Re: [PHP] Generate unique login token

2009-02-09 Thread Stuart 
2009/2/10 sean greenslade :
> I have a login system that I am coding. I need it to generate a unique token
> on login to be stored in the browser's cookie. I currently use a script that
> generates a MD5 hash of the current unix timestamp, then checks the mysql
> database to see if the token already exists. It loops this generate/check
> until it gets a unique token. Is there a better way to do this? I want a
> token that cannot be easiy predicted (i.e. not an auto-increment value).
> Thanks in advance!

I've never had a clash with this on a site with 20m PVPM...

$token = sha1($_SERVER['REMOTE_ADDR'].microtime(true));

-Stuart

-- 
http://stut.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] paging

2009-02-09 Thread Kevin Waterson 
On Tue, 2009-02-10 at 03:26 +, Jim Douglas wrote:

http://phpro.org/tutorials/Pagination-with-PHP-and-PDO.html
> 
> 
> 
> 
> Does anyone have a link to any examples of paging?


Kevin
http://phpro.org


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] problem with sending data

2009-02-09 Thread Chris 

Mousa Masri wrote:

Dear

I have problem with writing large data (large text) in the database or any file 
.
If we try to do, the field in the DB or the file will be empty . (We lose the 
data) .
I mean by large data more them 60 Kbyte .
But if we try to write small text (less then 60K) , the text will be added 
normally in the DB or in the files .

Knowing that all settings are good : 
max_allowed_packet=10M 
; Maximum size of POST data that PHP will accept. 
post_max_size = 8M 


And the DB accept large text normally .

Do you have any Idea how we can solve this problem ? 


Or is there any setting i must change it ?


What type of db is it (mysql, pgsql, firebird) ?

What type of field (text, varchar, char, blob) is the one you're trying 
to write to?


--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] problem with sending data

2009-02-09 Thread Mousa Masri 
Dear

I have problem with writing large data (large text) in the database or any file 
.
If we try to do, the field in the DB or the file will be empty . (We lose the 
data) .
I mean by large data more them 60 Kbyte .
But if we try to write small text (less then 60K) , the text will be added 
normally in the DB or in the files .

Knowing that all settings are good : 
max_allowed_packet=10M 
; Maximum size of POST data that PHP will accept. 
post_max_size = 8M 

And the DB accept large text normally .

Do you have any Idea how we can solve this problem ? 

Or is there any setting i must change it ?

If you can help me 

Waiting any answers ASAP 

Thanks
MOUSA
Feb. 10 , 2009

[PHP] paging

2009-02-09 Thread Jim Douglas 





Does anyone have a link to any examples of paging?



I have this example up and running,



http://www.w3schools.com/php/php_ajax_database.asp



I
have paging working as below, my problem is when I add a CSS style
sheet I now have 4 panes.  How can I direct the paging results to the
"content" pane?



";

while($row = mysql_fetch_array($result))

  {

  if($bgcolor=='#f1f1f1'){$bgcolor='#ff';}

  else{$bgcolor='#f1f1f1';}

echo "";

   
//echo " " . $row['bar_name'] .
"";

echo " ";  

   
echo " " . $row['bar_name'] .
"";

  echo "";

}

echo "";





if($nume > $limit ){ // Let us display bottom links if sufficient records are 
there for paging

  /// Start the bottom links with Prev and next link with page 
numbers /

  echo "";

   if our variable $back is equal to 0 or more then only we will display 
the link to move back 

   if($back >=0) { 

 print "PREV"; 

   } 

}

echo "";



$i=0;

$l=1;

for($i=0;$i < $nume;$i=$i+$limit){

if($i <> $eu){

//echo " $l ";

echo " $l ";

}

else { echo "$l";}

$l=$l+1;

}



mysql_close($con);
_
Windows Live™: Keep your life in sync. 
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_allup_howitworks_022009

Re: [PHP] Generate unique login token

2009-02-09 Thread Chris 



What would be wrong with using the session and getting the session id?
That should be unique for each visitor, for as long as they are logged
in. Probably wouldn't be useful for repeated visits, but I'm assuming
that on next login they would be issued another token anyway?


Nothing - I just didn't think of it to suggest it ;)

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Larry Garfield 
On Monday 09 February 2009 10:02:37 am tedd wrote:
> Hi gang:
>
> At the college where I teach, they are considering teaching OOP, but
> they don't want to settle on a specific language.
>
> My thoughts are it's difficult to teach OOP without a language --
> while the general concepts of OOP are interesting, people need to see
> how concepts are applied to understand how they work -- thus I think
> a specific language is required
>
> I lean toward C++ because I wrote in it for a few years AND C++
> appears to be the most common, widespread, and popular OOP language.
>
> However, while I don't know PHP OOP, I am open to considering it
> because of the proliferation of web based applications. My personal
> opinion is that's where all programming is headed anyway, but that's
> just my opinion.
>
> With that said, what's the differences and advantages/disadvantages
> between C++ and PHP OOP?
>
> Cheers,
>
> tedd

I definitely agree that teaching OOP without a language to write it in is a 
very stupid idea.  However, part of the problem is that there is in practice 
no one version of OOP.

Java is probably the best example of academically pure "classic OOP" (that is, 
class-based).  That can be good for teaching, but it can also suck for 
developing because you have to do things in an academically formal way.

Javascript, on the other hand, is a prototype-based language.  Technically 
that's also OOP, or can be, but the code is entirely different conceptually 
when functions, methods, objects, and classes are all the same thing. :-)

PHP's OOP is very closely modeled on Java's, but with some interesting 
additions.  PHP 5.3 adds a few more and 5.4/6.0 is likely to add traits, which 
are another animal entirely.  PHP is also a hybrid language and, by nature of 
being a shared-nothing scripting language OOP is often the wrong choice 
because of the setup and initialization costs.

C++ has "a little of each", albeit in a frequently convoluted way.  It also 
has about 30 more types of access control than any other language I know, for 
better or worse.

LISP is its own creature, closer to Javascript than to anything else I just 
mentioned.  (Or arguably Javascript is closer to LISP.)

Personally, I recommend teaching programming first in C++.  Force them to do 
the hard stuff so they appreciate what the runtime is doing for them in higher 
level languages.  It also means you can teach procedural and OOP in the same 
syntax.  Then once they've gotten a few bruises in C++, expose them to Java, 
Javascript, PHP, etc. to let them see what higher level work actually gets 
done in these days.

-- 
Larry Garfield
la...@garfieldtech.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generate unique login token

2009-02-09 Thread Ashley Sheridan 
On Tue, 2009-02-10 at 13:09 +1100, Chris wrote:
> sean greenslade wrote:
> > I have a login system that I am coding. I need it to generate a unique token
> > on login to be stored in the browser's cookie. I currently use a script that
> > generates a MD5 hash of the current unix timestamp, then checks the mysql
> > database to see if the token already exists. It loops this generate/check
> > until it gets a unique token. Is there a better way to do this? I want a
> > token that cannot be easiy predicted (i.e. not an auto-increment value).
> 
> I'd probably use sha1 instead and include:
> - timestamp
> - ip
> - userid (if you have one at this stage)
>   -rand(0,100) (just to make sure :P)
> 
> There is no 'guid' or 'uuid' function in php, you'd have to do a db call 
> as someone else suggested.
> 
> -- 
> Postgresql & php tutorials
> http://www.designmagick.com/
> 
> 
What would be wrong with using the session and getting the session id?
That should be unique for each visitor, for as long as they are logged
in. Probably wouldn't be useful for repeated visits, but I'm assuming
that on next login they would be issued another token anyway?


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generate unique login token

2009-02-09 Thread Chris 

sean greenslade wrote:

I have a login system that I am coding. I need it to generate a unique token
on login to be stored in the browser's cookie. I currently use a script that
generates a MD5 hash of the current unix timestamp, then checks the mysql
database to see if the token already exists. It loops this generate/check
until it gets a unique token. Is there a better way to do this? I want a
token that cannot be easiy predicted (i.e. not an auto-increment value).


I'd probably use sha1 instead and include:
- timestamp
- ip
- userid (if you have one at this stage)
 -rand(0,100) (just to make sure :P)

There is no 'guid' or 'uuid' function in php, you'd have to do a db call 
as someone else suggested.


--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Generate unique login token

2009-02-09 Thread Eric Butera 
On Mon, Feb 9, 2009 at 8:52 PM, sean greenslade  wrote:
> I have a login system that I am coding. I need it to generate a unique token
> on login to be stored in the browser's cookie. I currently use a script that
> generates a MD5 hash of the current unix timestamp, then checks the mysql
> database to see if the token already exists. It loops this generate/check
> until it gets a unique token. Is there a better way to do this? I want a
> token that cannot be easiy predicted (i.e. not an auto-increment value).
> Thanks in advance!
> --
> --Zootboy
>

mysql select uuid()

-- 
http://www.voom.me | EFnet: #voom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Generate unique login token

2009-02-09 Thread sean greenslade 
I have a login system that I am coding. I need it to generate a unique token
on login to be stored in the browser's cookie. I currently use a script that
generates a MD5 hash of the current unix timestamp, then checks the mysql
database to see if the token already exists. It loops this generate/check
until it gets a unique token. Is there a better way to do this? I want a
token that cannot be easiy predicted (i.e. not an auto-increment value).
Thanks in advance!
-- 
--Zootboy

Re: [PHP] Securing suexec PHP against local attacks by the webserver user

2009-02-09 Thread Jochem Maas 
Andrew schreef:
> Jochem Maas wrote:
>> Andrew schreef:
>>  
>>> Hi,
>>>
>>> 
>>
>> 
>>
>>  
>>> As an example of the attack...
>>> $ whoami
>>> www-data
>>> 
>>
>> isn't the whole point of suexec/PHP/FastCGI that the local user
>> has no access to the www-data account ... suexec switches to the
>> users account from the webserver account not the other way around.
>>   
> Yes, but only if everyone is using suexec/PHP/FastCGI... many shared
> hosting environments still allow access as the webserver account by also
> allowing mod_php or non-suexec CGI scripts (i.e. it is the customer's
> choice).

are you worried that someone else's customer will screw with your customers
scripts/data? or whether your customer will screw with it?

in the former case, get a VPS and control the environment (all round nice guy
Dan Brown comes recommended round these parts ... he live's in a bash shell
and never sleeps)

in the later ... get another customer? or ... given that they pay you to
build this stuff *for them and their business* a quick lesson in economics
might be in order (you build, they pay ... they screw it up, you fix it, they
pay some more)

>> so the attack is moot unless there is a completely different security
>> hole that allows the user to run stuff as www-data.
>>   
> Although this 'security hole' seems to be more the norm than the
> exception, and I have yet to find a shared hosting environment which
> doesn't either allow or force people to run code on the webserver as
> www-data. It therefore seems like there should be a way to protect
> against such attacks (ideally I'd like to be able to make my script
> which invokes php-cgi refuse to execute anything outside my public_html,
> whether called as CGI or FastCGI).

that would imply some specific code in the script, which, given the script is 
owned
by the given user account, is a waste of time developing ... the given user
can just edit the script (unless you use an encoder, and even then it's not
impossible ... besides the user could still replace the script wholesale)

or maybe you're able to make it read only for them, in which case
you might start by looking into:

http://php.net/manual/en/function.php-sapi-name.php

> Regards,
> Andrew
> 
>> or am I being thick? ... could well be, socialists are renowned
>> for their stupidity ... just look at the eminent socialist George W.
>> Bush.
>>
>> so if I am being thick ... I would appreciate an explaination
>> as to how the webuser account manages to run stuff in the context of
>> the webserver account, if you have the inclination.
>>
>> PS - that last bit about socialism is off topic
>> PPS - I don't think I'm a much of a socialist
>> PPPS - I'm sure do I suffer from stupidity now and again
>> S - but not as much as the guy whose world-view manages to
>> put Dubya into a socialist pidgeonhole.
>>
>>  
>>> $ cat >/tmp/myscript.php
>>> /tmp/compromised.txt');
>>> $ SCRIPT_FILENAME=/tmp/myscript.php
>>> PATH_INFO=/home/wwjargon/public_html/meter.php /usr/lib/apache2/suexec
>>> "~wwjargon" wwjargon php.fcgi
>>> X-Powered-By: PHP/5.2.6-2ubuntu4
>>> Content-type: text/html
>>>
>>> $ cat /tmp/compromised.txt
>>> wwjargon
>>>
>>> I could make this attack a bit harder by changing the environment
>>> variables in php.fcgi so it would only work for FastCGI and not for
>>> normal CGI, but a more motivated attacker could just write a fake
>>> FastCGI server to attack my script.
>>>
>>> Setting PHP_DOCUMENT_ROOT in the environment and doc_root in php.ini
>>> didn't seem to stop the attack (although setting doc_root stops
>>> meter.php working, but not the attack), because PHP still happily serves
>>> up a document from /tmp/myscript.php, and --enable-force-cgi-redirect
>>> doesn't really have the potential to be of any help either because a
>>> local attacker could just set the same environment variables as the
>>> webserver to fake a redirect. I can't use the #!/usr/bin/php-cgi option
>>> because this is a FastCGI and not a CGI setup.
>>>
>>> What can I do to prevent this sort of local attack against my
>>> suexec/PHP/FastCGI environment (short of getting a VPS or installing my
>>> own patched PHP at least)?
>>>
>>> Thanks and Best Wishes,
>>> Andrew
>>>
>>>
>>> 
>>
>>   
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Enquiry

2009-02-09 Thread War Crimes TV 

Greetings All,

We write with reference to our website at http://www.warcrimes.info/shop/html/. 
Our web host tells us that our website currently runs on php 5.2.8. We recently 
faced this error:

Fatal error: Call to a member function sql_query() on a non-object in 
/home/warcrime/public_html/shop/html/modules/catalog/includes/functions/database.php
 on line 51


This error stopped some of our stats from working and there appears to be 
several security loopholes in the script which bots are exploiting by joining 
the wesite as commercial members.

With the above in view, what is the best way to secure and upgrade our website? 
Are you able to recommend any cost-effective php developers who can upgrade and 
secure the website for us?

Please email us back at: warcri...@warcrimes.ltd.uk 

Thank you,

Frederick.

Re: [PHP] php validate user password

2009-02-09 Thread Bruno Fajardo 
Or, like the article suggested, a random portion for the hash... I
agree with you, Micah. The hash collision is a problem, and must be
avoided.
Same password hashes for different users are very good candidates for
a dictionary attack. Probably, in most of this cases, users picked
"easy" passwords, like "1234" or "admin".

Cheers

2009/2/9 Micah Gersten 
>
> onlist this time...
>
> tedd wrote:
>
> > > 
> > >
> > > I think the MD5() hash is a pretty good way and if the weakness is the
> > > user's lack of uniqueness in determining their passwords, then we can
> > > focus on that problem instead of looking to another hash. And besides,
> > > the solution presented was to create a salt and use that -- that's
> > > just another step in the algorithm process not much different than
> > > what I propose.
> > >
> > > Cheers,
> > >
> > > tedd
> > >
> >
>
> The MD5 hash IS the problem.  The problem isn't the uniqueness of the
> passwords, but rather the uniqueness of the hash. The solution is to use
> another hash that does not have the same collision issues.
>
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>



--
Bruno Fajardo - Desenvolvimento
bruno.faja...@dinamize.com - www.dinamize.com
Dinamize RS - Porto Alegre-RS - CEP 90420-111
Fones (51) 3027 7158 / 8209 4181 - Fax (51) 3027 7150

Dinamize BA - Lauro de Freitas - Fone 71 3379.7830
Dinamize SC - Joinville - Fone 47 3025.1182
Dinamize DF - Asa Norte - Brasília - Fone 61 3274.1172
Dinamize SP - São Paulo - Fone 11 6824.6250
Dinamize PR - Curitiba - Fone 41 3306.4388
Dinamize RS - Caxias do Sul - Fone 54 3533.4333
Dinamize RJ - Rio de Janeiro - Fone 21 2169.6311

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php validate user password

2009-02-09 Thread Micah Gersten 
onlist this time...

tedd wrote:

> > 
> >
> > I think the MD5() hash is a pretty good way and if the weakness is the
> > user's lack of uniqueness in determining their passwords, then we can
> > focus on that problem instead of looking to another hash. And besides,
> > the solution presented was to create a salt and use that -- that's
> > just another step in the algorithm process not much different than
> > what I propose.
> >
> > Cheers,
> >
> > tedd
> >
>   

The MD5 hash IS the problem.  The problem isn't the uniqueness of the
passwords, but rather the uniqueness of the hash. The solution is to use
another hash that does not have the same collision issues.

Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] maybe we could all?

2009-02-09 Thread Kyle Terry 
On Mon, Feb 9, 2009 at 2:02 PM, Jônatas Zechim  wrote:
> Me too..
>
> Zechim from Brazil.
>
> -Mensagem original-
> De: Marcus Gnaß [mailto:gona...@gmx.de]
> Enviada em: segunda-feira, 9 de fevereiro de 2009 19:59
> Para: nrix...@gmail.com
> Cc: PHP-General; Paul M Foster
> Assunto: Re: [PHP] maybe we could all?
>
> Nathan Rixham wrote:
>> Marcus Gnaß wrote:
>>> Nathan Rixham wrote:
 Project: PHP Common Objects and Datatypes

>>> Has anything been setup for project COD-pieces yet? I like this name! ;)
>>>
>> Actually, yes it has - the project, well working group, has been
>> called "voom".
> Sounds fine too! ;)
>> If you're interested just let me know and we'll get you introduced and
>> set-up.
> Yes please! I'm an intermediate PHP programmer who is lurking this list
> since october 06 and wrote a small CMS for my own (and a couple of
> friends) use so far.
> I'm quite comfortable with (classical ... sigh) ASP so far which I use
> now for about 10 years and recently I began to get along with Java.
>
> Your ideas sounded really great and I would like to join this group.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Yayyy! More people from around the world! :)

-- 
Kyle Terry | www.kyleterry.com
Help kick start VOOM (Very Open Object Model) for a library of PHP classes.
http://www.voom.me | IRC EFNet #voom

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread tedd 

At 3:44 PM -0500 2/9/09, Daniel Brown wrote:

On Mon, Feb 9, 2009 at 15:41, Stuart  wrote:


 Indeed, but I find coding without QA requirements is a great way to relax.


It's what I do to take a break from coding for The Job[tm].  I
suppose that makes us seem a little ill, eh?

--



Daniel:

When you have something, let me know. The link you posted was very interesting.

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RES: [PHP] maybe we could all?

2009-02-09 Thread Jônatas Zechim 
Me too..

Zechim from Brazil.

-Mensagem original-
De: Marcus Gnaß [mailto:gona...@gmx.de] 
Enviada em: segunda-feira, 9 de fevereiro de 2009 19:59
Para: nrix...@gmail.com
Cc: PHP-General; Paul M Foster
Assunto: Re: [PHP] maybe we could all?

Nathan Rixham wrote:
> Marcus Gnaß wrote:
>> Nathan Rixham wrote:
>>> Project: PHP Common Objects and Datatypes
>>>
>> Has anything been setup for project COD-pieces yet? I like this name! ;)
>>
> Actually, yes it has - the project, well working group, has been 
> called "voom".
Sounds fine too! ;)
> If you're interested just let me know and we'll get you introduced and 
> set-up.
Yes please! I'm an intermediate PHP programmer who is lurking this list 
since october 06 and wrote a small CMS for my own (and a couple of 
friends) use so far.
I'm quite comfortable with (classical ... sigh) ASP so far which I use 
now for about 10 years and recently I began to get along with Java.

Your ideas sounded really great and I would like to join this group.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] maybe we could all?

2009-02-09 Thread Marcus Gnaß 

Nathan Rixham wrote:

Marcus Gnaß wrote:

Nathan Rixham wrote:

Project: PHP Common Objects and Datatypes


Has anything been setup for project COD-pieces yet? I like this name! ;)

Actually, yes it has - the project, well working group, has been 
called "voom".

Sounds fine too! ;)
If you're interested just let me know and we'll get you introduced and 
set-up.
Yes please! I'm an intermediate PHP programmer who is lurking this list 
since october 06 and wrote a small CMS for my own (and a couple of 
friends) use so far.
I'm quite comfortable with (classical ... sigh) ASP so far which I use 
now for about 10 years and recently I began to get along with Java.


Your ideas sounded really great and I would like to join this group.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] strtr array replace issue...

2009-02-09 Thread Brad Freshour 
Apache: 2.2.8 threaded
 PHP: 5.2.4-2
 mySQL: 5.051.a

 Ubuntu 8.04 minimal with everything needed installed via apt-get.

 Using SMF forum, I'm having an issue with the strtr command...  Here's
 the code...

 $ftp_file = strtr($filename, array ($_SESSION['pack_ftp']['root'] =>''));

 The $_SESSION['pack_ftp']['root'] variable is an empty set: ''

 Well, if the above strtr command was translated it would look like this:

 strtr("/home/user/public_html/Packages/temp", array ('' =>''));

 You would think that the return would be : /home/user/public_html/Packages/temp

 However, it returns '' instead.

 I can get around this by modifying the code to the site manually and
 checking to see if $_SESSION['pack_ftp']['root'] == '' and if it does
 assign it something crazy, like $_SESSION['pack_ftp']['root'] =
 '%'

 However, the code works on another site I have that's hosted for me
 (shared hosting).

 Anyone have any ideas?

 I was wondering if it was related to this: http://bugs.php.net/bug.php?id=27457
 But that seems like an old bug...

 Thanks.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: DOCUMENT_ROOT errors

2009-02-09 Thread Shawn McKenzie 
Shawn McKenzie wrote:
> Marc Fromm wrote:
>> I updated fedora core from FC5 to TC6, thus httpd and php were updated in 
>> the process. My pages worked with no errors before the upgrade.
>> My php pages are no not displaying and generating this error in the httpd 
>> logs
>>
>> PHP Notice:  Undefined variable: DOCUMENT_ROOT in 
>> /var/www/html/studentjobs/index.php on line 6, referer: 
>> http://finaid46.finaid.wwu.edu/
>> PHP Warning:  require(/studentjobs/includes/javascript.php) [> href='function.require'>function.require]: failed to open stream: No 
>> such file or directory in /var/www/html/studentjobs/index.php on line 6, 
>> referer: http://finaid46.finaid.wwu.edu/
>> PHP Fatal error:  require() [> href='function.require'>function.require]: Failed opening required 
>> '/studentjobs/includes/javascript.php' (include_path='.:/usr/share/pear') in 
>> /var/www/html/studentjobs/index.php on line 6, referer: 
>> http://finaid46.finaid.wwu.edu/
>>
>> PHP Notice:  Undefined index:  cmd in 
>> /var/www/html/lan/ztezt/student_alerts/index.php on line 5
>>
>> My current versions are:
>> httpd-2.2.6-1.fc6
>> php-5.1.6-3.7.fc6
>> php-pear-1.4.9-4 (one error above mentions pear)
>>
>> Marc
>>
>>
> What is on /var/www/html/studentjobs/index.php on line 6?
> 
Never mind.  It's register_globals problem.  Change DOCUMENT_ROOT to
$_SERVER['DOCUMENT_ROOT'].  You may have to change quite a few variables
as it looks like cmd might be a get var which you would change to
$_GET['cmd'].  Unless you can debug and change the app, you may have to
turn register_globals back on (security hole!).

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: DOCUMENT_ROOT errors

2009-02-09 Thread Shawn McKenzie 
Marc Fromm wrote:
> I updated fedora core from FC5 to TC6, thus httpd and php were updated in the 
> process. My pages worked with no errors before the upgrade.
> My php pages are no not displaying and generating this error in the httpd logs
> 
> PHP Notice:  Undefined variable: DOCUMENT_ROOT in 
> /var/www/html/studentjobs/index.php on line 6, referer: 
> http://finaid46.finaid.wwu.edu/
> PHP Warning:  require(/studentjobs/includes/javascript.php) [ href='function.require'>function.require]: failed to open stream: No such 
> file or directory in /var/www/html/studentjobs/index.php on line 6, referer: 
> http://finaid46.finaid.wwu.edu/
> PHP Fatal error:  require() [ href='function.require'>function.require]: Failed opening required 
> '/studentjobs/includes/javascript.php' (include_path='.:/usr/share/pear') in 
> /var/www/html/studentjobs/index.php on line 6, referer: 
> http://finaid46.finaid.wwu.edu/
> 
> PHP Notice:  Undefined index:  cmd in 
> /var/www/html/lan/ztezt/student_alerts/index.php on line 5
> 
> My current versions are:
> httpd-2.2.6-1.fc6
> php-5.1.6-3.7.fc6
> php-pear-1.4.9-4 (one error above mentions pear)
> 
> Marc
> 
> 
What is on /var/www/html/studentjobs/index.php on line 6?

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] DOCUMENT_ROOT errors

2009-02-09 Thread Marc Fromm 
I updated fedora core from FC5 to TC6, thus httpd and php were updated in the 
process. My pages worked with no errors before the upgrade.
My php pages are no not displaying and generating this error in the httpd logs

PHP Notice:  Undefined variable: DOCUMENT_ROOT in 
/var/www/html/studentjobs/index.php on line 6, referer: 
http://finaid46.finaid.wwu.edu/
PHP Warning:  require(/studentjobs/includes/javascript.php) [function.require]: failed to open stream: No such 
file or directory in /var/www/html/studentjobs/index.php on line 6, referer: 
http://finaid46.finaid.wwu.edu/
PHP Fatal error:  require() [function.require]: 
Failed opening required '/studentjobs/includes/javascript.php' 
(include_path='.:/usr/share/pear') in /var/www/html/studentjobs/index.php on 
line 6, referer: http://finaid46.finaid.wwu.edu/

PHP Notice:  Undefined index:  cmd in 
/var/www/html/lan/ztezt/student_alerts/index.php on line 5

My current versions are:
httpd-2.2.6-1.fc6
php-5.1.6-3.7.fc6
php-pear-1.4.9-4 (one error above mentions pear)

Marc

Re: [PHP] PHP usage stats

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 3:28 PM, Daniel Brown  wrote:
> On Mon, Feb 9, 2009 at 15:21, Stuart  wrote:
>>
>> I would advise you against wasting your time because there is no
>> reliable way to tell what systems a server is actually using to serve
>> pages. Nearly all sites I work on these days use techniques to remove
>> extensions from URLs, and a fair few hide all details of the server
>> software for a variety of reasons. Since you can't say with any
>> certainty what your margin of error is, the numbers will be
>> meaningless as a measure of language usage.
>
>Right, but adjusting the math as appropriate should be fine.  If a
> site doesn't report either PHP or ASP, for example, don't include it
> in the count.  If we have 100 sites that we spider and 23 report
> having PHP capabilities, 16 report being able to support ASP, fifty
> (half) having no response, we know that 46% of the total can serve PHP
> code while 32% can serve ASP, because we will only record the total
> based upon responses.  I'm sure there are flaws in this logic
> which is why I'm thinking aloud here.  ;-P

For regular ASP, the server won't report anything. Generally, if the
server identifies itself as IIS it will support regular old ASP. These
sites will generally use VBScript, but they could use JScript. If the
developer is really hard core, they could use any Active Scripting
language. What's more, I wonder how many might still be using
something like Chili!Soft ASP on Linux/Apache. (I'd expect it might be
small enough to be negligible.)

Our servers (and many others I know of) are IIS, so they will support
ASP without announcing this to the world. They will also report yes to
both ASP.NET and PHP unless we have notification turned off for some
reason because both are available even though everything we are doing
right now is in PHP. Even in my last job (same employer, different
department) we had ASP, ASP.NET, PHP and ColdFusion available.
Everything we wrote was ASP, but from time to time we'd get an app
written in one of the other languages that someone wanted to host for
their department and often we'd host it. For that matter, what about
someone using Phalanger, Monologo, or the like to write PHP syntax
inside .NET?  :-)

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Daniel Brown 
On Mon, Feb 9, 2009 at 15:41, Stuart  wrote:
>
> Indeed, but I find coding without QA requirements is a great way to relax.

It's what I do to take a break from coding for The Job[tm].  I
suppose that makes us seem a little ill, eh?

-- 

daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Unadvertised dedicated server deals, too low to print - email me to find out!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Stuart 
2009/2/9 Daniel Brown :
> On Mon, Feb 9, 2009 at 15:21, Stuart  wrote:
>>
>> I would advise you against wasting your time because there is no
>> reliable way to tell what systems a server is actually using to serve
>> pages. Nearly all sites I work on these days use techniques to remove
>> extensions from URLs, and a fair few hide all details of the server
>> software for a variety of reasons. Since you can't say with any
>> certainty what your margin of error is, the numbers will be
>> meaningless as a measure of language usage.
>
>Right, but adjusting the math as appropriate should be fine.  If a
> site doesn't report either PHP or ASP, for example, don't include it
> in the count.  If we have 100 sites that we spider and 23 report
> having PHP capabilities, 16 report being able to support ASP, fifty
> (half) having no response, we know that 46% of the total can serve PHP
> code while 32% can serve ASP, because we will only record the total
> based upon responses.  I'm sure there are flaws in this logic
> which is why I'm thinking aloud here.  ;-P

You used the right word there... "can" as in not necessarily is! Your
results would indicate capability rather than actual usage and even
then you have no way to determine your margin of error.

Having said all that I would guess that any numbers that look half-way
decent would probably convince the people Tedd is looking to sway. But
they still won't be anyway near accurate.

>> Having said that it's been a while since I wrote a spider, shame I
>> don't have time to have a go at the moment. Have fun ;-)
>
>It's just going to be proof-of-concept code certainly nothing
> worth pushing Nielsen out the door.

Indeed, but I find coding without QA requirements is a great way to relax.

-Stuart

-- 
http://stut.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using DLL with PHP

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 3:21 PM, Dan Shirah  wrote:
>  H, maybe it's not a problem with the DLL I'm trying to access because
> just doing a simple:
> $my_com = new COM("Excel.Application");
>
> Gives me the same error:
> *Fatal error*: Uncaught exception 'com_exception' with message 'Failed to
> create COM object `Excel.Application': Invalid syntax '
>
> I've checked my PHP.ini and COM is enabled...
>

Is Excel installed on the web server? What happens if you try either
'Scripting.Dictionary' or 'Scripting.FileSystemObject'? (I think those
are both be part of VBScript, so they should be available.)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Daniel Brown 
On Mon, Feb 9, 2009 at 15:21, Stuart  wrote:
>
> I would advise you against wasting your time because there is no
> reliable way to tell what systems a server is actually using to serve
> pages. Nearly all sites I work on these days use techniques to remove
> extensions from URLs, and a fair few hide all details of the server
> software for a variety of reasons. Since you can't say with any
> certainty what your margin of error is, the numbers will be
> meaningless as a measure of language usage.

Right, but adjusting the math as appropriate should be fine.  If a
site doesn't report either PHP or ASP, for example, don't include it
in the count.  If we have 100 sites that we spider and 23 report
having PHP capabilities, 16 report being able to support ASP, fifty
(half) having no response, we know that 46% of the total can serve PHP
code while 32% can serve ASP, because we will only record the total
based upon responses.  I'm sure there are flaws in this logic
which is why I'm thinking aloud here.  ;-P

> Having said that it's been a while since I wrote a spider, shame I
> don't have time to have a go at the moment. Have fun ;-)

It's just going to be proof-of-concept code certainly nothing
worth pushing Nielsen out the door.

-- 

daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Unadvertised dedicated server deals, too low to print - email me to find out!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Stuart 
2009/2/9 Daniel Brown :
> On Mon, Feb 9, 2009 at 14:58, Shawn McKenzie  wrote:
>>>
>> And HTM shows 701M, so it is now beating out ASP :-)
>
>Another bone of contention is the masking --- I mentioned it
> briefly in my original remarks in this thread, but on further
> investigation, it may actually have a substantial impact on numbers.
> More sites are using mod_rewrite and similar tactics to use
> extensionless URL's and SEFU's (Search Engine-Friendly URL's) than
> ASP, as it seems from a random sampling of 100 websites that I put
> into an array and checked with a simple, dumb script.
>
>Eventually, perhaps sooner than later (though I hate that phrase),
> curiosity is going to lead me to build a spider and database to
> collect some real samples and do some metrics.  Probably later this
> week, in fact

I would advise you against wasting your time because there is no
reliable way to tell what systems a server is actually using to serve
pages. Nearly all sites I work on these days use techniques to remove
extensions from URLs, and a fair few hide all details of the server
software for a variety of reasons. Since you can't say with any
certainty what your margin of error is, the numbers will be
meaningless as a measure of language usage.

Having said that it's been a while since I wrote a spider, shame I
don't have time to have a go at the moment. Have fun ;-)

-Stuart

-- 
http://stut.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using DLL with PHP

2009-02-09 Thread Dan Shirah 
 H, maybe it's not a problem with the DLL I'm trying to access because
just doing a simple:
$my_com = new COM("Excel.Application");

Gives me the same error:
*Fatal error*: Uncaught exception 'com_exception' with message 'Failed to
create COM object `Excel.Application': Invalid syntax '

I've checked my PHP.ini and COM is enabled...

Re: [PHP] Re: mysql_query - CREATE DATABASE

2009-02-09 Thread R B 
thank you.



On Mon, Feb 9, 2009 at 1:14 PM, Shawn McKenzie  wrote:

> R B wrote:
> > I´m looking that i have another problem:
> >
> > I´m making a software to install in any server.
> >
> > The software needs a database, so i want to create a script install.php
> > to create the database when this script is executed.
> >
> > At this point of the instalation, i don´t know none of the users that are
> > defined in mysql.
> >
> > If i use this command:
> >
> > mysql_query("CREATE DATABASE my_db",$con)
> >
> > first i need to connect to mysql with the command
> >
> > mysql_connect
> >
> > But at this point, i don´t know none of the users that are defined in
> mysql.
> >
> > So, what i do in this case?
> >
> > Thanks
> >
> >
>
> Well, obviously the user will have to supply the username and password.
>  There's no way around that.  So after you know the username you can
> create the db and then check if the db exists as you have named it
> (my_db), and if not check for ($username_my_db), if not that then one of
> the examples I gave you, or just skip right to listing the databases.
>
>
> --
>  Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] PHP usage stats

2009-02-09 Thread Daniel Brown 
On Mon, Feb 9, 2009 at 14:58, Shawn McKenzie  wrote:
>>
> And HTM shows 701M, so it is now beating out ASP :-)

Another bone of contention is the masking --- I mentioned it
briefly in my original remarks in this thread, but on further
investigation, it may actually have a substantial impact on numbers.
More sites are using mod_rewrite and similar tactics to use
extensionless URL's and SEFU's (Search Engine-Friendly URL's) than
ASP, as it seems from a random sampling of 100 websites that I put
into an array and checked with a simple, dumb script.

Eventually, perhaps sooner than later (though I hate that phrase),
curiosity is going to lead me to build a spider and database to
collect some real samples and do some metrics.  Probably later this
week, in fact

-- 

daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Unadvertised dedicated server deals, too low to print - email me to find out!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Shawn McKenzie 
Daniel Brown wrote:
> On Mon, Feb 9, 2009 at 14:39, Andrew Ballard  wrote:
>> For what it's worth, you missed .do, .dll, .exe, and I'm sure others
>> (yes, I've seen web sites running what I assume to be compiled web
>> applications with all of these extensions) as well as anything using
>> URL rewriting such as Zend Framework's MVC, and who knows what else.
>> Stats could also be blurred by redundant sites with multiple domain
>> names, aliases, etc.
> 
> Yeah, I realized right after posting that I'd forgotten to include
> ColdFusion as well.  I wasn't going to include AppleScript, C, and the
> other various languages, because it really does get too overwhelming
> for basic metrics, but you're absolutely correct about DLL's and
> EXE's.
> 
And HTM shows 701M, so it is now beating out ASP :-)

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Daniel Brown 
On Mon, Feb 9, 2009 at 14:39, Andrew Ballard  wrote:
>
> For what it's worth, you missed .do, .dll, .exe, and I'm sure others
> (yes, I've seen web sites running what I assume to be compiled web
> applications with all of these extensions) as well as anything using
> URL rewriting such as Zend Framework's MVC, and who knows what else.
> Stats could also be blurred by redundant sites with multiple domain
> names, aliases, etc.

Yeah, I realized right after posting that I'd forgotten to include
ColdFusion as well.  I wasn't going to include AppleScript, C, and the
other various languages, because it really does get too overwhelming
for basic metrics, but you're absolutely correct about DLL's and
EXE's.

-- 

daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Unadvertised dedicated server deals, too low to print - email me to find out!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: require() causing strange characters ?

2009-02-09 Thread Ashley Sheridan 
On Mon, 2009-02-09 at 15:46 +0100, cr.vege...@gmail.com wrote:
> Thanks Nisse,
> 
> - Original Message - 
> From: "Nisse Engström" 
> To: 
> Sent: Sunday, February 08, 2009 6:06 PM
> Subject: Re: [PHP] Re: require() causing strange characters ?
> 
> 
> > On Fri, 6 Feb 2009 10:11:49 +0100, cr.vege...@gmail.com wrote:
> >
> >> I saved both scripts with ANSI in stead of UTF-8 and the problem is gone.
> >> So the utf-8 BOM character (Byte Order Mark) caused it.
> >> Unfortunately my editor has no option to store BOM-free scripts.
> >>
> >> Is it standard that PHP scripts should be saved without a BOM character ?
> >
> > This is not a PHP matter, unless PHP 6 (which will have
> > Unicode support) does something with it. PHP 5 just outputs
> > it as is.
> >
> > A BOM character is supposed to be the *first* character in
> > a text stream. Otherwise it should be treated as a
> > ZERO WIDTH NON-BREAKING SPACE.
> >
> > 
> >
> >> Test results ...
> >> If "test.php" (utf8) requires "echo.php" (utf8), page source has 
> >> "C�testD",
> >> size 9
> >> If "test.php" (ansi) requires "echo.php" (utf8), page source has
> >> "CtestD", size 7
> >> If "test.php" (ansi) requires "echo.php" (ansi), page source has 
> >> "CtestD",
> >> size 6
> >>
> >> The reason for asking is that sometimes "" is displayed on some pages.
> >
> > That means you've used a utf-8 BOM in a page using an 8-bit
> > character encoding (eg. iso-8859-1 or similar), or that you
> > have utf-8 encoded it twice.
> > /Nisse
> 
> I've tested it again, from scratch with Notepad editor:
> 
> echoUTF8.php
> echoUTF8sub.php   
> and keep getting strange characters.
> 
> Would you be so kind to run these 2 scripts on your pc ?
> 
> TIA, Cor
> 
> 
> 
Erm, what scripts?...


Ash
www.ashleysheridan.co.uk


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 2:03 PM, Daniel Brown  wrote:
> On Sun, Feb 8, 2009 at 09:35, Richard Heyes  wrote:
>> Hi,
>>
>> Can anyone point out some general statistics on PHP usage compared to
>> other server languages? I've tried Netcraft, but they only appear (or
>> I've only found) to have statistics on the httpd server used.
>
>All @php.net addresses reject Google links for me (and probably
> you, too), so I copied the message from my 'Sent' folder to a blog I
> just put up about 4:30a this morning.  There's some basic metrics on
> PHP vs. ASP, etc. there:
>
>
> http://oidk.net/archives/5-Some-Interesting-Metrics-on-PHP-vs-ASP-vs-etc..html
>

Interesting. It's probably not bad for a rough estimate of the number
of scripted pages on the web, still accounting for reasonable margin
of error. As you note though, its the number of pages -- not sites --
indexed.

For what it's worth, you missed .do, .dll, .exe, and I'm sure others
(yes, I've seen web sites running what I assume to be compiled web
applications with all of these extensions) as well as anything using
URL rewriting such as Zend Framework's MVC, and who knows what else.
Stats could also be blurred by redundant sites with multiple domain
names, aliases, etc.

[Google URL]/search?q=site%3A.com+filetype%3Ado
141M

[Google URL]/search?q=site%3A.com+filetype%3Adll
62.1M

[Google URL]/search?q=site%3A.com+filetype%3Aexe
7.6M

Of course, with extensions like .dll or .exe it's hard to tell whether
the indexed resource is a compiled web app or if it is a file
available for downloading.


Definitely still a slippery number to pin down. Nice use of Google though. :)

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Kyle Terry 
On Mon, Feb 9, 2009 at 11:03 AM, Daniel Brown  wrote:
> On Sun, Feb 8, 2009 at 09:35, Richard Heyes  wrote:
>> Hi,
>>
>> Can anyone point out some general statistics on PHP usage compared to
>> other server languages? I've tried Netcraft, but they only appear (or
>> I've only found) to have statistics on the httpd server used.
>
>All @php.net addresses reject Google links for me (and probably
> you, too), so I copied the message from my 'Sent' folder to a blog I
> just put up about 4:30a this morning.  There's some basic metrics on
> PHP vs. ASP, etc. there:
>
>
> http://oidk.net/archives/5-Some-Interesting-Metrics-on-PHP-vs-ASP-vs-etc..html
>
> --
> 
> daniel.br...@parasane.net || danbr...@php.net
> http://www.parasane.net/ || http://www.pilotpig.net/
> Unadvertised dedicated server deals, too low to print - email me to find out!
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

After disusing this, I leave you with this... Good luck my friend. Good luck...

-- 
Kyle Terry | www.kyleterry.com
Help kick start VOOM (Very Open Object Model) for a library of PHP classes.
http://www.voom.me | IRC EFNet #voom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: mysql_query - CREATE DATABASE

2009-02-09 Thread Shawn McKenzie 
R B wrote:
> I´m looking that i have another problem:
> 
> I´m making a software to install in any server.
> 
> The software needs a database, so i want to create a script install.php
> to create the database when this script is executed.
> 
> At this point of the instalation, i don´t know none of the users that are
> defined in mysql.
> 
> If i use this command:
> 
> mysql_query("CREATE DATABASE my_db",$con)
> 
> first i need to connect to mysql with the command
> 
> mysql_connect
> 
> But at this point, i don´t know none of the users that are defined in mysql.
> 
> So, what i do in this case?
> 
> Thanks
> 
> 

Well, obviously the user will have to supply the username and password.
 There's no way around that.  So after you know the username you can
create the db and then check if the db exists as you have named it
(my_db), and if not check for ($username_my_db), if not that then one of
the examples I gave you, or just skip right to listing the databases.


-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Yannick Mortier 
2009/2/9 tedd :
> Hi gang:
>
> At the college where I teach, they are considering teaching OOP, but they
> don't want to settle on a specific language.
>

I guess that is not a good idea, you should really combine it with a
language, as some students will be curious enough to play around with
it at home and so they'll also learn more.

> My thoughts are it's difficult to teach OOP without a language -- while the
> general concepts of OOP are interesting, people need to see how concepts are
> applied to understand how they work -- thus I think a specific language is
> required
>
> I lean toward C++ because I wrote in it for a few years AND C++ appears to
> be the most common, widespread, and popular OOP language.


Yes C++ is not bad for this, but it has also got some flaws.

>
> However, while I don't know PHP OOP, I am open to considering it because of
> the proliferation of web based applications. My personal opinion is that's
> where all programming is headed anyway, but that's just my opinion.
>
> With that said, what's the differences and advantages/disadvantages between
> C++ and PHP OOP?
>
> Cheers,
>
> tedd
>

Both of them have got the disadvantage that they also support
procedural programming. Some of your students will for sure not
understand OOP immediately and they'll avoid using it this way.

I guess Java is really a good idea, there are some great Editors
around for it (Netbeans...) It's completely OOP and there are many
great tutorials for it in the net, so a willing student can easily go
on after the class is over.

I really didn't like Java some months ago, but I have to learn it at
school myself now and I think it's great to learn. It avoids most of
the errors that come from C++'s pointers etc. so you can really focus
on teaching OOP and not why you must always reserve memory etc.

Later on it'll sure be easy to switch to other languages (though I
can't really tell this because I started with C++ when I was ten years
old and discovered PHP later and get to know Java know)

So: My vote goes to Java, or if you want a decision between C++ and
PHP it's C++.


-- 
Currently developing a browsergame...
http://www.p-game.de
Trade - Expand - Fight

Follow me at twitter!
http://twitter.com/moortier

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: mysql_query - CREATE DATABASE

2009-02-09 Thread Shawn McKenzie 
Shawn McKenzie wrote:
> Shawn McKenzie wrote:
>> R B wrote:
>>> Hello,
>>>
>>> When i create a mysql database with the next command:
>>>
>>> mysql_query("CREATE DATABASE my_db",$con)
>>>
>>> In the server is created the database, but usually the name is created with
>>> a prefix.
>>>
>>> In this case: someuser_my_db
>>>
>>> How can i detect with PHP the complete name of the new database created?
>>>
>>> Thanks
>>>
>> There may be a better way, but off the top of my head, translate this to
>> PHP:
>>
>> use information_schema;
>> select SCHEMA_NAME from SCHEMATA where SCHEMA_NAME like '%_my_db';
>>
>> Now of course you could have multiples there, like user_my_db and
>> user2_my_db.  Not sure about that, maybe it would be the last one in the
>> returned records?
>>
> 
> Using mysql_list_dbs() and mysql_db_name()  would acheive the same,
> however from the man page of mysql_db_name() there is a neat contib:
> 
> $result = mysql_query("SELECT DATABASE()");
> $dbname = mysql_result($result, 0);
> 
Scratch the above.  This is the db of the current connection.  This
should work, but again doesn't account for multiple dbs with my_db in
the name:

$dblist = mysql_list_dbs();
while (list($dbname) = mysql_fetch_row($dblist)) {
if (strpos($dbname, 'my_db') !== false) {
break;
}
}

However it might be easier to do this:

mysql_select_db("information_schema");
$result = mysql_query("select SCHEMA_NAME from SCHEMATA where
SCHEMA_NAME like '%my_db'");
$dbname = mysql_result($result, 0);


-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: mysql_query - CREATE DATABASE

2009-02-09 Thread R B 
I´m looking that i have another problem:

I´m making a software to install in any server.

The software needs a database, so i want to create a script install.php
to create the database when this script is executed.

At this point of the instalation, i don´t know none of the users that are
defined in mysql.

If i use this command:

mysql_query("CREATE DATABASE my_db",$con)

first i need to connect to mysql with the command

mysql_connect

But at this point, i don´t know none of the users that are defined in mysql.

So, what i do in this case?

Thanks


On Mon, Feb 9, 2009 at 12:31 PM, Shawn McKenzie wrote:

> Shawn McKenzie wrote:
> > R B wrote:
> >> Hello,
> >>
> >> When i create a mysql database with the next command:
> >>
> >> mysql_query("CREATE DATABASE my_db",$con)
> >>
> >> In the server is created the database, but usually the name is created
> with
> >> a prefix.
> >>
> >> In this case: someuser_my_db
> >>
> >> How can i detect with PHP the complete name of the new database created?
> >>
> >> Thanks
> >>
> >
> > There may be a better way, but off the top of my head, translate this to
> > PHP:
> >
> > use information_schema;
> > select SCHEMA_NAME from SCHEMATA where SCHEMA_NAME like '%_my_db';
> >
> > Now of course you could have multiples there, like user_my_db and
> > user2_my_db.  Not sure about that, maybe it would be the last one in the
> > returned records?
> >
>
> Using mysql_list_dbs() and mysql_db_name()  would acheive the same,
> however from the man page of mysql_db_name() there is a neat contib:
>
> $result = mysql_query("SELECT DATABASE()");
> $dbname = mysql_result($result, 0);
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] PHP usage stats

2009-02-09 Thread Daniel Brown 
On Sun, Feb 8, 2009 at 09:35, Richard Heyes  wrote:
> Hi,
>
> Can anyone point out some general statistics on PHP usage compared to
> other server languages? I've tried Netcraft, but they only appear (or
> I've only found) to have statistics on the httpd server used.

All @php.net addresses reject Google links for me (and probably
you, too), so I copied the message from my 'Sent' folder to a blog I
just put up about 4:30a this morning.  There's some basic metrics on
PHP vs. ASP, etc. there:


http://oidk.net/archives/5-Some-Interesting-Metrics-on-PHP-vs-ASP-vs-etc..html

-- 

daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Unadvertised dedicated server deals, too low to print - email me to find out!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Securing suexec PHP against local attacks by the webserver user

2009-02-09 Thread Andrew 

Jochem Maas wrote:

Andrew schreef:
  

Hi,






  

As an example of the attack...
$ whoami
www-data



isn't the whole point of suexec/PHP/FastCGI that the local user
has no access to the www-data account ... suexec switches to the
users account from the webserver account not the other way around.
  
Yes, but only if everyone is using suexec/PHP/FastCGI... many shared 
hosting environments still allow access as the webserver account by also 
allowing mod_php or non-suexec CGI scripts (i.e. it is the customer's 
choice).

so the attack is moot unless there is a completely different security
hole that allows the user to run stuff as www-data.
  
Although this 'security hole' seems to be more the norm than the 
exception, and I have yet to find a shared hosting environment which 
doesn't either allow or force people to run code on the webserver as 
www-data. It therefore seems like there should be a way to protect 
against such attacks (ideally I'd like to be able to make my script 
which invokes php-cgi refuse to execute anything outside my public_html, 
whether called as CGI or FastCGI).


Regards,
Andrew


or am I being thick? ... could well be, socialists are renowned
for their stupidity ... just look at the eminent socialist George W.
Bush.

so if I am being thick ... I would appreciate an explaination
as to how the webuser account manages to run stuff in the context of
the webserver account, if you have the inclination.

PS - that last bit about socialism is off topic
PPS - I don't think I'm a much of a socialist
PPPS - I'm sure do I suffer from stupidity now and again
S - but not as much as the guy whose world-view manages to
put Dubya into a socialist pidgeonhole.

  

$ cat >/tmp/myscript.php
/tmp/compromised.txt');
$ SCRIPT_FILENAME=/tmp/myscript.php
PATH_INFO=/home/wwjargon/public_html/meter.php /usr/lib/apache2/suexec
"~wwjargon" wwjargon php.fcgi
X-Powered-By: PHP/5.2.6-2ubuntu4
Content-type: text/html

$ cat /tmp/compromised.txt
wwjargon

I could make this attack a bit harder by changing the environment
variables in php.fcgi so it would only work for FastCGI and not for
normal CGI, but a more motivated attacker could just write a fake
FastCGI server to attack my script.

Setting PHP_DOCUMENT_ROOT in the environment and doc_root in php.ini
didn't seem to stop the attack (although setting doc_root stops
meter.php working, but not the attack), because PHP still happily serves
up a document from /tmp/myscript.php, and --enable-force-cgi-redirect
doesn't really have the potential to be of any help either because a
local attacker could just set the same environment variables as the
webserver to fake a redirect. I can't use the #!/usr/bin/php-cgi option
because this is a FastCGI and not a CGI setup.

What can I do to prevent this sort of local attack against my
suexec/PHP/FastCGI environment (short of getting a VPS or installing my
own patched PHP at least)?

Thanks and Best Wishes,
Andrew





  



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: mysql_query - CREATE DATABASE

2009-02-09 Thread Shawn McKenzie 
Shawn McKenzie wrote:
> R B wrote:
>> Hello,
>>
>> When i create a mysql database with the next command:
>>
>> mysql_query("CREATE DATABASE my_db",$con)
>>
>> In the server is created the database, but usually the name is created with
>> a prefix.
>>
>> In this case: someuser_my_db
>>
>> How can i detect with PHP the complete name of the new database created?
>>
>> Thanks
>>
> 
> There may be a better way, but off the top of my head, translate this to
> PHP:
> 
> use information_schema;
> select SCHEMA_NAME from SCHEMATA where SCHEMA_NAME like '%_my_db';
> 
> Now of course you could have multiples there, like user_my_db and
> user2_my_db.  Not sure about that, maybe it would be the last one in the
> returned records?
> 

Using mysql_list_dbs() and mysql_db_name()  would acheive the same,
however from the man page of mysql_db_name() there is a neat contib:

$result = mysql_query("SELECT DATABASE()");
$dbname = mysql_result($result, 0);

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: mysql_query - CREATE DATABASE

2009-02-09 Thread R B 
I´m creating a software that use a database, and i want to include a
install.php file to install the database
of the software.

I can create the database in the install.php file with

mysql_query("CREATE DATABASE my_db",$con)
But when is created, i don´t know the complete name of the database, because
a prefix is added.




On Mon, Feb 9, 2009 at 12:17 PM, Shawn McKenzie wrote:

>  R B wrote:
> > Hello,
> >
> > When i create a mysql database with the next command:
> >
> > mysql_query("CREATE DATABASE my_db",$con)
> >
> > In the server is created the database, but usually the name is created
> with
> > a prefix.
> >
> > In this case: someuser_my_db
> >
> > How can i detect with PHP the complete name of the new database created?
> >
> > Thanks
> >
>
> There may be a better way, but off the top of my head, translate this to
> PHP:
>
> use information_schema;
> select SCHEMA_NAME from SCHEMATA where SCHEMA_NAME like '%_my_db';
>
> Now of course you could have multiples there, like user_my_db and
> user2_my_db.  Not sure about that, maybe it would be the last one in the
> returned records?
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] sqlsrv vs Mssql

2009-02-09 Thread Andrew Williams 
MSsql unable to connect to the SQLserver2005 but not SQLserver2008

On Mon, Feb 9, 2009 at 6:11 PM, Andrew Williams
wrote:

> Hi,
>
> Can somebody help me with why I have communication problem using MSSQL with
> SQLserver 2005. Instead I am now using SQLSRV
>
> --
> Best Wishes
> Andrew Williams
>
>
>
>
>
> --
> Best Wishes
> Andrew Williams
>
>
>


-- 
Best Wishes
Andrew Williams

[PHP] Re: mysql_query - CREATE DATABASE

2009-02-09 Thread Shawn McKenzie 
R B wrote:
> Hello,
> 
> When i create a mysql database with the next command:
> 
> mysql_query("CREATE DATABASE my_db",$con)
> 
> In the server is created the database, but usually the name is created with
> a prefix.
> 
> In this case: someuser_my_db
> 
> How can i detect with PHP the complete name of the new database created?
> 
> Thanks
> 

There may be a better way, but off the top of my head, translate this to
PHP:

use information_schema;
select SCHEMA_NAME from SCHEMATA where SCHEMA_NAME like '%_my_db';

Now of course you could have multiples there, like user_my_db and
user2_my_db.  Not sure about that, maybe it would be the last one in the
returned records?

-- 
Thanks!
-Shawn
http://www.spidean.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] sqlsrv vs Mssql

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 1:11 PM, Andrew Williams
 wrote:
> Hi,
>
> Can somebody help me with why I have communication problem using MSSQL with
> SQLserver 2005. Instead I am now using SQLSRV
>
> --
> Best Wishes
> Andrew Williams

Care to be more specific?

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] sqlsrv vs Mssql

2009-02-09 Thread Andrew Williams 
Hi,

Can somebody help me with why I have communication problem using MSSQL with
SQLserver 2005. Instead I am now using SQLSRV

-- 
Best Wishes
Andrew Williams





-- 
Best Wishes
Andrew Williams

Re: [PHP] Newbie Help - No .php file extension

2009-02-09 Thread Thijs Lensselink 
Hibbert Miller wrote:
> Hello,I have been asked to install an existing PHP/MySQL application on a
> system using Windows Vista.
>   
What application are we talking about here?
Is it a known Open/Closed source application? Is it supposed to run on
windows?
> I have installed PHP 5.2.8, MySQL 5.1.31 and IIS 7.0. PHP is working as
> expected (I created a test page which displays the output from phpinfo()).
>
> The application in question posts to a login page from an index page called
> index.php. However, the form's action is simply set to "login", and not
> login.php as expected. Further checking revealed that all links in the
> application appear to exclude the file extensions.
>   
Sounds like this applications is making use of some sort of controller
to handle requests.
A lot of frameworks and applications make use of the MVC* pattern. That
could be a reason
why there's no .php extension. The call to login will probably result
into something like
http://host.tld/login, Which will be rewritten by the help of either
htaccess or php itself.
> I have combed through the php.ini file and have not been able to find any
> configuration setting that deal with this. I have also tried configuring IIS
> to send all requests to PHP by setting the Handler Mapping to "*" instead of
> just "*.php".
>   
Did there come a .htaccess file with the application? I'm not sure how
IIS handles these things.
Last time i touched IIS. It was still in 5.x version range...
> Thank you in advance for any information you may be able to provide.
>
> HM
>
>   


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mysql_query - CREATE DATABASE

2009-02-09 Thread R B 
Hello,

When i create a mysql database with the next command:

mysql_query("CREATE DATABASE my_db",$con)

In the server is created the database, but usually the name is created with
a prefix.

In this case: someuser_my_db

How can i detect with PHP the complete name of the new database created?

Thanks

Re: [PHP] Using DLL with PHP

2009-02-09 Thread Dan Shirah 
>
> I believe you do have to register it with regsvr32 for it to be visible.
>
> I think the GUID that Todd mentioned might even work, but I've only
> ever used the ProgID. If you don't know the ProgID that is registered,
> you should be able to find it in the Windows registry after you've
> registed it with regsvr32. If you search for the file name, it should
> find an entry somewhere under \HKEY_CLASSES_ROOT\CLSID\(some
> GUID)\InprocServer32 that has a value of the full path to your DLL
> file. The ProgID is the next key down below InprocServer32, labeled
> aptly "ProgID".
>
> Andrew
>
I might be out of luck.

When I try and run regsvr32 to register the file it says the "DLL was
loaded, but the DllRegistryServer entry point was not found. This file
cannot be registered."

Re: [PHP] Using DLL with PHP

2009-02-09 Thread Dan Shirah 
>
>  I can't help much, but this might get you started.
>
> 1) Does the DLL you are trying to use actually supports COM. I know some
> don't.
>
> 2) I'm pretty sure that the string you pass to new COM('...') should
> be the name the class as registered with Windows, not the actual file
> name. They are usually something like 'Scripting.FileSystemObject',
> 'word.application', 'ADODB.Recordset', etc.
>
>
>
> Andrew
>
The DLL I am trying to work with was written by an outside agency.

Their application uses this dll to convert DMS images (Their proprietary
format) to TIFF images.

Naturally they are not very forth coming to share the functionality of their
software, but I was able to get the VB function that calls the DLL for
conversion.

Private Declare Function DTM_CONVDMSToMultiTIFF Lib "D32_CONV.DLL" _
(ByVal FullPathFrom As String, ByVal FullPathTo As String) As
Integer

So, I was hoping to be able to call that DLL in PHP and pass it the two
values I specify in my application.

In order to be used by COM is the DLL required to be placed in the SYSTEM or
SYSTEM32 folder?

Or does it have to be a DLL that can be registered? Or placed in the SYSTEM
Path?

RE: [PHP] Using DLL with PHP

2009-02-09 Thread Boyd, Todd M. 
> -Original Message-
> From: Andrew Ballard [mailto:aball...@gmail.com]
> Sent: Monday, February 09, 2009 11:21 AM
> To: Dan Shirah
> Cc: Phpster; PHP-General list
> Subject: Re: [PHP] Using DLL with PHP
> 
> On Mon, Feb 9, 2009 at 12:10 PM, Dan Shirah 
> wrote:
> >> I can't help much, but this might get you started.
> >>
> >> 1) Does the DLL you are trying to use actually supports COM. I know
> some
> >> don't.
> >>
> >> 2) I'm pretty sure that the string you pass to new COM('...') should
> >> be the name the class as registered with Windows, not the actual
> file
> >> name. They are usually something like 'Scripting.FileSystemObject',
> >> 'word.application', 'ADODB.Recordset', etc.
> >>
> >>
> >>
> >> Andrew
> >
> > The DLL I am trying to work with was written by an outside agency.
> >
> > Their application uses this dll to convert DMS images (Their
> proprietary
> > format) to TIFF images.
> >
> > Naturally they are not very forth coming to share the functionality
> of their
> > software, but I was able to get the VB function that calls the DLL
> for
> > conversion.
> >
> > Private Declare Function DTM_CONVDMSToMultiTIFF Lib "D32_CONV.DLL" _
> > (ByVal FullPathFrom As String, ByVal FullPathTo As
> String) As
> > Integer
> >
> > So, I was hoping to be able to call that DLL in PHP and pass it the
> two
> > values I specify in my application.
> >
> > In order to be used by COM is the DLL required to be placed in the
> SYSTEM or
> > SYSTEM32 folder?
> 
> No. When I was doing an ASP (not .NET) site, we registered them from a
> custom path just for our web app.
> 
> > Or does it have to be a DLL that can be registered?
> 
> I believe you do have to register it with regsvr32 for it to be
> visible.
> 
> I think the GUID that Todd mentioned might even work, but I've only
> ever used the ProgID. If you don't know the ProgID that is registered,
> you should be able to find it in the Windows registry after you've
> registed it with regsvr32. If you search for the file name, it should
> find an entry somewhere under \HKEY_CLASSES_ROOT\CLSID\(some
> GUID)\InprocServer32 that has a value of the full path to your DLL
> file. The ProgID is the next key down below InprocServer32, labeled
> aptly "ProgID".

I believe that the GUID will only be used to look-up class libraries that have 
already been registered (either via regsvr32 or via the Global Assembly Cache 
in c:\Windows\Assembly). I believe your ProgID suggestion will work just fine 
for pre-.NET DLLs, anyway. :)


// Todd

Re: [PHP] php validate user password

2009-02-09 Thread Jan G.B. 
2009/2/9 Stuart :
> 2009/2/9 Jan G.B. :
>> 2009/2/9 Stuart :
>>> I would also advise against stripping and trimming
>>> anything from passwords.
>>>
>> Trimming could be left out but it minimizes user errors and users
>> pretending to know their password.
>> (Like copy/paste from a passwords-file with added spaces on the end, etc..)
>
> Not sure what you mean by users pretending to know their password,

Well, as soon as you come into contact with the support team of a
quite big online store/community or so, you will see that there are
trillions of users pretending stuff you couldn't ever think of
before.. these people have the PEBCAK-Syndrome.. But that's quite
offtopic ..here.  :-)

But I must admit - as a "power user" you would expect that whitespace
as a suffix or prefix would not be stripped.

Regards

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Per Jessen 
Paul M Foster wrote:

> PHP is *not* a good example for OO. There are a lot of OO principles
> it doesn't follow.
> 
> I would have suggested Smalltalk, the original OO language, except
> that no one uses it any more, and other languages don't necessarily
> fully implement OO as done in Smalltalk. You're right about using a 
> language which implements OO in a realistic way for today's
> programmers.

Depends exactly what Tedds class is meant to be - whether it's about
programming or computer science.  For the latter, Eiffel is also a good
OO language.


/Per

-- 
Per Jessen, Zürich (1.9°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php validate user password

2009-02-09 Thread tedd 

At 10:41 AM -0600 2/9/09, Boyd, Todd M. wrote:

 > -Original Message-
 > From: tedd [mailto:tedd.sperl...@gmail.com]

 > Granted, there are things here that are above my head -- I am not

 passing myself off as an expert but rather as someone proposing ideas
 to see if they pass or fail.


I don't think "Security By Obscurity" gets a fair shake anymore in
today's security world. Sure, it would be horrible to employ it
exclusively, but I think the added layer of abstraction that comes along
with it is a wonderful benefit to any application's security procedures.

The salt itself could be considered security by obscurity, since it is
being passed through the same algorithm as what you're hashing to begin
with. This might be a stretch, though. :)

I say, "Huzzah, tedd. Good idea."

Hash + Obscurity > Hash + Nothing


I understand, but a hash is nothing more than an algorithm. An 
algorithm is nothing more that a standardized way of doing something 
-- it's the same as a function.


If I add a suffix, or prefix, to a password and use that, it's just 
another step in the algorithm process. I have not obscured the 
process, I've just added another step to it.


Over the years I have seen all sorts of ways to transmit data from 
one point to another, and that's really what we are doing here. We 
are just trying to protect the data from when it's exposed to a third 
party. There are many ways to do that.


I think the MD5() hash is a pretty good way and if the weakness is 
the user's lack of uniqueness in determining their passwords, then we 
can focus on that problem instead of looking to another hash. And 
besides, the solution presented was to create a salt and use that -- 
that's just another step in the algorithm process not much different 
than what I propose.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Eric Butera 
On Mon, Feb 9, 2009 at 12:19 PM, Stuart  wrote:
> 2009/2/9 tedd :
>> Hi gang:
>>
>> At the college where I teach, they are considering teaching OOP, but they
>> don't want to settle on a specific language.
>>
>> My thoughts are it's difficult to teach OOP without a language -- while the
>> general concepts of OOP are interesting, people need to see how concepts are
>> applied to understand how they work -- thus I think a specific language is
>> required
>>
>> I lean toward C++ because I wrote in it for a few years AND C++ appears to
>> be the most common, widespread, and popular OOP language.
>>
>> However, while I don't know PHP OOP, I am open to considering it because of
>> the proliferation of web based applications. My personal opinion is that's
>> where all programming is headed anyway, but that's just my opinion.
>>
>> With that said, what's the differences and advantages/disadvantages between
>> C++ and PHP OOP?
>
> C++ is a good option, but if OOP is the focus it might be better to
> use Java or similar where you don't need to worry so much about memory
> management. If you're dealing with people who know C then C++ will
> work well, otherwise not. The worst thing you can do is skip over the
> details of C++ development because you want to focus on OOP. You'll
> end up with a bunch of people who *think* they can code in C++ but
> really haven't got a clue.
>
> Personally I'd have preferred my university to use Smalltalk, but none
> of the professors knew it so I had to teach myself. It's the original
> and IMHO still the best implementation of OOP concepts around.
>
> -Stuart
>
> --
> http://stut.net/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

"Actually I made up the term "object-oriented", and I can tell you I
did not have C++ in mind."
http://video.google.com/videoplay?docid=-2950949730059754521
http://en.wikiquote.org/wiki/Alan_Kay


-- 
http://www.voom.me | EFnet: #voom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Paul M Foster 
On Mon, Feb 09, 2009 at 11:02:37AM -0500, tedd wrote:

> Hi gang:
>
> At the college where I teach, they are considering teaching OOP, but
> they don't want to settle on a specific language.
>
> My thoughts are it's difficult to teach OOP without a language --
> while the general concepts of OOP are interesting, people need to see
> how concepts are applied to understand how they work -- thus I think
> a specific language is required
>
> I lean toward C++ because I wrote in it for a few years AND C++
> appears to be the most common, widespread, and popular OOP language.
>
> However, while I don't know PHP OOP, I am open to considering it
> because of the proliferation of web based applications. My personal
> opinion is that's where all programming is headed anyway, but that's
> just my opinion.
>
> With that said, what's the differences and advantages/disadvantages
> between C++ and PHP OOP?

I don't know Java, but I suspect it's a more purely OO language than
C++. I *have* coded in C++, and the OO aspects of C++ are like a bolt-on
on the C language. There are some odd aspects of C++ because of its
history as originally a preprocessor hack on top of C.

PHP is *not* a good example for OO. There are a lot of OO principles it
doesn't follow.

I would have suggested Smalltalk, the original OO language, except that
no one uses it any more, and other languages don't necessarily fully
implement OO as done in Smalltalk. You're right about using a language
which implements OO in a realistic way for today's programmers.

I also agree you need a language in which to teach OO. Otherwise, this
is all just theory, and won't stick with the students. Imagine learning
algebra but never solving equations in the class. You'd forget the whole
thing ten minutes after the class was over.

In fact, it seems a little backward to teach OO programming as a lone
subject. I would instead opt for teaching a language first, and OO as a
secondary part of that course. Learning C++ will go a long way in
assisting the student to learn Java, or vice versa. My experience
programming C has been invaluable in coding under PHP.

As a side note, I think students should learn a language like C before
learning something like Perl, Python or PHP. Having to deal with
defining/declaring variables and their storage methods before use I
think makes for more conscientious programmers. And pointers are an
education all on their own. ;-}

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using DLL with PHP

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 12:10 PM, Dan Shirah  wrote:
>> I can't help much, but this might get you started.
>>
>> 1) Does the DLL you are trying to use actually supports COM. I know some
>> don't.
>>
>> 2) I'm pretty sure that the string you pass to new COM('...') should
>> be the name the class as registered with Windows, not the actual file
>> name. They are usually something like 'Scripting.FileSystemObject',
>> 'word.application', 'ADODB.Recordset', etc.
>>
>>
>>
>> Andrew
>
> The DLL I am trying to work with was written by an outside agency.
>
> Their application uses this dll to convert DMS images (Their proprietary
> format) to TIFF images.
>
> Naturally they are not very forth coming to share the functionality of their
> software, but I was able to get the VB function that calls the DLL for
> conversion.
>
> Private Declare Function DTM_CONVDMSToMultiTIFF Lib "D32_CONV.DLL" _
> (ByVal FullPathFrom As String, ByVal FullPathTo As String) As
> Integer
>
> So, I was hoping to be able to call that DLL in PHP and pass it the two
> values I specify in my application.
>
> In order to be used by COM is the DLL required to be placed in the SYSTEM or
> SYSTEM32 folder?

No. When I was doing an ASP (not .NET) site, we registered them from a
custom path just for our web app.

> Or does it have to be a DLL that can be registered?

I believe you do have to register it with regsvr32 for it to be visible.

I think the GUID that Todd mentioned might even work, but I've only
ever used the ProgID. If you don't know the ProgID that is registered,
you should be able to find it in the Windows registry after you've
registed it with regsvr32. If you search for the file name, it should
find an entry somewhere under \HKEY_CLASSES_ROOT\CLSID\(some
GUID)\InprocServer32 that has a value of the full path to your DLL
file. The ProgID is the next key down below InprocServer32, labeled
aptly "ProgID".

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Stuart 
2009/2/9 tedd :
> Hi gang:
>
> At the college where I teach, they are considering teaching OOP, but they
> don't want to settle on a specific language.
>
> My thoughts are it's difficult to teach OOP without a language -- while the
> general concepts of OOP are interesting, people need to see how concepts are
> applied to understand how they work -- thus I think a specific language is
> required
>
> I lean toward C++ because I wrote in it for a few years AND C++ appears to
> be the most common, widespread, and popular OOP language.
>
> However, while I don't know PHP OOP, I am open to considering it because of
> the proliferation of web based applications. My personal opinion is that's
> where all programming is headed anyway, but that's just my opinion.
>
> With that said, what's the differences and advantages/disadvantages between
> C++ and PHP OOP?

C++ is a good option, but if OOP is the focus it might be better to
use Java or similar where you don't need to worry so much about memory
management. If you're dealing with people who know C then C++ will
work well, otherwise not. The worst thing you can do is skip over the
details of C++ development because you want to focus on OOP. You'll
end up with a bunch of people who *think* they can code in C++ but
really haven't got a clue.

Personally I'd have preferred my university to use Smalltalk, but none
of the professors knew it so I had to teach myself. It's the original
and IMHO still the best implementation of OOP concepts around.

-Stuart

-- 
http://stut.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Stuart 
2009/2/9 Andrew Ballard :
> On Mon, Feb 9, 2009 at 11:10 AM, tedd  wrote:
>> At 10:02 AM -0500 2/9/09, Andrew Ballard wrote:
>>>
>>> On Sun, Feb 8, 2009 at 3:37 PM, Paul M Foster 
>>> wrote:
>>>
>>>  > Perhaps a better question then might be how many IIS servers are there

  out there compared to Apache. Apache servers uniformly support PHP, but
  I think only IIS servers support ASP (I could be wrong).
>>>
>>> We're running PHP under IIS where I currently work. For that matter,
>>> I'm pretty sure the headers spit out that both ASP.NET and PHP are
>>> supported on these machines, even though we're not currently using
>>> ASP.NET.
>>
>> So using IIS v Apache is not a good measure for trying to determine php and
>> asp numbers, right?
>>
>> Cheers,
>>
>> tedd
>
> Probably not. For that matter, ColdFusion under both IIS and Apache on
> either Windows or Linux (though the only couple installations I've
> seen have been on Windows/IIS). You could get a reasonable ballpark
> from something like netcraft, but I think Stuart is right on the money
> when it comes to the problems you'll have with margin of error. For
> that matter, I wonder how useful some of the newer smashups I've seen
> like builtwith.com really can be, if sites are configured to hide the
> headers that identify the server software and/or supported languages.

builtwith.com actually state on their site that "many sites report PHP
usage even if it is not being used" so they know their methods are not
at all accurate. In fact for two of the sites I maintain it's way off
because they don't expose the use of PHP or Apache.

-Stuart

-- 
http://stut.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Per Jessen 
tedd wrote:

> I lean toward C++ because I wrote in it for a few years AND C++
> appears to be the most common, widespread, and popular OOP language.

I would agree, although I suspect Java is also a good candidate.

> However, while I don't know PHP OOP, I am open to considering it
> because of the proliferation of web based applications. 

Don't - compile-time type checking is essential to OOP.

> My personal opinion is that's where all programming is headed anyway,
> but that's just my opinion.

Which you're certainly entitled to - I just can't quite see the Linux
kernel or bind or an audio driver written as a web-app or in php :-)


/Per

-- 
Per Jessen, Zürich (1.6°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Fwd: [PHP] Interface OOP

2009-02-09 Thread Jochem Maas 
each class should focus on a single area of responsibility.
therefore the login check doesn't belong in class A or B,
instead it belongs in the code consuming the functionality
of said classes.

validate())
$bee->ExtractRawData();

?>

you could alternatively look into either extending the login
class or using a decorator pattern (is that the right name?),
or even registry pattern, e.g.:

validate())
$this->processExtract();

}   

private function processExtract() {]
}

class MyRegistry
{
private $objects = array();

function get($cls) {
if (!isset(self::$objects[$cls]) || !self::$objects[$cls] 
instanceof $cls)
throw new Exception("$cls not registered!");
}

function set($obj) {
if (!is_object($obj))
throw new Exception("gimme an object!");

self::$objects[ get_class($obj) ] = $obj;
}
}

MyRegistry::set(new login($pwd, $acc, $customerAcc));

$a = new A;
$a->extract();

?>

Andrew Williams schreef:
> Hi,
> 
> I am working on a back end OOP project with about about 18 classes of Object
> but some of the Objects shear one or two functions in common, like external
> login system . What is the best way to avoid a repeatable function among the
> classes without using global object instance.
> 
> class a{
> 
> function ExtractRawData()
> {
>global  loginObj;
>*if($loginObj;->GetLoginSession(){*
>  ///process
>   }
> }
> 
> }
> 
> class b{
> 
> function JohnXchange()
> {
>global  loginObj;
>   *if($loginObj;->GetLoginSession(){*
>  ///process
>  }
> }
> }
> 
> class login(
> 
> function loginSession($pwd, $acc, $customerAcc)
> {
>   $this ->validate = connect to externalServerObject($pwd, $acc,
> $customerAcc);
> }
>  *GetLoginSession()*
> {
>return $this ->validate;
> }
> }
> 
> 
> 
> Andrew Williams
> http//www.willandy.co.uk
> 
> 
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Per Jessen 
tedd wrote:

> I lean toward C++ because I wrote in it for a few years AND C++
> appears to be the most common, widespread, and popular OOP language.

I would agree, although I suspect Java is also a good candidate.

> However, while I don't know PHP OOP, I am open to considering it
> because of the proliferation of web based applications. 

Don't - compile-time type checking is essential to OOP.

> My personal opinion is that's where all programming is headed anyway,
> but that's just my opinion.

Which you're certainly entitled to - I just can't quite see the Linux
kernel or bind or an audio driver written as a web-app :-)


/Per

-- 
Per Jessen, Zürich (1.6°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Securing suexec PHP against local attacks by the webserveruser

2009-02-09 Thread Shawn McKenzie 
Jochem Maas wrote:
> Andrew schreef:
>> Hi,
>>
> 
> 
> 
>> As an example of the attack...
>> $ whoami
>> www-data
> 
> isn't the whole point of suexec/PHP/FastCGI that the local user
> has no access to the www-data account ... suexec switches to the
> users account from the webserver account not the other way around.
> 
> so the attack is moot unless there is a completely different security
> hole that allows the user to run stuff as www-data.
> 
> or am I being thick? ... could well be, socialists are renowned
> for their stupidity ... just look at the eminent socialist George W.
> Bush.
> 
> so if I am being thick ... I would appreciate an explaination
> as to how the webuser account manages to run stuff in the context of
> the webserver account, if you have the inclination.
> 
> PS - that last bit about socialism is off topic
> PPS - I don't think I'm a much of a socialist
> PPPS - I'm sure do I suffer from stupidity now and again
> S - but not as much as the guy whose world-view manages to
> put Dubya into a socialist pidgeonhole.

Haha!

-the guy (I assume)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Nathan Rixham 

Eric Butera wrote:

On Mon, Feb 9, 2009 at 11:20 AM, Thodoris  wrote:

Hi gang:

At the college where I teach, they are considering teaching OOP, but they
don't want to settle on a specific language.

My thoughts are it's difficult to teach OOP without a language -- while
the general concepts of OOP are interesting, people need to see how concepts
are applied to understand how they work -- thus I think a specific language
is required

I lean toward C++ because I wrote in it for a few years AND C++ appears to
be the most common, widespread, and popular OOP language.

However, while I don't know PHP OOP, I am open to considering it because
of the proliferation of web based applications. My personal opinion is
that's where all programming is headed anyway, but that's just my opinion.

With that said, what's the differences and advantages/disadvantages
between C++ and PHP OOP?

Cheers,

tedd


IMHO I think that you are right about using a specific language and you
should strongly insist on that. Someone needs to see how objects are taking
flesh and bones in real life and not just theoretically.

You could consider Java as well before taking your final decision.

--
Thodoris


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Especially since PHP is trying to be Java. :)



take a wild guess as to what I'm going to day.. java is v good language 
to learn OO specific principals and I'd strongly recommend it - while I 
may get more done with php oo practically, I learn and undertand a lot 
more with java.


regards!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php validate user password

2009-02-09 Thread Boyd, Todd M. 
> -Original Message-
> From: tedd [mailto:tedd.sperl...@gmail.com]
> Sent: Monday, February 09, 2009 10:30 AM
> To: Bruno Fajardo
> Cc: PHP General
> Subject: Re: [PHP] php validate user password
> 
> At 12:20 PM -0300 2/9/09, Bruno Fajardo wrote:
> >tedd,
> >
> >I think that the problem of the "duplicated hashes" in the database
> >(in the case of two users using the same password) persists with a
> >constant prefix in the passwords. Although the random salt portion
get
> >stored in the database concatenated to the hash, the attacker don't
> >know the string length of the salt, making the attack very difficult.
> 
> 
> I've seen many duplicate password hashes in databases. Get a user
> number in the thousands and it's almost certain you'll have duplicate
> passwords. People just cannot create unique passwords.
> 
> The article discussed using a random salt to avoid this, I got the
> message.
> 
> I was just saying that even if there are duplicates, that doesn't
> make solving the hash any easier -- it just focuses the attention of
> the cracker to those duplicates. In some cases, I could see that as
> another way to foil a cracker by deliberately having those records in
> a database without a solution.
> 
> For example, I could have a duplicate hash appear five times in a 5K
> population -- that certainly would become a focus for a cracker.
> However, I could also have my code looking for that hash and never
> provide a solution regardless of what the cracker does -- do you see
> what I mean?
> 
> Granted, there are things here that are above my head -- I am not
> passing myself off as an expert but rather as someone proposing ideas
> to see if they pass or fail.

I don't think "Security By Obscurity" gets a fair shake anymore in
today's security world. Sure, it would be horrible to employ it
exclusively, but I think the added layer of abstraction that comes along
with it is a wonderful benefit to any application's security procedures.

The salt itself could be considered security by obscurity, since it is
being passed through the same algorithm as what you're hashing to begin
with. This might be a stretch, though. :)

I say, "Huzzah, tedd. Good idea."

Hash + Obscurity > Hash + Nothing


// Todd

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Using DLL with PHP

2009-02-09 Thread Boyd, Todd M. 
> -Original Message-
> From: Andrew Ballard [mailto:aball...@gmail.com]
> Sent: Monday, February 09, 2009 10:30 AM
> To: Dan Shirah
> Cc: Phpster; PHP-General list
> Subject: Re: [PHP] Using DLL with PHP
> 
> On Mon, Feb 9, 2009 at 11:10 AM, Dan Shirah 
> wrote:
> >>
> >> Check out the com [www.php.net/com] functionality
> >>
> >> Bastien
> >>
> > Alrighty, I'm trying to use the COM function, but not getting much of
> > anywhere.
> >
> > This is what I have:
> >
> >  > // The VB function for reference
> > /*function DTM_CONVDMSToMultiTIFF Lib "D32_CONV.DLL" _
> > (ByVal FullPathFrom As String, ByVal FullPathTo As String) As
> Integer*/
> >
> > //Create a function in PHP to call the DLL
> > function DMStoTIFF() {
> > $my_com = new COM('D32_CONV.DLL');
> > $output = $my_com->DTM_CONVDMSToMultiTIFF("C:\TEST\04186177.dms",
> > "C:\TEST\04186177.tiff");
> > }
> > DMStoTIFF();
> > ?>
> >
> > But I am getting the error below:
> >
> > *Fatal error*: Uncaught exception 'com_exception' with message
> 'Failed to
> > create COM object `D32_CONV.DLL': Invalid syntax
> >
> > Any ideas?
> >
> 
> I can't help much, but this might get you started.
> 
> 1) Does the DLL you are trying to use actually supports COM. I know
> some don't.
> 
> 2) I'm pretty sure that the string you pass to new COM('...') should
> be the name the class as registered with Windows, not the actual file
> name. They are usually something like 'Scripting.FileSystemObject',
> 'word.application', 'ADODB.Recordset', etc.

I believe you can also call it by its Public Key Token (a GUID), though that 
may be a new convention introduced with the .NET framework that is not 
backwards-compatible with "plain" COM objects...


// Todd

Re: [PHP] Adding Records & Capture The New Record ID

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 11:32 AM, tedd  wrote:
> At 11:15 AM -0500 2/9/09, Andrew Ballard wrote:
>>
>> On Mon, Feb 9, 2009 at 11:05 AM, tedd  wrote:
>>
>>  > I've learned something new every day of my life -- and I'm getting
>> damned
>>  > tried of it.
>>
>> Well, you probably know what they say about the day you stop learning
>
> Yeah, you got a job with the government.
>

Ouch! (I work for a state univ.) LOL

I was thinking more along the lines of "the day you stop learning is
the day you stop breathing." Then again, maybe we're just saying the
same thing.

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Adding Records & Capture The New Record ID

2009-02-09 Thread tedd 

At 11:15 AM -0500 2/9/09, Andrew Ballard wrote:

On Mon, Feb 9, 2009 at 11:05 AM, tedd  wrote:

 > I've learned something new every day of my life -- and I'm getting damned
 > tried of it.

Well, you probably know what they say about the day you stop learning


Yeah, you got a job with the government.

Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using DLL with PHP

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 11:10 AM, Dan Shirah  wrote:
>>
>> Check out the com [www.php.net/com] functionality
>>
>> Bastien
>>
> Alrighty, I'm trying to use the COM function, but not getting much of
> anywhere.
>
> This is what I have:
>
>  // The VB function for reference
> /*function DTM_CONVDMSToMultiTIFF Lib "D32_CONV.DLL" _
> (ByVal FullPathFrom As String, ByVal FullPathTo As String) As Integer*/
>
> //Create a function in PHP to call the DLL
> function DMStoTIFF() {
> $my_com = new COM('D32_CONV.DLL');
> $output = $my_com->DTM_CONVDMSToMultiTIFF("C:\TEST\04186177.dms",
> "C:\TEST\04186177.tiff");
> }
> DMStoTIFF();
> ?>
>
> But I am getting the error below:
>
> *Fatal error*: Uncaught exception 'com_exception' with message 'Failed to
> create COM object `D32_CONV.DLL': Invalid syntax
>
> Any ideas?
>

I can't help much, but this might get you started.

1) Does the DLL you are trying to use actually supports COM. I know some don't.

2) I'm pretty sure that the string you pass to new COM('...') should
be the name the class as registered with Windows, not the actual file
name. They are usually something like 'Scripting.FileSystemObject',
'word.application', 'ADODB.Recordset', etc.



Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php validate user password

2009-02-09 Thread tedd 

At 12:20 PM -0300 2/9/09, Bruno Fajardo wrote:

tedd,

I think that the problem of the "duplicated hashes" in the database
(in the case of two users using the same password) persists with a
constant prefix in the passwords. Although the random salt portion get
stored in the database concatenated to the hash, the attacker don't
know the string length of the salt, making the attack very difficult.



I've seen many duplicate password hashes in databases. Get a user 
number in the thousands and it's almost certain you'll have duplicate 
passwords. People just cannot create unique passwords.


The article discussed using a random salt to avoid this, I got the message.

I was just saying that even if there are duplicates, that doesn't 
make solving the hash any easier -- it just focuses the attention of 
the cracker to those duplicates. In some cases, I could see that as 
another way to foil a cracker by deliberately having those records in 
a database without a solution.


For example, I could have a duplicate hash appear five times in a 5K 
population -- that certainly would become a focus for a cracker. 
However, I could also have my code looking for that hash and never 
provide a solution regardless of what the cracker does -- do you see 
what I mean?


Granted, there are things here that are above my head -- I am not 
passing myself off as an expert but rather as someone proposing ideas 
to see if they pass or fail.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Eric Butera 
On Mon, Feb 9, 2009 at 11:20 AM, Thodoris  wrote:
>
>> Hi gang:
>>
>> At the college where I teach, they are considering teaching OOP, but they
>> don't want to settle on a specific language.
>>
>> My thoughts are it's difficult to teach OOP without a language -- while
>> the general concepts of OOP are interesting, people need to see how concepts
>> are applied to understand how they work -- thus I think a specific language
>> is required
>>
>> I lean toward C++ because I wrote in it for a few years AND C++ appears to
>> be the most common, widespread, and popular OOP language.
>>
>> However, while I don't know PHP OOP, I am open to considering it because
>> of the proliferation of web based applications. My personal opinion is
>> that's where all programming is headed anyway, but that's just my opinion.
>>
>> With that said, what's the differences and advantages/disadvantages
>> between C++ and PHP OOP?
>>
>> Cheers,
>>
>> tedd
>>
>
> IMHO I think that you are right about using a specific language and you
> should strongly insist on that. Someone needs to see how objects are taking
> flesh and bones in real life and not just theoretically.
>
> You could consider Java as well before taking your final decision.
>
> --
> Thodoris
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Especially since PHP is trying to be Java. :)

-- 
http://www.voom.me | EFnet: #voom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 11:10 AM, tedd  wrote:
> At 10:02 AM -0500 2/9/09, Andrew Ballard wrote:
>>
>> On Sun, Feb 8, 2009 at 3:37 PM, Paul M Foster 
>> wrote:
>>
>>  > Perhaps a better question then might be how many IIS servers are there
>>>
>>>  out there compared to Apache. Apache servers uniformly support PHP, but
>>>  I think only IIS servers support ASP (I could be wrong).
>>
>> We're running PHP under IIS where I currently work. For that matter,
>> I'm pretty sure the headers spit out that both ASP.NET and PHP are
>> supported on these machines, even though we're not currently using
>> ASP.NET.
>
> So using IIS v Apache is not a good measure for trying to determine php and
> asp numbers, right?
>
> Cheers,
>
> tedd

Probably not. For that matter, ColdFusion under both IIS and Apache on
either Windows or Linux (though the only couple installations I've
seen have been on Windows/IIS). You could get a reasonable ballpark
from something like netcraft, but I think Stuart is right on the money
when it comes to the problems you'll have with margin of error. For
that matter, I wonder how useful some of the newer smashups I've seen
like builtwith.com really can be, if sites are configured to hide the
headers that identify the server software and/or supported languages.

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP OOP

2009-02-09 Thread Thodoris 



Hi gang:

At the college where I teach, they are considering teaching OOP, but 
they don't want to settle on a specific language.


My thoughts are it's difficult to teach OOP without a language -- 
while the general concepts of OOP are interesting, people need to see 
how concepts are applied to understand how they work -- thus I think a 
specific language is required


I lean toward C++ because I wrote in it for a few years AND C++ 
appears to be the most common, widespread, and popular OOP language.


However, while I don't know PHP OOP, I am open to considering it 
because of the proliferation of web based applications. My personal 
opinion is that's where all programming is headed anyway, but that's 
just my opinion.


With that said, what's the differences and advantages/disadvantages 
between C++ and PHP OOP?


Cheers,

tedd



IMHO I think that you are right about using a specific language and you 
should strongly insist on that. Someone needs to see how objects are 
taking flesh and bones in real life and not just theoretically.


You could consider Java as well before taking your final decision.

--
Thodoris


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Adding Records & Capture The New Record ID

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 11:05 AM, tedd  wrote:
> At 10:55 AM -0500 2/9/09, Andrew Ballard wrote:
>>
>> -snip-
>>
>> Andrew
>
> As I said many times before.
>
> I've learned something new every day of my life -- and I'm getting damned
> tried of it.
>
> Thanks for the lesson.
>
> Cheers,
>
> tedd

Well, you probably know what they say about the day you stop learning


Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Interface OOP

2009-02-09 Thread Nathan Nobbe 
On Mon, Feb 9, 2009 at 8:46 AM, Andrew Williams
wrote:

> Hi,
>
> I am working on a back end OOP project with about about 18 classes of
> Object
> but some of the Objects shear one or two functions in common, like external
> login system . What is the best way to avoid a repeatable function among
> the
> classes without using global object instance.
>
> class a{
>
> function ExtractRawData()
> {
>   global  loginObj;
>   *if($loginObj;->GetLoginSession(){*
> ///process
>  }
> }
>
> }
>
> class b{
>
> function JohnXchange()
> {
>   global  loginObj;
>  *if($loginObj;->GetLoginSession(){*
> ///process
>  }
> }
> }
>
> class login(
>
> function loginSession($pwd, $acc, $customerAcc)
> {
>  $this ->validate = connect to externalServerObject($pwd, $acc,
> $customerAcc);
> }
>  *GetLoginSession()*
> {
>   return $this ->validate;
> }
> }


just make your login class into a singleton.

class login {
  private static $instance = null;

 private function __construct() {}  // restrict access to constructor

  public static function getInstance() {
if(is_null(self::$instance)
  self::$instance = new login();
return self::$instance;
  }
  // 
}

then from your other classes, you just call the login::getInstance() method
to get a handle to the 'global' or single instance of the login class.  from
there you can invoke public instance methods like GetLoginSession().

class a {
  function ExtractRawData() {
if(login::getInstance()->GetLoginSession()) {
  // process
}
  }

class b {
  function JohnXchange() {
if(login::getInstance()->getLoginSession()) {
  // process
}
  }
}

you can read about the singleton pattern in many places on the web and there
are lots of written books about design patterns which you might find useful.

-nathan

Re: [PHP] PHP usage stats

2009-02-09 Thread tedd 

At 10:02 AM -0500 2/9/09, Andrew Ballard wrote:

On Sun, Feb 8, 2009 at 3:37 PM, Paul M Foster  wrote:

 > Perhaps a better question then might be how many IIS servers are there

 out there compared to Apache. Apache servers uniformly support PHP, but
 I think only IIS servers support ASP (I could be wrong).


We're running PHP under IIS where I currently work. For that matter,
I'm pretty sure the headers spit out that both ASP.NET and PHP are
supported on these machines, even though we're not currently using
ASP.NET.


So using IIS v Apache is not a good measure for trying to determine 
php and asp numbers, right?


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Using DLL with PHP

2009-02-09 Thread Dan Shirah 
>
> Check out the com [www.php.net/com] functionality
>
> Bastien
>
Alrighty, I'm trying to use the COM function, but not getting much of
anywhere.

This is what I have:

DTM_CONVDMSToMultiTIFF("C:\TEST\04186177.dms",
"C:\TEST\04186177.tiff");
}
DMStoTIFF();
?>

But I am getting the error below:

*Fatal error*: Uncaught exception 'com_exception' with message 'Failed to
create COM object `D32_CONV.DLL': Invalid syntax

Any ideas?

Re: [PHP] PHP OOP

2009-02-09 Thread Kyle Terry 
On Mon, Feb 9, 2009 at 8:02 AM, tedd  wrote:
> Hi gang:
>
> At the college where I teach, they are considering teaching OOP, but they
> don't want to settle on a specific language.
>
> My thoughts are it's difficult to teach OOP without a language -- while the
> general concepts of OOP are interesting, people need to see how concepts are
> applied to understand how they work -- thus I think a specific language is
> required
>
> I lean toward C++ because I wrote in it for a few years AND C++ appears to
> be the most common, widespread, and popular OOP language.
>
> However, while I don't know PHP OOP, I am open to considering it because of
> the proliferation of web based applications. My personal opinion is that's
> where all programming is headed anyway, but that's just my opinion.
>
> With that said, what's the differences and advantages/disadvantages between
> C++ and PHP OOP?
>
> Cheers,
>
> tedd
>
>
> --
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

In my personal opinion, C++ would probably be the best language to
teach OOP concepts in. That or Python.

-- 
Kyle Terry | www.kyleterry.com
Help kick start VOOM (Very Open Object Model) for a library of PHP classes.
http://www.voom.me | IRC EFNet #voom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Adding Records & Capture The New Record ID

2009-02-09 Thread tedd 

At 10:55 AM -0500 2/9/09, Andrew Ballard wrote:

-snip-

Andrew


As I said many times before.

I've learned something new every day of my life -- and I'm getting 
damned tried of it.


Thanks for the lesson.

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread tedd 

At 2:41 PM + 2/9/09, Stuart wrote:

I think people are like that everywhere, particularly above a certain
level of management in my experience. I wish you luck in convincing
them but I've found that PHP rarely wins when put up against the sales
and marketing budgets available to Microsoft and Oracle.

It's going to take a while for the majority of people to stop equating
free with worthless or risky when the truth is that products from
closed corporations carry more risk than open source software. You
should tell them your QuickBasic story - that might start some mental
cogs turning in their heads.


Yes, that's another story.

Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP OOP

2009-02-09 Thread tedd 

Hi gang:

At the college where I teach, they are considering teaching OOP, but 
they don't want to settle on a specific language.


My thoughts are it's difficult to teach OOP without a language -- 
while the general concepts of OOP are interesting, people need to see 
how concepts are applied to understand how they work -- thus I think 
a specific language is required


I lean toward C++ because I wrote in it for a few years AND C++ 
appears to be the most common, widespread, and popular OOP language.


However, while I don't know PHP OOP, I am open to considering it 
because of the proliferation of web based applications. My personal 
opinion is that's where all programming is headed anyway, but that's 
just my opinion.


With that said, what's the differences and advantages/disadvantages 
between C++ and PHP OOP?


Cheers,

tedd


--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Adding Records & Capture The New Record ID

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 10:27 AM, tedd  wrote:
> At 9:54 AM -0500 2/9/09, Andrew Ballard wrote:
>>
>> You are right, but the point is that if you intend something to be
>> unique then you should declare it as such in the database.
>
> We didn't discuss that.
>
> You are saying that if I checked my database for a email address and find
> it's not there [1] and then create a record for it [2] that sometime after
> [1] and before [2] someone else could create a record with the exact same
> email address -- is that it?

Yes. For small sites with little traffice this is probably unlikely,
but it's possible.

> If so, then there would be two records with the same email address -- that
> would be a problem regardless of if I was asking for the email address or
> the record's ID. On one hand I would get the record that someone else just
> created and on the other hand, I would get the record I just created. In
> either case, it would be a mistake -- I see.
>
> Also, if the field was declared as unique, then my script to create my
> record would fail.

Correct, but I believe it does so silently, meaning you'll have to
check for mysql_error() to make sure no errors were returned and/or
mysql_affected_rows() === 1 to make sure that exactly one record was
inserted.

> So the only way to do this properly is to declare the field unique, lock
> down the database between [1] and [2] and check for errors afterwards --
> interesting.

Close, but not exactly. If you declare a UNIQUE INDEX on the column,
you don't need to lock down the database between 1 and 2. The DBMS
should handle that for you internally. You just run your insert
process as normal, except that you add a check afterward to make sure
that it was successful (which you should be doing anyway).

Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Securing suexec PHP against local attacks by the webserver user

2009-02-09 Thread Jochem Maas 
Andrew schreef:
> Hi,
> 



> 
> As an example of the attack...
> $ whoami
> www-data

isn't the whole point of suexec/PHP/FastCGI that the local user
has no access to the www-data account ... suexec switches to the
users account from the webserver account not the other way around.

so the attack is moot unless there is a completely different security
hole that allows the user to run stuff as www-data.

or am I being thick? ... could well be, socialists are renowned
for their stupidity ... just look at the eminent socialist George W.
Bush.

so if I am being thick ... I would appreciate an explaination
as to how the webuser account manages to run stuff in the context of
the webserver account, if you have the inclination.

PS - that last bit about socialism is off topic
PPS - I don't think I'm a much of a socialist
PPPS - I'm sure do I suffer from stupidity now and again
S - but not as much as the guy whose world-view manages to
put Dubya into a socialist pidgeonhole.

> $ cat >/tmp/myscript.php
> /tmp/compromised.txt');
> $ SCRIPT_FILENAME=/tmp/myscript.php
> PATH_INFO=/home/wwjargon/public_html/meter.php /usr/lib/apache2/suexec
> "~wwjargon" wwjargon php.fcgi
> X-Powered-By: PHP/5.2.6-2ubuntu4
> Content-type: text/html
> 
> $ cat /tmp/compromised.txt
> wwjargon
> 
> I could make this attack a bit harder by changing the environment
> variables in php.fcgi so it would only work for FastCGI and not for
> normal CGI, but a more motivated attacker could just write a fake
> FastCGI server to attack my script.
> 
> Setting PHP_DOCUMENT_ROOT in the environment and doc_root in php.ini
> didn't seem to stop the attack (although setting doc_root stops
> meter.php working, but not the attack), because PHP still happily serves
> up a document from /tmp/myscript.php, and --enable-force-cgi-redirect
> doesn't really have the potential to be of any help either because a
> local attacker could just set the same environment variables as the
> webserver to fake a redirect. I can't use the #!/usr/bin/php-cgi option
> because this is a FastCGI and not a CGI setup.
> 
> What can I do to prevent this sort of local attack against my
> suexec/PHP/FastCGI environment (short of getting a VPS or installing my
> own patched PHP at least)?
> 
> Thanks and Best Wishes,
> Andrew
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Fwd: [PHP] Interface OOP

2009-02-09 Thread Andrew Williams 
Hi,

I am working on a back end OOP project with about about 18 classes of Object
but some of the Objects shear one or two functions in common, like external
login system . What is the best way to avoid a repeatable function among the
classes without using global object instance.

class a{

function ExtractRawData()
{
   global  loginObj;
   *if($loginObj;->GetLoginSession(){*
 ///process
  }
}

}

class b{

function JohnXchange()
{
   global  loginObj;
  *if($loginObj;->GetLoginSession(){*
 ///process
 }
}
}

class login(

function loginSession($pwd, $acc, $customerAcc)
{
  $this ->validate = connect to externalServerObject($pwd, $acc,
$customerAcc);
}
 *GetLoginSession()*
{
   return $this ->validate;
}
}



Andrew Williams
http//www.willandy.co.uk





-- 
Best Wishes
Andrew Williams

Re: [PHP] Adding Records & Capture The New Record ID

2009-02-09 Thread tedd 

At 9:54 AM -0500 2/9/09, Andrew Ballard wrote:

You are right, but the point is that if you intend something to be
unique then you should declare it as such in the database.


We didn't discuss that.

You are saying that if I checked my database for a email address and 
find it's not there [1] and then create a record for it [2] that 
sometime after [1] and before [2] someone else could create a record 
with the exact same email address -- is that it?


If so, then there would be two records with the same email address -- 
that would be a problem regardless of if I was asking for the email 
address or the record's ID. On one hand I would get the record that 
someone else just created and on the other hand, I would get the 
record I just created. In either case, it would be a mistake -- I see.


Also, if the field was declared as unique, then my script to create 
my record would fail.


So the only way to do this properly is to declare the field unique, 
lock down the database between [1] and [2] and check for errors 
afterwards -- interesting.


Thanks,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php validate user password

2009-02-09 Thread Bruno Fajardo 
tedd,

I think that the problem of the "duplicated hashes" in the database
(in the case of two users using the same password) persists with a
constant prefix in the passwords. Although the random salt portion get
stored in the database concatenated to the hash, the attacker don't
know the string length of the salt, making the attack very difficult.

Cheers

2009/2/9 tedd :
> At 2:02 PM + 2/9/09, Stuart wrote:
>>
>> 2009/2/9 Michael Kubler :
>>>
>>>  These days SHA should really be used instead of MD5, and you should be
>>>  SALTing the password as well.
>>>  Here's a great guide :
>>> http://phpsec.org/articles/2005/password-hashing.html
>>
>> Good advice. I would also advise against stripping and trimming
>> anything from passwords. By removing characters you're significantly
>> reducing the number of possible passwords.
>
> I read the article and didn't find any objection to it, but before we all
> jump on the SHA bus, why can't we do this:
>
> 1. Allow the user to pick whatever password they want.
>
> 2. After entry, add a token string to it, such as 'a14fmw9'.
>
> 3. Do a M5() hash and store the hash the dB.
>
> When the user wants to log back in:
>
> 1. They enter their password.
>
> 2. We add the token string ('a14fmw9') to it.
>
> 3. Then we M5() the string and compare that hash with what's stored. That
> will work.
>
> Furthermore, if the token string is stored in the script, or in a
> configuration file, and not in the database (as suggested by the author),
> then if someone obtains access to the database, all the dictionary and other
> such brute force attacks will be more difficult because the hashes are more
> complex than one would normally expect, right?
>
> If not so, then where am I wrong?
>
> Another scheme would be simply to use the user's password and generate a
> hash. Then reverse the users password and generate another hash. Then
> shuffle the two hashes, or take pairs, or quads, or any number of other
> techniques to obscure the hash. As long at the process can be reversed, it
> will work.
>
> From my limited view, a minor amount of work can throw a major monkey wrench
> in any method of trying to crack a hash -- am I wrong?
>
> Cheers,
>
> tedd
>
> --
> ---
> http://sperling.com  http://ancientstones.com  http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php validate user password

2009-02-09 Thread tedd 

At 2:02 PM + 2/9/09, Stuart wrote:

2009/2/9 Michael Kubler :

 These days SHA should really be used instead of MD5, and you should be
 SALTing the password as well.
 Here's a great guide : http://phpsec.org/articles/2005/password-hashing.html


Good advice. I would also advise against stripping and trimming
anything from passwords. By removing characters you're significantly
reducing the number of possible passwords.


I read the article and didn't find any objection to it, but before we 
all jump on the SHA bus, why can't we do this:


1. Allow the user to pick whatever password they want.

2. After entry, add a token string to it, such as 'a14fmw9'.

3. Do a M5() hash and store the hash the dB.

When the user wants to log back in:

1. They enter their password.

2. We add the token string ('a14fmw9') to it.

3. Then we M5() the string and compare that hash with what's stored. 
That will work.


Furthermore, if the token string is stored in the script, or in a 
configuration file, and not in the database (as suggested by the 
author), then if someone obtains access to the database, all the 
dictionary and other such brute force attacks will be more difficult 
because the hashes are more complex than one would normally expect, 
right?


If not so, then where am I wrong?

Another scheme would be simply to use the user's password and 
generate a hash. Then reverse the users password and generate another 
hash. Then shuffle the two hashes, or take pairs, or quads, or any 
number of other techniques to obscure the hash. As long at the 
process can be reversed, it will work.


From my limited view, a minor amount of work can throw a major monkey 
wrench in any method of trying to crack a hash -- am I wrong?


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Andrew Ballard 
On Sun, Feb 8, 2009 at 3:37 PM, Paul M Foster  wrote:
> On Sun, Feb 08, 2009 at 03:20:48PM -0500, tedd wrote:
>
>> At 3:54 PM + 2/8/09, Stuart wrote:
>>> 2009/2/8 tedd :
>>>
>>>  > I wasn't able to find a lot of information, but here's a useful link:

>>>  > http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
>>>
>>> Tedd, that's a list of programming languages, not web development
>>> languages.
>>
>> The list shows php, javascript, ruby, and perl -- are those NOT web
>> development languages?!?
>>
>> -
>>
>>> I have no doubt that C# + VB accounts for more development
>>> in the world than PHP. Both are used extensively in non-web
>>> development whereas PHP is not.
>>>
>>>  > If you find any information of the numbers of php users out there,
>> please
>>>  > let me know.
>>>
>>> When you consider how such a thing would be measured it won't take
>>> long to realise why the number is not available. You have to bear in
>>> mind non-public use which will not be insignificant, servers where PHP
>>> is not advertised and a multitude of other reasons why any number you
>>> could come up with *will* be wrong, and therefore pretty useless.
>>>
>>> Why anyone would see value in such a number is beyond me. IMHO the
>>> community that exists around it and the number of jobs out there
>>> requiring PHP should be enough to convince anyone that it's not an
>>> insignificant player.
>>
>> -Stuart
>>
>> I guess I'm not all that bright. To me a programming language is a
>> programming language regardless of platform or purpose -- that was so
>> when I was programming FORTRAN on Phoenix I, or Applesoft on Apple
>> ]['s, or postscript on HI's; or ANSI C on Alphas, or FutureBasic and
>> C/C++ on Macs, or PHP on Apache, or Javascript on IE -- they are all
>> the same to me. I'm just trying to get a handle on the number of
>> people who program in php -- what's wrong with wanting to know that
>> figure?
>>
>> Look, I teach at the local college and am trying to get PHP/MySQL
>> courses to be taught there. I have superiors who are asking "How does
>> PHP stack up against ASP?" which the college teaches AS THE web
>> development language. I really can't go back to them and say "Well,
>> everyone just *knows* PHP is a significant player" -- that's not
>> proof.
>
> Perhaps a better question then might be how many IIS servers are there
> out there compared to Apache. Apache servers uniformly support PHP, but
> I think only IIS servers support ASP (I could be wrong).

We're running PHP under IIS where I currently work. For that matter,
I'm pretty sure the headers spit out that both ASP.NET and PHP are
supported on these machines, even though we're not currently using
ASP.NET.


Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Adding Records & Capture The New Record ID

2009-02-09 Thread Andrew Ballard 
On Mon, Feb 9, 2009 at 9:25 AM, tedd  wrote:
> At 9:00 AM +1100 2/9/09, Chris wrote:
>>
>> Person a signs up with em...@example.com
>>
>> Before you are able to fetch the result (which is possible in a high
>> traffic site), person b also signs up with em...@example.com
>>
>> Going back to person a, when you fetch, you get record #2 instead of #1.
>>
>> They are not the same record.
>>
>> Not a great example because you probably wouldn't have people using the
>> same address from different locations, but it's just to demonstrate the
>> problem of doing it this way.
>
> That's not true, or at least I don't believe it.

Well, that's your prerogative. :-)

> If I have a script that has opened and established a communication link with
> a dB and has just created a new record with an unique email address and the
> code immediately (next few lines in the script) follows that action with
> asking the dB to pull the record just created with that email address, then
> I AM getting the same record regardless -- there are no RACE conditions
> here.

Yes, there could be race conditions. The race condition won't come
from within the same request, but unless you have *defined* a UNIQUE
INDEX/CONSTRAINT on the column as Chris suggested, it is possible
(however unlikely you believe it is) for another request to come in at
nearly the same time (either another user or someone who manages to
double-submit your form, say, by double-clicking the button) with the
same value. In that case, each request will execute an insert into the
database, and it's anyone's guess which record(s) they will get when
they try to select it back out. The unique index/constraint will
prevent this as it will only allow one of those records in. The other
will fail.

> Keep in mind that I AM using unique identifiers, such as a logon/password or
> email address. If I create a record using that unique identifier and then
> ask the dB to deliver it, then it is without doubt the same record.
>
> If I was not using an unique identifier, then I would agree with you. But
> unique is unique -- it makes no difference if it's a record ID or email
> address -- both are unique.

You are right, but the point is that if you intend something to be
unique then you should declare it as such in the database.


Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Newbie Help - No .php file extension

2009-02-09 Thread Hibbert Miller 
Hello,I have been asked to install an existing PHP/MySQL application on a
system using Windows Vista.

I have installed PHP 5.2.8, MySQL 5.1.31 and IIS 7.0. PHP is working as
expected (I created a test page which displays the output from phpinfo()).

The application in question posts to a login page from an index page called
index.php. However, the form's action is simply set to "login", and not
login.php as expected. Further checking revealed that all links in the
application appear to exclude the file extensions.

I have combed through the php.ini file and have not been able to find any
configuration setting that deal with this. I have also tried configuring IIS
to send all requests to PHP by setting the Handler Mapping to "*" instead of
just "*.php".

Thank you in advance for any information you may be able to provide.

HM

Re: [PHP] Re: require() causing strange characters ?

2009-02-09 Thread cr.vegelin 

Thanks Nisse,

- Original Message - 
From: "Nisse Engström" 

To: 
Sent: Sunday, February 08, 2009 6:06 PM
Subject: Re: [PHP] Re: require() causing strange characters ?



On Fri, 6 Feb 2009 10:11:49 +0100, cr.vege...@gmail.com wrote:


I saved both scripts with ANSI in stead of UTF-8 and the problem is gone.
So the utf-8 BOM character (Byte Order Mark) caused it.
Unfortunately my editor has no option to store BOM-free scripts.

Is it standard that PHP scripts should be saved without a BOM character ?


This is not a PHP matter, unless PHP 6 (which will have
Unicode support) does something with it. PHP 5 just outputs
it as is.

A BOM character is supposed to be the *first* character in
a text stream. Otherwise it should be treated as a
ZERO WIDTH NON-BREAKING SPACE.




Test results ...
If "test.php" (utf8) requires "echo.php" (utf8), page source has 
"C�testD",

size 9
If "test.php" (ansi) requires "echo.php" (utf8), page source has
"CtestD", size 7
If "test.php" (ansi) requires "echo.php" (ansi), page source has 
"CtestD",

size 6

The reason for asking is that sometimes "" is displayed on some pages.


That means you've used a utf-8 BOM in a page using an 8-bit
character encoding (eg. iso-8859-1 or similar), or that you
have utf-8 encoded it twice.
/Nisse


I've tested it again, from scratch with Notepad editor:

echoUTF8.php
echoUTF8sub.php   
and keep getting strange characters.

Would you be so kind to run these 2 scripts on your pc ?

TIA, Cor



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread Stuart 
2009/2/9 tedd :
>>  > Now maybe you didn't mean it that way, but IMO that appears more
>> demeaning
>>>
>>>  of the poster than providing help. I'm surprised, because that's not
>>> typical
>>>  of you nor this list.
>>
>> Indeed. Not really sure what I was thinking when I wrote it and I
>> apologise for the attitude.
>
> We all have off days, no problem -- thanks for the apology.
>
> On my side of the world, it's amazing how ignorant people are.
>
> I have administrators at the college, where I teach, who think that php is
> nothing more than a fad and not anything serious. In fact, I talked to their
> web guy, who is a avid php/mysql developer, and he says that the
> administration is asking to have php and mysql removed completely from their
> server. They only want asp and oracle. In the last 6 years they have spent
> over $22 million on trying get oracle to work and it still hasn't.
>
> That's the reason why I've been looking for php stats.

I think people are like that everywhere, particularly above a certain
level of management in my experience. I wish you luck in convincing
them but I've found that PHP rarely wins when put up against the sales
and marketing budgets available to Microsoft and Oracle.

It's going to take a while for the majority of people to stop equating
free with worthless or risky when the truth is that products from
closed corporations carry more risk than open source software. You
should tell them your QuickBasic story - that might start some mental
cogs turning in their heads.

-Stuart

-- 
http://stut.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php validate user password

2009-02-09 Thread Stuart 
2009/2/9 Jan G.B. :
> 2009/2/9 Stuart :
>> I would also advise against stripping and trimming
>> anything from passwords. By removing characters you're significantly
>> reducing the number of possible passwords.
>
> Surely, the stripping should only be done when when magic_quotes is
> enabled! (e.g. Your Server makes \' out of ').

If you have this option switched on on your server you really need to
do everything you can to get rid of it. It's evil and has been
completely removed from PHP 6. But yes, if you're stuck with it then
you need to strip them before storage, but the poster did not make
that clear.

> Trimming could be left out but it minimizes user errors and users
> pretending to know their password.
> (Like copy/paste from a passwords-file with added spaces on the end, etc..)

Not sure what you mean by users pretending to know their password, but
if I put a space at the start or end of my password I would expect
that to add to its complexity and make it harder to guess. By
stripping it you're not doing anyone any favours.

-Stuart

-- 
http://stut.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Adding Records & Capture The New Record ID

2009-02-09 Thread tedd 

At 9:00 AM +1100 2/9/09, Chris wrote:

Person a signs up with em...@example.com

Before you are able to fetch the result (which is possible in a high 
traffic site), person b also signs up with em...@example.com


Going back to person a, when you fetch, you get record #2 instead of #1.

They are not the same record.

Not a great example because you probably wouldn't have people using 
the same address from different locations, but it's just to 
demonstrate the problem of doing it this way.


That's not true, or at least I don't believe it.

If I have a script that has opened and established a communication 
link with a dB and has just created a new record with an unique email 
address and the code immediately (next few lines in the script) 
follows that action with asking the dB to pull the record just 
created with that email address, then I AM getting the same record 
regardless -- there are no RACE conditions here.


Keep in mind that I AM using unique identifiers, such as a 
logon/password or email address. If I create a record using that 
unique identifier and then ask the dB to deliver it, then it is 
without doubt the same record.


If I was not using an unique identifier, then I would agree with you. 
But unique is unique -- it makes no difference if it's a record ID or 
email address -- both are unique.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php validate user password

2009-02-09 Thread Jan G.B. 
2009/2/9 Stuart :
> 2009/2/9 Michael Kubler :
>> These days SHA should really be used instead of MD5, and you should be
>> SALTing the password as well.
>> Here's a great guide : http://phpsec.org/articles/2005/password-hashing.html
>
> Good advice.

Absolutley. I used mysqls md5() function only as an example.

> I would also advise against stripping and trimming
> anything from passwords. By removing characters you're significantly
> reducing the number of possible passwords.

Surely, the stripping should only be done when when magic_quotes is
enabled! (e.g. Your Server makes \' out of ').
Trimming could be left out but it minimizes user errors and users
pretending to know their password.
(Like copy/paste from a passwords-file with added spaces on the end, etc..)

Regards

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP usage stats

2009-02-09 Thread tedd 

 > Now maybe you didn't mean it that way, but IMO that appears more demeaning

 of the poster than providing help. I'm surprised, because that's not typical
 of you nor this list.


Indeed. Not really sure what I was thinking when I wrote it and I
apologise for the attitude.


We all have off days, no problem -- thanks for the apology.

On my side of the world, it's amazing how ignorant people are.

I have administrators at the college, where I teach, who think that 
php is nothing more than a fad and not anything serious. In fact, I 
talked to their web guy, who is a avid php/mysql developer, and he 
says that the administration is asking to have php and mysql removed 
completely from their server. They only want asp and oracle. In the 
last 6 years they have spent over $22 million on trying get oracle to 
work and it still hasn't.


That's the reason why I've been looking for php stats.

Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php validate user password

2009-02-09 Thread Stuart 
2009/2/9 Michael Kubler :
> These days SHA should really be used instead of MD5, and you should be
> SALTing the password as well.
> Here's a great guide : http://phpsec.org/articles/2005/password-hashing.html

Good advice. I would also advise against stripping and trimming
anything from passwords. By removing characters you're significantly
reducing the number of possible passwords.

-Stuart

> Jan G.B. wrote:
>>
>> 2009/2/9 Andrew Williams :
>>
>>>
>>> Can some body help out on how to validate user password from the
>>> database?
>>>
>>
>> There are several possibilities. This would be one.
>> > $query = 'SELECT 1 from `usertable` where `name` = ' .
>> mysql_real_escape_string(STRIPPED_AND_TRIMMED_REQUEST_VAR_HERE)
>>  . ' AND `pass` = md5("' .
>> mysql_real_escape_string(STRIPPED_AND_TRIMMED_REQUEST_VAR_HERE) .
>> '");';
>> ?>

-- 
http://stut.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

  1   2   >