Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Tijnema ! 



I would like to give a few comments on your script:

1) it looks like that
http://www.sperling.com/examples/captcha/tmp/access.mp3, without a
code, always returns the same value :) 284

2) About the timeout, you should set it at least less then 24 hrs, i
should do about 6 hrs, that's enough for somebody to enter the code,
but a hacker doesn't want to update his code every 6 hrs.

3) Then about the cracking of audio, if you keep the audio files the
same, it shouldn't be too hard to crack once you can read the audio
frames. Store each few audio frames for each number, and compare them
once you want to crack it.
A very simple way to avoid this is that you generate audio on
different bit rates. and use VBR/CBR randomly. Speech recognition
isn't working very well, and i don't think it would be able to get
these numbers from the audio, but I have too less experience with
speech recognition.

4) You couldn't only depend on this audio thing inside a script. I
know this has been said before, but when you are using images here, it
probably makes your script more insecure.

But it's surely nice done :)

Tijnema

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Zoltán Németh 
2007. 03. 29, csütörtök keltezéssel 22.00-kor Tijnema ! ezt írta:
> On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> > 2007. 03. 29, csütörtök keltezéssel 21.52-kor Tijnema ! ezt írta:
> > > On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> > > > works fine on XP/IE7
> > > > but still tells me to install some unknown plugin on ubuntu/firefox
> > > >
> > > > greets
> > > > Zoltán Németh
> > >
> > > That unknown plugin would probably some audio player.
> >
> > yes I was sure it is some kind of audio plugin :)
> > can you tell me exactly what to install?
> >
> > greets
> > Zoltán Németh
> 
> I have actually no idea, but this might help you:
> http://www.boutell.com/newfaq/browser/reinstallquicktime.html

ehh, actually an "apt-get install mozilla-mplayer" solved the problem ;)
now the captcha works fine on my linux too

greets
Zoltán Németh

> 
> Tijnema
> >
> > >
> > > Tijnema
> > > >
> > > > 2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta:
> > > > > Hi gang:
> > > > >
> > > > > If you people would be so kind as to review this:
> > > > >
> > > > > http://sperling.com/examples/captcha/
> > > > >
> > > > > and tell me what you think (ease of use, if it works, security,
> > > > > etc.), I would appreciate it.
> > > > >
> > > > > The point is to be able to get to the "Congratulations" page by
> > > > > hearing and entering the key. If you can get there some other way or
> > > > > defeat the process, I sure would like to know about it.
> > > > >
> > > > > I've tested this with a couple of dozen blind users and they find no
> > > > > problems with it. Now, I'll like to test it for the sighted.
> > > > >
> > > > > It's mixture of a several languages, but there is php in it, so I
> > > > > guess it's on topic.
> > > > >
> > > > > Cheers,
> > > > >
> > > > > tedd
> > > > >
> > > > > --
> > > > > ---
> > > > > http://sperling.com  http://ancientstones.com  http://earthstones.com
> > > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > > >
> >
> >

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: CURL questions

2007-03-29 Thread Chris 

Manuel Lemos wrote:

Hello,

on 03/30/2007 12:38 AM Chris said the following:

I get a 500 Internal server error, not sure why as this page being
called just inserts a word into a database. Could the cause be something
else network related? What else can I troubleshoot? or is my code
incorrect?

It is hard to tell because curl does not output any debugging
information.

Actually it does.

http://www.php.net/manual/en/function.curl-setopt.php

See CURLOPT_VERBOSE


Interesting. I was not aware of that option. It seems to send some
output to stderr. stderr usually goes to Web server error log. But how
can we capture that output from a PHP script and display it?


Set CURLOPT_RETURNTRANSFER and it should return *untested*.

Also http://php.net/curl_error can get the error :)

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: CURL questions

2007-03-29 Thread Manuel Lemos 
Hello,

on 03/30/2007 12:38 AM Chris said the following:
>>> I get a 500 Internal server error, not sure why as this page being
>>> called just inserts a word into a database. Could the cause be something
>>> else network related? What else can I troubleshoot? or is my code
>>> incorrect?
>>
>> It is hard to tell because curl does not output any debugging
>> information.
> 
> Actually it does.
> 
> http://www.php.net/manual/en/function.curl-setopt.php
> 
> See CURLOPT_VERBOSE

Interesting. I was not aware of that option. It seems to send some
output to stderr. stderr usually goes to Web server error log. But how
can we capture that output from a PHP script and display it?


-- 

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: CURL questions

2007-03-29 Thread Chris 

Manuel Lemos wrote:

Hello,

on 03/29/2007 01:15 PM Angelo Zanetti said the following:

I have a script on a server that does some processing, now I want to
execute that script using cURL. This is a basic scenario and I assume
its possible but its not working.

The script is as follows:

   $url = "http://www/test.php";;
 $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
   curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a
variable
   curl_setopt($ch, CURLOPT_TIMEOUT, 100);
   $data = curl_exec($ch);
   curl_close($ch); echo "DATA: " . $data;

Now the $url I have taken out the path for obvious reasons.

I get a 500 Internal server error, not sure why as this page being
called just inserts a word into a database. Could the cause be something
else network related? What else can I troubleshoot? or is my code
incorrect?


It is hard to tell because curl does not output any debugging information.


Actually it does.

http://www.php.net/manual/en/function.curl-setopt.php

See CURLOPT_VERBOSE

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Environment variables in php.ini

2007-03-29 Thread Abdullah Ramazanoglu 
Hello,

I have a Linux shared hosting environment with PHP running over CGI. With
CGI I can't use httpd.conf or .htaccess files for PHP related parameters,
so all the parameters should be given in one central php.ini file, AFAIK.
So how can I give parameters, in effect, like the ones below?

error_log = $HOME/php_error.log
session.referer_check = $DOMAIN_NAME
open_basedir = "$HOME:/usr/lib/php:/usr/local/lib/php:/tmp"
session.save_path = $HOME/sessions

With PHP module SAPI I would have overridden them in httpd.conf VirtualHost
directive with hard coded values. There, I don't have to use variables as
every vhost has its own VirtualHost section. But I don't know how to do it
(or if it is possible at all) in CGI mode.

Actually I did find a raw solution: Put a custom php.ini in each virtual
host's Doc_Root. But I don't really want to allow virtual hosts each
having a custom php.ini in their home directories, as that solution has
several serious drawbacks, like:
- No server/security policies can be enforced,
- An intruder can change the local php.ini and remove all the security
measures,
- Hundreds of php.ini files strewn around can easily lead to chaos,
- etc.

Is it possible at all to use environment variables in php.ini, or is there
any other solution to the problem above?

Thank you.
-- 
Abdullah Ramazanoglu
aramazan ÄT myrealbox D0T cöm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: CURL questions

2007-03-29 Thread Manuel Lemos 
Hello,

on 03/29/2007 01:15 PM Angelo Zanetti said the following:
> I have a script on a server that does some processing, now I want to
> execute that script using cURL. This is a basic scenario and I assume
> its possible but its not working.
> 
> The script is as follows:
> 
>$url = "http://www/test.php";;
>  $ch = curl_init();
>curl_setopt($ch, CURLOPT_URL, $url);
>curl_setopt($ch, CURLOPT_HEADER, 0);
>curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
>curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
>curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a
> variable
>curl_setopt($ch, CURLOPT_TIMEOUT, 100);
>$data = curl_exec($ch);
>curl_close($ch); echo "DATA: " . $data;
> 
> Now the $url I have taken out the path for obvious reasons.
> 
> I get a 500 Internal server error, not sure why as this page being
> called just inserts a word into a database. Could the cause be something
> else network related? What else can I troubleshoot? or is my code
> incorrect?

It is hard to tell because curl does not output any debugging information.

You may want to try this other HTTP client class that can provide debug
output, so you can see what exactly going on:

http://www.phpclasses.org/httpclient


-- 

Regards,
Manuel Lemos

Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Alternative/Addition to using a CAPTCHA

2007-03-29 Thread John Comerford 
I was reading the current tread on CAPTCHA and possible cracks and I 
thought maybe I'd throw this out to the group to see what you think.  
Recently I saw a forum where in order to post you first had to click on 
a div that was placed at a random location on the page, it read 
something like, "Click here if you are human".  I was thinking that 
maybe you could put together a system that looks something like this:


http://people.aapt.net.au/JComerford/ClickMe.htm

I was thinking you could use it in a couple of ways:

1) As a replacement to a CAPTCHA image
2) When you click the image a CAPTCHA image is loaded into the 'Click 
Me' container


The main problem is how to tell the server that the div has been 
clicked, in a way that can't be simulated.  I am not an expect with 
either JS or PHP, but maybe some of the bigger brains out there could 
throw in their 2 cents..


JC

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread TG 
On Thu, March 29, 2007 4:50 pm, tedd wrote:
>>2. What you've created is a relatively simplistic audio captcha that
>>HAS to be really succeptible to speech recognition.  Spammers have
>>gotten used to visual CAPTHCA so maybe they're not going to focus
>>too much on detecting and breaking audio CAPTCHA, but that still
>>comes down to "security through obscurity" which isn't a good
>>practice.
>
> There isn't any good practice here -- it's all just an attempt to do
> "the best the media will permit".

Understood.. it's a good exercise and a good discussion I think.

>>Once they had the software set up. Then they just have to fake the
>>"Speak Key" submit and grab the "tmp/access.mp3?##" out of
>>phone.php (submitting proper cookie/session data) and that's it.
>
> Two things:
>
> 1. There's no cookie data -- how does one access session data? I
> thought outside of the sessionID, you couldn't -- am I wrong?

Sessions, unless you pass the ID through the URL, require cookies to be
enabled on the client's browser.  They're not permanent cookies, but
they're still cookies.  I was just saying that the attacking spam bot
would be manually emulating a browser by accepting the session cookie and
passing it back and forth with the server (or however that technically
works) to maintain the "this session id goes with this MP3 for CAPTCHA
authentication".  Otherwise there's no persistence and the CAPTCHA
mechanism would probably try to issue a new MP3 when the bot when to log
in.

Challenge: sessionid 123 issued, MP3 "ABC" created
Response: "ABC" sent back with no session ID, CAPTCHA assumes it's a new
visiter and generates sessionid 456 and MP3 "DEF".

Challenge response fails because response was not sessionid 123 and text
"ABC".  It was probably text "ABC" with no session id if the bot doesn't
try to emulate browser behavior for sessions.


> 2. I might be able to generate a sound file that can be accessed only
> once. In other words, once you grab the file it's not there for a
> second look (like is light a wave or particle thing). Now, put that
> together with a hidden token in the form that accompanies the key,
> then even typing the correct key wouldn't work unless it was
> submitted via the form and not injected. I have to think about the
> logic here -- but this is just of the top of my head.

Anything stored in the form can be read by a bot, so whatever additional
tokens you may put into the web form could also be read and posted back to
your web server by the bot.

Also, regarding accessing the file only once, a bot is either going to get
it or not get it in one pass.  So it doesn't matter if the audio file you
create can only be accessed once.  That's all a bot needs and it's either
successful or not.  A human, on the other hand, may need to hear it a few
times.

Sounds like you have a concept on the tip of your brain, so maybe this
isn't exactly what you were aiming for.  But those are my thoughts based
on what you said.

And let's not bring quantum mechanics into this mess. hah. you and your
wacky waves and particles.

"Checking the electron microscope... And the winner is three, in a quantum
finish!"
"No fair! You changed the outcome by observing it!"
- Futurama

>>And because you can't do anything on the internet without bumping
>>into adult material. Don't worry, this is safe... no pics or bad
>>words, just an article about using porn sites to break visual
>>CAPTCHA.  The spambots would take your visual CAPTCHA images and
>>post it to their site which offers users free porn if they pass the
>>CAPTCHA. And there's no lack of people wanting free porn so sounds
>>like it was fairly effective:
>>http://www.boingboing.net/2004/01/27/solving_and_creating.html
>
>
> Now that is clever. However, I am having difficulty seeing just how
> they can obtain and use the information provided. For example, if I
> say the key for a specific CAPTCHA is 123 -- then how can that help a
> spammer because when he returns to the site, the CAPTCHA would have
> changed?
>
> Can you explain how that works?

Because computers are very very fast.

More importantly, they don't have to "return to the site" therefore
generating a new CAPTCHA sequence.  The bot can access the page it wants
to log into, retrieve the CAPTCHA image, post it to the free porn site for
all the amazingly fast 1 handed typists to decode, and respond to the
CAPTCHA challenge within second, if even that long.   Assumping there are
humans accessing their site to do the decoding for them.

It's no different than pulling up a message in french, copying and pasting
it into Babelfish in another window, reading the translated version and
going back to the first window to respond.  Hell, toss in a english ->
french translation of your response before switching back to window 1 and
if a computer was doing it all, it could have it all done in a fraction of
a second longer than it took to load the pages.  Plenty of time to respond
to the CAPTCHA challenge.  But in t

Re: [PHP] CURL questions

2007-03-29 Thread Chris 

Angelo Zanetti wrote:

y

Erik Jones wrote:


On Mar 29, 2007, at 11:15 AM, Angelo Zanetti wrote:


Hi all.

I have a script on a server that does some processing, now I want to 
execute that script using cURL. This is a basic scenario and I assume 
its possible but its not working.


The script is as follows:

   $url = "http://www/test.php";;
 $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
   curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a 
variable

   curl_setopt($ch, CURLOPT_TIMEOUT, 100);
   $data = curl_exec($ch);
   curl_close($ch); echo "DATA: " . $data;

Now the $url I have taken out the path for obvious reasons.

I get a 500 Internal server error, not sure why as this page being 
called just inserts a word into a database. Could the cause be 
something else network related? What else can I troubleshoot? or is 
my code incorrect?


Well, have you tested callling the script directly from a browser?  
Also, note that your setting CURLOP_RETURNTRANSFER twice and that my 
be messing with the curl call.


yes i have tested with the browser, it works fine. I have removed the 
duplicate entry however its still giving the error do you think they are 
blocking the request? or should I be doing the request on a certain port?


Try fetching google or yahoo - if that doesn't work, it'll probably be a 
firewall issue (your host won't allow outgoing http requests), so talk 
to your host.


If you can't fetch pages on just your server then that's a separate 
problem that your host will need to look at.


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread TG 
On Thu, March 29, 2007 3:45 pm, Tijnema ! wrote:
> You're maybe on the right path, adding images as the background makes
> it really hard to read the code from the image. You could for example
> use random images as background.

Some of the CAPTCHA methods listed as being difficult for the PWNtcha guys
to break involved using a variety of colorful backgrounds and other strong
mutations.  The stronger the mutation and harder for a machine to read,
tended to also mean that humans had a harder time reading it as well.  The
idea is to break the pattern enough to make it difficult on machines, but
easy on people.  But then we fall into the same old conundrum of better
security versus a system that's more difficult/cumbersome/tedious/annoying
to the user.  As always, we have to find a balance between "good enough"
and "easy enough".

> But i have to say that breaking something isn't needed always,
> re-using a human passed protection is a way to break through a lot of
> things.
>
> For example, i would go to the page and save the number that the
> CAPTCHA passed to my session. Then i would write down the code that i
> need to enter. So, next time i need to pass, i set the session value
> to the one i got first time, and i enter same code. Works for most
> CAPTCHA programs :) Didn't test it out on your audio CAPTCHA yet, but
> you really should care about a timeout for the session variable used.

Are you saying that you'd want to make a note of the session ID, the
"filename" for the audio file, listen to the audio then write down what it
says so if that combination ever came up again, you'd have the answer? 
Couple of problems with this if that's what you're proposing:

1. Sessions usually time out.  Ideally, you shouldn't be able to recall a
session ID used a month ago and have it work.  If the server kept every
session ID ever created, it'd become a mess really fast.  And if the
programmer stored the session ID in a database and fails to create and
store a new session ID when you re-visit, then that's a pretty big gaping
hole. If it's part of a security mechanism and they don't time out or
someone expire and get purged, chances are you should be looking for
another job.

2. The "filename" number is most likely randomly generated and stored
temporarily for use at that moment.  So re-visiting the page and getting
the same audio CAPTCHA sound clip probably won't give you an audio clip
with the same "filename".  Again, ideally.   What you might be able to do
is do an MD5 on the file you get and if it matches a previous audio clip,
then that may work.  All depends on how the sound file is generated and if
it produced EXACTLY identical files using the same digits or if there's a
slight variance.  Much like the visual CAPTCHA devices, audio ones are
going to work best if the pattern of audio is broken up somehow with
additional noises injected into the mix (I'm paraphrasing something I saw
on one of those sites I saw earlier.. but it's a really good point). 
Straight, plain, measured voice is going to be a lot easier to parse than
voices with mixed pitches, volumes, accents and some background noise or
something.  Something like power tools, a vacuum cleaner, city sounds,
etc.  Things we, as humans, can conciously filter out fairly easy most of
the time, but a computer would have a really hard time figure out "2 5 3"
with a jackhammer and car horns going on behind it.  That gets into some
seriously sophisticated audio processing.

Anyway, adding some mutation to the audio file would prevent an MD5 type
hash check.


Another potential attack on weak audio mechanisms just occured to me. 
Load the page a number of times, saving the audio files each time until
you can determine what the "set" is that's being used.  If it's all
numbers, numbers + letters, etc.

Eventually you should have a copy of each sample.  If the spacing between
each digit is regular, theoretically you could create a sound file for
each digit and do a brute force compare of the new sound clip against
every possible combination of the files you saved stacked together.  Or
again, create an MD5 hash for each combation and just do a lookup against
the MD5 of the new audio clip.  Probably wouldn't take long to get the
fine-tuning down.

But even a tiny bit of variance would blow that out of the water.  Speech
recognition tools are much more of a threat than something like this.

-TG

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Chris 

Rahul Sitaram Johari wrote:

My Apologies Everyone! I gave you all the wrong code Twice!! A pox on me - I
tell you!

This is the ACTUAL code that I'm working with - and it's not working:

$WHEN, $WHAT, $WHO";
   
$sql = "INSERT INTO tbl  (WHEN, WHAT, WHO) VALUES

('$WHEN','$WHAT','$WHO')";
$result = mysql_query($sql) or die("Fatal Error :".mysql_error());
echo "~: message sent
:~";
}
?>

Please disregard the previous code I sent. Thank you!


On 3/29/07 10:10 AM, "Rahul Sitaram Johari" <[EMAIL PROTECTED]>
wrote:


Ave,

Does anyone know what I¹m doing wrong?

$WHEN, $WHAT, $WHO";
 
mysql_query("INSERT INTO tbl (WHEN, WHAT, WHO) VALUES

('$WHEN','$WHAT','$WHO')";


You'll want to fix this still - even with the field name change.

Why? Try submitting something with a quote in it.

Use mysql_real_escape_string:

$query = "INSERT INTO tbl(blah, blah, blah) VALUES('" . 
mysql_real_escape_string($when) . "', '" . 
mysql_real_escape_string($what) . "', '" . 
mysql_real_escape_string($who) . "')";


mysql_query($query);

See http://php.net/mysql_real_escape_string and 
http://phpsec.org/projects/guide/3.html


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: installing php 5.2.1

2007-03-29 Thread Chris 

Sady Marcos wrote:
Change permissions... 


How is that related to permissions?

It was simply php trying to load up extensions that didn't exist.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Gnome and MIME types

2007-03-29 Thread Edward Vermillion 


Just going out on a limb here, but did you mis-type it in the script  
also?




>
> I then stumbled upon gnomevfs-info that provided the information I
   ^




> exec, etc). I used the full path (/usr/bin/gnamevfs-info) so I  
don't

^

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Date/time format?

2007-03-29 Thread Jim Lucas 

Jason Pruim wrote:

Hi Everyone,

First off, I'm using PHP 5.2.0 and apache 1.3.33

I am trying to figure out what format a string is in in a database. It's 
a timecard system that I have found on-line and I am attempting to 
figure out how to write a script that would give me everyones timecard 
for the month on one screen I can print out for accounting to use. Below 
is an example of one of the lines in the database, What I'm really 
interested in is how it represents the "day".


user   dayjob_name  
minutes sequence


root   1171774800   Production & technology Manager 990 3

I have not been able to find ANY info about that format, other then 
other people using it in blogs. I think I can figure out the rest as I 
go if I know how to decode the day. Any help or pointers to the "M" 
would be GREATLY appreciated! :)




--
Jason Pruim
[EMAIL PROTECTED]
Production & Technology Manager
MQC Specialist (2005 certified)
3251 132nd Ave
Holland MI 49424
616.399.2355
www.raoset.com


“Give me your tired, your poor,
Your huddled masses yearning to breathe free,
The wretched refuse of your teeming shore.
Send these, the homeless tempest-tost to me,
I lift my lamp beside the golden door!”

 From “The New Colossus,” by Emma Lazarus




you stated in a different email that there are 6 possible values/settings for 
the sequence col.

what are they, and what do they mean?

One person asked about missed punches.  What happens if someone forgets to clock out?  Is an entry 
made for the person for the appropriate day/minutes/sequence ???


I can see a way to do what you are asking, but I need these questions answered 
first.

--
Enjoy,

Jim Lucas

Different eyes see different things. Different hearts beat on different strings. But there are times 
for you and me when all such things agree.


- Rush

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Date/time format?

2007-03-29 Thread Jim Lucas 

Roberto Mansfield wrote:

Jason Pruim wrote:

Thanks everyone for your suggestions, it turns out it was a unix time
stamp and I can get it to parse out a normal date now.

Now... on to the harder part

What I am trying to do is learn... This is kind of just a pet project
for me to figure out how I can do it. here is how the database is laid out:

+---++-+-+--+

| user  | day|
job_name | minutes | sequence |
+---++-+-+--+

| root  | 1172466000 | Production & technology Manager | 480
|0 |
| root  | 1172466000 | Production & technology Manager | 720
|1 |
| root  | 1172466000 | Production & technology Manager | 750
|2 |
| root  | 1172466000 | Production & technology Manager | 990
|3 |


Your table has different types of records in it -- clock in, and clock
out. You are using order to assume which record is a start time and
which is an end time. This is very vague. Also what happens if you are
working late past midnight or someone forgets to clock out?

I think a better approach would be to have a "clock in" field
(timestamp) and a "clock out" field (another timestamp). That will
simplify things considerably. You can then calculate your time totals
with math on each record instead of across records:

select (clock_out - clock_in)/3600 AS hours_worked from table ...

Or: select sum((...)) etc.



He doesn't have the option of changing this, it is a pre existing system.  He is just trying to add 
a feature.


--
Enjoy,

Jim Lucas

Different eyes see different things. Different hearts beat on different strings. But there are times 
for you and me when all such things agree.


- Rush

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Link to download files on another part of system

2007-03-29 Thread Rahul Sitaram Johari 
Ave,

You've actually raised pretty valid security issues.
The files in that particular mounted share can be publicly accessible so I'm
not worried about that. But I'll certainly validate phone number before
executing the find command.

Thanks!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²


On 3/29/07 5:33 PM, "Roberto Mansfield" <[EMAIL PROTECTED]> wrote:

> Only do this if all the files should be publicly accessible. Otherwise,
> you'll need to create a php wrapper to do authorization before sending
> the file.
> 
> -Roberto

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Link to download files on another part of system - SOLVED!

2007-03-29 Thread Rahul Sitaram Johari 
Ave,

I think I did it! I created a sharepoint within my web server (inside my
website) and mounted the share on that sharepoint. Once I did that, I
specified correct paths and my downloads are now working. I created a ³jump
menu² select list and this is what I¹ve come up with:


function openVox(form) {
var newIndex = form.voxSelect.selectedIndex;
if (newIndex == 0) {
//alert( "Please select a file to download!" );
} else { 
dlvox = form.voxSelect.options[newIndex].value;
window.location.assign(dlvox);
} 
} 
 


... Choose Recording ...
".basename($value)."";
}
?>



Now it¹s able to pull up filenames associated with a record using it¹s phone
number and the wildcard method suggested previously, and a user can select
the file from a drop down and it comes up for Download. Perfect!

Thanks!!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²


>> Ave,
>> 
>> I¹m going to try creating the sharepoint within my webserver, as suggested
>> by you and tijnema. I think that¹s probably the easiest and quickest
>> solution to this. I¹ll report back!
>> 
>> Thanks!
>> 
>> 
>> On 3/29/07 4:48 PM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:
>> 
>>> Rahul,
>>> 
>>> Your best bet in this case, with the most minimal coding, would be to
>>> either symlink the individual files into a web-accessible directory, or
>>> symlink the directory containing those files into a web-accessible location.
>>> However, this part would be up to you, determinable by your current system
>>> configuration and potential security risks ( e.g. - the directory is also
>>> the
>>> parent directory for information needing to remain secure, so we don't want
>>> to
>>> symlink the directory).
>>> 
>>> Another option would be to read the file through a script and output it
>>> sending a MIME type prior to the data output, placing the name of the file
>>> on
>>> the server into the output bugger head so that the user would see it simply
>>> as
>>> a direct download.
>>> 
>>> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
 Ave,
 
 This is actually a continuation of my previous ³Show files using Wildcards²
 thread, but a different problem.
 
 Code:
 
 >>> exec("find /Users/rjohari/Documents/XFER/espi -type f -name
 ".$row['PHONE']."*.vox", $files);
 foreach ($files as $value) {
 echo ">>> 
href='/Users/rjohari/Documents/XFER/osm/ESPI/".basename($value)."'>".basena
m
 e($value)."";
 }
 ?>
 
 The files I¹m linking to, in order to let the User download them, reside on
 a mounted share on my system. They are on in the Apache Web Server htdocs
 folder where my website resides. How do I make these files available to
 download if they are not in my webserver folder?
 
 Thanks!
 
 ~~~
 Rahul Sitaram Johari
 CEO, Twenty Four Seventy Nine Inc.
 
 W: http://www.rahulsjohari.com
 E: [EMAIL PROTECTED]
 
 ³I morti non sono piu soli ... The dead are no longer lonely²

Re: [PHP] Link to download files on another part of system

2007-03-29 Thread Roberto Mansfield 
Only do this if all the files should be publicly accessible. Otherwise,
you'll need to create a php wrapper to do authorization before sending
the file.

-Roberto


Rahul Sitaram Johari wrote:
> Ave,
> 
> I¹m going to try creating the sharepoint within my webserver, as suggested
> by you and tijnema. I think that¹s probably the easiest and quickest
> solution to this. I¹ll report back!
> 
> Thanks!
> 
> 
> On 3/29/07 4:48 PM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:
> 
>> Rahul,
>>
>> Your best bet in this case, with the most minimal coding, would be to
>> either symlink the individual files into a web-accessible directory, or
>> symlink the directory containing those files into a web-accessible location.
>> However, this part would be up to you, determinable by your current system
>> configuration and potential security risks ( e.g. - the directory is also the
>> parent directory for information needing to remain secure, so we don't want 
>> to
>> symlink the directory).
>>
>> Another option would be to read the file through a script and output it
>> sending a MIME type prior to the data output, placing the name of the file on
>> the server into the output bugger head so that the user would see it simply 
>> as
>> a direct download.
>>
>> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
>>> Ave,
>>>
>>> This is actually a continuation of my previous ³Show files using Wildcards²
>>> thread, but a different problem.
>>>
>>> Code:
>>>
>>> >> exec("find /Users/rjohari/Documents/XFER/espi -type f -name
>>> ".$row['PHONE']."*.vox", $files);
>>> foreach ($files as $value) {
>>> echo ">> href='/Users/rjohari/Documents/XFER/osm/ESPI/".basename($value)."'>".basenam
>>> e($value)."";
>>> }
>>> ?>
>>>
>>> The files I¹m linking to, in order to let the User download them, reside on
>>> a mounted share on my system. They are on in the Apache Web Server htdocs
>>> folder where my website resides. How do I make these files available to
>>> download if they are not in my webserver folder?
>>>
>>> Thanks!
>>>
>>> ~~~
>>> Rahul Sitaram Johari
>>> CEO, Twenty Four Seventy Nine Inc.
>>>
>>> W: http://www.rahulsjohari.com
>>> E: [EMAIL PROTECTED]
>>>
>>> ³I morti non sono piu soli ... The dead are no longer lonely²
>>>
>>
> 
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Roberto Mansfield 
Also, you should validate the phone number (make sure it contains only
numerical digits) before using it on the command line. I wouldn't trust
the data to build a command line.

-Roberto

Rahul Sitaram Johari wrote:
> ;)
> 
> Point taken!
> 
>  exec("find /Users/rjohari/Documents/XFER/espi -type f ­name
> ".$row['PHONE']."*.vox", $files);
> foreach ($files as $value) {
> echo basename($value)."";
> }
> ?>
> 
> :)
> 
> Thanks
> 
> ~~~
> Rahul Sitaram Johari
> CEO, Twenty Four Seventy Nine Inc.
> 
> W: http://www.rahulsjohari.com
> E: [EMAIL PROTECTED]
> 
> ³I morti non sono piu soli ... The dead are no longer lonely²
> 
> 
> On 3/29/07 4:58 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:
> 
>> DON'T commit suicide mate :)
>>
>> What if you one day move the path? ;)
>>
>>
>>> -Original Message-
>>> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
>>> Sent: Thursday, March 29, 2007 9:54 PM
>>> To: Peter Lauri; PHP
>>> Subject: Re: [PHP] Show Filename using Wildcards
>>>
>>> Ave,
>>>
>>> This Works!!
>>>
>>> >> exec("find /Users/rjohari/Documents/XFER/espi -type f -name
>>> ".$row['PHONE']."*.vox", $files);
>>> foreach ($files as $value) {
>>> echo substr($value,35)."";
>>> }
>>> ?>
>>>
>>> THANKS!
>>>
>>> ~~~
>>> Rahul Sitaram Johari
>>> CEO, Twenty Four Seventy Nine Inc.
>>>
>>> W: http://www.rahulsjohari.com
>>> E: [EMAIL PROTECTED]
>>>
>>> ³I morti non sono piu soli ... The dead are no longer lonely²
>>>
>>>
>>>
>>> On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:
>>>
>>>
 [Peter Lauri - DWS Asia]

 Hi,

 Assuming you are on a linux you could try:

 exec("find /the/path/to/the/place/where/you/should/start/searching -type
>>> f
 -name 515515515*.ext", $files);

 Then the $files will be an array with the found files matching the
>>> search.
 Best regards,
 Peter Lauri

 www.dwsasia.com - company web site
 www.lauri.se - personal web site
 www.carbonfree.org.uk - become Carbon Free

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Date/time format?

2007-03-29 Thread Roberto Mansfield 
Jason Pruim wrote:
> Thanks everyone for your suggestions, it turns out it was a unix time
> stamp and I can get it to parse out a normal date now.
> 
> Now... on to the harder part
> 
> What I am trying to do is learn... This is kind of just a pet project
> for me to figure out how I can do it. here is how the database is laid out:
> 
> +---++-+-+--+
> 
> | user  | day|
> job_name | minutes | sequence |
> +---++-+-+--+
> 
> | root  | 1172466000 | Production & technology Manager | 480
> |0 |
> | root  | 1172466000 | Production & technology Manager | 720
> |1 |
> | root  | 1172466000 | Production & technology Manager | 750
> |2 |
> | root  | 1172466000 | Production & technology Manager | 990
> |3 |

Your table has different types of records in it -- clock in, and clock
out. You are using order to assume which record is a start time and
which is an end time. This is very vague. Also what happens if you are
working late past midnight or someone forgets to clock out?

I think a better approach would be to have a "clock in" field
(timestamp) and a "clock out" field (another timestamp). That will
simplify things considerably. You can then calculate your time totals
with math on each record instead of across records:

select (clock_out - clock_in)/3600 AS hours_worked from table ...

Or: select sum((...)) etc.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread tedd 

At 7:32 PM +0200 3/29/07, Tijnema ! wrote:

Yes, it's nice made, i see you didn't stored anything in sessions
except PHPSESSID, which you probably use to verify the code entered.
Atleast, that's what i think, i hope you didn't use IP ;)


No, it's just uses sessions to keep track of the visitor. However, if 
two (or more) visitors were hitting the site at the same time, the 
key might unexpectedly change for them.



But, this is crackable. To crack this, the cracker should get the
audio file from the server, and parse it. Since you use the same audio
piece for each number, you should get the voice part of each number,
and then parse the downloaded file and check which number it matches
:)



I could throw some background noise into it that would make it 
difficult to crack that way, but then that would present the same 
problem as experienced in Graphic CAPTCHA's -- they become too noisy 
to resolve. Funny how this stuff is just variations of a theme.



It won't be easy, and probably not everyone is able to crack this. But
it is possible :) If you don't believe me, i am able to prove it, but
that takes some time :)

Tijnema


Well.. that's the point, namely to make it difficult. As I've said 
before, anything a computer can generate another computer can 
interpret -- it just takes time and effort.


Thanks for your review,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Link to download files on another part of system

2007-03-29 Thread Rahul Sitaram Johari 
Ave,

I¹m going to try creating the sharepoint within my webserver, as suggested
by you and tijnema. I think that¹s probably the easiest and quickest
solution to this. I¹ll report back!

Thanks!


On 3/29/07 4:48 PM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:

> 
> Rahul,
> 
> Your best bet in this case, with the most minimal coding, would be to
> either symlink the individual files into a web-accessible directory, or
> symlink the directory containing those files into a web-accessible location.
> However, this part would be up to you, determinable by your current system
> configuration and potential security risks ( e.g. - the directory is also the
> parent directory for information needing to remain secure, so we don't want to
> symlink the directory).
> 
> Another option would be to read the file through a script and output it
> sending a MIME type prior to the data output, placing the name of the file on
> the server into the output bugger head so that the user would see it simply as
> a direct download.
> 
> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
>> Ave,
>> 
>> This is actually a continuation of my previous ³Show files using Wildcards²
>> thread, but a different problem.
>> 
>> Code:
>> 
>> > exec("find /Users/rjohari/Documents/XFER/espi -type f -name
>> ".$row['PHONE']."*.vox", $files);
>> foreach ($files as $value) {
>> echo "> href='/Users/rjohari/Documents/XFER/osm/ESPI/".basename($value)."'>".basenam
>> e($value)."";
>> }
>> ?>
>> 
>> The files I¹m linking to, in order to let the User download them, reside on
>> a mounted share on my system. They are on in the Apache Web Server htdocs
>> folder where my website resides. How do I make these files available to
>> download if they are not in my webserver folder?
>> 
>> Thanks!
>> 
>> ~~~
>> Rahul Sitaram Johari
>> CEO, Twenty Four Seventy Nine Inc.
>> 
>> W: http://www.rahulsjohari.com
>> E: [EMAIL PROTECTED]
>> 
>> ³I morti non sono piu soli ... The dead are no longer lonely²
>> 
> 
>

Re: [PHP] Gnome and MIME types

2007-03-29 Thread Nathan Ziarek 

Good call :-)

Yes, safe mode is turned off.

On 3/29/07, Tijnema ! <[EMAIL PROTECTED]> wrote:

On 3/29/07, Nathan Ziarek <[EMAIL PROTECTED]> wrote:
> /etc/php5/apache2/php.ini has the uncommented line "safe_mode = Off"
>
> Assuming there isn't another file that can override that setting, my
> safe mode is off.
>
> Thanks,
>
> Nate

better check this using phpinfo:


Tijnema
>
> On 3/29/07, Peter Lauri <[EMAIL PROTECTED]> wrote:
> > Is php safe mode on or off?
> >
> > Best regards,
> > Peter Lauri
> >
> > www.dwsasia.com - company web site
> > www.lauri.se - personal web site
> > www.carbonfree.org.uk - become Carbon Free
> >
> >
> > > -Original Message-
> > > From: Nathan Ziarek [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, March 29, 2007 9:30 PM
> > > To: php-general@lists.php.net
> > > Subject: [PHP] Gnome and MIME types
> > >
> > > I'm having a hard time getting solid MIME Types of various files.
> > >
> > > On my Ubuntu/Apache2/PHP5 system, I first attempted to install
> > > fileInfo. That didn't go so well (on Safari even running "$finfo =
> > > finfo_open(FILEINFO_MIME);" causes it to complain that it lost the
> > > network connection; Firefox prompts me to download the file_ and
> > > seeing as it is not really ready for release, I thought I should stay
> > > away from that.
> > >
> > > I then tried running "system("file -i -m /usr/share/docs/mim file")"
> > > which worked, but file doens't provide very good mime types -- all
> > > Microsoft Office Documents returned nothing, for example.
> > >
> > > I then stumbled upon gnomevfs-info that provided the information I
> > > wanted. I don't know what mime database it is using (couldn't find it)
> > > but it sure seemed more complete than anything else I had used.
> > >
> > > Problem is, I can't seem to run it from within a PHP script (system,
> > > exec, etc). I used the full path (/usr/bin/gnamevfs-info) so I don't
> > > believe that to be the problem, and the page has no errors (I am using
> > > error_reporting(E_ALL)).
> > >
> > > Any tips or suggestions?
> > >
> > > Thanks!
> > >
> > > Nate
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread tedd 

At 9:45 PM +0200 3/29/07, Tijnema ! wrote:

For example, i would go to the page and save the number that the
CAPTCHA passed to my session. Then i would write down the code that i
need to enter. So, next time i need to pass, i set the session value
to the one i got first time, and i enter same code. Works for most
CAPTCHA programs :) Didn't test it out on your audio CAPTCHA yet, but
you really should care about a timeout for the session variable used.


That sounds good -- I need to think about that. What time period 
would you suggest? Remember, there are people here with disabilities 
that may not type as "slow" as we do. :-)



We didn't see your script yet, so i don't know what extra security you
added. But it's good to have these things in mind.


I plan on making the script public. I just need to stamp out these 
types of fires first.


Thanks.

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Link to download files on another part of system

2007-03-29 Thread Zoltán Németh 
2007. 03. 29, csütörtök keltezéssel 22.46-kor Tijnema ! ezt írta:
> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
> > Ave,
> >
> > This is actually a continuation of my previous ³Show files using Wildcards²
> > thread, but a different problem.
> >
> > Code:
> >
> > >exec("find /Users/rjohari/Documents/XFER/espi -type f -name
> > ".$row['PHONE']."*.vox", $files);
> >foreach ($files as $value) {
> >echo " > href='/Users/rjohari/Documents/XFER/osm/ESPI/".basename($value)."'>".basenam
> > e($value)."";
> >}
> >?>
> >
> > The files I¹m linking to, in order to let the User download them, reside on
> > a mounted share on my system. They are on in the Apache Web Server htdocs
> > folder where my website resides. How do I make these files available to
> > download if they are not in my webserver folder?
> >
> > Thanks!
> 
> A very simple way is to link the
> Users/rjohari/Documents/XFER/osm/ESPI/ to some folder inside your www
> directory :)

I think following symlinks can be switched off in apache configuration
by default (however I'm absolutely not sure about this...) - so use it
only if you can configure apache

greets
Zoltán Németh

> 
> Didn't test it, but it should work though. Else you need to create
> some download script. (header, file_get_contents,echo)
> 
> Tijnema
> >
> > ~~~
> > Rahul Sitaram Johari
> > CEO, Twenty Four Seventy Nine Inc.
> >
> > W: http://www.rahulsjohari.com
> > E: [EMAIL PROTECTED]
> >
> > ³I morti non sono piu soli ... The dead are no longer lonely²
> >
> >
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Date/time format?

2007-03-29 Thread Zoltán Németh 
2007. 03. 29, csütörtök keltezéssel 16.38-kor Jason Pruim ezt írta:
> Thanks everyone for your suggestions, it turns out it was a unix time  
> stamp and I can get it to parse out a normal date now.
> 
> Now... on to the harder part
> 
> What I am trying to do is learn... This is kind of just a pet project  
> for me to figure out how I can do it. here is how the database is  
> laid out:
> 
> +---++-+- 
> +--+
> | user  | day|  
> job_name | minutes | sequence |
> +---++-+- 
> +--+
> | root  | 1172466000 | Production & technology Manager | 480  
> |0 |
> | root  | 1172466000 | Production & technology Manager | 720  
> |1 |
> | root  | 1172466000 | Production & technology Manager | 750  
> |2 |
> | root  | 1172466000 | Production & technology Manager | 990  
> |3 |
> 
> the minutes column is the number of minutes that have passed since  
> midnight. the sequence number refers to the sequence that the times  
> were entered, meaning that 480 minutes after midnight came before 720  
> minutes, which was before 750 minutes which was before 990 minutes.  
> What I need to do, is be able to calculate the time between 0 & 1, 2  
> & 3, 4 & 5 (there is a total of 6 sequences that could be in here)
> 
> here is now the math would like on that particular entry: (480-720) +  
> (750-990)=480/60=8 hours.
> 
> This is a timecard program that I'm trying to write a report for to  
> show the time for the entire month instead of it's default for the  
> week. You can see what I have tried live at: raoset.com/tests/ 
> oatstest/oats.shtml
> 
> the code that I need help with is the math. I have looked but I just  
> can't find a clear way to get the info from mysql, into an array in  
> php to do the math? Maybe I've been looking at it to long and so I'm  
> missing easy stuff?
> 
> I have tried this code:
> $querytime = mysql_query("select sum(minutes) as t1, sum(sequence) as  
> t2 from oats_time");
> while($row = mysql_fetch_array($querytime)){
> $fulltotal=$row['t1']+$row['t2'];
> echo($fulltotal);
> }
>   but that didn't work the way I wanted it to.
> 
> Anyway... Post is long enough to start, so let me know if there is  
> other info you need.

(I assume you want this calculation within one given day)
you could read all rows into an array like

$timeinfo = array();
$sql = "SELECT minute, sequence FROM table WHERE day='$day'";
$result = mysql_query($result);
while ($row = mysql_fetch_assoc($result)) {
$timeinfo[$row['sequence'] = $row['minute'];
}

and then calculate and echo the difference between any element of the
array:

$diff0_1 = $timeinfo[1] - $timeinfo[0];

greets
Zoltán Németh


> 
> Thanks in advance!
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread tedd 

tg:

At 2:36 PM -0400 3/29/07, <[EMAIL PROTECTED]> wrote:
1. My biggest fear when relying on an audio CAPTCHA system is if the 
users doesn't have sound.  No speakers, or can't play stuff at the 
office or something like that.  I keep my system muted at work 
unless I'm playing music because some websites have dumb little 
flash things that make sounds and I don't feel like explaining what 
I'm surfing to my coworkers constantly.  And just out of a general 
courtesy to them not to create undue distractions in the office.


Yes, but this is just the Audio part -- more to follow.

2. What you've created is a relatively simplistic audio captcha that 
HAS to be really succeptible to speech recognition.  Spammers have 
gotten used to visual CAPTHCA so maybe they're not going to focus 
too much on detecting and breaking audio CAPTCHA, but that still 
comes down to "security through obscurity" which isn't a good 
practice.


There isn't any good practice here -- it's all just an attempt to do 
"the best the media will permit".


Once they had the software set up. Then they just have to fake the 
"Speak Key" submit and grab the "tmp/access.mp3?##" out of 
phone.php (submitting proper cookie/session data) and that's it.


Two things:

1. There's no cookie data -- how does one access session data? I 
thought outside of the sessionID, you couldn't -- am I wrong?


2. I might be able to generate a sound file that can be accessed only 
once. In other words, once you grab the file it's not there for a 
second look (like is light a wave or particle thing). Now, put that 
together with a hidden token in the form that accompanies the key, 
then even typing the correct key wouldn't work unless it was 
submitted via the form and not injected. I have to think about the 
logic here -- but this is just of the top of my head.


And because you can't do anything on the internet without bumping 
into adult material. Don't worry, this is safe... no pics or bad 
words, just an article about using porn sites to break visual 
CAPTCHA.  The spambots would take your visual CAPTCHA images and 
post it to their site which offers users free porn if they pass the 
CAPTCHA. And there's no lack of people wanting free porn so sounds 
like it was fairly effective:

http://www.boingboing.net/2004/01/27/solving_and_creating.html



Now that is clever. However, I am having difficulty seeing just how 
they can obtain and use the information provided. For example, if I 
say the key for a specific CAPTCHA is 123 -- then how can that help a 
spammer because when he returns to the site, the CAPTCHA would have 
changed?


Can you explain how that works?


It's definitely an interesting field.   I think using the common 
sense techniques you (tedd) have used combined with a better CAPTCHA 
method, you could actually create something fairly user friendly and 
secure.


My vote is still for asking a person to identify images.  A bot is 
going to have a hard time identifying a pig that's photo'd from an 
odd angle and maybe colored blue instead of a standard pig-color.


Not as hard as you might think. You don't have to identify it as a 
pig but rather as the spectral properties that a pig image displays. 
It's like part recognition on an assembly line.



http://www.espgame.org/


That's more the brute force method -- but at some point, it would 
probably work.


Thanks for your review and comments.

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Gnome and MIME types

2007-03-29 Thread Tijnema ! 

On 3/29/07, Nathan Ziarek <[EMAIL PROTECTED]> wrote:

/etc/php5/apache2/php.ini has the uncommented line "safe_mode = Off"

Assuming there isn't another file that can override that setting, my
safe mode is off.

Thanks,

Nate


better check this using phpinfo:


Tijnema


On 3/29/07, Peter Lauri <[EMAIL PROTECTED]> wrote:
> Is php safe mode on or off?
>
> Best regards,
> Peter Lauri
>
> www.dwsasia.com - company web site
> www.lauri.se - personal web site
> www.carbonfree.org.uk - become Carbon Free
>
>
> > -Original Message-
> > From: Nathan Ziarek [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, March 29, 2007 9:30 PM
> > To: php-general@lists.php.net
> > Subject: [PHP] Gnome and MIME types
> >
> > I'm having a hard time getting solid MIME Types of various files.
> >
> > On my Ubuntu/Apache2/PHP5 system, I first attempted to install
> > fileInfo. That didn't go so well (on Safari even running "$finfo =
> > finfo_open(FILEINFO_MIME);" causes it to complain that it lost the
> > network connection; Firefox prompts me to download the file_ and
> > seeing as it is not really ready for release, I thought I should stay
> > away from that.
> >
> > I then tried running "system("file -i -m /usr/share/docs/mim file")"
> > which worked, but file doens't provide very good mime types -- all
> > Microsoft Office Documents returned nothing, for example.
> >
> > I then stumbled upon gnomevfs-info that provided the information I
> > wanted. I don't know what mime database it is using (couldn't find it)
> > but it sure seemed more complete than anything else I had used.
> >
> > Problem is, I can't seem to run it from within a PHP script (system,
> > exec, etc). I used the full path (/usr/bin/gnamevfs-info) so I don't
> > believe that to be the problem, and the page has no errors (I am using
> > error_reporting(E_ALL)).
> >
> > Any tips or suggestions?
> >
> > Thanks!
> >
> > Nate
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Link to download files on another part of system

2007-03-29 Thread Tijnema ! 

On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:

Ave,

This is actually a continuation of my previous ³Show files using Wildcards²
thread, but a different problem.

Code:

   ".basenam
e($value)."";
   }
   ?>

The files I¹m linking to, in order to let the User download them, reside on
a mounted share on my system. They are on in the Apache Web Server htdocs
folder where my website resides. How do I make these files available to
download if they are not in my webserver folder?

Thanks!


A very simple way is to link the
Users/rjohari/Documents/XFER/osm/ESPI/ to some folder inside your www
directory :)

Didn't test it, but it should work though. Else you need to create
some download script. (header, file_get_contents,echo)

Tijnema


~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Link to download files on another part of system

2007-03-29 Thread Rahul Sitaram Johari 

Correction, please disregard previous post:

Ave,

This is actually a continuation of my previous ³Show files using Wildcards²
thread, but a different problem.

Code:

".basenam
e($value)."";
}
?>

The files I¹m linking to, in order to let the User download them, reside on
a mounted share on my system. They are NOT in the Apache Web Server htdocs
folder where my website resides. How do I make these files available to
download if they are not in my webserver folder?

Thanks!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²

Re: [PHP] Gnome and MIME types

2007-03-29 Thread Nathan Ziarek 

/etc/php5/apache2/php.ini has the uncommented line "safe_mode = Off"

Assuming there isn't another file that can override that setting, my
safe mode is off.

Thanks,

Nate

On 3/29/07, Peter Lauri <[EMAIL PROTECTED]> wrote:

Is php safe mode on or off?

Best regards,
Peter Lauri

www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free


> -Original Message-
> From: Nathan Ziarek [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 9:30 PM
> To: php-general@lists.php.net
> Subject: [PHP] Gnome and MIME types
>
> I'm having a hard time getting solid MIME Types of various files.
>
> On my Ubuntu/Apache2/PHP5 system, I first attempted to install
> fileInfo. That didn't go so well (on Safari even running "$finfo =
> finfo_open(FILEINFO_MIME);" causes it to complain that it lost the
> network connection; Firefox prompts me to download the file_ and
> seeing as it is not really ready for release, I thought I should stay
> away from that.
>
> I then tried running "system("file -i -m /usr/share/docs/mim file")"
> which worked, but file doens't provide very good mime types -- all
> Microsoft Office Documents returned nothing, for example.
>
> I then stumbled upon gnomevfs-info that provided the information I
> wanted. I don't know what mime database it is using (couldn't find it)
> but it sure seemed more complete than anything else I had used.
>
> Problem is, I can't seem to run it from within a PHP script (system,
> exec, etc). I used the full path (/usr/bin/gnamevfs-info) so I don't
> believe that to be the problem, and the page has no errors (I am using
> error_reporting(E_ALL)).
>
> Any tips or suggestions?
>
> Thanks!
>
> Nate
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Link to download files on another part of system

2007-03-29 Thread Rahul Sitaram Johari 
Ave,

This is actually a continuation of my previous ³Show files using Wildcards²
thread, but a different problem.

Code:

".basenam
e($value)."";
}
?>

The files I¹m linking to, in order to let the User download them, reside on
a mounted share on my system. They are on in the Apache Web Server htdocs
folder where my website resides. How do I make these files available to
download if they are not in my webserver folder?

Thanks!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²

Re: [PHP] Date/time format?

2007-03-29 Thread Jason Pruim 
Thanks everyone for your suggestions, it turns out it was a unix time  
stamp and I can get it to parse out a normal date now.


Now... on to the harder part

What I am trying to do is learn... This is kind of just a pet project  
for me to figure out how I can do it. here is how the database is  
laid out:


+---++-+- 
+--+
| user  | day|  
job_name | minutes | sequence |
+---++-+- 
+--+
| root  | 1172466000 | Production & technology Manager | 480  
|0 |
| root  | 1172466000 | Production & technology Manager | 720  
|1 |
| root  | 1172466000 | Production & technology Manager | 750  
|2 |
| root  | 1172466000 | Production & technology Manager | 990  
|3 |


the minutes column is the number of minutes that have passed since  
midnight. the sequence number refers to the sequence that the times  
were entered, meaning that 480 minutes after midnight came before 720  
minutes, which was before 750 minutes which was before 990 minutes.  
What I need to do, is be able to calculate the time between 0 & 1, 2  
& 3, 4 & 5 (there is a total of 6 sequences that could be in here)


here is now the math would like on that particular entry: (480-720) +  
(750-990)=480/60=8 hours.


This is a timecard program that I'm trying to write a report for to  
show the time for the entire month instead of it's default for the  
week. You can see what I have tried live at: raoset.com/tests/ 
oatstest/oats.shtml


the code that I need help with is the math. I have looked but I just  
can't find a clear way to get the info from mysql, into an array in  
php to do the math? Maybe I've been looking at it to long and so I'm  
missing easy stuff?


I have tried this code:
$querytime = mysql_query("select sum(minutes) as t1, sum(sequence) as  
t2 from oats_time");

while($row = mysql_fetch_array($querytime)){
$fulltotal=$row['t1']+$row['t2'];
echo($fulltotal);
}
 but that didn't work the way I wanted it to.

Anyway... Post is long enough to start, so let me know if there is  
other info you need.


Thanks in advance!

--

Jason Pruim
[EMAIL PROTECTED]
Production & Technology Manager
MQC Specialist (2005 certified)
3251 132nd Ave
Holland MI 49424
616.399.2355
www.raoset.com


"America will never be destroyed from the outside. If we falter and lose
our freedoms, it will be because we destroyed ourselves."
 -Abraham Lincoln




smime.p7s
Description: S/MIME cryptographic signature

Re: [PHP] Where is phpm

2007-03-29 Thread Ben Roberts 

Matt Carlson wrote:

I don't know how much of it I have left.  I know that I hacked it up quite a 
bit when I created an irc bot with the php reference manual.  Unfortunately, 
there really isn't an easy way to get function information as such from inside 
of php, without parsing php's website.

The phpdoc stuff wasn't very intuitive on how to parse it, and trying to search for 
"xml php documentation" didn't really help (wy too many results, mostly 
dealing with how to use xml in php).

If you DO find the updated info, I would also love to get a copy, as my hacked 
up version seems to be quite old.



Ah - there is someone out there who knows what I'm talking about! Brilliant.

Yes, I've only come across phpm via Tobias Schlitt's PDV work for vim 
(see http://svn.toby.phpugdo.de/horde/chora/co.php?r=29&f=README.txt).


I think the author of phpm is Håvard Eide (nucleuz) who runs 
http://eide.org/ and appears to have installed Wordpress on the domain 
last November and then not done anything with the site in the meantime. 
Unfortunately this appears to have broken then only link I can find to 
the download of phpm.


If anyone has any further information about this it would be appreciated.

Alternatively, if anyone has any suggestions about how to get PHP 
function lookups in vim using another method


Ben

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Rahul Sitaram Johari 

;)

Point taken!

";
}
?>

:)

Thanks

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²


On 3/29/07 4:58 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:

> DON'T commit suicide mate :)
> 
> What if you one day move the path? ;)
> 
> 
>> -Original Message-
>> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, March 29, 2007 9:54 PM
>> To: Peter Lauri; PHP
>> Subject: Re: [PHP] Show Filename using Wildcards
>> 
>> Ave,
>> 
>> This Works!!
>> 
>> > exec("find /Users/rjohari/Documents/XFER/espi -type f -name
>> ".$row['PHONE']."*.vox", $files);
>> foreach ($files as $value) {
>> echo substr($value,35)."";
>> }
>> ?>
>> 
>> THANKS!
>> 
>> ~~~
>> Rahul Sitaram Johari
>> CEO, Twenty Four Seventy Nine Inc.
>> 
>> W: http://www.rahulsjohari.com
>> E: [EMAIL PROTECTED]
>> 
>> ³I morti non sono piu soli ... The dead are no longer lonely²
>> 
>> 
>> 
>> On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:
>> 
>> 
>>> [Peter Lauri - DWS Asia]
>>> 
>>> Hi,
>>> 
>>> Assuming you are on a linux you could try:
>>> 
>>> exec("find /the/path/to/the/place/where/you/should/start/searching -type
>> f
>>> -name 515515515*.ext", $files);
>>> 
>>> Then the $files will be an array with the found files matching the
>> search.
>>> 
>>> Best regards,
>>> Peter Lauri
>>> 
>>> www.dwsasia.com - company web site
>>> www.lauri.se - personal web site
>>> www.carbonfree.org.uk - become Carbon Free
>>> 
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Re: [PHP] Where is phpm

2007-03-29 Thread Matt Carlson 
I don't know how much of it I have left.  I know that I hacked it up quite a 
bit when I created an irc bot with the php reference manual.  Unfortunately, 
there really isn't an easy way to get function information as such from inside 
of php, without parsing php's website.

The phpdoc stuff wasn't very intuitive on how to parse it, and trying to search 
for "xml php documentation" didn't really help (wy too many results, mostly 
dealing with how to use xml in php).

If you DO find the updated info, I would also love to get a copy, as my hacked 
up version seems to be quite old.

- Original Message 
From: Ben Roberts <[EMAIL PROTECTED]>
To: php-general@lists.php.net
Cc: Ben Roberts <[EMAIL PROTECTED]>
Sent: Thursday, March 29, 2007 1:49:37 PM
Subject: Re: [PHP] Where is phpm

Ben Roberts wrote:
> 
> I'm trying to download the phpm command line PHP documentation widget - 
> all sources I can find point me to http://eide.org/?epc=php but there's 
> nothing available here.
> 
> Does anyone know where I can find phpm please ?
> 
> Thanks
> 
> Ben
> 

Any takers? Has anyone got a copy of phpm they can send to me instead? 
Does anybody know anything about phpm. I'm trying to get vim to lookup 
function references in the PHP manual.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Rahul Sitaram Johari 

Agreed! And definitely modified my code to use basename()

";
}
?>

Thanks!


On 3/29/07 3:58 PM, "Tijnema !" <[EMAIL PROTECTED]> wrote:

> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
>> Ave,
>> 
>> This Works!!
>> 
>>>exec("find /Users/rjohari/Documents/XFER/espi -type f -name
>> ".$row['PHONE']."*.vox", $files);
>>foreach ($files as $value) {
>>echo substr($value,35)."";
>>}
>>?>
>> 
>> THANKS!
> 
> I recommend using basename($value) instead of substr($value,35)
> If the directory changes, the basename would still return valid
> values, while substr wouldn't
> 
> Tijnema
>> 
>> ~~~
>> Rahul Sitaram Johari
>> CEO, Twenty Four Seventy Nine Inc.
>> 
>> W: http://www.rahulsjohari.com
>> E: [EMAIL PROTECTED]
>> 
>> ³I morti non sono piu soli ... The dead are no longer lonely²
>> 
>> 
>> 
>> On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:
>> 
>> 
>>> [Peter Lauri - DWS Asia]
>>> 
>>> Hi,
>>> 
>>> Assuming you are on a linux you could try:
>>> 
>>> exec("find /the/path/to/the/place/where/you/should/start/searching -type f
>>> -name 515515515*.ext", $files);
>>> 
>>> Then the $files will be an array with the found files matching the search.
>>> 
>>> Best regards,
>>> Peter Lauri
>>> 
>>> www.dwsasia.com - company web site
>>> www.lauri.se - personal web site
>>> www.carbonfree.org.uk - become Carbon Free
>>> 
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>> 
>> 
>>

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Tijnema ! 

On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:

2007. 03. 29, csütörtök keltezéssel 21.52-kor Tijnema ! ezt írta:
> On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> > works fine on XP/IE7
> > but still tells me to install some unknown plugin on ubuntu/firefox
> >
> > greets
> > Zoltán Németh
>
> That unknown plugin would probably some audio player.

yes I was sure it is some kind of audio plugin :)
can you tell me exactly what to install?

greets
Zoltán Németh


I have actually no idea, but this might help you:
http://www.boutell.com/newfaq/browser/reinstallquicktime.html

Tijnema


>
> Tijnema
> >
> > 2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta:
> > > Hi gang:
> > >
> > > If you people would be so kind as to review this:
> > >
> > > http://sperling.com/examples/captcha/
> > >
> > > and tell me what you think (ease of use, if it works, security,
> > > etc.), I would appreciate it.
> > >
> > > The point is to be able to get to the "Congratulations" page by
> > > hearing and entering the key. If you can get there some other way or
> > > defeat the process, I sure would like to know about it.
> > >
> > > I've tested this with a couple of dozen blind users and they find no
> > > problems with it. Now, I'll like to test it for the sighted.
> > >
> > > It's mixture of a several languages, but there is php in it, so I
> > > guess it's on topic.
> > >
> > > Cheers,
> > >
> > > tedd
> > >
> > > --
> > > ---
> > > http://sperling.com  http://ancientstones.com  http://earthstones.com
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Rahul Sitaram Johari 

Awesome!! This Works!!

";
}
?>

THANKS!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

“I morti non sono piu soli ... The dead are no longer lonely”



On 3/29/07 3:52 PM, "Ben Roberts" <[EMAIL PROTECTED]> wrote:

> Rahul Sitaram Johari wrote:
> 
>> So I have to accomplish two things:
>> 
>> 1. I have to eliminate the filepath from the result
>> 2. I need to specify the variable that holds the phone number, (like
>> $row[ŒPHONE¹]) instead of the actual phone number in the ³exec² command.
>> 
>> Thanks!! Much Appreciated!
>> 
> 
> To get the filename component without the path, just use the basename()
> function:
> 
> $file = basename($path);
> 
> Ben

RE: [PHP] Show Filename using Wildcards

2007-03-29 Thread Peter Lauri 
DON'T commit suicide mate :)

What if you one day move the path? ;)


> -Original Message-
> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 9:54 PM
> To: Peter Lauri; PHP
> Subject: Re: [PHP] Show Filename using Wildcards
> 
> Ave,
> 
> This Works!!
> 
>  exec("find /Users/rjohari/Documents/XFER/espi -type f -name
> ".$row['PHONE']."*.vox", $files);
> foreach ($files as $value) {
> echo substr($value,35)."";
> }
> ?>
> 
> THANKS!
> 
> ~~~
> Rahul Sitaram Johari
> CEO, Twenty Four Seventy Nine Inc.
> 
> W: http://www.rahulsjohari.com
> E: [EMAIL PROTECTED]
> 
> ³I morti non sono piu soli ... The dead are no longer lonely²
> 
> 
> 
> On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:
> 
> 
> > [Peter Lauri - DWS Asia]
> >
> > Hi,
> >
> > Assuming you are on a linux you could try:
> >
> > exec("find /the/path/to/the/place/where/you/should/start/searching -type
> f
> > -name 515515515*.ext", $files);
> >
> > Then the $files will be an array with the found files matching the
> search.
> >
> > Best regards,
> > Peter Lauri
> >
> > www.dwsasia.com - company web site
> > www.lauri.se - personal web site
> > www.carbonfree.org.uk - become Carbon Free
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Tijnema ! 

On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:

Ave,

This Works!!

   ";
   }
   ?>

THANKS!


I recommend using basename($value) instead of substr($value,35)
If the directory changes, the basename would still return valid
values, while substr wouldn't

Tijnema


~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²



On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:


> [Peter Lauri - DWS Asia]
>
> Hi,
>
> Assuming you are on a linux you could try:
>
> exec("find /the/path/to/the/place/where/you/should/start/searching -type f
> -name 515515515*.ext", $files);
>
> Then the $files will be an array with the found files matching the search.
>
> Best regards,
> Peter Lauri
>
> www.dwsasia.com - company web site
> www.lauri.se - personal web site
> www.carbonfree.org.uk - become Carbon Free
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Zoltán Németh 
2007. 03. 29, csütörtök keltezéssel 21.52-kor Tijnema ! ezt írta:
> On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:
> > works fine on XP/IE7
> > but still tells me to install some unknown plugin on ubuntu/firefox
> >
> > greets
> > Zoltán Németh
> 
> That unknown plugin would probably some audio player.

yes I was sure it is some kind of audio plugin :)
can you tell me exactly what to install?

greets
Zoltán Németh

> 
> Tijnema
> >
> > 2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta:
> > > Hi gang:
> > >
> > > If you people would be so kind as to review this:
> > >
> > > http://sperling.com/examples/captcha/
> > >
> > > and tell me what you think (ease of use, if it works, security,
> > > etc.), I would appreciate it.
> > >
> > > The point is to be able to get to the "Congratulations" page by
> > > hearing and entering the key. If you can get there some other way or
> > > defeat the process, I sure would like to know about it.
> > >
> > > I've tested this with a couple of dozen blind users and they find no
> > > problems with it. Now, I'll like to test it for the sighted.
> > >
> > > It's mixture of a several languages, but there is php in it, so I
> > > guess it's on topic.
> > >
> > > Cheers,
> > >
> > > tedd
> > >
> > > --
> > > ---
> > > http://sperling.com  http://ancientstones.com  http://earthstones.com
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Show Filename using Wildcards

2007-03-29 Thread Peter Lauri 
Just do something like:

$fileswithoutdir = array();
foreach($files AS $file) {
$fileswithoutdir[] = basename($file);
}

Voila...

Or you could do it more complicated in the foreach loop (but not
recommended):
$fileswithoutdir[] = preg_replace("/^.*\/(\d+\.vox)$/", "$1",
$file);

/Peter


> -Original Message-
> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 9:49 PM
> To: Peter Lauri; PHP
> Subject: Re: [PHP] Show Filename using Wildcards
> 
> 
> Peter,
> 
> Believe it or not, but this is actually working. I'm on a Mac OS X, which
> is
> linux underneath, so I was hopeful about the command you provided. I ran
> this code:
> 
> exec("find /Users/rjohari/Documents/XFER/espi/ -type f -name
> 33*.vox", $files);
> foreach ($files as $value) {
> echo "$value";
> }
> 
> And it listed all the files that began with that provided phone number.
> The only problem is, It¹s printing out the path with it too. So what¹s is
> giving me is:
> 
> /Users/rjohari/Documents/XFER/espi/331123.vox
> /Users/rjohari/Documents/XFER/espi/334567.vox
> 
> So I have to accomplish two things:
> 
> 1. I have to eliminate the filepath from the result
> 2. I need to specify the variable that holds the phone number, (like
> $row[ŒPHONE¹]) instead of the actual phone number in the ³exec² command.
> 
> Thanks!! Much Appreciated!
> 
> ~~~
> Rahul Sitaram Johari
> CEO, Twenty Four Seventy Nine Inc.
> 
> W: http://www.rahulsjohari.com
> E: [EMAIL PROTECTED]
> 
> ³I morti non sono piu soli ... The dead are no longer lonely²
> 
> 
> On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:
> 
> >> -Original Message-
> >> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
> >> Sent: Thursday, March 29, 2007 9:12 PM
> >> To: PHP
> >> Subject: [PHP] Show Filename using Wildcards
> >>
> >> Ave,
> >>
> >> I have a script where I have to provide a Download Link to a file
> >> associated
> >> with a record. The common thing between the record & filename is the
> phone
> >> number. But the filenames have dates & other symbols besides the phone
> >> number as well. They all do begin with a phone number though.
> >>
> >> How can I match a filename with a record using wildcards?
> >> For example, let¹s say someone pulls up a record for phone field:
> >> 515515515
> >> The files associated with this record could be 515515515031307 or
> >> 5155155150325T(2).
> >>
> >> So you can see the filenames do begin the phone number in the record,
> but
> >> they contain additional chars. What I need is something that can pull
> up
> >> all
> >> 515515515*.ext
> >>
> >> Can I do this in PHP?
> >>
> >> Thanks!
> >>
> >
> > [Peter Lauri - DWS Asia]
> >
> > Hi,
> >
> > Assuming you are on a linux you could try:
> >
> > exec("find /the/path/to/the/place/where/you/should/start/searching -type
> f
> > -name 515515515*.ext", $files);
> >
> > Then the $files will be an array with the found files matching the
> search.
> >
> > Best regards,
> > Peter Lauri
> >
> > www.dwsasia.com - company web site
> > www.lauri.se - personal web site
> > www.carbonfree.org.uk - become Carbon Free
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Rahul Sitaram Johari 
Ave,

This Works!!

";
}
?>

THANKS!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²



On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:


> [Peter Lauri - DWS Asia]
> 
> Hi,
> 
> Assuming you are on a linux you could try:
> 
> exec("find /the/path/to/the/place/where/you/should/start/searching -type f
> -name 515515515*.ext", $files);
> 
> Then the $files will be an array with the found files matching the search.
> 
> Best regards,
> Peter Lauri
> 
> www.dwsasia.com - company web site
> www.lauri.se - personal web site
> www.carbonfree.org.uk - become Carbon Free
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Ben Roberts 

Rahul Sitaram Johari wrote:


So I have to accomplish two things:

1. I have to eliminate the filepath from the result
2. I need to specify the variable that holds the phone number, (like
$row[ŒPHONE¹]) instead of the actual phone number in the ³exec² command.

Thanks!! Much Appreciated!



To get the filename component without the path, just use the basename() 
function:


$file = basename($path);

Ben

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Tijnema ! 

On 3/29/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:

works fine on XP/IE7
but still tells me to install some unknown plugin on ubuntu/firefox

greets
Zoltán Németh


That unknown plugin would probably some audio player.

Tijnema


2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta:
> Hi gang:
>
> If you people would be so kind as to review this:
>
> http://sperling.com/examples/captcha/
>
> and tell me what you think (ease of use, if it works, security,
> etc.), I would appreciate it.
>
> The point is to be able to get to the "Congratulations" page by
> hearing and entering the key. If you can get there some other way or
> defeat the process, I sure would like to know about it.
>
> I've tested this with a couple of dozen blind users and they find no
> problems with it. Now, I'll like to test it for the sighted.
>
> It's mixture of a several languages, but there is php in it, so I
> guess it's on topic.
>
> Cheers,
>
> tedd
>
> --
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Zoltán Németh 
works fine on XP/IE7
but still tells me to install some unknown plugin on ubuntu/firefox

greets
Zoltán Németh

2007. 03. 29, csütörtök keltezéssel 12.41-kor tedd ezt írta:
> Hi gang:
> 
> If you people would be so kind as to review this:
> 
> http://sperling.com/examples/captcha/
> 
> and tell me what you think (ease of use, if it works, security, 
> etc.), I would appreciate it.
> 
> The point is to be able to get to the "Congratulations" page by 
> hearing and entering the key. If you can get there some other way or 
> defeat the process, I sure would like to know about it.
> 
> I've tested this with a couple of dozen blind users and they find no 
> problems with it. Now, I'll like to test it for the sighted.
> 
> It's mixture of a several languages, but there is php in it, so I 
> guess it's on topic.
> 
> Cheers,
> 
> tedd
> 
> -- 
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Rahul Sitaram Johari 

Peter,

Believe it or not, but this is actually working. I'm on a Mac OS X, which is
linux underneath, so I was hopeful about the command you provided. I ran
this code:

exec("find /Users/rjohari/Documents/XFER/espi/ -type f -name
33*.vox", $files);
foreach ($files as $value) {
echo "$value";
}

And it listed all the files that began with that provided phone number.
The only problem is, It¹s printing out the path with it too. So what¹s is
giving me is:

/Users/rjohari/Documents/XFER/espi/331123.vox
/Users/rjohari/Documents/XFER/espi/334567.vox

So I have to accomplish two things:

1. I have to eliminate the filepath from the result
2. I need to specify the variable that holds the phone number, (like
$row[ŒPHONE¹]) instead of the actual phone number in the ³exec² command.

Thanks!! Much Appreciated!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²


On 3/29/07 4:31 PM, "Peter Lauri" <[EMAIL PROTECTED]> wrote:

>> -Original Message-
>> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, March 29, 2007 9:12 PM
>> To: PHP
>> Subject: [PHP] Show Filename using Wildcards
>> 
>> Ave,
>> 
>> I have a script where I have to provide a Download Link to a file
>> associated
>> with a record. The common thing between the record & filename is the phone
>> number. But the filenames have dates & other symbols besides the phone
>> number as well. They all do begin with a phone number though.
>> 
>> How can I match a filename with a record using wildcards?
>> For example, let¹s say someone pulls up a record for phone field:
>> 515515515
>> The files associated with this record could be 515515515031307 or
>> 5155155150325T(2).
>> 
>> So you can see the filenames do begin the phone number in the record, but
>> they contain additional chars. What I need is something that can pull up
>> all
>> 515515515*.ext
>> 
>> Can I do this in PHP?
>> 
>> Thanks!
>> 
> 
> [Peter Lauri - DWS Asia]
> 
> Hi,
> 
> Assuming you are on a linux you could try:
> 
> exec("find /the/path/to/the/place/where/you/should/start/searching -type f
> -name 515515515*.ext", $files);
> 
> Then the $files will be an array with the found files matching the search.
> 
> Best regards,
> Peter Lauri
> 
> www.dwsasia.com - company web site
> www.lauri.se - personal web site
> www.carbonfree.org.uk - become Carbon Free
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Tijnema ! 

On 3/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

Not bad. Seems to work nicely.  No "OMGWTF!" obvious slips like naming the MP3 
with the digits the user needs to enter.

Worked fine in Firefox 1.5 too. Sometimes when audio is embedded in a page, it 
tries to load Windows Media Player or something which doesn't always work well 
in Firefox without some tweaking.  But your implementation worked fine without 
any weirdness.

Now.. on to the criticism.  Keeping in mind, you're welcome to use whatever you 
want to use and exercises like this are always good for the practice and 
experience if anything else.  Also, some of this is my opinion which you're 
welcome to ignore.

1. My biggest fear when relying on an audio CAPTCHA system is if the users 
doesn't have sound.  No speakers, or can't play stuff at the office or 
something like that.  I keep my system muted at work unless I'm playing music 
because some websites have dumb little flash things that make sounds and I 
don't feel like explaining what I'm surfing to my coworkers constantly.  And 
just out of a general courtesy to them not to create undue distractions in the 
office.

2. What you've created is a relatively simplistic audio captcha that HAS to be really 
succeptible to speech recognition.  Spammers have gotten used to visual CAPTHCA so maybe 
they're not going to focus too much on detecting and breaking audio CAPTCHA, but that 
still comes down to "security through obscurity" which isn't a good practice.

Here's some open source Linux-based speech recognition software that could be 
used to turn your audio into the proper digits:

http://freespeech.sourceforge.net/
http://cmusphinx.sourceforge.net/html/cmusphinx.php

Once they had the software set up. Then they just have to fake the "Speak Key" submit and 
grab the "tmp/access.mp3?##" out of phone.php (submitting proper cookie/session 
data) and that's it.

In the couple minutes I took to search for some examples, I found some 
interesting links:

PWNtcha - http://sam.zoy.org/pwntcha/ - CAPTCHA defeating project.  Focused on 
image captcha, but they give examples of different systems and which ones are 
hard and which ones are easy to break. WARNING: One of the images used is NSFW, 
but it's kind of subtle. I didn't notice it at first.  So make sure nobody's 
looking over your shoulder first lookover.  It's more than 1/2way down the page 
and I think the rest of the data on the page is worth the risk.

W3C's recommendations for alternatives to visual CAPTCHA/turing tests:
http://www.w3.org/TR/turingtest/

And because you can't do anything on the internet without bumping into adult 
material. Don't worry, this is safe... no pics or bad words, just an article 
about using porn sites to break visual CAPTCHA.  The spambots would take your 
visual CAPTCHA images and post it to their site which offers users free porn if 
they pass the CAPTCHA. And there's no lack of people wanting free porn so 
sounds like it was fairly effective:
http://www.boingboing.net/2004/01/27/solving_and_creating.html

It's definitely an interesting field.   I think using the common sense 
techniques you (tedd) have used combined with a better CAPTCHA method, you 
could actually create something fairly user friendly and secure.

My vote is still for asking a person to identify images.  A bot is going to 
have a hard time identifying a pig that's photo'd from an odd angle and maybe 
colored blue instead of a standard pig-color.

Oh wait.. someone's working on breaking that kind of CAPTCHA too.  Again using regular humans.  Apparently 
The ESP Game is based on the concept of breaking this kind of CAPTCHA.  Post the images and have people fill 
in key words that help classify the image.   So that blue pig might end up in a database labeled as 
"blue" and "pig" and "farm" or something anyway.

http://www.espgame.org/

There's no winning. hah

-TG


You're maybe on the right path, adding images as the background makes
it really hard to read the code from the image. You could for example
use random images as background.

But i have to say that breaking something isn't needed always,
re-using a human passed protection is a way to break through a lot of
things.

For example, i would go to the page and save the number that the
CAPTCHA passed to my session. Then i would write down the code that i
need to enter. So, next time i need to pass, i set the session value
to the one i got first time, and i enter same code. Works for most
CAPTCHA programs :) Didn't test it out on your audio CAPTCHA yet, but
you really should care about a timeout for the session variable used.

We didn't see your script yet, so i don't know what extra security you
added. But it's good to have these things in mind.

Tijnema


= = = Original message = = =

Hi gang:

If you people would be so kind as to review this:

http://sperling.com/examples/captcha/

and tell me what you think (ease of use, if it works, security,
etc.), I would appreciate it.

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread tedd 

At 2:02 PM -0400 3/29/07, Jason Pruim wrote:
Just a really quick check right now is all I have time for, but it 
looks good. The one thing you could do (And this is personal 
preference) Mark on it that they can replay the code if they didn't 
hear it the first time. I am in a loud environment at times and 
can't always hear things the first time.


But like i said, personal preference :)


Just click the "Speak Key" again -- it will repeat the same key as 
many times as you want.


http://sperling.com/examples/captcha/

If you want a new key, just refresh the page.

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Brad Bonkoski 

Rahul Sitaram Johari wrote:

Ave,

Yes well, I did kind of figure out that I have to scan through contents of a
directory, pull up a file list, and then do some kind of pattern matching to
narrow down to the files I need. But at this moment I'm kinda struggling
with the directory & file functions - haven't really dwelled into those
deeply before. 
  

Good place to start:
http://www.php.net/manual/en/function.opendir.php
Some good examples on getting contents of a directory...
-B


But yes, your suggestions seem more then likely what I'll be hitting at some
stage. 


Thanks.


On 3/29/07 3:22 PM, "Brad Bonkoski" <[EMAIL PROTECTED]> wrote:


  

I'm sure there are many options...
I'm also assuming you are pulling from a file system and not a database...
So, loop through the directory and do something like this:
$phone_num = XXX
$cur_file = xxx
if( strncmp($phone_num, $cur_file, strlen($phone_num)) == 0 )
//Matches
else
//No Match

Ref: http://us3.php.net/manual/en/function.strncmp.php
(for case insensitive:
http://us3.php.net/manual/en/function.strncasecmp.php)
-B





  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Gnome and MIME types

2007-03-29 Thread Peter Lauri 
Is php safe mode on or off?

Best regards,
Peter Lauri

www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free


> -Original Message-
> From: Nathan Ziarek [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 9:30 PM
> To: php-general@lists.php.net
> Subject: [PHP] Gnome and MIME types
> 
> I'm having a hard time getting solid MIME Types of various files.
> 
> On my Ubuntu/Apache2/PHP5 system, I first attempted to install
> fileInfo. That didn't go so well (on Safari even running "$finfo =
> finfo_open(FILEINFO_MIME);" causes it to complain that it lost the
> network connection; Firefox prompts me to download the file_ and
> seeing as it is not really ready for release, I thought I should stay
> away from that.
> 
> I then tried running "system("file -i -m /usr/share/docs/mim file")"
> which worked, but file doens't provide very good mime types -- all
> Microsoft Office Documents returned nothing, for example.
> 
> I then stumbled upon gnomevfs-info that provided the information I
> wanted. I don't know what mime database it is using (couldn't find it)
> but it sure seemed more complete than anything else I had used.
> 
> Problem is, I can't seem to run it from within a PHP script (system,
> exec, etc). I used the full path (/usr/bin/gnamevfs-info) so I don't
> believe that to be the problem, and the page has no errors (I am using
> error_reporting(E_ALL)).
> 
> Any tips or suggestions?
> 
> Thanks!
> 
> Nate
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Rahul Sitaram Johari 
Ave,

Yes well, I did kind of figure out that I have to scan through contents of a
directory, pull up a file list, and then do some kind of pattern matching to
narrow down to the files I need. But at this moment I'm kinda struggling
with the directory & file functions - haven't really dwelled into those
deeply before. 

But yes, your suggestions seem more then likely what I'll be hitting at some
stage. 

Thanks.


On 3/29/07 3:22 PM, "Brad Bonkoski" <[EMAIL PROTECTED]> wrote:


> I'm sure there are many options...
> I'm also assuming you are pulling from a file system and not a database...
> So, loop through the directory and do something like this:
> $phone_num = XXX
> $cur_file = xxx
> if( strncmp($phone_num, $cur_file, strlen($phone_num)) == 0 )
> //Matches
> else
> //No Match
> 
> Ref: http://us3.php.net/manual/en/function.strncmp.php
> (for case insensitive:
> http://us3.php.net/manual/en/function.strncasecmp.php)
> -B

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Show Filename using Wildcards

2007-03-29 Thread Peter Lauri 
> -Original Message-
> From: Rahul Sitaram Johari [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 9:12 PM
> To: PHP
> Subject: [PHP] Show Filename using Wildcards
> 
> Ave,
> 
> I have a script where I have to provide a Download Link to a file
> associated
> with a record. The common thing between the record & filename is the phone
> number. But the filenames have dates & other symbols besides the phone
> number as well. They all do begin with a phone number though.
> 
> How can I match a filename with a record using wildcards?
> For example, let¹s say someone pulls up a record for phone field:
> 515515515
> The files associated with this record could be 515515515031307 or
> 5155155150325T(2).
> 
> So you can see the filenames do begin the phone number in the record, but
> they contain additional chars. What I need is something that can pull up
> all
> 515515515*.ext
> 
> Can I do this in PHP?
> 
> Thanks!
> 

[Peter Lauri - DWS Asia] 

Hi,

Assuming you are on a linux you could try:

exec("find /the/path/to/the/place/where/you/should/start/searching -type f
-name 515515515*.ext", $files);

Then the $files will be an array with the found files matching the search.

Best regards,
Peter Lauri

www.dwsasia.com - company web site
www.lauri.se - personal web site
www.carbonfree.org.uk - become Carbon Free

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Gnome and MIME types

2007-03-29 Thread Nathan Ziarek 

I'm having a hard time getting solid MIME Types of various files.

On my Ubuntu/Apache2/PHP5 system, I first attempted to install
fileInfo. That didn't go so well (on Safari even running "$finfo =
finfo_open(FILEINFO_MIME);" causes it to complain that it lost the
network connection; Firefox prompts me to download the file_ and
seeing as it is not really ready for release, I thought I should stay
away from that.

I then tried running "system("file -i -m /usr/share/docs/mim file")"
which worked, but file doens't provide very good mime types -- all
Microsoft Office Documents returned nothing, for example.

I then stumbled upon gnomevfs-info that provided the information I
wanted. I don't know what mime database it is using (couldn't find it)
but it sure seemed more complete than anything else I had used.

Problem is, I can't seem to run it from within a PHP script (system,
exec, etc). I used the full path (/usr/bin/gnamevfs-info) so I don't
believe that to be the problem, and the page has no errors (I am using
error_reporting(E_ALL)).

Any tips or suggestions?

Thanks!

Nate

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Show Filename using Wildcards

2007-03-29 Thread Brad Bonkoski 

Rahul Sitaram Johari wrote:

Ave,

I have a script where I have to provide a Download Link to a file associated
with a record. The common thing between the record & filename is the phone
number. But the filenames have dates & other symbols besides the phone
number as well. They all do begin with a phone number though.

How can I match a filename with a record using wildcards?
For example, let¹s say someone pulls up a record for phone field: 515515515
The files associated with this record could be 515515515031307 or
5155155150325T(2). 


So you can see the filenames do begin the phone number in the record, but
they contain additional chars. What I need is something that can pull up all
515515515*.ext

Can I do this in PHP?
  

I'm sure there are many options...
I'm also assuming you are pulling from a file system and not a database...
So, loop through the directory and do something like this:
$phone_num = XXX
$cur_file = xxx
if( strncmp($phone_num, $cur_file, strlen($phone_num)) == 0 )
   //Matches
else
   //No Match

Ref: http://us3.php.net/manual/en/function.strncmp.php
(for case insensitive: 
http://us3.php.net/manual/en/function.strncasecmp.php)

-B

Thanks!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²


  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Show Filename using Wildcards

2007-03-29 Thread Rahul Sitaram Johari 
Ave,

I have a script where I have to provide a Download Link to a file associated
with a record. The common thing between the record & filename is the phone
number. But the filenames have dates & other symbols besides the phone
number as well. They all do begin with a phone number though.

How can I match a filename with a record using wildcards?
For example, let¹s say someone pulls up a record for phone field: 515515515
The files associated with this record could be 515515515031307 or
5155155150325T(2). 

So you can see the filenames do begin the phone number in the record, but
they contain additional chars. What I need is something that can pull up all
515515515*.ext

Can I do this in PHP?

Thanks!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Jason Pruim 
No, it replayed just fine. It just didn't seem to me to be obvious  
that hitting the "speak" button would replay the same code that I may  
have missed a digit out of.


But then again, I've been trying to figure out how to do math with  
PHP and MySql all day so my brain is totally fried :P



On Mar 29, 2007, at 2:36 PM, <[EMAIL PROTECTED]> [EMAIL PROTECTED]> wrote:


It played the same sequence for me when I re-clicked the Play  
button.. until I went away for a min or two and my session probably  
timed out.  Did it not play the same sequence for you?


-TG

= = = Original message = = =

Just a really quick check right now is all I have time for, but it
looks good. The one thing you could do (And this is personal
preference) Mark on it that they can replay the code if they didn't
hear it the first time. I am in a loud environment at times and can't
always hear things the first time.

But like i said, personal preference :)



On Mar 29, 2007, at 12:41 PM, tedd wrote:


Hi gang:

If you people would be so kind as to review this:

http://sperling.com/examples/captcha/

and tell me what you think (ease of use, if it works, security,
etc.), I would appreciate it.

The point is to be able to get to the "Congratulations" page by
hearing and entering the key. If you can get there some other way
or defeat the process, I sure would like to know about it.

I've tested this with a couple of dozen blind users and they find
no problems with it. Now, I'll like to test it for the sighted.

It's mixture of a several languages, but there is php in it, so I
guess it's on topic.

Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--

Jason Pruim
[EMAIL PROTECTED]
Production & Technology Manager
MQC Specialist (2005 certified)
3251 132nd Ave
Holland MI 49424
616.399.2355
www.raoset.com


"We hold these truths to be self-evident. That all men are created
equal, that they are endowed by their creator with certain
unalienable rights, (and) that among these are Life, Liberty, and the
pursuit of Happiness."


___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--

Jason Pruim
[EMAIL PROTECTED]
Production & Technology Manager
MQC Specialist (2005 certified)
3251 132nd Ave
Holland MI 49424
616.399.2355
www.raoset.com


"But when a long train of abuses and usurpations, pursuing invariably  
the same Object evinces a design to reduce them under absolute  
Despotism, it is their right, it is their duty, to throw off such  
Government, and to provide new Guards for their future security."




smime.p7s
Description: S/MIME cryptographic signature

Re: [PHP] Where is phpm

2007-03-29 Thread Ben Roberts 

Ben Roberts wrote:


I'm trying to download the phpm command line PHP documentation widget - 
all sources I can find point me to http://eide.org/?epc=php but there's 
nothing available here.


Does anyone know where I can find phpm please ?

Thanks

Ben



Any takers? Has anyone got a copy of phpm they can send to me instead? 
Does anybody know anything about phpm. I'm trying to get vim to lookup 
function references in the PHP manual.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread tg-php 
Not bad. Seems to work nicely.  No "OMGWTF!" obvious slips like naming the MP3 
with the digits the user needs to enter.

Worked fine in Firefox 1.5 too. Sometimes when audio is embedded in a page, it 
tries to load Windows Media Player or something which doesn't always work well 
in Firefox without some tweaking.  But your implementation worked fine without 
any weirdness.

Now.. on to the criticism.  Keeping in mind, you're welcome to use whatever you 
want to use and exercises like this are always good for the practice and 
experience if anything else.  Also, some of this is my opinion which you're 
welcome to ignore.

1. My biggest fear when relying on an audio CAPTCHA system is if the users 
doesn't have sound.  No speakers, or can't play stuff at the office or 
something like that.  I keep my system muted at work unless I'm playing music 
because some websites have dumb little flash things that make sounds and I 
don't feel like explaining what I'm surfing to my coworkers constantly.  And 
just out of a general courtesy to them not to create undue distractions in the 
office.

2. What you've created is a relatively simplistic audio captcha that HAS to be 
really succeptible to speech recognition.  Spammers have gotten used to visual 
CAPTHCA so maybe they're not going to focus too much on detecting and breaking 
audio CAPTCHA, but that still comes down to "security through obscurity" which 
isn't a good practice.

Here's some open source Linux-based speech recognition software that could be 
used to turn your audio into the proper digits:

http://freespeech.sourceforge.net/
http://cmusphinx.sourceforge.net/html/cmusphinx.php

Once they had the software set up. Then they just have to fake the "Speak Key" 
submit and grab the "tmp/access.mp3?##" out of phone.php (submitting 
proper cookie/session data) and that's it.

In the couple minutes I took to search for some examples, I found some 
interesting links:

PWNtcha - http://sam.zoy.org/pwntcha/ - CAPTCHA defeating project.  Focused on 
image captcha, but they give examples of different systems and which ones are 
hard and which ones are easy to break. WARNING: One of the images used is NSFW, 
but it's kind of subtle. I didn't notice it at first.  So make sure nobody's 
looking over your shoulder first lookover.  It's more than 1/2way down the page 
and I think the rest of the data on the page is worth the risk.

W3C's recommendations for alternatives to visual CAPTCHA/turing tests:
http://www.w3.org/TR/turingtest/

And because you can't do anything on the internet without bumping into adult 
material. Don't worry, this is safe... no pics or bad words, just an article 
about using porn sites to break visual CAPTCHA.  The spambots would take your 
visual CAPTCHA images and post it to their site which offers users free porn if 
they pass the CAPTCHA. And there's no lack of people wanting free porn so 
sounds like it was fairly effective:
http://www.boingboing.net/2004/01/27/solving_and_creating.html

It's definitely an interesting field.   I think using the common sense 
techniques you (tedd) have used combined with a better CAPTCHA method, you 
could actually create something fairly user friendly and secure.

My vote is still for asking a person to identify images.  A bot is going to 
have a hard time identifying a pig that's photo'd from an odd angle and maybe 
colored blue instead of a standard pig-color.

Oh wait.. someone's working on breaking that kind of CAPTCHA too.  Again using 
regular humans.  Apparently The ESP Game is based on the concept of breaking 
this kind of CAPTCHA.  Post the images and have people fill in key words that 
help classify the image.   So that blue pig might end up in a database labeled 
as "blue" and "pig" and "farm" or something anyway.

http://www.espgame.org/

There's no winning. hah

-TG

= = = Original message = = =

Hi gang:

If you people would be so kind as to review this:

http://sperling.com/examples/captcha/

and tell me what you think (ease of use, if it works, security, 
etc.), I would appreciate it.

The point is to be able to get to the "Congratulations" page by 
hearing and entering the key. If you can get there some other way or 
defeat the process, I sure would like to know about it.

I've tested this with a couple of dozen blind users and they find no 
problems with it. Now, I'll like to test it for the sighted.

It's mixture of a several languages, but there is php in it, so I 
guess it's on topic.

Cheers,

tedd

-- 
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread tg-php 
It played the same sequence for me when I re-clicked the Play button.. until I 
went away for a min or two and my session probably timed out.  Did it not play 
the same sequence for you?

-TG

= = = Original message = = =

Just a really quick check right now is all I have time for, but it  
looks good. The one thing you could do (And this is personal  
preference) Mark on it that they can replay the code if they didn't  
hear it the first time. I am in a loud environment at times and can't  
always hear things the first time.

But like i said, personal preference :)



On Mar 29, 2007, at 12:41 PM, tedd wrote:

> Hi gang:
>
> If you people would be so kind as to review this:
>
> http://sperling.com/examples/captcha/
>
> and tell me what you think (ease of use, if it works, security,  
> etc.), I would appreciate it.
>
> The point is to be able to get to the "Congratulations" page by  
> hearing and entering the key. If you can get there some other way  
> or defeat the process, I sure would like to know about it.
>
> I've tested this with a couple of dozen blind users and they find  
> no problems with it. Now, I'll like to test it for the sighted.
>
> It's mixture of a several languages, but there is php in it, so I  
> guess it's on topic.
>
> Cheers,
>
> tedd
>
> -- 
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 

Jason Pruim
[EMAIL PROTECTED]
Production & Technology Manager
MQC Specialist (2005 certified)
3251 132nd Ave
Holland MI 49424
616.399.2355
www.raoset.com


"We hold these truths to be self-evident. That all men are created  
equal, that they are endowed by their creator with certain  
unalienable rights, (and) that among these are Life, Liberty, and the  
pursuit of Happiness."


___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] pdo::lastInsertId() error with SQL Server

2007-03-29 Thread Dan Shirah 

use scope_identity() if you're using MS SQL Server 2000 or newer.

scope_identity slects the last id within your current scope (The last record
you entered in your current session)


On 3/29/07, Sady Marcos <[EMAIL PROTECTED]> wrote:



hey..
I am not obtaining use the function pdo::lastInsertId() with sql
My code:

$db = new PDO("mssql:host=host;dbname=database","user","password");
$sql = "INSERT INTO users(name,status) VALUES('username','1)";
$db->query($sql);
$db->lastInsertId();

Error:

SQLSTATE[IM001]: Driver does not support this function: driver does not
support lastInsertId()

This is true?
The only way would be executing query "SELECT @@IDENTITY as Id" ?

Thanks for help

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Jason Pruim 
Just a really quick check right now is all I have time for, but it  
looks good. The one thing you could do (And this is personal  
preference) Mark on it that they can replay the code if they didn't  
hear it the first time. I am in a loud environment at times and can't  
always hear things the first time.


But like i said, personal preference :)



On Mar 29, 2007, at 12:41 PM, tedd wrote:


Hi gang:

If you people would be so kind as to review this:

http://sperling.com/examples/captcha/

and tell me what you think (ease of use, if it works, security,  
etc.), I would appreciate it.


The point is to be able to get to the "Congratulations" page by  
hearing and entering the key. If you can get there some other way  
or defeat the process, I sure would like to know about it.


I've tested this with a couple of dozen blind users and they find  
no problems with it. Now, I'll like to test it for the sighted.


It's mixture of a several languages, but there is php in it, so I  
guess it's on topic.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--

Jason Pruim
[EMAIL PROTECTED]
Production & Technology Manager
MQC Specialist (2005 certified)
3251 132nd Ave
Holland MI 49424
616.399.2355
www.raoset.com


"We hold these truths to be self-evident. That all men are created  
equal, that they are endowed by their creator with certain  
unalienable rights, (and) that among these are Life, Liberty, and the  
pursuit of Happiness."





smime.p7s
Description: S/MIME cryptographic signature

[PHP] pdo::lastInsertId() error with SQL Server

2007-03-29 Thread Sady Marcos 

hey..
I am not obtaining use the function pdo::lastInsertId() with sql
My code:

$db = new PDO("mssql:host=host;dbname=database","user","password");
$sql = "INSERT INTO users(name,status) VALUES('username','1)";
$db->query($sql);
$db->lastInsertId();

Error:

SQLSTATE[IM001]: Driver does not support this function: driver does not 
support lastInsertId()

This is true?
The only way would be executing query "SELECT @@IDENTITY as Id" ?

Thanks for help 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] link on user uploaded pic

2007-03-29 Thread Brad Fuller 
> -Original Message-
> From: Brad Fuller [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 1:24 PM
> To: 'Tana'; php-general@lists.php.net
> Subject: RE: [PHP] link on user uploaded pic
> 
> > -Original Message-
> > From: Tana [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, March 29, 2007 1:02 PM
> > To: php-general@lists.php.net
> > Subject: [PHP] link on user uploaded pic
> >
> > Hi
> >
> >  which is the best way to change this code
> >
> >  
> >
> > to
> >
> >   >  src="images/user_upload/akarmi.jpg">
> >
> > in html ?
> >
> >
> >  
> >  Tana
> 
> 
>  
> $imgTag = '';
> 
> echo preg_replace('//', ' href="images/user_upload/bp_$1">',
> $imgTag);
> 
> ?>
> 
> -B

Oops, in that last post part of that code is redundant (forgot about $0 ;)

';

echo preg_replace('//', '$0', $imgTag);

?>

Enjoy,

-B

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Tijnema ! 

  It worked for you, Tij?



My guess, then, since it's timing out, is it must be our corporate firewall 
blocking
MP3s on my end.  In which case, disregard my reponses with extreme prejudice.

Yes it worked for me, it probably is a firewall, because it works for Jake too.

On 3/29/07, Jake McHenry <[EMAIL PROTECTED]> wrote:

Looks good to me... Had to use my laptop since none of my office sets have
speakers, tested it, tried bunch of stuff and it only let me in when I typed
in the code... So seems good :)

Jake


Yes, it's nice made, i see you didn't stored anything in sessions
except PHPSESSID, which you probably use to verify the code entered.
Atleast, that's what i think, i hope you didn't use IP ;)

But, this is crackable. To crack this, the cracker should get the
audio file from the server, and parse it. Since you use the same audio
piece for each number, you should get the voice part of each number,
and then parse the downloaded file and check which number it matches
:)

It won't be easy, and probably not everyone is able to crack this. But
it is possible :) If you don't believe me, i am able to prove it, but
that takes some time :)

Tijnema


> -Original Message-
> From: tedd [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 12:41 PM
> To: php-general@lists.php.net
> Subject: [PHP] Audio CAPTCHA review request
>
> Hi gang:
>
> If you people would be so kind as to review this:
>
> http://sperling.com/examples/captcha/
>
> and tell me what you think (ease of use, if it works, security,
> etc.), I would appreciate it.
>
> The point is to be able to get to the "Congratulations" page by
> hearing and entering the key. If you can get there some other way or
> defeat the process, I sure would like to know about it.
>
> I've tested this with a couple of dozen blind users and they find no
> problems with it. Now, I'll like to test it for the sighted.
>
> It's mixture of a several languages, but there is php in it, so I
> guess it's on topic.
>
> Cheers,
>
> tedd
>
> --
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.20/737 - Release
> Date: 3/28/2007 4:23 PM
>
>

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.20/737 - Release Date: 3/28/2007
4:23 PM


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] link on user uploaded pic

2007-03-29 Thread Brad Fuller 
> -Original Message-
> From: Tana [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 1:02 PM
> To: php-general@lists.php.net
> Subject: [PHP] link on user uploaded pic
> 
> Hi
> 
>  which is the best way to change this code
> 
>  
> 
> to
> 
>src="images/user_upload/akarmi.jpg">
> 
> in html ?
> 
> 
>  
>  Tana


';

echo preg_replace('//', '',
$imgTag);

?>

-B

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Jake McHenry 
Looks good to me... Had to use my laptop since none of my office sets have
speakers, tested it, tried bunch of stuff and it only let me in when I typed
in the code... So seems good :) 

Jake 

> -Original Message-
> From: tedd [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, March 29, 2007 12:41 PM
> To: php-general@lists.php.net
> Subject: [PHP] Audio CAPTCHA review request
> 
> Hi gang:
> 
> If you people would be so kind as to review this:
> 
> http://sperling.com/examples/captcha/
> 
> and tell me what you think (ease of use, if it works, security, 
> etc.), I would appreciate it.
> 
> The point is to be able to get to the "Congratulations" page by 
> hearing and entering the key. If you can get there some other way or 
> defeat the process, I sure would like to know about it.
> 
> I've tested this with a couple of dozen blind users and they find no 
> problems with it. Now, I'll like to test it for the sighted.
> 
> It's mixture of a several languages, but there is php in it, so I 
> guess it's on topic.
> 
> Cheers,
> 
> tedd
> 
> -- 
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.20/737 - Release 
> Date: 3/28/2007 4:23 PM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.20/737 - Release Date: 3/28/2007
4:23 PM
 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] link on user uploaded pic

2007-03-29 Thread Jake McHenry 
Not quite sure what you mean, what you posted is what you need to do to make
the image a link... And that's what you wanted... So.. What are you asking?

Jake
 

> -Original Message-
> From: Tana [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, March 29, 2007 1:02 PM
> To: php-general@lists.php.net
> Subject: [PHP] link on user uploaded pic
> 
> Hi
> 
>  which is the best way to change this code
> 
>  
> 
> to
> 
>src="images/user_upload/akarmi.jpg">
> 
> in html ?
> 
> 
>  
>  Tana
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.20/737 - Release 
> Date: 3/28/2007 4:23 PM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.20/737 - Release Date: 3/28/2007
4:23 PM
 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] 0x9f54

2007-03-29 Thread Seak, Teng-Fong 
Tijnema ! wrote:
> On 3/29/07, Man-wai Chang <[EMAIL PROTECTED]> wrote:
>> Anyone knew how to insert this value into a char(2) column?
>
> Ok, what are you trying to do? you post a message with a single line,
> and we need to help you?
> I don't even think this is PHP related. You are trying to insert it
> into a database?
> MySQL? MSSQL? PgSQL?
>
> Give us more information, and we might help you :)
>
> Tijnema
It seems he wanted to insert a Chinese character with that hex value.


--
* Zoner PhotoStudio 8 - Your Photos perfect, shared, organised! 
www.zoner.com/zps
  You can download your free version.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CURL questions

2007-03-29 Thread Angelo Zanetti 

y

Erik Jones wrote:


On Mar 29, 2007, at 11:15 AM, Angelo Zanetti wrote:


Hi all.

I have a script on a server that does some processing, now I want to 
execute that script using cURL. This is a basic scenario and I assume 
its possible but its not working.


The script is as follows:

   $url = "http://www/test.php";;
 $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
   curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a 
variable

   curl_setopt($ch, CURLOPT_TIMEOUT, 100);
   $data = curl_exec($ch);
   curl_close($ch); echo "DATA: " . $data;

Now the $url I have taken out the path for obvious reasons.

I get a 500 Internal server error, not sure why as this page being 
called just inserts a word into a database. Could the cause be 
something else network related? What else can I troubleshoot? or is 
my code incorrect?


Well, have you tested callling the script directly from a browser?  
Also, note that your setting CURLOP_RETURNTRANSFER twice and that my 
be messing with the curl call.


yes i have tested with the browser, it works fine. I have removed the 
duplicate entry however its still giving the error do you think they are 
blocking the request? or should I be doing the request on a certain port?


thanks in advance
--

Angelo Zanetti
Systems developer


*Telephone:* +27 (021) 469 1052
*Mobile:*   +27 (0) 72 441 3355
*Fax:*+27 (0) 86 681 5885
*
Web:* http://www.zlogic.co.za
*E-Mail:* [EMAIL PROTECTED] 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] CURL questions

2007-03-29 Thread Erik Jones 


On Mar 29, 2007, at 11:15 AM, Angelo Zanetti wrote:


Hi all.

I have a script on a server that does some processing, now I want  
to execute that script using cURL. This is a basic scenario and I  
assume its possible but its not working.


The script is as follows:

   $url = "http://www/test.php";;
 $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
   curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a  
variable

   curl_setopt($ch, CURLOPT_TIMEOUT, 100);
   $data = curl_exec($ch);
   curl_close($ch); echo "DATA: " . $data;

Now the $url I have taken out the path for obvious reasons.

I get a 500 Internal server error, not sure why as this page being  
called just inserts a word into a database. Could the cause be  
something else network related? What else can I troubleshoot? or is  
my code incorrect?


Well, have you tested callling the script directly from a browser?   
Also, note that your setting CURLOP_RETURNTRANSFER twice and that my  
be messing with the curl call.


erik jones <[EMAIL PROTECTED]>
software developer
615-296-0838
emma(r)

Re: [PHP] CURL questions

2007-03-29 Thread Tijnema ! 

On 3/29/07, Angelo Zanetti <[EMAIL PROTECTED]> wrote:

Hi all.

I have a script on a server that does some processing, now I want to
execute that script using cURL. This is a basic scenario and I assume
its possible but its not working.

The script is as follows:

   $url = "http://www/test.php";;

   $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
   curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a
variable
   curl_setopt($ch, CURLOPT_TIMEOUT, 100);
   $data = curl_exec($ch);
   curl_close($ch);

   echo "DATA: " . $data;

Now the $url I have taken out the path for obvious reasons.

I get a 500 Internal server error, not sure why as this page being
called just inserts a word into a database. Could the cause be something
else network related? What else can I troubleshoot? or is my code incorrect?

TIA

Kind regards


I don't think it makes any difference, but you are defining
CURLOPT_RETURNTRANSFER twice, once with 0 and once with 1. Better
remove one of these :)

Tijnema



--

Angelo Zanetti
Systems developer


*Telephone:* +27 (021) 469 1052
*Mobile:*   +27 (0) 72 441 3355
*Fax:*+27 (0) 86 681 5885
*
Web:* http://www.zlogic.co.za
*E-Mail:* [EMAIL PROTECTED] 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Audio CAPTCHA review request

2007-03-29 Thread Tijnema ! 

On 3/29/07, tedd <[EMAIL PROTECTED]> wrote:

Hi gang:

If you people would be so kind as to review this:

http://sperling.com/examples/captcha/

and tell me what you think (ease of use, if it works, security,
etc.), I would appreciate it.

The point is to be able to get to the "Congratulations" page by
hearing and entering the key. If you can get there some other way or
defeat the process, I sure would like to know about it.

I've tested this with a couple of dozen blind users and they find no
problems with it. Now, I'll like to test it for the sighted.

It's mixture of a several languages, but there is php in it, so I
guess it's on topic.

Cheers,

tedd


Let me take a deep look at it, i'm not a real cracker, but i'm very
good at logic things so i will see if i can find a simple hole to
bypass this CAPTCHA :)

Tijnema


--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Java Opportunity

2007-03-29 Thread Efrain Sarmiento 
Maybe you know of friends in the New Jersey or New York area that are
looking :)
 
Non-Financial Java Developer (HIBERNATE / SPRING)  MUST HAVE:  8-10
years experience. Java/JSP/JavaScript, XML, and Oracle 10g (10g is
strongly preferred), Hibernate, Spring.  These are straight coder
positions.  They will be working on 3 different type of web
applicaitons.  (Web Self Service System (WSSS); Image gateway (like
yahoo photo gallery); and Signal Sign on).  Nice To Have: AJAX, Web
Services,CA-IDMS, MS Visio,Oracle 10G Database,SOA Frameworks Design
Patterns,XML,Oracle Application Server 10G, JDeveloper 10G JSF, Web
Service XML, XSD, XSLT, JAXP, JAXB CA SiteMinder, CA Identity Manager
Oracle XML DB, Autonomy IDOL Server, ServiceWare.  Long Island, NY, 6
months on going, $65/hr.

 

_

Efrain Sarmiento
Technical Recruiter
MISI company

p: 212.355.5585 x332
f: 212.751.5964
c: 917.365.5656
[EMAIL PROTECTED]

Informed Usability  |  Innovative Solutions   |  Reliable Sourcing 
www.misicompany.com  
_

The information contained in this message is sent in the strictest
confidence for the addressee only. It is intended only for the use of
the addressee and may contain legally
privileged/confidential/proprietary information. If you have received
this email in error you are requested to preserve its confidentiality
and advise the sender.

[PHP] Audio CAPTCHA review request

2007-03-29 Thread tedd 

Hi gang:

If you people would be so kind as to review this:

http://sperling.com/examples/captcha/

and tell me what you think (ease of use, if it works, security, 
etc.), I would appreciate it.


The point is to be able to get to the "Congratulations" page by 
hearing and entering the key. If you can get there some other way or 
defeat the process, I sure would like to know about it.


I've tested this with a couple of dozen blind users and they find no 
problems with it. Now, I'll like to test it for the sighted.


It's mixture of a several languages, but there is php in it, so I 
guess it's on topic.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Form Handler Script Security Discussion

2007-03-29 Thread tedd 

At 5:18 PM +0200 3/29/07, Tijnema ! wrote:


I've discussed the problems with using image code (CAPTCHA) in another
post on this list. So then you would create a script of 100+ lines to
do it :)

And even then, some smart programmers are probably going to find a way
to read your image code :)


I'm just about done with my Audio CAPTCHA and will be posting it in a 
few minutes.


Would like to get your thoughts.

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: IP Geolocation Scripts

2007-03-29 Thread zerof 

Daniel Brown escreveu:

   Does anyone have any recommendations for existing open source PHP
scripts that use IP Geolocation?  I was looking into creating a hook to use
hostip.info's API, but it's still too new, and I've already had to add 
three

IP address and a netblock.



I use the GeoIP Lite from Maxmind, it works fine for me!
In the Maxmind site you can get the free CSV that can be converted to 
MySQL or other DB.


http://www.maxmind.com/
--
zerof
http://www.educar.pro.br/
Apache - PHP - MySQL - Boolean Logics - Project Management
--
Você deve, sempre, consultar uma segunda opinião!
--
Deixe todos saberem se esta informação foi-lhe útil.
--  
You must hear, always, one second opinion! In all cases.
--
Let the people know if this info was useful for you!
--

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] IP Geolocation Scripts

2007-03-29 Thread Brad Fuller 
> -Original Message-
> From: Daniel Brown [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 12:08 PM
> To: php-general@lists.php.net
> Subject: [PHP] IP Geolocation Scripts
> 
> Does anyone have any recommendations for existing open source PHP
> scripts that use IP Geolocation?  I was looking into creating a hook to
> use
> hostip.info's API, but it's still too new, and I've already had to add
> three
> IP address and a netblock.
> 
> --
> Daniel P. Brown
> [office] (570-) 587-7080 Ext. 272
> [mobile] (570-) 766-8107

There was some discussion about this on this list not long ago, check the
archives.

Basically, if you want reliable data you're looking at a fee-based
subscription service.  Even the best (most expensive) subscription services
are only about ~85% accurate on a city level in the U.S.


-B

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] CURL questions

2007-03-29 Thread Angelo Zanetti 

Hi all.

I have a script on a server that does some processing, now I want to 
execute that script using cURL. This is a basic scenario and I assume 
its possible but its not working.


The script is as follows:

   $url = "http://www/test.php";;
  
   $ch = curl_init();

   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects
   curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a 
variable

   curl_setopt($ch, CURLOPT_TIMEOUT, 100);
   $data = curl_exec($ch);
   curl_close($ch);
  
   echo "DATA: " . $data;


Now the $url I have taken out the path for obvious reasons.

I get a 500 Internal server error, not sure why as this page being 
called just inserts a word into a database. Could the cause be something 
else network related? What else can I troubleshoot? or is my code incorrect?


TIA

Kind regards


--

Angelo Zanetti
Systems developer


*Telephone:* +27 (021) 469 1052
*Mobile:*   +27 (0) 72 441 3355
*Fax:*+27 (0) 86 681 5885
*
Web:* http://www.zlogic.co.za
*E-Mail:* [EMAIL PROTECTED] 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] IP Geolocation Scripts

2007-03-29 Thread Daniel Brown 

   Does anyone have any recommendations for existing open source PHP
scripts that use IP Geolocation?  I was looking into creating a hook to use
hostip.info's API, but it's still too new, and I've already had to add three
IP address and a netblock.

--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Re: [PHP] Form Handler Script Security Discussion

2007-03-29 Thread tg-php 
You can pass session ID data via the URL.  Ugly as it is, that's a viable 
option (that I see used a lot actually.. kinda drives me nuts but I understand 
it) for when you don't have people logging in and/or can't guarentee that 
cookies will be available.

As was mentioned a few times, CAPTCHA methods can help prevent bots and such 
from abusing your forms.  There's more types than just the 
characters-as-an-image style.  I don't know if they call fall under the name 
CAPTCHA, but there's audible tests, logic tests, math tests, etc.   Some are 
obscure enough to prevent blind bots from using them, but aren't good enough if 
someone bothers to look at them.

Say you had something that says "Please enter the answer:  5 + 3 = [input box]" 
or even something like "Type the word [somerandomword]: [inputbox]".  That 
would probably keep out a lot of the bots people just let run wild online, but 
if any of the bot programmers bothered to look at your page, it'd be simple to 
re-write the bot to answer the question.

I've seen "password" systems that didn't have you enter a password, but rather 
click on a sequence of images.  Your "password" may be star-wavy lines-dog.  
You could do something similar when a user filled out a form.

And yeah, never too late to start using mysql_real_escape_string() hah.  Well, 
guess it COULD be too late in some cases, but it's definitely good practice to 
get into.   It'll escape more than just the stuff addslashes() does.  Things 
that are specific to MySQL and secure inserting/updating.

I wrote a wrapper function that does mysql_real_escape_string() but also takes 
a parameter for the type of data going into the database and returns a 
'cleaned' version of the string for inserting/updating.  We store phone numbers 
and SSNs as all numbers, so one thing it does is check length and remove 
anything that's not a number.  Keeps the data consistant and clean too.

But that's another (related) topic.

-TG

= = = Original message = = =

TG,

Great point on the mysql_real_escape_string().  I think I should
actually start using that (better late than never, I guess).

Again, though session variables are great, but what about the
overall case?  If you're doing a login form and permissions-based area of a
website, sessions are fine, because the user will just have to deal with the
fact that cookies are required but what about something simpler?  If
we're just posting, say, a contact form, we should require the user to alter
their browser security settings just to send us an email.

-- 
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107


___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Form Handler Script Security Discussion

2007-03-29 Thread tg-php 
Good topic.  It's touched on here and there in other questions, but always good 
to hit it head-on from time to time too.

First, mysql_real_escape_string() for inserting into MySQL and whatever equiv 
you can find for whatever other database you may be using.  addslashes() isn't 
so hot for database stuff.

Second, I'm not sure you can rely on HTTP Referrer.  Correct me if I'm wrong, 
but I believe it can be forged.  You can't rely on anything being received from 
the client for any kind of security checking.



If you have your users logging into a system, one method would be to start a 
session when they log in and store that session ID in your database.  Whenever 
the user accesses a page, their session ID can be checked against what's stored 
as their last used session.  If they don't match, log them out and request 
re-authentication.   Couple this with a check to see when their last access was 
so you can time them out and it's not a half bad method of making sure only the 
proper user is accessing the system.

I know, I said you can't rely on what the client sends and I guess session ID 
could be part of that.  But session IDs are a little less static than "server 
name".  If someone was monitoring your network traffic, they'd see all your 
clients sending the same referrer and could use that whenever they felt like 
it.  The session ID is a little more transient.  You could even destroy and 
create new sessions to help prevent someone from snagging a valid session ID 
that may be active all day and using it.

I'm sure there's at least a dozen decent methods of making sure your pages and 
forms are accessed by the people who you want to access them.  With varying 
degrees of security balanced with useability.  Just thought I'd toss out some 
stuff to chew on.

-TG


= = = Original message = = =

Just wondering how many of you actually use any type of secure coding
when doing form processing.  I'm guilty of not doing it all the time myself,
but I'm trying to get into the habit of doing so.  For example, I don't want
someone else modifying a form to auto-post values to my handler, so I would
use:



That's one method any other thoughts on that part?

Then, once the data is there, I try to remember to use addslashes(),
htmlspecialchars(), and other functions (as well as some I've written myself
over the years) to handle the data properly and securely when inserting it
into a database or processing it on anything more than a bare, basic level.



-- 
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107


___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Form Handler Script Security Discussion

2007-03-29 Thread cajbecu 
> 
> And even then, some smart programmers are probably going to find a way
> to read your image code :)
> 

that, of course, if your app will be an interface to client`s bank
account, with online management. :)

cajb.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Form Handler Script Security Discussion

2007-03-29 Thread Tijnema ! 

On 3/29/07, cajbecu <[EMAIL PROTECTED]> wrote:

>
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>// This is a safe POST
>} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>die("Illegal access.  Your IP has been logged.\n");
>}
> ?>
>

it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add image code
to the form and check that in your script. that will stop the attackers
insert lot of data in your database.


You need a really good code to make it really secure :)
I've discussed the problems with using image code (CAPTCHA) in another
post on this list. So then you would create a script of 100+ lines to
do it :)

And even then, some smart programmers are probably going to find a way
to read your image code :)

Tijnema


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Form Handler Script Security Discussion

2007-03-29 Thread Arpad Ray 
Many legitimate users will have their referrer blocked by proxies or by 
browser preference so you'll also have false negatives.


Arpad

cajbecu wrote:






it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add image code
to the form and check that in your script. that will stop the attackers
insert lot of data in your database.

  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Form Handler Script Security Discussion

2007-03-29 Thread cajbecu 
> 
> if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>// This is a safe POST
>} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
>die("Illegal access.  Your IP has been logged.\n");
>}
> ?>
> 

it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add image code
to the form and check that in your script. that will stop the attackers
insert lot of data in your database.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Form Handler Script Security Discussion

2007-03-29 Thread Daniel Brown 

   Just wondering how many of you actually use any type of secure coding
when doing form processing.  I'm guilty of not doing it all the time myself,
but I'm trying to get into the habit of doing so.  For example, I don't want
someone else modifying a form to auto-post values to my handler, so I would
use:



   That's one method any other thoughts on that part?

   Then, once the data is there, I try to remember to use addslashes(),
htmlspecialchars(), and other functions (as well as some I've written myself
over the years) to handle the data properly and securely when inserting it
into a database or processing it on anything more than a bare, basic level.



--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Rahul Sitaram Johari 

Agreed, if there are multiple forms, I will definitely have to use either
Submit name or some form of identifier.

Thanks!


On 3/29/07 10:47 AM, "Zoltán Németh" <[EMAIL PROTECTED]> wrote:

> 2007. 03. 29, csütörtök keltezéssel 10.38-kor Rahul Sitaram Johari ezt
> írta:
>> Daniel I like your code ­ it¹s definitely cleaner and compact.
>> I have a question for you ­ I have never used ³if($_POST) {³, instead,
>> always felt I needed to specify the $Submit variable to check if form is
>> submitted. So basically if I use ³if($_POST) {³, would it automatically mean
>> it¹s checking if the form has been submitted?
> 
> if there is $_POST then you have received some POST data. so the form
> has been submitted (but make sure that the same php script is handler
> for only one form to avoid confusion)
> 
> greets
> Zoltán Németh
> 
>> 
>> BTW: figured out the problem, as resolved by Tijnema, ³WHEN² is a reserved
>> word in mySQL.
>> 
>> ~~~
>> Rahul Sitaram Johari
>> CEO, Twenty Four Seventy Nine Inc.
>> 
>> W: http://www.rahulsjohari.com
>> E: [EMAIL PROTECTED]
>> 
>> ³I morti non sono piu soli ... The dead are no longer lonely²
>> 
>> 
>> 
>> On 3/29/07 10:32 AM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:
>> 
>>> 
>>> Try this code, cleaned up and made a little more compliant.
>>> 
>>> >> //Add Record Function
>>> if($_POST) {
>>> $db = mysql_connect("localhost","usr","pwd");
>>> mysql_select_db("thedb",$db) or die("Critical Error
>>> :".mysql_error());
>>> $WHEN = date("mdyHi");
>>> $WHAT = $_POST['WHAT'];
>>> $WHO = $_POST['WHO'];
>>> echo "".$WHEN.", ".$WHAT.",
>>> ".$WHO."";
>>> $sql = "INSERT INTO tbl(WHEN,WHAT,WHO)
>>> VALUES('".$WHEN."','".$WHAT."','".$WHO."')";
>>> $result = mysql_query($sql) or die("Fatal Error:".mysql_error());
>>> echo "~: message
>>> sent:~";
>>> }
>>> ?>
>> 
>> 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Zoltán Németh 
2007. 03. 29, csütörtök keltezéssel 10.38-kor Rahul Sitaram Johari ezt
írta:
> Daniel I like your code ­ it¹s definitely cleaner and compact.
> I have a question for you ­ I have never used ³if($_POST) {³, instead,
> always felt I needed to specify the $Submit variable to check if form is
> submitted. So basically if I use ³if($_POST) {³, would it automatically mean
> it¹s checking if the form has been submitted?

if there is $_POST then you have received some POST data. so the form
has been submitted (but make sure that the same php script is handler
for only one form to avoid confusion)

greets
Zoltán Németh

> 
> BTW: figured out the problem, as resolved by Tijnema, ³WHEN² is a reserved
> word in mySQL.
> 
> ~~~
> Rahul Sitaram Johari
> CEO, Twenty Four Seventy Nine Inc.
> 
> W: http://www.rahulsjohari.com
> E: [EMAIL PROTECTED]
> 
> ³I morti non sono piu soli ... The dead are no longer lonely²
> 
> 
> 
> On 3/29/07 10:32 AM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:
> 
> > 
> > Try this code, cleaned up and made a little more compliant.
> > 
> >  > //Add Record Function
> > if($_POST) {
> > $db = mysql_connect("localhost","usr","pwd");
> > mysql_select_db("thedb",$db) or die("Critical Error 
> > :".mysql_error());
> > $WHEN = date("mdyHi");
> > $WHAT = $_POST['WHAT'];
> > $WHO = $_POST['WHO'];
> > echo "".$WHEN.", ".$WHAT.",
> > ".$WHO."";
> > $sql = "INSERT INTO tbl(WHEN,WHAT,WHO)
> > VALUES('".$WHEN."','".$WHAT."','".$WHO."')";
> > $result = mysql_query($sql) or die("Fatal Error:".mysql_error());
> > echo "~: message
> > sent:~";
> > }
> > ?>
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Rahul Sitaram Johari 

Awesome! This helps. I¹ll start using this method from now on ­ certainly
seems a lot more compliant and also actually helps eliminating the ³Submit²
button name confusion.

Thanks! Appreciated.

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²



On 3/29/07 10:40 AM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:

> 
> That's correct, Rahul.  Anything sent using the HTTP POST method would be
> picked up.  Conversely, the same applies with if($_GET), which would be the
> case in almost all web-based coding, since GET is the default method.  And
> great job on Tij's part there.  I wasn't even paying attention to the reserved
> words guess I should finally go get a cup of coffee and start my day
> 
> 
> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
>> 
>> Daniel I like your code ­ it's definitely cleaner and compact.
>> I have a question for you ­ I have never used "if($_POST) {", instead, always
>> felt I needed to specify the $Submit variable to check if form is submitted.
>> So basically if I use "if($_POST) {", would it automatically mean it's
>> checking if the form has been submitted?
>> 
>> BTW: figured out the problem, as resolved by Tijnema, "WHEN" is a reserved
>> word in mySQL.
>> 
>> ~~~
>> Rahul Sitaram Johari
>> CEO, Twenty Four Seventy Nine Inc.
>> 
>> W: http://www.rahulsjohari.com
>> E: [EMAIL PROTECTED]
>> 
>> "I morti non sono piu soli ... The dead are no longer lonely"
>> 
>> 
>> 
>> On 3/29/07 10:32 AM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:
>> 
>>> 
>>> Try this code, cleaned up and made a little more compliant.
>>> 
>>> >> //Add Record Function
>>> if($_POST) {
>>> $db = mysql_connect("localhost","usr","pwd");
>>> mysql_select_db("thedb",$db) or die("Critical Error
>>> :".mysql_error());
>>> $WHEN = date("mdyHi");
>>> $WHAT = $_POST['WHAT'];
>>> $WHO = $_POST['WHO'];
>>> echo "".$WHEN.", ".$WHAT.",
>>> ".$WHO."";
>>> $sql = "INSERT INTO tbl(WHEN,WHAT,WHO)
>>> VALUES('".$WHEN."','".$WHAT."','".$WHO."')";
>>> $result = mysql_query($sql) or die("Fatal Error:".mysql_error());
>>> echo "~: message
>>> sent:~";
>>> }
>>> ?>
>> 
> 
>

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Tijnema ! 

On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:


BY THOR! That worked! "WHEN" Is a reserved word and that is what was causing
the problem. Changed it to "THETIME" and query went through fine!!

Can't thank you enough! This was driving me crazy! Look how many mistakes I
made in just making this post in this mailing list!

Honorable *bow*

Thanks!


You're welcome :)

Sometimes this list isn't just that organized, and because mail
servers aren't always returning email directly, some people are
replying on old mails, while others are replying on new mails. (like
i'm doing now, you send another email already :) )

Tijnema


~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²



On 3/29/07 10:30 AM, "Tijnema !" <[EMAIL PROTECTED]> wrote:

> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
>>
>> My Apologies Everyone! I gave you all the wrong code Twice!! A pox on me - I
>> tell you!
>>
>> This is the ACTUAL code that I'm working with - and it's not working:
>>
>>>//Add Record Function
>>if($_POST['Submit']) {
>>$db = mysql_connect("localhost","usr","pwd");
>>mysql_select_db("thedb",$db) or die("Critical Error :".mysql_error());
>>$WHEN = date(mdyHi);
>>$WHAT = $_POST['WHAT'];
>>$WHO = $_POST['WHO'];
>>echo "$WHEN, $WHAT, $WHO";
>>
>>$sql = "INSERT INTO tbl  (WHEN, WHAT, WHO) VALUES
>> ('$WHEN','$WHAT','$WHO')";
>>$result = mysql_query($sql) or die("Fatal Error :".mysql_error());
>>echo "~: message sent
>> :~";
>>}
>>?>
>>
>> Please disregard the previous code I sent. Thank you!
>
> If you checked the MySQL Manual you would see that WHEN is a reserved
> word. I think that gives problem, so you could change the WHEN key
> into another key, or use some quotes around it. I recommend the first
> option :)
>
> Tijnema
>
> ps. List of reserved words for MySQL:
> http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
>>
>>
> 
>>
>>





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] 0x9f54

2007-03-29 Thread Tijnema ! 

On 3/29/07, Man-wai Chang <[EMAIL PROTECTED]> wrote:

Anyone knew how to insert this value into a char(2) column?


Ok, what are you trying to do? you post a message with a single line,
and we need to help you?
I don't even think this is PHP related. You are trying to insert it
into a database?
MySQL? MSSQL? PgSQL?

Give us more information, and we might help you :)

Tijnema



--
 .~.   Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
 / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 6.10)  Linux 2.6.20.4
 ^ ^   22:19:01 up 5 days 9:31 0 users load average: 1.04 1.19 1.16
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Rahul Sitaram Johari 

Daniel I like your code ­ it¹s definitely cleaner and compact.
I have a question for you ­ I have never used ³if($_POST) {³, instead,
always felt I needed to specify the $Submit variable to check if form is
submitted. So basically if I use ³if($_POST) {³, would it automatically mean
it¹s checking if the form has been submitted?

BTW: figured out the problem, as resolved by Tijnema, ³WHEN² is a reserved
word in mySQL.

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²



On 3/29/07 10:32 AM, "Daniel Brown" <[EMAIL PROTECTED]> wrote:

> 
> Try this code, cleaned up and made a little more compliant.
> 
>  //Add Record Function
> if($_POST) {
> $db = mysql_connect("localhost","usr","pwd");
> mysql_select_db("thedb",$db) or die("Critical Error :".mysql_error());
> $WHEN = date("mdyHi");
> $WHAT = $_POST['WHAT'];
> $WHO = $_POST['WHO'];
> echo "".$WHEN.", ".$WHAT.",
> ".$WHO."";
> $sql = "INSERT INTO tbl(WHEN,WHAT,WHO)
> VALUES('".$WHEN."','".$WHAT."','".$WHO."')";
> $result = mysql_query($sql) or die("Fatal Error:".mysql_error());
> echo "~: message
> sent:~";
> }
> ?>

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Rahul Sitaram Johari 

BY THOR! That worked! "WHEN" Is a reserved word and that is what was causing
the problem. Changed it to "THETIME" and query went through fine!!

Can't thank you enough! This was driving me crazy! Look how many mistakes I
made in just making this post in this mailing list!

Honorable *bow*

Thanks!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²



On 3/29/07 10:30 AM, "Tijnema !" <[EMAIL PROTECTED]> wrote:

> On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:
>> 
>> My Apologies Everyone! I gave you all the wrong code Twice!! A pox on me - I
>> tell you!
>> 
>> This is the ACTUAL code that I'm working with - and it's not working:
>> 
>>>//Add Record Function
>>if($_POST['Submit']) {
>>$db = mysql_connect("localhost","usr","pwd");
>>mysql_select_db("thedb",$db) or die("Critical Error :".mysql_error());
>>$WHEN = date(mdyHi);
>>$WHAT = $_POST['WHAT'];
>>$WHO = $_POST['WHO'];
>>echo "$WHEN, $WHAT, $WHO";
>> 
>>$sql = "INSERT INTO tbl  (WHEN, WHAT, WHO) VALUES
>> ('$WHEN','$WHAT','$WHO')";
>>$result = mysql_query($sql) or die("Fatal Error :".mysql_error());
>>echo "~: message sent
>> :~";
>>}
>>?>
>> 
>> Please disregard the previous code I sent. Thank you!
> 
> If you checked the MySQL Manual you would see that WHEN is a reserved
> word. I think that gives problem, so you could change the WHEN key
> into another key, or use some quotes around it. I recommend the first
> option :)
> 
> Tijnema
> 
> ps. List of reserved words for MySQL:
> http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
>> 
>> 
> 
>> 
>> 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Tijnema ! 

On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:

Ave,

For total clarity, I¹m starting this post again. I messed up big time with
my posts.
So here¹s my actual code:

   $WHEN, $WHAT, $WHO";

   $sql = "INSERT INTO tbl  (WHEN, WHAT, WHO) VALUES
('$WHEN','$WHAT','$WHO')";
   $result = mysql_query($sql) or die("Fatal Error :".mysql_error());
   echo "~: message sent
:~";
   }
   ?>

Now, this part is working absolutely fine and printing out echo values:
   if($_POST['Submit']) {
   $db = mysql_connect("localhost","usr","pwd");
   mysql_select_db("thedb",$db) or die("Critical Error :".mysql_error());
   $WHEN = date(mdyHi);
   $WHAT = $_POST['WHAT'];
   $WHO = $_POST['WHO'];
   echo "$WHEN, $WHAT, $WHO";

But this part is not working ­ and not giving any errors:
   $sql = "INSERT INTO tbl  (WHEN, WHAT, WHO) VALUES
('$WHEN','$WHAT','$WHO')";
   $result = mysql_query($sql) or die("Fatal Error :".mysql_error());
   echo "~: message sent
:~";
   }

Thanks!


Well, let me post my reply another time :)

If you checked the MySQL Manual you would see that WHEN is a reserved
word. I think that gives problem, so you could change the WHEN key
into another key, or use some quotes around it. I recommend the first
option :)

Tijnema

ps. List of reserved words for MySQL:
http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html


~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Tijnema ! 

On 3/29/07, Rahul Sitaram Johari <[EMAIL PROTECTED]> wrote:


My Apologies Everyone! I gave you all the wrong code Twice!! A pox on me - I
tell you!

This is the ACTUAL code that I'm working with - and it's not working:

   $WHEN, $WHAT, $WHO";

   $sql = "INSERT INTO tbl  (WHEN, WHAT, WHO) VALUES
('$WHEN','$WHAT','$WHO')";
   $result = mysql_query($sql) or die("Fatal Error :".mysql_error());
   echo "~: message sent
:~";
   }
   ?>

Please disregard the previous code I sent. Thank you!


If you checked the MySQL Manual you would see that WHEN is a reserved
word. I think that gives problem, so you could change the WHEN key
into another key, or use some quotes around it. I recommend the first
option :)

Tijnema

ps. List of reserved words for MySQL:
http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html










--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] What is wrong with this INSERT?

2007-03-29 Thread Rahul Sitaram Johari 
Ave,

For total clarity, I¹m starting this post again. I messed up big time with
my posts.
So here¹s my actual code:

$WHEN, $WHAT, $WHO";
   
$sql = "INSERT INTO tbl  (WHEN, WHAT, WHO) VALUES
('$WHEN','$WHAT','$WHO')";
$result = mysql_query($sql) or die("Fatal Error :".mysql_error());
echo "~: message sent
:~";
}
?>

Now, this part is working absolutely fine and printing out echo values:
if($_POST['Submit']) {
$db = mysql_connect("localhost","usr","pwd");
mysql_select_db("thedb",$db) or die("Critical Error :".mysql_error());
$WHEN = date(mdyHi);
$WHAT = $_POST['WHAT'];
$WHO = $_POST['WHO'];
echo "$WHEN, $WHAT, $WHO";

But this part is not working ­ and not giving any errors:
$sql = "INSERT INTO tbl  (WHEN, WHAT, WHO) VALUES
('$WHEN','$WHAT','$WHO')";
$result = mysql_query($sql) or die("Fatal Error :".mysql_error());
echo "~: message sent
:~";
}

Thanks!

~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²

Re: [PHP] What is wrong with this INSERT?

2007-03-29 Thread Rahul Sitaram Johari 

On 3/29/07 10:18 AM, "cajbecu" <[EMAIL PROTECTED]> wrote:

> are you sure $_POST['Submit'] is set? i mean, do you have an input named
> "Submit" that is set in your form?
 

The Submit button in my form is named "Submit".
The thing is, if the form is not submitted, this code is not executed (the
echo statements do not appear) - so I'm assuming that's not the problem.


~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: [EMAIL PROTECTED]

³I morti non sono piu soli ... The dead are no longer lonely²

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

  1   2   >