php-general Digest 10 Aug 2010 09:17:48 -0000 Issue 6887
Topics (messages 307371 through 307389):
Re: Google spreadsheet curl
307371 by: ioannes.btinternet.com
307388 by: ioannes.btinternet.com
307389 by: ioannes.btinternet.com
Limit failed logins attempts
307372 by: Juan Rodriguez Monti
307374 by: Peter Lind
307375 by: Richard Quadling
307376 by: Bob McConnell
307377 by: Richard Quadling
307378 by: Peter Lind
Re: question about compiling a portable web server for linux
307373 by: Bob McConnell
Re: how do you upload to a 3rd-party remote server?
307379 by: Govinda
Snoopy port using PHP cURL library
307380 by: Marc Guay
307383 by: Marc Guay
[ERROR LOG FORMATTER] - any recommendations for web viewable error log
formatters?
307381 by: Tristan
307382 by: Peter Lind
307384 by: Tristan
307385 by: Bastien Koert
307387 by: Tristan
Test - Ignore
307386 by: SED
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
This is a new message, not an existing thread. I don't know where the
Re: got into the subject. Perhaps I sent it to myself first.
Anyway, answer may have something to do with getting Zend installed.
John
--- End Message ---
--- Begin Message ---
I have uploaded Zend to my site but the files within the package do not
seem to find each other:
Warning: include_once(Zend/Gdata.php) [function.include-once]: failed to
open stream: No such file or directory in
/home/mysite/Zend/library/Zend/Loader.php on line 146
The line 146 is;
if ($once) {
include_once $filename;
The code goes as below and I am wondering what is this trying to say
about $filename, it says: * @param string $filename as a
comment, and then uses $filename without defining it. Am I supposed to
provide this?
This seems a lot of effort just to download a google spreadsheet with curl.
===========================================================================
/**
* Loads a PHP file. This is a wrapper for PHP's include() function.
*
* $filename must be the complete filename, including any
* extension such as ".php". Note that a security check is
performed that
* does not permit extended characters in the filename. This method is
* intended for loading Zend Framework files.
*
* If $dirs is a string or an array, it will search the directories
* in the order supplied, and attempt to load the first matching file.
*
* If the file was not found in the $dirs, or if no $dirs were
specified,
* it will attempt to load it from PHP's include_path.
*
* If $once is TRUE, it will use include_once() instead of include().
*
* @param string $filename
* @param string|array $dirs - OPTIONAL either a path or array of
paths
* to search.
* @param boolean $once
* @return boolean
* @throws Zend_Exception
*/
public static function loadFile(c, $dirs = null, $once = false)
{
self::_securityCheck($filename);
/**
* Search in provided directories, as well as include_path
*/
$incPath = false;
if (!empty($dirs) && (is_array($dirs) || is_string($dirs))) {
if (is_array($dirs)) {
$dirs = implode(PATH_SEPARATOR, $dirs);
}
$incPath = get_include_path();
set_include_path($dirs . PATH_SEPARATOR . $incPath);
}
/**
* Try finding for the plain filename in the include_path.
*/
if ($once) {
include_once $filename;
===========================================================================
--- End Message ---
--- Begin Message ---
On 2010/08/10 6:24, ioan...@btinternet.com wrote:
I have uploaded Zend to my site but the files within the package do not
seem to find each other:
I solved this by correcting the include path (should be to the library
folder (with no trailing slash)). I get as far as a menu offering to
list docs, query or upload. However, clicking these options doesn't do
anything, but I will take up the issue with a Zend group. Unless anyone
here knows an easier way to curl download a google spreadsheet...?
John
--- End Message ---
--- Begin Message ---
Hi guys,
I would like to know what do you suggest to implement a limit for
failed login attempts.
I thought that might be a good idea, to define a session variable
called ( failedattempts ), then check and if $failedattempts is
greater than, suppose, 4 write to a Database ( ip, username and
last-time-attempt ). If ater that, the user/bot tries again to login
unsuccessfully, then the system should ban that user & ip combination.
Some questions about this situation:
- Do you think that is a good idea to use sleep() ?.
- How should I send a 503 HTTP error to the user after 5 attempts ?
- Is this a good idea to do all this work for this security purpose ?
- Do you know/suggest a better way to solve this?
Thanks in advance,
Juan
--- End Message ---
--- Begin Message ---
On 9 August 2010 14:30, Juan Rodriguez Monti <j...@rodriguezmonti.com.ar> wrote:
> Hi guys,
> I would like to know what do you suggest to implement a limit for
> failed login attempts.
I use velocity control (or whatever it is called). After the first
failed attempt, set a ban-period before another login is possible for
the account - start at 1 second. After each consecutive fail, double
the period.
> I thought that might be a good idea, to define a session variable
> called ( failedattempts ), then check and if $failedattempts is
> greater than, suppose, 4 write to a Database ( ip, username and
> last-time-attempt ). If ater that, the user/bot tries again to login
> unsuccessfully, then the system should ban that user & ip combination.
>
> Some questions about this situation:
>
> - Do you think that is a good idea to use sleep() ?.
No. That won't achieve much except annoy legitimate users.
> - How should I send a 503 HTTP error to the user after 5 attempts ?
user header(). I would send a 403
> - Is this a good idea to do all this work for this security purpose ?
Making sure that noone can try bruteforcing an account is a good idea.
Just make sure you cannot use this security measure to lock out an
account.
> - Do you know/suggest a better way to solve this?
Velocity control, as stated.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
--- End Message ---
--- Begin Message ---
On 9 August 2010 13:30, Juan Rodriguez Monti <j...@rodriguezmonti.com.ar> wrote:
> I thought that might be a good idea, to define a session variable
> called ( failedattempts ), then check and if $failedattempts is
> greater than, suppose, 4 ...
As sessions are connected to a request through a session cookie,
putting the failed attempts in the session for checking later is a bad
idea. A script attempting to crack your security will most likely NOT
be using cookies. So each request, all the many millions of them, will
seem to be clean/virgin requests, not multiple attempts. Each request
will create a blank new session with 0 previous attempts.
Richard.
--- End Message ---
--- Begin Message ---
From: Juan Rodriguez Monti
> I would like to know what do you suggest to implement a limit for
> failed login attempts.
>
> I thought that might be a good idea, to define a session variable
> called ( failedattempts ), then check and if $failedattempts is
> greater than, suppose, 4 write to a Database ( ip, username and
> last-time-attempt ). If ater that, the user/bot tries again to login
> unsuccessfully, then the system should ban that user & ip combination.
We have two columns in the user table, login_attempts and u_touch. The
first is an integer, the second is a time stamp. The second is updated
to now every time the user requests a page. Each time a login attempt
fails, the first column is incremented. If the first column exceeds 3
when a new attempt is made, the previous time in the second must be more
than 30 minutes old. The first column is reset to 0 on a successful
login, or 1 on an unsuccessful attempt more than 30 minutes after the
previous attempt.
The error message is the same for all login failures, no matter what the
cause.
While logged in, if a page is requested with the value of u_touch more
than ten minutes old, the user is automatically logged out.
Bob McConnell
--- End Message ---
--- Begin Message ---
On 9 August 2010 14:04, Juan Rodriguez Monti <j...@rodriguezmonti.com.ar> wrote:
> 2010/8/9 Richard Quadling <rquadl...@gmail.com>:
>> On 9 August 2010 13:30, Juan Rodriguez Monti <j...@rodriguezmonti.com.ar>
>> wrote:
>>> I thought that might be a good idea, to define a session variable
>>> called ( failedattempts ), then check and if $failedattempts is
>>> greater than, suppose, 4 ...
>>
>> As sessions are connected to a request through a session cookie,
>> putting the failed attempts in the session for checking later is a bad
>> idea. A script attempting to crack your security will most likely NOT
>> be using cookies. So each request, all the many millions of them, will
>> seem to be clean/virgin requests, not multiple attempts. Each request
>> will create a blank new session with 0 previous attempts.
>
> Good point. Thanks.
>
> So, what should I use instead of sessions to check this ?.
>
> Juan
>
You could suspend the account after 3 bad logins. Nice and simple. A
"FailedLoginsSinceLastLogin" counter against the account in the DB
should be enough. If that exceeds your limit, then they can't login.
They will have to re-authenticate in some other way. When that is
successful, then the value can be cleared.
Bob's way looks good.
--- End Message ---
--- Begin Message ---
On 9 August 2010 15:10, Richard Quadling <rquadl...@gmail.com> wrote:
> On 9 August 2010 14:04, Juan Rodriguez Monti <j...@rodriguezmonti.com.ar>
> wrote:
>> 2010/8/9 Richard Quadling <rquadl...@gmail.com>:
>>> On 9 August 2010 13:30, Juan Rodriguez Monti <j...@rodriguezmonti.com.ar>
>>> wrote:
>>>> I thought that might be a good idea, to define a session variable
>>>> called ( failedattempts ), then check and if $failedattempts is
>>>> greater than, suppose, 4 ...
>>>
>>> As sessions are connected to a request through a session cookie,
>>> putting the failed attempts in the session for checking later is a bad
>>> idea. A script attempting to crack your security will most likely NOT
>>> be using cookies. So each request, all the many millions of them, will
>>> seem to be clean/virgin requests, not multiple attempts. Each request
>>> will create a blank new session with 0 previous attempts.
>>
>> Good point. Thanks.
>>
>> So, what should I use instead of sessions to check this ?.
>>
>> Juan
>>
>
> You could suspend the account after 3 bad logins. Nice and simple. A
> "FailedLoginsSinceLastLogin" counter against the account in the DB
> should be enough. If that exceeds your limit, then they can't login.
> They will have to re-authenticate in some other way. When that is
> successful, then the value can be cleared.
That allows locking out users at random by knowing the username - not
a very good solution.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
--- End Message ---
--- Begin Message ---
From: Ashley Sheridan
> On Sat, 2010-08-07 at 10:43 +0800, lainme wrote:
>
>> thanks for the reply. I know it is not a PHP problem. And I want to
know
>> whether it is possible to make it architecture independent.
>>
>> On Sat, Aug 7, 2010 at 10:38 AM, Ashley Sheridan
>> <a...@ashleysheridan.co.uk>wrote:
>>
>> > On Sat, 2010-08-07 at 10:22 +0800, lainme wrote:
>> >
>> > Hi, I recently compiled a portable portable web server for linux,
using
>> > lighttpd and php.
>> >
>> > But it seems that php can only run on machine with the same glibc
version
>> > compiled it. How can I solve the problem?
>> >
>> >
>> > It's not a PHP problem. If you compile something, it's compiled to
the same
>> > architecture that you specify, which by default is yours. have you
tried
>> > compiling your executable with the same setup as you're currently
using?
>
> You can't compile to be architecture independent. The best you can do
is
> convert a language to a byte-code, like java.
To expand on this, just a little, once you compile an application, you
have locked it in to a specific CPU, OS and versions of the requisite
dynamic libraries. The compiler options and your tool set define which
range of each of those it will actually run on. The only way to make
something completely independent of the architecture is to distribute it
in source code form. In this case, you are probably better off defining
minimum versions for the web server and PHP module that is required and
allow the user to install those on his own. Most distributions already
have those components packaged in an easy to manage kit.
Bob McConnell
--- End Message ---
--- Begin Message ---
On Aug 6, 2010, at 8:28 PM, Daniel P. Brown wrote:
On Fri, Aug 6, 2010 at 19:53, Govinda <govinda.webdnat...@gmail.com>
wrote:
can you elaborate? This kind of thing is all new to me. I need to
see some
sample code to even start to get an idea.
Hopefully Tedd will notice this thread. He's the man when it
comes to sample code. While there may be nothing directly-related to
this (I don't know, I haven't looked), you may want to check
http://php1.net/ to see some of his other samples for other issues
that come up.
The answer was just curl. I figured it out.
------------
Govinda
govinda.webdnat...@gmail.com
--- End Message ---
--- Begin Message ---
Does anyone know if the Snoopy class has been ported to use the
built-in PHP cURL library and released publicly somewhere?
Marc
--- End Message ---
--- Begin Message ---
> Does anyone know if the Snoopy class has been ported to use the
> built-in PHP cURL library and released publicly somewhere?
I converted it myself. If anyone's interested the class is attached.
Marc
--- End Message ---
--- Begin Message ---
a client of mine use to have some color coded one but, I can't find it
again. anyone using one that they particularly like?
similar to this but was hoping for something in PHP
http://www.psychogenic.com/en/products/Errorlog.php
Thanks, T
--- End Message ---
--- Begin Message ---
On 9 August 2010 20:40, Tristan <sunnrun...@gmail.com> wrote:
> a client of mine use to have some color coded one but, I can't find it
> again. anyone using one that they particularly like?
>
> similar to this but was hoping for something in PHP
>
> http://www.psychogenic.com/en/products/Errorlog.php
>
> Thanks, T
>
Xdebug formats errors, try installing that.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
--- End Message ---
--- Begin Message ---
Looking for something that does error logs on the server.
Thanks, T
On Mon, Aug 9, 2010 at 12:59 PM, Peter Lind <peter.e.l...@gmail.com> wrote:
> On 9 August 2010 20:40, Tristan <sunnrun...@gmail.com> wrote:
> > a client of mine use to have some color coded one but, I can't find it
> > again. anyone using one that they particularly like?
> >
> > similar to this but was hoping for something in PHP
> >
> > http://www.psychogenic.com/en/products/Errorlog.php
> >
> > Thanks, T
> >
>
> Xdebug formats errors, try installing that.
>
> Regards
> Peter
>
> --
> <hype>
> WWW: http://plphp.dk / http://plind.dk
> LinkedIn: http://www.linkedin.com/in/plind
> BeWelcome/Couchsurfing: Fake51
> Twitter: http://twitter.com/kafe15
> </hype>
>
--- End Message ---
--- Begin Message ---
On Mon, Aug 9, 2010 at 3:12 PM, Tristan <sunnrun...@gmail.com> wrote:
> Looking for something that does error logs on the server.
>
> Thanks, T
>
> On Mon, Aug 9, 2010 at 12:59 PM, Peter Lind <peter.e.l...@gmail.com> wrote:
>
>> On 9 August 2010 20:40, Tristan <sunnrun...@gmail.com> wrote:
>> > a client of mine use to have some color coded one but, I can't find it
>> > again. anyone using one that they particularly like?
>> >
>> > similar to this but was hoping for something in PHP
>> >
>> > http://www.psychogenic.com/en/products/Errorlog.php
>> >
>> > Thanks, T
>> >
>>
>> Xdebug formats errors, try installing that.
>>
>> Regards
>> Peter
>>
>> --
>> <hype>
>> WWW: http://plphp.dk / http://plind.dk
>> LinkedIn: http://www.linkedin.com/in/plind
>> BeWelcome/Couchsurfing: Fake51
>> Twitter: http://twitter.com/kafe15
>> </hype>
>>
>
Splunk http://www.splunk.com/
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
Thanks but, holy overkill. I just need something simple. Thanks for the
advice guys.
-T
On Mon, Aug 9, 2010 at 2:30 PM, Bastien Koert <phps...@gmail.com> wrote:
> On Mon, Aug 9, 2010 at 3:12 PM, Tristan <sunnrun...@gmail.com> wrote:
> > Looking for something that does error logs on the server.
> >
> > Thanks, T
> >
> > On Mon, Aug 9, 2010 at 12:59 PM, Peter Lind <peter.e.l...@gmail.com>
> wrote:
> >
> >> On 9 August 2010 20:40, Tristan <sunnrun...@gmail.com> wrote:
> >> > a client of mine use to have some color coded one but, I can't find it
> >> > again. anyone using one that they particularly like?
> >> >
> >> > similar to this but was hoping for something in PHP
> >> >
> >> > http://www.psychogenic.com/en/products/Errorlog.php
> >> >
> >> > Thanks, T
> >> >
> >>
> >> Xdebug formats errors, try installing that.
> >>
> >> Regards
> >> Peter
> >>
> >> --
> >> <hype>
> >> WWW: http://plphp.dk / http://plind.dk
> >> LinkedIn: http://www.linkedin.com/in/plind
> >> BeWelcome/Couchsurfing: Fake51
> >> Twitter: http://twitter.com/kafe15
> >> </hype>
> >>
> >
>
> Splunk http://www.splunk.com/
>
> --
>
> Bastien
>
> Cat, the other other white meat
>
--- End Message ---
--- Begin Message ---
Test A00
SED
--- End Message ---
