Re: [PHP] keeping credit card info in session

2007-04-08 Thread Lester Caine 

[EMAIL PROTECTED] wrote:

Thanks a lot every one. These are great replies.

I guess I should have explained a bit more about what I'm doing.

first of all, this is not my site, it's for a client of mine.

second, I did suggest using a paypal API or a paid site to take care of this, 
but my client said no. She has a credit card processing account and how she 
works with it right now, is that interested users email her, she calls them, 
gets their credit card info and charges their card manually without the card 
present.


so, this is not really my problem, it's what she's been doing before and wants 
to continue doing. All she asked me to do is that as part of the form that 
people send their requests through, now she wants their credit card info as 
well. So that she doesn't have to call them.


Then *SHE* has to obey the rules laid down by the provider of that service. 
She may well be breaking the rules if she does not take the card number over 
the phone. The second you ask for a credit card number electronically you need 
*ALL* of the security you can get. I have seen a number of cases of sites that 
did not follow the rules and within minutes of a transaction being completed 
the card number is being used on the other side of the world 
( My next door neighbour got stung after using the British Airways site - one 
you would have expected to be secure )


And the reason I'm keeping cc info in the session for a few steps, is to take 
them to confirmation page, and then the reciept page. and after wards, I want 
to keep it in there untill the client logs in to the admin page and sees new 
requests, charges them and then deletes them for ever.


So now I've got two different responses, some people say do it, but use 
encryption/decryption methods, and some people say don't do it. But if I don't 
do it, that means I tell my client that I can't do it and I lose the job.


Some jobs you do walk away from. One has to know when it is worth all the time 
you are going to pump into solving a problem that you will not actually get 
paid for. If YOU are setting up the security for using Credit Cards *YOU* may 
well be held liable when it gets cracked. So it is safer to pass the risk to 
the card companies where possible and use an existing security system where 
someone else takes the blame.


Starting point - what does it say in the agreement that your client currently 
has with her credit card account?


--
Lester Caine - G8HFL
-
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

2007-04-08 Thread siavash1979 
Quoting Lori Lay <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> > Sorry this is the full script...
> >
> > whois.php
> >
> > 
> > 
> > 
> >
> > Enter Domain Names (one per line)
> >  > style="font-size:13;font-family:Arial,Verdana;">
> 
> Gotcha!  A textarea does not produce an array.  Even though the user 
> should be separating the lines with a line break, this turns into one 
> long string with line breaks in it, not separate array elements.  You 
> will have to do this manually.  Actually, you could probably use nl2br 
> to insert BR's before the line breaks (it doesn't replace them, but 
> that's usually good enough).
> 
> Lori


much better, it all makes sense now. This is what I would do:

";
}
?>


Siavash


> >
> > 
> > 
> > Whois Results:
> >
> >  >
> > foreach( $_POST as $key ) {
> >echo "$key";
> > }
> > ?>
> >
> > 
> > 
> >
> > - Original Message - From: "Lori Lay" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: 
> > Sent: Monday, April 09, 2007 5:20 AM
> > Subject: Re: [PHP] foreach question
> >
> >
> >> [EMAIL PROTECTED] wrote:
> >>> "both examples do the same thing.."
> >>>
> >>> no, ex1 only has 1 
> >>>
> >>> so outputs like..
> >>> item1item2item3item4item5
> >>>
> >>> Where as I want this..
> >>>
> >>> item1
> >>> item2
> >>> item3
> >>> item4
> >>> item5
> >>>
> >>> ie a line break after every item.
> >>>
> >> Silly question, perhaps, but are you sure $_POST is an array (with 5 
> >> elements)?  What you have written should produce a break after each 
> >> item if POST is a 5 element array.  However if POST is a single 
> >> element with the five items concatenated together, then they would be 
> >> printed the way you have it listed above...
> >>
> >> It might be better to post the full script to the list.
> >>
> >> Lori
> >>>
> >>> - Original Message - From: "Sebe" <[EMAIL PROTECTED]>
> >>> To: <[EMAIL PROTECTED]>
> >>> Cc: 
> >>> Sent: Monday, April 09, 2007 1:22 AM
> >>> Subject: Re: [PHP] foreach question
> >>>
> >>>
>  [EMAIL PROTECTED] wrote:
> > I have ..
> >
> > foreach( $_POST as $key ) {echo "$key";
> > }
> >
> > and that gives me
> >
> > item1
> > item2
> > item3
> > item4
> > item5
> >
> > how do I write it to give me
> >
> > item1
> > item2
> > item3
> > item4
> > item5
> >
> > Thanks
> >
>  both examples do the same thing..
> 
>  -- 
>  PHP General Mailing List (http://www.php.net/)
>  To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> 
> >>>
> >>
> >> -- 
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

2007-04-08 Thread Lori Lay 

[EMAIL PROTECTED] wrote:

Sorry this is the full script...

whois.php





Enter Domain Names (one per line)
style="font-size:13;font-family:Arial,Verdana;">


Gotcha!  A textarea does not produce an array.  Even though the user 
should be separating the lines with a line break, this turns into one 
long string with line breaks in it, not separate array elements.  You 
will have to do this manually.  Actually, you could probably use nl2br 
to insert BR's before the line breaks (it doesn't replace them, but 
that's usually good enough).


Lori




Whois Results:

";
}
?>




- Original Message - From: "Lori Lay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, April 09, 2007 5:20 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

"both examples do the same thing.."

no, ex1 only has 1 

so outputs like..
item1item2item3item4item5

Where as I want this..

item1
item2
item3
item4
item5

ie a line break after every item.

Silly question, perhaps, but are you sure $_POST is an array (with 5 
elements)?  What you have written should produce a break after each 
item if POST is a 5 element array.  However if POST is a single 
element with the five items concatenated together, then they would be 
printed the way you have it listed above...


It might be better to post the full script to the list.

Lori


- Original Message - From: "Sebe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {echo "$key";
}

and that gives me

item1
item2
item3
item4
item5

how do I write it to give me

item1
item2
item3
item4
item5

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

2007-04-08 Thread chris 

Sorry this is the full script...

whois.php





Enter Domain Names (one per line)
style="font-size:13;font-family:Arial,Verdana;">




Whois Results:

";
}
?>




- Original Message - 
From: "Lori Lay" <[EMAIL PROTECTED]>

To: <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, April 09, 2007 5:20 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

"both examples do the same thing.."

no, ex1 only has 1 

so outputs like..
item1item2item3item4item5

Where as I want this..

item1
item2
item3
item4
item5

ie a line break after every item.

Silly question, perhaps, but are you sure $_POST is an array (with 5 
elements)?  What you have written should produce a break after each item 
if POST is a 5 element array.  However if POST is a single element with 
the five items concatenated together, then they would be printed the way 
you have it listed above...


It might be better to post the full script to the list.

Lori


- Original Message - From: "Sebe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {echo "$key";
}

and that gives me

item1
item2
item3
item4
item5

how do I write it to give me

item1
item2
item3
item4
item5

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

2007-04-08 Thread Lori Lay 

[EMAIL PROTECTED] wrote:

"both examples do the same thing.."

no, ex1 only has 1 

so outputs like..
item1item2item3item4item5

Where as I want this..

item1
item2
item3
item4
item5

ie a line break after every item.

Silly question, perhaps, but are you sure $_POST is an array (with 5 
elements)?  What you have written should produce a break after each item 
if POST is a 5 element array.  However if POST is a single element with 
the five items concatenated together, then they would be printed the way 
you have it listed above...


It might be better to post the full script to the list.

Lori


- Original Message - From: "Sebe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {echo "$key";
}

and that gives me

item1
item2
item3
item4
item5

how do I write it to give me

item1
item2
item3
item4
item5

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-08 Thread siavash1979 
Thanks a lot every one. These are great replies.

I guess I should have explained a bit more about what I'm doing.

first of all, this is not my site, it's for a client of mine.

second, I did suggest using a paypal API or a paid site to take care of this, 
but my client said no. She has a credit card processing account and how she 
works with it right now, is that interested users email her, she calls them, 
gets their credit card info and charges their card manually without the card 
present.

so, this is not really my problem, it's what she's been doing before and wants 
to continue doing. All she asked me to do is that as part of the form that 
people send their requests through, now she wants their credit card info as 
well. So that she doesn't have to call them.

And the reason I'm keeping cc info in the session for a few steps, is to take 
them to confirmation page, and then the reciept page. and after wards, I want 
to keep it in there untill the client logs in to the admin page and sees new 
requests, charges them and then deletes them for ever.

So now I've got two different responses, some people say do it, but use 
encryption/decryption methods, and some people say don't do it. But if I don't 
do it, that means I tell my client that I can't do it and I lose the job.



Thanks again,
Siavash




Quoting Travis Doherty <[EMAIL PROTECTED]>:

> Jochem Maas wrote:
> 
> >unless you are a payment gateway or a bank don't touch credit card numbers.
> >there are plenty of threads in the archive of this list that give good
> reasons
> >not to e.g. being sued out of existence.
> >  
> >
> 100% agreed.  Never touch credit card numbers.  You can't just take
> credit card numbers and manually process them in 'card not present'
> transactions (or MOTO in more archaic terms.)  You need a merchant
> account that allows for this -- usually at a higher discount rate. 
> Check the merchant agreement.
> 
> Your client should get an account like this, or better yet, provide you
> with the instructions on how to integrate his site with the payment
> providers so that you never have to worry about credit cards.
> 
> As an additional note... Maybe your SSL cert secures the numbers from
> the client to the server, and just maybe your PHP scripts have no
> security flaws in them, but you must remember the server itself and
> everything else outside of PHP.  What if someone found a flaw in the FTP
> server for example, or the mail server even, and used that to get the CC
> info.   I would hate to be explaining to a list of 1000 clients that I
> was responsible for their card numbers being stolen.
> 
> Travis Doherty
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

2007-04-08 Thread siavash1979 
Your code is fine and it should work.

but in any case, try:

foreach ($_POST as $key){
echo $key . '';
}

Also, what php version, and what browser are you using?

good luck,
Siavash



> [EMAIL PROTECTED] wrote:
> > "both examples do the same thing.."
> >
> > no, ex1 only has 1 
> >
> > so outputs like..
> > item1item2item3item4item5
> >
> > Where as I want this..
> >
> > item1
> > item2
> > item3
> > item4
> > item5
> >
> > ie a line break after every item.
> >
> 
> hmm, if you're getting 5 results from the loop each should already have 
> a 
> so i dont understand what is wrong but the code it's set to put out a 
> line break after each item. maybe i'm blind but the code is fine (with 
> the exception that i don't use double quotes).
> >
> > - Original Message - From: "Sebe" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: 
> > Sent: Monday, April 09, 2007 1:22 AM
> > Subject: Re: [PHP] foreach question
> >
> >
> >> [EMAIL PROTECTED] wrote:
> >>> I have ..
> >>>
> >>> foreach( $_POST as $key ) {echo "$key";
> >>> }
> >>>
> >>> and that gives me
> >>>
> >>> item1
> >>> item2
> >>> item3
> >>> item4
> >>> item5
> >>>
> >>> how do I write it to give me
> >>>
> >>> item1
> >>> item2
> >>> item3
> >>> item4
> >>> item5
> >>>
> >>> Thanks
> >>>
> >> both examples do the same thing..
> >>
> >> -- 
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread tedd 

At 4:38 AM -0700 4/8/07, benifactor wrote:

hmm, why don't you md5 more then once..


I read somewhere that MD5'ing anything more than once, does not 
increase security.


Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread tedd 

At 6:46 PM +0200 4/8/07, Jochem Maas wrote:

just a few random thought on how to make it even more painful to
crack. random colored borders, random border width, slight changes 
in width/height,
random pixel noise or varying colors, animated gifs (where does the 
arrow stop),

animated gifs (where does the red/pink/blue/green arrow point to),

make the letters random with regard to character and position [and 
make the letters generated images them selves]

that way know where the arrow is pointing is only half the solution.

or may rather take this technique and combine it with std captcha such that
you output an image with a stack of [freaky] letters in it and one of them
has an arrow pointing at it.

yadda yadda.

in theory it's all crackable - but somewhere along the line the 
problem becomes
too hard to make it worth the effort to try (unless your securing 
Fort Knox or something)


My attempt here was only to show that a MD5 solution could become so 
vast that there would be no point in pursuing that avenue.


As for other ways to crack this, of course there ARE other easier ways.

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread tedd 

At 6:33 PM +0200 4/8/07, Tijnema ! wrote:

On 4/8/07, tedd <[EMAIL PROTECTED]> wrote:

Remember, I could also use a jpeg file and have millions of colors to
chose from. Unless, there is something here that I don't understand
(which very well could be), I can't see how anyone, without massive
computer resources, could break that.

Am I wrong?


Maybe... What about OCR programs? they can read letters from images,
if you could transfrom that to an program that could read arrows
instead of characters. then you probably could crack it, also if you
store random pixels in it. And that doesn't use massive computer
resources :)


Yes, I was excluding that -- I was dealing only with MD5 solutions.

Of course, OCR-like programs can decipher and interpret an arrow. It 
would not be too hard to find the center of the square and then 
determine in which one of eight zones the majority of contrasting 
pixels were. I did similar stuff many years ago detecting movement by 
comparing frames to see what was areas in a frame were changing and 
then direct stepping motors to control the camera. Neat stuff.


Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: session in forum

2007-04-08 Thread itoctopus 
http://www.sitepoint.com/article/users-php-sessions-mysql

--
itoctopus - http://www.itoctopus.com
"uni uni" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> im trying to make a forum for my school assignment, its done and work
well, but i want to make session where it is readonly for un-registered
user, and the registered user can automaticly post new  topics or comment
the other topics without filling up name and email form cuz their name and
email will be taken from the database as they have logged in.
>
> anyone can help me please?
>
>
> -
> Don't pick lemons.
> See all the new 2007 cars at Yahoo! Autos.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

2007-04-08 Thread Sebe 

[EMAIL PROTECTED] wrote:

"both examples do the same thing.."

no, ex1 only has 1 

so outputs like..
item1item2item3item4item5

Where as I want this..

item1
item2
item3
item4
item5

ie a line break after every item.



hmm, if you're getting 5 results from the loop each should already have 
a 
so i dont understand what is wrong but the code it's set to put out a 
line break after each item. maybe i'm blind but the code is fine (with 
the exception that i don't use double quotes).


- Original Message - From: "Sebe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {echo "$key";
}

and that gives me

item1
item2
item3
item4
item5

how do I write it to give me

item1
item2
item3
item4
item5

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

2007-04-08 Thread chris 

"both examples do the same thing.."

no, ex1 only has 1 

so outputs like..
item1item2item3item4item5

Where as I want this..

item1
item2
item3
item4
item5

ie a line break after every item.


- Original Message - 
From: "Sebe" <[EMAIL PROTECTED]>

To: <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, April 09, 2007 1:22 AM
Subject: Re: [PHP] foreach question



[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {echo "$key";
}

and that gives me

item1
item2
item3
item4
item5

how do I write it to give me

item1
item2
item3
item4
item5

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session in forum

2007-04-08 Thread uni uni 
im trying to make a forum for my school assignment, its done and work well, but 
i want to make session where it is readonly for un-registered user, and the 
registered user can automaticly post new  topics or comment the other topics 
without filling up name and email form cuz their name and email will be taken 
from the database as they have logged in.

anyone can help me please? 

 
-
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.

Re: [PHP] foreach question

2007-04-08 Thread Sebe 

[EMAIL PROTECTED] wrote:

I have ..

foreach( $_POST as $key ) {echo "$key";
}

and that gives me

item1
item2
item3
item4
item5

how do I write it to give me

item1
item2
item3
item4
item5

Thanks


both examples do the same thing..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] foreach question

2007-04-08 Thread chris 

I have ..

foreach( $_POST as $key ) { 
   echo "$key";

}

and that gives me

item1
item2
item3
item4
item5

how do I write it to give me

item1
item2
item3
item4
item5

Thanks

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-08 Thread Travis Doherty 
Jochem Maas wrote:

>unless you are a payment gateway or a bank don't touch credit card numbers.
>there are plenty of threads in the archive of this list that give good reasons
>not to e.g. being sued out of existence.
>  
>
100% agreed.  Never touch credit card numbers.  You can't just take
credit card numbers and manually process them in 'card not present'
transactions (or MOTO in more archaic terms.)  You need a merchant
account that allows for this -- usually at a higher discount rate. 
Check the merchant agreement.

Your client should get an account like this, or better yet, provide you
with the instructions on how to integrate his site with the payment
providers so that you never have to worry about credit cards.

As an additional note... Maybe your SSL cert secures the numbers from
the client to the server, and just maybe your PHP scripts have no
security flaws in them, but you must remember the server itself and
everything else outside of PHP.  What if someone found a flaw in the FTP
server for example, or the mail server even, and used that to get the CC
info.   I would hate to be explaining to a list of 1000 clients that I
was responsible for their card numbers being stolen.

Travis Doherty

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Design Dilemma - Database Data Abstraction

2007-04-08 Thread Martin Alterisio 

2007/4/8, Paul Novitski <[EMAIL PROTECTED]>:


At 4/7/2007 09:49 AM, Martin Alterisio wrote:
>The solution I presented is to access, and act upon, a database as if
they
>were PHP arrays, meaning that a table is presented as an array of
records.

This implies to me that you'll read a series of tables into arrays,
modify the arrays, then update or recreate the database tables from
the arrays.  I can't really see how this can work for multiple users
because as soon as a second user reads and starts modifying the data
there will be obvious discontinuities between the two data snapshots,
and updating the tables from one user will erradicate changes made by
others.  Is this a single-user application you're working on?



First of all, thanks for replying, I really appreaciate it.

Second, I'm sorry, in my wild search for help I made the mistake of making
assumptions that would only lead to problems of communication. I forgot to
mention the base idea for the implementation. Actually no real arrays are
made, just objects that look and function like normal arrays through the SPL
interfaces ArrayAccess, Countable, Iterator and IteratorAggregate.

Answering your question: no, this will be used in a multi-user enviroment.

Basically all "array" operations will be traslated to the corresponding DB
operation. No caching. No postponing operations. Except for the record
object, which I think I will implement it so that field updates are done on
object destruction, but I'm still thinking about this.


I could index by the order as they are presented by the DB:
>
>$DB['users'][0] is the first user from the query "SELECT * FROM users"
>$DB['users'][1] is the second user from the query "SELECT * FROM users"
>etc..
>
>But this have many cons. First, without a deterministic order, the array
can
>change its logic order on the whim of the DB, nobody assures that the
order
>will be kept after a modification is made to the data, and this can be
>confusing and error prone:
>
>$name1 = $DB['users'][3]['name'];
>$name2 = $DB['users'][5]['name'];
>$DB['users'][3]['name'] = $name2;
>$DB['users'][5]['name'] = $name1;
>
>The last sentence may not be writing to the adequate record.

Hmm.  I don't see why this wouldn't work -- you're not changing the
keys (3 & 5) required to point to those unique records.  I can see a
problem if $name1 and $name2 were themselves the keys, but you're not
doing that in this example.



Well, it could not work if those operations are translated on the spot to
the corresponding DB action.

If that were the problem, though, you could simply mandate a rule

that you can never change the key of an array element that represents
a data record, so that the record sequence remains what it was
originally.  However, making your program logic depend on the record
sequence as it was read from the database seems quite iffy anyway
[especially in a multi-user system]; I'd just use the data table's
primary key as the array key and leave it at that.  Random access rocks!


From what you write, it almost seems as though you're assuming that
these statements:

>$DB['users'][3]['name'] = $name2;
>$DB['users'][5]['name'] = $name1;

actually modify the database records they represent.  If so, what
system are you using?  I just don't see this happening using simple
PHP and MySQL.  When you read a data record into a PHP array [with,
for example, mysql_fetch_array()] that array is just a static copy of
the data and doesn't possess any dynamic updating power over the
database.  Or are you using an I/O class that you're not showing in
your example code that executes a modifying query each time an "array
element" is changed?



That's actually what will happen. Using the SPL is actually posible. Sorry,
mi mistake for not explaining it throughly.


Another possible indexation could be by the value of the PK, but this also
>have some problems. First, it can be confusing if the PK is an
autonumeric
>int, as this might be seen as a numeric indexation.

You can prefix an autonumber field with alphabetic characters to
force it away from numeric indexing:

 $sKey = str_pad($aDataRecord['recno'], $iPadLength,
'pk_00', STR_PAD_LEFT);
 $aArray[$sKey] = $aDataRecord;

 e.g., recno 12345 becomes array key 'pk_012345'

Using str_pad(...LEFT) ensures that the array keys will be in the
same sequence as the data records even though the autonumber values
will be composed of differing numbers of digits.   You just have to
choose a pad length that equals the longest series of digits your
database will generate for an autonumber field.



But suppose $user holds the info of an user record:

$DB['users'][$user['id']]

I would like that to point to the same user.

Still, I'll think this thoughly. Thanks


Second, not all tables
>have only one field as PK (I can ask that all tables have at least a PK,
but
>I can't ask that the PK is made of only one field).

You can construct a single array key from multiple databas

Re: [PHP] keeping credit card info in session

2007-04-08 Thread Davi 
Em Domingo 08 Abril 2007 18:54, Jochem Maas escreveu:
> > So... What about PayPal or another similar service?? =]
>
> well:
>
> a, your not paypal or F2B.
> b, they are both payment providers.
>

Sorry... I didn't understand! =x

[]s

-- 
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--

Agora com fortune:
"/*
 *   Should be panic but... (Why are BSD people panic obsessed ??)
 */
linux-2.0.38/net/ipv4/ip_fw.c"

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-08 Thread Jochem Maas 
Davi wrote:
> Em Domingo 08 Abril 2007 18:37, Jochem Maas escreveu:
>> unless you are a payment gateway or a bank don't touch credit card numbers.
>> there are plenty of threads in the archive of this list that give good
>> reasons not to e.g. being sued out of existence.
>>
>> get a payment provider and let them handle the transaction automatically,
>> the site admin could be given a system whereby he/she can fire off email to
>> customers that give them a url to (and instruct them to) complete a
>> payment at your choose payment provider if a manual check needs to occur
>> before a payment is initiated.
>>
>> storing CC numbers on your machine is rather like walking around carrying
>> hot coals ... sooner or later you will be burned.
>>
> 
> So... What about PayPal or another similar service?? =]

well:

a, your not paypal or F2B.
b, they are both payment providers.

> 
> Here, on Brazil, I'm using PayPal [1] and F2B [2].
> 
> It's better than assume the riscs... =]
> 
> []s
> 
> [1] - www.paypal.com
> [2] - www.f2b.com.br
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-08 Thread Davi 
Em Domingo 08 Abril 2007 18:37, Jochem Maas escreveu:
> unless you are a payment gateway or a bank don't touch credit card numbers.
> there are plenty of threads in the archive of this list that give good
> reasons not to e.g. being sued out of existence.
>
> get a payment provider and let them handle the transaction automatically,
> the site admin could be given a system whereby he/she can fire off email to
> customers that give them a url to (and instruct them to) complete a
> payment at your choose payment provider if a manual check needs to occur
> before a payment is initiated.
>
> storing CC numbers on your machine is rather like walking around carrying
> hot coals ... sooner or later you will be burned.
>

So... What about PayPal or another similar service?? =]

Here, on Brazil, I'm using PayPal [1] and F2B [2].

It's better than assume the riscs... =]

[]s

[1] - www.paypal.com
[2] - www.f2b.com.br

-- 
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--

Agora com fortune:
"FORTUNE'S RANDOM QUOTES FROM MATCH GAME 75, NO. 1:

 Gene Rayburn: We'd like to close with a thought for the day, friends ---
   something ...

  Someone: (interrupting) Uh-oh
 
 Gene Rayburn: ...pithy, full of wisdom --- and we call on the Poet
   Laureate, Lipsy Russell

Lipsy Russell: The young people are very different today, and there is
   one sure way to know: Kids to use to ask where they came
   from, now they'll tell you where you can go.

  All: (laughter)"

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-08 Thread Satyam 
Notice the URL starts with 'usa'.  In other countries you do have to go by 
the local laws.



- Original Message - 
From: "Dan Harrington" <[EMAIL PROTECTED]>
To: "'Satyam'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; 


Sent: Sunday, April 08, 2007 11:32 PM
Subject: RE: [PHP] keeping credit card info in session


Its not the country rules to worry about, it is Visa and MasterCard who 
will

come down hard on you with $$ penalties if you don't maintain cardholder
security correctly.
http://usa.visa.com/merchants/risk_management/cisp.html?ep=v_sym_cisp

Dan

--
Dan Harrington
NXGEN Payment Services
112 12th Ave. S.
Nampa, ID 83651
208-498-1666 (voice)
208-498-1667 (fax)
[EMAIL PROTECTED]



-Original Message-
From: Satyam [mailto:[EMAIL PROTECTED]
Sent: Sunday, April 08, 2007 3:25 PM
To: [EMAIL PROTECTED]; php-general@lists.php.net
Subject: Re: [PHP] keeping credit card info in session

Check the local legislation regarding keeping such sensitive information.
Many countries do have strict requirements for handling credit card info.
Your bank might help you find what the rules are.

Satyam

- Original Message -
From: <[EMAIL PROTECTED]>
To: 
Sent: Sunday, April 08, 2007 8:26 PM
Subject: [PHP] keeping credit card info in session




Hi All,

I've got quite a bit or php experience, but I've never had to deal with
credit
card info before. Now for a property rental site, I'm adding a way for
users to
be able to fill out a form which also has some credit card info in it.

After they submit the form, there are a couple of more steps and to pass
credit
card info to the last page, I'm storing all the info in my session. Now, 
I



did
go and bought an SSL certificate, so the booking section of the site is 
on



SSL
(https). I'm just wondering if this is secure enough. as far as I know,
SSL
means connection to server is secured, so session variables should be
secured
too. no?

Also after I get credit card info, I'm storing them in a mysql table 
until



an
admin would log in to the site, see new reservations, charge them 
manually



and
contact the customer, and then that entry will be removed from my 
database



for
ever. Is this ok? or is it a really bad idea? originally the plan was to
send
an email to the admin with credit card info, but then I realized that
emails
are very unsecure. so I decided to keep the info on the SSL section of 
the



site.

just because I'm dealing with credit cards, I'm so afraid of doing
anything
now. Any suggestions? or perhaps any links to how to make it all more
secure?

Thanks a lot in advance,
Siavash

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007
22:57




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007 
22:57





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-08 Thread Jochem Maas 
unless you are a payment gateway or a bank don't touch credit card numbers.
there are plenty of threads in the archive of this list that give good reasons
not to e.g. being sued out of existence.

get a payment provider and let them handle the transaction automatically,
the site admin could be given a system whereby he/she can fire off email to
customers that give them a url to (and instruct them to) complete a
payment at your choose payment provider if a manual check needs to occur
before a payment is initiated.

storing CC numbers on your machine is rather like walking around carrying
hot coals ... sooner or later you will be burned.

[EMAIL PROTECTED] wrote:
> Hi All,
>  
> I've got quite a bit or php experience, but I've never had to deal with 
> credit 
> card info before. Now for a property rental site, I'm adding a way for users 
> to 
> be able to fill out a form which also has some credit card info in it.
>  
> After they submit the form, there are a couple of more steps and to pass 
> credit 
> card info to the last page, I'm storing all the info in my session. Now, I 
> did 
> go and bought an SSL certificate, so the booking section of the site is on 
> SSL 
> (https). I'm just wondering if this is secure enough. as far as I know, SSL 
> means connection to server is secured, so session variables should be secured 
> too. no?
>  
> Also after I get credit card info, I'm storing them in a mysql table until an 
> admin would log in to the site, see new reservations, charge them manually 
> and 
> contact the customer, and then that entry will be removed from my database 
> for 
> ever. Is this ok? or is it a really bad idea? originally the plan was to send 
> an email to the admin with credit card info, but then I realized that emails 
> are very unsecure. so I decided to keep the info on the SSL section of the 
> site.
>  
> just because I'm dealing with credit cards, I'm so afraid of doing anything 
> now. Any suggestions? or perhaps any links to how to make it all more secure?
>  
> Thanks a lot in advance,
> Siavash
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] keeping credit card info in session

2007-04-08 Thread Dan Harrington 
Its not the country rules to worry about, it is Visa and MasterCard who will
come down hard on you with $$ penalties if you don't maintain cardholder
security correctly.
http://usa.visa.com/merchants/risk_management/cisp.html?ep=v_sym_cisp

Dan

--
Dan Harrington
NXGEN Payment Services
112 12th Ave. S.
Nampa, ID 83651
208-498-1666 (voice)
208-498-1667 (fax)
[EMAIL PROTECTED]
 
 

-Original Message-
From: Satyam [mailto:[EMAIL PROTECTED] 
Sent: Sunday, April 08, 2007 3:25 PM
To: [EMAIL PROTECTED]; php-general@lists.php.net
Subject: Re: [PHP] keeping credit card info in session

Check the local legislation regarding keeping such sensitive information. 
Many countries do have strict requirements for handling credit card info. 
Your bank might help you find what the rules are.

Satyam

- Original Message -
From: <[EMAIL PROTECTED]>
To: 
Sent: Sunday, April 08, 2007 8:26 PM
Subject: [PHP] keeping credit card info in session


>
> Hi All,
>
> I've got quite a bit or php experience, but I've never had to deal with 
> credit
> card info before. Now for a property rental site, I'm adding a way for 
> users to
> be able to fill out a form which also has some credit card info in it.
>
> After they submit the form, there are a couple of more steps and to pass 
> credit
> card info to the last page, I'm storing all the info in my session. Now, I

> did
> go and bought an SSL certificate, so the booking section of the site is on

> SSL
> (https). I'm just wondering if this is secure enough. as far as I know, 
> SSL
> means connection to server is secured, so session variables should be 
> secured
> too. no?
>
> Also after I get credit card info, I'm storing them in a mysql table until

> an
> admin would log in to the site, see new reservations, charge them manually

> and
> contact the customer, and then that entry will be removed from my database

> for
> ever. Is this ok? or is it a really bad idea? originally the plan was to 
> send
> an email to the admin with credit card info, but then I realized that 
> emails
> are very unsecure. so I decided to keep the info on the SSL section of the

> site.
>
> just because I'm dealing with credit cards, I'm so afraid of doing 
> anything
> now. Any suggestions? or perhaps any links to how to make it all more 
> secure?
>
> Thanks a lot in advance,
> Siavash
>
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007 
> 22:57
>
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-08 Thread Satyam 
Check the local legislation regarding keeping such sensitive information. 
Many countries do have strict requirements for handling credit card info. 
Your bank might help you find what the rules are.


Satyam

- Original Message - 
From: <[EMAIL PROTECTED]>

To: 
Sent: Sunday, April 08, 2007 8:26 PM
Subject: [PHP] keeping credit card info in session




Hi All,

I've got quite a bit or php experience, but I've never had to deal with 
credit
card info before. Now for a property rental site, I'm adding a way for 
users to

be able to fill out a form which also has some credit card info in it.

After they submit the form, there are a couple of more steps and to pass 
credit
card info to the last page, I'm storing all the info in my session. Now, I 
did
go and bought an SSL certificate, so the booking section of the site is on 
SSL
(https). I'm just wondering if this is secure enough. as far as I know, 
SSL
means connection to server is secured, so session variables should be 
secured

too. no?

Also after I get credit card info, I'm storing them in a mysql table until 
an
admin would log in to the site, see new reservations, charge them manually 
and
contact the customer, and then that entry will be removed from my database 
for
ever. Is this ok? or is it a really bad idea? originally the plan was to 
send
an email to the admin with credit card info, but then I realized that 
emails
are very unsecure. so I decided to keep the info on the SSL section of the 
site.


just because I'm dealing with credit cards, I'm so afraid of doing 
anything
now. Any suggestions? or perhaps any links to how to make it all more 
secure?


Thanks a lot in advance,
Siavash

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007 
22:57





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: keeping credit card info in session

2007-04-08 Thread itoctopus 
Usually paying should be the last step, so you might probably want to review
your workflow.
Anyways, if you're storing the credit card in the database, then why are you
also storing it in the session, you can just query the database for the
credit card based on the session id (so you should also store the session id
in that table).
Since you're storing the credit card in the database, then you should
encrypt the credit card (there are plenty of encryption/decrypting
algorithms on the internet for PHP).
Other than that, I think everything is fine, and your system should work
smoothly.
--
itoctopus - http://www.itoctopus.com
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> Hi All,
>
> I've got quite a bit or php experience, but I've never had to deal with
credit
> card info before. Now for a property rental site, I'm adding a way for
users to
> be able to fill out a form which also has some credit card info in it.
>
> After they submit the form, there are a couple of more steps and to pass
credit
> card info to the last page, I'm storing all the info in my session. Now, I
did
> go and bought an SSL certificate, so the booking section of the site is on
SSL
> (https). I'm just wondering if this is secure enough. as far as I know,
SSL
> means connection to server is secured, so session variables should be
secured
> too. no?
>
> Also after I get credit card info, I'm storing them in a mysql table until
an
> admin would log in to the site, see new reservations, charge them manually
and
> contact the customer, and then that entry will be removed from my database
for
> ever. Is this ok? or is it a really bad idea? originally the plan was to
send
> an email to the admin with credit card info, but then I realized that
emails
> are very unsecure. so I decided to keep the info on the SSL section of the
site.
>
> just because I'm dealing with credit cards, I'm so afraid of doing
anything
> now. Any suggestions? or perhaps any links to how to make it all more
secure?
>
> Thanks a lot in advance,
> Siavash

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] which CMS are you using and why?

2007-04-08 Thread Lester Caine 

Fernando Cosso wrote:

Well that's the question.
I have to start a new project and I have to decide the CMS.
I have thought mambo will do, but looking at the documentation, it
disappointed me a little.
I need a documentation with examples of the objects, functions and all that
stuff. The project has to be mature (That why I like mambo). The cms has to
be flexible, with a very large community.


bitweaver
www.bitweaver.org

--
Lester Caine - G8HFL
-
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-08 Thread Davi 
Em Domingo 08 Abril 2007 15:26, [EMAIL PROTECTED] escreveu:
> Hi All,
>
> I've got quite a bit or php experience, but I've never had to deal with
> credit card info before. Now for a property rental site, I'm adding a way
> for users to be able to fill out a form which also has some credit card
> info in it.
>
> After they submit the form, there are a couple of more steps and to pass
> credit card info to the last page, I'm storing all the info in my session.
> Now, I did go and bought an SSL certificate, so the booking section of the
> site is on SSL (https). I'm just wondering if this is secure enough. as far
> as I know, SSL means connection to server is secured, so session variables
> should be secured too. no?
>
> Also after I get credit card info, I'm storing them in a mysql table until
> an admin would log in to the site, see new reservations, charge them
> manually and contact the customer, and then that entry will be removed from
> my database for ever. Is this ok? or is it a really bad idea? originally
> the plan was to send an email to the admin with credit card info, but then
> I realized that emails are very unsecure. so I decided to keep the info on
> the SSL section of the site.
>
> just because I'm dealing with credit cards, I'm so afraid of doing anything
> now. Any suggestions? or perhaps any links to how to make it all more
> secure?
>
> Thanks a lot in advance,
> Siavash

Just one thing: how about cript the DB data with base64 or anything else?
Some PGP key... Whatever...

JMO...

BTW, I liked your solution (store in DB)... I would use it...

[]s


-- 
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--

Agora com fortune:
"If a nation values anything more than freedom, it will lose its freedom;
and the irony of it is that if it is comfort or money it values more, it
will lose that, too.
-- W. Somerset Maugham"

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] keeping credit card info in session

2007-04-08 Thread siavash1979 

Hi All,
 
I've got quite a bit or php experience, but I've never had to deal with credit 
card info before. Now for a property rental site, I'm adding a way for users to 
be able to fill out a form which also has some credit card info in it.
 
After they submit the form, there are a couple of more steps and to pass credit 
card info to the last page, I'm storing all the info in my session. Now, I did 
go and bought an SSL certificate, so the booking section of the site is on SSL 
(https). I'm just wondering if this is secure enough. as far as I know, SSL 
means connection to server is secured, so session variables should be secured 
too. no?
 
Also after I get credit card info, I'm storing them in a mysql table until an 
admin would log in to the site, see new reservations, charge them manually and 
contact the customer, and then that entry will be removed from my database for 
ever. Is this ok? or is it a really bad idea? originally the plan was to send 
an email to the admin with credit card info, but then I realized that emails 
are very unsecure. so I decided to keep the info on the SSL section of the site.
 
just because I'm dealing with credit cards, I'm so afraid of doing anything 
now. Any suggestions? or perhaps any links to how to make it all more secure?
 
Thanks a lot in advance,
Siavash

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread Jochem Maas 
just a few random thought on how to make it even more painful to
crack. random colored borders, random border width, slight changes in 
width/height,
random pixel noise or varying colors, animated gifs (where does the arrow stop),
animated gifs (where does the red/pink/blue/green arrow point to),

make the letters random with regard to character and position [and make the 
letters generated images them selves]
that way know where the arrow is pointing is only half the solution.

or may rather take this technique and combine it with std captcha such that
you output an image with a stack of [freaky] letters in it and one of them
has an arrow pointing at it.

yadda yadda.

in theory it's all crackable - but somewhere along the line the problem becomes
too hard to make it worth the effort to try (unless your securing Fort Knox or 
something)


Tijnema ! wrote:
> On 4/8/07, tedd <[EMAIL PROTECTED]> wrote:
>> At 9:42 AM +0200 4/8/07, Tijnema ! wrote:
>> >You can't stop me :)
>> >
>> >http://86.86.80.41/dev/debug/tedd.php
>> >
>> >It's cracked again :)
>> >
>> >and of course i show you the code:
>> >
>> >http://86.86.80.41/dev/debug/tedd.txt
>> >
>> >Waiting for your next try :P
>> >
>>
>> Tijnema:
>>
>> I might not be able to stop you, but I am sure I can wear you out.
>>
>> Here's my latest:
>>
>> http://sperling.com/a/arrows/
>>
>> But before you spend too much time tying to figure it out, which with
>> a HEX editor you should be able to easily discover -- this is what I
>> did.
>>
>> 1. All my arrow GIF files range in size from about 500 bytes to 1.1
>> KB (it's not important to the solution, just a matter of range);
>>
>> 2. Between DEC 64 (HEX 40) to DEC 109 (HEX 6C) in the header exist
>> all zeros. They don't provide any information regarding this image;
>>
>> 3. I simply used this area to store a single HEX number ranging from
>> 0 to 255 DEC (HEX 0-255);
>>
>> 4. This gave me 11,475 different combinations for each GIF by
>> changing a single bye in the header. If I used two bytes in the
>> header, then the combinations would square.  If I used all available
>> space, then the possible combinations would be 11,475 to the 255
>> power (if my math is right) for each GIF.
>>
>> True, you could:
>>
>> 1. Record every MD5 of every combination for every GIF (8 x
>> 11,475^255 different combinations) and then use those to crack this;
>>
>> 2. OR, simply zero out the area from DEC 64 to DEC 109 and use that.
>>
>> Either case would break my code.
> 
> Since you're already telling how to break, i'm not gonna break it
> anymore :)
> Btw, also you should be able to convert it to JPEG/PNG/BMP/TIFF and
> then convert it back to GIF.  That should clean up the header :)
> 
>>
>> However, I am positive if I generated the image "on the fly" OR
>> merged the image with a single randomized placement pixel I could
>> generate an image that would be easily recognized by a human but not
>> resolved by a MD5 solution.
>>
>> Remember, I could also use a jpeg file and have millions of colors to
>> chose from. Unless, there is something here that I don't understand
>> (which very well could be), I can't see how anyone, without massive
>> computer resources, could break that.
>>
>> Am I wrong?
> 
> Maybe... What about OCR programs? they can read letters from images,
> if you could transfrom that to an program that could read arrows
> instead of characters. then you probably could crack it, also if you
> store random pixels in it. And that doesn't use massive computer
> resources :)
> 
> That's why i wanted to go for movies, because they are a lot harder to
> process, but still they are processable by a bot, and so it could be
> cracked
> 
> I don't think any of us will ever find a code that's not crackable,
> but the amount of time needed to crack needs to be as high as
> possible, so that crackers will stay away because it takes way too
> much time, and maybe also too much computer resources. But while doing
> this, it should never disturb the normal user from using your site.
> 
> 
>>
>> Cheers,
>>
>> tedd
>>
>> PS: I love these types of discussions
> 
> Me too :)
>> -- 
>> ---
>> http://sperling.com  http://ancientstones.com  http://earthstones.com
>>
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] which CMS are you using and why?

2007-04-08 Thread Dave Goodchild 

I have just upgraded to Drupal 5 and so far am very impressed - D5 comes
bundled with the jquery library and I have found drupal to be very powerful
with a wide and supportive community.

Re: [PHP] MD5 & bot Question

2007-04-08 Thread Tijnema ! 

On 4/8/07, tedd <[EMAIL PROTECTED]> wrote:

At 9:42 AM +0200 4/8/07, Tijnema ! wrote:
>You can't stop me :)
>
>http://86.86.80.41/dev/debug/tedd.php
>
>It's cracked again :)
>
>and of course i show you the code:
>
>http://86.86.80.41/dev/debug/tedd.txt
>
>Waiting for your next try :P
>

Tijnema:

I might not be able to stop you, but I am sure I can wear you out.

Here's my latest:

http://sperling.com/a/arrows/

But before you spend too much time tying to figure it out, which with
a HEX editor you should be able to easily discover -- this is what I
did.

1. All my arrow GIF files range in size from about 500 bytes to 1.1
KB (it's not important to the solution, just a matter of range);

2. Between DEC 64 (HEX 40) to DEC 109 (HEX 6C) in the header exist
all zeros. They don't provide any information regarding this image;

3. I simply used this area to store a single HEX number ranging from
0 to 255 DEC (HEX 0-255);

4. This gave me 11,475 different combinations for each GIF by
changing a single bye in the header. If I used two bytes in the
header, then the combinations would square.  If I used all available
space, then the possible combinations would be 11,475 to the 255
power (if my math is right) for each GIF.

True, you could:

1. Record every MD5 of every combination for every GIF (8 x
11,475^255 different combinations) and then use those to crack this;

2. OR, simply zero out the area from DEC 64 to DEC 109 and use that.

Either case would break my code.


Since you're already telling how to break, i'm not gonna break it anymore :)
Btw, also you should be able to convert it to JPEG/PNG/BMP/TIFF and
then convert it back to GIF.  That should clean up the header :)



However, I am positive if I generated the image "on the fly" OR
merged the image with a single randomized placement pixel I could
generate an image that would be easily recognized by a human but not
resolved by a MD5 solution.

Remember, I could also use a jpeg file and have millions of colors to
chose from. Unless, there is something here that I don't understand
(which very well could be), I can't see how anyone, without massive
computer resources, could break that.

Am I wrong?


Maybe... What about OCR programs? they can read letters from images,
if you could transfrom that to an program that could read arrows
instead of characters. then you probably could crack it, also if you
store random pixels in it. And that doesn't use massive computer
resources :)

That's why i wanted to go for movies, because they are a lot harder to
process, but still they are processable by a bot, and so it could be
cracked

I don't think any of us will ever find a code that's not crackable,
but the amount of time needed to crack needs to be as high as
possible, so that crackers will stay away because it takes way too
much time, and maybe also too much computer resources. But while doing
this, it should never disturb the normal user from using your site.




Cheers,

tedd

PS: I love these types of discussions


Me too :)

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread tedd 

At 12:38 AM +0100 4/8/07, Stut wrote:

tedd wrote:

Okay, I think I figured out a fix -- try it again. :-)

http://sperling.com/a/arrows/

A little knowledge is a dangerous thing.


Give up now, while you're still sane.

Think about what you're trying to do. You're trying to do something 
different on the client every time, but without letting that client 
know something is different.


It really really really can't be done. Something  needs to be 
visually different, therefore something in what the client gets 
needs to be different. Do you see why it's not possible now?


-Stut


-Stut:

With all due respect, I figure that you've probably forgot more about 
php than I know, but sometimes people have to find out for 
themselves. That's what I'm doing.


However, in the past I have gone up against conventional theory and 
changed it. I don't think this is one of those times, but who knows? 
Perhaps you know better, but I don't know yet.


The way I figure it, in an image I have 72 dot per square inch -- so, 
in one square inch that's 5,184 places for me to store a 24 bit key. 
To me, that's a lot of places to hid my Easter egg -- is that not 
enough?


Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread tedd 

At 9:42 AM +0200 4/8/07, Tijnema ! wrote:

You can't stop me :)

http://86.86.80.41/dev/debug/tedd.php

It's cracked again :)

and of course i show you the code:

http://86.86.80.41/dev/debug/tedd.txt

Waiting for your next try :P



Tijnema:

I might not be able to stop you, but I am sure I can wear you out.

Here's my latest:

http://sperling.com/a/arrows/

But before you spend too much time tying to figure it out, which with 
a HEX editor you should be able to easily discover -- this is what I 
did.


1. All my arrow GIF files range in size from about 500 bytes to 1.1 
KB (it's not important to the solution, just a matter of range);


2. Between DEC 64 (HEX 40) to DEC 109 (HEX 6C) in the header exist 
all zeros. They don't provide any information regarding this image;


3. I simply used this area to store a single HEX number ranging from 
0 to 255 DEC (HEX 0-255);


4. This gave me 11,475 different combinations for each GIF by 
changing a single bye in the header. If I used two bytes in the 
header, then the combinations would square.  If I used all available 
space, then the possible combinations would be 11,475 to the 255 
power (if my math is right) for each GIF.


True, you could:

1. Record every MD5 of every combination for every GIF (8 x 
11,475^255 different combinations) and then use those to crack this;


2. OR, simply zero out the area from DEC 64 to DEC 109 and use that.

Either case would break my code.

However, I am positive if I generated the image "on the fly" OR 
merged the image with a single randomized placement pixel I could 
generate an image that would be easily recognized by a human but not 
resolved by a MD5 solution.


Remember, I could also use a jpeg file and have millions of colors to 
chose from. Unless, there is something here that I don't understand 
(which very well could be), I can't see how anyone, without massive 
computer resources, could break that.


Am I wrong?

Cheers,

tedd

PS: I love these types of discussions
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: which CMS are you using and why?

2007-04-08 Thread itoctopus 
Mambo/Joomla, they're both great. Wordpress is also excellent, though I'm
not sure it would fit your needs.

--
itoctopus - http://www.itoctopus.com
""Fernando Cosso"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Well that's the question.
> I have to start a new project and I have to decide the CMS.
> I have thought mambo will do, but looking at the documentation, it
> disappointed me a little.
> I need a documentation with examples of the objects, functions and all
that
> stuff. The project has to be mature (That why I like mambo). The cms has
to
> be flexible, with a very large community.
> Thanks in advance for your comments
> Best regards
>
> --
> [EMAIL PROTECTED]
> http://www.fernandocosso.com.ar
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP textbook suggestions?

2007-04-08 Thread David Powers 

Chris Lott wrote:

I will be teaching, so a book that a student can-- before the class--
work through and understand is good-- doesn't have to be a traditional
textbook! But it shouldn't be a reference manual either.


If you're looking for an up-to-date beginner's book that advocates (what 
I consider to be) good practice, you might want to consider my "PHP 
Solutions" (http://foundationphp.com/phpsolutions/). It takes a 
practical approach, is based on PHP 5, but also offers PHP alternatives 
if PHP 5 isn't available. It has received good reviews on Amazon.


If you are considering it for adoption as a textbook, my publisher 
(friends of ED) supplies textbook review copies:


http://www.friendsofed.com/contact.html#academic

--
David Powers

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP4 vs PHP5

2007-04-08 Thread Colin Guthrie 
Fernando Cosso wrote:
> I'm sure Mambo is ready for php5.

I personally prefer Joomla! which is a fork of Mambo from about a year
or so ago. You may be happy with Mambo but I'd take a look at Jooma too
as it may fit your needs better. It seems that the majority of community
support is for Joomla and Mambo seems to have suffered as a result (the
whole split/fork happened due to politics and license decisions and the
formation of a for-profit Mambo Foundation which seemed to go against
the spirit of the overall community.

Just letting you know incase you've not found it out yourself yet!

Cheers

Col.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: which CMS are you using and why?

2007-04-08 Thread Colin Guthrie 
Fernando Cosso wrote:
> Well that's the question.
> I have to start a new project and I have to decide the CMS.
> I have thought mambo will do, but looking at the documentation, it
> disappointed me a little.
> I need a documentation with examples of the objects, functions and all that
> stuff. The project has to be mature (That why I like mambo). The cms has to
> be flexible, with a very large community.
> Thanks in advance for your comments
> Best regards
> 

I use Joomla a lot. It is basically Mambo but more community led.
Version 1.5 which is on the horizon (in beta just now) will solve a lot
of the "problems" when working with older Joomlas/Mambo e.g. plugins,
documentation etc.

Other people I know really like Drupal too but I've not really gone down
that route myself so cannot comment.

Col

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] which CMS are you using and why?

2007-04-08 Thread Anders Norrbring 

Fernando Cosso skrev:

Well that's the question.
I have to start a new project and I have to decide the CMS.
I have thought mambo will do, but looking at the documentation, it
disappointed me a little.
I need a documentation with examples of the objects, functions and all that
stuff. The project has to be mature (That why I like mambo). The cms has to
be flexible, with a very large community.
Thanks in advance for your comments
Best regards



Hiya..
Take a look at e107, I've been using it for quite some projects, and 
it's very flexible and has good support for multiple languages as well. 
Find it on http://e107.org


--

Anders Norrbring
Norrbring Consulting

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] spl DirectoryIterator

2007-04-08 Thread Jochem Maas 
Matthew Dellar wrote:
> I have a problem,
> 
> I need to turn an iterator into an array, but when I do, some methods I
> need to use stop working.

why do you need to turn it into an array? maybe there is an alternative?
my first reaction would be that if you really need an array then you'll
probably be required to write your own conversion function, e.g.

function myI2A(DirectoryIterator $i)
{
$a = array();
foreach ($i as $el) {
$a[] = array(
'file' => $el->getFileName(),
'path' => $el->getPath(),
// etc
);
}
return $a;
}

> 
> Take a look at the following example:
> 
> $dir = 'c:/';
> $files = new DirectoryIterator($dir);
> //$files = iterator_to_array($files);
> foreach ($files as $file) {

$file is, AFAIC tell, a reference to the DirectoryIterator object ...
the methods $file exposes are methods of the DirectoryIterator object
that return values in the context of the current position in the iterator.

this thinking is based on the following docs:

http://www.php.net/~helly/php/ext/spl/classDirectoryIterator.html

and the stub-docs at php.net.

> echo "{$file->getFileName()}";//works
> echo "{$file->getPath()}";//works
> }
> 
> It works as expected. However, when the iterator is turned into an array:
> 
> $dir = 'c:/';
> $files = new DirectoryIterator($dir);
> $files = iterator_to_array($files);

given what I said above (and assuming it is correct) this would explain
why your getting back an array of DirectoryIterator objects.

my guess is that iterator_to_array() can't currently handle all kinds of
iterator (especially more exotic implementations)

> foreach ($files as $file) {
> echo "{$file->getFileName()}"; //does not work
> echo "{$file->getPath()}";//works
> }
> 
> It stops working. Can someone please help me, as a have tried and failed
> to find the cause of the problem.
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread benifactor 
but most people have different ones :)  you could also use a random 
position :) fooeee.


Robert Cummings wrote:

On Sun, 2007-04-08 at 05:41 -0700, benifactor wrote:
  

indeed. i was just throwing out the idea of ever changing values.



Except IP addresses aren't ever changing ;)

Cheers,
Rob.
  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread Robert Cummings 
On Sun, 2007-04-08 at 05:41 -0700, benifactor wrote:
> indeed. i was just throwing out the idea of ever changing values.

Except IP addresses aren't ever changing ;)

Cheers,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread benifactor 

indeed. i was just throwing out the idea of ever changing values.

Robert Cummings wrote:

On Sun, 2007-04-08 at 04:38 -0700, benifactor wrote:
  

hmm, why don't you md5 more then once..

for example, use a condition that will change with every visitor. like 
the third num in $_SERVER['REMOTE_ADDR'];  or something of the sort.  
then make a loop..


say the third num in my ip address is 5

the person that visits after me would get my value, and say you were 
right before me and yours was a 7


the md5 check for me would look like

md5(md5(md5(md5(md5(md5(md5($value)));

and for the person right after me

md5(md5(md5(md5(md5($value);

this way for each visitor, a piece of the puzzle is changed. just an 
idea, and have no idea if it would even work for what your doing...




Ugh, don't do that... it's no more differentiated than doing the
following which is cleaner:

md5( $_SERVER['REMOTE_ADDR'].$value );

The above uses the IP address as a salt. But better yet, since the above
is still prone to abuse by the same server making repeat attempts,
create a multi-salt system...

$salt1 = 'YoUR SeKreT SaLT';
$salt2 = time();
$salt3 = uniqid();

$md5 = md5( $salt1.'__'.$salt2.'__'.$salt3.'__'.$value );

Then in your form you include the value of $salt2, $salt3, and $md5. In
this way only those who know the secret salt can rebuilt the md5 to
check validity. Presumably you won't allow the same md5 to be used
twice. The time is tracked so that you can limit validity of the salt
for a period of time. So if the time on your server is more than 20
minutes ahead of the time for the submission, you can feel free delete
entries ion your database since the time has expired. This allows you to
not need to track all md5s ever generated. Only the last X minutes of
md5s.

If you implement this, Tijnema won't be able to break it.

Cheers,
Rob.
  


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread Robert Cummings 
On Sun, 2007-04-08 at 04:38 -0700, benifactor wrote:
> hmm, why don't you md5 more then once..
> 
> for example, use a condition that will change with every visitor. like 
> the third num in $_SERVER['REMOTE_ADDR'];  or something of the sort.  
> then make a loop..
> 
> say the third num in my ip address is 5
> 
> the person that visits after me would get my value, and say you were 
> right before me and yours was a 7
> 
> the md5 check for me would look like
> 
> md5(md5(md5(md5(md5(md5(md5($value)));
> 
> and for the person right after me
> 
> md5(md5(md5(md5(md5($value);
> 
> this way for each visitor, a piece of the puzzle is changed. just an 
> idea, and have no idea if it would even work for what your doing...


Ugh, don't do that... it's no more differentiated than doing the
following which is cleaner:

md5( $_SERVER['REMOTE_ADDR'].$value );

The above uses the IP address as a salt. But better yet, since the above
is still prone to abuse by the same server making repeat attempts,
create a multi-salt system...

$salt1 = 'YoUR SeKreT SaLT';
$salt2 = time();
$salt3 = uniqid();

$md5 = md5( $salt1.'__'.$salt2.'__'.$salt3.'__'.$value );

Then in your form you include the value of $salt2, $salt3, and $md5. In
this way only those who know the secret salt can rebuilt the md5 to
check validity. Presumably you won't allow the same md5 to be used
twice. The time is tracked so that you can limit validity of the salt
for a period of time. So if the time on your server is more than 20
minutes ahead of the time for the submission, you can feel free delete
entries ion your database since the time has expired. This allows you to
not need to track all md5s ever generated. Only the last X minutes of
md5s.

If you implement this, Tijnema won't be able to break it.

Cheers,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread benifactor 

hmm, why don't you md5 more then once..

for example, use a condition that will change with every visitor. like 
the third num in $_SERVER['REMOTE_ADDR'];  or something of the sort.  
then make a loop..


say the third num in my ip address is 5

the person that visits after me would get my value, and say you were 
right before me and yours was a 7


the md5 check for me would look like

md5(md5(md5(md5(md5(md5(md5($value)));

and for the person right after me

md5(md5(md5(md5(md5($value);

this way for each visitor, a piece of the puzzle is changed. just an 
idea, and have no idea if it would even work for what your doing...


Tijnema ! wrote:

On 4/8/07, Tijnema ! <[EMAIL PROTECTED]> wrote:

On 4/8/07, tedd <[EMAIL PROTECTED]> wrote:
> >>Well, I cracked it for you :)
> >>
> >>http://86.86.80.41/dev/debug/tedd.php
> >>
> >>At the bottom it shows you the MD5 code of your arrow image, and it
> >>shows you which way it points to :)
> >>
> >>If you're interested in the code:
> >>
> >>http://86.86.80.41/dev/debug/tedd.txt
> >>
> >>Tijnema
>
> Tijnema:
>
> Okay, I think I figured out a fix -- try it again. :-)
>
> http://sperling.com/a/arrows/
>
> A little knowledge is a dangerous thing.
>
> Cheers,
>
> tedd

Looks interesting. It generates a different MD5 each time
I'll take a deeper look at it today, and hope to find a way to crack 
it :)


Tijnema



You can't stop me :)

http://86.86.80.41/dev/debug/tedd.php

It's cracked again :)

and of course i show you the code:

http://86.86.80.41/dev/debug/tedd.txt

Waiting for your next try :P

Tijnema



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: spl DirectoryIterator

2007-04-08 Thread Tijnema ! 

On 4/8/07, itoctopus <[EMAIL PROTECTED]> wrote:

After some testing and reading, I think this function is still experimental.
Anyone else has some thoughts on this?



I agree with you, this function seems not working correctly. From what
i see of my testing is that this makes an array, with some iterators
inside it. But all these iterators are the same iterator i started
with. Meaning i get an array of all duplicate iterators. This is not
what it should do i think, but there's no documentation on the
fuction, so i can't compare with the "expected output".

Tijnema

--
itoctopus - http://www.itoctopus.com
"Matthew Dellar" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> I have a problem,
>
> I need to turn an iterator into an array, but when I do, some methods I
> need to use stop working.
>
> Take a look at the following example:
>
> $dir = 'c:/';
> $files = new DirectoryIterator($dir);
> //$files = iterator_to_array($files);
> foreach ($files as $file) {
>  echo "{$file->getFileName()}";//works
>  echo "{$file->getPath()}";//works
> }
>
> It works as expected. However, when the iterator is turned into an array:
>
> $dir = 'c:/';
> $files = new DirectoryIterator($dir);
> $files = iterator_to_array($files);
> foreach ($files as $file) {
>  echo "{$file->getFileName()}"; //does not work
>  echo "{$file->getPath()}";//works
> }
>
> It stops working. Can someone please help me, as a have tried and failed
> to find the cause of the problem.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread Tijnema ! 

On 4/8/07, Tijnema ! <[EMAIL PROTECTED]> wrote:

On 4/8/07, tedd <[EMAIL PROTECTED]> wrote:
> >>Well, I cracked it for you :)
> >>
> >>http://86.86.80.41/dev/debug/tedd.php
> >>
> >>At the bottom it shows you the MD5 code of your arrow image, and it
> >>shows you which way it points to :)
> >>
> >>If you're interested in the code:
> >>
> >>http://86.86.80.41/dev/debug/tedd.txt
> >>
> >>Tijnema
>
> Tijnema:
>
> Okay, I think I figured out a fix -- try it again. :-)
>
> http://sperling.com/a/arrows/
>
> A little knowledge is a dangerous thing.
>
> Cheers,
>
> tedd

Looks interesting. It generates a different MD5 each time
I'll take a deeper look at it today, and hope to find a way to crack it :)

Tijnema



You can't stop me :)

http://86.86.80.41/dev/debug/tedd.php

It's cracked again :)

and of course i show you the code:

http://86.86.80.41/dev/debug/tedd.txt

Waiting for your next try :P

Tijnema

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-08 Thread Tijnema ! 

On 4/8/07, tedd <[EMAIL PROTECTED]> wrote:

>>Well, I cracked it for you :)
>>
>>http://86.86.80.41/dev/debug/tedd.php
>>
>>At the bottom it shows you the MD5 code of your arrow image, and it
>>shows you which way it points to :)
>>
>>If you're interested in the code:
>>
>>http://86.86.80.41/dev/debug/tedd.txt
>>
>>Tijnema

Tijnema:

Okay, I think I figured out a fix -- try it again. :-)

http://sperling.com/a/arrows/

A little knowledge is a dangerous thing.

Cheers,

tedd


Looks interesting. It generates a different MD5 each time
I'll take a deeper look at it today, and hope to find a way to crack it :)

Tijnema

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php