php-general Digest 6 Jul 2011 13:31:50 -0000 Issue 7392
php-general Digest 6 Jul 2011 13:31:50 - Issue 7392 Topics (messages 313932 through 313947): Re: vend-bot? 313932 by: Kirk Bailey 313947 by: Stuart Dallas Re: Top Posting 313933 by: Jim Giner 313934 by: Daniel Brown 313936 by: Lester Caine 313940 by: Ford, Mike Self-whitelisting (WAS: Top Posting) 313935 by: George Langley static variables inside static methods 313937 by: ÐмиÑÑий СÑепанов 313938 by: Andrew Williams Re: Installing PHP 313939 by: David Robley Constants in strings 313941 by: Dave Wilson 313943 by: Curtis Maurand 313944 by: Stuart Dallas 313945 by: Ashley Sheridan 313946 by: Geoff Lane Re: Foreach question 313942 by: Dajka Tamás Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- On 7/3/2011 4:53 PM, Stuart Dallas wrote: Only allowing them to access the URL once is a bad idea. If their download fails, is corrupt, or any number of other things go wrong (think accelerators, browser accelerators, etc) then you end up with a lot of support mail. Better to give them access for a short period of time. Ok, so it just got more complex- if we let them do it twice, ior three times, we have a more complex design specification; if we let them do it unlimited times, we just defeated thepurpose of the exercise. How about this: if it fails, the customer can email us, adn we can reply with a copy as an attachment; a ripoff artist will not be in the log, and a complaint of failure to download gets them nothing. Personally I would generate a unique token linked to their account, or if no user system exists then link it to their order number. Stick that in a URL and forward them to it. That URL shows them the thanks page and links to download the product(s). Each of those links also contains the token. Expire that token after 24 hours, and on the page telling them it's expired give them a way to contact you just in case they haven't successfully downloaded the product yet. There is no need to use cookies. There is no need to use basic authentication (which is a horrible user experience). They come back from PayPal to a script that sets up their unique URL, then you take them to that URL. KISS it - the more complicated you make this the worse the user experience will be and it won't be any more secure than a time-limited unique token as described above. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- end Very Truly yours, - Kirk Bailey, Largo Florida kniht +-+ | BOX | +-+ think ---End Message--- ---BeginMessage--- On Wed, Jul 6, 2011 at 3:01 AM, Kirk Bailey kbai...@howlermonkey.netwrote: On 7/3/2011 4:53 PM, Stuart Dallas wrote: Only allowing them to access the URL once is a bad idea. If their download fails, is corrupt, or any number of other things go wrong (think accelerators, browser accelerators, etc) then you end up with a lot of support mail. Better to give them access for a short period of time. Ok, so it just got more complex- if we let them do it twice, ior three times, we have a more complex design specification; if we let them do it unlimited times, we just defeated thepurpose of the exercise. How about this: if it fails, the customer can email us, adn we can reply with a copy as an attachment; a ripoff artist will not be in the log, and a complaint of failure to download gets them nothing. I don't see how it got more complex. You need to verify that the user has paid for the file(s) they are trying to access, all this does is add an expiry timestamp to that access rather than a counter. I'm not sure what you're purpose is with this exercise, but usually this sort of thing aims to provide customers with the digital assets they've purchased in a way that's easy for them to understand and use, limits expensive support costs, and protects the assets from being downloaded without first being purchased. And for me, the priorities are in that order. What do you think you gain by limiting the link to a single use? If you think you're preventing them from passing it on to other people, then yes you are, but if you do that then they'll simply send the digital file instead so you're actually trading a poor user experience and increased support costs for practically no benefit. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ ---End Message--- ---BeginMessage--- Huh? You have a problem with a person having a spam filter that requires one
[PHP] Self-whitelisting (WAS: Top Posting)
On 2011-07-05, at 8:52 PM, Jim Giner wrote: Huh? You have a problem with a person having a spam filter that requires one valid response to ensure that the mail from an address is from a real person ONE TIME ONLY? -- I know that I do. I monitor our web site's registration system, and will get a number of notices from things like Boxbe, stating that they've delayed the email with the confirmation link that we send our clients, until we confirm receipt of their notice. But, this can be used against you, as they now know that your address is valid, and can in turn spam you! Can read the ugly details on Wiki: http://en.wikipedia.org/wiki/Boxbe I won't subject my company to that nuisance. George Langley Multimedia Developer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Top Posting
Tamara Temple wrote: And then, we have the case of a signature being 3 times as long as the reply Which is less of a problem if the email client correctly trims it! I can probably come up with a list of posts just to this list where a top poster has included several signatures several times - along with all the advertising :( The bottom line is that we are not going to get any agreement on this. It's just a fact of life that people don't like to accept being told what to do so we have to live with that. But as long as lists like this are coming conveniently into my inbox *I* can do what I like with them. I have material going back to 1995 nicely manageable here even when the broadband is down so I'll put up with the irritation - actually most top posted messages can simply be culled anyway - I have the previous message listed :) -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] static variables inside static methods
Hello, everybody.
While working with static variables inside static class' methods, I have
found this very interesting (at least for me) behavior of PHP.
Consider the following class definitions (example #1):
class X {
public final static function test() {
static $i;
return ++$i;
}
}
class Y extends X {
}
By executing this code:
echo X::test();
echo Y::test(); // note Y class here
one would expect to see 12 as output, but apparently I get 11.
That's a bit confusing if you logically assume that static vars are tied
to the scope they're defined in. Since this static variable is
defined in a specific static method test(), that is NOT overloaded by class
Y, in my opinion it shoul've preserved it's value across static calls.
Let's look at another example (example #2):
class X {
public static $x =0;
public final static function test() {
return ++static::$x; // note static keyword here
}
}
class Y extends X {
}
If you run this code:
echo X::test();
echo Y::test();
you get 12 as output - the expected output. Notice that the ++static::$x
expr. is taking advantage of late static binding. Now, if you change
body of test() to the following code:
public final static function test() {
return ++self::$x;
}
then you also get 12 as output.
Is this a bug that static context of $i is not preserved in example #1 or do
I misunderstand something?
I could not find any hints on this in the PHP documentation.
Dmitry.
Re: [PHP] static variables inside static methods
I think you are confusing scope visibility level of the variable within
method and the class.
Variable within the method is going to 1 because it was declare within the
test method and there no link to the one declared outside the test method.
The second case is referencing the varible of the class.
2011/7/6 Дмитрий Степанов dmit...@stepanov.lv
Hello, everybody.
While working with static variables inside static class' methods, I have
found this very interesting (at least for me) behavior of PHP.
Consider the following class definitions (example #1):
class X {
public final static function test() {
static $i;
return ++$i;
}
}
class Y extends X {
}
By executing this code:
echo X::test();
echo Y::test(); // note Y class here
one would expect to see 12 as output, but apparently I get 11.
That's a bit confusing if you logically assume that static vars are tied
to the scope they're defined in. Since this static variable is
defined in a specific static method test(), that is NOT overloaded by class
Y, in my opinion it shoul've preserved it's value across static calls.
Let's look at another example (example #2):
class X {
public static $x =0;
public final static function test() {
return ++static::$x; // note static keyword here
}
}
class Y extends X {
}
If you run this code:
echo X::test();
echo Y::test();
you get 12 as output - the expected output. Notice that the
++static::$x
expr. is taking advantage of late static binding. Now, if you change
body of test() to the following code:
public final static function test() {
return ++self::$x;
}
then you also get 12 as output.
Is this a bug that static context of $i is not preserved in example #1 or
do
I misunderstand something?
I could not find any hints on this in the PHP documentation.
Dmitry.
[PHP] Re: Installing PHP
Jim Giner wrote: Eureka! The whole problem was my unfamiliarity with the php download page. To others - read the choices there very carefully (which I thought I did!) to be sure you get the thread-safe version. Thanks to all who contributed, but David gets the kudos for telling me to check the error logs first. As you become more familiar with managing apache yourself, you will learn that checking the error log is the 0th thing to do with any apache or apache related problem, including 500 errors from CGI scripts and checking for php errors. Cheers -- David Robley Windows N'T: as in Wouldn't, Couldn't, and Didn't. Today is Boomtime, the 41st day of Confusion in the YOLD 3177. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Top Posting
On 2011-07-05, Stuart Dallas penned the words: On Tue, Jul 5, 2011 at 3:29 PM, ad...@buskirkgraphics.com wrote: Anyone know how to make Outlook changes its reply position. Google delivers... http://sourceforge.net/apps/mediawiki/macros4outlook/index.php?title =QuoteFix_Macro Many thanks for that link, Stuart -- I've been using Dominik Jain's Outlook QuoteFix for years, but hadn't noticed this development. Have just installed it (and this reply is its first product!). It works well enough, but needs some more development -- might have to look into that as my VB is pretty good Cheers! Mike -- Mike Ford, Electronic Information Developer, Libraries and Learning Innovation, Portland PD507, City Campus, Leeds Metropolitan University, Portland Way, LEEDS, LS1 3HE, United Kingdom E: m.f...@leedsmet.ac.uk T: +44 113 812 4730 To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm
[PHP] Constants in strings
Hi all,
OK. We all know that constants cannot be accessed directly via their name
in double-quoted or heredoc strings. I knew this already but a read of
the PHP manual got me thinking.
The manual states that to get the $$ value of a variable, the form
{${var}} should be used. Therefore, I wondered if something similar
would work for constants.
Attempt 1 (just to be sure):
?php
define ('XYZ','ABC');
echo {XYZ}\n;
?
Output - {XYZ}
Attempt 2:
?php
define ('XYZ','ABC');
echo {{XYZ}}\n;
?
Output - {{XYZ}}
No luck there. I did encounter one oddity though:
?php
define ('XYZ','ABC');
echo {${XYZ}}\n;
?
Output:
PHP Notice: Undefined variable: ABC in /home/wilsond/testScripts/l7.php
on line 3
Which appears to mean that PHP is able to pick up the value of the
constant and try to access a variable with that name.
Any ideas?
Cheers
Dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Foreach question
And that's exactly how I did it :)
Since 'for' is traditionally pre-testing with excetuting the condition prior
looping it's working well :)
Thanks for all the help!
Cheers,
Tamas
-Original Message-
From: Louis Huppenbauer [mailto:louis.huppenba...@gmail.com]
Sent: Tuesday, July 05, 2011 5:47 PM
To: Robert Cummings
Cc: Dajka Tamás; php-general@lists.php.net
Subject: Re: [PHP] Foreach question
Just use count($arr) in your for-header, as it get's executed again
for each loop.
?php
$arr = array(array('id'=1), array('id'=2));
for($i=0;$icount($arr);$i++) {
echo $arr[$i]['id'];
if($i 6) {
$arr[] = array('id' = $arr[$i]['id']+1);
}
}
?
2011/7/5 Robert Cummings rob...@interjinn.com:
On 11-07-05 10:48 AM, Dajka Tamás wrote:
Thanks, that was interesting :) I think I got one step further in
understanding PHP :)
BTW, I've changed the loop to 'for' and it's working well :)
Can you show us your for loop? I'm not immediately sure how you use a for
loop to traverse a growing number of entries in an array without either
updating the extents of the traversal or using for( ; ; ) which is the same
as while( 1 ). Or are you now using the low level array traversal functions
like reset() and next()?
Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants in strings
On 7/6/2011 7:07 AM, Dave Wilson wrote:
Output - {XYZ}
Attempt 2:
?php
define ('XYZ','ABC');
echo {{XYZ}}\n;
?
Output - {{XYZ}}
No luck there. I did encounter one oddity though:
?php
define ('XYZ','ABC');
echo {${XYZ}}\n;
?
Output:
PHP Notice: Undefined variable: ABC in /home/wilsond/testScripts/l7.php
on line 3
Which appears to mean that PHP is able to pick up the value of the
constant and try to access a variable with that name.
Any ideas?
echo XYZ . \n;
--Curtis
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants in strings
On Wed, Jul 6, 2011 at 12:07 PM, Dave Wilson dai_bac...@hotmail.com wrote:
Hi all,
OK. We all know that constants cannot be accessed directly via their name
in double-quoted or heredoc strings. I knew this already but a read of
the PHP manual got me thinking.
The manual states that to get the $$ value of a variable, the form
{${var}} should be used. Therefore, I wondered if something similar
would work for constants.
Attempt 1 (just to be sure):
?php
define ('XYZ','ABC');
echo {XYZ}\n;
?
Output - {XYZ}
Attempt 2:
?php
define ('XYZ','ABC');
echo {{XYZ}}\n;
?
Output - {{XYZ}}
No luck there. I did encounter one oddity though:
?php
define ('XYZ','ABC');
echo {${XYZ}}\n;
?
Output:
PHP Notice: Undefined variable: ABC in /home/wilsond/testScripts/l7.php
on line 3
Which appears to mean that PHP is able to pick up the value of the
constant and try to access a variable with that name.
Any ideas?
My guess is that the preceding $ causes PHP to interpret the next token
{XYZ} as a variable or a constant, but without that preceding $ it has no
way to know you're trying to use a constant. As Curtis points out, the only
way to insert a constant into a string is through concatenation.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
Re: [PHP] Constants in strings
Any ideas? echo XYZ . \n; --Curtis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Which doesn't answer the original question Dave asked... Thanks, Ash http://www.ashleysheridan.co.uk -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Constants in strings
On Wednesday, July 6, 2011, Dave Wilson wrote:
OK. We all know that constants cannot be accessed directly via their
name in double-quoted or heredoc strings.
FWIW, this looked like it might be a right royal PITA for me ATM.
However, I've got a work-around.
With about a dozen scripts written using 'heredoc', I discover the
need to include extra information for which I required a constant. The
answer for me was to initialize a variable to have the same value as
the constant and to use that in the heredoc string. e.g:
define ('KONST', 100);
$konst = KONST;
echo END
Some sample text in which we need $konst
END;
A similar approach is to declare a 'pseudo-constant' variable instead
of defining the constant (e.g. $konst=100 instead of the first two
lines of code in the above sample).
HTH,
--
Geoff
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] vend-bot?
On Wed, Jul 6, 2011 at 3:01 AM, Kirk Bailey kbai...@howlermonkey.netwrote: On 7/3/2011 4:53 PM, Stuart Dallas wrote: Only allowing them to access the URL once is a bad idea. If their download fails, is corrupt, or any number of other things go wrong (think accelerators, browser accelerators, etc) then you end up with a lot of support mail. Better to give them access for a short period of time. Ok, so it just got more complex- if we let them do it twice, ior three times, we have a more complex design specification; if we let them do it unlimited times, we just defeated thepurpose of the exercise. How about this: if it fails, the customer can email us, adn we can reply with a copy as an attachment; a ripoff artist will not be in the log, and a complaint of failure to download gets them nothing. I don't see how it got more complex. You need to verify that the user has paid for the file(s) they are trying to access, all this does is add an expiry timestamp to that access rather than a counter. I'm not sure what you're purpose is with this exercise, but usually this sort of thing aims to provide customers with the digital assets they've purchased in a way that's easy for them to understand and use, limits expensive support costs, and protects the assets from being downloaded without first being purchased. And for me, the priorities are in that order. What do you think you gain by limiting the link to a single use? If you think you're preventing them from passing it on to other people, then yes you are, but if you do that then they'll simply send the digital file instead so you're actually trading a poor user experience and increased support costs for practically no benefit. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] vend-bot?
What do you think you gain by limiting the link to a single use? If you think you're preventing them from passing it on to other people, then yes you are, but if you do that then they'll simply send the digital file instead so you're actually trading a poor user experience and increased support costs for practically no benefit. Why not just send the file to them via email on success? As Stuart said, if you're worried about them giving the download URL out to other people, then they will just put it on a file sharing site and give out that URL instead. Either way, unless you have some kind of file locking/binding to IP/mac address and/or a call home feature, it is kinda hard to stop piracy, and even then, there are people who can and will crack it if it is something that useful. Good luck with this. Steve. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Self-whitelisting (WAS: Top Posting)
George Langley george.lang...@shaw.ca wrote in message news:841bbd90-9cd4-4df5-9a38-ff61638f7...@shaw.ca... On 2011-07-05, at 8:52 PM, Jim Giner wrote: Huh? You have a problem with a person having a spam filter that requires one valid response to ensure that the mail from an address is from a real person ONE TIME ONLY? -- I know that I do. I monitor our web site's registration system, and will get a number of notices from things like Boxbe, stating that they've delayed the email with the confirmation link that we send our clients, until we confirm receipt of their notice. But, this can be used against you, as they now know that your address is valid, and can in turn spam you! * But they can't spam me until they do make a response. And if they are actually in-human (!) enough to go to that length (and I suspect that the laziness factor of a spammer will reduce that possibility), I can easily blacklist them - which I have only had to do a couple of times in the last 5-6 years. Once a week I review my 'box trapper' queue to see what's been held up. An average of 10 emails a day that never get to my inbox is a good thing in my book. Or should I say never get to my 3 inboxes - pc,ipad,phone. jg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants in strings
On Wed, 06 Jul 2011 12:56:21 +0100, Stuart Dallas wrote:
My guess is that the preceding $ causes PHP to interpret the next token
{XYZ} as a variable or a constant, but without that preceding $ it has
no way to know you're trying to use a constant. As Curtis points out,
the only way to insert a constant into a string is through
concatenation.
-Stuart
OK. I should have made myself clearer - I was making an observation with
regards to constant parsing in strings rather than looking for advice. My
bad.
My third example showed that {${XYZ}} would echo the value of the
variable called the value of XYZ:
?php
define ('XYZ','ABC');
$ABC=huh!;
echo {${XYZ}}\n;
?
Output - huh!
We could easily re-write the 'echo' line above to be:
echo {${constant('XYZ'}}\n;
But my example shows that PHP *is* accessing the value of a constant
without any jiggery-pokery or hacks (e.g. http://www.php.net/manual/en/
language.types.string.php#91628) as it is retrieving the value of ABC
from the XYZ constant and then looking for a variable of that name.
I admit that I'm no C coder but it may be possible (note, the word may)
that a change of code within the PHP source tree will allow us to use
something like echo {{XYZ}} to access the constant value.
Cheers
Dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Self-whitelisting (WAS: Top Posting)
On 2011-07-06, at 8:02 AM, Jim Giner wrote: George Langley george.lang...@shaw.ca wrote : On 2011-07-05, at 8:52 PM, Jim Giner wrote: Huh? You have a problem with a person having a spam filter that requires one valid response to ensure that the mail from an address is from a real person ONE TIME ONLY? -- I know that I do. I monitor our web site's registration system, and will get a number of notices from things like Boxbe, stating that they've delayed the email with the confirmation link that we send our clients, until we confirm receipt of their notice. But, this can be used against you, as they now know that your address is valid, and can in turn spam you! * But they can't spam me until they do make a response. And if they are actually in-human (!) enough to go to that length (and I suspect that the laziness factor of a spammer will reduce that possibility), I can easily blacklist them - which I have only had to do a couple of times in the last 5-6 years. Depends if they only require your response once for ALL of their customers. If they require it for each one, and you blacklist them, you won't receive the notices from any subsequent customers. George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Constants in strings
-Original Message-
From: Dave Wilson [mailto:dai_bac...@hotmail.com]
Sent: Wednesday, July 06, 2011 10:11 AM
To: php-general@lists.php.net
Subject: Re: [PHP] Constants in strings
On Wed, 06 Jul 2011 12:56:21 +0100, Stuart Dallas wrote:
My guess is that the preceding $ causes PHP to interpret the next
token
{XYZ} as a variable or a constant, but without that preceding $ it
has
no way to know you're trying to use a constant. As Curtis points out,
the only way to insert a constant into a string is through
concatenation.
-Stuart
OK. I should have made myself clearer - I was making an observation
with
regards to constant parsing in strings rather than looking for advice.
My
bad.
My third example showed that {${XYZ}} would echo the value of the
variable called the value of XYZ:
?php
define ('XYZ','ABC');
$ABC=huh!;
echo {${XYZ}}\n;
?
Output - huh!
We could easily re-write the 'echo' line above to be:
echo {${constant('XYZ'}}\n;
But my example shows that PHP *is* accessing the value of a constant
without any jiggery-pokery or hacks (e.g. http://www.php.net/manual/en/
language.types.string.php#91628) as it is retrieving the value of ABC
from the XYZ constant and then looking for a variable of that name.
I admit that I'm no C coder but it may be possible (note, the word
may)
that a change of code within the PHP source tree will allow us to use
something like echo {{XYZ}} to access the constant value.
Cheers
Dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
define('DIR_JAVA', '/js/');
When you need to use the JavaScript directory you can do this.
script src=?php echo DIR_JAVA . 'jquery-1.5.1.js';?/script
There is no true need for the curly brackets to echo out the value of the
constant.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Constants in strings
define('DIR_JAVA', '/js/');
When you need to use the JavaScript directory you can do this.
script src=?php echo DIR_JAVA . 'jquery-1.5.1.js';?/script
There is no true need for the curly brackets to echo out the value of
the constant.
Except for when you're using heredoc, much like in the OPs first post...
Thanks,
Ash
http://www.ashleysheridan.co.uk
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Constants in strings
Yeah, that was my answer and I was rebuked for that.
ad...@buskirkgraphics.com wrote:
-Original
Message-
From: Dave Wilson
[mailto:dai_bac...@hotmail.com]
Sent: Wednesday, July 06,
2011 10:11 AM
To: php-general@lists.php.net
Subject: Re: [PHP] Constants in strings
On
Wed, 06 Jul 2011 12:56:21 +0100, Stuart Dallas wrote:
My guess is that the preceding $ causes PHP to interpret the next
token
{XYZ} as a variable or a
constant, but without that preceding $ it
has
no way to know you're trying to use a constant. As Curtis points
out,
the only way to insert a constant into a string is
through
concatenation.
-Stuart
OK. I should have made myself
clearer - I was making an observation
with
regards to constant parsing in strings rather than looking for advice.
My
bad.
My third
example showed that {${XYZ}} would echo the value of the
variable called the value of XYZ:
?php
define ('XYZ','ABC');
$ABC=huh!;
echo
{${XYZ}}\n;
?
Output - huh!
We could easily re-write the 'echo' line above to
be:
echo {${constant('XYZ'}}\n;
But my example shows that PHP *is* accessing the value of a
constant
without any jiggery-pokery or hacks (e.g.
http://www.php.net/manual/en/
language.types.string.php#91628) as it is retrieving the value of ABC
from the XYZ constant and then looking for a variable of that
name.
I admit that I'm no C coder but it may
be possible (note, the word
may)
that a change of code within the PHP source tree will allow us to use
something like echo {{XYZ}} to access the constant
value.
Cheers
Dave
--
PHP
General Mailing List (http://www.php.net/)
To unsubscribe,
visit: http://www.php.net/unsub.php
define('DIR_JAVA', '/js/');
When you need to
use the JavaScript directory you can do this.
script
src=?php echo DIR_JAVA .
'jquery-1.5.1.js';?/script
There is no true need for the curly brackets to echo out the value of
the
constant.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Constants in strings
-Original Message-
From: Ashley Sheridan [mailto:a...@ashleysheridan.co.uk]
Sent: Wednesday, July 06, 2011 10:49 AM
To: ad...@buskirkgraphics.com; 'Dave Wilson'; php-general@lists.php.net
Subject: RE: [PHP] Constants in strings
define('DIR_JAVA', '/js/');
When you need to use the JavaScript directory you can do this.
script src=?php echo DIR_JAVA . 'jquery-1.5.1.js';?/script
There is no true need for the curly brackets to echo out the value of
the constant.
Except for when you're using heredoc, much like in the OPs first
post...
Thanks,
Ash
http://www.ashleysheridan.co.uk
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Ash,
I have a few questions.
I use constants in my OOP and I never use the heredoc syntax. Now I am fearing
that I have not taken advantage of something.
My understanding of heredoc syntax as of 5.3 is just a string quoting right?
Is there an advantage of using the heredoc syntax over single quoted or double
quoted?
Examples:
Echo 'your constant for the javascript path is '.DIR_JAVA;
Echo EOT
Your constant for the JavaScript path is {{DIR_JAVA}}
EOT;
I fully understand the syntax but I do not understand the advantages of using
either.
Is it just a writing style, or is there an advantage to the way it processes,
speed or something?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants in strings
On 2011-07-6 08:09, ad...@buskirkgraphics.com ad...@buskirkgraphics.com wrote: I use constants in my OOP and I never use the heredoc syntax. Now I am fearing that I have not taken advantage of something. My understanding of heredoc syntax as of 5.3 is just a string quoting right? Is there an advantage of using the heredoc syntax over single quoted or double quoted? I don't believe that a heredoc will perform significantly differently than a double-quoted string, as, from the parser's POV, they're essentially the same thing once you get past the step of extracting the entire string from the source. I've not verified this by reviewing the relevant source, however, nor have I benchmarked it. But, I'm willing to bit that even if there is a difference, it's so small that you're better off worrying about which will lead to easier code maintenance than worrying about performance (as is typically the case with such micro-optimization choices). In my view, what's important is how you use them. In particular, a heredoc can present a bit more cleanly when you're dealing with a large-ish chunk of text, as in, say, an e-mail message template. The main downside is that they will usually make a mess of code formatting, since the closing delimiter must be against the left margin. For this reason, I tend to prefer multi-line double-quoted strings over heredocs when I have meaningful indentation, as in a function or class method. Where I've made most use of heredocs is when I want to do nothing but define a bunch of long strings in one file. For example, I might create a file to define a set of related e-mail message templates: ?php $accountCreationSuccessfulMessage = EndSuccess Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo. Quisque sit amet est et sapien ullamcorper pharetra. Vestibulum erat wisi, condimentum sed, commodo vitae, ornare sit amet, wisi. Aenean fermentum, elit eget tincidunt condimentum, eros ipsum rutrum orci, sagittis tempus lacus enim ac dui. Donec non enim in turpis pulvinar facilisis. Ut felis. EndSuccess $accountCreationFailedMessage = EndFailure Donec placerat. Nullam nibh dolor, blandit sed, fermentum id, imperdiet sit amet, neque. Nam mollis ultrices justo. Sed tempor. Sed vitae tellus. Etiam sem arcu, eleifend sit amet, gravida eget, porta at, wisi. Nam non lacus vitae ipsum viverra pretium. Phasellus massa. Fusce magna sem, gravida in, feugiat ac, molestie eget, wisi. Fusce consectetuer luctus ipsum. Vestibulum nunc. Suspendisse dignissim adipiscing libero. Integer leo. Sed pharetra ligula a dui. Quisque ipsum nibh, ullamcorper eget, pulvinar sed, posuere vitae, nulla. Sed varius nibh ut lacus. Curabitur fringilla. Nunc est ipsum, pretium quis, dapibus sed, varius non, lectus. Proin a quam. Praesent lacinia, eros quis aliquam porttitor, urna lacus volutpat urna, ut fermentum neque mi egestas dolor. EndFailure ? Of course, this is arguably as clean: ?php $accountCreationSuccessfulMessage = Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo. Quisque sit amet est et sapien ullamcorper pharetra. Vestibulum erat wisi, condimentum sed, commodo vitae, ornare sit amet, wisi. Aenean fermentum, elit eget tincidunt condimentum, eros ipsum rutrum orci, sagittis tempus lacus enim ac dui. Donec non enim in turpis pulvinar facilisis. Ut felis. ; //$accountCreationSuccessfulMessage $accountCreationFailedMessage = Donec placerat. Nullam nibh dolor, blandit sed, fermentum id, imperdiet sit amet, neque. Nam mollis ultrices justo. Sed tempor. Sed vitae tellus. Etiam sem arcu, eleifend sit amet, gravida eget, porta at, wisi. Nam non lacus vitae ipsum viverra pretium. Phasellus massa. Fusce magna sem, gravida in, feugiat ac, molestie eget, wisi. Fusce consectetuer luctus ipsum. Vestibulum nunc. Suspendisse dignissim adipiscing libero. Integer leo. Sed pharetra ligula a dui. Quisque ipsum nibh, ullamcorper eget, pulvinar sed, posuere vitae, nulla. Sed varius nibh ut lacus. Curabitur fringilla. Nunc est ipsum, pretium quis, dapibus sed, varius non, lectus. Proin a quam. Praesent lacinia, eros quis aliquam porttitor, urna lacus volutpat urna, ut fermentum neque mi egestas dolor. ; //$accountCreationFailedMessage ? With the latter, there is the catch that you end up with leading and trailing line breaks, but those are easy enough to deal with, if desired. As to the original topic of this thread, it's long annoyed me that there's no easy way to use constants with interpolation. Since I find repeated concatenation extremely ugly and prone to
Re: [PHP] vend-bot?
On 7/6/2011 9:31 AM, Stuart Dallas wrote: On Wed, Jul 6, 2011 at 3:01 AM, Kirk Bailey kbai...@howlermonkey.net mailto:kbai...@howlermonkey.net wrote: On 7/3/2011 4:53 PM, Stuart Dallas wrote: Only allowing them to access the URL once is a bad idea. If their download fails, is corrupt, or any number of other things go wrong (think accelerators, browser accelerators, etc) then you end up with a lot of support mail. Better to give them access for a short period of time. Ok, so it just got more complex- if we let them do it twice, ior three times, we have a more complex design specification; if we let them do it unlimited times, we just defeated thepurpose of the exercise. How about this: if it fails, the customer can email us, adn we can reply with a copy as an attachment; a ripoff artist will not be in the log, and a complaint of failure to download gets them nothing. I don't see how it got more complex. IT IS SIMPLER TO IMPLEMENT IF IT WORKS EVERY TIME A LEGITIMATE CODE IS PRESENTED IN THE URL. If there is a list of valid passwords and it does not change, the password will work every time. A clever hacker makes 1 purchase and uses this over and over to steal other products- not good. We need to remove the password after it is used. IF the first time it is used the password code is deleted from a file, it cannot work a second time. That is a mild increase in complexity. If we want it to work more than once, then we argue- how many is enough? And how do we track uses? If they got product the first time, the second ( and third, and fourth...) permitted uses are there waiting for a cleve hacker to steal product. And if we build a mechanism to verify successful delivery or product prior to deleting the password, it is more complex still. So we need to take time to think about this in detail. If we allow it once, and delete is as part of the vend process, we also can offer a contact link should they have problems with the download. You need to verify that the user has paid for the file(s) they are trying to access, all this does is add an expiry timestamp to that access rather than a counter. I'm not sure what you're purpose is with this exercise, but usually this sort of thing aims to provide customers with the digital assets they've purchased in a way that's easy for them to understand and use, limits expensive support costs, and protects the assets from being downloaded without first being purchased. And for me, the priorities are in that order. What do you think you gain by limiting the link to a single use? If you think you're preventing them from passing it on to other people, then yes you are, but if you do that then they'll simply send the digital file instead so you're actually trading a poor user experience and increased support costs for practically no benefit. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- end Very Truly yours, - Kirk Bailey, Largo Florida kniht +-+ | BOX | +-+ think
Re: [PHP] vend-bot?
because some emails do not permit large attachments. On 7/6/2011 9:47 AM, Steve Staples wrote: What do you think you gain by limiting the link to a single use? If you think you're preventing them from passing it on to other people, then yes you are, but if you do that then they'll simply send the digital file instead so you're actually trading a poor user experience and increased support costs for practically no benefit. Why not just send the file to them via email on success? As Stuart said, if you're worried about them giving the download URL out to other people, then they will just put it on a file sharing site and give out that URL instead. Either way, unless you have some kind of file locking/binding to IP/mac address and/or a call home feature, it is kinda hard to stop piracy, and even then, there are people who can and will crack it if it is something that useful. Good luck with this. Steve. -- end Very Truly yours, - Kirk Bailey, Largo Florida kniht +-+ | BOX | +-+ think -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Re: Top Posting
On 7/5/2011 7:52 PM, Jim Giner wrote: And what do you use to cut down on spam in your in-box? This is completely off topic, but here it goes... When I received an email the other day from your mail server, I had created this crazy ass reply to your automatic request for a reply. But in turn, just sent the email with the link showing that your mail server is a source of spam. To answer your question, I use built in Postfix checks... Here are my list of options: reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_recipient_domain, check_recipient_maps, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_helo_access hash:/etc/postfix/helo_checks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client korea.services.net, permit With the above settings, I REJECT 99.9% of all SPAM that tries to enter my box. You are currently listed in my /etc/postfix/helo_checks file as 64.118.87.45REJECT Your mail server is a source of SPAM. Fix it! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants in strings
I LOVE the heredocs tool. I only learned about it a couple of months ago - what a find! It makes generating my html for my web pages so much easier and allows me to include my php vars within the html with much less confusion and simplifies the intermixing of html and php vars - no more single quote, double quote and dot stuff in an html tag. Sure you have to put the closing tag in column 1 - a mere blip against the pros. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Re: Top Posting
You are currently listed in my /etc/postfix/helo_checks file as 64.118.87.45 REJECT Your mail server is a source of SPAM. Fix it! My mail server is my isp's. It is a shared server and not under my control. They are aware that is listed but cannot get to the bottom of why it is flagged. Frankly, I don't know why you are getting mail from me - I'm not sending you any. As for your solution to spam. What is Postfix? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Constants in strings
On 11-07-06 02:59 PM, Jim Giner wrote: I LOVE the heredocs tool. I only learned about it a couple of months ago - what a find! It makes generating my html for my web pages so much easier and allows me to include my php vars within the html with much less confusion and simplifies the intermixing of html and php vars - no more single quote, double quote and dot stuff in an html tag. Sure you have to put the closing tag in column 1 - a mere blip against the pros. With respect to putting the closing tag in column 1... I've found the following to be fairly unobtrusive: ?php $blah = _ Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. _; ? Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Re: Top Posting
On 6 Jul 2011, at 20:03, Jim Giner jim.gi...@albanyhandball.com wrote: Frankly, I don't know why you are getting mail from me - I'm not sending you any. FFS and for the last time... THIS IS A MAILING LIST which you access through a newsgroup gateway. It is NOT a newsgroup! -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Re: Top Posting
Stuart Dallas stu...@3ft9.com wrote in message news:e73bd95e-0524-4743-92be-ae211b57e...@3ft9.com... On 6 Jul 2011, at 20:03, Jim Giner jim.gi...@albanyhandball.com wrote: Frankly, I don't know why you are getting mail from me - I'm not sending you any. FFS and for the last time... THIS IS A MAILING LIST which you access through a newsgroup gateway. It is NOT a newsgroup! -Stuart Forgive me for not being a know-it-all. I don't even know what FFS means. On second thought - I don't need your forgiveness. Perhaps you should utilize a newsgroup instead of getting all these emails in your inbox. Much less mail to sort thru when you don't feel like handling php problems and stuff from morons like me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Re: Re: Top Posting
On 06 Jul 2011 at 20:03, Jim Giner jim.gi...@albanyhandball.com wrote: You are currently listed in my /etc/postfix/helo_checks file as 64.118.87.45 REJECT Your mail server is a source of SPAM. Fix it! My mail server is my isp's. It is a shared server and not under my control. They are aware that is listed but cannot get to the bottom of why it is flagged. Frankly, I don't know why you are getting mail from me - I'm not sending you any. As for your solution to spam. What is Postfix? Rather than rely on heuristics, I wrote a Bayesian filter for my e-mail app. Let the spammer, by sending you the mail, indicate what is spam and what is not. -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Re: Re: Top Posting
On 06 Jul 2011 at 20:03, Jim Giner jim.gi...@albanyhandball.com wrote: Frankly, I don't know why you are getting mail from me - I'm not sending you any. You're sending mail to all of us. Here's what I got from you: To: php-general@lists.php.net From:Jim Giner jim.gi...@albanyhandball.com Subject: Re: [PHP] Re: Re: Top Posting Date:Wed, 6 Jul 2011 15:03:44 -0400 You are currently listed in my /etc/postfix/helo_checks file as 64.118.87.45 REJECT Your mail server is a source of SPAM. Fix it! My mail server is my isp's. It is a shared server and not under my control. They are aware that is listed but cannot get to the bottom of why it is flagged. Frankly, I don't know why you are getting mail from me - I'm not sending you any. As for your solution to spam. What is Postfix? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Re: Top Posting
On Wed, Jul 6, 2011 at 15:25, Jim Giner jim.gi...@albanyhandball.com wrote: Forgive me for not being a know-it-all. I don't even know what FFS means. Took me a minute to figure it out as well, and I was just getting ready to Google it when I thought to myself, what is it that Stut would mean by that? The key word in that phrase was his name, and it made perfect sense: For F$#@s Sake. On second thought - I don't need your forgiveness. Perhaps you should utilize a newsgroup instead of getting all these emails in your inbox. Much less mail to sort thru when you don't feel like handling php problems and stuff from morons like me. You're not a moron, but keep in mind that the list is a mailing list first, and only archived into newsgroups as a courtesy. The official channel of communication here is email. Good ol' fashioned ARPANET-inspired email. That said, a simple filter would sort and organize things quite nicely, and I suspect at least 30% of the people here do just that. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Re: Re: Top Posting
Tim Streater t...@clothears.org.uk wrote in message news:e5.d2.37602.f96b4...@pb1.pair.com... On 06 Jul 2011 at 20:03, Jim Giner jim.gi...@albanyhandball.com wrote: As for your solution to spam. What is Postfix? Rather than rely on heuristics, I wrote a Bayesian filter for my e-mail app. Let the spammer, by sending you the mail, indicate what is spam and what is not. -- Cheers -- Tim Tim, Good for you - although I have no idea what you are saying. :) I believe the box trapper tool I utilize (from my ISP) is also letting the spammer define himself - but it's just a black box to me. jg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Re: Top Posting
On Wed, Jul 6, 2011 at 8:25 PM, Jim Giner jim.gi...@albanyhandball.comwrote: Stuart Dallas stu...@3ft9.com wrote in message news:e73bd95e-0524-4743-92be-ae211b57e...@3ft9.com... On 6 Jul 2011, at 20:03, Jim Giner jim.gi...@albanyhandball.com wrote: Frankly, I don't know why you are getting mail from me - I'm not sending you any. FFS and for the last time... THIS IS A MAILING LIST which you access through a newsgroup gateway. It is NOT a newsgroup! -Stuart Forgive me for not being a know-it-all. I don't even know what FFS means. I don't expect people to know-it-all, but since you started contributing to this MAILING LIST I've told you at least twice that it's a MAILING LIST not a newsgroup. Suggestion... when you don't know something, Google it. In the past few messages you've sent you've asserted your ignorance on a number of points. Go to google, put FFS in and you get the definition back as the FIRST result. Even if it wasn't the first result I would hope it's safe to assume you'd know I didn't mean Facial Feminization Surgery or Finnish Fur Sales! Ignorance is natural and expected, but the inability or unwillingness to put effort into reducing your ignorance is a sickening waste of one of the most powerful computers on the planet! On second thought - I don't need your forgiveness. Perhaps you should utilize a newsgroup instead of getting all these emails in your inbox. Much less mail to sort thru when you don't feel like handling php problems and stuff from morons like me. I don't think you're a moron, and I'll leave deciding why you referred to yourself as such as an exercise for the reader. I do think you need to pay a bit more attention, and occasionally respect, to the responses you get on this mailing list if you want to realise the potential value they carry. I'm not sure why you think I do, but I have no problem with the emails I get as a result of subscribing to this mailing list - in fact I find them invaluable. I've found the list invaluable whenever I've had a problem I can't solve myself, and I find it invaluable to contribute where and when I can. I occasionally find it extremely frustrating, but as the veteran list members will hopefully testify my responses have mellowed somewhat with age. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Re: Re: Top Posting
On Wed, Jul 06, 2011 at 03:03:44PM -0400, Jim Giner wrote: [snip] As for your solution to spam. What is Postfix? Postfix is a *nix program which can be connected to whatever program you use to grab mail with. With postfix, you write recipes which dictate what will be done with a piece of incoming mail, based on whatever characteristics you choose. Think of it as the spam controls in Firefox or Outlook, but on steroids. Typically, postfix will either drop a piece of spam on the floor, mark it in some way your mail client will understand, or file it an a separate folder. Moreover, it's not just for spam. It can be used to filter out duplicate emails, file copies of emails under different folders by subject, etc. It also makes for a great car wax and salad dressing. ;-} Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] vend-bot?
On Wed, Jul 6, 2011 at 6:16 PM, Kirk Bailey kbai...@howlermonkey.netwrote: ** On 7/6/2011 9:31 AM, Stuart Dallas wrote: On Wed, Jul 6, 2011 at 3:01 AM, Kirk Bailey kbai...@howlermonkey.netwrote: On 7/3/2011 4:53 PM, Stuart Dallas wrote: Only allowing them to access the URL once is a bad idea. If their download fails, is corrupt, or any number of other things go wrong (think accelerators, browser accelerators, etc) then you end up with a lot of support mail. Better to give them access for a short period of time. Ok, so it just got more complex- if we let them do it twice, ior three times, we have a more complex design specification; if we let them do it unlimited times, we just defeated thepurpose of the exercise. How about this: if it fails, the customer can email us, adn we can reply with a copy as an attachment; a ripoff artist will not be in the log, and a complaint of failure to download gets them nothing. I don't see how it got more complex. IT IS SIMPLER TO IMPLEMENT IF IT WORKS EVERY TIME A LEGITIMATE CODE IS PRESENTED IN THE URL. Which part of my solution would cause that not to be the case? If there is a list of valid passwords and it does not change, the password will work every time. A clever hacker makes 1 purchase and uses this over and over to steal other products- not good. We need to remove the password after it is used. If you read back you'll note I said generate a unique token linked to their account. At no point did I say the tokens would be shared between customers. IF the first time it is used the password code is deleted from a file, it cannot work a second time. That is a mild increase in complexity. If we want it to work more than once, then we argue- how many is enough? And how do we track uses? If they got product the first time, the second ( and third, and fourth...) permitted uses are there waiting for a cleve hacker to steal product. And if we build a mechanism to verify successful delivery or product prior to deleting the password, it is more complex still. So we need to take time to think about this in detail. You don't track uses. When the URL is requested it looks up the unique token somewhere and gets the expiry timestamp. If the token doesn't exist or the expiry timestamp is in the past, access is denied. There's no need to verify successful delivery - the only way to do this is to ask the user which gives them an avenue to never say it was successful and therefore have the URL work indefinitely. Give the token an expiry timestamp 1 hour, 6 hours, 12 hours or 24 hours in the future. It doesn't really matter how long, as long as it's enough time for them to get the link (remembering potential email delays if it's sent by email), and for them to use it a few times (bearing in mind the size of the download and the effect that has on how long failed attempts could last. If we allow it once, and delete is as part of the vend process, we also can offer a contact link should they have problems with the download. This would likely cause an unnecessary increase in support costs. This may not be a concern of yours right now, but if you're in the business of making a profit I'd recommend it becomes a permanent fixture on your radar. Nothing about this is complex in my experience. I've built checkout systems that use this process, and I've found it to be straightforward to implement. Maybe I'm not explaining it very well, but it really is a simple, very well-used system utilising a very common concept of expiring tokens. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
Re: [PHP] Re: Re: Top Posting
On Jul 6, 2011, at 3:19 PM, Paul M Foster wrote: Postfix is a *nix program which can be connected to whatever program you use to grab mail with. With postfix, you write recipes which dictate what will be done with a piece of incoming mail, based on whatever characteristics you choose. Think of it as the spam controls in Firefox or Outlook, but on steroids. Typically, postfix will either drop a piece of spam on the floor, mark it in some way your mail client will understand, or file it an a separate folder. Moreover, it's not just for spam. It can be used to filter out duplicate emails, file copies of emails under different folders by subject, etc. Actually, what you're describing sounds much more like procmail than postfix. Postfix is a MTA - Mail Transfer Agent, a replacement for Sendmail on Unix systems. It does SMTP and local delivery of mail, and can hook into procmail to further process mail for a given user. Procmail *can* act as a MTA, but only in the local context. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam filtering (was Top Posting)
On 7/07/2011, at 5:50 AM, Jim Lucas wrote: On 7/5/2011 7:52 PM, Jim Giner wrote: And what do you use to cut down on spam in your in-box? This is completely off topic, but here it goes... When I received an email the other day from your mail server, I had created this crazy ass reply to your automatic request for a reply. But in turn, just sent the email with the link showing that your mail server is a source of spam. To answer your question, I use built in Postfix checks... Here are my list of options: reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_recipient_domain, check_recipient_maps, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_helo_access hash:/etc/postfix/helo_checks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client korea.services.net, permit With the above settings, I REJECT 99.9% of all SPAM that tries to enter my box. You are currently listed in my /etc/postfix/helo_checks file as 64.118.87.45 REJECT Your mail server is a source of SPAM. Fix it! I use grey-listing. It temporarily rejects emails from servers it doesn't recognise, which stops most spam but actual email gets through as they (correctly) retry. I also have a learning bayesian filter running in my mail client (Apple's Mail), which handles the spam that gets through the greylist. --- Simon Welsh Admin of http://simon.geek.nz/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] static variables inside static methods
The second case is referencing the varible of the class.
Maybe you are right. However, I don't really think that there is a true
reference to the class var in example #2.
PHP documentation of static keywords does not unambiguously explain behavior
of static variables inside methods in example #1. I believe that in
example #1 the exactly same instance of function (method) is used
irregarding of how you call it (X::test() or Y::test()), therefore I would
expect the same static var to be involved in both calls to test().
Is there anybody who can comment on this matter?
Thanks.
6 июля 2011 г. 11:05 пользователь Andrew Williams andrew4willi...@gmail.com
написал:
I think you are confusing scope visibility level of the variable within
method and the class.
Variable within the method is going to 1 because it was declare within the
test method and there no link to the one declared outside the test method.
The second case is referencing the varible of the class.
2011/7/6 Дмитрий Степанов dmit...@stepanov.lv
Hello, everybody.
While working with static variables inside static class' methods, I have
found this very interesting (at least for me) behavior of PHP.
Consider the following class definitions (example #1):
class X {
public final static function test() {
static $i;
return ++$i;
}
}
class Y extends X {
}
By executing this code:
echo X::test();
echo Y::test(); // note Y class here
one would expect to see 12 as output, but apparently I get 11.
That's a bit confusing if you logically assume that static vars are
tied
to the scope they're defined in. Since this static variable is
defined in a specific static method test(), that is NOT overloaded by
class
Y, in my opinion it shoul've preserved it's value across static calls.
Let's look at another example (example #2):
class X {
public static $x =0;
public final static function test() {
return ++static::$x; // note static keyword here
}
}
class Y extends X {
}
If you run this code:
echo X::test();
echo Y::test();
you get 12 as output - the expected output. Notice that the
++static::$x
expr. is taking advantage of late static binding. Now, if you change
body of test() to the following code:
public final static function test() {
return ++self::$x;
}
then you also get 12 as output.
Is this a bug that static context of $i is not preserved in example #1 or
do
I misunderstand something?
I could not find any hints on this in the PHP documentation.
Dmitry.
--
Dmitry Stepanov
E-mail: dmit...@stepanov.lv
Home: http://www.stepanov.lv
Skype: ninzjoo
--
Dmitry Stepanov
E-mail: dmit...@stepanov.lv
Home: http://www.stepanov.lv
Skype: ninzjoo
Re: [PHP] Re: Re: Top Posting
On Wed, Jul 06, 2011 at 04:24:29PM -0500, Tamara Temple wrote: On Jul 6, 2011, at 3:19 PM, Paul M Foster wrote: Postfix is a *nix program which can be connected to whatever program you use to grab mail with. With postfix, you write recipes which dictate what will be done with a piece of incoming mail, based on whatever characteristics you choose. Think of it as the spam controls in Firefox or Outlook, but on steroids. Typically, postfix will either drop a piece of spam on the floor, mark it in some way your mail client will understand, or file it an a separate folder. Moreover, it's not just for spam. It can be used to filter out duplicate emails, file copies of emails under different folders by subject, etc. Actually, what you're describing sounds much more like procmail than postfix. Postfix is a MTA - Mail Transfer Agent, a replacement for Sendmail on Unix systems. It does SMTP and local delivery of mail, and can hook into procmail to further process mail for a given user. Procmail *can* act as a MTA, but only in the local context. Well, DUH! I can't believe I wrote this whole email about Postfix, while instead carefully explaining what procmail was! Maybe I need more rest than I thought. My apologies for the waste of bandwidth. Tamara's explanation is exactly correct. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] static variables inside static methods
2011/7/6 Дмитрий Степанов dmit...@stepanov.lv PHP documentation of static keywords does not unambiguously explain behavior of static variables inside methods in example #1. I believe that in example #1 the exactly same instance of function (method) is used irregarding of how you call it (X::test() or Y::test()), therefore I would expect the same static var to be involved in both calls to test(). I would also expect a static local variable to be tied to the function that defines it without regard to how you call it should the function happen to be static. To me, a static local variable should act like a private global variable and have exactly one value visible only to its declaring function. David
Re: [PHP] vend-bot?
Please include the list when replying.
On Wed, Jul 6, 2011 at 10:20 PM, Kirk Bailey kbai...@howlermonkey.netwrote:
Um, assuming dishonest intent on the customers part, why would the token
NOT be shared?
I meant shared within your system between customers. Whether you lock the
URL or not, if customers want to share the asset(s) they're downloading,
they will. Nothing you can really do about that.
On 7/6/2011 4:34 PM, Stuart Dallas wrote:If you read back you'll note I
said generate a unique token linked to their account. At no point did I
say the tokens would be shared between customers.
Perchance, you have wroking code addressing this sort of issue? Could you
post it here for all to examine please?
Not without breaching various copyright laws, but I can go through the
general process :). The following assumes you don't have a user DB, or don't
want the tokens to be connected to the users.
You have a data source (DB, whatever) that can store unique tokens with
other data. For the sake of example let's go with a standard DB. You create
a table that contains fields...
- id (unsigned int auto_increment)
- token (char(40) with a unique key)
- expires_at (unsigned int)
- product_id (unsigned int)
Customer buys something. Once payment is confirmed the site does this...
1) Insert a row into the table...
- expires_at = time() + 86400 for 24 hours, time() + 900 for 15 minutes,
etc
- product_id = the ID of the product they purchased (modify this to
include what you need to deliver the item[s] they've purchased)
2) Retrieve the last inserted ID.
3) Hash (sha1) or encrypt (mcrypt_encrypt) the ID with a secret salt [i.e.
$token = sha1('this is the '.$id.' secret salt'); or similar]. If you use
mcrypt you may need to modify the result to be usable in a URL - read the
manual.
4) Update the row with that token. Catch duplicate key errors (unlikely but
possible), go back to 3 and try again with a different salt (adding a random
character will do).
How you generate the token is essentially irrelevant, so long as you can't
deduce another token from the one you have. I've found the above to be
sufficient, and it very very rarely generates a duplicate.
When a download URL is hit it runs a script that does the following...
1) Make sure a token has been provided in the URL.
2) Select the row corresponding to that token from the table.
3) If no row was found display access denied or download expired, along
with your support email address.
4) If ($row['expires_at'] time()), delete the row (optional) and
display access denied or download expired, along with your support email
address.
5) If not, use the product_id (or whatever) to deliver the download by
writing out the correct headers and then use readfile() to send it. Note
that if the downloads are large you may want to do this a different way so
you can catch and deal with client disconnects.
That's basically it. To keep the table clean you can have a cron job that
does a simple delete from table where expires_at unix_timestamp(); query
every 24 hours, or depending on how long the query takes you could simplify
it by running that same query during a suitable percentage of the download
URL hits.
You may also see benefits by connecting the table above to the user and
order tables (or whatever equivalents your system may have).
Hope that makes it a bit clearer.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
Re: [PHP] vend-bot?
Again, please include the list when replying. On Thu, Jul 7, 2011 at 1:06 AM, Kirk Bailey kbai...@howlermonkey.netwrote: ** On 7/6/2011 6:08 PM, Stuart Dallas wrote: Please include the list when replying. On Wed, Jul 6, 2011 at 10:20 PM, Kirk Bailey kbai...@howlermonkey.netwrote: Um, assuming dishonest intent on the customers part, why would the token NOT be shared? I meant shared within your system between customers. Whether you lock the URL or not, if customers want to share the asset(s) they're downloading, they will. Nothing you can really do about that. Wanna bet? I know how to make even the most selfish amoral theif NOT share copyrighted material. [snip fascinating technical detail bits] Yeah, I'll take that bet. That's quite a claim, and one the MPAA, RIAA and many other similar organisations around the world would be tripping over themselves to throw money at you if it were true. It's bits and bytes. Anything you can come up with can be broken. It is categorically not possible to prevent the duplication of digital information, copyrighted or not. It is possible to make it pretty difficult, but not impossible. The way you phrased that is interesting... I know how to make [people] NOT share copyrighted material - you didn't say prevent them from doing it, which might suggest your method has a social engineering aspect. Alternatively I could be reading too much into the language you used - I do that sometimes. Come to think of it, I can make them not share copyrighted material too - make the copyrighted material something that nobody would ever want. What's the number for the RIAA? Oh, hang on, the record companies have tried that several times - they realised the business model is not sustainable! Oh, and I think you'll find most of the people who circumvent copy protection mechanisms are not selfish or amoral, they're just curious, intelligent people looking for a challenge. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
[PHP] Re: Re: Top Posting
Hello Jim Giner, Am 2011-07-05 22:52:39, hacktest Du folgendes herunter: Huh? You have a problem with a person having a spam filter that requires one valid response to ensure that the mail from an address is from a real person ONE TIME ONLY? The problem is, that 1) I read the messages on the Linux Console 2) I get every day such crap And what do you use to cut down on spam in your in-box? spamassassin + a bunch of procmail rules Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Franceitsystems@tdnet Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) Gewerbe Straße 3 50, rue de Soultz 77694 Kehl/Germany 67100 Strasbourg/France Tel: +49-177-9351947 mobil Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
