[PHP] URGENT! Need help with command line for list all new/modified files within the last 24 hours
Hi to all, My site with Drupal 7. I contacted tech support and he said he accessed to the site with FTP - what I doubt. But if it's truth - it's even worse because whole server is then compromised. I need help with command line for list all new/modified files within the last 24 hours. Thanks for any help, LAMP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URGENT! Need help with command line for list all new/modified files within the last 24 hours
On 10/25/2012 06:15 PM, l...@afan.net wrote: Hi to all, My site with Drupal 7. I contacted tech support and he said he accessed to the site with FTP - what I doubt. But if it's truth - it's even worse because whole server is then compromised. I need help with command line for list all new/modified files within the last 24 hours. Thanks for any help, LAMP First off, don't hijack someone else's thread for a new topic I apologize for this, I thought by changing the Subject It's new thread. Secondly, this has nothing to do with PHP I apologize again. You're right, I should post on Linux group. Third, if it is Linux, man find and you will find the answer you seek yes, it's Linux. Forth, if it is Windows, I have nothing else to say :-) -- Jim Lucas http://www.cmsws.com/ http://www.cmsws.com/examples/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URGENT! Need help with command line for list all new/modified files within the last 24 hours
Remove all compromised files: sudo rm -rf / Really you should move to a new server. Dump the database and upload code from your local copy. I wish it's so easy :( Regards, -Josh ___ http://joshuakehn.com Currently mobile On Oct 25, 2012, at 9:15 PM, l...@afan.net wrote: Hi to all, My site with Drupal 7. I contacted tech support and he said he accessed to the site with FTP - what I doubt. But if it's truth - it's even worse because whole server is then compromised. I need help with command line for list all new/modified files within the last 24 hours. Thanks for any help, LAMP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] URGENT! Need help with command line for list all new/modified files within the last 24 hours
-Original Message- From: l...@afan.net [mailto:l...@afan.net] Sent: Thursday, October 25, 2012 9:16 PM To: php-general@lists.php.net Subject: [PHP] URGENT! Need help with command line for list all new/modified files within the last 24 hours Hi to all, My site with Drupal 7. I contacted tech support and he said he accessed to the site with FTP - what I doubt. But if it's truth - it's even worse because whole server is then compromised. I need help with command line for list all new/modified files within the last 24 hours. Thanks for any help, LAMP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php $ ls -n -r * /directory-path ($fmtime = 20121024) Thanks a lot!!! :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URGENT! Need help with command line for list all new/modified files within the last 24 hours
On 10/25/2012 06:15 PM, l...@afan.net wrote: Hi to all, My site with Drupal 7. I contacted tech support and he said he accessed to the site with FTP - what I doubt. But if it's truth - it's even worse because whole server is then compromised. I need help with command line for list all new/modified files within the last 24 hours. Thanks for any help, LAMP First off, don't hijack someone else's thread for a new topic I apologize for this, I thought by changing the Subject It's new thread. Secondly, this has nothing to do with PHP I apologize again. You're right, I should post on Linux group. Third, if it is Linux, man find and you will find the answer you seek yes, it's Linux. Forth, if it is Windows, I have nothing else to say :-) -- Jim Lucas http://www.cmsws.com/ http://www.cmsws.com/examples/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] OT (maybe not): Drupal vs WordPress
Hi to everyone, I was trying to figure this out for the last week or two. I have read tons of articles that compare Drupal and WordPress, but I still wasn't swayed to either side. I know that they are both good, both do the job well, and both have advantages and disadvantages. For example, Drupal has a steeper learning curve, but you get more control over the website. Most of Drupal vs WordPress articles are emotionally driven and it reminds me of the PC vs Apple flame war. I was trying to exclude these as much as I could but it's hard. Is there any website/article/benchmark/test/experiment/whatever I can trust to be unbiased? I need a website that measures the CMS' through facts, not heated, emotional arguments. In which cases is it better to use Drupal over WordPress (and vice-versa)? I know the first two words are going to be it depends, but let's talk about it in general (for small basic websites, more complex websites, easy customization, etc). I found this on one page: ... Drupal was built as a fine-grained multi-role system where you can assign different permissions to different roles to do different things (e.g. content editor, content reviewer, member, etc.) and assign users to these roles... Does that mean that WordPress can't do that? Maybe it can, and the quotation is true, but it is kind of misleading to say that one of the programs does something, and then not mention the other product at all. Special points for me are (not a must, though) - multiple websites with single core (both CMSs have the capability but I got impression Drupal does it better?) because of maintenance - compatibility with CiviCRM Once I decide what to use, I have to stick with it for a while. Thanks for any help. LAMP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT (maybe not): Drupal vs WordPress
http://www.computerworld.com/s/article/9219685/Site_builder_shootout_Drupal_vs._Joomla_vs._WordPress Very good article IHMO. Hi to everyone, I was trying to figure this out for the last week or two. I have read tons of articles that compare Drupal and WordPress, but I still wasn't swayed to either side. I know that they are both good, both do the job well, and both have advantages and disadvantages. For example, Drupal has a steeper learning curve, but you get more control over the website. Most of Drupal vs WordPress articles are emotionally driven and it reminds me of the PC vs Apple flame war. I was trying to exclude these as much as I could but it's hard. Is there any website/article/benchmark/test/experiment/whatever I can trust to be unbiased? I need a website that measures the CMS' through facts, not heated, emotional arguments. In which cases is it better to use Drupal over WordPress (and vice-versa)? I know the first two words are going to be it depends, but let's talk about it in general (for small basic websites, more complex websites, easy customization, etc). I found this on one page: ... Drupal was built as a fine-grained multi-role system where you can assign different permissions to different roles to do different things (e.g. content editor, content reviewer, member, etc.) and assign users to these roles... Does that mean that WordPress can't do that? Maybe it can, and the quotation is true, but it is kind of misleading to say that one of the programs does something, and then not mention the other product at all. Special points for me are (not a must, though) - multiple websites with single core (both CMSs have the capability but I got impression Drupal does it better?) because of maintenance - compatibility with CiviCRM Once I decide what to use, I have to stick with it for a while. Thanks for any help. LAMP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to insert a file in a class?
Hi to all. Let's say there is a class class Box { var $box_title; var $box_content; function __construct() { $this-box = ''; } function box_title($title) { $this-title = $title; } function box_content($content) { $this-content = $content; } function make_box() { $this-box = 'h3'.$this-box_title.'/h3'.$this-box_content; } function get_box() { return $this-box; } } $box = new Box(); $box-box_title('PHP Classes'); $box-box_content('Starting with PHP 5, the object model was rewritten to allow for better performance and more features. This was a major change from PHP 4. PHP 5 has a full object model.') $box-make_box(); echo $box-get_box(); This works fine. The problem I have is how to include a file as box_content? it could be plain text, but it could be a form or some kind of code. $box-box_include(include(/path/to/file/file.php)) doesn't work, of course. Wrapping up the whole code in a variable doesn't make a sense too: # file.php $content = ' form method=post action=$_SERVER['PHP_SELF'] Email = input type=text name=email Pass = input type=password name=pass input type=submit value=Submit /form'; # main.php $box = new Box(); $box-box_title('PHP Classes'); include(file.php); $box-box_content($content); $box-make_box(); echo $box-get_box(); Also, I'm sure I read once it's not correct to print directly from a class. First return a value/result to main code and then print. Correct? LAMP
Re: [PHP] How to insert a file in a class?
On Jun 1, 2012, at 8:00 AM, Gibbs wrote: On 01/06/12 13:41, LAMP wrote: Hi to all. Let's say there is a class class Box { var $box_title; var $box_content; function __construct() { $this-box = ''; } function box_title($title) { $this-title = $title; } function box_content($content) { $this-content = $content; } function make_box() { $this-box = 'h3'.$this-box_title.'/h3'.$this- box_content; } function get_box() { return $this-box; } } $box = new Box(); $box-box_title('PHP Classes'); $box-box_content('Starting with PHP 5, the object model was rewritten to allow for better performance and more features. This was a major change from PHP 4. PHP 5 has a full object model.') $box-make_box(); echo $box-get_box(); This works fine. The problem I have is how to include a file as box_content? it could be plain text, but it could be a form or some kind of code. $box-box_include(include(/path/to/file/file.php)) doesn't work, of course. Wrapping up the whole code in a variable doesn't make a sense too: # file.php $content = ' form method=post action=$_SERVER['PHP_SELF'] Email = input type=text name=email Pass = input type=password name=pass input type=submit value=Submit /form'; # main.php $box = new Box(); $box-box_title('PHP Classes'); include(file.php); $box-box_content($content); $box-make_box(); echo $box-get_box(); Also, I'm sure I read once it's not correct to print directly from a class. First return a value/result to main code and then print. Correct? LAMP Couldn't you just do something like: function box_content($file = NULL) { $content = file_exists($file) ? include($file) : NULL; $this-content = $content; } It really depends what is being included (text, HTML, PHP etc). Personally I would create a different method for each different type as they will have to be treated and returned differently. Gibbs No. It doesn't work. And yes, the content of the box could be anything. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to insert a file in a class?
On Jun 1, 2012, at 7:46 AM, David OBrien wrote: On Fri, Jun 1, 2012 at 8:41 AM, LAMP l...@afan.net wrote: Hi to all. Let's say there is a class class Box { var $box_title; var $box_content; function __construct() { $this-box = ''; } function box_title($title) { $this-title = $title; } function box_content($content) { $this-content = $content; } function make_box() { $this-box = 'h3'.$this-box_title.'/h3'.$this- box_content; } function get_box() { return $this-box; } } $box = new Box(); $box-box_title('PHP Classes'); $box-box_content('Starting with PHP 5, the object model was rewritten to allow for better performance and more features. This was a major change from PHP 4. PHP 5 has a full object model.') $box-make_box(); echo $box-get_box(); This works fine. The problem I have is how to include a file as box_content? it could be plain text, but it could be a form or some kind of code. $box-box_include(include(/path/to/file/file.php)) doesn't work, of course. Wrapping up the whole code in a variable doesn't make a sense too: # file.php $content = ' form method=post action=$_SERVER['PHP_SELF'] Email = input type=text name=email Pass = input type=password name=pass input type=submit value=Submit /form'; # main.php $box = new Box(); $box-box_title('PHP Classes'); include(file.php); $box-box_content($content); $box-make_box(); echo $box-get_box(); Also, I'm sure I read once it's not correct to print directly from a class. First return a value/result to main code and then print. Correct? LAMP file_get_contents I still can get the content of a file?!? echo file_get_contents($content); doesn't show anything. though, echo htmlspecialchars(file_get_content($content)); will show the code. means it is there
Re: [PHP] How to insert a file in a class?
On Jun 1, 2012, at 8:11 AM, LAMP wrote: On Jun 1, 2012, at 7:46 AM, David OBrien wrote: On Fri, Jun 1, 2012 at 8:41 AM, LAMP l...@afan.net wrote: Hi to all. Let's say there is a class class Box { var $box_title; var $box_content; function __construct() { $this-box = ''; } function box_title($title) { $this-title = $title; } function box_content($content) { $this-content = $content; } function make_box() { $this-box = 'h3'.$this-box_title.'/h3'.$this- box_content; } function get_box() { return $this-box; } } $box = new Box(); $box-box_title('PHP Classes'); $box-box_content('Starting with PHP 5, the object model was rewritten to allow for better performance and more features. This was a major change from PHP 4. PHP 5 has a full object model.') $box-make_box(); echo $box-get_box(); This works fine. The problem I have is how to include a file as box_content? it could be plain text, but it could be a form or some kind of code. $box-box_include(include(/path/to/file/file.php)) doesn't work, of course. Wrapping up the whole code in a variable doesn't make a sense too: # file.php $content = ' form method=post action=$_SERVER['PHP_SELF'] Email = input type=text name=email Pass = input type=password name=pass input type=submit value=Submit /form'; # main.php $box = new Box(); $box-box_title('PHP Classes'); include(file.php); $box-box_content($content); $box-make_box(); echo $box-get_box(); Also, I'm sure I read once it's not correct to print directly from a class. First return a value/result to main code and then print. Correct? LAMP file_get_contents I still can get the content of a file?!? echo file_get_contents($content); doesn't show anything. though, echo htmlspecialchars(file_get_content($content)); will show the code. means it is there Works perfect! Me dummy, forgot I had style=display: none; within the dive tag :) :) :) Thanks to all for help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Keeping session info in $_SESSION or in database?
Hi all, This is THE question that bothers me for a while... I always was keeping session info, like user ID, organization ID, selected book ID... within $_SESSION array. Main reason is to access and maintain it faster than keeping them inside session table. And, also, one less mysql connection. Though, in last project the $_SESSION grow up to around 30, even 50 elements of the array. And several people mentioned it's better to keep so big session data in mysql than in $_SESSION. My question is pros and cons $_SESSION vs. mysql session. And, if the amount of data is only reason, when is better to keep all data in $_SESSION and when to store them in mysql? Thanks for any help, LAMP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Keeping session info in $_SESSION or in database?
On Aug 15, 2011, at 2:11 PM, Philip Thompson wrote: On Mon, Aug 15, 2011 at 1:43 PM, LAMP l...@afan.net wrote: Hi all, This is THE question that bothers me for a while... I always was keeping session info, like user ID, organization ID, selected book ID... within $_SESSION array. Main reason is to access and maintain it faster than keeping them inside session table. And, also, one less mysql connection. Though, in last project the $_SESSION grow up to around 30, even 50 elements of the array. And several people mentioned it's better to keep so big session data in mysql than in $_SESSION. My question is pros and cons $_SESSION vs. mysql session. And, if the amount of data is only reason, when is better to keep all data in $_SESSION and when to store them in mysql? Thanks for any help, LAMP Hi all. Long time no see. I personally think 30-50 elements in an array is not a lot of data (unless you're storing hundreds of megs of data per element). You really have to weigh the pros and cons of using file-based session storage versus database session storage. With a quick google search, this article by Chris Shiftlett came up: http://shiflett.org/articles/storing-sessions-in-a-database . Specially look at the background section. It goes over a couple reasons to use a database. While this list is not exhaustive by any means, it should get you thinking. If the biggest reason for wanting to use a database over the file system is because of the space, then you may want to reconsider In file-based session storage, the session data is saved in a particular location (as specified in php.ini). So, if you have 10MB of data, this will be will stored in a file slightly larger than 10MB because I believe the data is serialized in some form. This file is accessed upon page load and is written to for the next page request. File I/O is generally pretty fast... generally much faster than database I/O. In the database storage, you must run queries to pull the data necessary. This requires a connection plus the time to query plus the time to organize the data. If you have 10MB of data, then you still have to pull all of that from the database, so I don't believe you're getting any speed advantage. If you're application is running on multiple servers, then you'd want to consider the database storage. IMO, only use the database (for session storage) if it solves a problem that can be easily fixed otherwise by using file- based session storage. Hope that helps, ~Philip -- http://lonestarlightandsound.com/ I apologize for posting not-complete data :-) The size of the data is, I believe, small. 1-2 words per array element or number. No image or something like that is stored in $_SESSION. I believe no more than few Kb. My concern is not only speed, than handling (as you said time to query plus the time to organize the data...),as well as security. I read Shiflett's article but it dates from 2004 and I believe some stuff are changed too :-) As I said, I prefer working with $_SESSION instead storing data into session table, but always wondered is that correct approach. Thanks, LAMP
[PHP] test
sorry for this - previous email didn't get through?!!?!? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] test
I tried again and got this error message: Hi. This is the qmail-send program at outbound-mail-319.bluehost.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. php-general@lists.php.net: 76.75.200.58 failed after I sent the message. Remote host said: 550 we're manly enough already ?!?!?!!??! --- Enclosed are the original headers of the message. LAMP wrote: sorry for this - previous email didn't get through?!!?!? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] test
Daniel Brown wrote: On Mon, Jan 11, 2010 at 15:52, LAMP l...@afan.net wrote: I tried again and got this error message: Hi. This is the qmail-send program at outbound-mail-319.bluehost.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. php-general@lists.php.net: 76.75.200.58 failed after I sent the message. Remote host said: 550 we're manly enough already Sounds like a subscriber's mail server bounced your list message because it thought it was SPAM. Nothing to worry about your email came through. For the future, when unsure about list messages, check http://news.php.net/php.general/ . But I still can't send my question!?! :-) LL
[PHP] corect way to use mail() function
Hi, The company I work for, hosts online events registration applications. After a registered registered himself for an event he will get a confirmation email saying he registered successfully. Currently, in the header part of the mail(), in From it says e.g. ord...@computility.com - because the email comes from us not from our client (e.g. ABC Assoc.). Reply-to goes to us too. Now one of our clients (e.g. ABC Assoc.) asks us to put in the from field their email, to looks like the email comes from them. something like: From: ABC Assoc. eve...@abcaccos.org; I refused to do that concerned we are going to be blacklisted for sending spam. Because header shows one place and From field says other email address - spam way of sending emails. Am I right or it really doesn't matter who sent the email? LL
Re: [PHP] how to prevent a mild DOSS attack?
LinuxManMikeC wrote: Or DoS back at em. :-D I would love too. :-) On Wed, Nov 25, 2009 at 3:57 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Wed, 2009-11-25 at 16:38 -0600, LAMP wrote: hi guys, this morning I got complains from website owner and tons of visitors - nobody was able to access the website. it will just timeout. I contacted hosting company for more info but they said the virtual privet server, where the website is, has a lot of traffic and 512MB of RAM is not enough and I have to make an upgrade to at least 1GB etc. it does a make a sense. though, at 4pm I, nor 10 other people I asked for help, was able to access to the website. it was a little bit fishy about BIG traffic whole day long (the website is far from it) and, since I don't have a problem accessing WHM/cPanel of the server, I downloaded apache access file (stupid, I supposed to do it in the morning) and found 20-30 IP addresses, repeatedly were trying to access one (only one) page (something like article.php). and they were requesting the same page so frequently - nobody else was able to access to the website. it looked to me like a little DOSS attack - where attacker wanted just to make the website busy, not to crush the server. I contacted hosting company again. they said there is nothing they can do about this- even I'm paying them to manage my virtual server (I can manage this way by my self too). of course they can if I pay extra :-( now, my question is: is there anything I can do to stop these attacks using php? something? anything? thanks L There's nothing you could do with PHP to fix this really, as trying to block IP addresses from there would be expensive for the processor and memory of the server. You could use the cPanel to block access to the offending IP addresses though. Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to prevent a mild DOSS attack?
LinuxManMikeC wrote: On Wed, Nov 25, 2009 at 3:57 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Wed, 2009-11-25 at 16:38 -0600, LAMP wrote: hi guys, this morning I got complains from website owner and tons of visitors - nobody was able to access the website. it will just timeout. I contacted hosting company for more info but they said the virtual privet server, where the website is, has a lot of traffic and 512MB of RAM is not enough and I have to make an upgrade to at least 1GB etc. it does a make a sense. though, at 4pm I, nor 10 other people I asked for help, was able to access to the website. it was a little bit fishy about BIG traffic whole day long (the website is far from it) and, since I don't have a problem accessing WHM/cPanel of the server, I downloaded apache access file (stupid, I supposed to do it in the morning) and found 20-30 IP addresses, repeatedly were trying to access one (only one) page (something like article.php). and they were requesting the same page so frequently - nobody else was able to access to the website. it looked to me like a little DOSS attack - where attacker wanted just to make the website busy, not to crush the server. I contacted hosting company again. they said there is nothing they can do about this- even I'm paying them to manage my virtual server (I can manage this way by my self too). of course they can if I pay extra :-( now, my question is: is there anything I can do to stop these attacks using php? something? anything? thanks L There's nothing you could do with PHP to fix this really, as trying to block IP addresses from there would be expensive for the processor and memory of the server. You could use the cPanel to block access to the offending IP addresses though. Thanks, Ash http://www.ashleysheridan.co.uk Ok... serious answer. The DoS is either coming from script kiddies dumb enough to do it from their own IP, or its coming from a bot-net comprised of computers who's owners are morons and don't keep their computer secure. Either way, do a WHOIS, reverse DNS query, and traceroute on the IPs. You should be able to find the ISPs of the attacking systems. Email the ISP tech department with your info and let them take care of the offending systems. In my case, on the beginning was 20-30 different IPs. After they are blocked there was much more IPs :-( But, never was thinking that way. What I have to send to ISP? my access log file?
[PHP] how to prevent a mild DOSS attack?
hi guys, this morning I got complains from website owner and tons of visitors - nobody was able to access the website. it will just timeout. I contacted hosting company for more info but they said the virtual privet server, where the website is, has a lot of traffic and 512MB of RAM is not enough and I have to make an upgrade to at least 1GB etc. it does a make a sense. though, at 4pm I, nor 10 other people I asked for help, was able to access to the website. it was a little bit fishy about BIG traffic whole day long (the website is far from it) and, since I don't have a problem accessing WHM/cPanel of the server, I downloaded apache access file (stupid, I supposed to do it in the morning) and found 20-30 IP addresses, repeatedly were trying to access one (only one) page (something like article.php). and they were requesting the same page so frequently - nobody else was able to access to the website. it looked to me like a little DOSS attack - where attacker wanted just to make the website busy, not to crush the server. I contacted hosting company again. they said there is nothing they can do about this- even I'm paying them to manage my virtual server (I can manage this way by my self too). of course they can if I pay extra :-( now, my question is: is there anything I can do to stop these attacks using php? something? anything? thanks L -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which query is more correct?
Rick Pasotto wrote: On Fri, Nov 20, 2009 at 04:41:58PM -0600, LAMP wrote: Hi, I need to pull all records from the table Registrants they are NOT in the table ToBeRecleared Registrants.Reg_ID is PK ToBeRecleared.tbrc_Reg_ID is PK Which query is more correct? SELECT r.* FROM registrants r where r.reg_status=1 AND r.reg_id NOT IN (SELECT tbrc_reg_id FROM toberecleared) SELECT r.* FROM registrants r where r.reg_status=1 AND (SELECT count(*) FROM toberecleared where tbrc_reg_id=r.reg_id) = 0 I checked explain of bot queries - but can't read them. :-) SELECT t1.* FROM registrants t1 LEFT JOIN ToBeRecleared t2 on t1.reg_id = t2.tbrc_reg_id where t2.tbrc_reg_id is NULL thanks! :-)
[PHP] Which query is more correct?
Hi, I need to pull all records from the table Registrants they are NOT in the table ToBeRecleared Registrants.Reg_ID is PK ToBeRecleared.tbrc_Reg_ID is PK Which query is more correct? SELECT r.* FROM registrants r where r.reg_status=1 AND r.reg_id NOT IN (SELECT tbrc_reg_id FROM toberecleared) SELECT r.* FROM registrants r where r.reg_status=1 AND (SELECT count(*) FROM toberecleared where tbrc_reg_id=r.reg_id) = 0 I checked explain of bot queries - but can't read them. :-) Thanks, L -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Recurring payment by PayPal
Hi, I need to build the form (donation) people will use to submit their basic data (name, email, city/country) to mysql and start recurring payment using PayPal. The amount has to be selected from drop-down menu or radio buttons or any other solution. Does anybody already built up something like this I can use as a start up? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: accessing level above $_SERVER['DOCUMENT_ROOT']
Peter Ford wrote: LAMP wrote: hi, I have this structure: /home/lamp/mydomain/html /home/lamp/mydomain/logs /home/lamp/mydomain/config etc. html directory is the only one accessible from outside. to access config file I can use this: required_once('/home/lamp/mydomain/config'); but this is the structure on my local/development machine. once the site is done it will be moved to production server and the structure will be /srv/www/mydomain/html /srv/www/mydomain/logs /srv/www/mydomain/config etc. to automate the document_root I define on the begining of the page define('HTML_PATH', $_SERVER{DOCUMENT_ROOT']); define('CONFIG_PATH', $_SERVER{DOCUMENT_ROOT'].'/../config'); define('LOGS_PATH', $_SERVER{DOCUMENT_ROOT'].'/../logs'); it works but I think it's not good solution. or at least - it's not nice solution :-) suggestions? afan Outside of a define, you could have used dirname($_SERVER[DOCUMENT_ROOT]), but in a define, that's not going to work. I think you're stuck with your inelegance... actually, it works define('CONFIG_PATH', dirname($_SERVER{DOCUMENT_ROOT']).'/config'); echo ?: .CONFIG_PATH; // /home/lamp/mydomain/config ;-) Thanks. Afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] accessing level above $_SERVER['DOCUMENT_ROOT']
hi, I have this structure: /home/lamp/mydomain/html /home/lamp/mydomain/logs /home/lamp/mydomain/config etc. html directory is the only one accessible from outside. to access config file I can use this: required_once('/home/lamp/mydomain/config'); but this is the structure on my local/development machine. once the site is done it will be moved to production server and the structure will be /srv/www/mydomain/html /srv/www/mydomain/logs /srv/www/mydomain/config etc. to automate the document_root I define on the begining of the page define('HTML_PATH', $_SERVER{DOCUMENT_ROOT']); define('CONFIG_PATH', $_SERVER{DOCUMENT_ROOT'].'/../config'); define('LOGS_PATH', $_SERVER{DOCUMENT_ROOT'].'/../logs'); it works but I think it's not good solution. or at least - it's not nice solution :-) suggestions? afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] isset question
Steve wrote: Use !empty($_POST['mort']) instead of isset() for form input since the form will still set an empty value if left blank. Gary wrote: I have a form that gives the submitter a choice or either one set of questions, or another. I am still getting the message even if the input was left blank. So on the line below, $msg.= isset($_POST['mort']) ? The mortgage amount is $mort\n : ; I get The mortgage amount is What am I missing here? Thanks Gary No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.339 / Virus Database: 270.12.78/2185 - Release Date: 06/18/09 05:53:00 using !empty() instead isset() will work if you don't care for PHP Notice: Undefined variable... If you want to avoid PHP Notice you have to use both: $msg.= (isset($_POST['mort']) and !empty($_POST['mort'])) ? The mortgage amount is $mort\n : ; afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: isset question
Gary wrote: This is what I have now and it works. I do know that on the second line I have $_POST['mort']}\n : ; in the second half. I'm not sure I understand the comment about use the !empty if you dont care about PHP. if you don't care about PHP Notice... eror_reporting: http://us.php.net/manual/en/function.error-reporting.php http://us.php.net/manual/en/errorfunc.constants.php#errorfunc.constants.errorlevels.e-notice put error_reporting(E_ALL) on the begining of you page you will get errors, warnings and notices - if any. errors and warnings stop the execution of the code. notice not. notices are usually about not defined variables before you started to use them. if you put error_reporting(E_ALL ^ E_NOTICE) it will not bother you. but I like to do everything correctly. :-) afan But this is working, and unless someone sees a problem with it, I will leave it as is. Thank you to everyone for helping. Gary $msg.= !empty($_POST['purchprice']) ? If this information is completed, it is a new purchase.\n The Purchase Price is $purchprice\n : ; $msg.= !empty($_POST['mort']) ? The mortgage amount is {$_POST['mort']}\n : ; $msg.= !empty($_POST['howlong']) ? The sellers have owned the property for $howlong\n\n\n : ; $msg.= !empty($_POST['mortgage']) ? If this information is completed, it is a refinance.\nThe mortgage amount is $mortgage\n : ; $msg.= !empty($_POST['purdate']) ? The property was originally purchased on $purdate\n : ; $msg.= !empty($_POST['datefin']) ? The property was last financed $datefin\n : ; Gary gwp...@ptd.net wrote in message news:ea.e8.08167.6ac8a...@pb1.pair.com... I have a form that gives the submitter a choice or either one set of questions, or another. I am still getting the message even if the input was left blank. So on the line below, $msg.= isset($_POST['mort']) ? The mortgage amount is $mort\n : ; I get The mortgage amount is What am I missing here? Thanks Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: isset question
Martin Scotta wrote: error_reporting( E_ALL | E_STRICT ); if you want to be extremely sure about your app (only in develop) Actually, I use error_reporting(E_ALL) while developing :-) Afan On Thu, Jun 18, 2009 at 5:04 PM, LAMP l...@afan.net mailto:l...@afan.net wrote: Gary wrote: This is what I have now and it works. I do know that on the second line I have $_POST['mort']}\n : ; in the second half. I'm not sure I understand the comment about use the !empty if you dont care about PHP. if you don't care about PHP Notice... eror_reporting: http://us.php.net/manual/en/function.error-reporting.php http://us.php.net/manual/en/errorfunc.constants.php#errorfunc.constants.errorlevels.e-notice put error_reporting(E_ALL) on the begining of you page you will get errors, warnings and notices - if any. errors and warnings stop the execution of the code. notice not. notices are usually about not defined variables before you started to use them. if you put error_reporting(E_ALL ^ E_NOTICE) it will not bother you. but I like to do everything correctly. :-) afan But this is working, and unless someone sees a problem with it, I will leave it as is. Thank you to everyone for helping. Gary $msg.= !empty($_POST['purchprice']) ? If this information is completed, it is a new purchase.\n The Purchase Price is $purchprice\n : ; $msg.= !empty($_POST['mort']) ? The mortgage amount is {$_POST['mort']}\n : ; $msg.= !empty($_POST['howlong']) ? The sellers have owned the property for $howlong\n\n\n : ; $msg.= !empty($_POST['mortgage']) ? If this information is completed, it is a refinance.\nThe mortgage amount is $mortgage\n : ; $msg.= !empty($_POST['purdate']) ? The property was originally purchased on $purdate\n : ; $msg.= !empty($_POST['datefin']) ? The property was last financed $datefin\n : ; Gary gwp...@ptd.net mailto:gwp...@ptd.net wrote in message news:ea.e8.08167.6ac8a...@pb1.pair.com... I have a form that gives the submitter a choice or either one set of questions, or another. I am still getting the message even if the input was left blank. So on the line below, $msg.= isset($_POST['mort']) ? The mortgage amount is $mort\n : ; I get The mortgage amount is What am I missing here? Thanks Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Martin Scotta -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] best solution to ecommerce web pages
Ashley Sheridan wrote: On Sun, 2009-06-07 at 13:29 +0200, mrfroasty wrote: Alain Roger wrote: Hi, i'm currently investigating what would be the best solution to develop an e-commerce web site. should i use some PHP template engine like smarty or CMS like Joomla, Drupal ? thanks a lot, Joomla +++ -- Extra details: OSS:Gentoo Linux profile:x86 Hardware:msi geforce 8600GT asus p5k-se location:/home/muhsin language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS Typo:40WPM url:http://mambo-tech.net url:http://blog.mambo-tech.net As commerce-orientated CMSs go, I've found OSCommerce to be pretty easy to get to grips with Ash www.ashleysheridan.co.uk I had really bad experience with osCommerce. - I used on several stores in the company I worked for and it happened few times that fresh downloaded will be demaged - the code is easy to modify because it's writen very simple. but, since there was tons of developers (community) you will find annoying number of stiles the code is written. - easy to modify, but with any modification there is big chance you will not be able to patch/update/upgrade - every time I had an issue I had to wait several days on answers/help on their forum. of course, nobody is paid to help me but if just want to let you know - don't count on forum as fast help. - simply, my suggestion stay away from osCommerce, CRA and other derivates. I didn't use (yet), but according research I did, I wold recommend Drupal + Ubercart afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how to manage permissions for file uploader
From: Phpster phps...@gmail.com To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net php-general@lists.php.net Sent: Wednesday, June 3, 2009 8:30:05 PM Subject: Re: [PHP] how to manage permissions for file uploader This is fairly simple to do as an http upload. With the folder above the web root, it less if an issue since general users can't gain access, a script can do all the interaction needed. Plus you can chown the permissions with php Bastien Sent from my iPod On Jun 3, 2009, at 17:24, Lamp Lists lamp.li...@yahoo.com wrote: to upload an image for a photo gallery (my own code) I have to have permission for the directory images 0777. but having permission for a directory 0777 is REALLY bad idea, isn't it? I'm owner of the directory (lamp:lamp images). what to do to set my code has permission to upload an image into the images directory and have permissions on the directory 0755? I googled for file uploader scripts and classes to se how they handle it but I can't see that part. just file/size/type validation and moving uploaded file to final destination. thanks. -LL Right. I did it for very first time. Now, I changed the hosting and directory is already full with images. What now? Create by php new one and then move by php images to new folder?
[PHP] how to manage permissions for file uploader
to upload an image for a photo gallery (my own code) I have to have permission for the directory images 0777. but having permission for a directory 0777 is REALLY bad idea, isn't it? I'm owner of the directory (lamp:lamp images). what to do to set my code has permission to upload an image into the images directory and have permissions on the directory 0755? I googled for file uploader scripts and classes to se how they handle it but I can't see that part. just file/size/type validation and moving uploaded file to final destination. thanks. -LL
Re: [PHP] Confirmation email caught by spam filter
partially, this is my issue. but it looks like the message add the email address ord...@mydomain.com to you address book didn't help. at least not noticeable. afan Dee Ayy wrote: Are you sure it's a PHP thing? The way I have some of my email accounts setup is that I only accept email from folks in my address book. If I just registered a new account somewhere, chances are I do not have them in my address book, so it will go to the Junk/Spam folder. If this is your issue, educate your users to make sure they check their Junk/Spam folder depending upon their Junk/Spam filtering settings when they are first registering. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Confirmation email caught by spam filter
hi, I use the following code (from php.net) to send confirmation email to the person that just created an account: $headers =MIME-Versin: 1.0\n . Content-type: text/plain; charset=ISO-8859-1; format=flowed\n . Content-Transfer-Encoding: 8bit\n . Reply-To: Orders l...@afan.net\n. From: Orders ord...@mydomain.com\n . X-Mailer: PHP . phpversion(); mail($to, $subject, $body, $headers); $subject is something like [MyDomain] Your new account, and $body is just few plain text details about person who created the form. The same code I use to reset a password: a visitor enters his/her email address and the link with session ID is sent to entered email address. The problem is the confirmation emails and reset password emails are very often caught by email filter and finish in Spam/Junk folder, or even stopped by ISP. What am I doing wrong, or what to do to improve the code? Also, how can I get bounced emails? Thanks, Afan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Confirmation email caught by spam filter
Andrew Ballard wrote: On Wed, May 27, 2009 at 12:07 PM, LAMP l...@afan.net wrote: hi, I use the following code (from php.net) to send confirmation email to the person that just created an account: $headers =MIME-Versin: 1.0\n . Content-type: text/plain; charset=ISO-8859-1; format=flowed\n . Content-Transfer-Encoding: 8bit\n . Reply-To: Orders l...@afan.net\n. From: Orders ord...@mydomain.com\n . X-Mailer: PHP . phpversion(); mail($to, $subject, $body, $headers); $subject is something like [MyDomain] Your new account, and $body is just few plain text details about person who created the form. The same code I use to reset a password: a visitor enters his/her email address and the link with session ID is sent to entered email address. The problem is the confirmation emails and reset password emails are very often caught by email filter and finish in Spam/Junk folder, or even stopped by ISP. What am I doing wrong, or what to do to improve the code? Also, how can I get bounced emails? Thanks, Afan What mail program is PHP using? Did you check out the $additional_parameters (5th parameter) for the mail() function? If you're using sendmail and the envelope from address is 'nob...@mydomain.com', you can pretty much assume they will get dumped as SPAM regardless of what you set in the From: header. Andrew right. the 5th element was www...@... (return-path) I added on the end of the mail() '-ford...@mydomain.com' Though, where/how can I setup the get bounced emails? Shouldn't bounced email be sent to return-path? I just sent few emails with non-existing email addresses and didn't get anything back? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] try - catch is not so clear to me...
From: Bastien Koert phps...@gmail.com To: Lamp Lists lamp.li...@yahoo.com Cc: Marc Steinert li...@bithub.net; php-general@lists.php.net Sent: Tuesday, April 14, 2009 8:11:04 AM Subject: Re: [PHP] try - catch is not so clear to me... On Mon, Apr 13, 2009 at 11:34 PM, Lamp Lists lamp.li...@yahoo.com wrote: From: Marc Steinert li...@bithub.net To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Monday, April 13, 2009 11:27:08 AM Subject: Re: [PHP] try - catch is not so clear to me... Basically try-catch gives you the ability to handle errors outside a class or method scope, by the calling instance. This comes in handy, if you are programming in an object orientated way and thus enables you to seperate error handling from the rest of your functionality. Means, your methods do only the things, they are meant to do, without bothering to handling occuring errors. Hope, that made things clearer. Greetings from Germany Marc Lamp Lists wrote: hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? -- http://bithub.net/ Synchronize and share your files over the web for free My Twitter feed http://twitter.com/MarcSteinert Looks like I still didn't get it correctly: try { if (!send_confirmation_email($email, $subject, $content)) { throw new Exception('Confirmation email is not sent'); } } catch (Exception $e) { send_email_with_error_to_admin($e, $content); } why am I getting both emails? I'm receiving confirmation email and email with error message - that I'm supposed to get if the first one is not sent for some reason?!?!?!? thanks for any help. -LL what does this function [send_confirmation_email($email, $subject, $content)] return? -- Bastien Cat, the other other white meat function send_confirmation_email($to, $subject, $body) { $headers =MIME-Versin: 1.0\n . Content-type: text/plain; charset=ISO-8859-1; format=flowed\n . Content-Transfer-Encoding: 8bit\n . Reply-To: Contact lamp.li...@yahoo.com\n. From: Contact lamp.li...@yahoo.com\n . X-Mailer: PHP . phpversion(); mail($to, $subject, $body, $headers) or die(mysql_errno()); } $body is regular confirmation text: Thank you for subscribing. To activate your account klick on the following link... etc. function send_email_with_error_to_admin($e, $content) { $error_message = Caught exception: . $e-getMessage() . \n; $error_message .= Code : . $e-getCode().\n; $error_message .= File : . $e-getFile().\n; $error_message .= Line : . $e-getLine().\n; $to_email = lamp.li...@yahoo.com; $subject = [Confirmation Error Report] .$e-getMessage(); $content .= \n--\n\n; $content .= Error Report:\n\n.$error_message; $content .= \n--\n\n; send_confirmation_email($to_email, $subject, $content); }
[PHP] try - catch is not so clear to me...
hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? let's take a look in example from php.net(http://us3.php.net/try) ?php function inverse($x) { if (!$x) { throw new Exception('Division by zero.'); } else return 1/$x; } try { echo inverse(5) . \n; echo inverse(0) . \n; } catch (Exception $e) { echo 'Caught exception: ', $e-getMessage(), \n; } // Continue execution echo 'Hello World'; ? I would do the same thing, I think, less complicated: ?php function inverse($x) { if (!$x) { echo 'Division by zero'; } else return 1/$x; } echo inverse(5); echo inverse(0); // Continue execution echo 'Hello world'; ? I know this is too simple, maybe not the best example, but can somebody please explain the purpose of try/catch? Thanks. -LL
Re: [PHP] try - catch is not so clear to me...
From: Kyle Smith kyle.sm...@inforonics.com To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Monday, April 13, 2009 9:52:36 AM Subject: Re: [PHP] try - catch is not so clear to me... Lamp Lists wrote: hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? let's take a look in example from php.net(http://us3.php.net/try) ?php function inverse($x) { if (!$x) { throw new Exception('Division by zero.'); } else return 1/$x; } try { echo inverse(5) . \n; echo inverse(0) . \n; } catch (Exception $e) { echo 'Caught exception: ', $e-getMessage(), \n; } // Continue execution echo 'Hello World'; ? I would do the same thing, I think, less complicated: ?php function inverse($x) { if (!$x) { echo 'Division by zero'; } else return 1/$x; } echo inverse(5); echo inverse(0); // Continue execution echo 'Hello world'; ? I know this is too simple, maybe not the best example, but can somebody please explain the purpose of try/catch? Thanks. -LL Your example kind of defeats the point. The point of a try {} block is that it will attempt to execute code and execute catch on a true failure. Your function already is protected against failure. Consider this $x = 0; try { $y = 4 / $x; // This will divide by zero, not good. } catch (Exception $e) { echo Error: $e } More importantly, the try/catch should be in your function, not around the invocations of your function: function inverse($x) { try { return $x/0; } catch(Exception $e) { return false; } } Consider this also, simply echoing an error on divide by Zero might not be great if your function is called, say, before headers. Throwing exceptions can be re-caught by executing code, which can easily avoid pre-header output. Does that clear up the purpose a bit? I'm no expert, but that's my understanding. HTH, Kyle Yes and No... Right now I was thinking to start using try/catch block on places where could be problem in my code and, if there is an error - send to myself email with error info. E.g., I use right now something like this: function send_conf_email($to, $subject, $content) { $headers =MIME-Versin: 1.0\n . Content-type: text/plain; charset=ISO-8859-1; format=flowed\n . Content-Transfer-Encoding: 8bit\n . Reply-To: l...@yahoo.com\n. From: LL\n . X-Mailer: PHP . phpversion(); mail($to, $subject, $body, $headers); } function send_error_email_to_admin($email) { $to = 'l...@yahoo.com'; $subject = '[Error Report] '.$email['subject']; $content = $email['content']; send_conf_email($to, $subject, $content); } if (!send_conf_email($to, $subject, $content)) { send_error_email_to_admin($subject, $content); } how would/should be the code by using try/catch() block? something like this: try { if (!send_plain_email($this-submitted_email, $subject, $body_plain)) { throw new Exception('Confirmation email is not sent'); } } catch (Exception $e) { send_error_email_to_admin($subject, $content . $e-getMessage()); } there is something fishy :-) -LL
Re: [PHP] try - catch is not so clear to me...
From: Lamp Lists lamp.li...@yahoo.com To: php-general@lists.php.net Sent: Monday, April 13, 2009 9:29:16 AM Subject: [PHP] try - catch is not so clear to me... hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? let's take a look in example from php.net(http://us3.php.net/try) ?php function inverse($x) { if (!$x) { throw new Exception('Division by zero.'); } else return 1/$x; } try { echo inverse(5) . \n; echo inverse(0) . \n; } catch (Exception $e) { echo 'Caught exception: ', $e-getMessage(), \n; } // Continue execution echo 'Hello World'; ? I would do the same thing, I think, less complicated: ?php function inverse($x) { if (!$x) { echo 'Division by zero'; } else return 1/$x; } echo inverse(5); echo inverse(0); // Continue execution echo 'Hello world'; ? I know this is too simple, maybe not the best example, but can somebody please explain the purpose of try/catch? Thanks. -LL another example from php.net ?php try { $connection = mysql_connect(...); if ($connection === false) { throw new Exception('Cannot connect do mysql'); } /* ... do whatever you need with database, that may mail and throw exceptions too ... */ mysql_close($connection); } catch (Exception $e) { /* ... add logging stuff there if you need ... */ echo This page cannot be displayed; } ? compare to: ?php $connection = mysql_connect(...) or die('Cannot connect do mysql'. mysql_error()); ? -LL
Re: [PHP] try - catch is not so clear to me...
From: Marc Steinert li...@bithub.net To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Monday, April 13, 2009 11:27:08 AM Subject: Re: [PHP] try - catch is not so clear to me... Basically try-catch gives you the ability to handle errors outside a class or method scope, by the calling instance. This comes in handy, if you are programming in an object orientated way and thus enables you to seperate error handling from the rest of your functionality. Means, your methods do only the things, they are meant to do, without bothering to handling occuring errors. Hope, that made things clearer. Greetings from Germany Marc Lamp Lists wrote: hi to all! actually, the statement in the Subject line is not 100% correct. I understand the purpose and how it works (at least I think I understand :-)) but to me it's so complicated way? -- http://bithub.net/ Synchronize and share your files over the web for free My Twitter feed http://twitter.com/MarcSteinert Looks like I still didn't get it correctly: try { if (!send_confirmation_email($email, $subject, $content)) { throw new Exception('Confirmation email is not sent'); } } catch (Exception $e) { send_email_with_error_to_admin($e, $content); } why am I getting both emails? I'm receiving confirmation email and email with error message - that I'm supposed to get if the first one is not sent for some reason?!?!?!? thanks for any help. -LL
[PHP] HTML pages are faster then php?
hi, as far as I know (at least I was told so) html page will download faster then the same page made with php getting the same info from mysql, right? let's pretend we are building php/mysq based website of one football team. there are pages of every player, about the team, games etc. in admin area there is form to enter player's data: first name, last name, DOB, place of birth, him number (jersey), previous teams, education,... we submit data and they are stored in database. and we just did for john doe, (id=12345), born on 1986-10-02 in Paris, TX (do you remember nastasia kinski? :-)) on front end there is list of players and you click on john doe's name and the page will show submitted data. what if we, together with storing john doe data into mysql, create html page 12345.html with all his data. and actually, when visitor clicks on his name on the list of players it will not open player.php?id=12345 then 12345.html? this page will download faster, right? downside, depending of type of the website, it could be thousands and thousands of pages, but still...? to edit john doe page, the administrator (in admin area) will pull the data from mysql, do the changes and submit new ones to mysql and overwrite 12345.html page. now, what's bad with this structure? what am I thinking wrong? thanks ll
Re: [PHP] HTML pages are faster then php?
From: Ashley Sheridan a...@ashleysheridan.co.uk To: Lamp Lists lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Wednesday, January 14, 2009 4:47:28 PM Subject: Re: [PHP] HTML pages are faster then php? On Wed, 2009-01-14 at 14:34 -0800, Lamp Lists wrote: hi, as far as I know (at least I was told so) html page will download faster then the same page made with php getting the same info from mysql, right? let's pretend we are building php/mysq based website of one football team. there are pages of every player, about the team, games etc. in admin area there is form to enter player's data: first name, last name, DOB, place of birth, him number (jersey), previous teams, education,... we submit data and they are stored in database. and we just did for john doe, (id=12345), born on 1986-10-02 in Paris, TX (do you remember nastasia kinski? :-)) on front end there is list of players and you click on john doe's name and the page will show submitted data. what if we, together with storing john doe data into mysql, create html page 12345.html with all his data. and actually, when visitor clicks on his name on the list of players it will not open player.php?id=12345 then 12345.html? this page will download faster, right? downside, depending of type of the website, it could be thousands and thousands of pages, but still...? to edit john doe page, the administrator (in admin area) will pull the data from mysql, do the changes and submit new ones to mysql and overwrite 12345.html page. now, what's bad with this structure? what am I thinking wrong? thanks ll I've seen CMS's do this kind of thing before, and really you only have an advantage if you are getting lots and lots (think many thousands) of visitors a day. The overhead isn't all that large and the user won't even notice it. The advantage to having the site done only in PHP/MySQL is that should you decide to add elements to the site in the future, with a CMS driven site it's much easier than having to edit the part of the CMS that is outputting the HTML files and then making it run through an re-create each and every page, which will be very slow each time you have to do it. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php right. I forgot about banners, advertising, and other stuff around main data. these will be static too... yup... stupid idea... :-)
Re: [PHP] Re: redoing website after 7 years
From: Al n...@ridersite.org To: php-general@lists.php.net Sent: Thursday, January 8, 2009 11:50:26 AM Subject: [PHP] Re: redoing website after 7 years Lamp Lists wrote: hi guys, I did php/mysql based website for one my client 7 years ago, in time when register_globals was on by default. hosting company upgraded server to php5/mysql5 and turned globals off. the site is doesn't work any more. I can define globals on again in .htaccess but rather not because it could be a big risk. to work again I have to spend a lot of hours to modify the code. boring job. but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? anybody had similar experience? thanks for any help. ll What's the magnitude of the problem? Are there a handful of files that need fixing or hundreds? i think there is 10-15 hrs of work. at least.
Re: [PHP] redoing website after 7 years
I think I did code well (everybody can say the code is 100% proof - until get hacked ;-)) and never, for these 7 years had problems. And I'm sure the site will be just ok if I switch register_globals back to On through .htaccess. Actually, I offered the client 3 options: 1. redo the website (after 7 years, it's really time to do that :-)); 2. fix the code but keep the site the same; 3. change .htaccess. the site will work just fine; though, I also think, if you built your code with register_globals on several years ago, you are still in a danger. Big or small, depends on your code, but still in risky group. right? anyway, the client was really understandable and we are going most likely to build new website. thanks for opinions and help. ll From: Jim Lucas li...@cmsws.com To: Robert Cummings rob...@interjinn.com Cc: Nathan Rixham nrix...@gmail.com; Richard Heyes rich...@php.net; lamp.li...@yahoo.com; php-general@lists.php.net php-general@lists.php.net Sent: Thursday, January 8, 2009 10:51:32 AM Subject: Re: [PHP] redoing website after 7 years Robert Cummings wrote: On Wed, 2009-01-07 at 16:16 -0800, Jim Lucas wrote: Nathan Rixham wrote: Richard Heyes wrote: but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? Of course you charge him. Christ if I was expected to maintain stuff gratis that I wrote 7 years ago I'd be mullahed. concurred, personally I'd be tempted to offer to find or indeed resetup on an old server if they could find one for free, but as for upgrading certainly quote/charge. If one was to go this route, then why not just use a .htaccess file and turn on register_globals and call it good? I mean really, the customer would be in no greater risk then what they had been for the last 7 years. Reason being, nothing else has changed about the script. If their is an exploit in the script now, then their was an exploit in the past. I realize that I am going against what I preach here. But really, the ISP isn't going to pay for it. The own isn't going to want to pay for it. Can't squeeze blood from a turnip... What if the turnip is the programmer? In this case, it wouldn't be. If the programmer designed an insecure web site 7 years ago then the programmer should be responsible for making the application secure. That was part of his/her job in the beginning. Nobody said it's insecure... only that register globals was used as a feature, a feature at one point touted as useful to the PHP language. As has been mentioned previously, register globals is not real culprit of insecurity in this context, the real culprit is poor programming while using register globals... unfortunately such programming was common thus requiring a strong antidote... namely the downstream removal of support for the feature. I didn't mean to imply that the programmer did build an insecure app. I said if the programmer designed and insecure web site. If the designer didn't build an insecure app, then it wont hurt a thing to turn on register_globals and just go back to the way it was before the ISP upgraded. I mean, sure when I first started designing/building web sites I thought I was doing the right thing most of the time. If two years down the road I had a moment of clarity and I realized that I had been doing something wrong or in-secure for the past two years (which I've done) then I would go back and tell the customer that I did something wrong or in-secure and I would fix it for free. Ahhh... but this presumes the programmer did something wrong. That has not yet been determined. All we know is that globals were used, not that they were necessarily used incorrectly. I didn't say that, nor did I mean to imply that. I was talking about my experiences. Thia is part of my responsibility as a designer With that said, I would image that over the past 7 years, if the site has not been exploited, then I would think that by turning register_globals back on would be of no concern. To me, all the above sounds logical. If I am missing something, please point it out. Duly pointed out ;) Cheers, Rob. So, here is how I would summarize all the above. Whether or not the programmer used the feature register_globals isn't of concern. Whether the programmer designed and insecure app is the concern. ?php $APP_SECURE = (app is secure?); // Boolean: TRUE, FALSE if ( $APP_SECURE ) { print('Turn on register_globals and call the job done.'); } else { print('Fix, at no cost, what you designed insecurely.'); } ? -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redoing website after 7 years
From: Jim Lucas li...@cmsws.com To: Robert Cummings rob...@interjinn.com Cc: Nathan Rixham nrix...@gmail.com; Richard Heyes rich...@php.net; lamp.li...@yahoo.com; php-general@lists.php.net php-general@lists.php.net Sent: Thursday, January 8, 2009 10:51:32 AM Subject: Re: [PHP] redoing website after 7 years Robert Cummings wrote: On Wed, 2009-01-07 at 16:16 -0800, Jim Lucas wrote: Nathan Rixham wrote: Richard Heyes wrote: but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? Of course you charge him. Christ if I was expected to maintain stuff gratis that I wrote 7 years ago I'd be mullahed. concurred, personally I'd be tempted to offer to find or indeed resetup on an old server if they could find one for free, but as for upgrading certainly quote/charge. If one was to go this route, then why not just use a .htaccess file and turn on register_globals and call it good? I mean really, the customer would be in no greater risk then what they had been for the last 7 years. Reason being, nothing else has changed about the script. If their is an exploit in the script now, then their was an exploit in the past. I realize that I am going against what I preach here. But really, the ISP isn't going to pay for it. The own isn't going to want to pay for it. Can't squeeze blood from a turnip... What if the turnip is the programmer? In this case, it wouldn't be. If the programmer designed an insecure web site 7 years ago then the programmer should be responsible for making the application secure. That was part of his/her job in the beginning. Nobody said it's insecure... only that register globals was used as a feature, a feature at one point touted as useful to the PHP language. As has been mentioned previously, register globals is not real culprit of insecurity in this context, the real culprit is poor programming while using register globals... unfortunately such programming was common thus requiring a strong antidote... namely the downstream removal of support for the feature. I didn't mean to imply that the programmer did build an insecure app. I said if the programmer designed and insecure web site. If the designer didn't build an insecure app, then it wont hurt a thing to turn on register_globals and just go back to the way it was before the ISP upgraded. I mean, sure when I first started designing/building web sites I thought I was doing the right thing most of the time. If two years down the road I had a moment of clarity and I realized that I had been doing something wrong or in-secure for the past two years (which I've done) then I would go back and tell the customer that I did something wrong or in-secure and I would fix it for free. Ahhh... but this presumes the programmer did something wrong. That has not yet been determined. All we know is that globals were used, not that they were necessarily used incorrectly. I didn't say that, nor did I mean to imply that. I was talking about my experiences. Thia is part of my responsibility as a designer With that said, I would image that over the past 7 years, if the site has not been exploited, then I would think that by turning register_globals back on would be of no concern. To me, all the above sounds logical. If I am missing something, please point it out. Duly pointed out ;) Cheers, Rob. So, here is how I would summarize all the above. Whether or not the programmer used the feature register_globals isn't of concern. Whether the programmer designed and insecure app is the concern. ?php $APP_SECURE = (app is secure?); // Boolean: TRUE, FALSE if ( $APP_SECURE ) { print('Turn on register_globals and call the job done.'); } else { print('Fix, at no cost, what you designed insecurely.'); } ? -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php sorry for top-posting in my previous email. errarer humanum est! :-) ll
[PHP] redoing website after 7 years
hi guys, I did php/mysql based website for one my client 7 years ago, in time when register_globals was on by default. hosting company upgraded server to php5/mysql5 and turned globals off. the site is doesn't work any more. I can define globals on again in .htaccess but rather not because it could be a big risk. to work again I have to spend a lot of hours to modify the code. boring job. but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? anybody had similar experience? thanks for any help. ll
Re: [PHP] redoing website after 7 years
From: Stuart stut...@gmail.com To: lamp.li...@yahoo.com Cc: php-general@lists.php.net Sent: Wednesday, January 7, 2009 8:29:48 AM Subject: Re: [PHP] redoing website after 7 years 2009/1/7 Lamp Lists lamp.li...@yahoo.com: hi guys, I did php/mysql based website for one my client 7 years ago, in time when register_globals was on by default. hosting company upgraded server to php5/mysql5 and turned globals off. the site is doesn't work any more. I can define globals on again in .htaccess but rather not because it could be a big risk. The first point to make is that the risk is no higher now than it has been for the previous 7 years. Register_globals is not inherently insecure, it's the way people code their scripts which makes it open to abuse. to work again I have to spend a lot of hours to modify the code. boring job. but, I'm more concern does client has to pay the changes/upgrade or it's still my obligation? anybody had similar experience? Personally I'd tell the client that the host has upgraded the server software which has broken the site. It needs work and they need to pay for it. If they object tell them you can work around the issue but it means potentially exposing the site to potentially fatal security risks. -Stuart -- thanks guys for your opinions. you gave me good points to talk to client :-) -ll
Re: [PHP] what's the difference in the following code?
- Original Message From: tedd [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED]; php-general@lists.php.net Sent: Monday, October 20, 2008 8:25:50 AM Subject: Re: [PHP] what's the difference in the following code? At 10:58 AM -0700 10/17/08, Lamp Lists wrote: I'm reading Essential PHP Security by Chris Shiflett. on the very beginning, page 5 6, if I got it correct, he said this is not good: $search = isset($_GET['search']) ? $_GET['search'] : ''; and this is good: $search = ''; if (isset($_GET['search'])) { $search = $_GET['search']; } what's the difference? I really can't see? to me is more the way you like to write your code (and I like the top one :-) )? thanks. -ll The problem here is you have to read and understand what the author is trying to say. Chris is NOT saying that there is a difference between these two forms of code. He is saying that one hides the fact that the variable ($search) is tainted while the other makes it more obvious. The whole point of the first few pages is to show you how a variable can be tainted and how you can minimize that by following some very simple rules, one of which was simplicity, which you had problems following. With just a little reading, you could have answered your own question. Cheers, tedd how it's so obvious? I can't see it either? -ll PS: I'm back -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [PHP] what's the difference in the following code?
- Original Message From: tedd [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Monday, October 20, 2008 4:15:02 PM Subject: Re: [PHP] what's the difference in the following code? At 10:12 AM -0400 10/20/08, Daniel Brown wrote: On Mon, Oct 20, 2008 at 10:02 AM, tedd [EMAIL PROTECTED] wrote: I hate it when people take things out of context and misquote others. Chris did not say that one way was better, or different, than the other. But rather he used two sets of code to illustrate a point. Welcome back, Grum-pa. Glad to see you're willing to flame people whose first language is not English. ;-P If he wanted my advice in a different language, then he should have asked his question in that language. That way I could have ignored him in mine. Besides, I'm not flaming in his language, so that should balance out. In this case, the introduction chapter of Chris' PHP Security clearly states several things one can do to simplify the task of security. One of which is to understand that the way you code can hide tainted variables. Chris illustrated his tainted point by asking the reader to compare these two structures: [1] $search = isset($_GET['search']) ? $_GET['search'] : ''; [2] $search = ''; if (isset($_GET['search'])) { $search = $_GET['search']; } He ALSO said that: -- quote The approach is identical, but one line draws in particular nows draws much attention: $search = $_GET['search']; Without altering the logic in any way, it is now more obvious whether $search is tainted and under what conditions. -- un-quote Now, instead of the OP getting the point the OP flies off on a tangent asking us what's the difference in the following code? and of course the answer is There is no difference. BUT, Chris didn't say there was, as was implied by the OP in his post. Sure I can understand language problems, but this thread was started because the OP couldn't understand a simple concept that was stated in less than ten (10) sentences. Our collective replies amounted to more lines than that -- with the obvious language problems the OP has with the written word, who knows what the OP thinks now. But the point is that Chris did not say there WAS a difference as was implied by the OP -- and that was my point. some people just CAN'T understand there are some barriers in languages that could cause misunderstanding. true, I didn't understand chris' statement correctly and now, after tedd's explanation is clear to me. and I thank to him. though, I hate it (as sombody said) when I always regret to post question and ask for help because of those arrogant php masters. if you didn't uderstand, and most likely you didn't, I asked because I had a problem and asked for help. not to be smart or flame something. I didn't understand. But you don't KNOW how to answer to people without killing them or at least slap them. and using some local shortcuts (OP ?!?) could be rather annoying? -ll Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[PHP] what's the difference in the following code?
I'm reading Essential PHP Security by Chris Shiflett. on the very beginning, page 5 6, if I got it correct, he said this is not good: $search = isset($_GET['search']) ? $_GET['search'] : ''; and this is good: $search = ''; if (isset($_GET['search'])) { $search = $_GET['search']; } what's the difference? I really can't see? to me is more the way you like to write your code (and I like the top one :-) )? thanks. -ll __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[PHP] calling functions from one or multiple files
Hi, Right now I use one file, usually called functions.php, with all functions I'm going to use most likely on every page. Then, I create each function I'm going to use once in a while as separate file. Pro: I would include a function when I'm going to use. Con: I have to write extra include line to call function. And have bunch of files (functions) in function folder. I was talking to co-workers few days ago and they said I complicate my life to much and putting ALL functions in one file is just fine and I'll not be able to see difference in real situations. True? -ll
[PHP] does function extract() trim?
do not laugh, but I discovered today function extract(); :D before I used: foreach ($array as $key = $value) { ${$key} = trim($value); } though, trimming $value is kind of important to me and I would like to know if extract trims too? thanks. -ll Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] does function extract() trim?
- Original Message From: Stut [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: php General list php-general@lists.php.net Sent: Friday, March 28, 2008 4:02:27 PM Subject: Re: [PHP] does function extract() trim? On 28 Mar 2008, at 20:59, Lamp Lists wrote: do not laugh, but I discovered today function extract(); :D before I used: foreach ($array as $key = $value) { ${$key} = trim($value); } though, trimming $value is kind of important to me and I would like to know if extract trims too? No, but you can use http://php.net/array_map to do the trim before using extract. -Stut -- http://stut.net/ function trim_array($array_element) { $array_element = trim($array_element); return $array_element; } $myArray = array_map(trim_array, $myArray); extract($myArray); hm?!? my way is shorter! :D -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] does function extract() trim?
- Original Message From: Stut [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: php General list php-general@lists.php.net Sent: Friday, March 28, 2008 4:22:25 PM Subject: Re: [PHP] does function extract() trim? On 28 Mar 2008, at 21:14, Lamp Lists wrote: - Original Message From: Stut [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: php General list php-general@lists.php.net Sent: Friday, March 28, 2008 4:02:27 PM Subject: Re: [PHP] does function extract() trim? On 28 Mar 2008, at 20:59, Lamp Lists wrote: do not laugh, but I discovered today function extract(); :D before I used: foreach ($array as $key = $value) { ${$key} = trim($value); } though, trimming $value is kind of important to me and I would like to know if extract trims too? No, but you can use http://php.net/array_map to do the trim before using extract. -Stut -- http://stut.net/ function trim_array($array_element) { $array_element = trim($array_element); return $array_element; } $myArray = array_map(trim_array, $myArray); extract($myArray); hm?!? my way is shorter! :D Only if you over-complicate it. extract(array_map('trim', $myArray)); -Stut TOUCHE! :D I like your way. Thanks Stut! -ll You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost. http://tc.deals.yahoo.com/tc/blockbuster/text5.com
Re: [PHP] loosing session in new window (IE only) [SOLVED]
this is happening when Security on IE (internet options) is on levels High or Block all cookies.. most likely there is a solution to fix this but I think (in my case) is not worth and it's much easier to tell client (their administrator) to trust the world a little bit more :D thanks for all posts. -ll - Original Message From: Stefan Langwald [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, March 26, 2008 9:20:33 AM Subject: Re: [PHP] loosing session in new window (IE only) href=person.php?id=123SESSIONID=... maybe.. ev0l but works.. 2008/3/26, Lamp Lists [EMAIL PROTECTED]: --- Richard Lynch [EMAIL PROTECTED] wrote: On Tue, March 25, 2008 4:07 pm, Lamp Lists wrote: - Original Message From: Andrew Ballard [EMAIL PROTECTED] To: PHP General list php-general@lists.php.net Sent: Tuesday, March 25, 2008 3:41:35 PM Subject: Re: [PHP] loosing session in new window (IE only) On Tue, Mar 25, 2008 at 3:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session. does anybody knows anything about this? thanks. -ll If they open a new window by clicking on IE (say, on the desktop, the QuickLaunch bar, or the Start menu), Windows actually opens a new, totally separate process of IE along side the first. The new one will share any persistent cookies with the first, since they are written to the file system, but sessions do not usually use persistent cookies. As long as your users are opening the new window by clicking a link or by pressing Ctrl+N from the first window, the session information *should* remain in tact. Andrew should - but don't :D you're right and I understand opening new window from desktop starts new process, but this is happening after visitor hits the link detail view and that is confusing :( WILD GUESS ALERT! Perhaps the MS version of open popup in new tab/window is to start a whole new process? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php exactly. now, what would be my solution to keep session info in new window? -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Mit freundlichen Grüßen Stefan Langwald Special deal for Yahoo! users friends - No Cost. Get a month of Blockbuster Total Access now http://tc.deals.yahoo.com/tc/blockbuster/text3.com
Re: [PHP] loosing session in new window (IE only)
- Original Message From: Hélio Rocha [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Sent: Wednesday, March 26, 2008 5:14:40 AM Subject: Re: [PHP] loosing session in new window (IE only) If u open the link in the same window, what's the behaviour? On Tue, Mar 25, 2008 at 7:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session.. does anybody knows anything about this? thanks. -ll Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping Works fine. No problems. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] loosing session in new window (IE only)
- Original Message From: Hélio Rocha [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Sent: Wednesday, March 26, 2008 5:14:40 AM Subject: Re: [PHP] loosing session in new window (IE only) If u open the link in the same window, what's the behaviour? On Tue, Mar 25, 2008 at 7:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session.. does anybody knows anything about this? thanks. -ll Also, forgot one thing: it's not happening to everybody. Just few people. Just few IE users. ?!?!?!? -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] loosing session in new window (IE only)
--- Richard Lynch [EMAIL PROTECTED] wrote: On Tue, March 25, 2008 4:07 pm, Lamp Lists wrote: - Original Message From: Andrew Ballard [EMAIL PROTECTED] To: PHP General list php-general@lists.php.net Sent: Tuesday, March 25, 2008 3:41:35 PM Subject: Re: [PHP] loosing session in new window (IE only) On Tue, Mar 25, 2008 at 3:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session. does anybody knows anything about this? thanks. -ll If they open a new window by clicking on IE (say, on the desktop, the QuickLaunch bar, or the Start menu), Windows actually opens a new, totally separate process of IE along side the first. The new one will share any persistent cookies with the first, since they are written to the file system, but sessions do not usually use persistent cookies. As long as your users are opening the new window by clicking a link or by pressing Ctrl+N from the first window, the session information *should* remain in tact. Andrew should - but don't :D you're right and I understand opening new window from desktop starts new process, but this is happening after visitor hits the link detail view and that is confusing :( WILD GUESS ALERT! Perhaps the MS version of open popup in new tab/window is to start a whole new process? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php exactly. now, what would be my solution to keep session info in new window? -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] losing session in new window (IE only) [WAS: loosing...]
- Original Message From: Paul Novitski [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Tuesday, March 25, 2008 3:05:43 PM Subject: Re: [PHP] losing session in new window (IE only) [WAS: loosing...] At 3/25/2008 12:49 PM, Lamp Lists wrote: i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. Try putting the attribute values in double quotes and see if that helps: a href=person.php?id=123 target=_blankview details/a How does your page validate? http://validator.w3.org/ Regards, Paul hi paul, nope. quotes are not an issue. I'm going to validate the page - I'll post results. -ll Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
[PHP] loosing session in new window (IE only)
hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session. does anybody knows anything about this? thanks. -ll Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: [PHP] loosing session in new window (IE only)
- Original Message From: Andrew Ballard [EMAIL PROTECTED] To: PHP General list php-general@lists.php.net Sent: Tuesday, March 25, 2008 3:41:35 PM Subject: Re: [PHP] loosing session in new window (IE only) On Tue, Mar 25, 2008 at 3:49 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, i have a list of people on one page. each row, on the end has link a href=person.php?id=123 target=_blankview details/a. it's requested to open detail page in new window. very few people complained they can't open detail page. all of them use IE. I wasn't able to reproduce the error, though using GoToMeeting I was able to look while customer was doing it. I put session info on screen to see what's going on and found that new window doesn't have session info from old window?!? like, new window - new session. does anybody knows anything about this? thanks. -ll If they open a new window by clicking on IE (say, on the desktop, the QuickLaunch bar, or the Start menu), Windows actually opens a new, totally separate process of IE along side the first. The new one will share any persistent cookies with the first, since they are written to the file system, but sessions do not usually use persistent cookies. As long as your users are opening the new window by clicking a link or by pressing Ctrl+N from the first window, the session information *should* remain in tact. Andrew should - but don't :D you're right and I understand opening new window from desktop starts new process, but this is happening after visitor hits the link detail view and that is confusing :( Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] Double click problem
the way I solved the click back button issue (simplified vresion): confirmation page (conf.php) - transfer page (tp.php) - thank you page (typ.php) #conf.php # after the form is submitted and confirmed header('location: tp.php?url=typ.php'); exit; #tp.php header('location:$_GET['url']); exit; and, if visitor clicks on back button on thakyou page he will go actually to the transfer page - which will send him back to thankyou page ;) -ll - Original Message From: tedd [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, March 19, 2008 11:43:06 AM Subject: Re: [PHP] Double click problem At 4:19 PM + 3/19/08, Richard Heyes wrote: tedd wrote: // ... Your first (and the quickest by far) method to employ would be to disable the submit button using Jabbascript when the form is submitted. That will stop the vast majority of occurrences. You could also employ an intermediary page which actually does the card processing and when complete redirects to the thank you page. ie. Form -- Please wait... page -- Thank you page That's in place. The person clicks the confirm purchase and they are taken to a confirm and thank you page. The problem here is two fold -- 1) clicking the confirm purchasebutton twice, which I think js will stop; 2) and clicking the back-button which the token should stop. Now, I just need to develop a test for this. Sometime writing a test is more of a problem than writing the solution. Thanks for everyone's help. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: [PHP] php book
opinions of good book is almost the same as opinion of good car. I can suggest you to go to barnes and noble or borders or any other bookstore, buy cup of coffee or tea, grab all php books from shelf and read some chapters. you are no going to learn anything, rather to compare styles. some authors use a lot of code, some to much code, some explain to details some throw just links where to find more info, some explain functions with examples, some just in general... you know what I mean. spend 2-3 hours going through the books and then pick one you like (the style) the most. my 2 cents. -ll - Original Message From: alexus [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, March 19, 2008 9:50:23 AM Subject: [PHP] php book what book would you guys suggest for someone who's new and wants to learn php? -- http://alexus.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] Double click problem
- Original Message From: Eric Butera [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: tedd [EMAIL PROTECTED]; php-general@lists.php.net Sent: Thursday, March 20, 2008 11:00:19 AM Subject: Re: [PHP] Double click problem On Thu, Mar 20, 2008 at 10:39 AM, Lamp Lists [EMAIL PROTECTED] wrote: the way I solved the click back button issue (simplified vresion): confirmation page (conf.php) - transfer page (tp.php) - thank you page (typ.php) #conf.php # after the form is submitted and confirmed header('location: tp.php?url=typ.php'); exit; #tp.php header('location:$_GET['url']); exit; and, if visitor clicks on back button on thakyou page he will go actually to the transfer page - which will send him back to thankyou page ;) -ll - Original Message From: tedd [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Wednesday, March 19, 2008 11:43:06 AM Subject: Re: [PHP] Double click problem At 4:19 PM + 3/19/08, Richard Heyes wrote: tedd wrote: // ... Your first (and the quickest by far) method to employ would be to disable the submit button using Jabbascript when the form is submitted. That will stop the vast majority of occurrences. You could also employ an intermediary page which actually does the card processing and when complete redirects to the thank you page. ie. Form -- Please wait... page -- Thank you page That's in place. The person clicks the confirm purchase and they are taken to a confirm and thank you page. The problem here is two fold -- 1) clicking the confirm purchasebutton twice, which I think js will stop; 2) and clicking the back-button which the token should stop. Now, I just need to develop a test for this. Sometime writing a test is more of a problem than writing the solution. Thanks for everyone's help. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping Allowing unscrubbed user data in a header is a really bad idea. - http://en.wikipedia.org/wiki/HTTP_response_splitting - http://www.owasp.org/index.php/Open_redirect I agree with you to use exactly this way is bad idea. But, as I said on the begining of my post it's simplified version, to get my point. My code on tp.php actually use sveral validations before forward to thank you page :D -ll Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
[PHP] why use {} around vraiable?
hi, I saw several times that some people use this $parameters = array( 'param1' = {$_POST[param1]}, 'param2' = {$_POST[param2]} ); or $query = mysql_query(SELECT * FROM table1 WHERE id='{$session_id}'); I would use: $parameters = array( 'param1' = $_POST[param1], 'param2' = $_POST[param2] ); and $query = mysql_query(SELECT * FROM table1 WHERE id=' .$session_id. ' ); does it really matter? is there really difference or these are just two styles? thanks. -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] why use {} around vraiable?
- Original Message From: Nathan Nobbe [EMAIL PROTECTED] To: Lamp Lists [EMAIL PROTECTED] Cc: php-general@lists.php.net Sent: Thursday, March 20, 2008 11:35:42 AM Subject: Re: [PHP] why use {} around vraiable? On Thu, Mar 20, 2008 at 12:22 PM, Lamp Lists [EMAIL PROTECTED] wrote: hi, I saw several times that some people use this $parameters = array( 'param1' = {$_POST[param1]}, 'param2' = {$_POST[param2]} ); or $query = mysql_query(SELECT * FROM table1 WHERE id='{$session_id}'); I would use: $parameters = array( 'param1' = $_POST[param1], 'param2' = $_POST[param2] ); and $query = mysql_query(SELECT * FROM table1 WHERE id=' .$session_id. ' ); does it really matter? is there really difference or these are just two styles? the short answer is yes. i think you can find a sufficient explanation here, http://us.php.net/manual/en/language.types.string.php#language.types.string.parsing.simple and here http://us.php.net/manual/en/language.types.string.php#language.types.string.parsing.complex -nathan ok. I got it. actually, my question was about: these two examples $fruits = array('strawberry' = 'red', 'banana' = 'yellow'); echo A banana is {$fruits['banana']}.; echo A banana is . $fruits['banana'] . .; are the same. Though, learned few more other things too :D Thanks guys. -ll Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
[PHP] difference in time
hi to all! on one eZine site, I have to show when the article is posted but as difference from NOW. like posted 32 minutes ago, or posted 5 days ago. is there already sucha php/mysql function? thanks. -ll - Never miss a thing. Make Yahoo your homepage.
Re: [PHP] programming and design fees
--- Per Jessen [EMAIL PROTECTED] wrote: Lamp Lists wrote: now, I didn't have such a big project on side ever. and I by default ALWAY suck in calculations how much time I need for a project and what to charge. I think I need about 120 hrs (3 weeks) to build this baby (without design part). I need your opinion. is it enough time (yes, I know it depends of how fast I program :D Let's say, average fast :)) and what are fees these days for such a project? I lost track. $75/hr is lowest price today or I can't ask more than $50/hr? You can ask whatever you want as long as your customer thinks it's reasonable. (not a joke). That's actually part I'm interested the most :D What is reasonable? Is reasonable for sucha project with complex product catalog and ordering system ask $10K? Given that you're an individual bidding on a single project, you might want to consider fixed price instead of time and materials. I'm not bidding. I did small, simple html web site for them 3 years ago, with 5 pages. Now they want something better, with catalog and admin area. returnig customer :D As for estimates wrt time and effort - if those were available on a mailing-list based on about 30 lines of project description, this list would be full of project managers, all with desperate needs to estimate how long something takes. :-) /Per Jessen, Zürich Thanks Per :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] programming and design fees
--- tedd [EMAIL PROTECTED] wrote: At 7:06 AM -0800 3/8/08, Lamp Lists wrote: That's actually part I'm interested the most :D What is reasonable? Is reasonable for sucha project with complex product catalog and ordering system ask $10K? I think that's reasonable, because I've done similar as you described. I had one client who wanted a site like art.com (don't look now, because it's screwed) and I submitted a bid of $25k. The client asked Isn't that a bit high? and I relied They paid $400k for their name -- you think they went cheap for the back-end? I didn't get the job. I tell clients I charge $50 per hour. Most clients don't mind and hire me. I had one client say I never pay more than $25 per hour -- you will accept that? My answer was Sure, but it will take me twice as long to do anything. The point being that hourly wage doesn't really mean anything. Don't judge the value of your work on the time it takes you, but rather on how well your work works. On most projects, while I make deadlines, I put in many more hours than I bill out. But then again, I love the work. Cheers, tedd I needed to hear this :D :D :D I do not plan to tell the store owner how much hrs I need and what's my rate. as you said, 100hrs x $50/hr or 200hrs x $25/hr - it really doesn't matter. I needed fo myself, to calculate the worth of the job. thanks ted. ;) -afan -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] programming and design fees
hi, maybe my question is not exactly for php list, but since php IS involved and since you are such a great people, I hope the question will not disturb you :D I have a project for one electric wholesale store to build a web site. it has to be dynamic, php, database driven web site. it will have standard pages (news, links, about us, history, contact us, contact form, faq, business partners,...) and product catalog. my client wants to have ability to have different prices for the same product for different customers. means, when you come to the site you are going to see public prices. after customer logs in he's going to see some products with different price. customers (only registered ones) will be able to select products and create an order. of course, after he submits, he's going to get confirmation email, and one email will be sent to store etc. payment is not involved, the store will charge them later, probably monthly or something like that (not part of my project). even there is not payments or any other sensitive data will be transfered over the internet, I suggested and the store owner accepted to use login to membership area and ordering process SSL. project has administration area too to change content of the site, add/edit/delete (single) products, add/edit/delete customers. I have to build also script to update products using excel sheet - the easiest way to make update of products for store owner. I think I covered almost everything. there will be some more stuff, but noghtin critical (new customer registration page, manage my profile, order history,...) now, I didn't have such a big project on side ever. and I by default ALWAY suck in calculations how much time I need for a project and what to charge. I think I need about 120 hrs (3 weeks) to build this baby (without design part). I need your opinion. is it enough time (yes, I know it depends of how fast I program :D Let's say, average fast :)) and what are fees these days for such a project? I lost track. $75/hr is lowest price today or I can't ask more than $50/hr? thanks for any advice/help. -lamp - Never miss a thing. Make Yahoo your homepage.
[PHP] ternary operator in heredoc string
Hi I am trying to use the ternary operator inside heredoc string to select the bgcolor based on the flag value, but it does not seem to work. $summary=STR table width=100% tr td bgcolor={$reqstat ? green : red;}$reqno/td /tr /table STR; I looked up php documentation but could not find any details. What would be an optimal way to write the code for the above situation ? thanks Dev. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unable to load perl extension
On 12/31/05, Richard Lynch [EMAIL PROTECTED] wrote: On Thu, December 29, 2005 9:17 am, dev lamp wrote: Scenario 2: the perl extension does not get loaded and the PHP script crashes. Define crashes... Does it literally crash the PHP/Apache process, or does it just print out Not loaded? It just prints Not loaded. Either way, crank up your error settings to E_ALL and check your Apache error log to find out *WHY* it's not getting loaded. Could you live with: ?php exec(/usr/local/bin/perl script.pl, $output, $error); $output = implode(br /\n, $output); if ($error) die(OS Error: $errorbr /\n$output); echo $output; //probably do something more interesting here ? Well, I would like to avoid this, since the PERL objects have to be used and want to invoke methods. thanks for your time. thanks Dev. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] how to call perl code from PHP
Hi I am unable to call perl code from PHP, since the extension does not get loaded ! Scenario 1: use dl('perl.so'); in the php code and invoke the script from the command line The script works fine and the perl code gets executed as well. Scenario 2: the perl extension does not get loaded and the PHP script crashes. I have read the article http://www.zend.com/php5/articles/php5-perl.php If anybody has faced this issue, please share how you solved the problem ? Thanks in advance. Here are the environment Details: RHEL 4.0 PHP 5.0.5 (self compiled) PECL/PERL package checked out from CVS PHP 5.0.5 compilation details --- ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/bin/mysql_config --with-mysqli=/usr/bin/mysql_config --with-openssl-dir=/usr/local/ssl --with-libxml-dir=/usr/lib --enable-soap --enable-sockets --enable-sqlite-utf8 --enable-wddx --with-gnu-ld --with-gd --with-jpeg-dir=/usr/local/lib --with-png-dir=/usr/local/lib --with-zlib-dir=/usr/local/lib --with-gd=/usr/local --enable-gd-native-ttf --enable-maintainer-zts --with-pear make make install pecl/perl package compilation details - export PHP_PREFIX=/usr/local export PERL_PREFIX=/usr echo $PHP_PREFIX echo $PERL_PREFIX $PHP_PREFIX/bin/phpize ./configure --with-perl=$PERL_PREFIX --with-php-config=$PHP_PREFIX/bin/php-config make make install entries in php.ini file -- extension_dir = /usr/local/lib/php/extensions/no-debug-zts-20041030/ extension=perl.so sample test code is as follows - ?php if (!extension_loaded('perl')) { print perl extension not loaded; exit; } ? -- Dev. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] unable to load perl extension
Hi I am unable to call perl code from PHP, since the extension does not get loaded ! Scenario 1: use dl('perl.so'); in the php code and invoke the script from the command line The script works fine and the perl code gets executed as well. Scenario 2: the perl extension does not get loaded and the PHP script crashes. I have read the article http://www.zend.com/php5/articles/php5-perl.php If anybody has faced this issue, please share how you solved the problem ? Thanks in advance. Here are the environment Details: RHEL 4.0 PHP 5.0.5 (self compiled) PECL/PERL package checked out from CVS PHP 5.0.5 compilation details --- ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/bin/mysql_config --with-mysqli=/usr/bin/mysql_config --with-openssl-dir=/usr/local/ssl --with-libxml-dir=/usr/lib --enable-soap --enable-sockets --enable-sqlite-utf8 --enable-wddx --with-gnu-ld --with-gd --with-jpeg-dir=/usr/local/lib --with-png-dir=/usr/local/lib --with-zlib-dir=/usr/local/lib --with-gd=/usr/local --enable-gd-native-ttf --enable-maintainer-zts --with-pear make make install pecl/perl package compilation details - export PHP_PREFIX=/usr/local export PERL_PREFIX=/usr echo $PHP_PREFIX echo $PERL_PREFIX $PHP_PREFIX/bin/phpize ./configure --with-perl=$PERL_PREFIX --with-php-config=$PHP_PREFIX/bin/php-config make make install entries in php.ini file -- extension_dir = /usr/local/lib/php/extensions/no-debug-zts-20041030/ extension=perl.so sample test code is as follows - ?php if (!extension_loaded('perl')) { print perl extension not loaded; exit; } ? -- Dev. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] unable to load perl extension
On 12/29/05, Jochem Maas [EMAIL PROTECTED] wrote: dev lamp wrote: Hi I am unable to call perl code from PHP, since the extension does not get loaded ! Scenario 1: use dl('perl.so'); in the php code and invoke the script from the command line The script works fine and the perl code gets executed as well. so the extension is not being loaded automatically right? but if you dl() it everything is fine, right? then double check the 'right' ini file is being used! There is only one php.ini I have checked the extensions path information using phpinfo(). Is there something else that I need to checkout ? is the apache module using the php.ini that you think it is ?? - that kind of thing has caught me out more than once! How do I check that ? I downloaded apache sources and compiled it. Why do I need to specify the path of the php.ini file to the apache web server ? Dev. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php