php-general Digest 23 May 2010 20:28:19 -0000 Issue 6760

Sun, 23 May 2010 13:31:02 -0700 

php-general Digest 23 May 2010 20:28:19 -0000 Issue 6760

Topics (messages 305447 through 305460):

Re: Multiple Login in a single PC should not be possible
        305447 by: Karl DeSaulniers
        305448 by: Karl DeSaulniers
        305453 by: Robert Cummings
        305454 by: Robert Cummings
        305456 by: Nathan Rixham
        305458 by: Nathan Rixham

Is there a good way to extract the <embed>/<object> content in HTML 
with/without closing tag?
        305449 by: Chian Hsieh
        305457 by: Nathan Rixham

Re: securing a custom app
        305450 by: David Mehler
        305452 by: Nilesh Govindarajan

Re: Remove blank lines from a file
        305451 by: tedd
        305455 by: Robert Cummings
        305459 by: Nathan Rixham
        305460 by: Nathan Rixham

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- What about creating a java or ajax proxy that verifies the system mixed with PHP login security and cookies? 
Maybe mix it with some SSL??

Karl


On May 22, 2010, at 10:37 PM, Karl DeSaulniers wrote:


I am going to ask my flash guru buddies.
Let me see if I can find anything out.

Karl


On May 22, 2010, at 10:10 PM, Robert Cummings wrote:


Robert Cummings wrote:

Karl DeSaulniers wrote:
Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. 

Have you ever programed in flash?

Yes. But I prefer open source all the way :)
BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. 

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com

--- End Message ---
--- Begin Message --- Also, on the flash subject, I believe you can utilize the SharedObject class to achieve what they are wanting. I was told that you MUST remember to delete the SharedObject if the browser window is closed or crashes. 
Not sure on how this is done.

Karl


On May 23, 2010, at 3:59 AM, Karl DeSaulniers wrote:
What about creating a java or ajax proxy that verifies the system mixed with PHP login security and cookies? 
Maybe mix it with some SSL??

Karl


On May 22, 2010, at 10:37 PM, Karl DeSaulniers wrote:


I am going to ask my flash guru buddies.
Let me see if I can find anything out.

Karl


On May 22, 2010, at 10:10 PM, Robert Cummings wrote:


Robert Cummings wrote:

Karl DeSaulniers wrote:
Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. 

Have you ever programed in flash?

Yes. But I prefer open source all the way :)
BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. 

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com

--- End Message ---
--- Begin Message --- A virtual machine is like a separate computer, but running in the same computer. It would easily thwart this. 

Cheers,
Rob.



Karl DeSaulniers wrote:
What about creating a java or ajax proxy that verifies the system mixed with PHP login security and cookies? 
Maybe mix it with some SSL??

Karl


On May 22, 2010, at 10:37 PM, Karl DeSaulniers wrote:


I am going to ask my flash guru buddies.
Let me see if I can find anything out.

Karl


On May 22, 2010, at 10:10 PM, Robert Cummings wrote:


Robert Cummings wrote:

Karl DeSaulniers wrote:
Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. 

Have you ever programed in flash?

Yes. But I prefer open source all the way :)
BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. 

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com




--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---
--- Begin Message --- See comment on virtual machine :) But even without a virtual machine, is this SharedObject saved in a browser determined location, or does the flash app get a say on where it wants to go. Is it shared between flash apps in same browser, or shared across all browsers on same machine. 

Cheers,
Rob.



Karl DeSaulniers wrote:
Also, on the flash subject, I believe you can utilize the SharedObject class to achieve what they are wanting. I was told that you MUST remember to delete the SharedObject if the browser window is closed or crashes. 
Not sure on how this is done.

Karl


On May 23, 2010, at 3:59 AM, Karl DeSaulniers wrote:
What about creating a java or ajax proxy that verifies the system mixed with PHP login security and cookies? 
Maybe mix it with some SSL??

Karl


On May 22, 2010, at 10:37 PM, Karl DeSaulniers wrote:


I am going to ask my flash guru buddies.
Let me see if I can find anything out.

Karl


On May 22, 2010, at 10:10 PM, Robert Cummings wrote:


Robert Cummings wrote:

Karl DeSaulniers wrote:
Wow. I'm going to stay away from that one. I'm just trying to help this guy secure his learning API and that would be one way to insure that two browsers were not logged in on the same system. Especially if you weren't using a browser in the first place. 

Have you ever programed in flash?

Yes. But I prefer open source all the way :)
BTW, I'm still not sure how you expect flash to solve the problem. I can just run a virtual machine with another flash instance. Seems to me like your trading cauliflower for broccoli... they're both vegetables. 

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com




--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---
--- Begin Message --- 
Karl DeSaulniers wrote:
>
can't be done I'm afraid, no matter how hard you look - there is *always* a way around it.
only thing you can do is in certain situations ensure that whatever important 'act' is carried out is limited to a fixed person with some personally identifiable data; for instance requiring an address and passport / driving license number for airplane ticket deliver and so forth.
To illustrate, before me now on my 'single' machine, I have the primary OS, and two more running in virtual box's; each one has several browsers; and to compound matters I'm hooked up to 2 different networks; and on one of those I can change IP whenever I want. Perhaps only deep packet inspection shared between the different ISPs I use and some kind of knowledge on their part between who in the household is using which machine to do what @ each certain time. 

Good luck though :)

Nathan

--- End Message ---
--- Begin Message --- quick confirm: flash won't help you here (nor java, ajax, virtualisation, client side programs, ip filtering, browser detection) - it's not possible I'm afraid; best you can do is limit with personally identifiable information and trust that users won't be sharing an account which has sensitive data in it.
I seem to have missed it; but why exactly don't you want a client 'logged in' multiple times (at the same time)? perhaps if you give us the root of the problem instead of how to do the solution you've chosen, we can be of more help :) 

Best,

Nathan

Robert Cummings wrote:
See comment on virtual machine :) But even without a virtual machine, is this SharedObject saved in a browser determined location, or does the flash app get a say on where it wants to go. Is it shared between flash apps in same browser, or shared across all browsers on same machine. 

Karl DeSaulniers wrote:
Also, on the flash subject, I believe you can utilize the SharedObject class to achieve what they are wanting. I was told that you MUST remember to delete the SharedObject if the browser window is closed or crashes. 
Not sure on how this is done.

--- End Message ---
--- Begin Message --- 
Hi,

I want to extract all contents started with <embed> and <object>
with/without closing tags.
My solution is using a regular expression to get it work, but there is some
exception I could not handle out.

The REGEXs I used are:

// With closing tag
if (preg_match_all("#(<(object|embed)[^>]+>.*?</\\2>)#is", $str,
$matchObjs)) {
  // blahblah

// Without closing tag
} else if (preg_match_all("#(<(?:object|embed)[^>]+>)#",$str,$matchObjs)){
  // blahblah
}

But it might be failed if the $str are mixed with/without closing tags:

$str ='<div><div><object type="application/x-shockwave-flash"><param
name="zz" value="xx"></object></div><div><embed src="http://sample.com";
/></div>'

In this situation, it will only get the
<object type="application/x-shockwave-flash"><param name="zz"
value="xx"></object>

but I want to get the two results which are
<object type="application/x-shockwave-flash"><param name="zz"
value="xx"></object>
<embed src="http://sample.com"; />


So, is there a good way to use one REGEX to process this issue?

Thanks for your help.

-- 
- Chi-An Hsieh

--- End Message ---
--- Begin Message --- 
Chian Hsieh wrote:

Hi,

I want to extract all contents started with <embed> and <object>
with/without closing tags.
My solution is using a regular expression to get it work, but there is some
exception I could not handle out.

The REGEXs I used are:

// With closing tag
if (preg_match_all("#(<(object|embed)[^>]+>.*?</\\2>)#is", $str,
$matchObjs)) {
  // blahblah

// Without closing tag
} else if (preg_match_all("#(<(?:object|embed)[^>]+>)#",$str,$matchObjs)){
  // blahblah
}

But it might be failed if the $str are mixed with/without closing tags:

$str ='<div><div><object type="application/x-shockwave-flash"><param
name="zz" value="xx"></object></div><div><embed src="http://sample.com";
/></div>'

In this situation, it will only get the
<object type="application/x-shockwave-flash"><param name="zz"
value="xx"></object>

but I want to get the two results which are
<object type="application/x-shockwave-flash"><param name="zz"
value="xx"></object>
<embed src="http://sample.com"; />


So, is there a good way to use one REGEX to process this issue?
If you're open to using methods other than regex; then one way to get pretty good results is to run the document through HTML Tidy, then parse it in to a DOM and query it using xpath/xquery - basically mimic the base way in which the browsers do it (and the way recommended by the HTML specs) 

Best,

Nathan

--- End Message ---
--- Begin Message --- 
Hello everyone,
Thanks. I'm looking in to the ssl, I would like to use it, and it does
seem much less work than the alternative.
Thanks.
Dave.


On 5/23/10, Adam Richardson <simples...@gmail.com> wrote:
> On Sun, May 23, 2010 at 12:40 AM, David Mehler <dave.meh...@gmail.com>wrote:
>
>> Hello,
>> I've got a custom app that interacts with a database. I want to use
>> something stronger than .htaccess to protect it and ssl is not
>> available as this is a shared host. There will be several user's
>> accessing this app and updating the database through it. What i was
>> thinking was giving each a unique username, password, and ID string,
>> which would be somehow used to compute a hash and if that would match
>> access could be granted. That's just a guess on my part, i'd
>> appreciate any suggestions.
>> Thanks.
>> Dave.
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> If you really, really can't get to SSL, you could develop the client-side
> code to use a java applet as a proxy, and the applet could handle the
> encryption (I've only done that once and it wasn't worth the work in the
> long-run, I should have just switched hosts OR clients.)  You could also
> pull off the same effect with a FLEX application, too.
>
> And, if you really, really wanted to, you could even develop an ajax
> application that encrypted the traffic before sending and decrypted any
> incoming traffic using a hash of a nonce provided by the server and the
> password of the user (the server-side PHP would perform the complimentary
> actions.)  However, this would be quite a bit of work, and I'm hoping that
> you can talk someone into a hosting upgrade :)
>
> For reference, here's a javascript implementation of AES I've used in the
> past (there's a port of the corresponding PHP to use linked on the same
> page):
> http://www.movable-type.co.uk/scripts/aes.html
>
> But, again, I hope you can just switch to a host with SSL.
>
> Adam
>
> --
> Nephtali:  PHP web framework that functions beautifully
> http://nephtaliproject.com
>

--- End Message ---
--- Begin Message --- 
On 05/23/2010 05:22 PM, David Mehler wrote:

Hello everyone,
Thanks. I'm looking in to the ssl, I would like to use it, and it does
seem much less work than the alternative.
Thanks.
Dave.


On 5/23/10, Adam Richardson<simples...@gmail.com>  wrote:

On Sun, May 23, 2010 at 12:40 AM, David Mehler<dave.meh...@gmail.com>wrote:


Hello,
I've got a custom app that interacts with a database. I want to use
something stronger than .htaccess to protect it and ssl is not
available as this is a shared host. There will be several user's
accessing this app and updating the database through it. What i was
thinking was giving each a unique username, password, and ID string,
which would be somehow used to compute a hash and if that would match
access could be granted. That's just a guess on my part, i'd
appreciate any suggestions.
Thanks.
Dave.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



If you really, really can't get to SSL, you could develop the client-side
code to use a java applet as a proxy, and the applet could handle the
encryption (I've only done that once and it wasn't worth the work in the
long-run, I should have just switched hosts OR clients.)  You could also
pull off the same effect with a FLEX application, too.

And, if you really, really wanted to, you could even develop an ajax
application that encrypted the traffic before sending and decrypted any
incoming traffic using a hash of a nonce provided by the server and the
password of the user (the server-side PHP would perform the complimentary
actions.)  However, this would be quite a bit of work, and I'm hoping that
you can talk someone into a hosting upgrade :)

For reference, here's a javascript implementation of AES I've used in the
past (there's a port of the corresponding PHP to use linked on the same
page):
http://www.movable-type.co.uk/scripts/aes.html

But, again, I hope you can just switch to a host with SSL.

Adam

--
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com





Ah obviously, because it is not done by PHP but managed by the server ! ;)

--
Nilesh Govindarajan (निलेश गोविंदराजन)
Twitter: nileshgr
Facebook: nilesh.gr
Website: www.itech7.com

--- End Message ---
--- Begin Message --- 
At 1:02 PM -0400 5/22/10, Robert Cummings wrote:

tedd wrote:


If that is all (i.e., removing double linefeeds), then this will do it:

$text_array = array();
$text_array = explode("\n\n", $input_text);
$output_text = implode("\n",$text_array);
Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: 

<?php

$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );

?>

Cheers,
Rob.


Rob:
It's not broken according to my "given", which was "If that is all (i.e., removing double linefeeds), then this will do it:" My code does exactly what was stated. I did not catch there were more than two linefeeds in the OP's problem. Doing more was something I did not address. 

Also, the solution you provided works better this way:  :-)

$input = preg_replace( "#[\r\n]+[[:space:]]+[\r\n]+#", "\n", $input );
$input = preg_replace( "#[\r\n]+#", PHP_EOL, $input );
$input = trim( $input );

Cheers,

tedd

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--- End Message ---
--- Begin Message --- 
tedd wrote:

At 1:02 PM -0400 5/22/10, Robert Cummings wrote:

tedd wrote:

If that is all (i.e., removing double linefeeds), then this will do it:

$text_array = array();
$text_array = explode("\n\n", $input_text);
$output_text = implode("\n",$text_array);
Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: 

<?php

$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );

?>

Cheers,
Rob.


Rob:
It's not broken according to my "given", which was "If that is all (i.e., removing double linefeeds), then this will do it:" My code does exactly what was stated.
Actually, his comment didn't say double line feeds... his comment said I want THIS to look like THAT. And THIS had a triple line feed and THAT completely normalized it to a single line feed. I realize you misunderstood the problem, but where I work, clients don't think a solution based on incorrect presumptions is a valid solution for a clearly defined problem :)
I did not catch there were more than two linefeeds in the OP's problem. Doing more was something I did not address. 

Also, the solution you provided works better this way:  :-)

$input = preg_replace( "#[\r\n]+[[:space:]]+[\r\n]+#", "\n", $input );
$input = preg_replace( "#[\r\n]+#", PHP_EOL, $input );
$input = trim( $input );
Doh, what's funny is I fixed it in my test script but had already pasted into my email and forgot to update that *lol*. Good catch! 

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--- End Message ---
--- Begin Message --- 
Robert Cummings wrote:

tedd wrote:

At 1:02 PM -0400 5/22/10, Robert Cummings wrote:

tedd wrote:

If that is all (i.e., removing double linefeeds), then this will do it:

$text_array = array();
$text_array = explode("\n\n", $input_text);
$output_text = implode("\n",$text_array);
Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: 

<?php

$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );

?>

Cheers,
Rob.


Rob:
It's not broken according to my "given", which was "If that is all (i.e., removing double linefeeds), then this will do it:" My code does exactly what was stated.
Actually, his comment didn't say double line feeds... his comment said I want THIS to look like THAT. And THIS had a triple line feed and THAT completely normalized it to a single line feed. I realize you misunderstood the problem, but where I work, clients don't think a solution based on incorrect presumptions is a valid solution for a clearly defined problem :)
I did not catch there were more than two linefeeds in the OP's problem. Doing more was something I did not address. 

Also, the solution you provided works better this way:  :-)

$input = preg_replace( "#[\r\n]+[[:space:]]+[\r\n]+#", "\n", $input );
$input = preg_replace( "#[\r\n]+#", PHP_EOL, $input );
$input = trim( $input );


preg_replace( "/(\s)\s+/im", '\\1', $input );

:)

--- End Message ---
--- Begin Message --- 
Nathan Rixham wrote:

Robert Cummings wrote:

tedd wrote:

At 1:02 PM -0400 5/22/10, Robert Cummings wrote:

tedd wrote:
If that is all (i.e., removing double linefeeds), then this will do it: 

$text_array = array();
$text_array = explode("\n\n", $input_text);
$output_text = implode("\n",$text_array);
Sorry tedd, this is broken. It doesn't solve problems with runs of greater than 2 newlines which is even in the example :) I would use the following instead which is also line break agnostic with final output in the style for your system: 

<?php

$data = preg_replace( "#[\r\n]+#", PHP_EOL, $input );

?>

Cheers,
Rob.


Rob:
It's not broken according to my "given", which was "If that is all (i.e., removing double linefeeds), then this will do it:" My code does exactly what was stated.
Actually, his comment didn't say double line feeds... his comment said I want THIS to look like THAT. And THIS had a triple line feed and THAT completely normalized it to a single line feed. I realize you misunderstood the problem, but where I work, clients don't think a solution based on incorrect presumptions is a valid solution for a clearly defined problem :)
I did not catch there were more than two linefeeds in the OP's problem. Doing more was something I did not address. 

Also, the solution you provided works better this way:  :-)

$input = preg_replace( "#[\r\n]+[[:space:]]+[\r\n]+#", "\n", $input );
$input = preg_replace( "#[\r\n]+#", PHP_EOL, $input );
$input = trim( $input );


preg_replace( "/(\s)\s+/im", '\\1', $input );

:)
ahh just read the rest of this thread.. icnase it gets a bit pedantic then here's a horizontal white space only one: 
  preg_replace( "/(\h)\h+/im", '\\1', $input );

and vertical only:
  preg_replace( "/(\v)\v+/im", '\\1', $input );

(spot a pattern?)

Best,

Nathan

--- End Message ---

Reply via email to