Re: [PHP] Question about session_id() and session_start()
On 20/05/2013, Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 20-5-2013 22:14, Tim Schofield wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn Tim, first of all, please bottom-post on this list. Tell that to the designers of the android gmail app :-) Secondly, a simple google search for php c session_start resulted in this: https://github.com/php/php-src/blob/master/ext/session/session.c#L1303 That wasn't the advice given. The advice given was to read the source code. My point was that is not very helpful advice. With a few notable exceptions the help given on this list has become less and less friendly over the years I have been reading it. This can't be good for the PHP community. - Tul Tim -- Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about session_id() and session_start()
thank you. I read the source code and it helps a lot, now I know the behavior of the code is consistent with the NOTE. I think the reason is that If the 'new' session_id we want to set already exists on the server, but does not exist on the client's cookie, the server must send a set-cookie header to the client. On Tue, May 21, 2013 at 3:50 PM, Tim Schofield t...@weberpafrica.com wrote: On 20/05/2013, Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 20-5-2013 22:14, Tim Schofield wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn Tim, first of all, please bottom-post on this list. Tell that to the designers of the android gmail app :-) Secondly, a simple google search for php c session_start resulted in this: https://github.com/php/php-src/blob/master/ext/session/session.c#L1303 That wasn't the advice given. The advice given was to read the source code. My point was that is not very helpful advice. With a few notable exceptions the help given on this list has become less and less friendly over the years I have been reading it. This can't be good for the PHP community. - Tul Tim -- Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about session_id() and session_start()
On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn
Re: [PHP] Question about session_id() and session_start()
Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn
Re: [PHP] Question about session_id() and session_start()
On Mon, May 20, 2013 at 4:14 PM, Tim Schofield t...@weberpafrica.com wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking
Re: [PHP] Question about session_id() and session_start()
On 20-5-2013 22:14, Tim Schofield wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn Tim, first of all, please bottom-post on this list. Secondly, a simple google search for php c session_start resulted in this: https://github.com/php/php-src/blob/master/ext/session/session.c#L1303 - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about session_id() and session_start()
On Mon, May 20, 2013 at 10:46 PM, David OBrien dgobr...@gmail.com wrote: On Mon, May 20, 2013 at 4:14 PM, Tim Schofield t...@weberpafrica.com wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking How would it help preventing session hijacking if it was sending the a new cookie with the same session id? - Matijn
Re: [PHP] Question about session_id() and session_start()
On May 20, 2013 8:45 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 10:46 PM, David OBrien dgobr...@gmail.com wrote: On Mon, May 20, 2013 at 4:14 PM, Tim Schofield t...@weberpafrica.com wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking How would it help preventing session hijacking if it was sending the a new cookie with the same session id? - Matijn I was thinking if I was sitting in a cafe and someone was sniffing and tried to use my session info they would get a new session id where I would still have my original one so they wouldn't be able to hijack mine trying to reuse the same id I have since php would generate a new one No?
Re: [PHP] Question about session_id() and session_start()
Op 21 mei 2013 03:59 schreef David OBrien dgobr...@gmail.com het volgende: On May 20, 2013 8:45 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 10:46 PM, David OBrien dgobr...@gmail.com wrote: On Mon, May 20, 2013 at 4:14 PM, Tim Schofield t...@weberpafrica.com wrote: Matijn There are well over half a million lines of source code in PHP. It seems a little unhelpful to tell someone to go and read half a million lines of C when you could just tell them the answer? Thanks Tim Course View Towers, Plot 21 Yusuf Lule Road, Kampala T +256 (0) 312 314 418 M +256 (0) 752 963 325 www.weberpafrica.com Twitter: @TimSchofield2 Blog: http://weberpafrica.blogspot.co.uk On May 20, 2013 6:24 PM, Matijn Woudt tijn...@gmail.com wrote: On Mon, May 20, 2013 at 5:33 AM, 孟远涛 yuantao.m...@gmail.com wrote: I find the Note in PHP document. http://www.php.net/manual/en/function.session-id.php Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set. I feel puzzled about this feature. Even if the current session id is identical to the one one being set, session_start will send a new cookie. I want to know why session_start behave in this way. Forgive my poor English. Thanks in advance. You will find the answer in the PHP source code. If you don't want this to happen, check if the current session id matches with the value you want to set it to, and don't set if they match. - Matijn I guess it would be to help prevent session hijacks like explained here http://stackoverflow.com/questions/12233406/preventing-session-hijacking How would it help preventing session hijacking if it was sending the a new cookie with the same session id? - Matijn I was thinking if I was sitting in a cafe and someone was sniffing and tried to use my session info they would get a new session id where I would still have my original one so they wouldn't be able to hijack mine trying to reuse the same id I have since php would generate a new one No? If you read the original question correctly, it's about a *new cookie* with the *same session id*. Second, if somebody is sniffing you he would also be able to grab the new session id, and yours (old and new one) will be useless if he uses the new session id before you do. Avoiding session hijacking is not that easy, it's much easier to just use an SSL connection. At least that protects you from someone sniffing on a public wifi, but it does not help against sniffing viruses, malicious browser extensions or cross site scripting attacks. Since it's off topic, I'll end here. If you want to learn more, Google is your best friend! - Matijn
Re: [PHP] Question
Am 03.11.12 01:30, schrieb Silvio Siefke: Hello, i have compile PHP 5.4.8 on my Debian System. I have before Version 5.4.7. I delete before all old Files from PHP and then run the commands: ./configure --sysconfdir=/usr/local/etc --with-pear --enable-bcmath --with-bz2=/usr --disable-calendar --enable-ctype --without-curl --without-curlwrappers --enable-dom --without-enchant --enable-exif --enable-fileinfo --enable-filter --disable-ftp --with-gettext=/usr --without-gmp --enable-hash --with-mhash=/usr --with-iconv --disable-intl --disable-ipv6 --enable-json --without-kerberos --enable-libxml --with-libxml-dir=/usr --enable-mbstring --with-mcrypt=/usr --without-mssql --with-onig=/usr --with-openssl=/usr --with-openssl-dir=/usr --disable-pcntl --enable-phar --enable-pdo --without-pgsql --enable-posix --with-pspell=/usr --without-recode --enable-simplexml --disable-shmop --without-snmp --enable-soap --enable-sockets --with-sqlite3=/usr --without-sybase-ct --disable-sysvmsg --disable-sysvsem --disable-sysvshm --without-tidy --enable-tokenizer --disable-wddx --enable-xml --disable-xmlreader --disable-xmlwriter --without-xmlrpc --without-xsl --enable-zip --with-zlib=/usr --disable-debug --without-cdb --disable-flatfile --disable-inifile --without-qdbm --with-freetype-dir=/usr --with-t1lib=/usr --disable-gd-jis-conv --with-jpeg-dir=/usr --with-png-dir=/usr --without-xpm-dir --with-gd --with-imap=/usr --with-imap-ssl=/usr --with-mysql=/usr --with-mysqli=/usr/bin/mysql_config --without-pdo-dblib --with-pdo-mysql=/usr --without-pdo-pgsql --with-pdo-sqlite=/usr --without-pdo-odbc --with-readline=/usr --without-libedit --without-mm --with-pcre-regex=/usr --with-pcre-dir=/usr --disable-embed --disable-cli --disable-cgi --enable-fpm --without-apxs2 --with-kerberos make -j3 ; make install But when i look in the directorys i miss pear and the php-cgi. root:/usr/local/src/php-5.4.8# ls /usr/local/bin php-config phpize root:/usr/local/src/php-5.4.8# ls /usr/local/sbin php-fpm Must under bin not be php-cgi and pear, or is my thinking wrong? maybe because of --disable-cgi Thank you for help and Greetings Silvio -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz signature.asc Description: OpenPGP digital signature
Re: [PHP] Question about date calculations
On Fri, Dec 30, 2011 at 5:33 PM, Eric Lommatsch er...@pivotaldata.net wrote: When I try this method: $interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); I get the following error when I run the page: Fatal error : Call to undefined method DateTime::diff() in /var/www/evalHomeLime.php on line 254 Just for the record: As noted on the manpage [1], your PHP version needs to be = 5.3.0. Cheers, Matijn [1] http://www.php.net/manual/en/datetime.diff.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re: [PHP] Question about date calculations
Hello Frank, As far as I know I am not doing anything in terms of trying to write or use my own function. What I am trying to do is use what PHP provides. Thank you Eric H. Lommatsch Programmer Pivotal Data Incorporated 2087 South Grant Street Denver, CO 80210 Tel 303-777-8939 Ext 23 Fax 888-282-9927 www.pivotaldata.com er...@pivotaldata.com -Original message- From: Frank Arensmeier farensme...@gmail.com Sent: Thu 29-12-2011 15:25 To: Eric Lommatsch er...@pivotaldata.net; CC: php-general@lists.php.net; Subject: Re: [PHP] Question about date calculations 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank
RE: [PHP] Question about date calculations
When I try this method: $interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); I get the following error when I run the page: Fatal error : Call to undefined method DateTime::diff() in /var/www/evalHomeLime.php on line 254 Thank you Eric H. Lommatsch Programmer Pivotal Data Incorporated 2087 South Grant Street Denver, CO 80210 Tel 303-777-8939 Ext 23 Fax 888-282-9927 www.pivotaldata.com er...@pivotaldata.com -Original message- From: ad...@buskirkgraphics.com Sent: Thu 29-12-2011 16:07 To: 'Fatih P.' fatihpirist...@gmail.com; 'Frank Arensmeier' farensme...@gmail.com; CC: 'Eric Lommatsch' er...@pivotaldata.net; php-general@lists.php.net; Subject: RE: [PHP] Question about date calculations -Original Message- From: Fatih P. [mailto:fatihpirist...@gmail.com] Sent: Thursday, December 29, 2011 5:10 PM To: Frank Arensmeier Cc: Eric Lommatsch; php-general@lists.php.net Subject: Re: [PHP] Question about date calculations On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier farensme...@gmail.comwrote: 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php since you have everything in database tables why not to do this calculation on database side which would be much appropriate place ? /* columns date_start = '2011-02-08'; date_end = ' 2011-03-04'; */ select DATEDIFF(date_end, date_start); http://dev.mysql.com/doc/refman/5.5/en/date-and-time- functions.html#function_datediff I looked at this answer and see the date is from an array of a database and not 2 fields with in the table. While the DATEDIFF() is very useful in queries this will not help you unless both fields are in the table. Try this example $dteStartDate[$intCnt] = new DateTime($row[10]); $dteEndDate[$intCnt] =new DateTime($row[11]); $interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); echo $interval-format('%R%a days');
RE: Re: [PHP] Question about date calculations
Actually for what I need this is exactly what i was looking for. I am converting an asp page that was calculating this difference using VBA functions and I was trying to duplicate things as they were in that page. Thank you Eric H. Lommatsch Programmer Pivotal Data Incorporated 2087 South Grant Street Denver, CO 80210 Tel 303-777-8939 Ext 23 Fax 888-282-9927 www.pivotaldata.com er...@pivotaldata.com -Original message- From: Fatih P. fatihpirist...@gmail.com Sent: Thu 29-12-2011 16:16 To: ad...@buskirkgraphics.com; CC: 'Frank Arensmeier' farensme...@gmail.com; 'Eric Lommatsch' er...@pivotaldata.net; php-general@lists.php.net; Subject: Re: [PHP] Question about date calculations On 12/30/2011 12:19 AM, ad...@buskirkgraphics.com wrote: -Original Message- From: Fatih P. [ mailto:fatihpirist...@gmail.com ] Sent: Thursday, December 29, 2011 5:10 PM To: Frank Arensmeier Cc: Eric Lommatsch; php-general@lists.php.net Subject: Re: [PHP] Question about date calculations On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier farensme...@gmail.com wrote: 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List ( http://www.php.net/ ) To unsubscribe, visit: http://www.php.net/unsub.php since you have everything in database tables why not to do this calculation on database side which would be much appropriate place ? /* columns date_start = '2011-02-08'; date_end = ' 2011-03-04'; */ select DATEDIFF(date_end, date_start); http://dev.mysql.com/doc/refman/5.5/en/date-and-time - functions.html#function_datediff I looked at this answer and see the date is from an array of a database and not 2 fields with in the table. While the DATEDIFF() is very useful in queries this will not help you unless both fields are in the table. Try this example $dteStartDate[$intCnt] = new DateTime($row[10]); $dteEndDate[$intCnt] =new DateTime($row[11]); $interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); echo $interval-format('%R%a days'); well then look deeper in the question: I have a page I am trying to create where I am comparing the values of two MySQL date fields with the current date. One of the MySQL Date fields is a class start date, the other is the class end date. all needs to do is modify his query.
Re: [PHP] Question about date calculations
On 12/29/2011 01:22 PM, Eric Lommatsch wrote: Hello List, I am using PHP version 5.2.6. I am using PHP V5.3.3 In my setup, the following lines give me errors stating that PHP cannot convert the DateTime object to a string. I was able to get around the error by changing your code to the following. $intDayCnt=$dteEndDate[$i]-$dteStartDate[$i]; $intDayCnt = ( $dteEndDate[$i]-format('m') - $dteStartDate[$i]-format('m') ); Be sure to change the following line as well. $dteCheckDate = date('U'); if (($dteCheckDate=($dteEndDate[$i]-7) $dteCheckDate=($dteEndDate[$i]+1)) $intDayCnt16) if ( $dteCheckDate = ( $dteEndDate[$i]-format('U') - (7*86400) ) $dteCheckDate = ( $dteEndDate[$i]-format('U') + (86400) ) $intDayCnt 16 ) { Eric Lommatsch. -- Jim Lucas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re: [PHP] Question about date calculations
-Original Message- From: Eric Lommatsch [mailto:er...@pivotaldata.com] On Behalf Of Eric Lommatsch Sent: Friday, December 30, 2011 12:31 PM To: Fatih P.; ad...@buskirkgraphics.com Cc: 'Frank Arensmeier'; 'Eric Lommatsch'; php-general@lists.php.net Subject: RE: Re: [PHP] Question about date calculations Actually for what I need this is exactly what i was looking for. I am converting an asp page that was calculating this difference using VBA functions and I was trying to duplicate things as they were in that page. Thank you Eric H. Lommatsch Programmer Pivotal Data Incorporated 2087 South Grant Street Denver, CO 80210 Tel 303-777-8939 Ext 23 Fax 888-282-9927 www.pivotaldata.com er...@pivotaldata.com -Original message- From: Fatih P. fatihpirist...@gmail.com Sent: Thu 29-12-2011 16:16 To: ad...@buskirkgraphics.com; CC: 'Frank Arensmeier' farensme...@gmail.com; 'Eric Lommatsch' er...@pivotaldata.net; php-general@lists.php.net; Subject: Re: [PHP] Question about date calculations On 12/30/2011 12:19 AM, ad...@buskirkgraphics.com wrote: -Original Message- From: Fatih P. [ mailto:fatihpirist...@gmail.com ] Sent: Thursday, December 29, 2011 5:10 PM To: Frank Arensmeier Cc: Eric Lommatsch; php- gene...@lists.php.net Subject: Re: [PHP] Question about date calculations On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier farensme...@gmail.com wrote: 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List ( http://www.php.net/ ) To unsubscribe, visit: http://www.php.net/unsub.php since you have everything in database tables why not to do this calculation on database side which would be much appropriate place ? /* columns date_start = '2011-02-08'; date_end = ' 2011-03-04'; */ select DATEDIFF(date_end, date_start); http://dev.mysql.com/doc/refman/5.5/en/date-and-time - functions.html#function_datediff I looked at this answer and see the date is from an array of a database and not 2 fields with in the table. While the DATEDIFF() is very useful in queries this will not help you unless both fields are in the table. Try this example $dteStartDate[$intCnt] = new DateTime($row[10]); $dteEndDate[$intCnt] =new DateTime($row[11]); $interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); echo $interval- format('%R%a days'); well then look deeper in the question: I have a page I am trying to create where I am comparing the values of two MySQL date fields with the current date. One of the MySQL Date fields is a class start date, the other is the class end date. all needs to do is modify his query. Thank you Eric, Date conversion is a popular issue when converting the language from one to the next. I prefer to manage any date filtering outside of MySQL because sometimes the fields are not clean or formatted correctly, and the DATEDIFF() of MySQL just fails. This failure can be devastating when dealing with a MySQL replication setup. I gauge the MySQL process against the PHP process and determine which is faster and which do I have more effective controls in. I have found I have better flexibility and control of date filtering in PHP. But squirrels will be squirrels... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about date calculations
29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about date calculations
On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier farensme...@gmail.comwrote: 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php since you have everything in database tables why not to do this calculation on database side which would be much appropriate place ? /* columns date_start = '2011-02-08'; date_end = ' 2011-03-04'; */ select DATEDIFF(date_end, date_start); http://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_datediff
RE: [PHP] Question about date calculations
-Original Message- From: Fatih P. [mailto:fatihpirist...@gmail.com] Sent: Thursday, December 29, 2011 5:10 PM To: Frank Arensmeier Cc: Eric Lommatsch; php-general@lists.php.net Subject: Re: [PHP] Question about date calculations On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier farensme...@gmail.comwrote: 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php since you have everything in database tables why not to do this calculation on database side which would be much appropriate place ? /* columns date_start = '2011-02-08'; date_end = ' 2011-03-04'; */ select DATEDIFF(date_end, date_start); http://dev.mysql.com/doc/refman/5.5/en/date-and-time- functions.html#function_datediff I looked at this answer and see the date is from an array of a database and not 2 fields with in the table. While the DATEDIFF() is very useful in queries this will not help you unless both fields are in the table. Try this example $dteStartDate[$intCnt] = new DateTime($row[10]); $dteEndDate[$intCnt] =new DateTime($row[11]); $interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); echo $interval-format('%R%a days'); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about date calculations
On 12/30/2011 12:19 AM, ad...@buskirkgraphics.com wrote: -Original Message- From: Fatih P. [mailto:fatihpirist...@gmail.com] Sent: Thursday, December 29, 2011 5:10 PM To: Frank Arensmeier Cc: Eric Lommatsch; php-general@lists.php.net Subject: Re: [PHP] Question about date calculations On Thu, Dec 29, 2011 at 11:40 PM, Frank Arensmeier farensme...@gmail.comwrote: 29 dec 2011 kl. 22.22 skrev Eric Lommatsch: So far in looking at the functions that are available at http://www.php.net/manual/en/ref.datetime.php I have not been able to figure out how to do what I need to do. Below is a snippet showing approximately what I am trying to do. On the same page you are referring, there are plenty of examples on how to calculate the difference between two dates. Choose one and see if it fits your bill. Or is there any particular reason why you're writing your own function? http://www.php.net/manual/en/ref.datetime.php#78981 /frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php since you have everything in database tables why not to do this calculation on database side which would be much appropriate place ? /* columns date_start = '2011-02-08'; date_end = ' 2011-03-04'; */ select DATEDIFF(date_end, date_start); http://dev.mysql.com/doc/refman/5.5/en/date-and-time- functions.html#function_datediff I looked at this answer and see the date is from an array of a database and not 2 fields with in the table. While the DATEDIFF() is very useful in queries this will not help you unless both fields are in the table. Try this example $dteStartDate[$intCnt] = new DateTime($row[10]); $dteEndDate[$intCnt] =new DateTime($row[11]); $interval = $dteStartDate[$intCnt]-diff($dteEndDate[$intCnt]); echo $interval-format('%R%a days'); well then look deeper in the question: I have a page I am trying to create where I am comparing the values of two MySQL date fields with the current date. One of the *MySQL Date fields *is a class start date,*the other* is the class end date. all needs to do is modify his query.
Re: [PHP] Question about date calculations
Fatih P. wrote: well then look deeper in the question: I have a page I am trying to create where I am comparing the values of two MySQL date fields with the current date. One of the *MySQL Date fields *is a class start date,*the other* is the class end date. all needs to do is modify his query. And by moving the lookup into the query then Eric only needs to return the rows of the table that are in range ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about socket_select
On Wed, Dec 14, 2011 at 1:25 AM, Matijn Woudt tijn...@gmail.com wrote: On Wed, Dec 14, 2011 at 12:11 AM, Mihai Anghel mihaigrim1...@gmail.com wrote: Hello, It appears to me that something is strange with the socket_select function. From what I understand the value of the fourth parameter, tv_sec, should block the execution of the script for that number of seconds. I tried this code : ?php error_reporting(E_ERROR); $serverSocket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); $result = socket_bind($serverSocket, 127.0.0.1, 20668); $start = time(); while(true) { $reads = array($serverSocket); $writes = null; $except = null; $changes = socket_select($reads, $writes, $except, 5); $now = time(); echo $now - $start; echo \n; } and when I run it with php -q server3.php the ouput shows something like 0 0 0 0 0 1 1 1 1 1 2 2 2 2 etc so the script doesn't pause on socket_select until it returns. Cam somebody explain me what's happening ? It seems to me that your socket_select function is failing, maybe because earlier code is failing. Check the return of socket_select like this: if ($changes === false) { echo socket_select() failed, reason: . socket_strerror(socket_last_error()) . \n; } Cheers, Matijn Thanks for your suggestion, I reviewed the code and I saw that I was missing : socket_listen($serverSocket) . After adding this it worked like expected -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about socket_select
On Wed, Dec 14, 2011 at 12:11 AM, Mihai Anghel mihaigrim1...@gmail.com wrote: Hello, It appears to me that something is strange with the socket_select function. From what I understand the value of the fourth parameter, tv_sec, should block the execution of the script for that number of seconds. I tried this code : ?php error_reporting(E_ERROR); $serverSocket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); $result = socket_bind($serverSocket, 127.0.0.1, 20668); $start = time(); while(true) { $reads = array($serverSocket); $writes = null; $except = null; $changes = socket_select($reads, $writes, $except, 5); $now = time(); echo $now - $start; echo \n; } and when I run it with php -q server3.php the ouput shows something like 0 0 0 0 0 1 1 1 1 1 2 2 2 2 etc so the script doesn't pause on socket_select until it returns. Cam somebody explain me what's happening ? It seems to me that your socket_select function is failing, maybe because earlier code is failing. Check the return of socket_select like this: if ($changes === false) { echo socket_select() failed, reason: . socket_strerror(socket_last_error()) . \n; } Cheers, Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about performance between for iteration and extension function
On Fri, Dec 9, 2011 at 5:04 PM, Lin Yo-An cornelius.h...@gmail.com wrote: Hi folks, I am in doubt of this, I thought pure php iteration is slower than calling join or other extension functions. but the result shows: https://gist.github.com/b2a94c94ca66a55814d4 Using Pure PHP for iteration is faster than using join function. why ? because of the php runtime typecasting ? And json_encode is the most slowest. There's a bug in your first test (the php iteration). You're using $i for the inner and outer loop, meaning that the outer loop will only run once. Try this updated example: https://gist.github.com/1452696 On my box it gives(with microtime instead of your timer class): php join.php n=1000 Pure PHP iteration: 0.87661409378052 String join: 0.13562703132629 json_encode: 0.081185102462769 json_encode is the fastest one here. Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about PHP FPM and shared memory
On 11/23/2011 08:25 PM, Daniel Betz wrote: Hello list, I am trying to start PHP FPM with 2600 worker pools with ondemand processmanager. Each for one domain. The problem is now, that the php-fpm quits with: ERROR: pid 10937, fpm_shm_alloc(), line 28: unable to allocate 1040 bytes in shared memory: Cannot allocate memory: Cannot allocate memory (12) The server is 32bit :( and has 12GB of ram. I have tried to raise the SHMMAX and SHMALL settings via sysctl, but the problem isn't gone. Do you have any hints ? Thx and greetings, Daniel How much did you set it and were those changes applied? -- Nilesh Govindarajan http://nileshgr.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about best practice for coding sql statements
On 11-11-12 06:30 AM, tamouse mailing lists wrote: I'm curious how others feel about this. When I'm creating an SQL string, either for a non-prepared or prepared execution, I build it in a variable and then pass the variable to the query or prepare function. This lets me easily add something to view the SQL statement, and also if there's an error, emit the SQL statement. Thus: $sql = SELECT * FROM TABLE WHERE id=$id; if ($debug) error_log($sql. from .__FILE__.' at '.__LINE__' in '__FUNCTION__.PHP_EOL); // just an example $rslt = $db-query($sql) or die(Could not get result from $sql: .$db-errno.: .$db-error...PHP_EOL); and so on... While I am not a big fan of OOP, I do like PDO, and recommend its use. This is a sample function I have to maintain a record based on POSTed changes: function updatecategory($dbh, $x) { $sql = UPDATE gallery_category SET category_name = :name, category_description = :description WHERE category_id = :id; $catname = fieldcheck($x['catname']); $catdescription = textfieldcheck($x['catdescription']); $stmt = $dbh-prepare($sql); try { $stmt-bindParam(':name', $catname); $stmt-bindParam(':description', $catdescription); $stmt-bindParam(':id', $x['cid']); $stmt-execute(); } catch (PDOException $e) { return 'Error updating category orders: ' . $e-getMessage(); } return Maintained category . $catname; } PDO is very efficient when you are looping through updates, and the error handling is simple to code. Using a disciplined format keeps everything readable and easy to use as a template for additional work. Cheers Stephen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about best practice for coding sql statements
On Sat, 12 Nov 2011, tamouse mailing lists wrote: I'm curious how others feel about this. When I'm creating an SQL string, either for a non-prepared or prepared execution, I build it in a variable and then pass the variable to the query or prepare function. This lets me easily add something to view the SQL statement, and also if there's an error, emit the SQL statement. I do this. This means that when a user encounters an error, they can actually give you a meaningful error report which should reduce the time it takes to fix it by a considerable amount. Geoff. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about best practice for coding sql statements
On Sat, Nov 12, 2011 at 7:01 AM, Stephen stephe...@rogers.com wrote: While I am not a big fan of OOP, I do like PDO, and recommend its use. Right -- I wasn't actually inquiring about how to access a data base, merely the pactice of using a variable for the SQL -- In your example, you are doing this as well, which fits in fine with what I was enquiring about. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question reading a file
On Thu, 2011-10-27 at 15:25 -0400, Tedd Sperling wrote: Hi gang: I have a few questions -- this is my first one. Please review this link: http://webbytedd.com//perms/ This page simply reads the contents of a file of the user's choice and displays the file's data. My first question is with regard to reading a file ( fread() ): If the user picks the PDF file, the [1] First 20 bytes are: %PDF... If the user picks a JPG file, the [1] First 20 bytes are: ...JFFIF... If the user picks a GIF file, the [1] First 20 bytes are: GIF89a... Of course, the above is just reading/echoing the header for each of those files. Likewise, if the user picks a TXT or CSS file, then [1] First 20 bytes echoed are the first 20 characters of the file. However, if the user picks a HTML or PHP file, there are no [1] First 20 bytes echoed. BUT, the ord() and chr() of the bytes ARE indeed collected and can be echoed as shown in statements [2] and [3]. So, my question is specifically Why is the data gathered in the variable $content not echoed for the HTML and PHP files, but is for all other files? Please review the code shown. Cheers, tedd _ t...@sperling.com http://sperling.com This might sound silly, but is it because it's being interpreted somehow? I could understand the HTML going a little weird because of this, not sure about the PHP, would depend what was trying to interpret it... -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question reading a file
On Thu, Oct 27, 2011 at 15:25, Tedd Sperling tedd.sperl...@gmail.com wrote: Hi gang: I have a few questions -- this is my first one. Please review this link: http://webbytedd.com//perms/ This page simply reads the contents of a file of the user's choice and displays the file's data. My first question is with regard to reading a file ( fread() ): If the user picks the PDF file, the [1] First 20 bytes are: %PDF... If the user picks a JPG file, the [1] First 20 bytes are: ...JFFIF... If the user picks a GIF file, the [1] First 20 bytes are: GIF89a... Of course, the above is just reading/echoing the header for each of those files. Likewise, if the user picks a TXT or CSS file, then [1] First 20 bytes echoed are the first 20 characters of the file. However, if the user picks a HTML or PHP file, there are no [1] First 20 bytes echoed. BUT, the ord() and chr() of the bytes ARE indeed collected and can be echoed as shown in statements [2] and [3]. So, my question is specifically Why is the data gathered in the variable $content not echoed for the HTML and PHP files, but is for all other files? Please review the code shown. No need to review the code. The first hunch I had proved correct. PHP opens with a less-than (left carat, or 'less-than') symbol, as do HTML tags. As a result, the browser interprets both as tags and tries to parse them. Viewing the source of that page upon selection of the PHP or HTML options displays the code as expected. Resolution: str_replace('','lt;',str_replace('','gt;',$data)); Technically, only the less-than symbols need to be replaced, but you may as well - as Charley Jordan says - Keep It Clean. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question reading a file
On Oct 27, 2011, at 5:14 PM, Daniel Brown wrote: On Thu, Oct 27, 2011 at 15:25, Tedd Sperling tedd.sperl...@gmail.com wrote: -snip my confusion - No need to review the code. The first hunch I had proved correct. PHP opens with a less-than (left carat, or 'less-than') symbol, as do HTML tags. As a result, the browser interprets both as tags and tries to parse them. -snip- -- /Daniel P. Brown Daniel: But of course. I never considered that the in both the HTML (!doctype html) and the PHP (?php) would cause the browser to wig-out and not display the contents of the file -- good catch! I knew there was something wrong -- I just didn't realize that the Browser was trying to think for me. That'll teach me to use a Browser as a hex-viewer. Thanks, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about losing port number
On 26 Sep 2011 at 23:45, vince chan rainma...@gmail.com wrote: I have a general question about PHP: So basically I have a link, and I want the href to be absolute., so I do 'https://' . $_SERVER['HTTP_HOST'] . '/login' ; this gives me https://127.0.0.1/login on my local; however, what i really want is https://127.0.0.1:9090/login, it is missing :9090. I also have tried to use $_SERVER['SERVER_PORT'], but $_SERVER['SERVER_PORT'] doesn't give me 9090, it gives me 80. Where does the 9090 come from? -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about directory permissions
Sure. The script runs with the permissions of whoever is running it. In general, a PHP script that's a web page in linux will run by a user called something like apache, apache2, www-user, or something similar. If you give that user permissions -- either directly or through their group, often of the same name -- to write to the directory in question, then the script will be able to write to it. For instance: on my Ubuntu 10.04 server, I want my script DW3 to be able to write to /var/www/DW3/logs. I leave ownership of everything else as it was, and do the following: $ cd /var/www/DW3 $ chgrp www-data ./logs $ chmod 770 ./logs Now members of the group www-data (at the moment only apache) can write to the directory, as can the owner, but no one else can. In reality, I could probably have set that to 660, but I don't much care about the slight added risk of using 770 in this case. (If you're confused by the numbers I used, check here: http://www.yolinux.com/TUTORIALS/LinuxTutorialManagingGroups.html) I hope that helps! -Andy On Mon, Mar 21, 2011 at 1:58 PM, Al n...@ridersite.org wrote: I understand dir perms pretty well; but, have a question I can't readily find the answer to. Under a Linux system, scripts can't write, copy, etc. to other dirs unless the perms are set for writable for the script e.g., nobody. But, is there a way a script can write or copy within its own dir? Thanks... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about directory permissions
Al wrote: I understand dir perms pretty well; but, have a question I can't readily find the answer to. Under a Linux system, scripts can't write, copy, etc. to other dirs unless the perms are set for writable for the script e.g., nobody. But, is there a way a script can write or copy within its own dir? Not unless it has permission to do so. Most likely, however, it can write to the temp space such as /tmp or /var/tmp. --Curtis
Re: [PHP] question about preventing polling for more than once
Have you checked for any cookies left by that website? Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: 肖晗 xiaohan2...@gmail.com Date: Fri, Nov 12, 2010 15:14 Subject: [PHP] question about preventing polling for more than once To: php-general@lists.php.net I noticed that some websites such as polldaddyhttp://polldaddy.com/account/home.php has fascinating poll service. And I am just curious about how it prevents user from polling the same poll for more than once. Or more accurately, I am a dynamic IP user. And I found that if I have polled once for a certain poll and after some time, I changed my IP when I got connected to the Internet again, I cannot poll the previous one for the second time. So I am confused how polldaddy http://polldaddy.com/account/home.php can figure out that I have polled even if I had changed my IP. Is there any way to achieve that? Thanks in advance.
Re: [PHP] question about preventing polling for more than once
Hello ??, Try to clean up your cookies. Maybe they set a cookie on your computer. -- With best regards from Ukraine, Andre Skype: Francophile Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion - Original message - From: ?? xiaohan2...@gmail.com To: php-general@lists.php.net php-general@lists.php.net Date: Friday, November 12, 2010, 5:14:49 PM Subject: [PHP] question about preventing polling for more than once I noticed that some websites such as polldaddyhttp://polldaddy.com/account/home.php has fascinating poll service. And I am just curious about how it prevents user from polling the same poll for more than once. Or more accurately, I am a dynamic IP user. And I found that if I have polled once for a certain poll and after some time, I changed my IP when I got connected to the Internet again, I cannot poll the previous one for the second time. So I am confused how polldaddy http://polldaddy.com/account/home.php can figure out that I have polled even if I had changed my IP. Is there any way to achieve that? Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: On Mon, Sep 13, 2010 at 19:51, MikeBmpbr...@gmail.com wrote: As part of the bug report I included a link to an image of my nntp config. I saw that, thanks. I'll look into creating a mirror of the news server, as well, for NNTP-only access. I won't lie and say that it's a priority, but I'll try to get to it as soon as I have time, Mike. You must have already done something. It's working a lot better today. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: On Mon, Sep 13, 2010 at 18:09, MikeB mpbr...@gmail.com wrote: However, getting access seems to be hit-and-miss, since I more often than not get a message that the connection to news.php.net timed out. Is this an indication that the server is just very busy? I don't get this on any other news server I'm using on the smae news reader and I have gotten this on two different news readers that I have tried. I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Dan, Mike, I can confirm this happens all the time in thunderbird, and always has for many years now, on all PHP NNTP lists. However, the problem can be worked around simply, for some reason the timeout generally only happens with the first call to view a mailing list, after X minutes of inactivity. Thus, I simply subscribe to a few different PHP lists (like .soap .test and general) then when I open thunderbird I quickly click a list I *don't* want to see, then click on .general, .general then loads nicely as expected letting the other one timeout :) It's hardly a fix, but it works - may be worth checking if this is the case with the latest thunderbird revision and then reporting it as a bug (in either thunderbird or the mailing list software that PHP is running). Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Good to know there's a workaround. I am thinking of using one (or more) of the old VOOM boxes to mirror the news server for NNTP-only access. Sent from my DROID. Apologies if formatting is off or I'm top-posting on a list. On Sep 14, 2010 8:59 PM, Nathan Rixham nrix...@gmail.com wrote: Daniel Brown wrote: On Mon, Sep 13, 2010 at 18:09, MikeB mpbr...@gmail.com wrote: However, getting access seems to be hit-and-miss, since I more often than not get a message that the connection to news.php.net timed out. Is this an indication that the server is just very busy? I don't get this on any other news server I'm using on the smae news reader and I have gotten this on two different news readers that I have tried. I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Dan, Mike, I can confirm this happens all the time in thunderbird, and always has for many years now, on all PHP NNTP lists. However, the problem can be worked around simply, for some reason the timeout generally only happens with the first call to view a mailing list, after X minutes of inactivity. Thus, I simply subscribe to a few different PHP lists (like .soap .test and general) then when I open thunderbird I quickly click a list I *don't* want to see, then click on .general, .general then loads nicely as expected letting the other one timeout :) It's hardly a fix, but it works - may be worth checking if this is the case with the latest thunderbird revision and then reporting it as a bug (in either thunderbird or the mailing list software that PHP is running). Best, Nathan
Re: [PHP] Question about news.php.net
On Mon, Sep 13, 2010 at 18:09, MikeB mpbr...@gmail.com wrote: However, getting access seems to be hit-and-miss, since I more often than not get a message that the connection to news.php.net timed out. Is this an indication that the server is just very busy? I don't get this on any other news server I'm using on the smae news reader and I have gotten this on two different news readers that I have tried. I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? yes, NNTP. You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. If this persists, I'll look into the alternatives you suggest, but that's another hill to climb when all I'm trying to do is learn PHP and web and mySQL and javascrip and... :) (not complaining, just that right now I've got a lot on my plate and the scope of new things just seem to keep expanding faster than I can get a handle on it). In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Thanks, I did that. In the process I found a 2005 bug report that said nntp was deliberately throttled to discourage its use... :) As part of the bug report I included a link to an image of my nntp config. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
On Mon, Sep 13, 2010 at 19:51, MikeB mpbr...@gmail.com wrote: As part of the bug report I included a link to an image of my nntp config. I saw that, thanks. I'll look into creating a mirror of the news server, as well, for NNTP-only access. I won't lie and say that it's a priority, but I'll try to get to it as soon as I have time, Mike. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
On 09/13/2010 06:51 PM, MikeB wrote: Daniel Brown wrote: I don't believe that we've been having any issues with the server, no. Are you using NNTP to connect? yes, NNTP. You may want to consider using the HTTP-based RSS and/or RDF feeds if it continues to be an issue. If this persists, I'll look into the alternatives you suggest, but that's another hill to climb when all I'm trying to do is learn PHP and web and mySQL and javascrip and... :) (not complaining, just that right now I've got a lot on my plate and the scope of new things just seem to keep expanding faster than I can get a handle on it). In addition, if you continue to have problems, file a bug report at http://bugs.php.net/ and we'll look into it further. Thanks, I did that. In the process I found a 2005 bug report that said nntp was deliberately throttled to discourage its use... :) As part of the bug report I included a link to an image of my nntp config. I have had this problem every day for years. I can read a message and then click another one and it times out. It does this for hours at a time. Also, many times when sending a reply it times out. Just learned to live with it because I don't want mailing list mails either. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about news.php.net
Daniel Brown wrote: On Mon, Sep 13, 2010 at 19:51, MikeBmpbr...@gmail.com wrote: As part of the bug report I included a link to an image of my nntp config. I saw that, thanks. I'll look into creating a mirror of the news server, as well, for NNTP-only access. I won't lie and say that it's a priority, but I'll try to get to it as soon as I have time, Mike. That is much appreciated. I can understand the situation, mostly I just wanted to know that it wasn't something I'm doing wrong. ANything you can do to improve it is, of course, appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about translating assoc. arrays to C
Joshua Kehn wrote: I'm working on creating a compiled extension for some code I've written. Mostly it's manipulating a very large multi-demensional array of values. This is some pseudo code for the array. // Imagine this but much much bigger $big_ass_array = array('5' = array('0' = 4, '3' = 6, '8' = 7), '10' = array('4' = 3, '5' = 10')); Currently I'm traversing this with foreach($array as $key1 = $value) { foreach($value as $key2 = $value) { Well, I hope you are not using it this way. The above will overwrite your $value variable set by the first foreach Maybe you had a cut/paste error with the $value1 $value2 portion... // Use $key1, $key2, and $value here } } My question is how does this translate into the C code I will have to write? My suggestion would be to download the source code and find a comparable array function and see how they do it. If anyone has a decent extension building tutorial that would be great too. First google result for php extension tutorial http://devzone.zend.com/article/1021 http://www.talkphp.com/vbarticles.php?do=articlearticleid=49title=creating-custom-php-extensions http://www.php.net/~wez/extending-php.pdf Just to list a few... Jim Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about translating assoc. arrays to C
Jim- Yes, that was a typo. The issues was I didn't cut / paste and instead retyped it. Should be foreach($array as $key1 = $list) { foreach($list as $key2 = $value) I will check those links out, I had the first one not the second. Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 5, 2010, at 12:32 AM, Jim Lucas wrote: Joshua Kehn wrote: I'm working on creating a compiled extension for some code I've written. Mostly it's manipulating a very large multi-demensional array of values. This is some pseudo code for the array. // Imagine this but much much bigger $big_ass_array = array('5' = array('0' = 4, '3' = 6, '8' = 7), '10' = array('4' = 3, '5' = 10')); Currently I'm traversing this with foreach($array as $key1 = $value) { foreach($value as $key2 = $value) { Well, I hope you are not using it this way. The above will overwrite your $value variable set by the first foreach Maybe you had a cut/paste error with the $value1 $value2 portion... // Use $key1, $key2, and $value here } } My question is how does this translate into the C code I will have to write? My suggestion would be to download the source code and find a comparable array function and see how they do it. If anyone has a decent extension building tutorial that would be great too. First google result for php extension tutorial http://devzone.zend.com/article/1021 http://www.talkphp.com/vbarticles.php?do=articlearticleid=49title=creating-custom-php-extensions http://www.php.net/~wez/extending-php.pdf Just to list a few... Jim Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com
RE: [PHP] question about compiling a portable web server for linux
From: Ashley Sheridan On Sat, 2010-08-07 at 10:43 +0800, lainme wrote: thanks for the reply. I know it is not a PHP problem. And I want to know whether it is possible to make it architecture independent. On Sat, Aug 7, 2010 at 10:38 AM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? You can't compile to be architecture independent. The best you can do is convert a language to a byte-code, like java. To expand on this, just a little, once you compile an application, you have locked it in to a specific CPU, OS and versions of the requisite dynamic libraries. The compiler options and your tool set define which range of each of those it will actually run on. The only way to make something completely independent of the architecture is to distribute it in source code form. In this case, you are probably better off defining minimum versions for the web server and PHP module that is required and allow the user to install those on his own. Most distributions already have those components packaged in an easy to manage kit. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] question about compiling a portable web server for linux
On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] question about compiling a portable web server for linux
thanks for the reply. I know it is not a PHP problem. And I want to know whether it is possible to make it architecture independent. On Sat, Aug 7, 2010 at 10:38 AM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] question about compiling a portable web server for linux
On Sat, 2010-08-07 at 10:43 +0800, lainme wrote: thanks for the reply. I know it is not a PHP problem. And I want to know whether it is possible to make it architecture independent. On Sat, Aug 7, 2010 at 10:38 AM, Ashley Sheridan a...@ashleysheridan.co.ukwrote: On Sat, 2010-08-07 at 10:22 +0800, lainme wrote: Hi, I recently compiled a portable portable web server for linux, using lighttpd and php. But it seems that php can only run on machine with the same glibc version compiled it. How can I solve the problem? It's not a PHP problem. If you compile something, it's compiled to the same architecture that you specify, which by default is yours. have you tried compiling your executable with the same setup as you're currently using? Thanks, Ash http://www.ashleysheridan.co.uk You can't compile to be architecture independent. The best you can do is convert a language to a byte-code, like java. Thanks, Ash http://www.ashleysheridan.co.uk
RE: [PHP] Question about SQL and Graph nodel trees
-Original Message- From: Tim Gallagher [mailto:tgallag...@danati.com] Sent: Wednesday, July 21, 2010 12:49 PM To: Andrew Ballard Cc: php-general@lists.php.net Subject: RE: [PHP] Question about SQL and Graph nodel trees Thank you for the informaiton. I did see that code but it looks like it is formatted for MSSQL and was unable to get it to work for Mysql. Tim @Tim, You'll have to migrate the stored procedures (SP) from MSSQL to MySQL (aka stored programs). Each DBMS have their own way of implementing the SP. http://dev.mysql.com/doc/refman/5.1/en/stored-programs-views.html @Andrew, interesting link! Thanks! Regards, Tommy From: Andrew Ballard [aball...@gmail.com] Sent: Wednesday, July 21, 2010 11:40 AM To: Tim Gallagher Cc: php-general@lists.php.net Subject: Re: [PHP] Question about SQL and Graph nodel trees On Wed, Jul 21, 2010 at 11:04 AM, Tim Gallagher tgallag...@danati.com wrote: I cannot be the only one that is having this problem, what are you using for DAG (Direct Acrylic Graph)? I need to have a mesh node edge graph and am having trouble with this? I see that Neo4j has a rest server and I can do this in Java but I want to do it in PHP with a MYSQL or postgresql. If you are doing something like this, can you please tell me how you are doing this. I can do a relationship with a parent child or a nested tree, but I need to do a DAG. Thanks for the help, timgerr A basic approach would be to use two tables - one to store the nodes and second table to store the edges between the nodes. As far as traversing the graph, the best approach I have seen expands this a bit to store the full transitive closure of the graph, rather than just the direct edges: http://www.codeproject.com/KB/database/Modeling_DAGs_on_SQL_DBs.a spx It is written for SQL Server, but the idea works OK (and I successfully tested it once) in MySQL. (I imagine the same would be true for PostgreSQL.) The idea is to store the transitive closure (every possible path) of the entire graph. For instance, if you have a basic graph A - B - C - D it stores these paths: A - B B - C C - D A - C B - D A - D The obvious downside is that edge table can get incredibly large depending on the nature of the graph you are modeling. (The article provides much more detail.) I did, however, import a good chunk of an Active Directory tree (just users and groups, not the full list of attributes) into this pattern just to test the concept, and I found that in that case the size of the transitive closure table did not get out of hand. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about SQL and Graph nodel trees
On Wed, Jul 21, 2010 at 11:04 AM, Tim Gallagher tgallag...@danati.com wrote: I cannot be the only one that is having this problem, what are you using for DAG (Direct Acrylic Graph)? I need to have a mesh node edge graph and am having trouble with this? I see that Neo4j has a rest server and I can do this in Java but I want to do it in PHP with a MYSQL or postgresql. If you are doing something like this, can you please tell me how you are doing this. I can do a relationship with a parent child or a nested tree, but I need to do a DAG. Thanks for the help, timgerr A basic approach would be to use two tables - one to store the nodes and second table to store the edges between the nodes. As far as traversing the graph, the best approach I have seen expands this a bit to store the full transitive closure of the graph, rather than just the direct edges: http://www.codeproject.com/KB/database/Modeling_DAGs_on_SQL_DBs.aspx It is written for SQL Server, but the idea works OK (and I successfully tested it once) in MySQL. (I imagine the same would be true for PostgreSQL.) The idea is to store the transitive closure (every possible path) of the entire graph. For instance, if you have a basic graph A - B - C - D it stores these paths: A - B B - C C - D A - C B - D A - D The obvious downside is that edge table can get incredibly large depending on the nature of the graph you are modeling. (The article provides much more detail.) I did, however, import a good chunk of an Active Directory tree (just users and groups, not the full list of attributes) into this pattern just to test the concept, and I found that in that case the size of the transitive closure table did not get out of hand. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about SQL and Graph nodel trees
Thank you for the informaiton. I did see that code but it looks like it is formatted for MSSQL and was unable to get it to work for Mysql. Tim From: Andrew Ballard [aball...@gmail.com] Sent: Wednesday, July 21, 2010 11:40 AM To: Tim Gallagher Cc: php-general@lists.php.net Subject: Re: [PHP] Question about SQL and Graph nodel trees On Wed, Jul 21, 2010 at 11:04 AM, Tim Gallagher tgallag...@danati.com wrote: I cannot be the only one that is having this problem, what are you using for DAG (Direct Acrylic Graph)? I need to have a mesh node edge graph and am having trouble with this? I see that Neo4j has a rest server and I can do this in Java but I want to do it in PHP with a MYSQL or postgresql. If you are doing something like this, can you please tell me how you are doing this. I can do a relationship with a parent child or a nested tree, but I need to do a DAG. Thanks for the help, timgerr A basic approach would be to use two tables - one to store the nodes and second table to store the edges between the nodes. As far as traversing the graph, the best approach I have seen expands this a bit to store the full transitive closure of the graph, rather than just the direct edges: http://www.codeproject.com/KB/database/Modeling_DAGs_on_SQL_DBs.aspx It is written for SQL Server, but the idea works OK (and I successfully tested it once) in MySQL. (I imagine the same would be true for PostgreSQL.) The idea is to store the transitive closure (every possible path) of the entire graph. For instance, if you have a basic graph A - B - C - D it stores these paths: A - B B - C C - D A - C B - D A - D The obvious downside is that edge table can get incredibly large depending on the nature of the graph you are modeling. (The article provides much more detail.) I did, however, import a good chunk of an Active Directory tree (just users and groups, not the full list of attributes) into this pattern just to test the concept, and I found that in that case the size of the transitive closure table did not get out of hand. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP question
On 13 July 2010 15:46, Joey Hendricks j.hendrick...@comcast.net wrote: Hi Mr. Quadling, Thank you for the reply. I still don't understand how to get all the emails into the function. Before I put in the function I had something like this- for($i=0; $i=9; $i++) { if(!empty($_GET[email.$i])) { mail($_GET[email.$i], $email_subject, $email_message, From: .$from); } } But then I made this function- function mail_message($data_array, $template_file, $deadline_str) { $email_message = file_get_contents($template_file); $email_message = str_replace(#DEADLINE#, $deadline_str, $email_message); $email_message = str_replace(#DATE#, date(F d, Y h:i a), $email_message); $email_message = str_replace(#NAME#, $data_array['name'], $email_message); //This to variable is where I get the error $to=$mymail; $from='j.hendrick...@comcast.net'; $email_subject='Bubs Birthday'; mail($to, $email_subject, $email_message, From: .$from); } And this is where I call the function- if(!empty($_GET[email.$i])) { mail_message($_GET[email.$i], email_template.txt, $deadline_str); } Thank you very very much for your help. Joey. Try ... $to = ''; foreach(range(1,9) as $i) { $to .= (!!$to ? ',', : '') . $_GET[email{$i}]; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about the Board
On 7/5/10, Gary[1] wrote: The last few times I have posted to the board, I recieved an email, which has the subject line of ??? ??? and is written in what appears to be greek Ukrainian or Russian I would guess, looking at the headers. Anyone else have this happen? Yes. Either some spammer harvesting addresses, or some setting up filters on his email and getting it wrong. [1] Another Gary, not this one :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about the Board
On Tue, 2010-07-06 at 11:00 +0200, Gary . wrote: On 7/5/10, Gary[1] wrote: The last few times I have posted to the board, I recieved an email, which has the subject line of ??? ??? and is written in what appears to be greek Ukrainian or Russian I would guess, looking at the headers. Anyone else have this happen? Yes. Either some spammer harvesting addresses, or some setting up filters on his email and getting it wrong. [1] Another Gary, not this one :) I have had a couple such emails, requesting me to log in somewhere in order to have my address 'validated' as non-spam, but I ignored it and nothing bad has happened to me yet! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about the Board
On 7/6/10, Ashley Sheridan wrote: I have had a couple such emails, requesting me to log in somewhere in order to have my address 'validated' as non-spam, but I ignored it and nothing bad has happened to me yet! Not yet. *hides cattle prod behind back* -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about logins and locking
-Original Message- From: James Colannino [mailto:ja...@colannino.org] Sent: Tuesday, June 22, 2010 10:06 PM To: PHP-General List Subject: Re: [PHP] Question about logins and locking Tommy Pham wrote: 1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to expire when browser closes 2) Have a table in the DB backend to keep track if the user is logged in or not and when was the last time the validated user access your site (this gets updated when the user visit a link on your site by checking the cookie and the DB entry of the session ID) 3) Set your session timeout accordingly to you security requirement 4) Have a javascript on a timeout to self-logoff should the user is AFK longer than your session timeout. If another user or if the same user tries to login with a different browser, you can check the status of the user. If the user is logged in, you can deny it after the authentication. Should the user closes the browser without having to logoff, you can check when was the last time the user accessed your site and see if it's been longer than your session timeout. For security purposes, you can optionally send a courtesy email notifying that the user didn't logout properly since last accessed. This way, you can track whether if the user's system is compromised in some way or not. It all depends on what kind of application, service, user level access, and the strict security you require. Thanks Tommy. That was very helpful, and some of it is similar to how I was thinking of doing it. James Forgot 1 more thing, if you really want to be strict about security, you can set a very highly secured permanent cookie on the user's system on the first initial login. You can send them a confirmation code, that it's really who they say they are, to the email address. Then the user will need to submit that confirmation code along with the current password as part of the initial logon process. So if a hijacker or eaves dropper try to logon with your user's info on another system, a new confirmation code would be sent to your user's email address. Your user would then know their identity has be stolen. Setting this up will entail slight modification to your app and DB design but will have better overall security. Again, evaluate your needs and services ;) Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about logins and locking
On 23 June 2010 07:44, Tommy Pham tommy...@gmail.com wrote: -Original Message- From: James Colannino [mailto:ja...@colannino.org] Sent: Tuesday, June 22, 2010 10:06 PM To: PHP-General List Subject: Re: [PHP] Question about logins and locking Tommy Pham wrote: 1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to expire when browser closes 2) Have a table in the DB backend to keep track if the user is logged in or not and when was the last time the validated user access your site (this gets updated when the user visit a link on your site by checking the cookie and the DB entry of the session ID) 3) Set your session timeout accordingly to you security requirement 4) Have a javascript on a timeout to self-logoff should the user is AFK longer than your session timeout. If another user or if the same user tries to login with a different browser, you can check the status of the user. If the user is logged in, you can deny it after the authentication. Should the user closes the browser without having to logoff, you can check when was the last time the user accessed your site and see if it's been longer than your session timeout. For security purposes, you can optionally send a courtesy email notifying that the user didn't logout properly since last accessed. This way, you can track whether if the user's system is compromised in some way or not. It all depends on what kind of application, service, user level access, and the strict security you require. Thanks Tommy. That was very helpful, and some of it is similar to how I was thinking of doing it. James Forgot 1 more thing, if you really want to be strict about security, you can set a very highly secured permanent cookie on the user's system on the first initial login. You can send them a confirmation code, that it's really who they say they are, to the email address. Then the user will need to submit that confirmation code along with the current password as part of the initial logon process. So if a hijacker or eaves dropper try to logon with your user's info on another system, a new confirmation code would be sent to your user's email address. Your user would then know their identity has be stolen. Setting this up will entail slight modification to your app and DB design but will have better overall security. Again, evaluate your needs and services ;) Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php There is a project dealing with creating a secure login for a web site. It is being developed multi-lingually and across multiple languages (PHP, VB.net, etc.). Take a look at https://code.google.com/p/loginsystem-rd/ -- - Richard Quadling Standing on the shoulders of some very clever giants! EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about logins and locking
-Original Message- From: James Colannino [mailto:ja...@colannino.org] Sent: Tuesday, June 22, 2010 2:29 PM To: php-general@lists.php.net Subject: [PHP] Question about logins and locking Hey everyone, I have a question about logins. Let's say that I want to allow each user account to login only once at a time. I would then need some kind of locking mechanism to make sure that the same user can't login again somewhere else until first logging off. What's a good way to achieve this? I want to be able to handle situations in which the user closes their browser without first logging off, where I would want to count that as a logout. Perhaps I could do some kind of periodic polling in Javascript, combined with a query to the database that sets a value when the user logs in and when the user logs out? I'm just looking for some conceptual ideas. Thanks everyone! James James, 1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to expire when browser closes 2) Have a table in the DB backend to keep track if the user is logged in or not and when was the last time the validated user access your site (this gets updated when the user visit a link on your site by checking the cookie and the DB entry of the session ID) 3) Set your session timeout accordingly to you security requirement 4) Have a javascript on a timeout to self-logoff should the user is AFK longer than your session timeout. If another user or if the same user tries to login with a different browser, you can check the status of the user. If the user is logged in, you can deny it after the authentication. Should the user closes the browser without having to logoff, you can check when was the last time the user accessed your site and see if it's been longer than your session timeout. For security purposes, you can optionally send a courtesy email notifying that the user didn't logout properly since last accessed. This way, you can track whether if the user's system is compromised in some way or not. It all depends on what kind of application, service, user level access, and the strict security you require. Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about logins and locking
Tommy Pham wrote: 1) Set an encrypted (to prevent hijacking and eavesdropping) cookie to expire when browser closes 2) Have a table in the DB backend to keep track if the user is logged in or not and when was the last time the validated user access your site (this gets updated when the user visit a link on your site by checking the cookie and the DB entry of the session ID) 3) Set your session timeout accordingly to you security requirement 4) Have a javascript on a timeout to self-logoff should the user is AFK longer than your session timeout. If another user or if the same user tries to login with a different browser, you can check the status of the user. If the user is logged in, you can deny it after the authentication. Should the user closes the browser without having to logoff, you can check when was the last time the user accessed your site and see if it's been longer than your session timeout. For security purposes, you can optionally send a courtesy email notifying that the user didn't logout properly since last accessed. This way, you can track whether if the user's system is compromised in some way or not. It all depends on what kind of application, service, user level access, and the strict security you require. Thanks Tommy. That was very helpful, and some of it is similar to how I was thinking of doing it. James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question - foreach.
At 3:46 PM -0400 6/10/10, Paul M Foster wrote: On Thu, Jun 10, 2010 at 11:16:08AM -0400, tedd wrote: I spend much of my time thinking Did I do that before? grin I know the feeling. I will say this, though. I have yet to figure out, from your URLs, how your site(s) is/are organized. Maybe a reorg would help? Paul Paul: Unfortunately, I really don't follow an organization plan for my demos on any of my sites (well over a dozen now). Please understand that when I started creating demos, I only wanted to see how a specific thing worked. I had no idea that this investigation would become a giant listing of stuff. I could explain how I can easily create demos if you want, but it's pretty basic stuff using includes for a common header/footer files leaving only the specific of the topic to be added. The hard part is just finding a layout that you like -- after that it's pretty easy to duplicate it each time you want to demo something. I will be updating my sperling.com soon to add in language specific code (php/css/js) -- and that *will* be organized into categories. However, that may be down the road because I have a few other pressing matters that are pulling me in several different directions. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question - foreach.
At 7:19 AM +0530 6/10/10, Shreyas wrote: PHP'ers, I am reading a PHP book which explains foreach and at the end says : *'When foreach starts walking through an array, it moves the pointer to the beginning of the array. You don't need to reset an array before walking through it with foreach.'* * * *Does this mean - * *1) Before I navigate the array, foreach will bring the pointer to the starting key?* *2) After the first index, it goes to 2nd, 3rd, and nth? * Regards, Shreyas Shreyas: This is one of those questions that you can test very easily, just initialize an array and try it. ?php $test = array(a, b, c, d); foreach ($test as $value) { echo(value = $value br); } ? As the references show, there are two versions of the foreach, the one above and this: ?php $test = array(a, b, c, d); foreach ($test as $key = $value) { echo($key= $key value=$value br); } ? Note that you can pull-out the index (i.e., $key) as well as the value (i.e., $value) of each index. The br is only to add a linefeed in html. This is a bit easier than using a for() loop. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question - foreach.
On Thu, Jun 10, 2010 at 07:03:28AM -0400, tedd wrote: At 7:19 AM +0530 6/10/10, Shreyas wrote: PHP'ers, I am reading a PHP book which explains foreach and at the end says : *'When foreach starts walking through an array, it moves the pointer to the beginning of the array. You don't need to reset an array before walking through it with foreach.'* * * *Does this mean - * *1) Before I navigate the array, foreach will bring the pointer to the starting key?* *2) After the first index, it goes to 2nd, 3rd, and nth? * Regards, Shreyas Shreyas: This is one of those questions that you can test very easily, just initialize an array and try it. +1 This is Tedd's modus operandi. His website(s) are full of exactly this type of thing. And I have to agree. I can't count the number of questions I *haven't* asked on this list, because I built a page to test a particular concept. And this sort of activity (as opposed to just reading about something) really locks in your understanding of a concept. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question - foreach.
All, I tried and tested it but wanted a solid confirmation on it. I felt foreach usage is better than manual way of next(), prev() et al. Thanks for the comments. I consider the thread answered and solved unless someone has anything more to add. Regards, Shreyas On Thu, Jun 10, 2010 at 7:02 PM, Paul M Foster pa...@quillandmouse.comwrote: On Thu, Jun 10, 2010 at 07:03:28AM -0400, tedd wrote: At 7:19 AM +0530 6/10/10, Shreyas wrote: PHP'ers, I am reading a PHP book which explains foreach and at the end says : *'When foreach starts walking through an array, it moves the pointer to the beginning of the array. You don't need to reset an array before walking through it with foreach.'* * * *Does this mean - * *1) Before I navigate the array, foreach will bring the pointer to the starting key?* *2) After the first index, it goes to 2nd, 3rd, and nth? * Regards, Shreyas Shreyas: This is one of those questions that you can test very easily, just initialize an array and try it. +1 This is Tedd's modus operandi. His website(s) are full of exactly this type of thing. And I have to agree. I can't count the number of questions I *haven't* asked on this list, because I built a page to test a particular concept. And this sort of activity (as opposed to just reading about something) really locks in your understanding of a concept. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Regards, Shreyas
Re: [PHP] Question - foreach.
At 9:32 AM -0400 6/10/10, Paul M Foster wrote: On Thu, Jun 10, 2010 at 07:03:28AM -0400, tedd wrote: This is one of those questions that you can test very easily, just initialize an array and try it. +1 This is Tedd's modus operandi. His website(s) are full of exactly this type of thing. And I have to agree. I can't count the number of questions I *haven't* asked on this list, because I built a page to test a particular concept. And this sort of activity (as opposed to just reading about something) really locks in your understanding of a concept. Paul Paul: Now, if I could get the old memory to lock in and remember it, it would be great! I spend much of my time thinking Did I do that before? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question - foreach.
On Thu, Jun 10, 2010 at 11:16:08AM -0400, tedd wrote: At 9:32 AM -0400 6/10/10, Paul M Foster wrote: On Thu, Jun 10, 2010 at 07:03:28AM -0400, tedd wrote: This is one of those questions that you can test very easily, just initialize an array and try it. +1 This is Tedd's modus operandi. His website(s) are full of exactly this type of thing. And I have to agree. I can't count the number of questions I *haven't* asked on this list, because I built a page to test a particular concept. And this sort of activity (as opposed to just reading about something) really locks in your understanding of a concept. Paul Paul: Now, if I could get the old memory to lock in and remember it, it would be great! I spend much of my time thinking Did I do that before? grin I know the feeling. I will say this, though. I have yet to figure out, from your URLs, how your site(s) is/are organized. Maybe a reorg would help? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question - foreach.
From: Paul M Foster On Thu, Jun 10, 2010 at 11:16:08AM -0400, tedd wrote: At 9:32 AM -0400 6/10/10, Paul M Foster wrote: On Thu, Jun 10, 2010 at 07:03:28AM -0400, tedd wrote: Paul: Now, if I could get the old memory to lock in and remember it, it would be great! I spend much of my time thinking Did I do that before? grin I know the feeling. I will say this, though. I have yet to figure out, from your URLs, how your site(s) is/are organized. Maybe a reorg would help? ISTR there are three signs of old age. The first is loss of memory, but I can never remember the other two. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question - foreach.
On Thursday 10 June 2010 11:16:08 tedd wrote: At 9:32 AM -0400 6/10/10, Paul M Foster wrote: On Thu, Jun 10, 2010 at 07:03:28AM -0400, tedd wrote: This is one of those questions that you can test very easily, just initialize an array and try it. +1 This is Tedd's modus operandi. His website(s) are full of exactly this type of thing. And I have to agree. I can't count the number of questions I *haven't* asked on this list, because I built a page to test a particular concept. And this sort of activity (as opposed to just reading about something) really locks in your understanding of a concept. Paul Paul: Now, if I could get the old memory to lock in and remember it, it would be great! I spend much of my time thinking Did I do that before? Looks like you and I are in the same boat! My memory these days has went to the dumps. Although I do the same thing Paul does to actually grasp a more in depth understanding of something, sometimes in a day or two it's often forgotten. -- Blessings, David M. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question - foreach.
On Wed, Jun 9, 2010 at 9:49 PM, Shreyas shreya...@gmail.com wrote: PHP'ers, I am reading a PHP book which explains foreach and at the end says : *'When foreach starts walking through an array, it moves the pointer to the beginning of the array. You don’t need to reset an array before walking through it with foreach.'* * * *Does this mean - * *1) Before I navigate the array, foreach will bring the pointer to the starting key?* *2) After the first index, it goes to 2nd, 3rd, and nth? * Regards, Shreyas Number 1. Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
Re: [PHP] Question - foreach.
Shreyas wrote: PHP'ers, I am reading a PHP book which explains foreach and at the end says : *'When foreach starts walking through an array, it moves the pointer to the beginning of the array. You don’t need to reset an array before walking through it with foreach.'* * * *Does this mean - * *1) Before I navigate the array, foreach will bring the pointer to the starting key?* *2) After the first index, it goes to 2nd, 3rd, and nth? * Regards, Shreyas Here is your best reference: http://php.net/foreach Look at the two Notes sections on the top of the page. The first says this: Note: When foreach first starts executing, the internal array pointer is automatically reset to the first element of the array. This means that you do not need to call reset() before a foreach loop. Basically what you said. But then the second says this Note: Unless the array is referenced, foreach operates on a copy of the specified array and not the array itself. foreach has some side effects on the array pointer. Don't rely on the array pointer during or after the foreach without resetting it. -- Jim Lucas A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question - foreach.
On Wed, Jun 9, 2010 at 21:49, Shreyas shreya...@gmail.com wrote: PHP'ers, I am reading a PHP book which explains foreach and at the end says : *'When foreach starts walking through an array, it moves the pointer to the beginning of the array. You don’t need to reset an array before walking through it with foreach.'* * * *Does this mean - * [snip!] An easy way to think about it: foreach is cocky and doesn't give a damn about the rules array functions or placements have set in place. It'll start from the beginning, and to hell with everyone else. In other words: foreach will iterate wholly; it will count *for* *each* key in the loop, not just where another portion of the code left off. -- /Daniel P. Brown daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ We now offer SAME-DAY SETUP on a new line of servers! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 20 May 2010 16:51, Al n...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote: On 20 May 2010 16:51, Al n...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? I still think you might be better off using BBCode, which is used on websites just for this very purpose. When any input comes back, you can remove all the HTML completely and replace the BBCode tags that you allow. This should guarantee that the only HTML in the text is what you put there. That way, the only chance someone has to enter malicious code is to manipulate your replacement algorithm. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about a security function
On 5/21/2010 9:24 AM, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? Like I said above, First pass is thru the blacklist, which effectually tells hackers to not bother and totally deletes the entry. Also, it's possible that one of my non-techie users can unwittingly enter hack code. I want to make a big deal of it. My error messages says in red Illegal code entered. It was not saved. Reenter your text without it. Remember, I show them the error segment so they know exactly what the problem is. There is also another msg which says to contact tech support with a link. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 21 May 2010 14:21, Ashley Sheridan a...@ashleysheridan.co.uk wrote: I still think you might be better off using BBCode, which is used on websites just for this very purpose. When any input comes back, you can remove all the HTML completely and replace the BBCode tags that you allow. This should guarantee that the only HTML in the text is what you put there. That way, the only chance someone has to enter malicious code is to manipulate your replacement algorithm. We don't know what the use case is. It's likely that HTML is a fixed requirement here. In any case, stripping the HTML from a post and leaving just the BBCode is almost as difficult as stripping out all tags except p. There are so many text encodings and weird quirks out there that I wouldn't trust any code I'd written myself to do it. HTMLPurifier is widely adopted and tested, and actively maintained. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/21/2010 9:21 AM, Ashley Sheridan wrote: On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? I still think you might be better off using BBCode, which is used on websites just for this very purpose. When any input comes back, you can remove all the HTML completely and replace the BBCode tags that you allow. This should guarantee that the only HTML in the text is what you put there. That way, the only chance someone has to enter malicious code is to manipulate your replacement algorithm. Thanks, Ash http://www.ashleysheridan.co.uk I've used BBcode several times in the pass for this reason. But, found I was forever having to add new ones for special situations that could easily be handled with plain old HTML elements. Some of my users have a rudimentary knowledge of html so they can use it. Most just use my proxy tags e.g., a partial list:; Text Emphasis = bluefoo/blue, boldfoo/bold, greenfoo/green,... Titles and Headers = blue-titlefoo/blue-title, blue-subtitle.. Containers = container location; width; borderany content/container Lists = list*foo...*foo/list Horiz and Blank Lines, etc. = black-line, blue-line, blank-line, URL and email Links = url www.foo.comLabel/url; [w/wo http:], Images = image position width% relPathcaption/image; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
Al wrote: On 5/21/2010 9:24 AM, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? Like I said above, First pass is thru the blacklist, which effectually tells hackers to not bother and totally deletes the entry. Also, it's possible that one of my non-techie users can unwittingly enter hack code. I want to make a big deal of it. My error messages says in red Illegal code entered. It was not saved. Reenter your text without it. Remember, I show them the error segment so they know exactly what the problem is. There is also another msg which says to contact tech support with a link. Do you actually show them the error. That would give away your mystical powers of detection... :) -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/21/2010 10:36 AM, Jim Lucas wrote: Al wrote: On 5/21/2010 9:24 AM, David Otton wrote: On 20 May 2010 16:51, Aln...@ridersite.org wrote: I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. Ah, gotcha. That seems like a much better approach to me. But if the whitelist's going to stop the submission, then why bother with a blacklist at all? Like I said above, First pass is thru the blacklist, which effectually tells hackers to not bother and totally deletes the entry. Also, it's possible that one of my non-techie users can unwittingly enter hack code. I want to make a big deal of it. My error messages says in red Illegal code entered. It was not saved. Reenter your text without it. Remember, I show them the error segment so they know exactly what the problem is. There is also another msg which says to contact tech support with a link. Do you actually show them the error. That would give away your mystical powers of detection... :) Keep in mind that my users are authenticated before being allowed access. So, I'm covering the situations where my user's PW has been stolen or the hacker got past the auth. Fact is, I mainly want to prevent malicious scripts from being placed on my pages rendered as HTML. I just spent some time helping a website I designed some years ago, but have not been involved for two years, investigate a hacking. The folks maintaining the site ignored all of my recommendations for good security practices. Bottom line: 920 html and php files that generate html have a script that sends every visitor's IP and the page's URL to a website in RU. I don't know why they want this info, the site belongs to a running club. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 20 May 2010 14:53, Al n...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g., p, b, table, etc. e.g., no embed... script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. Here are my regex patterns. I tried finding a complete list of browser executables; but was unsuccessful, probably because I didn't use the right key words. Anyone have suggestions for additional patterns? $securityPatternsArray=array( \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. ); Rolling your own when it comes to this is a very bad idea: chances are you'll miss something even if asking a list like this. Much better to use an existing tool like htmlpurifier. Regards Peter -- hype WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 /hype -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 20 May 2010 13:53, Al n...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g., p, b, table, etc. e.g., no embed... script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. That's not really going to work. See: http://ha.ckers.org/xss.html Blacklisting is a fundamentally flawed approach. I suggest using http://htmlpurifier.org/ instead. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote: On 20 May 2010 13:53, Al n...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g., p, b, table, etc. e.g., no embed... script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. That's not really going to work. See: http://ha.ckers.org/xss.html Blacklisting is a fundamentally flawed approach. I suggest using http://htmlpurifier.org/ instead. I agree wth Peter and David, it's not generally a good idea to roll your own in this case, as the repercussions can be quite large if things go wrong! If you absolutely must though, don't allow any HTML at all, and use BBCode instead, which you can replace afterwards. Before entering the data into a database run it through mysql_real_escape_string(), and if you are displaying any user-entered data, run that through htmlentities() or something similar. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about a security function
On 5/20/2010 10:07 AM, Ashley Sheridan wrote: On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote: On 20 May 2010 13:53, Aln...@ridersite.org wrote: I have a password-protected, user, on-line editor that I'm hardening against hackers just in case a user's pw is stolen or local PC is infected. The user can enter html tags; but, I restrict the acceptable tags to benign ones. e.g.,p,b,table, etc. e.g., noembed...script... etc. Just to be extra safe, I've added a function that parses for executables in the raw, entered text. If found, I post and nasty error message and ignore the entry altogether. That's not really going to work. See: http://ha.ckers.org/xss.html Blacklisting is a fundamentally flawed approach. I suggest using http://htmlpurifier.org/ instead. I agree wth Peter and David, it's not generally a good idea to roll your own in this case, as the repercussions can be quite large if things go wrong! If you absolutely must though, don't allow any HTML at all, and use BBCode instead, which you can replace afterwards. Before entering the data into a database run it through mysql_real_escape_string(), and if you are displaying any user-entered data, run that through htmlentities() or something similar. Thanks, Ash http://www.ashleysheridan.co.uk I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The blacklist is sort of a backup and won't even save the entry. The user's entry has no ability to affect anything outside of the stuff within the body tags, including the css file. Thanks for the heads up about htmlpurifier. I'll take a more detailed look. I briefly looked at it earlier; but, found it was gross overkill for my needs. My objective is to not let bad stuff into my server to start with, and not to parse existing html and css files. The ha.hackers site is most interesting. I plan to work with it in detail. Al.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 20 May 2010 15:52, Al n...@ridersite.org wrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklisted iframe IMG SRC=javascript:alert('XSS'); would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? Because ScRipT would pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.org wrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS'); would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipT would pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. Al... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On Thu, 2010-05-20 at 11:51 -0400, Al wrote: On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.org wrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS'); would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipT would pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. Al... How are you matching against your whitelist? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about a security function
Al wrote: On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.org wrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS'); would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipT would pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. What exactly does your whitelist parser do? And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. But who say I have to use your editor? Al... -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On 5/20/2010 12:02 PM, Jim Lucas wrote: Al wrote: On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.org wrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS'); would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipT would pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. What exactly does your whitelist parser do? It posts an error message that shows the user what the error is [e.g., iframe is an invalid tag. Your text cannot posted until all errors are corrected. Only when the submitted raw text passes the blacklist and whitelist, will the raw text be saved and be available for on-the-fly conversion to html. And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. But who say I have to use your editor? No one says you must by my editor. Al... I'm methodically going thru ha.ckers tests and so far my filters have caught everything. I greatly appreciate everyone's help. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about a security function
On Thu, 2010-05-20 at 12:40 -0400, Al wrote: On 5/20/2010 12:02 PM, Jim Lucas wrote: Al wrote: On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.org wrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS'); would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipT would pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. What exactly does your whitelist parser do? It posts an error message that shows the user what the error is [e.g., iframe is an invalid tag. Your text cannot posted until all errors are corrected. Only when the submitted raw text passes the blacklist and whitelist, will the raw text be saved and be available for on-the-fly conversion to html. And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. But who say I have to use your editor? No one says you must by my editor. Al... I'm methodically going thru ha.ckers tests and so far my filters have caught everything. I greatly appreciate everyone's help. I think Jim meant how is your whitelist operating, not what it does to the user. Posting a message saying that iframe tags are not allowed sounds more like a blacklist type of behaviour. A whitelist should consider the data sent from the user as bad, and only allow it through if it meets certain criteria. By checking specifically for an iframe tag and being able to warn the user specifically, you're just using a blacklist not a whitelist. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about a security function
On 5/20/2010 12:43 PM, Ashley Sheridan wrote: On Thu, 2010-05-20 at 12:40 -0400, Al wrote: On 5/20/2010 12:02 PM, Jim Lucas wrote: Al wrote: On 5/20/2010 11:23 AM, David Otton wrote: On 20 May 2010 15:52, Aln...@ridersite.orgwrote: I agree blacklisting is a flawed approach in general. My approach is to strictly confine entry text to a whitelist of benign, acceptable tags. The But that's not what you've done. You've blacklisted the following patterns: \script\x20, \embed\x20, \object\x20, 'language=javascript', 'type=text/javascript', 'language=vbscript\', 'type=text/vbscript', 'language=vbscript', 'type=text/tcl', error_reporting\(0\),//Most hacks I've seen make certain they turn of error reporting \?php,//Here for the heck of it. and allowed everything else. A couple of examples: You haven't blacklistediframe IMG SRC=javascript:alert('XSS');would sail straight through that list. I can't tell from that list alone, but are your checks case-insensitive? BecauseScRipTwould pass through a case-sensitive check. We can go on like this all day, and at the end of it you still won't be sure you've blacklisted everything. The first answer at http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags is related, also. I'm not being clear. First pass is thru the blacklist, which effectually tells hacker to not bother and totally deletes the entry. If the raw entry gets past the blacklist, it must then only contain my whitelist tags. e.g., the two examples you cited were caught by the whitelist parser. What exactly does your whitelist parser do? It posts an error message that shows the user what the error is [e.g., iframe is an invalid tag. Your text cannot posted until all errors are corrected. Only when the submitted raw text passes the blacklist and whitelist, will the raw text be saved and be available for on-the-fly conversion to html. And yes, I'm using preg_match() with the i arg. Note, my blacklist is not looking for tags per se, just the start of a bad tag. My users are only suppose to be entering plain text with some nice highlighting and lists, etc. The editor will not post anything else. But who say I have to use your editor? No one says you must by my editor. Al... I'm methodically going thru ha.ckers tests and so far my filters have caught everything. I greatly appreciate everyone's help. I think Jim meant how is your whitelist operating, not what it does to the user. Posting a message saying thatiframe tags are not allowed sounds more like a blacklist type of behaviour. A whitelist should consider the data sent from the user as bad, and only allow it through if it meets certain criteria. By checking specifically for aniframe tag and being able to warn the user specifically, you're just using a blacklist not a whitelist. Thanks, Ash http://www.ashleysheridan.co.uk No, no, it's truly a whitelist. Every tag that is not in the list is designated as not allowed. If anyone is interested here is my whitelist. I also use these for html validity and nesting checking, etc. Note, they are listed by html type. img and a use are very constrained. img can only point to an image file on the server and a is checked for syntax and even that it points to a valid URL. //region Usable XHTML elements for user entered raw text [Only these XHTML tags can be used] $inlineHtmlTagsArray = array('a', 'b', 'img', 'em', 'option', 'select', 'span', 'strong',); //Note img is both empty and inline $blockHtmlTagsArray = array('div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'pre',); $emptyHtmlTagsArray = array('br', 'hr', 'img',); $listHtmlTagsArray = array('li', 'ol', 'ul'); $tableHtmlTagsArray = array('col', 'table', 'tbody', 'td', 'th', 'thead', 'tr',); //endregion -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
Kevin wrote: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. I think the docs are still screwed up. Try sqlite3_open() instead and see if that works. Also, check phpinfo() to see if the SQLite/SQLite3 modules are loaded. I tried with sqlite3_open() and it gave the same error. THEN ... 'check phpinfo()' Obviously sqlite extension is not actually loaded. You don't aey which OS ... On windows there are a list of extensions in the php.ini file, just 'uncomment' the one(s) you need ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about creating php files from a form
Kevin wrote: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. I think the docs are still screwed up. Try sqlite3_open() instead and see if that works. Also, check phpinfo() to see if the SQLite/SQLite3 modules are loaded. I tried with sqlite3_open() and it gave the same error. THEN ... 'check phpinfo()' Obviously sqlite extension is not actually loaded. You don't aey which OS ... On windows there are a list of extensions in the php.ini file, just 'uncomment' the one(s) you need ... -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php __ There is no sqlite3_open() - there is only an OOP interface for php_sqlite3. I wrote to the list in frustration about this choice not too long ago, and concluded that the only way to accomplish this is to: 1.) Use php-sqlite3 extension (not to be confused with the php_sqlite3 - dash vs underscore) - but this isn't a great solution because it would mean you would need to ask your host to enable a custom extension, which they usually don't do. If you're hosting this app on your own server, then give it a bash. 2.) Otherwise, get involved in PECL development and help give php_sqlite3 a procedural interface. Of course, if you're looking for basic database storage, then SQLite2 (php_sqlite) would work fine. Best of luck, Lawrance -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
On Thu, 2010-05-13 at 23:53 -0400, Kevin wrote: Ashley Sheridan wrote: On Thu, 2010-05-13 at 23:07 -0400, Kevin wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin It might sound overkill, but I'd use a database for this. All the recipes can be stored in a MySQL database, and then you can use a simple couple of queries to produce the recipe list and the recipe pages dynamically. This also has the advantage that it's very easy to search the recipe list when it becomes larger, and if you ever want to change the layout/presentation of the whole system you won't have to recreate all the recipe pages. The DB could have several columns labelled: id, name, ingredients, method So, the form page (lets assume it's called add.php) could submit to itself which then adds the recipe to the DB with a query like: INSERT INTO recipes(name, ingredients, method) VALUES($name, $ingredients, $method) This is only a very simple example which could be extended to use another table for ingredients for a recipe. Don't forget to sanitise any input coming from the form with mysql_real_escape_string() for inserting it into the DB. The list.php page could just use a simple query like: SELECT id, name FROM recipes And then create a link to each recipe in the form: recipe.php?recipe=id (where id is the numerical value used in the DB) and that would then use a query like: SELECT * FROM recipe WHERE id=$recipe MySQL is available on most hosting that you'll find has support for PHP, and every Linux distribution I've seen has it too. Thanks, Ash http://www.ashleysheridan.co.uk Thank you Ash for the quick reply. I was actually looking at using a database too... and I am testing out a few different ones (SQLite and MySQL) I appreciate the extra information, it will be helpful in the future :-) /On a side note: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. /I wanted to try a different approach by just creating the recipes in individual html files for the time being. Do happen to know how to create html files from a php form? Thank you. To create files I'd probably just use fopen() and fwrite(). It's how I always do it. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about creating php files from a form
On 14 May 2010 04:07, Kevin kevin.mailingli...@gmail.com wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php If you can build the HTML in memory, then you can use ... file_put_contents('your_file.html', $YourHtml'); -- - Richard Quadling Standing on the shoulders of some very clever giants! EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Question about creating php files from a form
From: Kevin I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. There are already a number of free applications for this. I have reviewed over a dozen of them in the past year. Drupal has a recipe module, Gourmet for Gnome users, Krecipes for KDE users. ReciPants in Perl, Qookbook, to name a few off the top of my head. Some of them will link into the USDA Nutrition Database as well. You may not need to reinvent this particular wheel. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
At 11:07 PM -0400 5/13/10, Kevin wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin Kevin: Your wife is trying to make cookies? :-) Sorry, I couldn't resist. I recommend the same thing that Ash recommended, namely creating a database where your wife can enter the ingredients via a form and have those recorded in a database -- a database where one can pull the data and show the recipes in any manner you want. Don't look to saving these data as files, or as cookies, but rather as data in a database. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
Paul M Foster wrote: On Thu, May 13, 2010 at 11:53:54PM -0400, Kevin wrote: snip /On a side note: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. I think the docs are still screwed up. Try sqlite3_open() instead and see if that works. Also, check phpinfo() to see if the SQLite/SQLite3 modules are loaded. Paul Thanks Paul, I tried with sqlite3_open() and it gave the same error. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
On Thu, 2010-05-13 at 23:07 -0400, Kevin wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin It might sound overkill, but I'd use a database for this. All the recipes can be stored in a MySQL database, and then you can use a simple couple of queries to produce the recipe list and the recipe pages dynamically. This also has the advantage that it's very easy to search the recipe list when it becomes larger, and if you ever want to change the layout/presentation of the whole system you won't have to recreate all the recipe pages. The DB could have several columns labelled: id, name, ingredients, method So, the form page (lets assume it's called add.php) could submit to itself which then adds the recipe to the DB with a query like: INSERT INTO recipes(name, ingredients, method) VALUES($name, $ingredients, $method) This is only a very simple example which could be extended to use another table for ingredients for a recipe. Don't forget to sanitise any input coming from the form with mysql_real_escape_string() for inserting it into the DB. The list.php page could just use a simple query like: SELECT id, name FROM recipes And then create a link to each recipe in the form: recipe.php?recipe=id (where id is the numerical value used in the DB) and that would then use a query like: SELECT * FROM recipe WHERE id=$recipe MySQL is available on most hosting that you'll find has support for PHP, and every Linux distribution I've seen has it too. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Question about creating php files from a form
Ashley Sheridan wrote: On Thu, 2010-05-13 at 23:07 -0400, Kevin wrote: Hello All, I am trying to figure out how to create files when a user submits a form ... I have seen something about '*fopen*' , is that the direction I should be going? Here is what I am trying to accomplish: I am creating a program to keep track of recipes for my wife. I have have page set up where she can put the name of the recipe, the ingredients, and the amounts of each ingredient. Then she clicks Submit I would like a html file with the name of the recipe to be created ie *cookies.html *with a link to the cookies.html created on another page. * *I hope this makes sense, and thank you all for your time... - - Kevin It might sound overkill, but I'd use a database for this. All the recipes can be stored in a MySQL database, and then you can use a simple couple of queries to produce the recipe list and the recipe pages dynamically. This also has the advantage that it's very easy to search the recipe list when it becomes larger, and if you ever want to change the layout/presentation of the whole system you won't have to recreate all the recipe pages. The DB could have several columns labelled: id, name, ingredients, method So, the form page (lets assume it's called add.php) could submit to itself which then adds the recipe to the DB with a query like: INSERT INTO recipes(name, ingredients, method) VALUES($name, $ingredients, $method) This is only a very simple example which could be extended to use another table for ingredients for a recipe. Don't forget to sanitise any input coming from the form with mysql_real_escape_string() for inserting it into the DB. The list.php page could just use a simple query like: SELECT id, name FROM recipes And then create a link to each recipe in the form: recipe.php?recipe=id (where id is the numerical value used in the DB) and that would then use a query like: SELECT * FROM recipe WHERE id=$recipe MySQL is available on most hosting that you'll find has support for PHP, and every Linux distribution I've seen has it too. Thanks, Ash http://www.ashleysheridan.co.uk Thank you Ash for the quick reply. I was actually looking at using a database too... and I am testing out a few different ones (SQLite and MySQL) I appreciate the extra information, it will be helpful in the future :-) /On a side note: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. /I wanted to try a different approach by just creating the recipes in individual html files for the time being. Do happen to know how to create html files from a php form? Thank you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question about creating php files from a form
On Thu, May 13, 2010 at 11:53:54PM -0400, Kevin wrote: snip /On a side note: I am having some issues with connecting to a SQLite database right now ... I'm getting the following error Fatal Error: 'sqlite_open' is an unknown function But I'm putting that on the side right now. I think the docs are still screwed up. Try sqlite3_open() instead and see if that works. Also, check phpinfo() to see if the SQLite/SQLite3 modules are loaded. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php