedd's
examples have been referenced on this list many times, and you can see
them yourself:
http://www.php1.net/
Just because you're developing the code to learn for yourself
doesn't mean you can't put it in the public domain for others to do
the same.
--
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
I really like the idea of using a templating engine. Which one do you use? Why?
For those that don't use templating engines, why don't you use them?
--- End Message ---
--- Begin Message ---
On Mon, Nov 8, 2010 at 16:41, Hansen, Mike <[email protected]> wrote:
> I really like the idea of using a templating engine. Which one do you use?
> Why? For those that don't use templating engines, why don't you use them?
I chose to write two of my own over the years: one procedural, one
OOP. That said, the most common is likely still to be Smarty, and by
far.
--
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
On Mon, 2010-11-08 at 14:41 -0700, Hansen, Mike wrote:
> I really like the idea of using a templating engine. Which one do you use?
> Why? For those that don't use templating engines, why don't you use them?
>
>
for the longest time, i didn't know about them, and was breaking in and
out of php, as well as didn't use ANY classes... then i was starting to
play with phpbb, and found out a little about templates... so i
"borrowed" the template engine from them for a personal project... and
was pretty impressed.
then shortly after that, i got a job with a company who used smarty
templates... and was VERY impressed with them :) ever since then, i've
been using smarty, and have been very happy since.
I dont know of any others out there, but that is mostly becuase i am
content with what smarty does for me (and prolly becuase i am too lazy
to change now ;) )
all of my projects now consist of smarty, pear mdb2, phpmailer, jquery,
fpdf (if needed), and pchart (again, if needed). these are my personal
choices, and I have been happy with them so far ;)
Steve
--- End Message ---
--- Begin Message ---
On 10-11-08 04:51 PM, Steve Staples wrote:
all of my projects now consist of smarty, pear mdb2, phpmailer, jquery,
fpdf (if needed), and pchart (again, if needed). these are my personal
choices, and I have been happy with them so far ;)
pchart... *shudder*.
I recently had to add support for variable line types (dots, dashes,
combinations thereof)... I did a beautiful hackjob *lol*.
Interesting to see others use it... the project seems to be dead.
Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
--- End Message ---
--- Begin Message ---
On Mon, Nov 8, 2010 at 1:41 PM, Hansen, Mike <[email protected]> wrote:
> I really like the idea of using a templating engine. Which one do you use?
> Why? For those that don't use templating engines, why don't you use them?
smarty is everyone's favorite usually but i find it a bit annoying.
not to mention php itself is already a templating language... the only
benefit is trying to separate content and presentation.
however, for that to happen people create DSLs for templating that all
have their own little syntaxes and glitches and annoyances.
--- End Message ---
--- Begin Message ---
On Mon, Nov 8, 2010 at 4:58 PM, Robert Cummings <[email protected]> wrote:
> On 10-11-08 04:51 PM, Steve Staples wrote:
>>
>> all of my projects now consist of smarty, pear mdb2, phpmailer, jquery,
>> fpdf (if needed), and pchart (again, if needed). these are my personal
>> choices, and I have been happy with them so far ;)
>
> pchart... *shudder*.
>
> I recently had to add support for variable line types (dots, dashes,
> combinations thereof)... I did a beautiful hackjob *lol*.
>
> Interesting to see others use it... the project seems to be dead.
>
> Cheers,
> Rob.
> --
> E-Mail Disclaimer: Information contained in this message and any
> attached documents is considered confidential and legally protected.
> This message is intended solely for the addressee(s). Disclosure,
> copying, and distribution are prohibited unless authorized.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
We are using some flex components for charting. Very cool with lots of
flexibility. Just pass in xml datasets
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
On 10-11-08 05:02 PM, Bastien Koert wrote:
On Mon, Nov 8, 2010 at 4:58 PM, Robert Cummings<[email protected]> wrote:
On 10-11-08 04:51 PM, Steve Staples wrote:
all of my projects now consist of smarty, pear mdb2, phpmailer, jquery,
fpdf (if needed), and pchart (again, if needed). these are my personal
choices, and I have been happy with them so far ;)
pchart... *shudder*.
I recently had to add support for variable line types (dots, dashes,
combinations thereof)... I did a beautiful hackjob *lol*.
Interesting to see others use it... the project seems to be dead.
We are using some flex components for charting. Very cool with lots of
flexibility. Just pass in xml datasets
There was a sans flash requirement :)
Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
--- End Message ---
--- Begin Message ---
On 8 November 2010 22:59, Michael Shadle <[email protected]> wrote:
> On Mon, Nov 8, 2010 at 1:41 PM, Hansen, Mike <[email protected]> wrote:
>> I really like the idea of using a templating engine. Which one do you use?
>> Why? For those that don't use templating engines, why don't you use them?
>
> smarty is everyone's favorite usually but i find it a bit annoying.
>
> not to mention php itself is already a templating language... the only
> benefit is trying to separate content and presentation.
>
> however, for that to happen people create DSLs for templating that all
> have their own little syntaxes and glitches and annoyances.
>
PHPTal is an alternative to smarty: http://phptal.org/ - it's got a
nice syntax, I find.
However, whether one should bother with a templating system like
smarty or phptal very much depends upon how intricate your front-end
system needs to be and what it needs to do. For smaller projects.
smarty or phptal will get in the way and will likely get very
annoying. For bigger projects they can be of great use.
Regards
Peter
--
<hype>
WWW: plphp.dk / plind.dk
LinkedIn: plind
BeWelcome/Couchsurfing: Fake51
Twitter: kafe15
</hype>
--- End Message ---
--- Begin Message ---
i would point someone in the direction of XHP too if they really wanted to
https://github.com/facebook/xhp/wiki/
On Mon, Nov 8, 2010 at 2:10 PM, Peter Lind <[email protected]> wrote:
> On 8 November 2010 22:59, Michael Shadle <[email protected]> wrote:
>> On Mon, Nov 8, 2010 at 1:41 PM, Hansen, Mike <[email protected]> wrote:
>>> I really like the idea of using a templating engine. Which one do you use?
>>> Why? For those that don't use templating engines, why don't you use them?
>>
>> smarty is everyone's favorite usually but i find it a bit annoying.
>>
>> not to mention php itself is already a templating language... the only
>> benefit is trying to separate content and presentation.
>>
>> however, for that to happen people create DSLs for templating that all
>> have their own little syntaxes and glitches and annoyances.
>>
>
> PHPTal is an alternative to smarty: http://phptal.org/ - it's got a
> nice syntax, I find.
>
> However, whether one should bother with a templating system like
> smarty or phptal very much depends upon how intricate your front-end
> system needs to be and what it needs to do. For smaller projects.
> smarty or phptal will get in the way and will likely get very
> annoying. For bigger projects they can be of great use.
>
> Regards
> Peter
>
> --
> <hype>
> WWW: plphp.dk / plind.dk
> LinkedIn: plind
> BeWelcome/Couchsurfing: Fake51
> Twitter: kafe15
> </hype>
>
--- End Message ---
--- Begin Message ---
On Mon, 8 Nov 2010 14:41:12 -0700
"Hansen, Mike" <[email protected]> wrote:
> I really like the idea of using a templating engine. Which one do you
> use? Why? For those that don't use templating engines, why don't you
> use them?
PHP is in itself a template language and I find that the template
engines just get in the way.
Why learn a template language when you can just concentrate on PHP?
Also you can easily become dependable on a third party template system
which needs to be upgraded. You never know when such an upgrade is
necessary for your system and when it might break something.
I always use homemade template systems and try to keep things very
simple. If designers are working on the project as well they almost
always benefit from a little insight into PHP rather than having to
learn some template language they can't use for anything else.
IMHO - If you have to jump in and out of HTML and template syntax you
might as well jump in and out of HTML and PHP.
---
Mange venlige hilsner/Best regards
Kim N. Lesmer
Programmer/Unix systemadministrator
Web : www.bitflop.com
E-mail : [email protected]
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
On Mon, 2010-11-08 at 16:51 -0500, Steve Staples wrote:
> On Mon, 2010-11-08 at 14:41 -0700, Hansen, Mike wrote:
> > I really like the idea of using a templating engine. Which one do you use?
> > Why? For those that don't use templating engines, why don't you use them?
> >
> >
>
> for the longest time, i didn't know about them, and was breaking in and
> out of php, as well as didn't use ANY classes... then i was starting to
> play with phpbb, and found out a little about templates... so i
> "borrowed" the template engine from them for a personal project... and
> was pretty impressed.
>
> then shortly after that, i got a job with a company who used smarty
> templates... and was VERY impressed with them :) ever since then, i've
> been using smarty, and have been very happy since.
>
> I dont know of any others out there, but that is mostly becuase i am
> content with what smarty does for me (and prolly becuase i am too lazy
> to change now ;) )
>
> all of my projects now consist of smarty, pear mdb2, phpmailer, jquery,
> fpdf (if needed), and pchart (again, if needed). these are my personal
> choices, and I have been happy with them so far ;)
I agree 100%!! Everyone here pretty much knows how much I've ranted
about smarty :-)
IMHO it's smart to use smarty! ;-)
--
Blessings,
David M.
--- End Message ---
--- Begin Message ---
Hello,
some time have past since the last release and some changes have been made.
Vermis, the new open source issue tracker written in PHP,
based on Zend Framework and Doctrine ORM is heading towards stable
version 1.0.
Today I would like to introduce the latest development version
(r63-20101108) containing many bug fixes and some new features.
What is new in the project:
- Improved issues navigator, allows you to browse your issues in an
easier way by breaking them by component, milestone, type, status and
priority.
- SMTP integration, you don't need to setup a mail service on your
machine, use any mail account and send notification emails via SMTP.
- IIS Support, even if you can't install Apache you can still enjoy
using Vermis on your Windows box, finally Vermis is working under
Microsoft IIS Web Server.
- Lightbox, show your image attachments in a popup box.
- Migration guard, you can safely upgrade Vermis to the latest version.
You can try out the online demo at http://vermis.diabloware.com
Feel free to test, download and use Vermis.
Please let me know if everything is working as it should, any kind of
feedback is much appreciated :)
Home page: http://vermis.diabloware.com
Forum: http://forum.diabloware.com
Bugs: http://bugs.diabloware.com
Thanks, Lukasz (cepa) Cepowski
--- End Message ---
