php-general Digest 26 Nov 2008 22:14:27 -0000 Issue 5812
Topics (messages 283819 through 283835):
Re: Enable "disable_functions" globally and disable for a domain
283819 by: Stan Vassilev | FM
283820 by: sbeam
283831 by: mike
Voting methodology
283821 by: tedd
283823 by: ceo.l-i-e.com
283824 by: Dan Joseph
283825 by: Yeti
283827 by: Daniel P. Brown
283828 by: ceo.l-i-e.com
283830 by: Ashley Sheridan
283832 by: Nathan Rixham
283834 by: tedd
Online Calendars
283822 by: tedd
283826 by: Daniel P. Brown
283833 by: Nathan Rixham
283835 by: tedd
pear mail() verses net-smtp()
283829 by: Al
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hi,
Blacklists are by definition insecure, so I'd advise you to have two setups,
one locked down (whitelist effectively) with only the needed extensions and
features, and the other one more relaxed.
Regards,
Stan Vassilev
Hi,
Can I enable "disable_functions" globally and disable for individual
domains?
According to PHP documentation [1] it can be only set via php.ini..
For shared hosting scenarios, it will be great this feature.. disable
insecure functions globally, and enable for certain domains, any
workaround to make this?
Thanks!
[1] http://es.php.net/features.safe-mode
--
Santi Saez
http://woop.es
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On Wednesday 26 November 2008 05:10, Santi Saez wrote:
> According to PHP documentation [1] it can be only set via php.ini..
>
> For shared hosting scenarios, it will be great this feature.. disable
> insecure functions globally, and enable for certain domains, any
> workaround to make this?
using Apache? you can set php_value etc in virtualhost block:
http://us2.php.net/configuration.changes
--- End Message ---
--- Begin Message ---
php-fpm also allows per pool overrides. in php 5.3, i believe the
php.ini can use conditionals such as path as well.
On Wed, Nov 26, 2008 at 5:54 AM, sbeam <[EMAIL PROTECTED]> wrote:
> On Wednesday 26 November 2008 05:10, Santi Saez wrote:
>> According to PHP documentation [1] it can be only set via php.ini..
>>
>> For shared hosting scenarios, it will be great this feature.. disable
>> insecure functions globally, and enable for certain domains, any
>> workaround to make this?
>
> using Apache? you can set php_value etc in virtualhost block:
> http://us2.php.net/configuration.changes
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hi gang:
What methodology would be the best for online voting?
I have a client who is a Union and they want members to vote online,
but don't want someone to stuff the voting box.
I have some ideas of my own, but would like to hear what you people
would recommend.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
You have to have them registered and logged in with their Union ID to have any
accountability at all...
Anything else is just to wide open to ballot stuffing.
You will need to provide reassurances of anonimity, presumably, and possibly
some process/permissions/control/authentication/authorization in that regard.
--- End Message ---
--- Begin Message ---
On Wed, Nov 26, 2008 at 9:23 AM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
> What methodology would be the best for online voting?
>
> I have a client who is a Union and they want members to vote online, but
> don't want someone to stuff the voting box.
>
> I have some ideas of my own, but would like to hear what you people would
> recommend.
> <http://www.php.net/unsub.php>
>
>
espn.com wrote an article about this once. They ran a voting poll to
determine the best uniforms in sports. It came down to two teams. A guy
wrote a script to go in and vote over and over and over. They found 80,000
entries from him. They tracked it all by IP address, and then looked at the
time logs for the vote. They noticed all the IPs were mostly the same, some
slight changes, and then the times were consecutive within in a few
minutes.
Now, of course, filtering by time and IP isn't full proof, the best idea is
to log in (as suggested already). But if you can't log in, you could do
things such as IP logging, cookie. Unfortunately, workers are not always
honorable. And I'm not just picking on union workers. If you can get them
to log in do it, otherwise, log as much information as possible and set a
cookie.
--
-Dan Joseph
www.canishosting.com - Plans start @ $1.99/month.
"Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will be warm for the rest of his life."
--- End Message ---
--- Begin Message ---
I once had to implement something similar for a client's intranet page.
First we designed it to work without login simply by logging the IPs
(static and in the 10.10.*.* range) to avoid people voting twice or
more.
Then the client wanted to have some statistics like what department
voted for what (yeah, not very democratic i know).
So we changed it have the user log in before voting. Now we could also
make sure that only authorized users were voting, unless a user forgot
to log out and a delivery guy was taking his chances (very unlikely).
I think the thingy about online voting is to ask oneself how serious
the result has to be. Getting a 99% bulletproof result might be quite
time consuming (thinking of HTTPS, tokens, authorization, etc. here).
So it all depends on what your client wants.
//A yeti
--- End Message ---
--- Begin Message ---
On Wed, Nov 26, 2008 at 9:23 AM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
> What methodology would be the best for online voting?
>
> I have a client who is a Union and they want members to vote online, but
> don't want someone to stuff the voting box.
Because this is going to be a member-only vote, half of your
decision is already made. The rest of it is as Lynch described. And
to preserve anonymity, don't attach the actual vote to the UserID of
the account, just flip a boolean that they have, indeed, voted in that
poll, or add their UserID to the list of voters. Then something like
this:
<?php
// Just done to save run-on lines via email.
function m($data) {
return mysql_real_escape_string($data);
}
$sql = "SELECT COUNT('UserID') FROM `polls` WHERE ";
$sql .= "`id` = '".m($pollID)."' AND `UserID` = '".m($userID)."'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$voted = $row[0] == '1' ? True : False;
?>
And you can switch()/case your way to whether or not the voting
form is shown or if that UserID is blocked from voting. This also
lets you expand to control by groups if need be now or later, and
disables people from voting from multiple computers. They have to be
logged in to vote, and they can only vote once, but it allows for
anonymity in elections, etc. Which, as a Teamster for the last twelve
years, is something I personally appreciate. ;-P
--
</Daniel P. Brown>
http://www.parasane.net/
[EMAIL PROTECTED] || [EMAIL PROTECTED]
1 LEFT: $149/mo. $0 Setup - Dual-Core/320GB HDD/1GB RAM/3TB
100Mbps/cPanel - SAME-DAY SETUP! Contact me to buy.
--- End Message ---
--- Begin Message ---
You should probably also wrap a "vote" in a transaction, so a user is not
locked out from voting unless you are 100% sure their vote got counted, nor
vice versa.
--- End Message ---
--- Begin Message ---
On Wed, 2008-11-26 at 09:23 -0500, tedd wrote:
> Hi gang:
>
> What methodology would be the best for online voting?
>
> I have a client who is a Union and they want members to vote online,
> but don't want someone to stuff the voting box.
>
> I have some ideas of my own, but would like to hear what you people
> would recommend.
>
> Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
I did something similar at work. Basically, the URL to the voting system
was sent out automatically to a list of email addresses. When the user
fills in the form, the address is marked off as used. One requirement
was that the form be completely anonymous, so the results were stored
with no link back to the user who made them. Also, only add the voting
results if the users email address has not already been used.
If you're really worried, use SSL to protect it from interference.
Ash
www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
tedd wrote:
Hi gang:
What methodology would be the best for online voting?
I have a client who is a Union and they want members to vote online, but
don't want someone to stuff the voting box.
I have some ideas of my own, but would like to hear what you people
would recommend.
Cheers,
tedd
vote form collects choice and union member id.
unique index on unionMemberId in the db
swap union id for ip if needed
if using ip and you want subnet detection simply convert the ip to it's
integer value and count everything +/- subnet/X(size)
--- End Message ---
--- Begin Message ---
At 9:23 AM -0500 11/26/08, tedd wrote:
Hi gang:
What methodology would be the best for online voting?
I have a client who is a Union and they want members to vote online,
but don't want someone to stuff the voting box.
I have some ideas of my own, but would like to hear what you people
would recommend.
Cheers,
tedd
Thanks guys for the suggestions.
I think registering the member via their union ID vard number and
then recording their vote as Daniel suggested is probably best.
They were leaning toward some popular canned script that they say all
other unions use (don't know what that is) because it's secure (don't
know what that means).
I'll find out soon enough.
Thanks again.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Hi gang:
What online calendars would any of you recommend or have experiences
with one way or the other?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Wed, Nov 26, 2008 at 9:25 AM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
> What online calendars would any of you recommend or have experiences with
> one way or the other?
Related to the discussion about this last week or the week before?
If you're going for an ASP (not the M$ thing, but "Application
Service Provider"), I'd recommend Google calendar, hands-down.
--
</Daniel P. Brown>
http://www.parasane.net/
[EMAIL PROTECTED] || [EMAIL PROTECTED]
1 LEFT: $149/mo. $0 Setup - Dual-Core/320GB HDD/1GB RAM/3TB
100Mbps/cPanel - SAME-DAY SETUP! Contact me to buy.
--- End Message ---
--- Begin Message ---
tedd wrote:
Hi gang:
What online calendars would any of you recommend or have experiences
with one way or the other?
Cheers,
tedd
to integrate in with a system? open or closed source? feature list? (you
could mean a massive task manager or a tiny calender widget)
--- End Message ---
--- Begin Message ---
At 9:18 PM +0000 11/26/08, Nathan Rixham wrote:
tedd wrote:
Hi gang:
What online calendars would any of you recommend or have
experiences with one way or the other?
Cheers,
tedd
to integrate in with a system? open or closed source? feature list?
(you could mean a massive task manager or a tiny calender widget)
Nathan:
You're right -- I was vague.
I'm looking for a calendar script that provides date information for
simple scheduling. Most post will take the form a title within the
calendar day with a pop-up if the user is interested in seeing more.
In other words, a pretty simple calendar connected to a database.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
Anyone have opinions on these two mail functions for sending smtp emails, pear mail() verses
net-smtp()? Which is best, etc.
--- End Message ---
