From webapprentice at mail.com Thu Jan 1 12:25:01 2004 From: webapprentice at mail.com (Webapprentice .) Date: Thu, 01 Jan 2004 12:25:01 -0500 Subject: [nycphp-talk] Uploading files through a form and then emailing them Message-ID: <20040101172501.85950.qmail@mail.com> Hi, I'm Stephen. I do a little PHP, but I am not proficient with it. I am looking for information on how to implement the following. I have an HTML form with a 4 fields to upload files. When the person submits the form, I want to be able to take all the files in the file fields and email them to someone. Is there a code snippet or some place where I can learn more about how I could implement this? Thanks, Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From jsiegel1 at optonline.net Thu Jan 1 12:59:14 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 01 Jan 2004 12:59:14 -0500 Subject: [nycphp-talk] Uploading files through a form and then emailing them In-Reply-To: <20040101172501.85950.qmail@mail.com> References: <20040101172501.85950.qmail@mail.com> Message-ID: <3FF45FF2.3080309@optonline.net> Stephen, Check out http://php.net/features.file-upload for handling file uploads. A bit of Googling and I found this: http://phpmailer.sourceforge.net/ Don't have any experience with the PHPMailer but it may be worth a closer look. Jeff Siegel Webapprentice . wrote: > Hi, > I'm Stephen. I do a little PHP, but I am not proficient with it. > > I am looking for information on how to implement the following. > > I have an HTML form with a 4 fields to upload files. When the person submits the form, I want to be able to take all the files in the file fields and email them to someone. > > Is there a code snippet or some place where I can learn more about how I could implement this? > > Thanks, > Stephen -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dcech at phpwerx.net Thu Jan 1 13:05:05 2004 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 01 Jan 2004 13:05:05 -0500 Subject: [nycphp-talk] Uploading files through a form and then emailing them In-Reply-To: <3FF45FF2.3080309@optonline.net> References: <20040101172501.85950.qmail@mail.com> <3FF45FF2.3080309@optonline.net> Message-ID: <3FF46151.7070507@phpwerx.net> Nice work Jeff, I haven't done too much with email, but PHPMailer looks like a very powerful tool for any PHP coder. Dan Jeff Siegel wrote: > Stephen, > > Check out http://php.net/features.file-upload for handling file uploads. > > A bit of Googling and I found this: > > http://phpmailer.sourceforge.net/ > > Don't have any experience with the PHPMailer but it may be worth a > closer look. > > Jeff Siegel > > Webapprentice . wrote: > >> Hi, >> I'm Stephen. I do a little PHP, but I am not proficient with it. >> I am looking for information on how to implement the following. >> >> I have an HTML form with a 4 fields to upload files. When the person >> submits the form, I want to be able to take all the files in the file >> fields and email them to someone. >> >> Is there a code snippet or some place where I can learn more about how >> I could implement this? >> >> Thanks, >> Stephen > > From jsiegel1 at optonline.net Thu Jan 1 13:40:54 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 01 Jan 2004 13:40:54 -0500 Subject: [nycphp-talk] Uploading files through a form and then emailing them In-Reply-To: <3FF46151.7070507@phpwerx.net> References: <20040101172501.85950.qmail@mail.com> <3FF45FF2.3080309@optonline.net> <3FF46151.7070507@phpwerx.net> Message-ID: <3FF469B6.2070904@optonline.net> Thanks for the compliment! I downloaded that mailer ASAP. It looks pretty good. Jeff Dan Cech wrote: > Nice work Jeff, I haven't done too much with email, but PHPMailer looks > like a very powerful tool for any PHP coder. > > Dan > > Jeff Siegel wrote: > >> Stephen, >> >> Check out http://php.net/features.file-upload for handling file uploads. >> >> A bit of Googling and I found this: >> >> http://phpmailer.sourceforge.net/ >> >> Don't have any experience with the PHPMailer but it may be worth a >> closer look. >> >> Jeff Siegel >> >> Webapprentice . wrote: >> >>> Hi, >>> I'm Stephen. I do a little PHP, but I am not proficient with it. >>> I am looking for information on how to implement the following. >>> >>> I have an HTML form with a 4 fields to upload files. When the person >>> submits the form, I want to be able to take all the files in the file >>> fields and email them to someone. >>> >>> Is there a code snippet or some place where I can learn more about >>> how I could implement this? >>> >>> Thanks, >>> Stephen >> >> >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Thu Jan 1 14:03:16 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 1 Jan 2004 14:03:16 -0500 Subject: [nycphp-talk] PHP as CGI Binary In-Reply-To: <3FF36418.6000104@optonline.net> Message-ID: <006101c3d099$ea0ba030$bf8d3818@oberon1> Jeff Siegel writes: "The interesting thing, when I try to view the php.ini > file that is > in cgi-bin, I only see a few settings." If the php.ini is sparse, here are some excerpts from a suggested ini (as a reminder) ; The root of the PHP pages, used only if nonempty. ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ; if you are running php as a CGI under any web server (other than IIS) ; see documentation for security issues. The alternate is to use the ; cgi.force_redirect configuration below doc_root = ; cgi.force_redirect is necessary to provide security running PHP as a CGI under ; most web servers. Left undefined, PHP turns this on by default. You can ; turn it off here AT YOUR OWN RISK ; **You CAN safely turn this off for IIS, in fact, you MUST.** ; cgi.force_redirect = 1 Maybe it wouldn't hurt to make sure php was compiled with FORCE_REDIRECT and explicitly set cgi.redirect = 1. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jsiegel1 at optonline.net Thu Jan 1 14:46:02 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 01 Jan 2004 14:46:02 -0500 Subject: [nycphp-talk] PHP as CGI Binary In-Reply-To: <006101c3d099$ea0ba030$bf8d3818@oberon1> References: <006101c3d099$ea0ba030$bf8d3818@oberon1> Message-ID: <3FF478FA.8030904@optonline.net> Tim, I thought I'd sift through these (http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the optimal setting and making adjustments for version as needed (I'll be using ver. 4.3.2). Q: Can I simply overwrite the php.ini that's in cgi-bin? I checked phpinfo() and it was compiled with "--enable-force-cgi-redirect=yes". Thanks for pointing this out. There was a reference to this in http://www.php.net/manual/en/security.cgi-bin.php in the context of Apache config. Happy New Year!! Jeff Tim Gales wrote: > Jeff Siegel writes: > "The interesting thing, when I try to view the php.ini > >>file that is >>in cgi-bin, I only see a few settings." > > > If the php.ini is sparse, here are some > excerpts from a suggested ini (as a > reminder) > > ; The root of the PHP pages, used only if nonempty. > ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root > ; if you are running php as a CGI under any web server (other than IIS) > ; see documentation for security issues. The alternate is to use the > ; cgi.force_redirect configuration below > doc_root = > > ; cgi.force_redirect is necessary to provide security running PHP as a CGI > under > ; most web servers. Left undefined, PHP turns this on by default. You > can > ; turn it off here AT YOUR OWN RISK > ; **You CAN safely turn this off for IIS, in fact, you MUST.** > ; cgi.force_redirect = 1 > > Maybe it wouldn't hurt to make sure php was compiled with > FORCE_REDIRECT and explicitly set cgi.redirect = 1. > > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Thu Jan 1 15:08:12 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 1 Jan 2004 15:08:12 -0500 Subject: [nycphp-talk] PHP as CGI Binary In-Reply-To: <3FF478FA.8030904@optonline.net> Message-ID: <006201c3d0a2$fc9d6a40$bf8d3818@oberon1> you check for where php is reading its ini file from [e.g. phpinfo -- Configuration File (php.ini) Path ] If I were doing it, I would make sure I could read and write to that directory, do an ls -l and see the permissions and ownership of the php.ini (and write it down) then rename the php.ini to php.ini.old and then put the new php.ini file in the directory. I hesitate to tell you everything will be fine -- but if you're certain you could put things back the way they were, then I don't see any major problem. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel > Sent: Thursday, January 01, 2004 2:46 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] PHP as CGI Binary > > > Tim, > > I thought I'd sift through these > (http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the > optimal setting and making adjustments for version as needed (I'll be > using ver. 4.3.2). > > Q: Can I simply overwrite the php.ini that's in cgi-bin? > > I checked phpinfo() and it was compiled with > "--enable-force-cgi-redirect=yes". Thanks for pointing this > out. There > was a reference to this in > http://www.php.net/manual/en/security.cgi-bin.php in the context of > Apache config. > > Happy New Year!! > > Jeff > > Tim Gales wrote: > > > Jeff Siegel writes: > > "The interesting thing, when I try to view the php.ini > > > >>file that is > >>in cgi-bin, I only see a few settings." > > > > > > If the php.ini is sparse, here are some > > excerpts from a suggested ini (as a > > reminder) > > > > ; The root of the PHP pages, used only if nonempty. > > ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD > set doc_root > > ; if you are running php as a CGI under any web server (other than > > IIS) ; see documentation for security issues. The > alternate is to use > > the ; cgi.force_redirect configuration below doc_root = > > > > ; cgi.force_redirect is necessary to provide security > running PHP as a > > CGI under ; most web servers. Left undefined, PHP turns this on by > > default. You can > > ; turn it off here AT YOUR OWN RISK > > ; **You CAN safely turn this off for IIS, in fact, you MUST.** > > ; cgi.force_redirect = 1 > > > > Maybe it wouldn't hurt to make sure php was compiled with > > FORCE_REDIRECT and explicitly set cgi.redirect = 1. > > > > > > T. Gales & Associates > > 'Helping People Connect with Technology' > > > > http://www.tgaconnect.com > > > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Thu Jan 1 15:58:50 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 01 Jan 2004 15:58:50 -0500 Subject: [nycphp-talk] PHP as CGI Binary In-Reply-To: <006201c3d0a2$fc9d6a40$bf8d3818@oberon1> References: <006201c3d0a2$fc9d6a40$bf8d3818@oberon1> Message-ID: <3FF48A0A.2010503@optonline.net> Excellent advice. Thanks! Jeff Tim Gales wrote: > you check for where php is reading its ini file from > [e.g. phpinfo -- Configuration File (php.ini) Path ] > > If I were doing it, I would make sure I could read and > write to that directory, do an ls -l and see the > permissions and ownership of the php.ini > (and write it down) then rename the php.ini to > php.ini.old and then put the new php.ini file in the > directory. > > I hesitate to tell you everything will be fine -- > but if you're certain you could put things back the way > they were, then I don't see any major problem. > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > >>-----Original Message----- >>From: talk-bounces at lists.nyphp.org >>[mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel >>Sent: Thursday, January 01, 2004 2:46 PM >>To: NYPHP Talk >>Subject: Re: [nycphp-talk] PHP as CGI Binary >> >> >>Tim, >> >>I thought I'd sift through these >>(http://cvs.php.net/cvs.php/php-src/php.ini-recommended) to find the >>optimal setting and making adjustments for version as needed (I'll be >>using ver. 4.3.2). >> >>Q: Can I simply overwrite the php.ini that's in cgi-bin? >> >>I checked phpinfo() and it was compiled with >>"--enable-force-cgi-redirect=yes". Thanks for pointing this >>out. There >>was a reference to this in >>http://www.php.net/manual/en/security.cgi-bin.php in the context of >>Apache config. >> >>Happy New Year!! >> >>Jeff >> >>Tim Gales wrote: >> >> >>>Jeff Siegel writes: >>>"The interesting thing, when I try to view the php.ini >>> >>> >>>>file that is >>>>in cgi-bin, I only see a few settings." >>> >>> >>>If the php.ini is sparse, here are some >>>excerpts from a suggested ini (as a >>>reminder) >>> >>>; The root of the PHP pages, used only if nonempty. >>>; if PHP was not compiled with FORCE_REDIRECT, you SHOULD >> >>set doc_root >> >>>; if you are running php as a CGI under any web server (other than >>>IIS) ; see documentation for security issues. The >> >>alternate is to use >> >>>the ; cgi.force_redirect configuration below doc_root = >>> >>>; cgi.force_redirect is necessary to provide security >> >>running PHP as a >> >>>CGI under ; most web servers. Left undefined, PHP turns this on by >>>default. You can >>>; turn it off here AT YOUR OWN RISK >>>; **You CAN safely turn this off for IIS, in fact, you MUST.** >>>; cgi.force_redirect = 1 >>> >>>Maybe it wouldn't hurt to make sure php was compiled with >>>FORCE_REDIRECT and explicitly set cgi.redirect = 1. >>> >>> >>>T. Gales & Associates >>>'Helping People Connect with Technology' >>> >>>http://www.tgaconnect.com >>> >>> >>> >>>_______________________________________________ >>>talk mailing list >>>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk >>> >> >>-- >>Found on the Simpson's Website: >>"Ooooooh, they have the internet on computers now!" >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From csnyder at chxo.com Thu Jan 1 17:04:38 2004 From: csnyder at chxo.com (Chris Snyder) Date: Thu, 01 Jan 2004 17:04:38 -0500 Subject: [nycphp-talk] tracking down memory leaks Message-ID: <3FF49976.6020508@chxo.com> I've noticed recently that httpd has been eating about 10MB an hour on my server. I'm not sure whether the problem is in Apache, PHP, some other library, or my own code -- I just know that apachectl restart frees everything up again. What are some best practices for tracking this sort of thing down? I'm using ps -uaxm along with mod_status to try and get an idea which PIDs are taking up the most memory and what they're working on, but it's not been very enlightening so far. Apache 1.3.29 / PHP 4.3 / FreeBSD 4.8 Thanks, csnyder From jonbaer at jonbaer.net Thu Jan 1 20:27:38 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 1 Jan 2004 20:27:38 -0500 Subject: [nycphp-talk] Fw: PHP Meetup Venues and Agenda Items Message-ID: <000701c3d0cf$9bda79a0$6400a8c0@thinkpad> anyone attending this? id like to since the agenda seems interesting but isn't kinda hard to go over stuff @ a bar? - jon ----- Original Message ----- From: "PHP Meetup" To: Sent: Thursday, January 01, 2004 8:21 PM Subject: PHP Meetup Venues and Agenda Items > *Please Do Not Reply to This Message -- For Help, See Below* > > Your PHP Meetup is happening in New York City on Thursday, Jan > 8 @ 7PM! RSVP now to join other PHP Developers. > > Your Meetup in New York City is at: > Magnetic Field (Happy Hour Extended!) > 97 Atlantic Ave > Brooklyn, NY 11201 > 718-834-0069 > > Please RSVP here: > > ** For "YES, I'll be there" go to: > http://php.meetup.com/rsvp/?e=1332419&v=16919 > > ** For "NO, I can't make it" go to: > http://php.meetup.com/rsvp/?e=1332419&v=-1 > > (You may need to cut & paste the address into your browser.) > NOTE: Meetup will be cancelled if fewer than 5 people say "Yes" > > Member Created Agenda > ---------------------------------------------------------------- > * Marketing PHP as a skill (for freelancers and full-timers) > * PHP5 and JSR (the Java Specification Request) > > ---------------------------------------------------------------- > > Bigger Meetups = Better Meetups > ---------------------------------------------------------------- > When more people show up, everyone has a better time. Spread > the word to get more PHP Developers involved -- invite others > here: > > http://php.meetup.com/tellfriends/ > ---------------------------------------------------------------- > > > Need help? Visit: http://php.meetup.com/help/ > Remove yourself or update your account settings at: > http://my.meetup.com/ > > From webapprentice at mail.com Fri Jan 2 00:02:41 2004 From: webapprentice at mail.com (Webapprentice .) Date: Fri, 02 Jan 2004 00:02:41 -0500 Subject: [nycphp-talk] Re: File uploading Message-ID: <20040102050241.47787.qmail@mail.com> Thanks for the leads. phpMailer looks like overkill, but I'll have to read more into it. I wish it had more examples, as the ones there are for extracted data from a database. --Stephen ------------------------------------- Message: 2 Date: Thu, 01 Jan 2004 12:59:14 -0500 From: Jeff Siegel Subject: Re: [nycphp-talk] Uploading files through a form and then emailing them To: NYPHP Talk Message-ID: <3FF45FF2.3080309 at optonline.net> Content-Type: text/plain; charset=us-ascii; format=flowed Stephen, Check out http://php.net/features.file-upload for handling file uploads. A bit of Googling and I found this: http://phpmailer.sourceforge.net/ Don't have any experience with the PHPMailer but it may be worth a closer look. Jeff Siegel -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From felix at students.poly.edu Fri Jan 2 02:39:02 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Fri, 2 Jan 2004 02:39:02 -0500 Subject: [nycphp-talk] tracking down memory leaks In-Reply-To: <3FF49976.6020508@chxo.com> References: <3FF49976.6020508@chxo.com> Message-ID: <20040102023902.7213c401.felix@students.poly.edu> > Apache 1.3.29 / PHP 4.3 / FreeBSD 4.8 Since you are using pretty stable version of apache I doubt problem is with that. You should be using php version 4.3.4 but its not clear if you are still using 4.3.0 from you post. Are you using most stable version of php ? From guru at dotgeek.org Fri Jan 2 09:42:59 2004 From: guru at dotgeek.org (David Costa) Date: Fri, 2 Jan 2004 15:42:59 +0100 Subject: [nycphp-talk] .geek php certfication board, call for volunteers Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Sirs, Am responsible for dotgeek.org a small albeit promising site about php and open source platforms. We recently published the results of our first PHP Programming Marathon (which was kindly sponsored by Zend and Suse) at http://marathon.dotgeek.org We are planning to open soon a tutorials section. There is an idea of preparing a PHP certification system where in lieu of evaluating the performance on a standard questionnaire, we do evaluate the programmers skills based on 10 code samples or tutorials posted on our site. I am currently looking for some PHP experts to join the board. This will imply an occasional review of the programmers that posted 10+ tutorials/snippets via an online system. (To clarify, all certifications will be offered free, the site has no ads and is entirely self financed. I am not doing this as a business or something). if anyone of your staff or user group is interested, please let me know. You might find below our first draft with the information on the current board members. Thanks in advance for your time and attention David dotGeek PHP Programming Certification The system allows you to post tutorials in order to earn a certification in PHP. We have a well qualified certification board that will analyze all postings. The system works as follows: 1) You have the ability to upload tutorials in the system for certification. You have ability to develop tutorials for any purpose to post to this site. With that you will submit the purpose or functionality of that tutorial. You may submit as many as you want. Be sure all submitted tutorials only use classes that are inherent in PHP or are submitted with the tutorial. A user with just PHP 4.? should be able to take your code and run it without having to load extra packages. 2) After you have posted 10 quality tutorials you will have the ability to request certification. You will select 10 of the tutorials you have posted to be evaluated. Be sure these 10 tutorials fit the criteria stated below. 3) The certification board will evaluate the tutorials according to the criteria described below. The certification board will respond within 30 business days as to whether the 10 tutorials posted all pass. The names and qualifications of the members of this board are below. 4) If you pass the certification you will have access to an electronic certificate and receive an email containing the certificate. For submitting 10 quality tutorials, you will be sent an electronic certification indicating you are a certified PHP developer. This along with your tutorials can be used to enhance your resume and indicate your skill set to your current or future employers. The following is the criteria used to determine whether you should be certified as a PHP developer. 1) Tutorial accomplishes its purpose. Attached to the tutorials is a description of the tutorial's functionality. The written tutorial must accomplish all goals set forth by the programmer. A programmer must be able to understand what they wrote and describe it to a fellow programmer or even someone who does not program. 2) Cleanliness/Readability of code. Programmers need to make their code easy to hand off to other programmers either for continued development or to help debug. This is done through comments and extra spacing to make statements readable. 3) Error handling. This is important for PHP because it is often implemented in web pages and crashing code can help hackers understand what is in the PHP script. Users hate crashing code (they dislike it more than error messages). PHP Certification Board The PHP Certification Board is made up of people with varying backgrounds in the PHP development industry. They are in charge of looking through posted tutorials and making sure that they fit the above stated criteria. The following are the members of the current PHP Certification Board: David Costa Job: Associate Professor at a Swiss private College Qualifications: Law School graduate (Law School, University of Northumbria at Newcastle), Stanford Certified Project Manager (School of Engineering, Stanford University) EDP, (Sloan School of Management, Massachusetts Institute of Technology), Software Engineering (University of Oxford) Project Manager at CollegeLinux, PHP Enthusiast Anthony L. Faulds Job: Software Engineer Qualifications: M.S. Aerospace Engineering (Pennsylvania State University) M.A. Mathematics, ?B.S. Aerospace Engineering, B.S. Applied Computational Mathematics (Virginia Polytechnic Institute and State University) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iQDRAwUBP/WDdMIS8vYKprrJAQKciwXfeNcJxZ/WJM5JRg4MjvxxyBTVEQEXta8T YjLk/dCNliOXCmf3jiGYpz0YGNvTuDPkUyasnLjaNzozMuc9RJv4AyE7hyO/5+A5 vs9c7sv4hzfvHbIymEVjrsmMpy2Zbu2oU5gRBIhBZS1eAVDFgjc8VhnwvCrqSNQd Sm72mO61PuBCpDzkVAHeFxpSf3gyXpDWuEhc/LP5rUopmLEpDcGzBZ6lLBa89qbh wo9j4vtvvzR+c5OOsvgjby9oAcA= =BKDp -----END PGP SIGNATURE----- From danielc at analysisandsolutions.com Fri Jan 2 12:54:12 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 2 Jan 2004 12:54:12 -0500 Subject: [nycphp-talk] security focus again Message-ID: <20040102175412.GA5232@panix.com> Apache mod_php Module File Descriptor Leakage Vulnerability http://www.securityfocus.com/bid/9302 BES-CMS Multiple Module File Include Vulnerability http://www.securityfocus.com/bid/9268 Xoops MyLinks Myheader.php Cross-Site Scripting Vulnerabilit... http://www.securityfocus.com/bid/9269 BN Soft BoastMachine Comment Form HTML Injection Vulnerabili... http://www.securityfocus.com/bid/9270 osCommerce products_id URI Parameter SQL Injection Vulnerabi... http://www.securityfocus.com/bid/9275 osCommerce manufacturers_id Parameter Cross-Site Scripting V... http://www.securityfocus.com/bid/9277 My Little Forum Email.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/9286 Webfroot Shoutbox Viewshoutbox.PHP Cross-Site Scripting Vuln... http://www.securityfocus.com/bid/9289 phpBB Privmsg.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/9290 KnowledgeBuilder Remote File Include Vulnerability http://www.securityfocus.com/bid/9292 Psychoblogger Multiple Cross-Site Scripting Vulnerabilities http://www.securityfocus.com/bid/9293 Psychoblogger Multiple SQL Injection Vulnerabilities http://www.securityfocus.com/bid/9294 Squirrelmail G/PGP Encryption Plugin Remote Command Executio... http://www.securityfocus.com/bid/9296 OpenBB Index.PHP Remote SQL Injection Vulnerability http://www.securityfocus.com/bid/9300 -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From webapprentice at mail.com Fri Jan 2 13:02:35 2004 From: webapprentice at mail.com (Webapprentice .) Date: Fri, 02 Jan 2004 13:02:35 -0500 Subject: [nycphp-talk] Message-ID: <20040102180239.13922.qmail@mail.com> I notice that is used in several articles and manuals for referring to the current page, but when I use this, I get an empty string This, however, works: What does the former not work? Thanks, Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From lists at ny-tech.net Fri Jan 2 13:05:55 2004 From: lists at ny-tech.net (Nasir Zubair) Date: Fri, 2 Jan 2004 13:05:55 -0500 Subject: [nycphp-talk] In-Reply-To: <20040102180239.13922.qmail@mail.com> Message-ID: <000201c3d15b$12538b40$6401a8c0@main> Hi, $PHP_SELF will not work if you have register_global off. It is safer to use $_SERVER['PHP_SELF'] > -----Original Message----- > From: Webapprentice . [mailto:webapprentice at mail.com] > Sent: Friday, January 02, 2004 1:03 PM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] > > > I notice that is used in several articles > and manuals for referring to the current page, but when I use > this, I get an empty string > > This, however, works: > > > What does the former not work? > > Thanks, > Stephen > -- > ___________________________________________________________ > Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > From jsiegel1 at optonline.net Fri Jan 2 13:08:18 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 02 Jan 2004 13:08:18 -0500 Subject: [nycphp-talk] New PHundamentals Article Message-ID: <3FF5B392.9060201@optonline.net> A new PHundamentals article entitled "Book Recommendations" has been added to the PHundamentals section of the NYPHP website. See: http://phundamentals.nyphp.org/ Jeff Siegel PHundamentals Team From jsiegel1 at optonline.net Fri Jan 2 14:27:51 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 02 Jan 2004 14:27:51 -0500 Subject: [nycphp-talk] Off topic but...Network Attached Storage Message-ID: <3FF5C637.30701@optonline.net> Does anyone have any experience with or heard anything (good or bad) about reByte? See: http://www.rebyte.com It seems to be a dirt cheap Raid 5 solution for SOHOs to make file backups. Jeff Siegel From csnyder at chxo.com Fri Jan 2 15:39:23 2004 From: csnyder at chxo.com (Chris Snyder) Date: Fri, 02 Jan 2004 15:39:23 -0500 Subject: [nycphp-talk] tracking down memory leaks In-Reply-To: <20040102023902.7213c401.felix@students.poly.edu> References: <3FF49976.6020508@chxo.com> <20040102023902.7213c401.felix@students.poly.edu> Message-ID: <3FF5D6FB.9000402@chxo.com> Thanks, Felix -- I was still with 4.3.3, somehow the 4.3.4 update slipped through the cracks. It'll be a few hours before I know about the memory leak, but upgrading has fixed a segfault I just discovered this morning. felix zaslavskiy wrote: >>Apache 1.3.29 / PHP 4.3 / FreeBSD 4.8 >> >> >Since you are using pretty stable version of apache I doubt problem is >with that. You should be using php version 4.3.4 but its not clear if >you are still using 4.3.0 from you post. Are you using most stable >version of php ? > From jlacey at att.net Fri Jan 2 15:40:07 2004 From: jlacey at att.net (John Lacey) Date: Fri, 02 Jan 2004 13:40:07 -0700 Subject: [nycphp-talk] New PHundamentals Article In-Reply-To: <3FF5B392.9060201@optonline.net> References: <3FF5B392.9060201@optonline.net> Message-ID: <3FF5D727.9000109@att.net> Jeff Siegel wrote: > A new PHundamentals article entitled "Book Recommendations" has been > added to the PHundamentals section of the NYPHP website. > > See: http://phundamentals.nyphp.org/ > I'd also consider recommending another of Larry Ullman's books: "PHP and MySQL for Dynamic Web Sites" Unlike his earlier books, this one uses good coding style and it's good for beginners too. I've also used "Web Database Applications with PHP & MySQL" by Hugh E. Williams and David Lane This one features a nice case study as its theme, but I would not recommend it for beginners since it's a fairly typical O'Reilly book in that regard. hth, John From csnyder at chxo.com Fri Jan 2 16:09:37 2004 From: csnyder at chxo.com (Chris Snyder) Date: Fri, 02 Jan 2004 16:09:37 -0500 Subject: [nycphp-talk] NYC photos wanted for NYPHP Linuxworld Video Message-ID: <3FF5DE11.9040107@chxo.com> I'm creating a promotional video that will serve as eye candy at out Linuxworld booth, and I need a great many pictures of New York City and the surrounding region, up to and including the city where you live (even if it's in Australia, what the heck). Contributors will be blessed by Linus Torvalds, or in the absence of Linus, by the next-most-famous-person willing to watch the video. We'll let you know. If you have cityscapes / landscapes you want to contribute, please contact me off list for uploading info. csnyder ( @chxo.com ) From jsiegel1 at optonline.net Fri Jan 2 16:18:19 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 02 Jan 2004 16:18:19 -0500 Subject: [nycphp-talk] New PHundamentals Article In-Reply-To: <3FF5D727.9000109@att.net> References: <3FF5B392.9060201@optonline.net> <3FF5D727.9000109@att.net> Message-ID: <3FF5E01B.3010907@optonline.net> Thanks for the recommendations. Jeff John Lacey wrote: > > > Jeff Siegel wrote: > >> A new PHundamentals article entitled "Book Recommendations" has been >> added to the PHundamentals section of the NYPHP website. >> >> See: http://phundamentals.nyphp.org/ >> > > I'd also consider recommending another of Larry Ullman's books: "PHP and > MySQL for Dynamic Web Sites" > Unlike his earlier books, this one uses good coding style and it's good > for beginners too. > > > I've also used "Web Database Applications with PHP & MySQL" by Hugh E. > Williams and David Lane > This one features a nice case study as its theme, but I would not > recommend it for beginners since it's a fairly typical O'Reilly book in > that regard. > > hth, > John > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dmintz at davidmintz.org Fri Jan 2 23:17:59 2004 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 2 Jan 2004 23:17:59 -0500 (EST) Subject: [nycphp-talk] security focus again In-Reply-To: <20040102175412.GA5232@panix.com> References: <20040102175412.GA5232@panix.com> Message-ID: Off with his head! --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From webapprentice at mail.com Sat Jan 3 00:04:38 2004 From: webapprentice at mail.com (Webapprentice .) Date: Sat, 03 Jan 2004 00:04:38 -0500 Subject: [nycphp-talk] File uploading: When PHP doesn't have permission to Message-ID: <20040103050438.51026.qmail@mail.com> Hi, I was trying to use the file uploading aspect of PHP. When I tried to execute this line move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile) I get a permission denied error. $_FILES['userfile']['errors'] is equal to 0, which indicates the file was uploaded to the temp directory of the host, so I think it either couldn't copy it to where I wanted (my user directory) or copy out of the tmp directory. Running phpinfo() in my user directory indicates that file_uploads is ON and safe_mode is OFF on the server. I don't own the server, so I don't think I can give PHP permission, or can I? Do I have any way around this? Thanks, Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From dcech at phpwerx.net Sat Jan 3 00:13:43 2004 From: dcech at phpwerx.net (Dan Cech) Date: Sat, 03 Jan 2004 00:13:43 -0500 Subject: [nycphp-talk] File uploading: When PHP doesn't have permission to In-Reply-To: <20040103050438.51026.qmail@mail.com> References: <20040103050438.51026.qmail@mail.com> Message-ID: <3FF64F87.90107@phpwerx.net> It sounds like you do have a permissions problem. You will need to make sure that the webserver process (usually www-data for apache) has permissions to write to the directory where you want to put the uploaded file. A simple test is to create a new directory and set permissions to rwxrwxrwx (chmod 777), then try to move the file there. If it works then you know what your problem is. As for fixing the permissions, you are going to have to figure out a setting which gives the webserver the access it needs, without causing any security problems. There are several different ways to do it, one method is to set the group of the directory to www-data and use the group permission setting to control the access you want to give to php. Hope this helps, Dan Webapprentice . wrote: > Hi, > I was trying to use the file uploading aspect of PHP. > > When I tried to execute this line > move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile) > > I get a permission denied error. > > $_FILES['userfile']['errors'] is equal to 0, which indicates the file was uploaded to the temp directory of the host, so I think it either couldn't copy it to where I wanted (my user directory) or copy out of the tmp directory. Running phpinfo() in my user directory indicates that file_uploads is ON and safe_mode is OFF on the server. > > I don't own the server, so I don't think I can give PHP permission, or can I? > > Do I have any way around this? > > Thanks, > Stephen From hans at newyorkphp.com Sat Jan 3 02:52:20 2004 From: hans at newyorkphp.com (Hans Zaunere) Date: Sat, 3 Jan 2004 02:52:20 -0500 Subject: [nycphp-talk] PHP as CGI Binary Message-ID: <688BD1502D7CA547800722B3501F62BB2676D0@ms03.mailstreet2003.net> > What about setting my own php.ini file? I'd like to turn off > magic_quotes and register_globals (and probably a few other things). > Should I just code around this or can I safely overwrite the > php.ini file that is in cgi-bin? PHP running as a CGI (or CLI) can specify it's own php.ini for the most part. http://www.php.net/manual/en/configuration.php > P.S. The interesting thing, when I try to view the php.ini > file that is in cgi-bin, I only see a few settings. Directives not specified default to their internal PHP setting (as if there was no php.ini at all). H From webapprentice at mail.com Sat Jan 3 13:21:42 2004 From: webapprentice at mail.com (Webapprentice .) Date: Sat, 03 Jan 2004 13:21:42 -0500 Subject: [nycphp-talk] Re: File Uploading Permission Problem (solved) Message-ID: <20040103182142.68764.qmail@mail.com> I changed the permission of the target directory to 777, and the file was able to move successfully. That was the problem. Good thing I didn't have to contact the host to resolve this. Thanks, Dan. >>>>Message: 12 Date: Sat, 03 Jan 2004 00:13:43 -0500 From: Dan Cech Subject: Re: [nycphp-talk] File uploading: When PHP doesn't have permission to It sounds like you do have a permissions problem. You will need to make sure that the webserver process (usually www-data for apache) has permissions to write to the directory where you want to put the uploaded file. A simple test is to create a new directory and set permissions to rwxrwxrwx (chmod 777), then try to move the file there. If it works then you know what your problem is. As for fixing the permissions, you are going to have to figure out a setting which gives the webserver the access it needs, without causing any security problems. There are several different ways to do it, one method is to set the group of the directory to www-data and use the group permission setting to control the access you want to give to php. Hope this helps, Dan<<<<<<< -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From jsiegel1 at optonline.net Sat Jan 3 13:25:07 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sat, 03 Jan 2004 13:25:07 -0500 Subject: [nycphp-talk] PHP as CGI Binary In-Reply-To: <688BD1502D7CA547800722B3501F62BB2676D0@ms03.mailstreet2003.net> References: <688BD1502D7CA547800722B3501F62BB2676D0@ms03.mailstreet2003.net> Message-ID: <3FF70903.8020002@optonline.net> I'll take a closer look at configuration.php. Jeff Hans Zaunere wrote: >>What about setting my own php.ini file? I'd like to turn off >>magic_quotes and register_globals (and probably a few other things). >>Should I just code around this or can I safely overwrite the >>php.ini file that is in cgi-bin? > > > PHP running as a CGI (or CLI) can specify it's own php.ini for the most > part. > > http://www.php.net/manual/en/configuration.php > > >>P.S. The interesting thing, when I try to view the php.ini >>file that is in cgi-bin, I only see a few settings. > > > Directives not specified default to their internal PHP setting (as if > there was no php.ini at all). > > H > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From wiw at nyc.rr.com Sat Jan 3 15:30:38 2004 From: wiw at nyc.rr.com (Bill Wolf) Date: Sat, 3 Jan 2004 15:30:38 -0500 Subject: [nycphp-talk] Looking for sites with free web design templates Message-ID: <200401032028.i03KSetu013424@nycsmtp4out-eri0.rdc-nyc.rr.com> I've been using designs from here a lot: http://www.oswd.org/ It's been a huge timesaver since I'm not that graphically inclined other than I know what I like when I see it. Anyone know of other sites that are similar troths of free design templates? When I try googling I end up with mostly pay sites or crap. Thanks -Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From csnyder at chxo.com Sat Jan 3 16:26:50 2004 From: csnyder at chxo.com (Chris Snyder) Date: Sat, 03 Jan 2004 16:26:50 -0500 Subject: [nycphp-talk] Looking for sites with free web design templates In-Reply-To: <200401032028.i03KSetu013424@nycsmtp4out-eri0.rdc-nyc.rr.com> References: <200401032028.i03KSetu013424@nycsmtp4out-eri0.rdc-nyc.rr.com> Message-ID: <3FF7339A.9070601@chxo.com> Bill Wolf wrote: > Anyone know of other sites that are similar troths of free design > templates? When I try googling I end up with mostly pay sites or crap. I assume you know why that's the case. ;-) Try trolling around the various blogging sites (Blogger, MoveableType, etc) -- very often the designers who create templates for these systems are willing to let you use them elsewhere. Also, I believe that all of the excellent stylesheets at the CSS Zen Garden are available under a Creative Commons license: http://www.csszengarden.com/ From jsiegel1 at optonline.net Sat Jan 3 16:36:04 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sat, 03 Jan 2004 16:36:04 -0500 Subject: [nycphp-talk] Easyphp Message-ID: <3FF735C4.2000007@optonline.net> Anyone have experience with easyphp? (http://www.easyphp.org/) Or can suggest an alternative? I have an old Compaq laptop (500 mhz Armada) running Win98. Family circumstances have forced me to to make a quick emergency trip...so I need PHP, etc., on the laptop to continue my work. Jeff Siegel From cderr at simons-rock.edu Sat Jan 3 16:38:58 2004 From: cderr at simons-rock.edu (charlie derr) Date: Sat, 03 Jan 2004 16:38:58 -0500 Subject: [nycphp-talk] Easyphp In-Reply-To: <3FF735C4.2000007@optonline.net> References: <3FF735C4.2000007@optonline.net> Message-ID: <3FF73672.2070304@simons-rock.edu> I don't have the answer to the question you asked (no experience with easyphp here, sorry), but I do have another suggestion. Install linux on the laptop :-] ~c Jeff Siegel wrote: > Anyone have experience with easyphp? (http://www.easyphp.org/) Or can > suggest an alternative? > > I have an old Compaq laptop (500 mhz Armada) running Win98. Family > circumstances have forced me to to make a quick emergency trip...so I > need PHP, etc., on the laptop to continue my work. > > Jeff Siegel > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Sat Jan 3 16:53:14 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 3 Jan 2004 16:53:14 -0500 Subject: [nycphp-talk] Easyphp In-Reply-To: <3FF735C4.2000007@optonline.net> Message-ID: <001601c3d243$fd8305d0$bf8d3818@oberon1> John Lacey wrote: "I ran across this site a while back that packages an Apache/PHP/MySQL, etc environment ala "phpdev" at firepages.au. They call their packing "XAMPP". They're based in Germany. I also discovered the '7-zip' format here -- it rocks (I'm on a dialup out here in what was previously cow country Colorado :) http://www.apachefriends.org/index-en.html " I think the distro will run on win98 -- you get everything in one shot You might want to have a look... T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel > Sent: Saturday, January 03, 2004 4:36 PM > To: NYPHP Talk > Subject: [nycphp-talk] Easyphp > > > Anyone have experience with easyphp? (http://www.easyphp.org/) Or can > suggest an alternative? > > I have an old Compaq laptop (500 mhz Armada) running Win98. Family > circumstances have forced me to to make a quick emergency trip...so I > need PHP, etc., on the laptop to continue my work. > > Jeff Siegel > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Sat Jan 3 16:54:12 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sat, 03 Jan 2004 16:54:12 -0500 Subject: [nycphp-talk] Easyphp In-Reply-To: <3FF73672.2070304@simons-rock.edu> References: <3FF735C4.2000007@optonline.net> <3FF73672.2070304@simons-rock.edu> Message-ID: <3FF73A04.1070700@optonline.net> I thought of that. Time is an issue (I'm leaving in a few days) and I know I have to jump through a hoop or two to get it to run on the laptop. Jeff charlie derr wrote: > I don't have the answer to the question you asked (no experience with > easyphp here, sorry), but I do have another suggestion. > > Install linux on the laptop :-] > > ~c > > Jeff Siegel wrote: > >> Anyone have experience with easyphp? (http://www.easyphp.org/) Or can >> suggest an alternative? >> >> I have an old Compaq laptop (500 mhz Armada) running Win98. Family >> circumstances have forced me to to make a quick emergency trip...so I >> need PHP, etc., on the laptop to continue my work. >> >> Jeff Siegel >> >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Sat Jan 3 16:57:43 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sat, 03 Jan 2004 16:57:43 -0500 Subject: [nycphp-talk] Easyphp In-Reply-To: <001601c3d243$fd8305d0$bf8d3818@oberon1> References: <001601c3d243$fd8305d0$bf8d3818@oberon1> Message-ID: <3FF73AD7.7040701@optonline.net> That's the one I was thinking about...just couldn't remember the URL...doing some Googling I found the easyphp. Jeff Tim Gales wrote: > John Lacey wrote: > > "I ran across this site a while back that packages an Apache/PHP/MySQL, > etc environment ala "phpdev" at firepages.au. They call their packing > "XAMPP". They're based in Germany. I also discovered the '7-zip' > format here -- it rocks (I'm on a dialup out here in what was previously > cow country Colorado :) > > http://www.apachefriends.org/index-en.html " > > I think the distro will run on win98 -- > you get everything in one shot > > You might want to have a look... > > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > >>-----Original Message----- >>From: talk-bounces at lists.nyphp.org >>[mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel >>Sent: Saturday, January 03, 2004 4:36 PM >>To: NYPHP Talk >>Subject: [nycphp-talk] Easyphp >> >> >>Anyone have experience with easyphp? (http://www.easyphp.org/) Or can >>suggest an alternative? >> >>I have an old Compaq laptop (500 mhz Armada) running Win98. Family >>circumstances have forced me to to make a quick emergency trip...so I >>need PHP, etc., on the laptop to continue my work. >> >>Jeff Siegel >> >> >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jlacey at att.net Sat Jan 3 17:19:05 2004 From: jlacey at att.net (John Lacey) Date: Sat, 03 Jan 2004 15:19:05 -0700 Subject: [nycphp-talk] Easyphp In-Reply-To: <3FF735C4.2000007@optonline.net> References: <3FF735C4.2000007@optonline.net> Message-ID: <3FF73FD9.2010600@att.net> try XAMPP http://www.apachefriends.org/wampp-en.html Jeff Siegel wrote: > Anyone have experience with easyphp? (http://www.easyphp.org/) Or can > suggest an alternative? > > I have an old Compaq laptop (500 mhz Armada) running Win98. Family > circumstances have forced me to to make a quick emergency trip...so I > need PHP, etc., on the laptop to continue my work. > > Jeff Siegel > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From csnyder at chxo.com Sat Jan 3 17:33:16 2004 From: csnyder at chxo.com (Chris Snyder) Date: Sat, 03 Jan 2004 17:33:16 -0500 Subject: [nycphp-talk] Easyphp In-Reply-To: <3FF73672.2070304@simons-rock.edu> References: <3FF735C4.2000007@optonline.net> <3FF73672.2070304@simons-rock.edu> Message-ID: <3FF7432C.20503@chxo.com> charlie derr wrote: > Install linux on the laptop :-] As long as we're making irrational suggestions for a last-minute trip, go buy an Apple PowerBook. PHP is part of OSX. But seriously, it's not so difficult to get AMP running on a Win laptop. From jsiegel1 at optonline.net Sat Jan 3 17:45:34 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sat, 03 Jan 2004 17:45:34 -0500 Subject: [nycphp-talk] Easyphp In-Reply-To: <3FF73FD9.2010600@att.net> References: <3FF735C4.2000007@optonline.net> <3FF73FD9.2010600@att.net> Message-ID: <3FF7460E.9040303@optonline.net> Just downloaded it! Jeff John Lacey wrote: > > > try XAMPP > > http://www.apachefriends.org/wampp-en.html > > > > Jeff Siegel wrote: > >> Anyone have experience with easyphp? (http://www.easyphp.org/) Or can >> suggest an alternative? >> >> I have an old Compaq laptop (500 mhz Armada) running Win98. Family >> circumstances have forced me to to make a quick emergency trip...so I >> need PHP, etc., on the laptop to continue my work. >> >> Jeff Siegel >> >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Sat Jan 3 17:59:41 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sat, 03 Jan 2004 17:59:41 -0500 Subject: [nycphp-talk] Easyphp In-Reply-To: <3FF7432C.20503@chxo.com> References: <3FF735C4.2000007@optonline.net> <3FF73672.2070304@simons-rock.edu> <3FF7432C.20503@chxo.com> Message-ID: <3FF7495D.2060605@optonline.net> Now you're talkin'! Get a new laptop! Jeff Chris Snyder wrote: > charlie derr wrote: > >> Install linux on the laptop :-] > > > As long as we're making irrational suggestions for a last-minute trip, > go buy an Apple PowerBook. PHP is part of OSX. > > But seriously, it's not so difficult to get AMP running on a Win laptop. > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From adam at trachtenberg.com Sat Jan 3 19:26:13 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Sat, 3 Jan 2004 19:26:13 -0500 (EST) Subject: [nycphp-talk] Any PHP5-related books out? In-Reply-To: <20031231215841.22277.qmail@web14311.mail.yahoo.com> References: <20031231215841.22277.qmail@web14311.mail.yahoo.com> Message-ID: On Wed, 31 Dec 2003, Chris Shiflett wrote: > --- jon baer wrote: > > Cool ... Id take it will be something coming out @ same time as the > > Security Handbook? Is there any approx. dates? > > I'd bet money that the PHP 5 book will be out before mine. :-) This will require the PHP 5 book author to get his act in order. Luckily, there was just a new year and resolutions to go along with it. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From guru at dotgeek.org Sat Jan 3 19:29:05 2004 From: guru at dotgeek.org (David Costa) Date: Sun, 4 Jan 2004 01:29:05 +0100 Subject: [nycphp-talk] Easy Install on Linux Message-ID: <00B8DB80-3E4D-11D8-AF71-000A95EB456A@dotgeek.org> Hello! if you are interested in Linux easy install of Apache,PHP,MySQL, SQLite it might be worth to have a look at Collegelinux: "CollegeLinux 2.5 (http://linux.college.ch ) codenamed "Obi Wan", is an easy to use Linux distribution based on Slackware. Obiwan comes ready for php development and is the only linux distribution so far to do this. apache/php/mysql/sqlite/phpmyadmin/sqlitemanger/webmin come preinstalled, with a one-step configuration via our own tool, called CL server robot. Not content with just providing the server side, the distro also comes with Kdevelop, an IDE that works natively with PHP in a fully functional desktop environment. After a CollegeLinux installation everything you need for developing in PHP is setup for you: your server will be up and running and you can easily change any of the settings via webmin, a user-friendly graphical control panel." David Costa, Project Manager CollegeLinux From webpage at ureach.com Sat Jan 3 21:17:25 2004 From: webpage at ureach.com (Web Page) Date: Sat, 3 Jan 2004 21:17:25 -0500 Subject: [nycphp-talk] Easyphp Message-ID: <200401040217.VAA30886@www23.ureach.com> Hi! EasyPHP should work on your laptop. I have "EasyPHP" installed on a 380MHZ AMD K-2 computer running Win98. It works OK. If you know how to tweak "php.ini" for things like timeouts and warnings you should be OK. It does not run as fast as if it is on an AMD Altheon but it will work OK. It also installs easily. I run "Moodle" ( http://moodle.org ) and "phpNUKE" ( http://phpNUKE.org ). Make sure you install the program off the "C" directory and not the "Program Files" directory. So after the install you should have, C:\EasyPHP1-7 and not C\:Program Files\EasyPHP1-7 Make sure you read the following install tutorial before installing the program. Rod's Guide for EasyPHP Install Guide 1.7 http://www.canowhoopass.com/guides/easyphp/ WP Webbing Along ;):) ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Sat, 03 Jan 2004, Jeff Siegel (jsiegel1 at optonline.net) wrote: > Now you're talkin'! Get a new laptop! > > Jeff > > Chris Snyder wrote: > > charlie derr wrote: > > > >> Install linux on the laptop :-] > > > > > > As long as we're making irrational suggestions for a last-minute trip, > > go buy an Apple PowerBook. PHP is part of OSX. > > > > But seriously, it's not so difficult to get AMP running on a Win laptop. > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk From bpang at bpang.com Sat Jan 3 22:53:27 2004 From: bpang at bpang.com (bpang at bpang.com) Date: Sat, 3 Jan 2004 22:53:27 -0500 (EST) Subject: [nycphp-talk] Easyphp In-Reply-To: <3FF73A04.1070700@optonline.net> References: <3FF735C4.2000007@optonline.net> <3FF73672.2070304@simons-rock.edu> <3FF73A04.1070700@optonline.net> Message-ID: <.38.117.145.89.1073188407.squirrel@www.bpang.com> Don't know how you are getting to your final destination, but maybe doing the install on the plane would be a good way to pass the time. Probably the biggest hoop would be getting the ISOs or CDs in time (unless you bought a packaged set). Whenever I've done a linux install, it hasn't taken more than an hour (not including disk error checking), if that. The most common problem I've had with laptops has been with the video drivers, but that can all be tweaked post-install. > I thought of that. Time is an issue (I'm leaving in a few days) and I > know I have to jump through a hoop or two to get it to run on the laptop. > >> Install linux on the laptop :-] >> >>> I have an old Compaq laptop (500 mhz Armada) running Win98. Family >>> circumstances have forced me to to make a quick emergency trip...so I >>> need PHP, etc., on the laptop to continue my work. >>> From jsiegel1 at optonline.net Sun Jan 4 00:39:31 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sun, 04 Jan 2004 00:39:31 -0500 Subject: [nycphp-talk] Easyphp In-Reply-To: <200401040217.VAA30886@www23.ureach.com> References: <200401040217.VAA30886@www23.ureach.com> Message-ID: <3FF7A713.1050700@optonline.net> Now I have a dilemma...I downloaded both easyphp and Xampp. I'll toss a coin to figure out which one to install (once, of course, I find the darned network card dongle!). Jeff Web Page wrote: > Hi! > > EasyPHP should work on your laptop. I have "EasyPHP" installed > on a 380MHZ AMD K-2 computer running Win98. It works OK. If > you know how to tweak "php.ini" for things like timeouts and > warnings you should be OK. It does not run as fast as if it is > on an AMD Altheon but it will work OK. > > It also installs easily. I run "Moodle" ( http://moodle.org ) > and "phpNUKE" ( http://phpNUKE.org ). > > Make sure you install the program off the "C" directory and not > the "Program Files" directory. So after the install you should > have, > C:\EasyPHP1-7 > and not > C\:Program Files\EasyPHP1-7 > > Make sure you read the following install tutorial before > installing the program. > Rod's Guide for EasyPHP Install Guide 1.7 > http://www.canowhoopass.com/guides/easyphp/ > > WP > Webbing Along ;):) > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag > > > ---- On Sat, 03 Jan 2004, Jeff Siegel (jsiegel1 at optonline.net) > wrote: > > >>Now you're talkin'! Get a new laptop! >> >>Jeff >> >>Chris Snyder wrote: >> >>>charlie derr wrote: >>> >>> >>>>Install linux on the laptop :-] >>> >>> >>>As long as we're making irrational suggestions for a > > last-minute trip, > >>>go buy an Apple PowerBook. PHP is part of OSX. >>> >>>But seriously, it's not so difficult to get AMP running on a > > Win laptop. > >>>_______________________________________________ >>>talk mailing list >>>talk at lists.nyphp.org >>>http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Mon Jan 5 10:02:45 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 05 Jan 2004 10:02:45 -0500 Subject: [nycphp-talk] New PHundamentals Article Message-ID: <3FF97C95.8050700@optonline.net> We're starting off the New Year with a new PHundamentals article entitled "Storing Data Submitted From a Form and Displaying Data from a Database." See: http://phundamentals.nyphp.org/ Please notify us ASAP if there any errors that need to be addressed. Jeff Siegel & Michael Southwell -The PHundamentals Team From jlacey at att.net Mon Jan 5 10:51:32 2004 From: jlacey at att.net (John Lacey) Date: Mon, 05 Jan 2004 08:51:32 -0700 Subject: [nycphp-talk] New PHundamentals Article In-Reply-To: <3FF97C95.8050700@optonline.net> References: <3FF97C95.8050700@optonline.net> Message-ID: <3FF98804.2010003@att.net> Jeff Siegel wrote: > We're starting off the New Year with a new PHundamentals article > entitled "Storing Data Submitted From a Form and Displaying Data from a > Database." > > See: http://phundamentals.nyphp.org/ > Here's a file for phpTest I've modified to add SQLite support. It illustrates a way of handling different escape methods depending on whether magic_quotes_gpc is on or off. The next step is to convert it to use ADODB. you're welcome to post the prep_vars() snippet or whatever John -------------- next part -------------- An HTML attachment was scrubbed... URL: From dcech at phpwerx.net Mon Jan 5 10:59:32 2004 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 05 Jan 2004 10:59:32 -0500 Subject: [nycphp-talk] New PHundamentals Article In-Reply-To: <3FF98804.2010003@att.net> References: <3FF97C95.8050700@optonline.net> <3FF98804.2010003@att.net> Message-ID: <3FF989E4.1000802@phpwerx.net> Thanks for the code John, It is really preferable to take care of magic_quotes_gpc at the beginning of the script, rather than at the time of insertion into the database. By doing it that way any validation, redisplay, etc of submitted data can be done without needing to worry about the effects of magic_quotes. From the looks of your code it should be very easy to convert it into an ADOdb wrapper library. Dan John Lacey wrote: > > > Jeff Siegel wrote: > >> We're starting off the New Year with a new PHundamentals article >> entitled "Storing Data Submitted From a Form and Displaying Data from >> a Database." >> >> See: http://phundamentals.nyphp.org/ >> > > Here's a file for phpTest I've modified to add SQLite support. It > illustrates a way of handling different escape methods depending on > whether magic_quotes_gpc is on or off. > The next step is to convert it to use ADODB. > > you're welcome to post the prep_vars() snippet or whatever > > John > > > ------------------------------------------------------------------------ > > db_host = DB_HOST; $this->db_username = DB_USERNAME; $this->db_password > = DB_PASSWORD; $this->db_use_pconnect = DB_USE_PCONNECT; > $this->default_db = DEFAULT_DB; $this->db_type = DB_TYPE; $this->db_mode > = DB_MODE; // added SQLITE open database file mode $this->debug = FALSE; > $this->logfile = 'db_queries.txt'; if ($this->debug) { $this->fp = > fopen($this->logfile, 'a'); } if ($this->db_use_pconnect) { > $this->pconnect($this->default_db); } else { > $this->connect($this->default_db); } if (($this->db_type != 'mysql') && > ($this->db_type != 'sqlite')) { die("Invalid database type in > config.inc.php"); } } function affected_rows($result) { switch > ($this->db_type) { case 'mysql': return > mysql_affected_rows($this->result); case 'sqlite': return > sqlite_changes($this->link_id); } } function auto_insert($table_name = > '') { switch ($this->db_type) { case 'mysql': $value = 'NULL'; break; > case 'sqlite': $value = 'NULL'; break; } if ($this->debug) echo > "auto_insert is $value > "; return $value; } function connect($db_name) { switch ($this->db_type) > { case 'mysql': $this->link_id = mysql_connect($this->db_host, > $this->db_username, $this->db_password) or $this->sql_error(); > mysql_select_db($db_name, $this->link_id) or $this->sql_error(); break; > case 'sqlite': $this->link_id = sqlite_open($this->default_db, > $this->db_mode, &$this->sqlite_error_msg) or $this->sql_error(); break; > } if ($this->debug) { fwrite($this->fp, $this->format_date() . " --- > Connected to " . $this->db_type . "---\n"); } return; } // this function > only used for escape in uploaded images function escape_data($data, > $size = 0) { switch ($this->db_type) { case 'mysql': $escaped_data = > addslashes($data); break; case 'sqlite': $escaped_data = > sqlite_escape_string($data); break; } return $escaped_data; } function > insert_id() { switch ($this->db_type) { case 'mysql': $insert_id = > mysql_insert_id($this->link_id); break; case 'sqlite': $insert_id = > sqlite_last_insert_rowid($this->link_id); break; } if ($this->debug) { > fwrite($this->fp, $this->format_date() . " Insert ID is " . $insert_id . > "\n"); } return $insert_id; } function fetch_array($result, $row = '0') > { switch ($this->db_type) { case 'mysql': return > mysql_fetch_array($result); case 'sqlite': return > sqlite_fetch_array($result); } } function fetch_object($result, $row = > '0') { switch ($this->db_type) { case 'mysql': return > mysql_fetch_object($result); case 'sqlite': if > (sqlite_has_more($result)) { return (object)sqlite_fetch_array($result, > SQLITE_ASSOC); } else { return FALSE; } } } function fetch_row($result, > $row = '') { switch ($this->db_type) { case 'mysql': return > mysql_fetch_row($result); case 'sqlite': return > sqlite_fetch_array($result, SQLITE_NUM); } } function format_date() { > switch ($this->db_type) { case 'mysql': return date('Y-m-d H:i:s'); // > 2001-12-06 18:00:00 case 'sqlite': return date('Y-m-d H:i:s'); } } // > returns an array with the field names for a given table_name function > list_fields($table_name) { switch ($this->db_type) { case 'mysql': > $fields = mysql_list_fields($this->default_db, $table_name, > $this->link_id); $columns = mysql_num_fields($fields); for ($i = 0; $i < > $columns; $i++) { $field[] = mysql_field_name($fields, $i); } break; > case 'sqlite': // TODO: this function only called from config_views -- > not used break; } // if ($this->debug) echo ' > ' . print_r($field) . ' > '; sort($field); return $field; } function num_rows($result) { switch > ($this->db_type) { case 'mysql': $numrows = mysql_num_rows($result); > break; case 'sqlite': $numrows = sqlite_num_rows($result); break; } if > ($this->debug) { fwrite($this->fp, $this->format_date() . " Numrows is > $numrows\n"); } return $numrows; } function pconnect($db_name) { switch > ($this->db_type) { case 'mysql': $this->link_id = > mysql_pconnect($this->db_host, $this->db_username, $this->db_password); > if (!$this->link_id) { $this->sql_error(); // database connection failed > } if (!mysql_select_db($db_name)) { $this->sql_error(); // unable to > select database } break; case 'sqlite': $this->link_id = > sqlite_popen($this->default_db, $this->db_mode, > &$this->sqlite_error_msg); if (!$this->link_id) { $this->sql_error(); } > break; } if ($this->debug) { fwrite($this->fp, $this->format_date() . " > --- Connected to " . $this->db_type . "---\n"); } } function prep_vars() > { $num_args = func_num_args(); $vars = array(); $magic_quotes_gpc = > get_magic_quotes_gpc(); switch ($this->db_type) { case 'mysql': if > ($magic_quotes_gpc) { for ($i = 0; $i < $num_args; $i++) { $vars[$i] = > func_get_arg($i); } } else { for ($i = 0; $i < $num_args; $i++) { > $vars[$i] = addslashes(func_get_arg($i)); } } break; case 'sqlite': if > ($magic_quotes_gpc) { for ($i = 0; $i < $num_args; $i++) { $vars[$i] = > sqlite_escape_string(stripslashes(func_get_arg($i))); } } else { for ($i > = 0; $i < $num_args; $i++) { $vars[$i] = > sqlite_escape_string(func_get_arg($i)); } } break; } return $vars; } > function query($sql_query) { if ($this->debug) { fwrite($this->fp, > $this->format_date() . " Query: $sql_query\n"); } switch > ($this->db_type) { case 'mysql': $result = mysql_query($sql_query, > $this->link_id); break; case 'sqlite': $result = > sqlite_query($sql_query, $this->link_id); break; } if (!$result) { > $this->sql_error($sql_query); } return $result; } function > sql_error($query = FALSE) { global $admin_email; switch ($this->db_type) > { case 'mysql': $this->sql_error_number = mysql_errno($this->link_id); > $this->sql_error_name = mysql_error($this->link_id); break; case > 'sqlite': $this->sql_error_name = > sqlite_error_string(sqlite_last_error($this->link_id)); break; } > $admin_blurb = (ADMIN_EMAIL) ? "site administrator <\"mailto:">" : "site > administrator"; echo " > There was an SQL error. The error message is: > *$this->sql_error_name*" . " > Please notify the $admin_blurb. > "; if ($this->debug) { fwrite($this->fp, $db->format_date() . " Error: > $this->sql_error_name\n"); } if ($query) { echo "The SQL Query that > failed is: *$query*"; } die(); } } ?> > > > ------------------------------------------------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From nyphp at websapp.com Mon Jan 5 11:04:13 2004 From: nyphp at websapp.com (Daniel Kushner) Date: Mon, 5 Jan 2004 11:04:13 -0500 Subject: [nycphp-talk] Paging Stefan (gadhra) Message-ID: Please drop me an email... --Daniel Kusnner From jlacey at att.net Mon Jan 5 11:17:56 2004 From: jlacey at att.net (John Lacey) Date: Mon, 05 Jan 2004 09:17:56 -0700 Subject: [nycphp-talk] New PHundamentals Article In-Reply-To: <3FF989E4.1000802@phpwerx.net> References: <3FF97C95.8050700@optonline.net> <3FF98804.2010003@att.net> <3FF989E4.1000802@phpwerx.net> Message-ID: <3FF98E34.1040209@att.net> Dan Cech wrote: >> > It is really preferable to take care of magic_quotes_gpc at the > beginning of the script, rather than at the time of insertion into the > database. By doing it that way any validation, redisplay, etc of > submitted data can be done without needing to worry about the effects of > magic_quotes. > Agree. Since this was an add-on, I wanted to do all the db sensitive stuff in one place. I have an aversion to testing for the type of database in other places. In this case, it seemed the quickest way of dropping in SQLite support without regard to how a sever's php.ini file may be set up. Ideally, all 'magic' stuff should be "off" as in the php-recommended file J From ejp at well.com Mon Jan 5 11:55:05 2004 From: ejp at well.com (Edward Potter) Date: Mon, 5 Jan 2004 11:55:05 -0500 Subject: [nycphp-talk] Open-source databases gaining favor | CNET News.com Message-ID: FYI: Open-source databases gaining favor | CNET News.com http://news.com.com/2100-7344_3-5134836.html?tag=nefd_top //--------------------------------------- ejp at well.com http://www.exitart.org http://mygoo.typepad.com From emm at scriptdigital.com Mon Jan 5 12:50:17 2004 From: emm at scriptdigital.com (Emmanuel =?iso-8859-1?Q?D=E9carie?=) Date: Mon, 05 Jan 2004 12:50:17 -0500 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <20040105170003.6474EA86BF@virtu.nyphp.org> Message-ID: Hi there, I think that there's 3 points that need clarification: (1) "Best Practice: Do not use the function addslashes but, instead, use a function that is specific to your database." Could the tutorial elaborate a little bit more on this? I have been using addslashes with Mysql with no problems and the tutorial doesn't convince me why I should change to mysql_escape_string/mysql_real_escape_string. (2) htmlentities/htmlspecialchars I think the tutorial should insist that the best practice is not using these functions on data that you want to *insert* in a database. (3) "You will notice that two commands - addslashes and stripslashes - are conspicously absent from this article. If you follow our best practice recommendations, there is no need to use either one of these functions in the situations that have been examined." The bit on stripslashes need also some clarification. Every time I insert some values in Mysql, I use addslashes, and when I want to get back these values from the database, I always use stripslashes on these values but the tutorial makes me realize now how stupid I am and that there's no need in fact to use stripslashes in this case. I don't know where I got this idea, but anyway, I'm sure many people felt in this trap. Anyway, thanks for the tutorial, I learned something :). PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and wanted 'conspicuously' instead. Cheers -Emmanuel -- Emmanuel D?carie / Programmation pour le Web - Programming for the Web - Blog: - AIM: scriptdigital From tgales at tgaconnect.com Mon Jan 5 12:53:07 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 5 Jan 2004 12:53:07 -0500 Subject: [nycphp-talk] an old thread on a proposed function for PHP Message-ID: <002d01c3d3b4$c77a9760$bf8d3818@oberon1> Last month there was some discussion to the effect of "what was in their [the php developers'] mind when they created 'magic quotes'? " (why does PHP have this feature[?] at all?) I was doing something else over the weekend, when I ran across the following thread: Sara Golemon wrote (20 Feb 2003): "I recall a discussion sometime back about making file_put_contents()(create a file and write the provided contents to it in one command)... Was it decided not to create these..." http://www.zend.com/lists/php-dev/200302/msg00522.html Following the thread can give you an insight (of sorts) into the collective mind of people working on PHP. If this sort of thing interests you at all, I suggest you follow the thread at least to where Sascha Schumann says: "That must be one of the most useless function proposals I've seen so far. Now, if the function could atomically replace file contents, then it would be something entirely different. But a simple wrapper for a two-line fopen/fputs? Get real." But I encourage you to follow the thread to where Rasmus Lerdorf says: "I do agree with Sascha that file_put_contents() as it is currently proposed is useless" Then take a look at the following: http://php.us.themoes.org/manual/en/function.file-put-contents.php T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com Quotation: "in logic, the set of operators "not" and "or" is described as orthogonal, but the set "nand", "or", and "not" is not (because any one of these can be expressed in terms of the others)." from: http://dictionary.reference.com definition of 'orthogonal' From adam at trachtenberg.com Mon Jan 5 13:27:43 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Mon, 5 Jan 2004 13:27:43 -0500 (EST) Subject: [nycphp-talk] an old thread on a proposed function for PHP In-Reply-To: <002d01c3d3b4$c77a9760$bf8d3818@oberon1> References: <002d01c3d3b4$c77a9760$bf8d3818@oberon1> Message-ID: On Mon, 5 Jan 2004, Tim Gales wrote: > Last month there was some discussion to the effect > of "what was in their [the php developers'] mind > when they created 'magic quotes'? " > (why does PHP have this feature[?] at all?) FWIW, magic quotes dates back forever, all the way back to January 24, 1996. This means it's 8th birthday is later this month! That's version 1.99a of PHP. I'm sure it seemed helpful to Rasmus at the time. ;) > Following the thread can give you an insight (of sorts) > into the collective mind of people working on PHP. Oddly enough, I would say the majority of people who develop PHP haven't actually used PHP in years. They used to use PHP, but got bored writing Web pages and moved onto language development (err... or writing books.) This is, IMHO, a serious issue, but I haven't figured out how to fix it. Suggestions are welcome. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From dcech at phpwerx.net Mon Jan 5 13:27:52 2004 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 05 Jan 2004 13:27:52 -0500 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: References: Message-ID: <3FF9ACA8.8020502@phpwerx.net> Hi Emmanuel, Emmanuel D?carie wrote: > Hi there, > > I think that there's 3 points that need clarification: > > > (1) "Best Practice: Do not use the function addslashes but, instead, use a > function that is specific to your database." > > Could the tutorial elaborate a little bit more on this? I have been using > addslashes with Mysql with no problems and the tutorial doesn't convince me why > I should change to mysql_escape_string/mysql_real_escape_string. Addslashes will escape " (double quote), ' (single quote) \ (backslash) and NUL (the null byte) with a backslash. mysql_real_escape_string will take into account the character set of the current connection, and escape characters as appropriate. Both mysql_escape_string and mysql_real_escape_string will also quote instances of other characters which are 'special' in mysql, including: \0 An ASCII 0 (NUL) character. \' A single quote (`'') character. \" A double quote (`"') character. \b A backspace character. \n A newline character. \r A carriage return character. \t A tab character. \z ASCII(26) (Control-Z). This character can be encoded to allow you to work around the problem that ASCII(26) stands for END-OF-FILE on Windows. (ASCII(26) will cause problems if you try to use mysql database < filename.) \\ A backslash (`\') character. In addition, they will encode any newlines into their encoded (\n or \r\n) counterpart. All of the database-specific functions included these kinds of special cases for the particular database, whereas addslashes does not. For simple data it will work, but sooner or later you are going to end up in a situation where addslashes alone will fail. > (2) htmlentities/htmlspecialchars > > I think the tutorial should insist that the best practice is not using these > functions on data that you want to *insert* in a database. This is very true, I think that the article makes this fairly clear. This is not a matter of best practice, but something that should (almost) never be done. > (3) "You will notice that two commands - addslashes and stripslashes - are > conspicously absent from this article. If you follow our best practice > recommendations, there is no need to use either one of these functions in the > situations that have been examined." > > The bit on stripslashes need also some clarification. Every time I insert some > values in Mysql, I use addslashes, and when I want to get back these values from > the database, I always use stripslashes on these values but the tutorial makes > me realize now how stupid I am and that there's no need in fact to use > stripslashes in this case. I don't know where I got this idea, but anyway, I'm > sure many people felt in this trap. > > Anyway, thanks for the tutorial, I learned something :). > > PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and wanted > 'conspicuously' instead. Conspicuously is correct. Dan > Cheers > -Emmanuel > -- > Emmanuel D?carie / Programmation pour le Web - Programming for the Web > - Blog: - AIM: scriptdigital From shiflett at php.net Mon Jan 5 13:47:16 2004 From: shiflett at php.net (Chris Shiflett) Date: Mon, 5 Jan 2004 10:47:16 -0800 (PST) Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: Message-ID: <20040105184716.96801.qmail@web14309.mail.yahoo.com> --- Emmanuel D?carie wrote: > (1) "Best Practice: Do not use the function addslashes but, instead, > use a function that is specific to your database." > > Could the tutorial elaborate a little bit more on this? First of all, this looks to be another great phundamentals article. I really like this series (or whatever you want to call it). I agree with Emmanuel that some elaboration would be useful here. Whenever a best practice is seldom followed, a very clear justification can be a great thing. Being right and convincing someone else that you're right are often very different things. :-) > (2) htmlentities/htmlspecialchars > > I think the tutorial should insist that the best practice is not using > these functions on data that you want to *insert* in a database. More elaboration in general might be good. I would consider these functions the "least you can do" when you're displaying potentially tainted data to the user. If you're not displaying data, htmlentities() probably isn't going to offer you the type of protection you seek. There are also two different opinions on this: 1. Perform htmlentities() prior to storage. 2. Perform htmlentities() prior to display. The first can be better if you must display data in HTML very often. Rather than perform htmlentities() every time, you can just pull straight from the database. The second is usually best if you have other uses for the data besides displaying it in HTML. It is also best if your security model revolves around cleaning up data the moment it enters into your application. This can be a good approach in terms of keeping things simple for your developers. The best thing to do in general would be to validate your data according to exactly what it is supposed to be. I'm not creative enough to think of a way to inject some XSS that subverts htmlentities(), but it seems like something that might be possible. Also, adhering to strong security practices is a good idea in general, since such things can potentially protect you from attacks that you're not even aware of. > PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and > wanted 'conspicuously' instead. Probably because conspicously is not a word. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From tgales at tgaconnect.com Mon Jan 5 13:53:32 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 5 Jan 2004 13:53:32 -0500 Subject: [nycphp-talk] an old thread on a proposed function for PHP In-Reply-To: Message-ID: <002e01c3d3bd$3871fd20$bf8d3818@oberon1> Adam Trachtenberg wrote: "Oddly enough, I would say the majority of people who develop PHP haven't actually used PHP in years..." Nevertheless it would seem that they would still care about the language. If a proposed function is useless and adds bloat, why put it in PHP 5? T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jlacey at att.net Mon Jan 5 13:53:54 2004 From: jlacey at att.net (John Lacey) Date: Mon, 05 Jan 2004 11:53:54 -0700 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <20040105184716.96801.qmail@web14309.mail.yahoo.com> References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> Message-ID: <3FF9B2C2.9020809@att.net> Chris Shiflett wrote: > There are also two different opinions on this: > > 1. Perform htmlentities() prior to storage. > 2. Perform htmlentities() prior to display. > > The first can be better if you must display data in HTML very often. > Rather than perform htmlentities() every time, you can just pull straight > from the database. > FWIW, I believe data should be "display-agnostic" for want of a better term. Keeping it "raw" is, in my opinion, the way to handle stored data. John From shiflett at php.net Mon Jan 5 13:57:40 2004 From: shiflett at php.net (Chris Shiflett) Date: Mon, 5 Jan 2004 10:57:40 -0800 (PST) Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <3FF9B2C2.9020809@att.net> Message-ID: <20040105185740.36564.qmail@web14303.mail.yahoo.com> --- John Lacey wrote: > > There are also two different opinions on this: > > > > 1. Perform htmlentities() prior to storage. > > 2. Perform htmlentities() prior to display. > > > > The first can be better if you must display data in HTML very often. > > Rather than perform htmlentities() every time, you can just pull > > straight from the database. > > FWIW, I believe data should be "display-agnostic" for want > of a better term. Keeping it "raw" is, in my opinion, the > way to handle stored data. Yes, and this is why some people argue for case 2. However, believe me when I tell you that once you are having to fetch and display this data millions of times a day, you might find yourself being a bit more open-minded. :-) I think it's best to choose whichever approach is appropriate for the situation. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jlacey at att.net Mon Jan 5 13:59:58 2004 From: jlacey at att.net (John Lacey) Date: Mon, 05 Jan 2004 11:59:58 -0700 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <20040105185740.36564.qmail@web14303.mail.yahoo.com> References: <20040105185740.36564.qmail@web14303.mail.yahoo.com> Message-ID: <3FF9B42E.6010706@att.net> Chris Shiflett wrote: > --- John Lacey wrote: > >>>There are also two different opinions on this: >>> >>>1. Perform htmlentities() prior to storage. >>>2. Perform htmlentities() prior to display. >>> >>>The first can be better if you must display data in HTML very often. >>>Rather than perform htmlentities() every time, you can just pull >>>straight from the database. >> >>FWIW, I believe data should be "display-agnostic" for want >>of a better term. Keeping it "raw" is, in my opinion, the >>way to handle stored data. > > > Yes, and this is why some people argue for case 2. However, believe me > when I tell you that once you are having to fetch and display this data > millions of times a day, you might find yourself being a bit more > open-minded. :-) > > I think it's best to choose whichever approach is appropriate for the > situation. The nice thing about 30+ years in the computer business is that I don't feel I have to be right all the time. J From dcech at phpwerx.net Mon Jan 5 14:00:11 2004 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 05 Jan 2004 14:00:11 -0500 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <20040105184716.96801.qmail@web14309.mail.yahoo.com> References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> Message-ID: <3FF9B43B.10601@phpwerx.net> Chris Shiflett wrote: > --- Emmanuel D?carie wrote: > >>(1) "Best Practice: Do not use the function addslashes but, instead, >>use a function that is specific to your database." >> >>Could the tutorial elaborate a little bit more on this? > > First of all, this looks to be another great phundamentals article. I > really like this series (or whatever you want to call it). > > I agree with Emmanuel that some elaboration would be useful here. Whenever > a best practice is seldom followed, a very clear justification can be a > great thing. Being right and convincing someone else that you're right are > often very different things. :-) See my reply, I am sure jeff is working on a little clarification as I type this... >>(2) htmlentities/htmlspecialchars >> >>I think the tutorial should insist that the best practice is not using >>these functions on data that you want to *insert* in a database. > > More elaboration in general might be good. I would consider these > functions the "least you can do" when you're displaying potentially > tainted data to the user. If you're not displaying data, htmlentities() > probably isn't going to offer you the type of protection you seek. > > There are also two different opinions on this: > > 1. Perform htmlentities() prior to storage. > 2. Perform htmlentities() prior to display. > > The first can be better if you must display data in HTML very often. > Rather than perform htmlentities() every time, you can just pull straight > from the database. The only advantage to this method is the speed increase, you still need to use addslashes, it takes up more space in the database, and it is only useful if you will only ever be outputting HTML. > The second is usually best if you have other uses for the data besides > displaying it in HTML. It is also best if your security model revolves > around cleaning up data the moment it enters into your application. This > can be a good approach in terms of keeping things simple for your > developers. This is the recommended procedure. For the vast majority of scripts the speed difference is negligible, especially when the added overhead in retrieving the html encoded data from the database is taken into account. > The best thing to do in general would be to validate your data according > to exactly what it is supposed to be. I'm not creative enough to think of > a way to inject some XSS that subverts htmlentities(), but it seems like > something that might be possible. Also, adhering to strong security > practices is a good idea in general, since such things can potentially > protect you from attacks that you're not even aware of. htmlentities is designed to prevent ANY characters which have special meaning in HTML from being inserted without conversion. The only way you could 'subvert' it in a document would be to exploit a bug in the function itself (ie a character which it does not convert. I would very much doubt if this is even possible). You are absolutely correct though that any data submitted by a user should be subject to some form of error checking/cleaning before it it used for any purpose. Dan >>PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and >>wanted 'conspicuously' instead. > > Probably because conspicously is not a word. :-) > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security Handbook > Coming mid-2004 > HTTP Developer's Handbook > http://httphandbook.org/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Mon Jan 5 14:26:40 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 05 Jan 2004 14:26:40 -0500 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <3FF9B43B.10601@phpwerx.net> References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> <3FF9B43B.10601@phpwerx.net> Message-ID: <3FF9BA70.2080200@optonline.net> >> Being right and convincing someone else that you're right >> are >> often very different things." Absolutely right! (No sarcasm intended!) Just a general clarification to all concerning the "PHundamentals." First, the general philosophy is to offer what the NYPHP community believes is "best practice." Of course, there are always exceptions to any rule depending on circumstance. However, we're trying to create some rules so that when you *do* have to break a rule...you know what rule you are violating. Second, each article goes through a "beta phase" (see the note that appears at the bottom of the article) and this type of discussion is exactly what is needed to make sure that the final version addresses the majority of concerns. Jeff Siegel Dan Cech wrote: > Chris Shiflett wrote: > >> --- Emmanuel D?carie wrote: >> >>> (1) "Best Practice: Do not use the function addslashes but, instead, >>> use a function that is specific to your database." >>> >>> Could the tutorial elaborate a little bit more on this? >> >> >> First of all, this looks to be another great phundamentals article. I >> really like this series (or whatever you want to call it). >> >> I agree with Emmanuel that some elaboration would be useful here. >> Whenever >> a best practice is seldom followed, a very clear justification can be a >> great thing. Being right and convincing someone else that you're right >> are >> often very different things. :-) > > > See my reply, I am sure jeff is working on a little clarification as I > type this... > >>> (2) htmlentities/htmlspecialchars >>> >>> I think the tutorial should insist that the best practice is not using >>> these functions on data that you want to *insert* in a database. >> >> >> More elaboration in general might be good. I would consider these >> functions the "least you can do" when you're displaying potentially >> tainted data to the user. If you're not displaying data, htmlentities() >> probably isn't going to offer you the type of protection you seek. >> >> There are also two different opinions on this: >> >> 1. Perform htmlentities() prior to storage. >> 2. Perform htmlentities() prior to display. >> >> The first can be better if you must display data in HTML very often. >> Rather than perform htmlentities() every time, you can just pull straight >> from the database. > > > The only advantage to this method is the speed increase, you still need > to use addslashes, it takes up more space in the database, and it is > only useful if you will only ever be outputting HTML. > >> The second is usually best if you have other uses for the data besides >> displaying it in HTML. It is also best if your security model revolves >> around cleaning up data the moment it enters into your application. This >> can be a good approach in terms of keeping things simple for your >> developers. > > > This is the recommended procedure. For the vast majority of scripts the > speed difference is negligible, especially when the added overhead in > retrieving the html encoded data from the database is taken into account. > >> The best thing to do in general would be to validate your data according >> to exactly what it is supposed to be. I'm not creative enough to think of >> a way to inject some XSS that subverts htmlentities(), but it seems like >> something that might be possible. Also, adhering to strong security >> practices is a good idea in general, since such things can potentially >> protect you from attacks that you're not even aware of. > > > htmlentities is designed to prevent ANY characters which have special > meaning in HTML from being inserted without conversion. The only way > you could 'subvert' it in a document would be to exploit a bug in the > function itself (ie a character which it does not convert. I would very > much doubt if this is even possible). > > You are absolutely correct though that any data submitted by a user > should be subject to some form of error checking/cleaning before it it > used for any purpose. > > Dan > >>> PS: My spell checker (Grammarian/OS X) flagged 'conspicously' and >>> wanted 'conspicuously' instead. >> >> >> Probably because conspicously is not a word. :-) >> >> Chris >> >> ===== >> Chris Shiflett - http://shiflett.org/ >> >> PHP Security Handbook >> Coming mid-2004 >> HTTP Developer's Handbook >> http://httphandbook.org/ >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From adam at trachtenberg.com Mon Jan 5 14:30:27 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Mon, 5 Jan 2004 14:30:27 -0500 (EST) Subject: [nycphp-talk] an old thread on a proposed function for PHP In-Reply-To: <002e01c3d3bd$3871fd20$bf8d3818@oberon1> References: <002e01c3d3bd$3871fd20$bf8d3818@oberon1> Message-ID: On Mon, 5 Jan 2004, Tim Gales wrote: > Nevertheless it would seem that they would still > care about the language. They do care about the language, it's just their motivations aren't necessarily aligned with users of the language. Nor do they necessarily understand what many users are trying to do with PHP. > If a proposed function is useless and adds > bloat, why put it in PHP 5? I can replicate the majority of the functions in PHP using more low level functions and operators, but that doesn't mean those functions are useless and bloated. In this case, I think it makes perfect sense to have file_put_contents() if there's a file_get_contents(). Also, why would you want to subject people to C/Unix's fopen(), fwrite(), and fclose() when all they want to do is save stuff? That seems horribly tortured. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From shiflett at php.net Mon Jan 5 14:36:38 2004 From: shiflett at php.net (Chris Shiflett) Date: Mon, 5 Jan 2004 11:36:38 -0800 (PST) Subject: [nycphp-talk] an old thread on a proposed function for PHP In-Reply-To: Message-ID: <20040105193638.99912.qmail@web14306.mail.yahoo.com> --- Adam Maccabee Trachtenberg wrote: > I can replicate the majority of the functions in PHP using more low > level functions and operators, but that doesn't mean those functions > are useless and bloated. > > In this case, I think it makes perfect sense to have > file_put_contents() if there's a file_get_contents(). > > Also, why would you want to subject people to C/Unix's fopen(), > fwrite(), and fclose() when all they want to do is save stuff? That > seems horribly tortured. I agree on all points, and I'm a big fan of stuff like file_get_contents(). In fact, I think there should be a mysql_connect_and_then_query_and_then_fetch_array() function. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jeffknight at mac.com Mon Jan 5 14:46:13 2004 From: jeffknight at mac.com (PUTAMARE) Date: Mon, 5 Jan 2004 14:46:13 -0500 Subject: [nycphp-talk] an old thread on a proposed function for PHP In-Reply-To: <20040105193638.99912.qmail@web14306.mail.yahoo.com> References: <20040105193638.99912.qmail@web14306.mail.yahoo.com> Message-ID: I'm waiting for the generate_billing() function and the what I'm sure to be wildly popular extract_cash_from_deadbeats(). On Jan 5, 2004, at 2:36 PM, Chris Shiflett wrote: > I agree on all points, and I'm a big fan of stuff like > file_get_contents(). In fact, I think there should be a > mysql_connect_and_then_query_and_then_fetch_array() function. :-) Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From jsiegel1 at optonline.net Mon Jan 5 14:50:06 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 05 Jan 2004 14:50:06 -0500 Subject: [nycphp-talk] an old thread on a proposed function for PHP In-Reply-To: <20040105193638.99912.qmail@web14306.mail.yahoo.com> References: <20040105193638.99912.qmail@web14306.mail.yahoo.com> Message-ID: <3FF9BFEE.8070100@optonline.net> > I think there should be a > mysql_connect_and_then_query_and_then_fetch_array() function. Could that be shortened to mysql_kvetch? ;) Jeff Siegel Chris Shiflett wrote: > --- Adam Maccabee Trachtenberg wrote: > >>I can replicate the majority of the functions in PHP using more low >>level functions and operators, but that doesn't mean those functions >>are useless and bloated. >> >>In this case, I think it makes perfect sense to have >>file_put_contents() if there's a file_get_contents(). >> >>Also, why would you want to subject people to C/Unix's fopen(), >>fwrite(), and fclose() when all they want to do is save stuff? That >>seems horribly tortured. > > > I agree on all points, and I'm a big fan of stuff like > file_get_contents(). In fact, I think there should be a > mysql_connect_and_then_query_and_then_fetch_array() function. :-) > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security Handbook > Coming mid-2004 > HTTP Developer's Handbook > http://httphandbook.org/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Mon Jan 5 15:29:29 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 5 Jan 2004 15:29:29 -0500 Subject: [nycphp-talk] an old thread on a proposed function for PHP In-Reply-To: Message-ID: <003501c3d3ca$a02798f0$bf8d3818@oberon1> Adam Trachtenberg wrote: " I can replicate the majority of the functions in PHP using more low level functions and operators, but that doesn't mean those functions are useless and bloated." The bloat stuff I was referring to was: " Oh, come on. Put it into a utility library; this does not belong into the core of PHP. Or is your argument "we already have so much bloat, a bit more is ok, too"? - Sascha " from: http://www.zend.com/lists/php-dev/200302/msg00551.html Rasmus agreed (at least at one time) as previously noted that the function was useless. "I do agree with Sascha that file_put_contents() as it is currently proposed is useless. People aren't currently writing inefficient code to emulate this behaviour so we aren't fixing a file/implode fiasco here. We do not need a core function to replace fopen(); fputs(); fclose()." see: http://www.zend.com/lists/php-dev/200302/msg00559.html It seemed to me that the function hadn't changed from the way it was proposed. I don't know maybe they just changed their minds. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From webapprentice at mail.com Mon Jan 5 23:15:35 2004 From: webapprentice at mail.com (Webapprentice .) Date: Mon, 05 Jan 2004 23:15:35 -0500 Subject: [nycphp-talk] How do I evaluate variables in a heredoc? Message-ID: <20040106041535.10756.qmail@mail.com> Hi, I'm trying to print out the contents of the $errorMessage array in this heredoc, but if I don't put the double quotes around the variable, PHP gives me an error. If I use the double quotes and the variable happens to be empty, I get "" in the page, which is not what I want. How do I fix this? Thanks, Stephen echo <<< UPLOADFORM
Name: "$errorMessage[username]"
Email Address: "$errorMessage[email]"
Soundtrack Title: "$errorMessage[title]"
Composed by: "$errorMessage[composer]"
Arranged by: "$errorMessage[arranger]"
Publisher: "$errorMessage[publisher]"
Catalog Number: "$errorMessage[catalognumber]"
CD Info: "$errorMessage[cdinfo]"
Release Date: "$errorMessage[releasedate]"
Disc Time: "$errorMessage[disctime]"
Tracklist: "$errorMessage[tracklist]"
Translation by: "$errorMessage[translator]"
Front CD Cover Image (BMP, JPG, or GIF): "$errorMessage[frontimage]"
Rear CD Cover Image (BMP, JPG, or GIF): "$errorMessage[rearimage]"
UPLOADFORM; -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From webapprentice at mail.com Mon Jan 5 23:25:13 2004 From: webapprentice at mail.com (Webapprentice .) Date: Mon, 05 Jan 2004 23:25:13 -0500 Subject: [nycphp-talk] Re: Evaluating variables in a heredoc (Found answer) Message-ID: <20040106042513.22829.qmail@mail.com> I made a mistake. I noticed that in order to evaluate variables, I have to use them without any additional quotes. So if I'm dealing with an array, I have t remove the internal quotes. I originally had $errorMessage["username"] and PHP was complaining about that format. I presume this is the way it is supposed to work. Sorry about that. --Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From dcech at phpwerx.net Mon Jan 5 23:30:42 2004 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 05 Jan 2004 23:30:42 -0500 Subject: [nycphp-talk] How do I evaluate variables in a heredoc? In-Reply-To: <20040106041535.10756.qmail@mail.com> References: <20040106041535.10756.qmail@mail.com> Message-ID: <3FFA39F2.6090302@phpwerx.net> You need to use curly braces in this case, and you should be quoting your array keys. For Example: Name: {$errorMessage['username']} That should solve your problem. A better way may be be to use a loop: echo '
' . "\n"; $fields = array ( 'username' => array ( 'title' => 'Name', 'field' => '' ), 'email' => array ( 'title' => 'Email Address', 'field' => '' ) ); echo '' . "\n"; foreach ( $fields as $field_id => $field ) { echo '' . "\n"; } echo '
' . $field['name'] . ':' . $field['field'] . ' ' . $errorMessage[$field_id] . '
' . "\n"; echo '
' . "\n"; This makes it very easy to add extra fields, or change format of the HTML. Dan Webapprentice . wrote: > Hi, > I'm trying to print out the contents of the $errorMessage array in this heredoc, but if I don't put the double quotes around the variable, PHP gives me an error. If I use the double quotes and the variable happens to be empty, I get "" in the page, which is not what I want. > > How do I fix this? > > Thanks, > Stephen > > echo <<< UPLOADFORM >
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
Name: "$errorMessage[username]"
Email Address: "$errorMessage[email]"
Soundtrack Title: "$errorMessage[title]"
Composed by: "$errorMessage[composer]"
Arranged by: "$errorMessage[arranger]"
Publisher: "$errorMessage[publisher]"
Catalog Number: "$errorMessage[catalognumber]"
CD Info: "$errorMessage[cdinfo]"
Release Date: "$errorMessage[releasedate]"
Disc Time: "$errorMessage[disctime]"
Tracklist: "$errorMessage[tracklist]"
Translation by: "$errorMessage[translator]"
Front CD Cover Image (BMP, JPG, or GIF): "$errorMessage[frontimage]"
Rear CD Cover Image (BMP, JPG, or GIF): "$errorMessage[rearimage]"
>
> UPLOADFORM; From dcech at phpwerx.net Tue Jan 6 00:03:22 2004 From: dcech at phpwerx.net (Dan Cech) Date: Tue, 06 Jan 2004 00:03:22 -0500 Subject: [nycphp-talk] Re: Evaluating variables in a heredoc (Found answer) In-Reply-To: <20040106042513.22829.qmail@mail.com> References: <20040106042513.22829.qmail@mail.com> Message-ID: <3FFA419A.2010708@phpwerx.net> Using this syntax will work for simple arrays, but it is generally preferable to use the curly brackets syntax, as it will also work with object variables, etc. You can read more here: http://www.php.net/types.string Dan Webapprentice . wrote: > I made a mistake. I noticed that in order to evaluate variables, I have to use them without any additional quotes. So if I'm dealing with an array, I have t remove the internal quotes. > > I originally had $errorMessage["username"] and PHP was complaining about that format. > > I presume this is the way it is supposed to work. > > Sorry about that. > > --Stephen From xml at aumcomputers.com Tue Jan 6 05:32:04 2004 From: xml at aumcomputers.com (Anirudh Zala) Date: Tue, 6 Jan 2004 16:02:04 +0530 Subject: [nycphp-talk] Re: File Uploading Permission Problem (solved) References: <20040103182142.68764.qmail@mail.com> Message-ID: <01d501c3d440$54be77f0$0164a8c0@aum1> This is not good to keep 777 permission to your images (or any other file) as it is hazardous and can cause severe problem if someone can access your file system. Assigning permission 777 to any file may eliminate your problem temporarily but eventually not suitable to carry on solving your problems with this permission. Try to assing appropriate permission to your files which is actually required and can keep them safe from being deleted or misused. Read artilces about securiy and file permission on any good PHP site or contact your server administrator for more information. Anirudh Zala ----- Original Message ----- From: "Webapprentice ." To: Sent: Saturday, 03 January, 2004 11:51 PM Subject: [nycphp-talk] Re: File Uploading Permission Problem (solved) > I changed the permission of the target directory to 777, and the file was able to move successfully. That was the problem. > > Good thing I didn't have to contact the host to resolve this. > > Thanks, Dan. > > >>>>Message: 12 > Date: Sat, 03 Jan 2004 00:13:43 -0500 > From: Dan Cech > > Subject: Re: [nycphp-talk] File uploading: When PHP doesn't have > permission to > > It sounds like you do have a permissions problem. > > You will need to make sure that the webserver process (usually > www-data > for apache) has permissions to write to the directory where you want > to > put the uploaded file. > > A simple test is to create a new directory and set permissions to > rwxrwxrwx (chmod 777), then try to move the file there. If it works > then you know what your problem is. > > As for fixing the permissions, you are going to have to figure out a > setting which gives the webserver the access it needs, without > causing > any security problems. There are several different ways to do it, > one > method is to set the group of the directory to www-data and use the > group permission setting to control the access you want to give to > php. > > Hope this helps, > > Dan<<<<<<< > -- > ___________________________________________________________ > Sign-up for Ads Free at Mail.com > http://promo.mail.com/adsfreejump.htm > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Tue Jan 6 07:59:34 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 06 Jan 2004 07:59:34 -0500 Subject: [nycphp-talk] Revised PHundamentals article Message-ID: <3FFAB136.3010103@optonline.net> A revised version of the PHundamentals article "Functions for Storing Data Submitted From a Form and Displaying Data from a Database" has been posted. See: http://phundamentals.nyphp.org/PH_storingretrieving.php Jeff Siegel/Michael Southwell -PHundamentals Team From dmintz at davidmintz.org Tue Jan 6 10:41:05 2004 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 6 Jan 2004 10:41:05 -0500 (EST) Subject: [nycphp-talk] an old thread on a proposed function for PHP In-Reply-To: References: <20040105193638.99912.qmail@web14306.mail.yahoo.com> Message-ID: On Mon, 5 Jan 2004, PUTAMARE wrote: > I'm waiting for the generate_billing() function and the what I'm sure > to be wildly popular extract_cash_from_deadbeats(). ...which takes an array of scumbags as argument and returns a wad of cash on success -- ooh, I like it. It would be nice if it took an optional callback (e.g.,break_their_legs()) to be called on failure. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From dmintz at davidmintz.org Tue Jan 6 11:55:40 2004 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 6 Jan 2004 11:55:40 -0500 (EST) Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <3FF9BA70.2080200@optonline.net> References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> <3FF9B43B.10601@phpwerx.net> <3FF9BA70.2080200@optonline.net> Message-ID: If the comment period isn't over yet, I have $.02. You might mention that if you happen to be using PEAR DB library, you might as well use quote(), or prepare() and execute(), which take care of correctly quoting the values represented by ? in parameterized SQL statements. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jsiegel1 at optonline.net Tue Jan 6 12:18:43 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 06 Jan 2004 12:18:43 -0500 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> <3FF9B43B.10601@phpwerx.net> <3FF9BA70.2080200@optonline.net> Message-ID: <3FFAEDF3.8080103@optonline.net> Sorry...comment period ended 5 minutes ago. ;) Jeff P.S. Since I don't use PEAR, the question is, which one of the functions are used for escaping data? All three? Since the major focus is on MySQL, is there one that is MySQL-specific? David Mintz wrote: > If the comment period isn't over yet, I have $.02. > > You might mention that if you happen to be using PEAR DB library, you > might as well use quote(), or prepare() and execute(), which take care of > correctly quoting the values represented by ? in parameterized SQL > statements. > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dcech at phpwerx.net Tue Jan 6 12:39:09 2004 From: dcech at phpwerx.net (Dan Cech) Date: Tue, 06 Jan 2004 12:39:09 -0500 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <3FFAEDF3.8080103@optonline.net> References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> <3FF9B43B.10601@phpwerx.net> <3FF9BA70.2080200@optonline.net> <3FFAEDF3.8080103@optonline.net> Message-ID: <3FFAF2BD.3070306@phpwerx.net> In PEAR the closest 'equivalent' is probably quote (), the other 2 functions are much more powerful tools. The same goes for ADODB, you can use qstr () or the PEAR compatible quote (). One thing to note about these functions is that they will not only escape the strings but will quote them as well. The beauty of them is that they are smart enough to determine what needs to be done for the particular database, so you don't need to worry about them being MySQL/PostgreSQL/etc specific. Dan Jeff Siegel wrote: > Sorry...comment period ended 5 minutes ago. ;) > > Jeff > P.S. Since I don't use PEAR, the question is, which one of the functions > are used for escaping data? All three? Since the major focus is on > MySQL, is there one that is MySQL-specific? > > David Mintz wrote: > >> If the comment period isn't over yet, I have $.02. >> >> You might mention that if you happen to be using PEAR DB library, you >> might as well use quote(), or prepare() and execute(), which take care of >> correctly quoting the values represented by ? in parameterized SQL >> statements. >> >> >> --- >> David Mintz >> http://davidmintz.org/ >> >> "Anybody else got a problem with Webistics?" -- Sopranos 24:17 >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > From dmintz at davidmintz.org Tue Jan 6 12:47:08 2004 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 6 Jan 2004 12:47:08 -0500 (EST) Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: <3FFAEDF3.8080103@optonline.net> References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> <3FF9B43B.10601@phpwerx.net> <3FF9BA70.2080200@optonline.net> <3FFAEDF3.8080103@optonline.net> Message-ID: DB::quote() (and I quote) "[q]uotes a string database-dependent, so it can be safely used in a query." They mean, it quotes it correctly for the backend db that you connected to when you called connect() and got a $db object. They further say the currently supported database backends are MySQL, PostgreSQL, InterBase, Mini SQL, Microsoft SQL Server, Oracle 7/8/8i, ODBC (Open Database Connectivity), SyBase, Informix, FrontBase. prepare() and execute() perform more or less comparably to their counterparts in JDBC and Perl DBI. http://pear.php.net/manual/en/package.database.db.intro-execute.php On Tue, 6 Jan 2004, Jeff Siegel wrote: > P.S. Since I don't use PEAR, the question is, which one of the functions > are used for escaping data? All three? Since the major focus is on > MySQL, is there one that is MySQL-specific? > > David Mintz wrote: > > > If the comment period isn't over yet, I have $.02. > > > > You might mention that if you happen to be using PEAR DB library, you > > might as well use quote(), or prepare() and execute(), which take care of > > correctly quoting the values represented by ? in parameterized SQL > > statements. > > > > > > --- > > David Mintz > > http://davidmintz.org/ > > > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From danielc at analysisandsolutions.com Tue Jan 6 13:22:19 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 6 Jan 2004 13:22:19 -0500 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> <3FF9B43B.10601@phpwerx.net> <3FF9BA70.2080200@optonline.net> <3FFAEDF3.8080103@optonline.net> Message-ID: <20040106182218.GA29647@panix.com> Hi Folks: On Tue, Jan 06, 2004 at 12:47:08PM -0500, David Mintz wrote: > > DB::quote() (and I quote) "[q]uotes a string database-dependent, so it can > be safely used in a query." They mean, it quotes it correctly for the > backend db that you connected to when you called connect() and got a $db > object. They further say the currently supported database backends are > MySQL, PostgreSQL, InterBase, Mini SQL, Microsoft SQL Server, Oracle > 7/8/8i, ODBC (Open Database Connectivity), SyBase, Informix, FrontBase. I'm now maintaining PEAR DB. Exactly what quote() -- and potentiall new similar methods -- is going to do is under discussion. The last release has different behaviors for different databases. While all db's get the string escaped, some db's return everything quoted (with "'" around them) while numeric _strings_ and/or _variables_ passed to the method may or may not get quotes around them. Under MySQL, ODBC, PostgreSQL full magic was in effect based on the PHP data type of the variable passed to the method. I've committed several changes to apply this behavior to most backends. This raised cackles from some about forward compatibility and too much magic, so the final behavior has yet to be determined. I'm leaning to having all of them do the magic and have the same default behavior without creating yet another method. We'll see... --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From jsiegel1 at optonline.net Tue Jan 6 13:30:52 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 06 Jan 2004 13:30:52 -0500 Subject: [nycphp-talk] Re: New PHundamentals Article In-Reply-To: References: <20040105184716.96801.qmail@web14309.mail.yahoo.com> <3FF9B43B.10601@phpwerx.net> <3FF9BA70.2080200@optonline.net> <3FFAEDF3.8080103@optonline.net> Message-ID: <3FFAFEDC.5020802@optonline.net> Change was made. David Mintz wrote: > > DB::quote() (and I quote) "[q]uotes a string database-dependent, so it can > be safely used in a query." They mean, it quotes it correctly for the > backend db that you connected to when you called connect() and got a $db > object. They further say the currently supported database backends are > MySQL, PostgreSQL, InterBase, Mini SQL, Microsoft SQL Server, Oracle > 7/8/8i, ODBC (Open Database Connectivity), SyBase, Informix, FrontBase. > > prepare() and execute() perform more or less comparably to their > counterparts in JDBC and Perl DBI. > http://pear.php.net/manual/en/package.database.db.intro-execute.php > > On Tue, 6 Jan 2004, Jeff Siegel wrote: > > >>P.S. Since I don't use PEAR, the question is, which one of the functions >>are used for escaping data? All three? Since the major focus is on >>MySQL, is there one that is MySQL-specific? >> >>David Mintz wrote: >> >> >>>If the comment period isn't over yet, I have $.02. >>> >>>You might mention that if you happen to be using PEAR DB library, you >>>might as well use quote(), or prepare() and execute(), which take care of >>>correctly quoting the values represented by ? in parameterized SQL >>>statements. >>> >>> >>>--- >>>David Mintz >>>http://davidmintz.org/ >>> >>> "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From nyphp at enobrev.com Tue Jan 6 14:00:36 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Tue, 6 Jan 2004 14:00:36 -0500 Subject: [nycphp-talk] Form Generation and Processing Message-ID: Now that I'm finally back to work, I've taken a look at my framework and decided to take it all apart and put it back together again for the 1500th time. I figure some of you can relate (humor my sanity). My latest idea for an addition came to me from a recent project. I work with a few very talented designers and I want to give them as much control over the forms as possible on the site. I personally avoid template systems and just go the php var route, and try my very BEST to keep the absolute minimum of php code inside the html (besides vars and basic conditionals). What I ended up doing for the form was set it all up in html and created a class (super basic now while testing the idea - no error checkingor anyhting yet) for setting the values of the form fields. I'll be using ADOdb, so for new forms, I grab all the field's default values from the db. For edit/update forms, I grab the record's data, and for errors, I replace the form values array with the $_REQUEST array. So I give the designer a list of form fields and he puts them where he wants. The 'save' script uses adodb's update and insert functions to update only the form values passed, which essentially allows the designer to remove form fields as they please. Working example: http://www.enobrev.com/form/index.php Code of example: http://www.enobrev.com/form/index_code.php Code for basic class, thrown together for testing the idea (in otherwords, just an idea): http://www.enobrev.com/form/class_code.php So am I completely insane in thinking a designer would understand adding vars like that to their html? I know I should ask them and I plan to as I figure out how it will all work, but I'm also asking you guys as professionals about what you think of the idea of form control without actaully controlling the form output, only the names and values (and optionally the options of a select). I've seen lots of classes which generate the actual form inputs / selects and what not, and I figured that best left to the designer. That's what they do. I figured controlling the names and values of the fields (including checked/selected), was all that was really required. AND possibly control the labels as well, but that's NOT mandatory and strictly in case of error for added formatting (for the designer to control via cms maybe?). So um.. does doing it this way make sense? I ask as my time is short in general and I'd hate to put a few weeks into an idea that's been tried thousands of times and failed. Thanks! Mark ny -------------- next part -------------- An HTML attachment was scrubbed... URL: From webapprentice at mail.com Wed Jan 7 00:24:53 2004 From: webapprentice at mail.com (Webapprentice .) Date: Wed, 07 Jan 2004 00:24:53 -0500 Subject: [nycphp-talk] Re: File uploading - File Permission Message-ID: <20040107052453.51837.qmail@mail.com> What about if I change it to 666? I need to be able to write the file to a target directory after I move it out of /var/tmp (where PHP keeps uploaded files temporarily) I took the precaution of creating the target directory in a place NOT in public_html. That way, a user couldn't attempt to access the file via URL. I also check the file extension to make sure it ends in .bmp, .jpg, or .gif. I was under the impression that in order to execute PHP, Perl code, the server has to recognize the extension. --Stephen >>>>>>>>Date: Tue, 6 Jan 2004 16:02:04 +0530 From: "Anirudh Zala" Subject: Re: [nycphp-talk] Re: File Uploading Permission Problem (solved) To: "NYPHP Talk" Message-ID: <01d501c3d440$54be77f0$0164a8c0 at aum1> Content-Type: text/plain; charset="iso-8859-1" This is not good to keep 777 permission to your images (or any other file) as it is hazardous and can cause severe problem if someone can access your file system. Assigning permission 777 to any file may eliminate your problem temporarily but eventually not suitable to carry on solving your problems with this permission. Try to assing appropriate permission to your files which is actually required and can keep them safe from being deleted or misused. Read artilces about securiy and file permission on any good PHP site or contact your server administrator for more information. Anirudh Zala<<<< -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From webapprentice at mail.com Wed Jan 7 00:28:51 2004 From: webapprentice at mail.com (Webapprentice .) Date: Wed, 07 Jan 2004 00:28:51 -0500 Subject: [nycphp-talk] Re: Evaluating variables in a heredoc (Curly Braces) Message-ID: <20040107052851.55715.qmail@mail.com> Dan, Thanks for the link. I vague remember the curly braces also used in Perl, but it's been a while since I used Perl. It's going to have to come back to me slowly and probably painfully. heh --Stephen >>>> Date: Tue, 06 Jan 2004 00:03:22 -0500 From: Dan Cech Subject: Re: [nycphp-talk] Re: Evaluating variables in a heredoc (Found answer) To: NYPHP Talk Message-ID: <3FFA419A.2010708 at phpwerx.net> Content-Type: text/plain; charset=us-ascii; format=flowed Using this syntax will work for simple arrays, but it is generally preferable to use the curly brackets syntax, as it will also work with object variables, etc. You can read more here: http://www.php.net/types.string Dan<<<< -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From jsiegel1 at optonline.net Wed Jan 7 07:01:48 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 07 Jan 2004 07:01:48 -0500 Subject: [nycphp-talk] Re: Evaluating variables in a heredoc (Curly Braces) In-Reply-To: <20040107052851.55715.qmail@mail.com> References: <20040107052851.55715.qmail@mail.com> Message-ID: <3FFBF52C.5050702@optonline.net> FYI: The "PHP Cookbook" has a nice little piece on this stuff. (See: http://phundamentals.nyphp.org/PH_bookrecommendations.php ) Jeff Siegel Webapprentice . wrote: > Dan, > Thanks for the link. I vague remember the curly braces also used in Perl, but it's been a while since I used Perl. It's going to have to come back to me slowly and probably painfully. heh > > --Stephen > > > > Date: Tue, 06 Jan 2004 00:03:22 -0500 > From: Dan Cech > > Subject: Re: [nycphp-talk] Re: Evaluating variables in a heredoc (Found > answer) > To: NYPHP Talk > > Message-ID: <3FFA419A.2010708 at phpwerx.net> > > Content-Type: text/plain; charset=us-ascii; format=flowed > > Using this syntax will work for simple arrays, but it is generally > preferable to use the curly brackets syntax, as it will also work > with > object variables, etc. > > You can read more here: http://www.php.net/types.string > > Dan<<<< -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From agfische at email.smith.edu Wed Jan 7 08:56:03 2004 From: agfische at email.smith.edu (Aaron Fischer) Date: Wed, 7 Jan 2004 08:56:03 -0500 Subject: [nycphp-talk] free webspace, dns, email In-Reply-To: <3FFBD33A.7000907@mlug.missouri.edu> References: <3FFBD33A.7000907@mlug.missouri.edu> Message-ID: <3B3A8A5E-4119-11D8-9A15-0003930D07F2@email.smith.edu> I have come across this offer as well. However, on step two of three I noticed a mention of potential account set-up fees, service fees and domain service fess. Their text indicates that the details of these fees can be found on their site but I have not been able to find them. They have not returned my email asking about the location of the fee descriptions, which is a little curious as my previous requests for information were responded to quite promptly. Thought that might be a little helpful for folks to here. I'll post later if there are further developments. -Aaron On Jan 7, 2004, at 4:36 AM, Michael wrote: > I don't know if this has been on this list yet but it was on another > of my LUG lists and I tried it and am finding it to be a great deal. > http://1and1.com is offering 3 years of free hosting including web, > email, and dns with lots of features and they don't even ask for a > credit card or anything. I've been messing with it for about a week > and have found no catches and it is really very good. You can ssh in > to work with files, you can have multiple domains, PHP, MySQL, > multiple email accounts, 500Mb of space, generous bandwidth limits. > Worth looking at. The deal runs out in a couple days so figured I'd > mention it now. From joshmccormack at travelersdiary.com Wed Jan 7 09:03:39 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Wed, 7 Jan 2004 08:03:39 -0600 (CST) Subject: [nycphp-talk] free webspace, dns, email In-Reply-To: <3B3A8A5E-4119-11D8-9A15-0003930D07F2@email.smith.edu> Message-ID: I signed up, and haven't had to pay anything. I pointed a domain at it, have used the database and PHP, and it has been very nice so far. Here's my junky looking site if you'd like to take a look at my attempt at humor: http://www.chickenfriedchicken.com Josh On Wed, 7 Jan 2004, Aaron Fischer wrote: > I have come across this offer as well. However, on step two of three I > noticed a mention of potential account set-up fees, service fees and > domain service fess. Their text indicates that the details of these > fees can be found on their site but I have not been able to find them. > They have not returned my email asking about the location of the fee > descriptions, which is a little curious as my previous requests for > information were responded to quite promptly. Thought that might be a > little helpful for folks to here. I'll post later if there are further > developments. > > -Aaron > > On Jan 7, 2004, at 4:36 AM, Michael wrote: > > > I don't know if this has been on this list yet but it was on another > > of my LUG lists and I tried it and am finding it to be a great deal. > > http://1and1.com is offering 3 years of free hosting including web, > > email, and dns with lots of features and they don't even ask for a > > credit card or anything. I've been messing with it for about a week > > and have found no catches and it is really very good. You can ssh in > > to work with files, you can have multiple domains, PHP, MySQL, > > multiple email accounts, 500Mb of space, generous bandwidth limits. > > Worth looking at. The deal runs out in a couple days so figured I'd > > mention it now. > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Wed Jan 7 09:14:44 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 7 Jan 2004 09:14:44 -0500 Subject: [nycphp-talk] Something's Brewing at NYPHP Message-ID: <001301c3d528$99e86be0$bf8d3818@oberon1> Hello all, This is an open invitation to join the 'Tea Party' at NYPHP. (you can find out more about the 'Tea Party' by subscribing to the 'development' list at: http://lists.nyphp.org/mailman/listinfo/dev -- this is a temporary measure -- in the future all 'Tea Party' information will be available through a 'Tea Party' account ) Background info: ------------------ We need to build some infrastructure to help organize development efforts at NYPHP. The plan is to build everything from existing php open source projects. (this is a 'learn by doing' project) We will be re-factoring php 4 code as php 5 classes. (This is good chance to 'dip your toes' into working with php 5.) Contact Hans at hans at nyphp.org if you want to participate. This project is not just for PHP-rocket-scientists (although any 'rocket-scientist-types' are more than welcome), if you can spell 'PHP' you are invited to join. Some Misc. Info: ------------------- There is a rudimentary beginning at: http://paragon.nyphp.org/tea_party (click on 'System Requirements' ) http://paragon.nyphp.org/tea_party/docs/html called "Tea Party Online Project Management" It is an amalgamation of the following: Netoffice at: http://netoffice.sourceforge.net phpCollab at: http://phpcollab.sourceforge.net phpmailer at: http://phpmailer.sourceforge.net JpGraph http://www.aditus.nu/jpgraph and will have an interface to Mantis at: http://mantisbt.sourceforge.net and an interface to CVS and use mySQL as the database. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From tom at supertom.com Wed Jan 7 09:59:21 2004 From: tom at supertom.com (tom at supertom.com) Date: Wed, 07 Jan 2004 09:59:21 -0500 Subject: [nycphp-talk] free webspace, dns, email In-Reply-To: Message-ID: I signed up as well, and it has been just fine. They don't require a credit card, and using a pre-registered domain name is free. Also, there is an option the control panel to notify you (it may even be disable, I don't remember) if the costs exceed an amount - I set mine to $1.00. Not that I have been charged (or asked to pay) for anything, just thought I would pass that along. Also has traffic monitoring, and the really nice thing that it comes with is a newsletter system, which you can send out 1000 (opt-in) emails per month, plus they give you a mechanism to do adds/removes from your list. I don't have any complains so far. Tom *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of joshmccormack at travelersdiary.com Sent: Wednesday, January 07, 2004 9:04 AM To: NYPHP Talk Subject: Re: [nycphp-talk] free webspace, dns, email I signed up, and haven't had to pay anything. I pointed a domain at it, have used the database and PHP, and it has been very nice so far. Here's my junky looking site if you'd like to take a look at my attempt at humor: http://www.chickenfriedchicken.com Josh On Wed, 7 Jan 2004, Aaron Fischer wrote: > I have come across this offer as well. However, on step two of three I > noticed a mention of potential account set-up fees, service fees and > domain service fess. Their text indicates that the details of these > fees can be found on their site but I have not been able to find them. > They have not returned my email asking about the location of the fee > descriptions, which is a little curious as my previous requests for > information were responded to quite promptly. Thought that might be a > little helpful for folks to here. I'll post later if there are further > developments. > > -Aaron > > On Jan 7, 2004, at 4:36 AM, Michael wrote: > > > I don't know if this has been on this list yet but it was on another > > of my LUG lists and I tried it and am finding it to be a great deal. > > http://1and1.com is offering 3 years of free hosting including web, > > email, and dns with lots of features and they don't even ask for a > > credit card or anything. I've been messing with it for about a week > > and have found no catches and it is really very good. You can ssh in > > to work with files, you can have multiple domains, PHP, MySQL, > > multiple email accounts, 500Mb of space, generous bandwidth limits. > > Worth looking at. The deal runs out in a couple days so figured I'd > > mention it now. > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From mogmios at mlug.missouri.edu Wed Jan 7 12:17:59 2004 From: mogmios at mlug.missouri.edu (Michael) Date: Wed, 07 Jan 2004 12:17:59 -0500 Subject: [nycphp-talk] free webspace, dns, email In-Reply-To: <3B3A8A5E-4119-11D8-9A15-0003930D07F2@email.smith.edu> References: <3FFBD33A.7000907@mlug.missouri.edu> <3B3A8A5E-4119-11D8-9A15-0003930D07F2@email.smith.edu> Message-ID: <3FFC3F47.8000004@mlug.missouri.edu> > I have come across this offer as well. However, on step two of three > I noticed a mention of potential account set-up fees, service fees and > domain service fess. Their text indicates that the details of these > fees can be found on their site but I have not been able to find > them. They have not returned my email asking about the location of > the fee descriptions, which is a little curious as my previous > requests for information were responded to quite promptly. Thought > that might be a little helpful for folks to here. I'll post later if > there are further developments. I actually read through the FAQ and all of the contract before signing up and have been carefully watching it in the week or so since signing up. Yes, they have additional services they'll charge you for if you use them but they are clearly marked in the control panel and before you can use them I believe you need to submit a credit card which isn't asked for at all otherwise. Without using any of those extra services I was able to set up multiple domains I already owned for web serving and email. They give you 100 domains you can use for free, 50 email accounts, 500Mb of disk space, and 5Gb/month of bandwidth. To me those are pretty easy limits to stay inside. There was no set-up fee (waived according to the FAQ).. I'm not sure what you mean by service fee.. they do charge you a fee if you want to use them as your registar too secure a domain name but they give you one of their subdomains for free as part of the packagee and allow you to use any domains you already have for free. PHP is slightly limited (running as CGI?) but includes a lot of built-in extra modules and unless you're doing something pretty unusual (I do) I don't think you'll notice. From felix at students.poly.edu Wed Jan 7 13:11:01 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Wed, 7 Jan 2004 13:11:01 -0500 Subject: [nycphp-talk] free webspace, dns, email In-Reply-To: <3B3A8A5E-4119-11D8-9A15-0003930D07F2@email.smith.edu> References: <3FFBD33A.7000907@mlug.missouri.edu> <3B3A8A5E-4119-11D8-9A15-0003930D07F2@email.smith.edu> Message-ID: <20040107131101.68c9b1c1.felix@students.poly.edu> Notice the promotion of theirs only lasts till Jan 21 2004. This tells me they are not planning to give out millions of accounts for free just a few. They do ask for a phone number that they expect to call but still they opening themself up for some abuses. On Wed, 7 Jan 2004 08:56:03 -0500 Aaron Fischer wrote: > I have come across this offer as well. However, on step two of three > I noticed a mention of potential account set-up fees, service fees and > domain service fess. Their text indicates that the details of these > fees can be found on their site but I have not been able to find them. > > They have not returned my email asking about the location of the fee > descriptions, which is a little curious as my previous requests for > information were responded to quite promptly. Thought that might be a > little helpful for folks to here. I'll post later if there are > further developments. > > -Aaron > > On Jan 7, 2004, at 4:36 AM, Michael wrote: > > > I don't know if this has been on this list yet but it was on another > > of my LUG lists and I tried it and am finding it to be a great deal. > > http://1and1.com is offering 3 years of free hosting including web, > > email, and dns with lots of features and they don't even ask for a > > credit card or anything. I've been messing with it for about a week > > and have found no catches and it is really very good. You can ssh in > > to work with files, you can have multiple domains, PHP, MySQL, > > multiple email accounts, 500Mb of space, generous bandwidth limits. > > Worth looking at. The deal runs out in a couple days so figured I'd > > mention it now. > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From pcosta at macromedia.com Wed Jan 7 15:16:47 2004 From: pcosta at macromedia.com (Phil Costa) Date: Wed, 7 Jan 2004 12:16:47 -0800 Subject: [nycphp-talk] Talk to Macromedia about PHP Development Message-ID: Hi. I'm a product manager at Macromedia, and I'm currently doing research among PHP developers. I spoke to the list administrator and he suggested I post a note to the group. We are looking for people that DO NOT currently use Macromedia products for writing PHP code but who would be willing to discuss their work on the phone. Our goal is to better understand your needs so we can build products that make your life easier. If you would be interested, please follow the link below and provide contact information. Your name will not be added to any of our marketing databases. If you meet the criteria we're looking for, someone will contact you for an interview. The interview will take about 20 minutes and will be about how you currently work, including team interactions, tools, likes/dislikes, etc. Link: http://www.surveymonkey.com/s.asp?u=62884351405 Thanks, Philip Costa Sr. Product Manager Macromedia From tgales at tgaconnect.com Wed Jan 7 15:24:37 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 7 Jan 2004 15:24:37 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: Message-ID: <003a01c3d55c$47f5bb60$bf8d3818@oberon1> Phil Costa (product manager at Macromedia) writes: " If you meet the criteria we're looking for, someone will contact you for an interview. The interview will take about 20 minutes and will be about how you currently work, including team interactions, tools, likes/dislikes, etc..." Do we get a free update to Dreamweaver that's not awkward to use in return -- or just a chance to buy more products? T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From pcosta at macromedia.com Wed Jan 7 16:02:45 2004 From: pcosta at macromedia.com (Phil Costa) Date: Wed, 7 Jan 2004 13:02:45 -0800 Subject: [nycphp-talk] Talk to Macromedia about PHP Development Message-ID: No promises of free software (that is how we make money, after all), but if you use DW now and have suggestions we're listening. It's the best way to help us get it right, as opposed to someone else. Phil From mwithington at PLMresearch.com Wed Jan 7 15:58:59 2004 From: mwithington at PLMresearch.com (Mark Withington) Date: Wed, 7 Jan 2004 15:58:59 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development Message-ID: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5E71@network.PLMresearch.com> LOL!!!! For all your honesty and hard work spilling your guts about PHP and the open source world (thereby saving tremendous amounts of $$ on focus groups and market research) you'll receive.... The chance to buy more product (Whoopee!!) -------------------------- Mark L. Withington PLMresearch "eBusiness for the Midsize Enterprise" PO Box 1354 Plymouth, MA 02362 o: 800-310-3992 f: 508-746-4973 v: 508-746-2383 m: 508-801-0181 http://www.PLMresearch.com Netscape/AOL/MSN IM: PLMresearch mwithington at plmresearch.com Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc Calendar: http://www.plmresearch.com/calendar.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Tim Gales Sent: Wednesday, January 07, 2004 3:25 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Talk to Macromedia about PHP Development Phil Costa (product manager at Macromedia) writes: " If you meet the criteria we're looking for, someone will contact you for an interview. The interview will take about 20 minutes and will be about how you currently work, including team interactions, tools, likes/dislikes, etc..." Do we get a free update to Dreamweaver that's not awkward to use in return -- or just a chance to buy more products? T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From nyphp at websapp.com Wed Jan 7 16:01:21 2004 From: nyphp at websapp.com (Daniel Kushner) Date: Wed, 7 Jan 2004 16:01:21 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: <003a01c3d55c$47f5bb60$bf8d3818@oberon1> Message-ID: I'll give a nice discount to the Zend Studio without any surveys ;) --Daniel > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Tim Gales > Sent: Wednesday, January 07, 2004 3:25 PM > To: 'NYPHP Talk' > Subject: RE: [nycphp-talk] Talk to Macromedia about PHP Development > > > Phil Costa > (product manager at Macromedia) writes: > > " If you meet the criteria we're looking for, someone will > contact you for an interview. The interview will take about > 20 minutes and will be about how you currently work, > including team interactions, tools, likes/dislikes, etc..." > > Do we get a free update to Dreamweaver that's > not awkward to use in return -- > or just a chance to buy more products? > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Wed Jan 7 16:03:45 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 7 Jan 2004 16:03:45 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: Message-ID: <000101c3d561$bd8eeb30$bf8d3818@oberon1> Phil Costa writes: "No promises of free software (that is how we make money, after all)" No free advice (that is how I make my money, after all). T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jlacey at att.net Wed Jan 7 16:08:15 2004 From: jlacey at att.net (John Lacey) Date: Wed, 07 Jan 2004 14:08:15 -0700 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: <000101c3d561$bd8eeb30$bf8d3818@oberon1> References: <000101c3d561$bd8eeb30$bf8d3818@oberon1> Message-ID: <3FFC753F.6050601@att.net> Tim Gales wrote: > Phil Costa writes: > > "No promises of free software (that is how we make money, > after all)" > > No free advice (that is how I make my money, after all). > > T. Gales & Associates touche Tim... Macromedia's products are still, like Microsoft's, overpriced -- the last time I used UltraDev to develop an .asp website (don't ask), I couldn't believe all the crap that was thrown into their code just to do simple database r/w From mwithington at PLMresearch.com Wed Jan 7 16:14:54 2004 From: mwithington at PLMresearch.com (Mark Withington) Date: Wed, 7 Jan 2004 16:14:54 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development Message-ID: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3586A658C@network.PLMresearch.com> Touch?. Well stated. -------------------------- Mark L. Withington PLMresearch "eBusiness for the Midsize Enterprise" PO Box 1354 Plymouth, MA 02362 o: 800-310-3992 f: 508-746-4973 v: 508-746-2383 m: 508-801-0181 http://www.PLMresearch.com Netscape/AOL/MSN IM: PLMresearch mwithington at plmresearch.com Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc Calendar: http://www.plmresearch.com/calendar.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Tim Gales Sent: Wednesday, January 07, 2004 4:04 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Talk to Macromedia about PHP Development Phil Costa writes: "No promises of free software (that is how we make money, after all)" No free advice (that is how I make my money, after all). T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From shiflett at php.net Wed Jan 7 16:16:44 2004 From: shiflett at php.net (Chris Shiflett) Date: Wed, 7 Jan 2004 13:16:44 -0800 (PST) Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: <3FFC753F.6050601@att.net> Message-ID: <20040107211644.65017.qmail@web14310.mail.yahoo.com> --- John Lacey wrote: > touche Tim... Macromedia's products are still, like > Microsoft's, overpriced -- the last time I used UltraDev to > develop an .asp website (don't ask), I couldn't believe all > the crap that was thrown into their code just to do simple > database r/w I think the best way to appeal to serious programmers is to make something more like this: http://www.ultraedit.com/ CF Studio was actually quite similar to UltraEdit several years ago. Is it still around as a Macromedia product of some sort? Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jeffknight at mac.com Wed Jan 7 16:21:28 2004 From: jeffknight at mac.com (PUTAMARE) Date: Wed, 7 Jan 2004 16:21:28 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: References: Message-ID: <7516E64E-4157-11D8-B781-000393B9FB36@mac.com> Boy are they going to get an earful if they call me. I stopped using flash because actionscript just plain didn't do what it was supposed to do, and customer support was rude & ignorant. They might of fixed it since MX, but I'd paid for several iterations already and would prefer them to make what I own work before I send more good money after bad. They really seem to make their products worse with every iteration, not better. On Jan 7, 2004, at 3:16 PM, Phil Costa wrote: > Hi. > > I'm a product manager at Macromedia... Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From nyphp at enobrev.com Wed Jan 7 16:22:23 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Wed, 7 Jan 2004 16:22:23 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: <20040107211644.65017.qmail@web14310.mail.yahoo.com> Message-ID: Agreed, I have to say I seriously preferred Homesite/CF Studio, which lacked the overhead of the WYSIWYG. They seem to have been discontinued since DWMX. Can we have them back please? -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris Shiflett Sent: Wednesday, January 07, 2004 4:17 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Talk to Macromedia about PHP Development --- John Lacey wrote: > touche Tim... Macromedia's products are still, like Microsoft's, > overpriced -- the last time I used UltraDev to develop an .asp website > (don't ask), I couldn't believe all the crap that was thrown into > their code just to do simple database r/w I think the best way to appeal to serious programmers is to make something more like this: http://www.ultraedit.com/ CF Studio was actually quite similar to UltraEdit several years ago. Is it still around as a Macromedia product of some sort? Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jlacey at att.net Wed Jan 7 16:22:58 2004 From: jlacey at att.net (John Lacey) Date: Wed, 07 Jan 2004 14:22:58 -0700 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: <20040107211644.65017.qmail@web14310.mail.yahoo.com> References: <20040107211644.65017.qmail@web14310.mail.yahoo.com> Message-ID: <3FFC78B2.3040407@att.net> Chris Shiflett wrote: > I think the best way to appeal to serious programmers is to make something > more like this: http://www.ultraedit.com/ > > CF Studio was actually quite similar to UltraEdit several years ago. Is it > still around as a Macromedia product of some sort? > I know Hans mentioned he uses UltraEdit... I used Soysal's PHPed before he sold it to NuSphere And as far as Zend Studio is concerned, I use it not only because it's a great tool, but because I believe in supporting the fine folks at Zend J From dmintz at davidmintz.org Wed Jan 7 16:27:11 2004 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 7 Jan 2004 16:27:11 -0500 (EST) Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: <3FFC753F.6050601@att.net> References: <000101c3d561$bd8eeb30$bf8d3818@oberon1> <3FFC753F.6050601@att.net> Message-ID: A developer -- let's called him yours truly -- has had a nagging problem for a while. Client -- let's call her C -- has websites, hosted on a shared server, that collect sensitive info. Said info is written to a database for temporary storage -- up to a couple weeks, then wiped out via a cron job whether C has gotten around to getting it or not. C logs onto to an SSL-encrypted password-protected page to fetch info. Yours truly has made every effort to make this system as secure as possible under the circumstances -- e.g., running PHP in cgi mode and making all the permissions as restrictive as possible, using SSL, etc. However, yours truly thinks it would be better to use GPG or PGP for encryption, but C cannot be persuaded to acquire, install and start using PGP/GPG and thus keeps ~not~ providing yours truly with her public key despite numerous requests. Alternatively, yours truly thinks it might be more secure than the status quo to go straight to an online payment gateway via SSL and process the you-know-what in real time. C thinks this is unnecessary. Your truly thinks it's time to prepare a written form for C to sign, wherein she acknowledges having been advised of the risks and explicitly states she wants to do it her way anyway. What do you think? Many TIA, --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From james at surgam.net Wed Jan 7 16:35:07 2004 From: james at surgam.net (James Wetterau) Date: Wed, 07 Jan 2004 16:35:07 -0500 Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: Message from David Mintz of "Wed, 07 Jan 2004 16:27:11 EST." Message-ID: <200401072135.i07LZ7p29084@panix3.panix.com> David Mintz says: .... > However, yours truly thinks it would be better to use GPG or PGP for > encryption, but C cannot be persuaded to acquire, install and start using > PGP/GPG and thus keeps ~not~ providing yours truly with her public key > despite numerous requests. > > Alternatively, yours truly thinks it might be more secure than the status > quo to go straight to an online payment gateway via SSL and process the > you-know-what in real time. C thinks this is unnecessary. > > Your truly thinks it's time to prepare a written form for C to sign, > wherein she acknowledges having been advised of the risks and explicitly > states she wants to do it her way anyway. > > What do you think? Could Ours Truly try volunteering to C to spend the time necessary to set up GPG or PGP for her, end to end? It's possible that C is simply daunted by that task and if you take it off C's hands, she will acquiesce. From jonbaer at jonbaer.net Wed Jan 7 16:34:38 2004 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 7 Jan 2004 16:34:38 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) Message-ID: <006601c3d566$0e04ec50$6400a8c0@thinkpad> greetings ... a client is looking for a method to enable the ability where they could open an excel doc, edit on the fly, and tie the content in with a website using a template like say smarty ... i have not read much up on "smart tags" but if content was tagged in smarty like such: {home_team.name} {home_team.score} is there a dynamic way (macro, etc) to enable the content of the excel doc to be posted to a site? i had tried to convince the guy to ditch the excel so i could do it online but he is someone more comfortable w/ excel only ... what is the solution if i wanted to keep his doc and my site in sync? thanks in advance for any suggestions. - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From dmintz at davidmintz.org Wed Jan 7 16:59:24 2004 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 7 Jan 2004 16:59:24 -0500 (EST) Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: <200401072135.i07LZ7p29084@panix3.panix.com> References: <200401072135.i07LZ7p29084@panix3.panix.com> Message-ID: On Wed, 7 Jan 2004, James Wetterau wrote: > > > David Mintz says: > .... > > However, yours truly thinks it would be better to use GPG or PGP for > > encryption, but C cannot be persuaded to acquire, install and start using > > PGP/GPG and thus keeps ~not~ providing yours truly with her public key > > despite numerous requests. > > Could Ours Truly try volunteering to C to spend the time necessary to > set up GPG or PGP for her, end to end? It's possible that C is > simply daunted by that task and if you take it off C's hands, she will > acquiesce. I've thought of that but haven't proposed it -- for reasons that are basically irrelevant here -- but it's an idea worth reconsidering. Thanks. My expectation is that C will say no, not necessary -- but it might be worth a try nonetheless. For brevity's sake I omitted to mention before: C has another Geek who minds her office computer stuff for her, and according to C, Geek has declared that the status quo is OK because the page through which the sensitive data is retrieved is SSL-encrypted. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From tom at supertom.com Wed Jan 7 16:54:03 2004 From: tom at supertom.com (tom at supertom.com) Date: Wed, 07 Jan 2004 16:54:03 -0500 Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: Message-ID: David, I know you are not going to want to here this answer, but I say do NOTHING, and here's why: You are a contractor (I'm assuming), you are paid to do what you are told. What you are doing is not illegal, and you can provide documentation (I assume you have sent her email about this) that you have informed her of the risks. I see no harm in asking her to sign something, but you are not liable. I am someone who is on the other end of this, meaning that I process orders (over 100 a day) and frequently have to screen for fraudulent use of credit cards that we take over our websites. MANY times we have contacted local authorities and Credit Card Companies with proof of fraudulent use (both in the US and worldwide) of a particular card (used to purchase our products). The sad reality is that no one actually cares. Ultimately, it is the vendor of the product who will have to eat the charge. Why? Because the Vendor needs their merchant account to sell products, the customer will just get another credit card if they feel they are treated unfairly. The Credit Card companies just pressures the vendor into eating the charge, or else they get their rates raises, which can hurt business badly. Because of this, we have focused our efforts in developing checks to help insure that we don't charge (and ship products for) a misused card. So, in the eyes of the CC companies, they don't care if you are keeping cards safe of people who have purchased your products. What they really care about is false charges on one of their cards. The whole idea is turned on its head. I commend you for wanting to add security, and agree that it should be there. Personally, I think she doesn't want to upset her applecart by learning something new, and probably doesn't want to pay you for the work required to do this. How we get around this is by offering these methods as the only solution in the beginning, so the client start off immediately with these features, and they accept "that's just how it is". Good Luck, Tom *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of David Mintz Sent: Wednesday, January 07, 2004 4:27 PM To: NYPHP Talk Subject: [nycphp-talk] client doesn't want security: what to do? A developer -- let's called him yours truly -- has had a nagging problem for a while. Client -- let's call her C -- has websites, hosted on a shared server, that collect sensitive info. Said info is written to a database for temporary storage -- up to a couple weeks, then wiped out via a cron job whether C has gotten around to getting it or not. C logs onto to an SSL-encrypted password-protected page to fetch info. Yours truly has made every effort to make this system as secure as possible under the circumstances -- e.g., running PHP in cgi mode and making all the permissions as restrictive as possible, using SSL, etc. However, yours truly thinks it would be better to use GPG or PGP for encryption, but C cannot be persuaded to acquire, install and start using PGP/GPG and thus keeps ~not~ providing yours truly with her public key despite numerous requests. Alternatively, yours truly thinks it might be more secure than the status quo to go straight to an online payment gateway via SSL and process the you-know-what in real time. C thinks this is unnecessary. Your truly thinks it's time to prepare a written form for C to sign, wherein she acknowledges having been advised of the risks and explicitly states she wants to do it her way anyway. What do you think? Many TIA, --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From pcosta at macromedia.com Wed Jan 7 17:03:59 2004 From: pcosta at macromedia.com (Phil Costa) Date: Wed, 7 Jan 2004 14:03:59 -0800 Subject: [nycphp-talk] Talk to Macromedia about PHP Development Message-ID: Cf studio (now called HomeSite+) is bundled with Dreamweaver We also still sell HomeSite, which is the same editor without the SQL, debugging, and ColdFusion specific tools Phil -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Mark Armendariz Sent: Wednesday, January 07, 2004 4:22 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Talk to Macromedia about PHP Development Agreed, I have to say I seriously preferred Homesite/CF Studio, which lacked the overhead of the WYSIWYG. They seem to have been discontinued since DWMX. Can we have them back please? From felix at students.poly.edu Wed Jan 7 16:49:47 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Wed, 7 Jan 2004 16:49:47 -0500 Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: References: Message-ID: <20040107164947.74c24ae5.felix@students.poly.edu> You bring up some good points. Suppose the card numbers and the personal information are stolen and then used to make purchases with other vendors. What you saying the other vendors are the once who really get screwed at this point ? Felix > David, > > I know you are not going to want to here this answer, but I say do > NOTHING, and here's why: > > You are a contractor (I'm assuming), you are paid to do what you are > told. What you are doing is not illegal, and you can provide > documentation (I assume you have sent her email about this) that you > have informed her of the risks. I see no harm in asking her to sign > something, but you are not liable. > > I am someone who is on the other end of this, meaning that I process > orders(over 100 a day) and frequently have to screen for fraudulent > use of credit cards that we take over our websites. MANY times we > have contacted local authorities and Credit Card Companies with proof > of fraudulent use (both in the US and worldwide) of a particular card > (used to purchase our products). The sad reality is that no one > actually cares. Ultimately, it is the vendor of the product who will > have to eat the charge. Why? Because the Vendor needs their merchant > account to sell products, the customer will just get another credit > card if they feel they are treated unfairly. The Credit Card > companies just pressures the vendor into eating the charge, or else > they get their rates raises, which can hurt business badly. Because > of this, we have focused our efforts in developing checks to help > insure that we don't charge(and ship products for) a misused card. > > So, in the eyes of the CC companies, they don't care if you are > keeping cards safe of people who have purchased your products. What > they really care about is false charges on one of their cards. The > whole idea is turned on its head. > > I commend you for wanting to add security, and agree that it should be > there. Personally, I think she doesn't want to upset her applecart by > learning something new, and probably doesn't want to pay you for the > work required to do this. How we get around this is by offering these > methods as the only solution in the beginning, so the client start off > immediately with these features, and they accept "that's just how it > is". > > Good Luck, > > Tom > > > > > > *************************************************** > What's Tom listening to right now? Find out here: > http://www.supertom.com/current_track.php > > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of David Mintz > Sent: Wednesday, January 07, 2004 4:27 PM > To: NYPHP Talk > Subject: [nycphp-talk] client doesn't want security: what to do? > > > > A developer -- let's called him yours truly -- has had a nagging > problem for a while. Client -- let's call her C -- has websites, > hosted on a shared server, that collect sensitive info. Said info is > written to a database for temporary storage -- up to a couple weeks, > then wiped out via a cron job whether C has gotten around to getting > it or not. C logs onto to an SSL-encrypted password-protected page to > fetch info. Yours truly has made every effort to make this system as > secure as possible under the circumstances -- e.g., running PHP in cgi > mode and making all the permissions as restrictive as possible, using > SSL, etc. > > However, yours truly thinks it would be better to use GPG or PGP for > encryption, but C cannot be persuaded to acquire, install and start > using PGP/GPG and thus keeps ~not~ providing yours truly with her > public key despite numerous requests. > > Alternatively, yours truly thinks it might be more secure than the > status quo to go straight to an online payment gateway via SSL and > process the you-know-what in real time. C thinks this is unnecessary. > > Your truly thinks it's time to prepare a written form for C to sign, > wherein she acknowledges having been advised of the risks and > explicitly states she wants to do it her way anyway. > > What do you think? > > Many TIA, > > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From shiflett at php.net Wed Jan 7 17:14:08 2004 From: shiflett at php.net (Chris Shiflett) Date: Wed, 7 Jan 2004 14:14:08 -0800 (PST) Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: Message-ID: <20040107221408.17990.qmail@web14308.mail.yahoo.com> --- David Mintz wrote: > Geek has declared that the status quo is OK because the page through > which the sensitive data is retrieved is SSL-encrypted. Are you sure Geek is wrong? Maybe you need to start giving some details. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From dmintz at davidmintz.org Wed Jan 7 17:19:11 2004 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 7 Jan 2004 17:19:11 -0500 (EST) Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: <20040107221408.17990.qmail@web14308.mail.yahoo.com> References: <20040107221408.17990.qmail@web14308.mail.yahoo.com> Message-ID: On Wed, 7 Jan 2004, Chris Shiflett wrote: > --- David Mintz wrote: > > Geek has declared that the status quo is OK because the page through > > which the sensitive data is retrieved is SSL-encrypted. > > Are you sure Geek is wrong? > > Maybe you need to start giving some details. :-) I'd like to. OTOH is it wise to get to detailed about your weaknesses on a list that is publicly available and archived? Granted, this is paranoia in the extreme, but.... --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From chubbard at next-online.net Wed Jan 7 19:29:12 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Wed, 7 Jan 2004 16:29:12 -0800 Subject: [nycphp-talk] question about session and scalability Message-ID: All, Here's a weird question for you all. Got a client who wants to run a couple different web servers, each server running a copy of the same php application. There will be some sort (TBD) of load balancer between the servers and the internet. And there will be a separate server for the database. Users need to log into the application, and stay logged in while using the application. We want to be able to keep the users session open even if one of the web servers crashes. The users will be conducting transactions (against PostgreSQL), so I can use the transaction login in the database. My understanding is that if we're using $_sessions and the server goes down, then, the user looses their session (and any work they'd done). One of the ideas we've come up with is using a cookie, so we know from the inbound request who is making the request. But I'm not keen on cookies, for various reasons. We're anticipating no more than 50 concurrent users at any given time. I don't have an idea on how much load on a server a single user will be. Any thoughts, suggestions? thanks, Chris Hubbard chubbard at next-online.net 425 563 4153 From bpang at bpang.com Wed Jan 7 19:34:30 2004 From: bpang at bpang.com (bpang at bpang.com) Date: Wed, 7 Jan 2004 19:34:30 -0500 (EST) Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: References: <20040107221408.17990.qmail@web14308.mail.yahoo.com> Message-ID: <.38.117.145.89.1073522070.squirrel@www.bpang.com> I don't think you've yet given away the identity of the potentially insecure website. > I'd like to. OTOH is it wise to get to detailed about your weaknesses on a > list that is publicly available and archived? Granted, this is paranoia in > the extreme, but.... From jlacey at att.net Wed Jan 7 19:45:39 2004 From: jlacey at att.net (John Lacey) Date: Wed, 07 Jan 2004 17:45:39 -0700 Subject: [nycphp-talk] question about session and scalability In-Reply-To: References: Message-ID: <3FFCA833.5000109@att.net> Chris Hubbard wrote: > All, > Here's a weird question for you all. > > Got a client who wants to run a couple different web servers, each > server running a copy of the same php application. There will be some > sort (TBD) of load balancer between the servers and the internet. And > there will be a separate server for the database. > Users need to log into the application, and stay logged in while using > the application. We want to be able to keep the users session open even > if one of the web servers crashes. The users will be conducting > transactions (against PostgreSQL), so I can use the transaction login in > the database. > > My understanding is that if we're using $_sessions and the server goes > down, then, the user looses their session (and any work they'd done). > One of the ideas we've come up with is using a cookie, so we know from > the inbound request who is making the request. But I'm not keen on > cookies, for various reasons. > > We're anticipating no more than 50 concurrent users at any given time. > I don't have an idea on how much load on a server a single user will be. > Well Chris, on the face of it, that doesn't sound like an app that calls for load balancing at this point. That, coupled with the [relatively] low odds of things crashing on users, it might be not be worth the effort. So far as "losing work" it would seem that an app would be written in such a way to have relatively short commit cycles. i.e. don't leave a transaction uncommitted that depends on a user "thinking things over at the keyboard" Is there other compelling reasons why the client wants to run copies of the php app? John From chubbard at next-online.net Wed Jan 7 19:52:07 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Wed, 7 Jan 2004 16:52:07 -0800 Subject: [nycphp-talk] question about session and scalability In-Reply-To: <3FFCA833.5000109@att.net> References: <3FFCA833.5000109@att.net> Message-ID: I agree with you, that the load *probably* does not warrant load balancing. However, if it does, then would be nice/good/warm&fuzzy if it worked as a load balanced app. thanks for the bit about short commit times, completely forgot about that. chris On Jan 7, 2004, at 4:45 PM, John Lacey wrote: > > > Chris Hubbard wrote: > >> All, >> Here's a weird question for you all. >> Got a client who wants to run a couple different web servers, each >> server running a copy of the same php application. There will be >> some sort (TBD) of load balancer between the servers and the >> internet. And there will be a separate server for the database. >> Users need to log into the application, and stay logged in while >> using the application. We want to be able to keep the users session >> open even if one of the web servers crashes. The users will be >> conducting transactions (against PostgreSQL), so I can use the >> transaction login in the database. >> My understanding is that if we're using $_sessions and the server >> goes down, then, the user looses their session (and any work they'd >> done). One of the ideas we've come up with is using a cookie, so we >> know from the inbound request who is making the request. But I'm not >> keen on cookies, for various reasons. >> We're anticipating no more than 50 concurrent users at any given >> time. I don't have an idea on how much load on a server a single >> user will be. > > Well Chris, on the face of it, that doesn't sound like an app that > calls for load balancing at this point. That, coupled with the > [relatively] low odds of things crashing on users, it might be not be > worth the effort. > > So far as "losing work" it would seem that an app would be written in > such a way to have relatively short commit cycles. i.e. don't leave a > transaction uncommitted that depends on a user "thinking things over > at the keyboard" > > Is there other compelling reasons why the client wants to run copies > of the php app? > > John > > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Chris Hubbard chubbard at next-online.net 425 563 4153 From dcech at phpwerx.net Wed Jan 7 20:01:50 2004 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 07 Jan 2004 20:01:50 -0500 Subject: [nycphp-talk] question about session and scalability In-Reply-To: References: <3FFCA833.5000109@att.net> Message-ID: <3FFCABFE.20301@phpwerx.net> There are several different implementation floating around for database-backed session handling. If you were to use one of those then all your session data could be stored on the database server (or a separate session server) and it would make no difference which webserver a request went to. The only problems the majority of these systems have are the added overhead of retrieving the data from the session database vs the local filesystem, and the fact that implementing locks is fairly difficult. Dan Chris Hubbard wrote: > I agree with you, that the load *probably* does not warrant load > balancing. However, if it does, then would be nice/good/warm&fuzzy if > it worked as a load balanced app. > > thanks for the bit about short commit times, completely forgot about that. > chris > > On Jan 7, 2004, at 4:45 PM, John Lacey wrote: > >> >> >> Chris Hubbard wrote: >> >>> All, >>> Here's a weird question for you all. >>> Got a client who wants to run a couple different web servers, each >>> server running a copy of the same php application. There will be >>> some sort (TBD) of load balancer between the servers and the >>> internet. And there will be a separate server for the database. >>> Users need to log into the application, and stay logged in while >>> using the application. We want to be able to keep the users session >>> open even if one of the web servers crashes. The users will be >>> conducting transactions (against PostgreSQL), so I can use the >>> transaction login in the database. >>> My understanding is that if we're using $_sessions and the server >>> goes down, then, the user looses their session (and any work they'd >>> done). One of the ideas we've come up with is using a cookie, so we >>> know from the inbound request who is making the request. But I'm not >>> keen on cookies, for various reasons. >>> We're anticipating no more than 50 concurrent users at any given >>> time. I don't have an idea on how much load on a server a single >>> user will be. >> >> >> Well Chris, on the face of it, that doesn't sound like an app that >> calls for load balancing at this point. That, coupled with the >> [relatively] low odds of things crashing on users, it might be not be >> worth the effort. >> >> So far as "losing work" it would seem that an app would be written in >> such a way to have relatively short commit cycles. i.e. don't leave a >> transaction uncommitted that depends on a user "thinking things over >> at the keyboard" >> >> Is there other compelling reasons why the client wants to run copies >> of the php app? >> >> John >> >> >> >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > Chris Hubbard > chubbard at next-online.net > 425 563 4153 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From shiflett at php.net Wed Jan 7 20:27:15 2004 From: shiflett at php.net (Chris Shiflett) Date: Wed, 7 Jan 2004 17:27:15 -0800 (PST) Subject: [nycphp-talk] question about session and scalability In-Reply-To: Message-ID: <20040108012715.96361.qmail@web14304.mail.yahoo.com> --- Chris Hubbard wrote: > My understanding is that if we're using $_sessions and the server goes > down, then, the user looses their session (and any work they'd done). Just store your session data in a database. You can define your own functions with session_set_save_handler(). If you're feeling adventurous, you can look into msession. As I understand, it allows the servers to share sessions, so it is probably a bit faster. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From fields at surgam.net Wed Jan 7 22:14:22 2004 From: fields at surgam.net (Adam Fields) Date: Wed, 7 Jan 2004 22:14:22 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: References: Message-ID: <20040108031422.GB13394@eye.surgam.net> On Wed, Jan 07, 2004 at 01:02:45PM -0800, Phil Costa wrote: > > No promises of free software (that is how we make money, after all), but if > you use DW now and have suggestions we're listening. It's the best way to > help us get it right, as opposed to someone else. Oh, I don't know. Have you gotten around to supporting webdav over https yet? How about SFTP? From jsiegel1 at optonline.net Wed Jan 7 22:30:33 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 07 Jan 2004 22:30:33 -0500 Subject: [nycphp-talk] XAMMP Installation Message-ID: <3FFCCED9.2030509@optonline.net> Downloaded XAMPP from http://www.apachefriends.org/xampp-en.html for use on my Win98 laptop. I've listed below the skills you would need to get this up and running after downloading the install file. Essential skill No. 1: creating a folder Essential skill No. 2: browsing to that folder Essential skill No. 3: double-clicking on a few files That's it! It's an absolute pleasure to install! It runs beautifully on my antique Compaq Armada. Jeff Siegel From jlacey at att.net Wed Jan 7 23:58:18 2004 From: jlacey at att.net (John Lacey) Date: Wed, 07 Jan 2004 21:58:18 -0700 Subject: [nycphp-talk] XAMMP Installation In-Reply-To: <3FFCCED9.2030509@optonline.net> References: <3FFCCED9.2030509@optonline.net> Message-ID: <3FFCE36A.9060309@att.net> Jeff Siegel wrote: > Downloaded XAMPP from http://www.apachefriends.org/xampp-en.html for use > on my Win98 laptop. I've listed below the skills you would need to get > this up and running after downloading the install file. > > Essential skill No. 1: creating a folder > Essential skill No. 2: browsing to that folder > Essential skill No. 3: double-clicking on a few files > > That's it! It's an absolute pleasure to install! It runs beautifully on > my antique Compaq Armada. > Better'n sliced bread eh? I have my students load that up on their [typically Windows] home systems so they can do all the good stuff outside class. And to uninstall, ya just delete the xampp folder! In the classroom, we create a LAMP platform. A couple things I have them do is to copy the ApacheMonitor.exe from \xampp\apache\bin up to where all the bat files are in C:\xampp for convenience. Then they can control/restart apache by invoking the monitor, which ends up in the system tray -- good for experimenting with php.ini settings when you want to bounce the server. And I remind the win2k/xp users to make sure apache is set to "Manual" startup mode in Services -- don't want a web server running behind your back! John From dorgan at optonline.net Thu Jan 8 00:04:47 2004 From: dorgan at optonline.net (Donald J. Organ IV) Date: Thu, 08 Jan 2004 00:04:47 -0500 Subject: [nycphp-talk] OT: Phone Applications References: <3FFCCED9.2030509@optonline.net> <3FFCE36A.9060309@att.net> Message-ID: <000a01c3d5a4$f0284670$c801a8c0@dj> Does anyone know of any free phone application that let you use your modem and the built in microphone and speakers of your pc or laptop as a phone?? From webapprentice at mail.com Thu Jan 8 00:42:28 2004 From: webapprentice at mail.com (Webapprentice .) Date: Thu, 08 Jan 2004 00:42:28 -0500 Subject: [nycphp-talk] Re: herdocs and variable resolution Message-ID: <20040108054228.47740.qmail@mail.com> The PHP Cookbook is nice. It doesn't say anything about curly braces in heredocs though (I looked at heredoc in the index). >>>>>>>>>>>>>> Date: Wed, 07 Jan 2004 07:01:48 -0500 From: Jeff Siegel Subject: Re: [nycphp-talk] Re: Evaluating variables in a heredoc (Curly Braces) To: NYPHP Talk Message-ID: <3FFBF52C.5050702 at optonline.net> Content-Type: text/plain; charset=us-ascii; format=flowed FYI: The "PHP Cookbook" has a nice little piece on this stuff. (See: http://phundamentals.nyphp.org/PH_bookrecommendations.php ) Jeff Siegel<<<<<<<<<<<<< -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From jsiegel1 at optonline.net Thu Jan 8 06:00:04 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 08 Jan 2004 06:00:04 -0500 Subject: [nycphp-talk] Re: herdocs and variable resolution In-Reply-To: <20040108054228.47740.qmail@mail.com> References: <20040108054228.47740.qmail@mail.com> Message-ID: <3FFD3834.2030705@optonline.net> Some of this is dealt with in the first chapter on strings. What I found when reading the book is that it has to be read carefully since there are cross-references to other sections of the book ("recipes") and additional references to the PHP site. There are other things you can do with heredocs...see page 12. Jeff Webapprentice . wrote: > The PHP Cookbook is nice. It doesn't say anything about curly braces in heredocs though (I looked at heredoc in the index). > > > Date: Wed, 07 Jan 2004 07:01:48 -0500 > From: Jeff Siegel > > Subject: Re: [nycphp-talk] Re: Evaluating variables in a heredoc (Curly > Braces) > To: NYPHP Talk > > Message-ID: <3FFBF52C.5050702 at optonline.net> > > Content-Type: text/plain; charset=us-ascii; format=flowed > > FYI: The "PHP Cookbook" has a nice little piece on this > stuff. > (See: http://phundamentals.nyphp.org/PH_bookrecommendations.php > ) > > Jeff Siegel<<<<<<<<<<<<< -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Thu Jan 8 06:05:03 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 08 Jan 2004 06:05:03 -0500 Subject: [nycphp-talk] XAMMP Installation In-Reply-To: <3FFCE36A.9060309@att.net> References: <3FFCCED9.2030509@optonline.net> <3FFCE36A.9060309@att.net> Message-ID: <3FFD395F.6000107@optonline.net> Good suggestions. I have it on a Windows 98 machine/laptop and was thinking about placing the bat files in my Startup folder. Jeff John Lacey wrote: > > > Jeff Siegel wrote: > >> Downloaded XAMPP from http://www.apachefriends.org/xampp-en.html for >> use on my Win98 laptop. I've listed below the skills you would need to >> get this up and running after downloading the install file. >> >> Essential skill No. 1: creating a folder >> Essential skill No. 2: browsing to that folder >> Essential skill No. 3: double-clicking on a few files >> >> That's it! It's an absolute pleasure to install! It runs beautifully >> on my antique Compaq Armada. >> > > Better'n sliced bread eh? I have my students load that up on their > [typically Windows] home systems so they can do all the good stuff > outside class. And to uninstall, ya just delete the xampp folder! In > the classroom, we create a LAMP platform. > > A couple things I have them do is to copy the ApacheMonitor.exe from > \xampp\apache\bin up to where all the bat files are in C:\xampp for > convenience. Then they can control/restart apache by invoking the > monitor, which ends up in the system tray -- good for experimenting with > php.ini settings when you want to bounce the server. And I remind the > win2k/xp users to make sure apache is set to "Manual" startup mode in > Services -- don't want a web server running behind your back! > > John > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From Keith.Richardson at thompsonhealth.com Thu Jan 8 07:54:00 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Thu, 8 Jan 2004 07:54:00 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B295@ffth-exc01.thompsonhealth.org> I use dreamweaver here at work do to my php development, and I like it. I used to use homesite all of the time, and I tried the demo of DWMX, and I saw everything that homesite had in it, plus the wysiwyg editor capabilities. The other good thing about the wysiwyg as apposed to frontpage is that it doesnt butcher your code when you switch to design view and edit stuff that way. homesite comes on the dreamweaver mx cd, and has no license code, but I am sure it is a "use only if you bought dreamweaver mx"... but they should sell that as a separate product for people who dont want to pay the price of dreamweaver, but also want the coding functionality. i only have 2 gripes with it though - the FTP has been really buggy as of late, having problems saving/connecting/etc, so I just do things on our local intranet server, and you cannot add code macros that I have figured out, like you can have commonly used code where you just type in the variable names, or the array name and key names, and it will create loops/etc that you use in a lot of different things. I dont have the time at work to get the developers toolkit and add a module for that, so Im sunk with that. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Mark Armendariz Sent: Wednesday, January 07, 2004 4:22 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Talk to Macromedia about PHP Development Agreed, I have to say I seriously preferred Homesite/CF Studio, which lacked the overhead of the WYSIWYG. They seem to have been discontinued since DWMX. Can we have them back please? -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris Shiflett Sent: Wednesday, January 07, 2004 4:17 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Talk to Macromedia about PHP Development --- John Lacey wrote: > touche Tim... Macromedia's products are still, like Microsoft's, > overpriced -- the last time I used UltraDev to develop an .asp website > (don't ask), I couldn't believe all the crap that was thrown into > their code just to do simple database r/w I think the best way to appeal to serious programmers is to make something more like this: http://www.ultraedit.com/ CF Studio was actually quite similar to UltraEdit several years ago. Is it still around as a Macromedia product of some sort? Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Thu Jan 8 08:01:58 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 8 Jan 2004 08:01:58 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) In-Reply-To: <006601c3d566$0e04ec50$6400a8c0@thinkpad> Message-ID: <000401c3d5e7$9999a1d0$bf8d3818@oberon1> jon baer writes: " a client is looking for a method to enable the ability where they could open an excel doc, edit on the fly, and tie the content in with a website..." If the client is really in love with the 'excel' product, maybe he could use the new version which can save to 'XML'. Sorry, I don't have the details on the version of Microsoft Office which can save (as an option I believe) directly to xml. It might be possible through the magic of 'LDAP' to create a remote directory which would be accessible by the web server. The idea is that when the client saves the xml version of his spreadsheet on the remote system, your php stuff would include it (the excel/xml spreadsheet) automatically in the website. It seems whenever I try something that looks like it should be fairly easy to do and it involves a Microsoft component ( in this case Microsoft's implementation of LDAP) there always seems to be a 'gotcha' lurking 'in the weeds'. In this case the 'gotcha' might be that you have to have a Microsoft server to act the controlling 'authenticating server'. Hope this serves as some food for thought. Good Luck, T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From csnyder at chxo.com Thu Jan 8 09:49:32 2004 From: csnyder at chxo.com (Chris Snyder) Date: Thu, 08 Jan 2004 09:49:32 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B295@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B295@ffth-exc01.thompsonhealth.org> Message-ID: <3FFD6DFC.3020005@chxo.com> Little-known features of free web browsers... If you need a decent free wysiwyg HTML editor, give Mozilla Composer a shot -- open Mozilla and click the third icon on the bottom left (between Mail and Address Book). It writes clean code. You can copy and paste formatted bits from other pages. There's no integrated site manager, like Dreamweaver, but we all use SFTP or SCP anyway, right? :-) From joshmccormack at travelersdiary.com Thu Jan 8 09:51:04 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Thu, 8 Jan 2004 08:51:04 -0600 (CST) Subject: [nycphp-talk] Talk to Macromedia about PHP Development In-Reply-To: <3FFD6DFC.3020005@chxo.com> Message-ID: On Thu, 8 Jan 2004, Chris Snyder wrote: > Little-known features of free web browsers... > > If you need a decent free wysiwyg HTML editor, give Mozilla Composer a > shot -- open Mozilla and click the third icon on the bottom left > (between Mail and Address Book). It writes clean code. You can copy and > paste formatted bits from other pages. > > There's no integrated site manager, like Dreamweaver, but we all use > SFTP or SCP anyway, right? :-) Composer is pretty good, but the versions I've looked at have not had anything to make forms. Anyone know why? Josh From joshmccormack at travelersdiary.com Thu Jan 8 10:06:34 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Thu, 8 Jan 2004 09:06:34 -0600 (CST) Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) In-Reply-To: <000401c3d5e7$9999a1d0$bf8d3818@oberon1> Message-ID: On Thu, 8 Jan 2004, Tim Gales wrote: > jon baer writes: > > " a client is looking for a method to enable the ability where > they could open an excel doc, edit on the fly, and tie the > content in with a website..." > > If the client is really in love with the 'excel' product, > maybe he could use the new version which can save to 'XML'. > Sorry, I don't have the details on the version of Microsoft > Office which can save (as an option I believe) directly to xml. > > Good Luck, > > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com you could have them save it csv and make a limited upload thing a la phpmyadmin Josh From webapprentice at mail.com Thu Jan 8 10:11:43 2004 From: webapprentice at mail.com (Webapprentice .) Date: Thu, 08 Jan 2004 10:11:43 -0500 Subject: [nycphp-talk] Talk to Macromedia about PHP Development Message-ID: <20040108151143.13094.qmail@mail.com> Dear Phil Costa, Is Homesite 5.5 available as a retail box? --Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From pcosta at macromedia.com Thu Jan 8 10:42:41 2004 From: pcosta at macromedia.com (Phil Costa) Date: Thu, 8 Jan 2004 07:42:41 -0800 Subject: [nycphp-talk] Talk to Macromedia about PHP Development Message-ID: It's only available electronically, but yes, version 5.5 is available. http://www.macromedia.com/software/homesite/ Phil -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Webapprentice . Sent: Thursday, January 08, 2004 10:12 AM To: talk at lists.nyphp.org Subject: Re: [nycphp-talk] Talk to Macromedia about PHP Development Dear Phil Costa, Is Homesite 5.5 available as a retail box? --Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Thomas.Freedman at ubs.com Thu Jan 8 11:05:18 2004 From: Thomas.Freedman at ubs.com (Freedman, Tom S.) Date: Thu, 8 Jan 2004 11:05:18 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) Message-ID: The most recent versions of Excel (at least in Office XP and Office 2003) allow you to publish the spreadsheet as a .htm file and autorepublish the file every time the worksheet is saved. You could then parse the file into your PHP site, or just link to the HTML file directly (though it'd only look as nice as the spreadsheet itself). -----Original Message----- From: jon baer [mailto:jonbaer at jonbaer.net] Sent: Wednesday, January 07, 2004 4:35 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) greetings ... a client is looking for a method to enable the ability where they could open an excel doc, edit on the fly, and tie the content in with a website using a template like say smarty ... i have not read much up on "smart tags" but if content was tagged in smarty like such: {home_team.name} {home_team.score} is there a dynamic way (macro, etc) to enable the content of the excel doc to be posted to a site? i had tried to convince the guy to ditch the excel so i could do it online but he is someone more comfortable w/ excel only ... what is the solution if i wanted to keep his doc and my site in sync? thanks in advance for any suggestions. - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk Please do not transmit orders or instructions regarding a UBS account by email. The information provided in this email or any attachments is not an official transaction confirmation or account statement. For your protection, do not include account numbers, Social Security numbers, credit card numbers, passwords or other non-public information in your email. Because the information contained in this message may be privileged, confidential, proprietary or otherwise protected from disclosure, please notify us immediately by replying to this message and deleting it from your computer if you have received this communication in error. Thank you. UBS Financial Services Inc. UBS International Inc. From jonbaer at jonbaer.net Thu Jan 8 11:46:01 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 8 Jan 2004 11:46:01 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) References: Message-ID: <00be01c3d606$e8103530$6400a8c0@thinkpad> I ended up creating a pop3 mailbox for .cvs files + a cron job, so he saves the files as .cvs and mails them to a dropbox account which works, but Excel has a "Send To" which could also make it easier but I need to find a PHP/XLS parser and came across this: http://www.zakkis.ca/products/abc_excelparser/index.php Which looks sweet but out of his budget ... then (thanks to the NYPHP list archive) it seems like the topic was brought up before, I found ExcelRead_FR which unfortunatley is all in French ... *but* calls new com() which defeats the purpose since the box is running Linux. So @ the moment its: Client -> XLS -> CVS -> POP3 -> CRON-> PHP -> MYSQL - jon ----- Original Message ----- From: "Freedman, Tom S." To: "'NYPHP Talk'" Sent: Thursday, January 08, 2004 11:05 AM Subject: RE: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > The most recent versions of Excel (at least in Office XP and Office 2003) > allow you to publish the spreadsheet as a .htm file and autorepublish the > file every time the worksheet is saved. You could then parse the file into > your PHP site, or just link to the HTML file directly (though it'd only look > as nice as the spreadsheet itself). From joshmccormack at travelersdiary.com Thu Jan 8 11:55:31 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Thu, 8 Jan 2004 10:55:31 -0600 (CST) Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) In-Reply-To: <00be01c3d606$e8103530$6400a8c0@thinkpad> Message-ID: On Thu, 8 Jan 2004, jon baer wrote: > I ended up creating a pop3 mailbox for .cvs files + a cron job, so he saves > the files as .cvs and mails them to a dropbox account which works, but Excel > has a "Send To" which could also make it easier but I need to find a PHP/XLS > parser and came across this: > > http://www.zakkis.ca/products/abc_excelparser/index.php > > Which looks sweet but out of his budget ... then (thanks to the NYPHP list > archive) it seems like the topic was brought up before, I found ExcelRead_FR > which unfortunatley is all in French ... *but* calls new com() which defeats > the purpose since the box is running Linux. > > So @ the moment its: > > Client -> XLS -> CVS -> POP3 -> CRON-> PHP -> MYSQL > > - jon Isn't this the page about ExcelRead (which is in English)? http://www.andykhan.com/excelread/index.html Josh From jonbaer at jonbaer.net Thu Jan 8 11:53:15 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 8 Jan 2004 11:53:15 -0500 Subject: [nycphp-talk] OT: Phone Applications References: <3FFCCED9.2030509@optonline.net> <3FFCE36A.9060309@att.net> <000a01c3d5a4$f0284670$c801a8c0@dj> Message-ID: <010b01c3d607$e9a3b100$6400a8c0@thinkpad> http://www.openh323.org - jon ----- Original Message ----- From: "Donald J. Organ IV" To: "NYPHP Talk" Sent: Thursday, January 08, 2004 12:04 AM Subject: [nycphp-talk] OT: Phone Applications > Does anyone know of any free phone application that let you use your modem > and the built in microphone and speakers of your pc or laptop as a phone?? > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jonbaer at jonbaer.net Thu Jan 8 11:56:11 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 8 Jan 2004 11:56:11 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) References: Message-ID: <011101c3d608$53fa7070$6400a8c0@thinkpad> > > Isn't this the page about ExcelRead (which is in English)? > http://www.andykhan.com/excelread/index.html > http://www.phpclasses.org/browse.html/package/1069.html maybe someone can translate the code below into English? not even sure if it works ... - jon IdConnexion = new com("Excel.Application")or die("Erreur lors de la connexion au fichier excel : $Fichier"); $Rep = getcwd(); $$LeDocument=$Rep."\\".$$LeDocument; $this->Classeur = $this->IdConnexion->WorkBooks->Open($LeDocument) or die("Erreur impossible d'ouvrir le classeur"); } function RecupereValeurCellule($feuil, $cell){ if (!isset($this->Classeur)){ if (!isset($this->Fichier)){ return False; }else{ $this->OuvreLeFichier($this->Fichier); } } $Classeur = $this->Classeur; $Feuille = $this->Classeur->Sheets($feuil); $SelectedFeuille = $Feuille->Select; $Cellule = $Feuille->Range($cell); $ValeurCellule = $Cellule->Value; return $ValeurCellule; } function EcritDansCellule($feuil, $cell, $NouvelleValeur){ if (!isset($this->Classeur)){ if (!isset($this->Fichier)){ return False; }else{ $this->OuvreLeFichier($this->Fichier); } } $Classeur = $this->Classeur; $Feuille = $this->Classeur->Sheets($feuil); $SelectedFeuille = $Feuille->Select; $Cellule = $Feuille->Range($cell); $Cellule->Value = $NouvelleValeur; } function CellIsEmpty($cell){ $Classeur = $this->Classeur; $Feuille = $this->Classeur->Sheets($this->Feuille); $SelectedFeuille = $Feuille->Select; $Cellule = $Feuille->Range($cell); if ($Cellule->Value == ""){ return true; }else{ return False; } } function CellIsMerged($cell){ $Classeur = $this->Classeur; $Feuille = $this->Classeur->Sheets($this->Feuille); $SelectedFeuille = $Feuille->Select; $Cellule = $Feuille->Range($cell); if ($y = $Cellule->MergeCells){ return true; }else{ return False; } } function Enregistrer(){ $this->Classeur->Save(); } function Fermer(){ //com_release($this->IdConnexion); $this->IdConnexion->Quit(); $this->IdConnexion = null; } function RecupereDerniereLigne(){ } } ?> From chubbard at next-online.net Thu Jan 8 12:06:49 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Thu, 8 Jan 2004 09:06:49 -0800 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) In-Reply-To: <011101c3d608$53fa7070$6400a8c0@thinkpad> References: <011101c3d608$53fa7070$6400a8c0@thinkpad> Message-ID: <0C04475B-41FD-11D8-95B9-000A95BAE752@next-online.net> don't think this will help. looks like its using COM On Jan 8, 2004, at 8:56 AM, jon baer wrote: >> >> Isn't this the page about ExcelRead (which is in English)? >> http://www.andykhan.com/excelread/index.html >> > > http://www.phpclasses.org/browse.html/package/1069.html > > maybe someone can translate the code below into English? not even sure > if it > works ... > > - jon > > class ExcelRead_FR{ > > // Les variables : > var $Fichier; // Le Fichier excel ? lire ! > var $Feuille; // La Feuille a R?cup?rer ! > var $Cellule; // La Cellule a lire > var $IdConnexion; > var $Classeur; > > function OuvreLeFichier($LeDocument){ > /* Cette fonction Ouvre le document Excel > * Elle est a appel? apr?s avoir renseigner la variable > * Fichier. > * Elle renseigne les variables IdConnexion et Classeur > */ > $this->IdConnexion = new com("Excel.Application")or die("Erreur lors > de la > connexion au fichier excel : $Fichier"); > $Rep = getcwd(); > $$LeDocument=$Rep."\\".$$LeDocument; > $this->Classeur = $this->IdConnexion->WorkBooks->Open($LeDocument) or > die("Erreur impossible d'ouvrir le classeur"); > } > > function RecupereValeurCellule($feuil, $cell){ > if (!isset($this->Classeur)){ > if (!isset($this->Fichier)){ > return False; > }else{ > $this->OuvreLeFichier($this->Fichier); > } > } > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($feuil); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > $ValeurCellule = $Cellule->Value; > return $ValeurCellule; > } > > > function EcritDansCellule($feuil, $cell, $NouvelleValeur){ > if (!isset($this->Classeur)){ > if (!isset($this->Fichier)){ > return False; > }else{ > $this->OuvreLeFichier($this->Fichier); > } > } > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($feuil); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > $Cellule->Value = $NouvelleValeur; > } > function CellIsEmpty($cell){ > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($this->Feuille); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > if ($Cellule->Value == ""){ > return true; > }else{ > return False; > } > } > > function CellIsMerged($cell){ > > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($this->Feuille); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > if ($y = $Cellule->MergeCells){ > return true; > }else{ > return False; > } > > } > > function Enregistrer(){ > $this->Classeur->Save(); > } > function Fermer(){ > //com_release($this->IdConnexion); > $this->IdConnexion->Quit(); > $this->IdConnexion = null; > } > function RecupereDerniereLigne(){ > > } > } > > > ?> > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Chris Hubbard chubbard at next-online.net 425 563 4153 From tom at supertom.com Thu Jan 8 12:05:45 2004 From: tom at supertom.com (tom at supertom.com) Date: Thu, 08 Jan 2004 12:05:45 -0500 Subject: [nycphp-talk] Searching PDF files? In-Reply-To: <010b01c3d607$e9a3b100$6400a8c0@thinkpad> Message-ID: Hey folks, a question about PDF files: In Google's search results, they are able to search PDF files. Anyone know how this is done, and if it can be done in PHP? Thanks, Tom From csnyder at chxo.com Thu Jan 8 12:14:41 2004 From: csnyder at chxo.com (csnyder at chxo.com) Date: Thu, 8 Jan 2004 12:14:41 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) In-Reply-To: <00be01c3d606$e8103530$6400a8c0@thinkpad> References: <00be01c3d606$e8103530$6400a8c0@thinkpad> Message-ID: <1073582081.3ffd900162e1c@webmail.tuffmail.net> Quoting jon baer : > I ended up creating a pop3 mailbox for .cvs files + a cron job, so he saves > the files as .cvs and mails them to a dropbox account which works I think you mean .csv -- comma-separated value as opposed to concurrent versioning system. It's an important distinction, because Excel knows nothing about working with CVS. As far as I know, CSV format is the universal solvent when it comes to database / spreadsheet / spss intercommunication. From joshmccormack at travelersdiary.com Thu Jan 8 12:15:25 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Thu, 8 Jan 2004 11:15:25 -0600 (CST) Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) In-Reply-To: <011101c3d608$53fa7070$6400a8c0@thinkpad> Message-ID: If it turns out you do want to use that, I could translate. The page said something about a newer version and I think I saw that it uses Java. Does it require windows stuff? Josh On Thu, 8 Jan 2004, jon baer wrote: > > > > Isn't this the page about ExcelRead (which is in English)? > > http://www.andykhan.com/excelread/index.html > > > > http://www.phpclasses.org/browse.html/package/1069.html > > maybe someone can translate the code below into English? not even sure if it > works ... > > - jon > > class ExcelRead_FR{ > > // Les variables : > var $Fichier; // Le Fichier excel ? lire ! > var $Feuille; // La Feuille a R?cup?rer ! > var $Cellule; // La Cellule a lire > var $IdConnexion; > var $Classeur; > > function OuvreLeFichier($LeDocument){ > /* Cette fonction Ouvre le document Excel > * Elle est a appel? apr?s avoir renseigner la variable > * Fichier. > * Elle renseigne les variables IdConnexion et Classeur > */ > $this->IdConnexion = new com("Excel.Application")or die("Erreur lors de la > connexion au fichier excel : $Fichier"); > $Rep = getcwd(); > $$LeDocument=$Rep."\\".$$LeDocument; > $this->Classeur = $this->IdConnexion->WorkBooks->Open($LeDocument) or > die("Erreur impossible d'ouvrir le classeur"); > } > > function RecupereValeurCellule($feuil, $cell){ > if (!isset($this->Classeur)){ > if (!isset($this->Fichier)){ > return False; > }else{ > $this->OuvreLeFichier($this->Fichier); > } > } > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($feuil); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > $ValeurCellule = $Cellule->Value; > return $ValeurCellule; > } > > > function EcritDansCellule($feuil, $cell, $NouvelleValeur){ > if (!isset($this->Classeur)){ > if (!isset($this->Fichier)){ > return False; > }else{ > $this->OuvreLeFichier($this->Fichier); > } > } > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($feuil); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > $Cellule->Value = $NouvelleValeur; > } > function CellIsEmpty($cell){ > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($this->Feuille); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > if ($Cellule->Value == ""){ > return true; > }else{ > return False; > } > } > > function CellIsMerged($cell){ > > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($this->Feuille); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > if ($y = $Cellule->MergeCells){ > return true; > }else{ > return False; > } > > } > > function Enregistrer(){ > $this->Classeur->Save(); > } > function Fermer(){ > //com_release($this->IdConnexion); > $this->IdConnexion->Quit(); > $this->IdConnexion = null; > } > function RecupereDerniereLigne(){ > > } > } > > > ?> > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From csnyder at chxo.com Thu Jan 8 12:19:09 2004 From: csnyder at chxo.com (csnyder at chxo.com) Date: Thu, 8 Jan 2004 12:19:09 -0500 Subject: [nycphp-talk] Searching PDF files? In-Reply-To: References: Message-ID: <1073582349.3ffd910d316f6@webmail.tuffmail.net> Quoting tom at supertom.com: > Hey folks, a question about PDF files: > > In Google's search results, they are able to search PDF files. Anyone know > how this is done, and if it can be done in PHP? > There are a number of Unix solutions for PDF -> HTML translation ( and very few that go the other direction, unfortunately ). If nothing else, you could shell_exec() to something like pdftohtml: http://pdftohtml.sourceforge.net/ From dmintz at davidmintz.org Thu Jan 8 12:21:14 2004 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 8 Jan 2004 12:21:14 -0500 (EST) Subject: [nycphp-talk] XAMMP Installation In-Reply-To: <3FFCE36A.9060309@att.net> References: <3FFCCED9.2030509@optonline.net> <3FFCE36A.9060309@att.net> Message-ID: I am thinking I might like to set this up for a friend but this would be for semi-production, if you will. That is, he would be serving to the world off his home machine but not to mass audiences, just for a personal site. Question is, is there a how-to or something somewhere that lists the security steps to be taken to make this reasonably safe, or I am insane to dare think of it? He's running Win2K. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From tom at supertom.com Thu Jan 8 12:21:42 2004 From: tom at supertom.com (tom at supertom.com) Date: Thu, 08 Jan 2004 12:21:42 -0500 Subject: [nycphp-talk] Searching PDF files? In-Reply-To: <1073582349.3ffd910d316f6@webmail.tuffmail.net> Message-ID: Interesting - my goal is to come up with a flexible method to edit PDF templates, it may be possible to convert the PDF out of PDF format, change the important areas, and convert it back to PDF with this: http://www.rustyparts.com/pdf.php I've done a bunch of stuff with this: http://www.ros.co.nz/pdf but now I need more flexibility in the PDF creation. Not sure if I am going to go this route yet, but thanks for the tip! Tom *************************************************** What's Tom listening to right now? Find out here: http://www.supertom.com/current_track.php -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of csnyder at chxo.com Sent: Thursday, January 08, 2004 12:19 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Searching PDF files? Quoting tom at supertom.com: > Hey folks, a question about PDF files: > > In Google's search results, they are able to search PDF files. Anyone know > how this is done, and if it can be done in PHP? > There are a number of Unix solutions for PDF -> HTML translation ( and very few that go the other direction, unfortunately ). If nothing else, you could shell_exec() to something like pdftohtml: http://pdftohtml.sourceforge.net/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From chubbard at next-online.net Thu Jan 8 12:27:21 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Thu, 8 Jan 2004 09:27:21 -0800 Subject: [nycphp-talk] XAMMP Installation In-Reply-To: References: <3FFCCED9.2030509@optonline.net> <3FFCE36A.9060309@att.net> Message-ID: David, I've got a similar set up at home, but using XP instead. If the box is connected directly to the internet, then it's going to get hit by a lot of stuff, trying to hack it. My personal recommendation is to buy a small netgear router that supports NAT and port-forwarding. these routers have a nice web interface where you can block all ports except for 80, and then set up port forwarding from the router (which will have the static ip) to the W2K box. With this configuration the box is pretty tight. You'll run into trouble with each port you open, mail, ftp, etc. so it's best, if you can do it, to just have 80 open. chris On Jan 8, 2004, at 9:21 AM, David Mintz wrote: > > I am thinking I might like to set this up for a friend but this would > be > for semi-production, if you will. That is, he would be serving to the > world off his home machine but not to mass audiences, just for a > personal > site. Question is, is there a how-to or something somewhere that lists > the > security steps to be taken to make this reasonably safe, or I am > insane to > dare think of it? He's running Win2K. > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Chris Hubbard chubbard at next-online.net 425 563 4153 From pcosta at macromedia.com Thu Jan 8 12:35:03 2004 From: pcosta at macromedia.com (Phil Costa) Date: Thu, 8 Jan 2004 09:35:03 -0800 Subject: [nycphp-talk] Searching PDF files? Message-ID: Search engines typically have filters that know how to read the PDF file format. Once it's converted to regular text, they use their usual algorithms to index it. All of the commercial search engines (Verity, Autonomy, etc.) have filters for PDF files as well as Excel, Word, powerpoint, and so on. Some of the open source ones do as well, though I'm not really sure how good they are. One I've heard good things about is Lucene, which is managed by the Apache group. It's written in Java. I'm sure there are open source C-based ones as well. Phil -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of tom at supertom.com Sent: Thursday, January 08, 2004 12:06 PM To: NYPHP Talk Subject: [nycphp-talk] Searching PDF files? Hey folks, a question about PDF files: In Google's search results, they are able to search PDF files. Anyone know how this is done, and if it can be done in PHP? Thanks, Tom _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From keremtuzemen at hotmail.com Thu Jan 8 12:49:16 2004 From: keremtuzemen at hotmail.com (Kerem Tuzemen) Date: Thu, 8 Jan 2004 12:49:16 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) References: <011101c3d608$53fa7070$6400a8c0@thinkpad> Message-ID: Jon, here are some clues: Fichier = File Feuille = Sheet Cellule = Cell Connexion = Connection Classeur = Folder Valeur = Value Enregistrer = Save Fermer = Close OuvreLeFichier=OpenFile EcritDansCellule=WriteInCell NouvelleValeur = NewValue RecupereValeurCellule=ReadCellValue EcritDansCellule=WriteInCell Hope this helps. O. Kerem Tuzemen ----- Original Message ----- From: "jon baer" To: "NYPHP Talk" Sent: Thursday, January 08, 2004 11:56 AM Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > > > > Isn't this the page about ExcelRead (which is in English)? > > http://www.andykhan.com/excelread/index.html > > > > http://www.phpclasses.org/browse.html/package/1069.html > > maybe someone can translate the code below into English? not even sure if it > works ... > > - jon > > class ExcelRead_FR{ > > // Les variables : > var $Fichier; // Le Fichier excel ? lire ! > var $Feuille; // La Feuille a R?cup?rer ! > var $Cellule; // La Cellule a lire > var $IdConnexion; > var $Classeur; > > function OuvreLeFichier($LeDocument){ > /* Cette fonction Ouvre le document Excel > * Elle est a appel? apr?s avoir renseigner la variable > * Fichier. > * Elle renseigne les variables IdConnexion et Classeur > */ > $this->IdConnexion = new com("Excel.Application")or die("Erreur lors de la > connexion au fichier excel : $Fichier"); > $Rep = getcwd(); > $$LeDocument=$Rep."\\".$$LeDocument; > $this->Classeur = $this->IdConnexion->WorkBooks->Open($LeDocument) or > die("Erreur impossible d'ouvrir le classeur"); > } > > function RecupereValeurCellule($feuil, $cell){ > if (!isset($this->Classeur)){ > if (!isset($this->Fichier)){ > return False; > }else{ > $this->OuvreLeFichier($this->Fichier); > } > } > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($feuil); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > $ValeurCellule = $Cellule->Value; > return $ValeurCellule; > } > > > function EcritDansCellule($feuil, $cell, $NouvelleValeur){ > if (!isset($this->Classeur)){ > if (!isset($this->Fichier)){ > return False; > }else{ > $this->OuvreLeFichier($this->Fichier); > } > } > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($feuil); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > $Cellule->Value = $NouvelleValeur; > } > function CellIsEmpty($cell){ > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($this->Feuille); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > if ($Cellule->Value == ""){ > return true; > }else{ > return False; > } > } > > function CellIsMerged($cell){ > > $Classeur = $this->Classeur; > $Feuille = $this->Classeur->Sheets($this->Feuille); > $SelectedFeuille = $Feuille->Select; > $Cellule = $Feuille->Range($cell); > if ($y = $Cellule->MergeCells){ > return true; > }else{ > return False; > } > > } > > function Enregistrer(){ > $this->Classeur->Save(); > } > function Fermer(){ > //com_release($this->IdConnexion); > $this->IdConnexion->Quit(); > $this->IdConnexion = null; > } > function RecupereDerniereLigne(){ > > } > } > > > ?> > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From mjdewitt at alexcommgrp.com Thu Jan 8 12:41:27 2004 From: mjdewitt at alexcommgrp.com (DeWitt, Michael) Date: Thu, 8 Jan 2004 12:41:27 -0500 Subject: [nycphp-talk] Anyone having ssl problems with Verisign today? Message-ID: We are noticing ssl errors for IE browsers configured with Check for server certificate revocation (requires restart). I have been on hold with Verign for about 1/2 hour so far, and testing some big commercial shopping carts seems to show the same thing. Can anyone else confirm this? Michael DeWitt "Smile, your on my camera" From dmintz at davidmintz.org Thu Jan 8 13:00:24 2004 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 8 Jan 2004 13:00:24 -0500 (EST) Subject: [nycphp-talk] client doesn't want security: what to do? In-Reply-To: <.38.117.145.89.1073522070.squirrel@www.bpang.com> References: <20040107221408.17990.qmail@web14308.mail.yahoo.com> <.38.117.145.89.1073522070.squirrel@www.bpang.com> Message-ID: On Wed, 7 Jan 2004 bpang at bpang.com wrote: > I don't think you've yet given away the identity of the potentially > insecure website. I suppose not. Bottom line: if my account or if the root account on the server were compromised, people could steal credit card numbers (although not the names of the owners or expiration dates) from the mysql database where they are stored, and that could be a Bad Thing, it seems to me; whereas if the numbers were being PGP/GPG-encrypted at https request time, the Bad Guys would have to be immensely powerful and talented to steal this information Thanks to all for the nourishing food for thought. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From mwithington at PLMresearch.com Thu Jan 8 13:06:04 2004 From: mwithington at PLMresearch.com (Mark Withington) Date: Thu, 8 Jan 2004 13:06:04 -0500 Subject: [nycphp-talk] OT: Health insurance Message-ID: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> Forget about risk pools and actuarial studies. The reason healthcare cost so much for individuals is because the insurance company can really stick it to you. Group insurance - by definition - has more leverage cause it's a bigger chunk of change for the providers to fight over. I am in the [very] early stages of exploring group plans and wonder if there are any other PHP'ers out there who, like me, feverishly type away in their basement while wearing multiple hats? Netting it out: is there anyone who would be interested in forming a group so we can go shopping for health insurance? I'm really tired of writing such a large check each month. -------------------------- Mark L. Withington PLMresearch "eBusiness for the Midsize Enterprise" PO Box 1354 Plymouth, MA 02362 o: 800-310-3992 f: 508-746-4973 v: 508-746-2383 m: 508-801-0181 http://www.PLMresearch.com Netscape/AOL/MSN IM: PLMresearch mwithington at plmresearch.com Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc Calendar: http://www.plmresearch.com/calendar.php From jlacey at att.net Thu Jan 8 13:07:24 2004 From: jlacey at att.net (John Lacey) Date: Thu, 08 Jan 2004 11:07:24 -0700 Subject: [nycphp-talk] XAMMP Installation In-Reply-To: References: <3FFCCED9.2030509@optonline.net> <3FFCE36A.9060309@att.net> Message-ID: <3FFD9C5C.6050600@att.net> Chris Hubbard wrote: > David, > I've got a similar set up at home, but using XP instead. > > If the box is connected directly to the internet, then it's going to get > hit by a lot of stuff, trying to hack it. My personal recommendation is > to buy a small netgear router that supports NAT and port-forwarding. > these routers have a nice web interface where you can block all ports > except for 80, and then set up port forwarding from the router (which > will have the static ip) to the W2K box. With this configuration the > box is pretty tight. > You'll run into trouble with each port you open, mail, ftp, etc. so > it's best, if you can do it, to just have 80 open. > chris couple notes ... if a home situation, is there a certainty of maintaining the same static IP address? otherwise, it's a moving target with asynchronous access protocols (like ADSL), keep in mind that the home network's upload speed is the download speed of the port 80 users -- which is just the opposite of what a web server calls for NATing the external address without any other protections still gives outsiders pass-thru access to the internal address (usually the 192.168.0.0 variety) > On Jan 8, 2004, at 9:21 AM, David Mintz wrote: > >> >> I am thinking I might like to set this up for a friend but this would be >> for semi-production, if you will. That is, he would be serving to the >> world off his home machine but not to mass audiences, just for a personal >> site. Question is, is there a how-to or something somewhere that lists >> the >> security steps to be taken to make this reasonably safe, or I am >> insane to >> dare think of it? He's running Win2K. >> as their website says, the default XAMPP install is inherently insecure, for good reason since it's meant to be wide-open for development purposes (e.g. MySQL has no password and register globals is on) -- so beware hth, John From jlacey at att.net Thu Jan 8 13:14:06 2004 From: jlacey at att.net (John Lacey) Date: Thu, 08 Jan 2004 11:14:06 -0700 Subject: [nycphp-talk] OT: Health insurance In-Reply-To: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> References: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> Message-ID: <3FFD9DEE.6040005@att.net> on a bumpersticker... "Think Health insurance is expensive now? ... just wait 'til it's free. Mark Withington wrote: > Forget about risk pools and actuarial studies. The reason healthcare cost > so much for individuals is because the insurance company can really stick it > to you. Group insurance - by definition - has more leverage cause it's a > bigger chunk of change for the providers to fight over. > > I am in the [very] early stages of exploring group plans and wonder if there > are any other PHP'ers out there who, like me, feverishly type away in their > basement while wearing multiple hats? Netting it out: is there anyone who > would be interested in forming a group so we can go shopping for health > insurance? I'm really tired of writing such a large check each month. > > -------------------------- > Mark L. Withington > PLMresearch > "eBusiness for the Midsize Enterprise" > PO Box 1354 > Plymouth, MA 02362 > o: 800-310-3992 > f: 508-746-4973 > v: 508-746-2383 > m: 508-801-0181 > http://www.PLMresearch.com > Netscape/AOL/MSN IM: PLMresearch > mwithington at plmresearch.com > Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc > Calendar: http://www.plmresearch.com/calendar.php > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at enobrev.com Thu Jan 8 13:19:04 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Thu, 8 Jan 2004 13:19:04 -0500 Subject: [nycphp-talk] OT: Health insurance In-Reply-To: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> Message-ID: I am very interested, I recall hearing recently that there is such a thing already based out of New York (looking for the link), but I recall at the time I wasn't making enough to cover even their prices. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Mark Withington Sent: Thursday, January 08, 2004 1:06 PM To: 'NYPHP Talk' Subject: [nycphp-talk] OT: Health insurance Forget about risk pools and actuarial studies. The reason healthcare cost so much for individuals is because the insurance company can really stick it to you. Group insurance - by definition - has more leverage cause it's a bigger chunk of change for the providers to fight over. I am in the [very] early stages of exploring group plans and wonder if there are any other PHP'ers out there who, like me, feverishly type away in their basement while wearing multiple hats? Netting it out: is there anyone who would be interested in forming a group so we can go shopping for health insurance? I'm really tired of writing such a large check each month. -------------------------- Mark L. Withington PLMresearch "eBusiness for the Midsize Enterprise" PO Box 1354 Plymouth, MA 02362 o: 800-310-3992 f: 508-746-4973 v: 508-746-2383 m: 508-801-0181 http://www.PLMresearch.com Netscape/AOL/MSN IM: PLMresearch mwithington at plmresearch.com Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc Calendar: http://www.plmresearch.com/calendar.php _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From danielc at analysisandsolutions.com Thu Jan 8 13:35:18 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 8 Jan 2004 13:35:18 -0500 Subject: [nycphp-talk] OT: Health insurance In-Reply-To: References: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> Message-ID: <20040108183518.GB21154@panix.com> On Thu, Jan 08, 2004 at 01:19:04PM -0500, Mark Armendariz wrote: > I am very interested, I recall hearing recently that there is such a thing > already based out of New York (looking for the link), but I recall at the > time I wasn't making enough to cover even their prices. While not for groups... There's the Healthy NY program for low income individuals who need affordable insurance. See http://www.ins.state.ny.us/healthny.htm Also, there's Child Helth Plus and Family Health Plus for those with very low incomes. http://www.health.state.ny.us/nysdoh/chplus/index.htm http://www.health.state.ny.us/nysdoh/fhplus/index.htm --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From mjdewitt at alexcommgrp.com Thu Jan 8 13:56:36 2004 From: mjdewitt at alexcommgrp.com (DeWitt, Michael) Date: Thu, 8 Jan 2004 13:56:36 -0500 Subject: [nycphp-talk] Anyone having ssl problems with Verisign today? Message-ID: After 1 1/2 hours, I finally got through to Verisign. They have two major issues. The certificate revocation list servers are down (their crl file is corrupt which may or may not be related, get it here when it's good at http://www.verisign.com/repository/crl.html ) with no ETA and their CA intermediate file has expired. You can get a new intermediate.crt from https://www.verisign.com/support/site/caReplacement.html They have no plans to make the status of the crl servers known on their website. That's service for ya! Michael DeWitt "Smile, your on my camera" > -----Original Message----- > From: DeWitt, Michael > Sent: Thursday, January 08, 2004 12:41 PM > To: 'NYPHP Talk' > Subject: [nycphp-talk] Anyone having ssl problems with Verisign today? > > We are noticing ssl errors for IE browsers configured with > > Check for server certificate revocation (requires restart). > > I have been on hold with Verign for about 1/2 hour so far, and testing > some > big commercial shopping carts seems to show the same thing. > > Can anyone else confirm this? > > Michael DeWitt > "Smile, your on my camera" > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Thu Jan 8 14:11:44 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 08 Jan 2004 14:11:44 -0500 Subject: [nycphp-talk] XAMMP Installation In-Reply-To: References: <3FFCCED9.2030509@optonline.net> <3FFCE36A.9060309@att.net> Message-ID: <3FFDAB70.4030108@optonline.net> You'll find somewhere on the XAMMP website some discussion of security. Jeff David Mintz wrote: > I am thinking I might like to set this up for a friend but this would be > for semi-production, if you will. That is, he would be serving to the > world off his home machine but not to mass audiences, just for a personal > site. Question is, is there a how-to or something somewhere that lists the > security steps to be taken to make this reasonably safe, or I am insane to > dare think of it? He's running Win2K. > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Thu Jan 8 14:20:41 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 8 Jan 2004 14:20:41 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) In-Reply-To: <1073582081.3ffd900162e1c@webmail.tuffmail.net> Message-ID: <000b01c3d61c$82c62d40$bf8d3818@oberon1> Chris Snyder writes: " As far as I know, CSV format is the universal solvent when it comes to database / spreadsheet / spss intercommunication..." For now -- in the future XML? T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From danielk at us.ibm.com Thu Jan 8 14:28:22 2004 From: danielk at us.ibm.com (Daniel Krook) Date: Thu, 8 Jan 2004 14:28:22 -0500 Subject: [nycphp-talk] XAMMP Installation In-Reply-To: <3FFD9C5C.6050600@att.net> Message-ID: There are quite a few solutions to hosting a site on a dynamic IP ISP, noip.com and dyndns.org among them. You pay them a nominal fee to maintain your DNS. You download a client app that regularly reports in with your current IP. So, if your IP address changes, you're only unavailable for the length of that time period in between updates (5 minutes, half an hour, depending on the service's TOS). I used to host a few websites on my dynamic IP DSL connection with acceptable speed this way. I had a router that only passed port 80 and 22 (so I could maintain the server from outside my network) on to the box. > couple notes ... if a home situation, is there a certainty > of maintaining the same static IP address? otherwise, it's > a moving target > > with asynchronous access protocols (like ADSL), keep in mind > that the home network's upload speed is the download speed > of the port 80 users -- which is just the opposite of what a > web server calls for Daniel Krook, Application Developer, Production Services, ibm.com 1133 Westchester Avenue, White Plains, NY 10604 Tel: (914) 642-4474, Tieline 224-4474 danielk at us.ibm.com Personal: http://info.krook.org/ Persona: http://w3.ibm.com/persona/users/9/0/x/90MC212-P.html From Kbedi at inta.org Thu Jan 8 14:42:48 2004 From: Kbedi at inta.org (Kshitij Bedi) Date: Thu, 8 Jan 2004 14:42:48 -0500 Subject: [nycphp-talk] Maximum Connections Message-ID: What do you think is the Maximum number of simultaneous connections MySQL can handle without breaking down. From jlacey at att.net Thu Jan 8 14:45:33 2004 From: jlacey at att.net (John Lacey) Date: Thu, 08 Jan 2004 12:45:33 -0700 Subject: [nycphp-talk] XAMMP Installation In-Reply-To: References: Message-ID: <3FFDB35D.30006@att.net> Daniel Krook wrote: > > There are quite a few solutions to hosting a site on a dynamic IP ISP, > noip.com and dyndns.org among them. You pay them a nominal fee to maintain > your DNS. You download a client app that regularly reports in with your > current IP. > So, if your IP address changes, you're only unavailable for the length of > that time period in between updates (5 minutes, half an hour, depending on > the service's TOS). interesting, seems that would be an acceptable workaround for a home server setup... I'll file that one away From andrew at digitalpulp.com Thu Jan 8 14:45:16 2004 From: andrew at digitalpulp.com (Andrew Yochum) Date: Thu, 8 Jan 2004 14:45:16 -0500 Subject: [nycphp-talk] Maximum Connections In-Reply-To: References: Message-ID: <20040108194508.GE2655@thighmaster.digitalpulp.com> On Thu, Jan 08, 2004 at 02:42:48PM -0500, Kshitij Bedi wrote: > What do you think is the Maximum number of simultaneous connections MySQL > can handle without breaking down. We've been pushing it over 3000 regularly recently and are currently testing its upper limit. Preliminary tests suggest a limit around 4090, but we suspect it can be pushed higher. This is running on RedHat 8.0, MySQL 4.0.14, RedHat's BigMem kernel on a 4-way Xeon 2.5GHz, hyperthreading on and 12 GB of RAM. Regards, Andrew -- Andrew Yochum Digital Pulp, Inc. 212.679.0676x255 andrew at digitalpulp.com From shiflett at php.net Thu Jan 8 14:53:52 2004 From: shiflett at php.net (Chris Shiflett) Date: Thu, 8 Jan 2004 11:53:52 -0800 (PST) Subject: [nycphp-talk] Maximum Connections In-Reply-To: <20040108194508.GE2655@thighmaster.digitalpulp.com> Message-ID: <20040108195352.71565.qmail@web14302.mail.yahoo.com> --- Andrew Yochum wrote: > We've been pushing it over 3000 regularly recently and are currently > testing its upper limit. Preliminary tests suggest a limit around 4090, > but we suspect it can be pushed higher. This is running on RedHat 8.0, > MySQL 4.0.14, RedHat's BigMem kernel on a 4-way Xeon 2.5GHz, > hyperthreading on and 12 GB of RAM. We have over 2048 constantly on a production machine (due to traffic), and I have the max at 4096 (which we've come close to only during rare peaks). Our hardware is less impressive than Andrew's - a 2-way P4, Red Hat 9, and 4 GB of RAM. Also, for whatever reason, I can only get MySQL to reach this type of performance using MySQL AB's pre-built binaries. I'm sure I'm just not picking all of the right configuration options when I build it myself, but I'd suggest using theirs unless you really know what you're doing (this excludes me). Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jonbaer at jonbaer.net Thu Jan 8 15:12:52 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 8 Jan 2004 15:12:52 -0500 Subject: [nycphp-talk] OT: Health insurance References: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> Message-ID: <007c01c3d623$cde03c10$6400a8c0@thinkpad> Me and my wife are in your boat ... I currently have a handful of projects/hockey/ebay/wireless, she has her small business, and no insurance, I keep coming across this on the subway - http://www.freelancersunion.org and have been looking at it. I just dont want to get sucked into anything and then find a decent fulltime gig ... we are @ the point where both parttime incomes pays the rent but still can't get past the ~$500 per month/each Oxford would like to have ... You probably *save* money doing your own company like phphealthinsurance.com, inc and hiring people just for the benefits :-) Keep me posted. - Jon ----- Original Message ----- From: "Mark Withington" To: "'NYPHP Talk'" Sent: Thursday, January 08, 2004 1:06 PM Subject: [nycphp-talk] OT: Health insurance > Forget about risk pools and actuarial studies. The reason healthcare cost > so much for individuals is because the insurance company can really stick it > to you. Group insurance - by definition - has more leverage cause it's a > bigger chunk of change for the providers to fight over. > > I am in the [very] early stages of exploring group plans and wonder if there > are any other PHP'ers out there who, like me, feverishly type away in their > basement while wearing multiple hats? Netting it out: is there anyone who > would be interested in forming a group so we can go shopping for health > insurance? I'm really tired of writing such a large check each month. > > -------------------------- > Mark L. Withington > PLMresearch > "eBusiness for the Midsize Enterprise" > PO Box 1354 > Plymouth, MA 02362 > o: 800-310-3992 > f: 508-746-4973 > v: 508-746-2383 > m: 508-801-0181 > http://www.PLMresearch.com > Netscape/AOL/MSN IM: PLMresearch > mwithington at plmresearch.com > Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc > Calendar: http://www.plmresearch.com/calendar.php > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jonbaer at jonbaer.net Thu Jan 8 15:13:06 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 8 Jan 2004 15:13:06 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) References: <011101c3d608$53fa7070$6400a8c0@thinkpad> Message-ID: <008001c3d623$d65bb680$6400a8c0@thinkpad> Merci! :-) ----- Original Message ----- From: "Kerem Tuzemen" To: "NYPHP Talk" Sent: Thursday, January 08, 2004 12:49 PM Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > Jon, here are some clues: > > Fichier = File > Feuille = Sheet > Cellule = Cell > Connexion = Connection > Classeur = Folder > Valeur = Value > Enregistrer = Save > Fermer = Close > OuvreLeFichier=OpenFile > EcritDansCellule=WriteInCell > NouvelleValeur = NewValue > RecupereValeurCellule=ReadCellValue > EcritDansCellule=WriteInCell > > Hope this helps. > > O. Kerem Tuzemen > > > > > ----- Original Message ----- > From: "jon baer" > To: "NYPHP Talk" > Sent: Thursday, January 08, 2004 11:56 AM > Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > > > > > > > > Isn't this the page about ExcelRead (which is in English)? > > > http://www.andykhan.com/excelread/index.html > > > > > > > http://www.phpclasses.org/browse.html/package/1069.html > > > > maybe someone can translate the code below into English? not even sure if > it > > works ... > > > > - jon > > > > > class ExcelRead_FR{ > > > > // Les variables : > > var $Fichier; // Le Fichier excel ? lire ! > > var $Feuille; // La Feuille a R?cup?rer ! > > var $Cellule; // La Cellule a lire > > var $IdConnexion; > > var $Classeur; > > > > function OuvreLeFichier($LeDocument){ > > /* Cette fonction Ouvre le document Excel > > * Elle est a appel? apr?s avoir renseigner la variable > > * Fichier. > > * Elle renseigne les variables IdConnexion et Classeur > > */ > > $this->IdConnexion = new com("Excel.Application")or die("Erreur lors de > la > > connexion au fichier excel : $Fichier"); > > $Rep = getcwd(); > > $$LeDocument=$Rep."\\".$$LeDocument; > > $this->Classeur = $this->IdConnexion->WorkBooks->Open($LeDocument) or > > die("Erreur impossible d'ouvrir le classeur"); > > } > > > > function RecupereValeurCellule($feuil, $cell){ > > if (!isset($this->Classeur)){ > > if (!isset($this->Fichier)){ > > return False; > > }else{ > > $this->OuvreLeFichier($this->Fichier); > > } > > } > > $Classeur = $this->Classeur; > > $Feuille = $this->Classeur->Sheets($feuil); > > $SelectedFeuille = $Feuille->Select; > > $Cellule = $Feuille->Range($cell); > > $ValeurCellule = $Cellule->Value; > > return $ValeurCellule; > > } > > > > > > function EcritDansCellule($feuil, $cell, $NouvelleValeur){ > > if (!isset($this->Classeur)){ > > if (!isset($this->Fichier)){ > > return False; > > }else{ > > $this->OuvreLeFichier($this->Fichier); > > } > > } > > $Classeur = $this->Classeur; > > $Feuille = $this->Classeur->Sheets($feuil); > > $SelectedFeuille = $Feuille->Select; > > $Cellule = $Feuille->Range($cell); > > $Cellule->Value = $NouvelleValeur; > > } > > function CellIsEmpty($cell){ > > $Classeur = $this->Classeur; > > $Feuille = $this->Classeur->Sheets($this->Feuille); > > $SelectedFeuille = $Feuille->Select; > > $Cellule = $Feuille->Range($cell); > > if ($Cellule->Value == ""){ > > return true; > > }else{ > > return False; > > } > > } > > > > function CellIsMerged($cell){ > > > > $Classeur = $this->Classeur; > > $Feuille = $this->Classeur->Sheets($this->Feuille); > > $SelectedFeuille = $Feuille->Select; > > $Cellule = $Feuille->Range($cell); > > if ($y = $Cellule->MergeCells){ > > return true; > > }else{ > > return False; > > } > > > > } > > > > function Enregistrer(){ > > $this->Classeur->Save(); > > } > > function Fermer(){ > > //com_release($this->IdConnexion); > > $this->IdConnexion->Quit(); > > $this->IdConnexion = null; > > } > > function RecupereDerniereLigne(){ > > > > } > > } > > > > > > ?> > > > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at enobrev.com Thu Jan 8 15:21:39 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Thu, 8 Jan 2004 15:21:39 -0500 Subject: [nycphp-talk] OT: Health insurance In-Reply-To: <007c01c3d623$cde03c10$6400a8c0@thinkpad> Message-ID: That's the link I was looking for. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of jon baer Sent: Thursday, January 08, 2004 3:13 PM To: NYPHP Talk Subject: Re: [nycphp-talk] OT: Health insurance Me and my wife are in your boat ... I currently have a handful of projects/hockey/ebay/wireless, she has her small business, and no insurance, I keep coming across this on the subway - http://www.freelancersunion.org and have been looking at it. I just dont want to get sucked into anything and then find a decent fulltime gig ... we are @ the point where both parttime incomes pays the rent but still can't get past the ~$500 per month/each Oxford would like to have ... You probably *save* money doing your own company like phphealthinsurance.com, inc and hiring people just for the benefits :-) Keep me posted. - Jon ----- Original Message ----- From: "Mark Withington" To: "'NYPHP Talk'" Sent: Thursday, January 08, 2004 1:06 PM Subject: [nycphp-talk] OT: Health insurance > Forget about risk pools and actuarial studies. The reason healthcare > cost so much for individuals is because the insurance company can > really stick it > to you. Group insurance - by definition - has more leverage cause > it's a bigger chunk of change for the providers to fight over. > > I am in the [very] early stages of exploring group plans and wonder if there > are any other PHP'ers out there who, like me, feverishly type away in their > basement while wearing multiple hats? Netting it out: is there anyone > who would be interested in forming a group so we can go shopping for > health insurance? I'm really tired of writing such a large check each month. > > -------------------------- > Mark L. Withington > PLMresearch > "eBusiness for the Midsize Enterprise" > PO Box 1354 > Plymouth, MA 02362 > o: 800-310-3992 > f: 508-746-4973 > v: 508-746-2383 > m: 508-801-0181 > http://www.PLMresearch.com > Netscape/AOL/MSN IM: PLMresearch > mwithington at plmresearch.com > Public Key: http://www.PLMresearch.com/html/MLW_public_key.asc > Calendar: http://www.plmresearch.com/calendar.php > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jonbaer at jonbaer.net Thu Jan 8 15:41:32 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 8 Jan 2004 15:41:32 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) References: <011101c3d608$53fa7070$6400a8c0@thinkpad> <008001c3d623$d65bb680$6400a8c0@thinkpad> Message-ID: <009a01c3d627$cf1e8ba0$6400a8c0@thinkpad> well ... it works pretty smoothly ... in fact I didn't really need that class, just needed to refresh up on COM functions in PHP ... http://us3.php.net/com @ the bottom there is a nice Excel example ... so natively on Linux using COM would probably have to be complex + deal with WINE i suppose, something my ISP most likely wont allow me to install. - jon ----- Original Message ----- From: "jon baer" To: "NYPHP Talk" Sent: Thursday, January 08, 2004 3:13 PM Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > Merci! > > :-) > > ----- Original Message ----- > From: "Kerem Tuzemen" > To: "NYPHP Talk" > Sent: Thursday, January 08, 2004 12:49 PM > Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > > > > Jon, here are some clues: > > > > Fichier = File > > Feuille = Sheet > > Cellule = Cell > > Connexion = Connection > > Classeur = Folder > > Valeur = Value > > Enregistrer = Save > > Fermer = Close > > OuvreLeFichier=OpenFile > > EcritDansCellule=WriteInCell > > NouvelleValeur = NewValue > > RecupereValeurCellule=ReadCellValue > > EcritDansCellule=WriteInCell > > > > Hope this helps. > > > > O. Kerem Tuzemen > > > > > > > > > > ----- Original Message ----- > > From: "jon baer" > > To: "NYPHP Talk" > > Sent: Thursday, January 08, 2004 11:56 AM > > Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > > > > > > > > > > > > Isn't this the page about ExcelRead (which is in English)? > > > > http://www.andykhan.com/excelread/index.html > > > > > > > > > > http://www.phpclasses.org/browse.html/package/1069.html > > > > > > maybe someone can translate the code below into English? not even sure > if > > it > > > works ... > > > > > > - jon > > > > > > > > class ExcelRead_FR{ > > > > > > // Les variables : > > > var $Fichier; // Le Fichier excel ? lire ! > > > var $Feuille; // La Feuille a R?cup?rer ! > > > var $Cellule; // La Cellule a lire > > > var $IdConnexion; > > > var $Classeur; > > > > > > function OuvreLeFichier($LeDocument){ > > > /* Cette fonction Ouvre le document Excel > > > * Elle est a appel? apr?s avoir renseigner la variable > > > * Fichier. > > > * Elle renseigne les variables IdConnexion et Classeur > > > */ > > > $this->IdConnexion = new com("Excel.Application")or die("Erreur lors de > > la > > > connexion au fichier excel : $Fichier"); > > > $Rep = getcwd(); > > > $$LeDocument=$Rep."\\".$$LeDocument; > > > $this->Classeur = $this->IdConnexion->WorkBooks->Open($LeDocument) or > > > die("Erreur impossible d'ouvrir le classeur"); > > > } > > > > > > function RecupereValeurCellule($feuil, $cell){ > > > if (!isset($this->Classeur)){ > > > if (!isset($this->Fichier)){ > > > return False; > > > }else{ > > > $this->OuvreLeFichier($this->Fichier); > > > } > > > } > > > $Classeur = $this->Classeur; > > > $Feuille = $this->Classeur->Sheets($feuil); > > > $SelectedFeuille = $Feuille->Select; > > > $Cellule = $Feuille->Range($cell); > > > $ValeurCellule = $Cellule->Value; > > > return $ValeurCellule; > > > } > > > > > > > > > function EcritDansCellule($feuil, $cell, $NouvelleValeur){ > > > if (!isset($this->Classeur)){ > > > if (!isset($this->Fichier)){ > > > return False; > > > }else{ > > > $this->OuvreLeFichier($this->Fichier); > > > } > > > } > > > $Classeur = $this->Classeur; > > > $Feuille = $this->Classeur->Sheets($feuil); > > > $SelectedFeuille = $Feuille->Select; > > > $Cellule = $Feuille->Range($cell); > > > $Cellule->Value = $NouvelleValeur; > > > } > > > function CellIsEmpty($cell){ > > > $Classeur = $this->Classeur; > > > $Feuille = $this->Classeur->Sheets($this->Feuille); > > > $SelectedFeuille = $Feuille->Select; > > > $Cellule = $Feuille->Range($cell); > > > if ($Cellule->Value == ""){ > > > return true; > > > }else{ > > > return False; > > > } > > > } > > > > > > function CellIsMerged($cell){ > > > > > > $Classeur = $this->Classeur; > > > $Feuille = $this->Classeur->Sheets($this->Feuille); > > > $SelectedFeuille = $Feuille->Select; > > > $Cellule = $Feuille->Range($cell); > > > if ($y = $Cellule->MergeCells){ > > > return true; > > > }else{ > > > return False; > > > } > > > > > > } > > > > > > function Enregistrer(){ > > > $this->Classeur->Save(); > > > } > > > function Fermer(){ > > > //com_release($this->IdConnexion); > > > $this->IdConnexion->Quit(); > > > $this->IdConnexion = null; > > > } > > > function RecupereDerniereLigne(){ > > > > > > } > > > } > > > > > > > > > ?> > > > > > > > > > > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From dmintz at davidmintz.org Thu Jan 8 16:07:20 2004 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 8 Jan 2004 16:07:20 -0500 (EST) Subject: [nycphp-talk] XAMMP Installation In-Reply-To: <3FFD9C5C.6050600@att.net> References: <3FFCCED9.2030509@optonline.net> <3FFCE36A.9060309@att.net> <3FFD9C5C.6050600@att.net> Message-ID: This is about what I expected to hear. As it stands now, my friend's box is connected to the net with dynamic IP and no firewall, gateway/router, or anything. If I can't get him to lay out a little cash for a router then I guess the next best thing would be ZoneAlarm or the like, and explicitly open only his http port. XAMMP thus installed, it seems, wouldn't make his security any worse than it is now and possibly better (-: His ISP probably blocks its customers' port 80 but you can circumvent that by attaching Apache to some non-standard port and using a service like dnydns.org which offers "web-hopping," i.e., forwards http requests to the port you specify. I recall reading that register_globals is on and mysql is passwordless, That shouldn't be too hard to remedy (-: On Thu, 8 Jan 2004, John Lacey wrote: > > > Chris Hubbard wrote: > > David, > > I've got a similar set up at home, but using XP instead. > > > > If the box is connected directly to the internet, then it's going to get > > hit by a lot of stuff, trying to hack it. My personal recommendation is > > to buy a small netgear router that supports NAT and port-forwarding. > > these routers have a nice web interface where you can block all ports > > except for 80, and then set up port forwarding from the router (which > > will have the static ip) to the W2K box. With this configuration the > > box is pretty tight. > > You'll run into trouble with each port you open, mail, ftp, etc. so > > it's best, if you can do it, to just have 80 open. > > chris > > couple notes ... if a home situation, is there a certainty > of maintaining the same static IP address? otherwise, it's > a moving target > > with asynchronous access protocols (like ADSL), keep in mind > that the home network's upload speed is the download speed > of the port 80 users -- which is just the opposite of what a > web server calls for > > NATing the external address without any other protections > still gives outsiders pass-thru access to the internal > address (usually the 192.168.0.0 variety) > > > > On Jan 8, 2004, at 9:21 AM, David Mintz wrote: > > > >> > >> I am thinking I might like to set this up for a friend but this would be > >> for semi-production, if you will. That is, he would be serving to the > >> world off his home machine but not to mass audiences, just for a personal > >> site. Question is, is there a how-to or something somewhere that lists > >> the > >> security steps to be taken to make this reasonably safe, or I am > >> insane to > >> dare think of it? He's running Win2K. > >> > > as their website says, the default XAMPP install is > inherently insecure, for good reason since it's meant to be > wide-open for development purposes (e.g. MySQL has no > password and register globals is on) -- so beware --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From spot at deviantart.com Thu Jan 8 16:12:19 2004 From: spot at deviantart.com (Spot) Date: Thu, 8 Jan 2004 15:12:19 -0600 Subject: [nycphp-talk] Anyone having ssl problems with Verisign today? In-Reply-To: Message-ID: <005401c3d62c$19ca0180$5a01a8c0@spot> Well, that's par for Verisign's customer service track record. Very sad. Thanks for the update. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of DeWitt, Michael Sent: Thursday, January 08, 2004 12:57 PM To: 'NYPHP Talk' Subject: RE: [nycphp-talk] Anyone having ssl problems with Verisign today? After 1 1/2 hours, I finally got through to Verisign. They have two major issues. The certificate revocation list servers are down (their crl file is corrupt which may or may not be related, get it here when it's good at http://www.verisign.com/repository/crl.html ) with no ETA and their CA intermediate file has expired. You can get a new intermediate.crt from https://www.verisign.com/support/site/caReplacement.html They have no plans to make the status of the crl servers known on their website. That's service for ya! Michael DeWitt "Smile, your on my camera" > -----Original Message----- > From: DeWitt, Michael > Sent: Thursday, January 08, 2004 12:41 PM > To: 'NYPHP Talk' > Subject: [nycphp-talk] Anyone having ssl problems with Verisign today? > > We are noticing ssl errors for IE browsers configured with > > Check for server certificate revocation (requires restart). > > I have been on hold with Verign for about 1/2 hour so far, and testing > some big commercial shopping carts seems to show the same thing. > > Can anyone else confirm this? > > Michael DeWitt > "Smile, your on my camera" > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dmintz at davidmintz.org Thu Jan 8 16:14:10 2004 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 8 Jan 2004 16:14:10 -0500 (EST) Subject: [nycphp-talk] OT: Health insurance In-Reply-To: <3FFD9DEE.6040005@att.net> References: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> <3FFD9DEE.6040005@att.net> Message-ID: On Thu, 8 Jan 2004, John Lacey wrote: > > on a bumpersticker... > > "Think Health insurance is expensive now? > ... just wait 'til it's free. Who hands those out, the Heritage Foundation? --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From mjdewitt at alexcommgrp.com Thu Jan 8 16:26:34 2004 From: mjdewitt at alexcommgrp.com (DeWitt, Michael) Date: Thu, 8 Jan 2004 16:26:34 -0500 Subject: [nycphp-talk] Anyone having ssl problems with Verisign today? Message-ID: This issue has finally been Slashdotted -- http://slashdot.org/articles/04/01/08/1849245.shtml?tid=126&tid=128&tid=172& tid=95 Mike From dmintz at davidmintz.org Thu Jan 8 17:27:47 2004 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 8 Jan 2004 17:27:47 -0500 (EST) Subject: [nycphp-talk] parse error... huh? In-Reply-To: References: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> <3FFD9DEE.6040005@att.net> Message-ID: "Parse error: ... unexpected '[', expecting T_PAAMAYIM_NEKUDOTAYIM..." I've sometimes wondered what T_PAAMAYIM_NEKUDOTAYIM means (-: --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From nyphp at websapp.com Thu Jan 8 17:36:13 2004 From: nyphp at websapp.com (Daniel Kushner) Date: Thu, 8 Jan 2004 17:36:13 -0500 Subject: [nycphp-talk] parse error... huh? In-Reply-To: Message-ID: Means this :: (double colon) > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of David Mintz > Sent: Thursday, January 08, 2004 5:28 PM > To: NYPHP Talk > Subject: [nycphp-talk] parse error... huh? > > > > "Parse error: ... unexpected '[', expecting T_PAAMAYIM_NEKUDOTAYIM..." > > I've sometimes wondered what T_PAAMAYIM_NEKUDOTAYIM means (-: > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Thu Jan 8 17:35:12 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 8 Jan 2004 17:35:12 -0500 Subject: [nycphp-talk] parse error... huh? In-Reply-To: Message-ID: <000d01c3d637$aeaa0830$bf8d3818@oberon1> David Mintz writes: " I've sometimes wondered what T_PAAMAYIM_NEKUDOTAYIM means (-:" from http://computingnews.com/article/php.version4/19 "Yeah, it's Hebrew for 'a pair of colons' :)" T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From webmaster at localnotion.com Thu Jan 8 17:58:35 2004 From: webmaster at localnotion.com (webmaster at localnotion.com) Date: Thu, 8 Jan 2004 17:58:35 -0500 Subject: [nycphp-talk] Anyone having ssl problems with Verisign today? In-Reply-To: References: Message-ID: <302CC9B7-422E-11D8-88C1-0003938BDF32@localnotion.com> I'm not sure if this is related or not. . . http://www.internetnews.com/ec-news/article.php/3294021 On Jan 8, 2004, at 12:41 PM, DeWitt, Michael wrote: > We are noticing ssl errors for IE browsers configured with > > Check for server certificate revocation (requires restart). > > I have been on hold with Verign for about 1/2 hour so far, and testing > some > big commercial shopping carts seems to show the same thing. > > Can anyone else confirm this? > > Michael DeWitt > "Smile, your on my camera" > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From shiflett at php.net Thu Jan 8 18:23:38 2004 From: shiflett at php.net (Chris Shiflett) Date: Thu, 8 Jan 2004 15:23:38 -0800 (PST) Subject: [nycphp-talk] Anyone having ssl problems with Verisign today? In-Reply-To: <302CC9B7-422E-11D8-88C1-0003938BDF32@localnotion.com> Message-ID: <20040108232338.98922.qmail@web14303.mail.yahoo.com> --- webmaster at localnotion.com wrote: > I'm not sure if this is related or not. . . > > http://www.internetnews.com/ec-news/article.php/3294021 There's also the Slashdot story, in case no one has mentioned it: http://slashdot.org/article.pl?sid=04/01/08/1849245&mode=thread&tid=126&tid=128&tid=172&tid=95 Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From joel at tagword.com Thu Jan 8 18:42:26 2004 From: joel at tagword.com (Joel De Gan) Date: Thu, 08 Jan 2004 18:42:26 -0500 Subject: [nycphp-talk] php ncurses based mysql process watcher.. (preview) Message-ID: <1073605346.2767.40.camel@bezel> I built a mysql process watcher in PHP using ncurses. Screenshots here: http://soulreactor.com/mview/ I am interested in any ideas or things that can/could be added, i.e. things you might find useful when monitoring your mysql servers, or Algorithms used to compute meaningful data about the state of the server etc.. No source released yet until I get the go ahead from work to opensource it. My proposal is in, so hopefully not long. Some points: - 100% dynamically resizeable depending on terminal size - entire project done in php - makes use of termgraph code I wrote for another app (termgraph code here: http://lucifer.intercosmos.net/index.php?view=textgraph ) - graphs are updated default of once per second, this can be changed by pressing number keys for different refresh rates. - This is also a follow-up to a tutorial I wrote for Zend (Zend tutorial on using ncurses with PHP: http://www.zend.com/zend/tut/tut-degan.php ) Cheers -- joeldg - developer, Intercosmos media group. http://lucifer.intercosmos.net From wiw at nyc.rr.com Thu Jan 8 19:54:57 2004 From: wiw at nyc.rr.com (Bill Wolf) Date: Thu, 8 Jan 2004 19:54:57 -0500 Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <20040108210726.B65DEA862D@virtu.nyphp.org> Message-ID: <200401090054.i090svtu016027@nycsmtp4out-eri0.rdc-nyc.rr.com> I'd like to add a feature to a site for a user (a musician) to be able to easily update a list of his upcoming gigs on one of the pages on his site. He's pretty unsophisticated when it comes to computers. Are there any open source packages that are simple to setup and very simple to use that do this kind of thing? Thanks -Bill From dmintz at davidmintz.org Thu Jan 8 23:14:56 2004 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 8 Jan 2004 23:14:56 -0500 (EST) Subject: [nycphp-talk] parse error... huh? In-Reply-To: <000d01c3d637$aeaa0830$bf8d3818@oberon1> References: <000d01c3d637$aeaa0830$bf8d3818@oberon1> Message-ID: Well I'll be damned. I thought you were kidding! (Shame on me for not Googling) On Thu, 8 Jan 2004, Tim Gales wrote: > David Mintz writes: > " I've sometimes wondered what T_PAAMAYIM_NEKUDOTAYIM means (-:" > > from http://computingnews.com/article/php.version4/19 > > "Yeah, it's Hebrew for 'a pair of colons' :)" --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From adam at trachtenberg.com Fri Jan 9 01:45:27 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Fri, 9 Jan 2004 01:45:27 -0500 (EST) Subject: [nycphp-talk] parse error... huh? In-Reply-To: References: <1F3CD8DDFB6A9B4C9B8DD06E4A7DE3588A5ED5@network.PLMresearch.com> <3FFD9DEE.6040005@att.net> Message-ID: On Thu, 8 Jan 2004, David Mintz wrote: > "Parse error: ... unexpected '[', expecting T_PAAMAYIM_NEKUDOTAYIM..." > > I've sometimes wondered what T_PAAMAYIM_NEKUDOTAYIM means (-: PHP Cookbook Recipe 7.7. :) -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From joshmccormack at travelersdiary.com Fri Jan 9 09:21:51 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Fri, 9 Jan 2004 08:21:51 -0600 (CST) Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <200401090054.i090svtu016027@nycsmtp4out-eri0.rdc-nyc.rr.com> Message-ID: I've done things like this a couple of ways. One was for a radio show producer who wanted a long list of radio stations and times for the show he produced updated on the site all the time. He kept the info in Excel. You can save Excel as an HTML fragment (no opening or closing), so I had him do that, upload it through a form, and used it as an include. Alternately, you could just have a password protected form where he could edit a text file. Josh On Thu, 8 Jan 2004, Bill Wolf wrote: > I'd like to add a feature to a site for a user (a musician) to be able to > easily update a list of his upcoming gigs on one of the pages on his site. > > He's pretty unsophisticated when it comes to computers. Are there any open > source packages that are simple to setup and very simple to use that do this > kind of thing? > > Thanks > -Bill > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From Keith.Richardson at thompsonhealth.com Fri Jan 9 09:44:56 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Fri, 9 Jan 2004 09:44:56 -0500 Subject: [nycphp-talk] Q) seeking an End User feature... Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B298@ffth-exc01.thompsonhealth.org> I would write a basic php script - one page for adding/deleting/editing the gigs, and one for displaying. the one for adding/deleting/editing is password protected. if there is a mysql database, you would just have a timestamp for the date/time of the gig, a length of time field (if he wants), the name of the gig (if any) and where he is playing, and maybe a description field to say what hes playing or any notes he wants to share with the people, say setlists. something like this would be very easy to write, if they have php and mysql on the server. im sure it would be easy if there is just php. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Bill Wolf Sent: Thursday, January 08, 2004 7:55 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] Q) seeking an End User feature... I'd like to add a feature to a site for a user (a musician) to be able to easily update a list of his upcoming gigs on one of the pages on his site. He's pretty unsophisticated when it comes to computers. Are there any open source packages that are simple to setup and very simple to use that do this kind of thing? Thanks -Bill _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From mz34 at nyu.edu Fri Jan 9 10:23:52 2004 From: mz34 at nyu.edu (Matthew Zimmerman) Date: Fri, 9 Jan 2004 10:23:52 -0500 Subject: [nycphp-talk] Database Relation Question In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B298@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B298@ffth-exc01.thompsonhealth.org> Message-ID: Is it considered good database design to have two tables related to each other through more than one field. What I means is I have two tables. One is called "movies" and one is called "people". Movies has some fields like "director, producer, cinematographer". People is just a list of people "first_name, last_name, etc." Is it ok for movies to relate to people via "director" and "producer" and "cinematographer" or is it better to create a "producer" table to related to producer, "director" table to relate to director, etc. I have a feeling I am doing it the right way just having a "people" table but I wasn't sure if this would cause any query problems down the line. Thanks for your help. I am not sure if I used all of the proper terminology here so I can rephrase the question if needed. Matt From Keith.Richardson at thompsonhealth.com Fri Jan 9 10:23:09 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Fri, 9 Jan 2004 10:23:09 -0500 Subject: [nycphp-talk] Database Relation Question Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B299@ffth-exc01.thompsonhealth.org> I would personally have a table of people. Then have a table of say peopletypes, which would be producer, director, acter, etc then in the people list, they have a peopletypeid, which is the unique id of the peopletype that is in the other list -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Matthew Zimmerman Sent: Friday, January 09, 2004 10:24 AM To: NYPHP Talk Subject: [nycphp-talk] Database Relation Question Is it considered good database design to have two tables related to each other through more than one field. What I means is I have two tables. One is called "movies" and one is called "people". Movies has some fields like "director, producer, cinematographer". People is just a list of people "first_name, last_name, etc." Is it ok for movies to relate to people via "director" and "producer" and "cinematographer" or is it better to create a "producer" table to related to producer, "director" table to relate to director, etc. I have a feeling I am doing it the right way just having a "people" table but I wasn't sure if this would cause any query problems down the line. Thanks for your help. I am not sure if I used all of the proper terminology here so I can rephrase the question if needed. Matt _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From greg at mbwpartners.net Fri Jan 9 10:31:15 2004 From: greg at mbwpartners.net (Greg Wilson) Date: Fri, 09 Jan 2004 10:31:15 -0500 Subject: [nycphp-talk] Database Relation Question In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B299@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B299@ffth-exc01.thompsonhealth.org> Message-ID: <1073662275.20055.2.camel@banner> how about: a table of people - id, firstname, lastname, etc a table of movies - id, title, etc a table of roletypes - director, producer, actor, cinematographer, etc and a table relating people to movies based on roles - movie_id, people_id, roletypeid greg On Fri, 2004-01-09 at 10:23, Keith J Richardson wrote: > I would personally have a table of people. Then have a table of say peopletypes, which would be producer, director, acter, etc > > then in the people list, they have a peopletypeid, which is the unique id of the peopletype that is in the other list > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Matthew Zimmerman > Sent: Friday, January 09, 2004 10:24 AM > To: NYPHP Talk > Subject: [nycphp-talk] Database Relation Question > > > Is it considered good database design to have two tables related to > each other through more than one field. > > What I means is I have two tables. One is called "movies" and one is > called "people". > > Movies has some fields like "director, producer, cinematographer". > People is just a list of people "first_name, last_name, etc." > > Is it ok for movies to relate to people via "director" and "producer" > and "cinematographer" or is it better to create a "producer" table to > related to producer, "director" table to relate to director, etc. > > I have a feeling I am doing it the right way just having a "people" > table but I wasn't sure if this would cause any query problems down the > line. > > Thanks for your help. I am not sure if I used all of the proper > terminology here so I can rephrase the question if needed. > > Matt > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From james at surgam.net Fri Jan 9 11:16:40 2004 From: james at surgam.net (James Wetterau) Date: Fri, 09 Jan 2004 11:16:40 -0500 Subject: [nycphp-talk] Database Relation Question Message-ID: <200401091616.i09GGeM10462@panix1.panix.com> Greg Wilson says: > how about: > > a table of people > - id, firstname, lastname, etc > > a table of movies > - id, title, etc > > a table of roletypes > - director, producer, actor, cinematographer, etc > > and a table relating people to movies based on roles > - movie_id, people_id, roletypeid .... I agree, and I would like to mention that this can be deduced from the first principal of normalization, if you look at it right. Each of those people is in some sense a "repeating" or "duplicative" column, in that you could have arbitrarily many people listed, depending on how many roles you wanted to track. One purpose of the rules of normalization is that by following them you can expand the information you track without altering your database schema or tables. If you wanted to add "screenwriter" or "best boy" or "gaffer" or "sound editor" later, under the original schema you'd have to alter the tables. If you simply create a role table and a mapping or association table that relates movies, people and roles, as Greg Wilson proposed, then you can add new data later without altering the schema. The other point about using id's comes straight from second normal bform, and it helps make changes or corrections to data simple, improves storage efficiency, and eliminates redundancy (in the bad sense of redundancy). I'd recommend learning about 1st, 2nd and 3rd normal forms and thinking about them a bit. If you intend to design a large database, it may make sense to learn about 4th and 5th normal forms, and for cases where denormalization also makes sense. In this case, the database is simple enough that after taking care to get to 2nd normal forms (they are cumulative, so if you're in 2nd NF, you're also in 1st) you have no further issues of concern, as far as I can tell. Here's a pretty simple web reference I found in a quick search: http://www.gslis.utexas.edu/~l384k11w/normover.html > On Fri, 2004-01-09 at 10:23, Keith J Richardson wrote: > > I would personally have a table of people. Then have a table of say peoplet ypes, which would be producer, director, acter, etc > > > > then in the people list, they have a peopletypeid, which is the unique id o f the peopletype that is in the other list > > > > -----Original Message----- > > From: talk-bounces at lists.nyphp.org > > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Matthew Zimmerman > > Sent: Friday, January 09, 2004 10:24 AM > > To: NYPHP Talk > > Subject: [nycphp-talk] Database Relation Question > > > > > > Is it considered good database design to have two tables related to > > each other through more than one field. > > > > What I means is I have two tables. One is called "movies" and one is > > called "people". > > > > Movies has some fields like "director, producer, cinematographer". > > People is just a list of people "first_name, last_name, etc." > > > > Is it ok for movies to relate to people via "director" and "producer" > > and "cinematographer" or is it better to create a "producer" table to > > related to producer, "director" table to relate to director, etc. > > > > I have a feeling I am doing it the right way just having a "people" > > table but I wasn't sure if this would cause any query problems down the > > line. > > > > Thanks for your help. I am not sure if I used all of the proper > > terminology here so I can rephrase the question if needed. > > > > Matt > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Fri Jan 9 11:25:52 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 9 Jan 2004 11:25:52 -0500 Subject: [nycphp-talk] Database Relation Question In-Reply-To: <200401091616.i09GGeM10462@panix1.panix.com> Message-ID: <001101c3d6cd$40ebc9a0$bf8d3818@oberon1> James Wetterau writes: " I'd recommend learning about 1st, 2nd and 3rd normal forms and thinking about them a bit. If you intend to design a large database..." Then you can swear that in all databases you design you will use: "the key, the whole key, and nothing but the key so help Codd..." T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From ejp at well.com Fri Jan 9 11:29:06 2004 From: ejp at well.com (Edward Potter) Date: Fri, 9 Jan 2004 11:29:06 -0500 Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <200401090054.i090svtu016027@nycsmtp4out-eri0.rdc-nyc.rr.com> References: <200401090054.i090svtu016027@nycsmtp4out-eri0.rdc-nyc.rr.com> Message-ID: I have not used it yet, but lots of people seem to like it: Contribute, Macromedia "Allow individuals and teams to update web content while maintaining site integrity" http://macromedia.com/software/contribute/? promoid=home_prod_contribute_082403 - ed On Jan 8, 2004, at 7:54 PM, Bill Wolf wrote: > I'd like to add a feature to a site for a user (a musician) to be able > to > easily update a list of his upcoming gigs on one of the pages on his > site. > > He's pretty unsophisticated when it comes to computers. Are there any > open > source packages that are simple to setup and very simple to use that > do this > kind of thing? > > Thanks > -Bill > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > //----------------------------------------- http://mygoo.typepad.com http://mygoo.typepad.com/coder From Keith.Richardson at thompsonhealth.com Fri Jan 9 11:27:25 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Fri, 9 Jan 2004 11:27:25 -0500 Subject: [nycphp-talk] Database Relation Question Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745E34C@ffth-exc01.thompsonhealth.org> having that 3rd table does make sense, if the people are duplicated from the different movies. then you can link them all together, and not have to have duplicates. roles are linked back to movies, and then the roles then connect to the person, and what they did, since they can change. I would have ended up having to create that 3rd table while developing it, since I would have caught it then. I am more of a develop it and modify it as im going along, rather than sitting down and developing the idea and it on paper firsthand. You never know when you are writing the form, or when testing it, if you really did need that other field, or another way to store data. I cant say that I know everything, but one thing I do love about working with PHP, is that ever project you perfect your skills more and more, and always learn something. I love this list because I can read what other people would do in the same situation, and then it opens my mind up to see other peoples ways of doing things, and then assimilating the better ideas :P I will go over the relational database docs, since I never really learned much on relational databases, since the only coding instruction that I have had did use flat files for data storage, which you just had to make sure your records(pascal)/classes would fit the data and point to the proper things nicely. Thanks for the tips you all! -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of James Wetterau Sent: Friday, January 09, 2004 11:17 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Database Relation Question Greg Wilson says: > how about: > > a table of people > - id, firstname, lastname, etc > > a table of movies > - id, title, etc > > a table of roletypes > - director, producer, actor, cinematographer, etc > > and a table relating people to movies based on roles > - movie_id, people_id, roletypeid .... I agree, and I would like to mention that this can be deduced from the first principal of normalization, if you look at it right. Each of those people is in some sense a "repeating" or "duplicative" column, in that you could have arbitrarily many people listed, depending on how many roles you wanted to track. One purpose of the rules of normalization is that by following them you can expand the information you track without altering your database schema or tables. If you wanted to add "screenwriter" or "best boy" or "gaffer" or "sound editor" later, under the original schema you'd have to alter the tables. If you simply create a role table and a mapping or association table that relates movies, people and roles, as Greg Wilson proposed, then you can add new data later without altering the schema. The other point about using id's comes straight from second normal bform, and it helps make changes or corrections to data simple, improves storage efficiency, and eliminates redundancy (in the bad sense of redundancy). I'd recommend learning about 1st, 2nd and 3rd normal forms and thinking about them a bit. If you intend to design a large database, it may make sense to learn about 4th and 5th normal forms, and for cases where denormalization also makes sense. In this case, the database is simple enough that after taking care to get to 2nd normal forms (they are cumulative, so if you're in 2nd NF, you're also in 1st) you have no further issues of concern, as far as I can tell. Here's a pretty simple web reference I found in a quick search: http://www.gslis.utexas.edu/~l384k11w/normover.html > On Fri, 2004-01-09 at 10:23, Keith J Richardson wrote: > > I would personally have a table of people. Then have a table of say peoplet ypes, which would be producer, director, acter, etc > > > > then in the people list, they have a peopletypeid, which is the unique id o f the peopletype that is in the other list > > > > -----Original Message----- > > From: talk-bounces at lists.nyphp.org > > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Matthew Zimmerman > > Sent: Friday, January 09, 2004 10:24 AM > > To: NYPHP Talk > > Subject: [nycphp-talk] Database Relation Question > > > > > > Is it considered good database design to have two tables related to > > each other through more than one field. > > > > What I means is I have two tables. One is called "movies" and one is > > called "people". > > > > Movies has some fields like "director, producer, cinematographer". > > People is just a list of people "first_name, last_name, etc." > > > > Is it ok for movies to relate to people via "director" and "producer" > > and "cinematographer" or is it better to create a "producer" table to > > related to producer, "director" table to relate to director, etc. > > > > I have a feeling I am doing it the right way just having a "people" > > table but I wasn't sure if this would cause any query problems down the > > line. > > > > Thanks for your help. I am not sure if I used all of the proper > > terminology here so I can rephrase the question if needed. > > > > Matt > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jlacey at att.net Fri Jan 9 11:31:38 2004 From: jlacey at att.net (John Lacey) Date: Fri, 09 Jan 2004 09:31:38 -0700 Subject: [nycphp-talk] Database Relation Question In-Reply-To: <200401091616.i09GGeM10462@panix1.panix.com> References: <200401091616.i09GGeM10462@panix1.panix.com> Message-ID: <3FFED76A.6050407@att.net> if you google "understanding normalization hernandez" you'll find a very good .pdf (about 300KB) hth, John From Keith.Richardson at thompsonhealth.com Fri Jan 9 11:29:34 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Fri, 9 Jan 2004 11:29:34 -0500 Subject: [nycphp-talk] Q) seeking an End User feature... Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B29B@ffth-exc01.thompsonhealth.org> With contribute, they have the ability to wysiwyg edit html pages, and you can set locked regions. The person would have to have working knowledge of web-page design to keep up these pages, or just working knowledge of putting together tables in word/excel. Our marketing department is looking at this for other departments to update their own stuff on our company website, since its all static documents on there :/ If he was looking for something searchable, a database w/ dynamic pages would be the best bet -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Edward Potter Sent: Friday, January 09, 2004 11:29 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Q) seeking an End User feature... I have not used it yet, but lots of people seem to like it: Contribute, Macromedia "Allow individuals and teams to update web content while maintaining site integrity" http://macromedia.com/software/contribute/? promoid=home_prod_contribute_082403 - ed On Jan 8, 2004, at 7:54 PM, Bill Wolf wrote: > I'd like to add a feature to a site for a user (a musician) to be able > to > easily update a list of his upcoming gigs on one of the pages on his > site. > > He's pretty unsophisticated when it comes to computers. Are there any > open > source packages that are simple to setup and very simple to use that > do this > kind of thing? > > Thanks > -Bill > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > //----------------------------------------- http://mygoo.typepad.com http://mygoo.typepad.com/coder _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jonbaer at jonbaer.net Fri Jan 9 11:45:02 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 9 Jan 2004 11:45:02 -0500 Subject: [nycphp-talk] Database Relation Question (Sets,Enum) References: <05F6C3B4CA00D7419D1708F36A9F7745B299@ffth-exc01.thompsonhealth.org> <1073662275.20055.2.camel@banner> Message-ID: <002901c3d6cf$efb189f0$6400a8c0@thinkpad> i have a related question to the topic ... when is it good to ever use a set/enum in MySQL? I recently had the option of doing a complete admin in phpmyadmin where I really did not want to insert a new row using ID keys of 1,2,3,4 vs. "Forward","Defense","Goalie" ... I chose to create a table "position" but the queries really would have been the same ... is there ever an optimized reason to use a set/enum against another table? (this is presuming the entire site is 'english' and not i18n-based) ... id personally choose ease of editing if the database is small ... - jon From tgales at tgaconnect.com Fri Jan 9 11:27:57 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 9 Jan 2004 11:27:57 -0500 Subject: [nycphp-talk] Database Relation Question In-Reply-To: <001101c3d6cd$40ebc9a0$bf8d3818@oberon1> Message-ID: <001201c3d6cd$8cfdd130$bf8d3818@oberon1> er that was supposed to be: "the key, the whole key, and nothing but the key so help you Codd..." T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From mz34 at nyu.edu Fri Jan 9 11:51:09 2004 From: mz34 at nyu.edu (Matthew Zimmerman) Date: Fri, 9 Jan 2004 11:51:09 -0500 Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B29B@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B29B@ffth-exc01.thompsonhealth.org> Message-ID: <0637ED61-42C4-11D8-A6C3-000A95CCDD2C@nyu.edu> thanks for all the great responses!! On Jan 9, 2004, at 11:29 AM, Keith J Richardson wrote: > > With contribute, they have the ability to wysiwyg edit html pages, and > you can set locked regions. The person would have to have working > knowledge of web-page design to keep up these pages, or just working > knowledge of putting together tables in word/excel. Our marketing > department is looking at this for other departments to update their > own stuff on our company website, since its all static documents on > there :/ > > If he was looking for something searchable, a database w/ dynamic > pages would be the best bet > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Edward Potter > Sent: Friday, January 09, 2004 11:29 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Q) seeking an End User feature... > > > I have not used it yet, but lots of people seem to like it: > Contribute, Macromedia > > "Allow individuals and teams to update web content while maintaining > site integrity" > http://macromedia.com/software/contribute/? > promoid=home_prod_contribute_082403 > > - ed > > > > > On Jan 8, 2004, at 7:54 PM, Bill Wolf wrote: > >> I'd like to add a feature to a site for a user (a musician) to be able >> to >> easily update a list of his upcoming gigs on one of the pages on his >> site. >> >> He's pretty unsophisticated when it comes to computers. Are there any >> open >> source packages that are simple to setup and very simple to use that >> do this >> kind of thing? >> >> Thanks >> -Bill >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> >> > > //----------------------------------------- > http://mygoo.typepad.com > http://mygoo.typepad.com/coder > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > MZ _________________ Matthew Zimmerman Humanities Computing Group, NYU Tel: 212.998.3038 Fax: 212.995.4120 From chubbard at next-online.net Fri Jan 9 11:52:35 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Fri, 9 Jan 2004 08:52:35 -0800 Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B29B@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B29B@ffth-exc01.thompsonhealth.org> Message-ID: <39E30C88-42C4-11D8-8E4C-000A95BAE752@next-online.net> I've used contribute. Here's the gotcha's First someone needs to use dreamweaver to create templates. the templates need to have page edit blocks (forgot the macromedia term, I believe it's modify...templates...new edit block). Its in the edit blocks that the artist can change his/her content without messing with the rest of the page. Then those templates need to be uploaded to a Templates folder (by default) in the web site. Then the artist can use Contribute to open and edit the files. Alternatively, build a quick php app. wouldn't be more than a couple hours. Chris On Jan 9, 2004, at 8:29 AM, Keith J Richardson wrote: > > With contribute, they have the ability to wysiwyg edit html pages, and > you can set locked regions. The person would have to have working > knowledge of web-page design to keep up these pages, or just working > knowledge of putting together tables in word/excel. Our marketing > department is looking at this for other departments to update their > own stuff on our company website, since its all static documents on > there :/ > > If he was looking for something searchable, a database w/ dynamic > pages would be the best bet > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Edward Potter > Sent: Friday, January 09, 2004 11:29 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Q) seeking an End User feature... > > > I have not used it yet, but lots of people seem to like it: > Contribute, Macromedia > > "Allow individuals and teams to update web content while maintaining > site integrity" > http://macromedia.com/software/contribute/? > promoid=home_prod_contribute_082403 > > - ed > > > > > On Jan 8, 2004, at 7:54 PM, Bill Wolf wrote: > >> I'd like to add a feature to a site for a user (a musician) to be able >> to >> easily update a list of his upcoming gigs on one of the pages on his >> site. >> >> He's pretty unsophisticated when it comes to computers. Are there any >> open >> source packages that are simple to setup and very simple to use that >> do this >> kind of thing? >> >> Thanks >> -Bill >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> >> > > //----------------------------------------- > http://mygoo.typepad.com > http://mygoo.typepad.com/coder > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Chris Hubbard chubbard at next-online.net 425 563 4153 From mz34 at nyu.edu Fri Jan 9 12:47:28 2004 From: mz34 at nyu.edu (Matthew Zimmerman) Date: Fri, 9 Jan 2004 12:47:28 -0500 Subject: [nycphp-talk] Database Relation Question In-Reply-To: <1073662275.20055.2.camel@banner> References: <05F6C3B4CA00D7419D1708F36A9F7745B299@ffth-exc01.thompsonhealth.org> <1073662275.20055.2.camel@banner> Message-ID: This is great Greg. Thanks! Sometimes the person can fulfill different roles. (produce one film, direct the next). This works great for my DB. Thanks to everyone for the comments. On Jan 9, 2004, at 10:31 AM, Greg Wilson wrote: > how about: > > a table of people > - id, firstname, lastname, etc > > a table of movies > - id, title, etc > > a table of roletypes > - director, producer, actor, cinematographer, etc > > and a table relating people to movies based on roles > - movie_id, people_id, roletypeid > > greg > > > On Fri, 2004-01-09 at 10:23, Keith J Richardson wrote: >> I would personally have a table of people. Then have a table of say >> peopletypes, which would be producer, director, acter, etc >> >> then in the people list, they have a peopletypeid, which is the >> unique id of the peopletype that is in the other list >> >> -----Original Message----- >> From: talk-bounces at lists.nyphp.org >> [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Matthew Zimmerman >> Sent: Friday, January 09, 2004 10:24 AM >> To: NYPHP Talk >> Subject: [nycphp-talk] Database Relation Question >> >> >> Is it considered good database design to have two tables related to >> each other through more than one field. >> >> What I means is I have two tables. One is called "movies" and one is >> called "people". >> >> Movies has some fields like "director, producer, cinematographer". >> People is just a list of people "first_name, last_name, etc." >> >> Is it ok for movies to relate to people via "director" and "producer" >> and "cinematographer" or is it better to create a "producer" table to >> related to producer, "director" table to relate to director, etc. >> >> I have a feeling I am doing it the right way just having a "people" >> table but I wasn't sure if this would cause any query problems down >> the >> line. >> >> Thanks for your help. I am not sure if I used all of the proper >> terminology here so I can rephrase the question if needed. >> >> Matt >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > MZ _________________ Matthew Zimmerman Humanities Computing Group, NYU Tel: 212.998.3038 Fax: 212.995.4120 From wiw at nyc.rr.com Fri Jan 9 13:50:14 2004 From: wiw at nyc.rr.com (Bill Wolf) Date: Fri, 9 Jan 2004 13:50:14 -0500 Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <20040109144719.1570CA8623@virtu.nyphp.org> Message-ID: <200401091850.i09IoGtu026419@nycsmtp4out-eri0.rdc-nyc.rr.com> Contribute's a bit too much for such a simple site >>I would write a basic php script - one page for adding/deleting/editing the gigs, and one for displaying. the one for adding/deleting/editing is password protected.<< I'm thinking more along the lines of your suggestion. Yes I have MySQL and PHP on the site. I started to search of hotscripts.com but there are hundreds of content manager programs listed on their site. It really might be faster to learn PHP and write it myself :-) Thanks -Bill From tgales at tgaconnect.com Fri Jan 9 13:54:49 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 9 Jan 2004 13:54:49 -0500 Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <200401091850.i09IoGtu026419@nycsmtp4out-eri0.rdc-nyc.rr.com> Message-ID: <001401c3d6e2$1040eff0$bf8d3818@oberon1> Bill Wolf writes: "It really might be faster to learn PHP and write it myself :-) " Did you look on 'SourceForge'? That's the kind of thing they (should) have. It seems you could find something you could customize (hack). T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From chubbard at next-online.net Fri Jan 9 13:58:42 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Fri, 9 Jan 2004 10:58:42 -0800 Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <001401c3d6e2$1040eff0$bf8d3818@oberon1> References: <001401c3d6e2$1040eff0$bf8d3818@oberon1> Message-ID: Bill, You might take a look at PHPMaker http://www.hkvstore.com/phpmaker/ it's inexpensive (around $20) and you can use it to build simple php applications. It can be difficult to get the "look" just the way you want. But for $20 it's not worth complaining. chris On Jan 9, 2004, at 10:54 AM, Tim Gales wrote: > Bill Wolf writes: > "It really might be faster to > learn PHP and write it myself :-) " > > Did you look on 'SourceForge'? > That's the kind of thing they (should) have. > It seems you could find something you could > customize (hack). > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Chris Hubbard chubbard at next-online.net 425 563 4153 From jonbaer at jonbaer.net Fri Jan 9 14:09:48 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 9 Jan 2004 14:09:48 -0500 Subject: [nycphp-talk] Q) seeking an End User feature... References: <200401091850.i09IoGtu026419@nycsmtp4out-eri0.rdc-nyc.rr.com> Message-ID: <008b01c3d6e4$2811ab40$6400a8c0@thinkpad> Im really thinking of putting together the Smarty/POP3 publish hack I use for some stuff ... basically you send an email to an address: To: publish at site.com bar You can put the filename/etc as part of the tags or leave them static and then in your Smarty template: {$exml.foo} The security portion of my stuff lies with STARTTLS for SPOP, but im sure public keys + such could be thrown in. Would this work? - jon ----- Original Message ----- From: "Bill Wolf" To: Sent: Friday, January 09, 2004 1:50 PM Subject: RE: [nycphp-talk] Q) seeking an End User feature... > Contribute's a bit too much for such a simple site > > >>I would write a basic php script - one page for adding/deleting/editing > the gigs, and one for displaying. the one for adding/deleting/editing is > password protected.<< > > I'm thinking more along the lines of your suggestion. Yes I have MySQL and > PHP on the site. I started to search of hotscripts.com but there are > hundreds of content manager programs listed on their site. It really might > be faster to learn PHP and write it myself :-) > > Thanks > -Bill > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From shiflett at php.net Fri Jan 9 16:32:44 2004 From: shiflett at php.net (Chris Shiflett) Date: Fri, 9 Jan 2004 13:32:44 -0800 (PST) Subject: [nycphp-talk] MySQL Licensing Message-ID: <20040109213244.57191.qmail@web14310.mail.yahoo.com> There is an interesting open license review for MySQL at: http://zak.greant.com/archives/000203.html This was sparked by recent blog discussions about MySQL's licensing. There is obviously at the very least some confusion surrounding MySQL's licensing, and there are even potentially flaws in it. For example, George Schlossnagle brought up a very good point that he can write an application that uses Oracle as backend storage without paying Oracle any money. Those who buy this software and need to implement it will need to have Oracle, and it is they who must pay the licensing fee. MySQL's license appears to extend to such applications, and no one from MySQL AB refuted this. I bring this up here, because Zak is going to be at LinuxWorld and plans to host discussions on this issue there. It seems like NYPHP will be a group with a lot of representation at this event, and most of us are likely interested in either: 1. Understanding MySQL's licensing better 2. Trying to affect positive change in MySQL's licensing I'm potentially interested in both. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From chubbard at next-online.net Fri Jan 9 19:10:23 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Fri, 9 Jan 2004 16:10:23 -0800 Subject: [nycphp-talk] Q) seeking an End User feature... In-Reply-To: <008b01c3d6e4$2811ab40$6400a8c0@thinkpad> References: <200401091850.i09IoGtu026419@nycsmtp4out-eri0.rdc-nyc.rr.com> <008b01c3d6e4$2811ab40$6400a8c0@thinkpad> Message-ID: <624AA6DB-4301-11D8-8E4C-000A95BAE752@next-online.net> I'd love to see this code when you get it built, I'd like to use something like this also. Chris On Jan 9, 2004, at 11:09 AM, jon baer wrote: > Im really thinking of putting together the Smarty/POP3 publish hack I > use > for some stuff ... basically you send an email to an address: > > To: publish at site.com > > > bar > > > You can put the filename/etc as part of the tags or leave them static > and > then in your Smarty template: > > {$exml.foo} > > The security portion of my stuff lies with STARTTLS for SPOP, but im > sure > public keys + such could be thrown in. Would this work? > > - jon > > ----- Original Message ----- > From: "Bill Wolf" > To: > Sent: Friday, January 09, 2004 1:50 PM > Subject: RE: [nycphp-talk] Q) seeking an End User feature... > > >> Contribute's a bit too much for such a simple site >> >>>> I would write a basic php script - one page for >>>> adding/deleting/editing >> the gigs, and one for displaying. the one for adding/deleting/editing >> is >> password protected.<< >> >> I'm thinking more along the lines of your suggestion. Yes I have >> MySQL > and >> PHP on the site. I started to search of hotscripts.com but there are >> hundreds of content manager programs listed on their site. It really > might >> be faster to learn PHP and write it myself :-) >> >> Thanks >> -Bill >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Chris Hubbard chubbard at next-online.net 425 563 4153 From dan at mx2pro.com Sat Jan 10 00:46:29 2004 From: dan at mx2pro.com (Dan Horning) Date: Sat, 10 Jan 2004 00:46:29 -0500 Subject: [nycphp-talk] RE: [nycphp-dev] CMS In-Reply-To: <00a001c3d738$a3386b70$0801a8c0@laptop> Message-ID: <20040110054657.33418A85E9@virtu.nyphp.org> I'll send this out on both lists, if anyone knows of one that I don't have listed yet.. please send me a link so I can add it. http://www.dsoundmn.com/cms.php Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) -----Original Message----- From: dev-bounces at lists.nyphp.org [mailto:dev-bounces at lists.nyphp.org] On Behalf Of Mike Hjorleifsson Sent: Saturday, January 10, 2004 12:15 AM To: 'NYPHP Development' Subject: RE: [nycphp-dev] CMS Agreed, just prefer the developers opinions.. I will post it there. -----Original Message----- From: dev-bounces at lists.nyphp.org [mailto:dev-bounces at lists.nyphp.org] On Behalf Of Hans Zaunere Sent: Saturday, January 10, 2004 12:12 AM To: NYPHP Development Subject: RE: [nycphp-dev] CMS > Can someone recommend a good Content management system that > is PHP based for a corporate web site ? Hi Mike. This type of question would be best asked on NYPHP-Talk... a lot of CMS users there. Thanks, H _______________________________________________ dev mailing list dev at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/dev _______________________________________________ dev mailing list dev at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/dev From tgales at tgaconnect.com Sat Jan 10 00:51:37 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 10 Jan 2004 00:51:37 -0500 Subject: [nycphp-talk] RE: [nycphp-dev] CMS In-Reply-To: <20040110054657.33418A85E9@virtu.nyphp.org> Message-ID: <000201c3d73d$d00aa000$bf8d3818@oberon1> Dan Horning writes: " if anyone knows of one that I don't have listed yet.. please send me a link so I can add it..." Drupal at drupal.org and Typo3 at typo3.org T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From ricky at ryoshu.com Sat Jan 10 04:13:01 2004 From: ricky at ryoshu.com (Ricky Bacon) Date: Sat, 10 Jan 2004 04:13:01 -0500 Subject: [nycphp-talk] PHP 5 Message-ID: <3FFFC21D.3050500@ryoshu.com> I have an extranet to build and after some wrangling, PHP is the choice (vs. ASP.Net and JSP). I'm not looking at heavy traffic so should I go with PHP 5 (is it usable yet), or should I do PHP 4? -Ricky -- http://www.ryoshu.com/ From tgales at tgaconnect.com Sat Jan 10 08:45:06 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 10 Jan 2004 08:45:06 -0500 Subject: [nycphp-talk] PHP 5 In-Reply-To: <3FFFC21D.3050500@ryoshu.com> Message-ID: <000401c3d77f$f575c3a0$bf8d3818@oberon1> Ricky Bacon writes: "...should I go with PHP 5 (is it usable yet), or should I do PHP 4?" Well, it's the beginning of a new year and that tends to bring out 'Silvia (the psychic) Brown'-esque predictions by self-appointed pundits on what will happen during a coming (new) year. Let me join in the fray and say, after polishing up my crystal ball, that I see PHP 5 stabilizing around June of this year. If you don't mind (and if your environment permits) periodic upgrades and patches, go with PHP 5. The (version 4) features of PHP 5 seem to be alive and unbroken in the (b3) release which I am testing on Windows XP. (and so as a direct answer to your question -- yes PHP is usable now -- my opinion of course). The determining factor may be whether you want to develop 'commercial' products and which of the available data storage applications you want to use (How lite do you take your SQL?). As a footnote, I found a page which may be of interest to you. (especially if you agree that data storage apps. could be the 'swing factor' in your decision) There is a published 'Data Speed Comparison' test report at: http://sambar.polie.nl/sqllite.htm Hope this helps T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From felix at students.poly.edu Sat Jan 10 12:28:49 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Sat, 10 Jan 2004 12:28:49 -0500 Subject: [nycphp-talk] RE: [nycphp-dev] CMS In-Reply-To: <20040110054657.33418A85E9@virtu.nyphp.org> References: <00a001c3d738$a3386b70$0801a8c0@laptop> <20040110054657.33418A85E9@virtu.nyphp.org> Message-ID: <20040110122849.76c2a54e.felix@students.poly.edu> Take a look at www.opensourcecms.com they have large list of php cms's On Sat, 10 Jan 2004 00:46:29 -0500 "Dan Horning" wrote: > I'll send this out on both lists, > > if anyone knows of one that I don't have listed yet.. please send me a > link so I can add it. > > http://www.dsoundmn.com/cms.php > > > > Dan Horning - Music, Technology & Photography > http://www.dsoundmn.com/ > Technical Systems Administration > 1-866-284-3150 (Office/Home) > -----Original Message----- > From: dev-bounces at lists.nyphp.org [mailto:dev-bounces at lists.nyphp.org] > On Behalf Of Mike Hjorleifsson > Sent: Saturday, January 10, 2004 12:15 AM > To: 'NYPHP Development' > Subject: RE: [nycphp-dev] CMS > > Agreed, just prefer the developers opinions.. > I will post it there. > > -----Original Message----- > From: dev-bounces at lists.nyphp.org [mailto:dev-bounces at lists.nyphp.org] > On Behalf Of Hans Zaunere > Sent: Saturday, January 10, 2004 12:12 AM > To: NYPHP Development > Subject: RE: [nycphp-dev] CMS > > > > > Can someone recommend a good Content management system that > > is PHP based for a corporate web site ? > > Hi Mike. This type of question would be best asked on NYPHP-Talk... a > lot of CMS users there. > > Thanks, > > H > > _______________________________________________ > dev mailing list > dev at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/dev > > > _______________________________________________ > dev mailing list > dev at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/dev > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jonbaer at jonbaer.net Sat Jan 10 13:15:14 2004 From: jonbaer at jonbaer.net (jon baer) Date: Sat, 10 Jan 2004 13:15:14 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? Message-ID: <001501c3d7a5$b193b950$6400a8c0@thinkpad> hi, was wondering if someone can point me in the right direction, im setting up a roller hockey league site and interested in creating "player cards" with different frames over the card to allow players to print them out online ... what im mainly interested in is using the gd library so i could layer images dynamically - is transparency possible? any links i could follow? thanks. card style -> frame -> photo -> stats -> logo - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From jeffknight at mac.com Sat Jan 10 13:47:49 2004 From: jeffknight at mac.com (putamare) Date: Sat, 10 Jan 2004 13:47:49 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: <001501c3d7a5$b193b950$6400a8c0@thinkpad> References: <001501c3d7a5$b193b950$6400a8c0@thinkpad> Message-ID: <7CFFFFB1-439D-11D8-AC49-003065F9A07A@mac.com> On Jan 10, 2004, at 1:15 PM, jon baer wrote: > is transparency possible? Yes, with imagecreatetruecolor() > any links i could follow? http://nyphp.org/content/presentations/GDintro/ Of course, give yourself half a chance to succeed and dump gif in favor of png. From csnyder at chxo.com Sat Jan 10 14:57:13 2004 From: csnyder at chxo.com (Chris Snyder) Date: Sat, 10 Jan 2004 14:57:13 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: <7CFFFFB1-439D-11D8-AC49-003065F9A07A@mac.com> References: <001501c3d7a5$b193b950$6400a8c0@thinkpad> <7CFFFFB1-439D-11D8-AC49-003065F9A07A@mac.com> Message-ID: <40005919.5070406@chxo.com> putamare wrote: > Of course, give yourself half a chance to succeed and dump gif in > favor of png. Amen, brother. All the browsers do PNG with indexed transparency. Some (Gecko-based) even do PNG with an alpha channel, a truly beautiful thing. The only reason GIF isn't dead is animation. From nyphp at enobrev.com Sat Jan 10 14:59:05 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Sat, 10 Jan 2004 14:59:05 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: <40005919.5070406@chxo.com> Message-ID: And who uses gif for animation anymore? -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris Snyder Sent: Saturday, January 10, 2004 2:57 PM To: NYPHP Talk Subject: Re: [nycphp-talk] GD transparency w/ Gif89a? putamare wrote: > Of course, give yourself half a chance to succeed and dump gif in > favor of png. Amen, brother. All the browsers do PNG with indexed transparency. Some (Gecko-based) even do PNG with an alpha channel, a truly beautiful thing. The only reason GIF isn't dead is animation. _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jonbaer at jonbaer.net Sat Jan 10 14:55:10 2004 From: jonbaer at jonbaer.net (jon baer) Date: Sat, 10 Jan 2004 14:55:10 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? References: <001501c3d7a5$b193b950$6400a8c0@thinkpad> <7CFFFFB1-439D-11D8-AC49-003065F9A07A@mac.com> Message-ID: <001401c3d7b3$a7dbbee0$6400a8c0@thinkpad> thank you ... the button example gave me what i was looking for :-) http://nyphp.org/content/presentations/GDintro/gd26.php - jon ----- Original Message ----- From: "putamare" To: "NYPHP Talk" Sent: Saturday, January 10, 2004 1:47 PM Subject: Re: [nycphp-talk] GD transparency w/ Gif89a? > On Jan 10, 2004, at 1:15 PM, jon baer wrote: > > is transparency possible? > > Yes, with imagecreatetruecolor() > > > any links i could follow? > > http://nyphp.org/content/presentations/GDintro/ > > Of course, give yourself half a chance to succeed and dump gif in favor > of png. > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From csnyder at chxo.com Sat Jan 10 15:04:38 2004 From: csnyder at chxo.com (Chris Snyder) Date: Sat, 10 Jan 2004 15:04:38 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: References: Message-ID: <40005AD6.3050108@chxo.com> Mark Armendariz wrote: >And who uses gif for animation anymore? > > People who think Flash is evil... and are too lazy to write PNG animation in Javascript... did I miss anyone? :-) From spot at deviantart.com Sat Jan 10 15:08:40 2004 From: spot at deviantart.com (Spot) Date: Sat, 10 Jan 2004 14:08:40 -0600 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: <40005AD6.3050108@chxo.com> Message-ID: <00a001c3d7b5$8a71c4b0$5a01a8c0@spot> I was under the impression that PNG was not supported by all the major browsers. This is very good news! Can anyone provide some details on the stats of PNG as a format? (the alpha channel support is wild) -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Chris Snyder Sent: Saturday, January 10, 2004 2:05 PM To: NYPHP Talk Subject: Re: [nycphp-talk] GD transparency w/ Gif89a? Mark Armendariz wrote: >And who uses gif for animation anymore? > > People who think Flash is evil... and are too lazy to write PNG animation in Javascript... did I miss anyone? :-) _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Sat Jan 10 15:25:10 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 10 Jan 2004 15:25:10 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: <00a001c3d7b5$8a71c4b0$5a01a8c0@spot> Message-ID: <002001c3d7b7$e3a90dc0$bf8d3818@oberon1> Spot: > I was under the impression that PNG was not supported by all > the major browsers. here some stuff about browsers with PNG support http://www.libpng.org/pub/png/pngstatus.html#browsers and if you look around in http://www.libpng.org/ you will probably be able to find almost anything you want to know about PNG T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From joel at tagword.com Sat Jan 10 15:41:03 2004 From: joel at tagword.com (Joel De Gan) Date: Sat, 10 Jan 2004 15:41:03 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: <001501c3d7a5$b193b950$6400a8c0@thinkpad> References: <001501c3d7a5$b193b950$6400a8c0@thinkpad> Message-ID: <1073767263.2767.56.camel@bezel> Hi, I have written a lot of functions to handle transparent images. Here is a link to one of the main projects I used it for, doing a karumba clone for my evilwm system. http://lucifer.intercosmos.net/index.php?view=phpalphawall Here is a link to the code-snippets archive for. http://lucifer.intercosmos.net/index.php?view=SNIP&cat=42 alpha-blended images (think transparency).. etc.. Check them out and let me know if you have any questions. -Joel De Gan On Sat, 2004-01-10 at 13:15, jon baer wrote: > hi, > > was wondering if someone can point me in the right direction, im setting up > a roller hockey league site and interested in creating "player cards" with > different frames over the card to allow players to print them out online ... > > what im mainly interested in is using the gd library so i could layer images > dynamically - is transparency possible? any links i could follow? thanks. > > card style -> frame -> photo -> stats -> logo > > - jon > > pgp key: http://www.jonbaer.net/jonbaer.asc > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk -- joeldg - developer, Intercosmos media group. http://lucifer.intercosmos.net From jonbaer at jonbaer.net Sat Jan 10 16:47:15 2004 From: jonbaer at jonbaer.net (jon baer) Date: Sat, 10 Jan 2004 16:47:15 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? References: <002001c3d7b7$e3a90dc0$bf8d3818@oberon1> Message-ID: <002f01c3d7c3$504883b0$6400a8c0@thinkpad> is AOL still using the IE component? Can PNGs work there? I was a little suprised by the overwhelming people I had sign up that were AOL users and swore by it ... did the new model switch over to Mozilla/NS? Apologies in advance for a question that's probably been answered 1000 times before :-) - jon ----- Original Message ----- From: "Tim Gales" To: "'NYPHP Talk'" Sent: Saturday, January 10, 2004 3:25 PM Subject: RE: [nycphp-talk] GD transparency w/ Gif89a? > Spot: > > I was under the impression that PNG was not supported by all > > the major browsers. > > here some stuff about > browsers with PNG support > http://www.libpng.org/pub/png/pngstatus.html#browsers > > and if you look around in > http://www.libpng.org/ > > you will probably be able to find almost > anything you want to know about PNG > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Sat Jan 10 17:18:59 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 10 Jan 2004 17:18:59 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: <002f01c3d7c3$504883b0$6400a8c0@thinkpad> Message-ID: <002301c3d7c7$bf8739c0$bf8d3818@oberon1> > is AOL still using the IE component? Can PNGs work there? I > was a little suprised by the overwhelming people I had sign > up that were AOL users and swore by it ... did the new model > switch over to Mozilla/NS? Apologies in advance for a > question that's probably been answered 1000 times before :-) > > - jon Microsoft to abandon standalone IE May 31, 2003 http://news.com.com/2100-1032_3-1011859.html?tag=fd_top which is one day after Microsoft to pay AOL $750M Tech titans settle Netscape lawsuit, set seven-year licensing pact for AOL to use Internet Explorer. May 30, 2003 http://money.cnn.com/2003/05/29/technology/microsoft/ So it would seem AOL will be using I.E. -- but Microsoft will not (at least not in its present form i.e. standalone browser) T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com > From Kbedi at inta.org Sat Jan 10 18:35:58 2004 From: Kbedi at inta.org (Kshitij Bedi) Date: Sat, 10 Jan 2004 18:35:58 -0500 Subject: [nycphp-talk] (no subject) Message-ID: What should be the best possible structure of Order and Product tables where products could have sub products and sub products could further sub sub products From felix at students.poly.edu Sat Jan 10 18:33:19 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Sat, 10 Jan 2004 18:33:19 -0500 Subject: [nycphp-talk] (no subject) In-Reply-To: References: Message-ID: <20040110183319.10837814.felix@students.poly.edu> There is different ways to create tree stuctures in relational model. The extra data you may want to add depends on how your search queries will be done. You will be better served by using existing solutions you may find on the web. On Sat, 10 Jan 2004 18:35:58 -0500 Kshitij Bedi wrote: > What should be the best possible structure of > Order and Product tables where products could have sub products and > sub products could further sub sub products > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jeffknight at mac.com Sat Jan 10 22:29:31 2004 From: jeffknight at mac.com (putamare) Date: Sat, 10 Jan 2004 22:29:31 -0500 Subject: [nycphp-talk] GD transparency w/ Gif89a? In-Reply-To: <002f01c3d7c3$504883b0$6400a8c0@thinkpad> References: <002001c3d7b7$e3a90dc0$bf8d3818@oberon1> <002f01c3d7c3$504883b0$6400a8c0@thinkpad> Message-ID: <5E9653D2-43E6-11D8-AC49-003065F9A07A@mac.com> If you're that worried about png support, output the image as a JPEG (or even as a link to a downloadable tiff, if lossy compression itches you the wrong way), assuming you only need transparency in the various layers that comprise the image and not the final "card" itself. Many installs have the ability to read gifs, but not output them, and some just don't bother with them whatsoever, so the odds are you can probably use gifs for the components. On the other hand, you could just as easily use png, since the output file format doesn't have to match the input format, so it really doesn't matter what the browser can and can't accept. I'd even go so far as to suggest for better performance, save all the styles, frames and other commonly used images in the intermediate gd2 native format and save yourself a little processing time in the conversion process. On Jan 10, 2004, at 4:47 PM, jon baer wrote: > is AOL still using the IE component? Can PNGs work there? I was a > little > suprised by the overwhelming people I had sign up that were AOL users > and > swore by it ... did the new model switch over to Mozilla/NS? > Apologies in > advance for a question that's probably been answered 1000 times before > :-) > > - jon > > ----- Original Message ----- > From: "Tim Gales" > To: "'NYPHP Talk'" > Sent: Saturday, January 10, 2004 3:25 PM > Subject: RE: [nycphp-talk] GD transparency w/ Gif89a? > > >> Spot: >>> I was under the impression that PNG was not supported by all >>> the major browsers. >> >> here some stuff about >> browsers with PNG support >> http://www.libpng.org/pub/png/pngstatus.html#browsers >> >> and if you look around in >> http://www.libpng.org/ >> >> you will probably be able to find almost >> anything you want to know about PNG >> >> T. Gales & Associates >> 'Helping People Connect with Technology' >> >> http://www.tgaconnect.com >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk >From hans not junk at nyphp.com Sun Jan 11 00:34:17 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 45A65A85EF for ; Sun, 11 Jan 2004 00:34:17 -0500 (EST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] (no subject) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Sat, 10 Jan 2004 21:34:13 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8737494C at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] (no subject) Thread-Index: AcPX0ih1TV+4eM2GR9Guz/LTHDv5awAMjAdQ From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2004 05:34:17 -0000 > What should be the best possible structure of > Order and Product tables where products could have sub=20 > products and sub products could further sub sub products Take a look at the nested set model. See the archives of the Dev list = at http://nyphp.org/lists for many links and discussion. There's also a = working implementation in pure PHP/MySQL: http://paragon.nyphp.org/clew/pnsm.pcom It's abstracted from the actual data you want to store, so it should = work with anything. H >From hans not junk at nyphp.com Sun Jan 11 01:13:59 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id B6E97A85EF for ; Sun, 11 Jan 2004 01:13:58 -0500 (EST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] MySQL Licensing X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Sat, 10 Jan 2004 22:13:56 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8737494F at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] MySQL Licensing Thread-Index: AcPW+CMup/SJgotTTwet96d7wSCJnABEbtFA From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2004 06:13:59 -0000 > I bring this up here, because Zak is going to be at=20 > LinuxWorld and plans > to host discussions on this issue there. It seems like NYPHP will be a > group with a lot of representation at this event, and most of us are > likely interested in either: >=20 > 1. Understanding MySQL's licensing better > 2. Trying to affect positive change in MySQL's licensing >=20 > I'm potentially interested in both. Can you touchbase with Zak? I'll be announcing our LinuxWorld plans = (which by the way is at http://nyphp.org/content/linuxworld/) and it'd = be nice to include a talk on this - any time that's convenient for Zak = should work. Chris, please contact me directly as you know more. Thanks, Hans >From hans not junk at nyphp.com Sun Jan 11 01:18:17 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id A1F5BA85EF for ; Sun, 11 Jan 2004 01:18:17 -0500 (EST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] php ncurses based mysql process watcher.. (preview) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Sat, 10 Jan 2004 22:18:15 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F87374950 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] php ncurses based mysql process watcher.. (preview) Thread-Index: AcPYCrJFiM5yJ1hSQv2nVhH/4lTreA== From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2004 06:18:18 -0000 I feel silly, Joel - just realized you're the same Joel who did the = ncurses tutorial :) =20 > I built a mysql process watcher in PHP using ncurses. > Screenshots here: http://soulreactor.com/mview/ >=20 > I am interested in any ideas or things that can/could be added, i.e. > things you might find useful when monitoring your mysql servers, or > Algorithms used to compute meaningful data about the state of=20 > the server etc..=20 Very sexy... something I wish I've had in the past. I'll be anxious to = play with it... > No source released yet until I get the go ahead from work to=20 > opensource it. My proposal is in, so hopefully not long. Hope it gets opened, too. You're welcome to our servers and cvs server = if you'd need - just drop me a note. Best, Hans From nyphp at enobrev.com Sun Jan 11 04:56:45 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Sun, 11 Jan 2004 04:56:45 -0500 Subject: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) In-Reply-To: <009a01c3d627$cf1e8ba0$6400a8c0@thinkpad> Message-ID: Not sure if you're still in need, and I hadn't noticed mention of it, but here's an Excel / PHP solution: http://phppatterns.com/index.php/article/articleview/90/1/11/ Mark -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of jon baer Sent: Thursday, January 08, 2004 3:42 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) well ... it works pretty smoothly ... in fact I didn't really need that class, just needed to refresh up on COM functions in PHP ... http://us3.php.net/com @ the bottom there is a nice Excel example ... so natively on Linux using COM would probably have to be complex + deal with WINE i suppose, something my ISP most likely wont allow me to install. - jon ----- Original Message ----- From: "jon baer" To: "NYPHP Talk" Sent: Thursday, January 08, 2004 3:13 PM Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > Merci! > > :-) > > ----- Original Message ----- > From: "Kerem Tuzemen" > To: "NYPHP Talk" > Sent: Thursday, January 08, 2004 12:49 PM > Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older versions) > > > > Jon, here are some clues: > > > > Fichier = File > > Feuille = Sheet > > Cellule = Cell > > Connexion = Connection > > Classeur = Folder > > Valeur = Value > > Enregistrer = Save > > Fermer = Close > > OuvreLeFichier=OpenFile > > EcritDansCellule=WriteInCell > > NouvelleValeur = NewValue > > RecupereValeurCellule=ReadCellValue > > EcritDansCellule=WriteInCell > > > > Hope this helps. > > > > O. Kerem Tuzemen > > > > > > > > > > ----- Original Message ----- > > From: "jon baer" > > To: "NYPHP Talk" > > Sent: Thursday, January 08, 2004 11:56 AM > > Subject: Re: [nycphp-talk] Linking Excel to PHP/MySQL (older > > versions) > > > > > > > > > > > > Isn't this the page about ExcelRead (which is in English)? > > > > http://www.andykhan.com/excelread/index.html > > > > > > > > > > http://www.phpclasses.org/browse.html/package/1069.html > > > > > > maybe someone can translate the code below into English? not even > > > sure > if > > it > > > works ... > > > > > > - jon > > > > > > > > class ExcelRead_FR{ > > > > > > // Les variables : > > > var $Fichier; // Le Fichier excel ? lire ! > > > var $Feuille; // La Feuille a R?cup?rer ! > > > var $Cellule; // La Cellule a lire var $IdConnexion; var > > > $Classeur; > > > > > > function OuvreLeFichier($LeDocument){ > > > /* Cette fonction Ouvre le document Excel > > > * Elle est a appel? apr?s avoir renseigner la variable > > > * Fichier. > > > * Elle renseigne les variables IdConnexion et Classeur */ > > > $this->IdConnexion = new com("Excel.Application")or die("Erreur > > > lors de > > la > > > connexion au fichier excel : $Fichier"); $Rep = getcwd(); > > > $$LeDocument=$Rep."\\".$$LeDocument; > > > $this->Classeur = > > > $this->IdConnexion->WorkBooks->Open($LeDocument) or die("Erreur > > > impossible d'ouvrir le classeur"); } > > > > > > function RecupereValeurCellule($feuil, $cell){ if > > > (!isset($this->Classeur)){ > > > if (!isset($this->Fichier)){ > > > return False; > > > }else{ > > > $this->OuvreLeFichier($this->Fichier); > > > } > > > } > > > $Classeur = $this->Classeur; > > > $Feuille = $this->Classeur->Sheets($feuil); $SelectedFeuille = > > > $Feuille->Select; $Cellule = $Feuille->Range($cell); > > > $ValeurCellule = $Cellule->Value; return $ValeurCellule; } > > > > > > > > > function EcritDansCellule($feuil, $cell, $NouvelleValeur){ if > > > (!isset($this->Classeur)){ > > > if (!isset($this->Fichier)){ > > > return False; > > > }else{ > > > $this->OuvreLeFichier($this->Fichier); > > > } > > > } > > > $Classeur = $this->Classeur; > > > $Feuille = $this->Classeur->Sheets($feuil); $SelectedFeuille = > > > $Feuille->Select; $Cellule = $Feuille->Range($cell); > > > $Cellule->Value = $NouvelleValeur; } function CellIsEmpty($cell){ > > > $Classeur = $this->Classeur; $Feuille = > > > $this->Classeur->Sheets($this->Feuille); > > > $SelectedFeuille = $Feuille->Select; $Cellule = > > > $Feuille->Range($cell); if ($Cellule->Value == ""){ > > > return true; > > > }else{ > > > return False; > > > } > > > } > > > > > > function CellIsMerged($cell){ > > > > > > $Classeur = $this->Classeur; > > > $Feuille = $this->Classeur->Sheets($this->Feuille); > > > $SelectedFeuille = $Feuille->Select; $Cellule = > > > $Feuille->Range($cell); if ($y = $Cellule->MergeCells){ > > > return true; > > > }else{ > > > return False; > > > } > > > > > > } > > > > > > function Enregistrer(){ > > > $this->Classeur->Save(); > > > } > > > function Fermer(){ > > > //com_release($this->IdConnexion); > > > $this->IdConnexion->Quit(); > > > $this->IdConnexion = null; > > > } > > > function RecupereDerniereLigne(){ > > > > > > } > > > } > > > > > > > > > ?> > > > > > > > > > > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From shiflett at php.net Sun Jan 11 13:54:27 2004 From: shiflett at php.net (Chris Shiflett) Date: Sun, 11 Jan 2004 10:54:27 -0800 (PST) Subject: [nycphp-talk] MySQL Licensing In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8737494F@ehost011-1.exch011.intermedia.net> Message-ID: <20040111185427.62537.qmail@web14302.mail.yahoo.com> --- Hans Zaunere wrote: > Can you touchbase with Zak? I just did, and I copied you. > it'd be nice to include a talk on this Yes, very good idea, Hans. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From joel at tagword.com Sun Jan 11 14:32:15 2004 From: joel at tagword.com (Joel De Gan) Date: Sun, 11 Jan 2004 14:32:15 -0500 Subject: [nycphp-talk] php ncurses based mysql process watcher.. (preview) In-Reply-To: <41EE526EC2D3C74286415780D3BA9F87374950@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F87374950@ehost011-1.exch011.intermedia.net> Message-ID: <1073849535.2796.69.camel@bezel> Hi Hans, Yea, that is me, just moved here to Manhattan from New Orleans (prior from the west coast). Found this list and am pretty excited about it as a php group in nola consists of a few guys sitting at a bar chatting about what can be done in the language. Anyway, if any of you are going to the Linux Expo at the Javitz center (Jan 21st-23rd) you will be able to find me there. Mview will be released from one of my servers located in our New Orleans data center as per the restrictions for source control (it is part of the deal in being able to opensource a project from my work). It is already a tool that I always keep running here and most people at my work are running throughout the day to see the realtime graphs of the mysql servers. I am looking at a two week or so timeframe to be able to opensource the project. I am currently working on a version that uses lines for the graphs instead of ascii. And hopefully can get a color-spread in so that it varies from blue to red etc.. It looks cool and serves a purpose. Cheers -Joel De Gan On Sun, 2004-01-11 at 01:18, Hans Zaunere wrote: > I feel silly, Joel - just realized you're the same Joel who did the ncurses tutorial :) > > Hope it gets opened, too. You're welcome to our servers and cvs server if you'd need - just drop me a note. > > Best, > > Hans -- joeldg - developer, Intercosmos media group. http://lucifer.intercosmos.net From dmintz at davidmintz.org Sun Jan 11 18:28:17 2004 From: dmintz at davidmintz.org (David Mintz) Date: Sun, 11 Jan 2004 18:28:17 -0500 (EST) Subject: [nycphp-talk] Zend IDE with US International keyboard In-Reply-To: <002901c3d6cf$efb189f0$6400a8c0@thinkpad> References: <05F6C3B4CA00D7419D1708F36A9F7745B299@ffth-exc01.thompsonhealth.org> <1073662275.20055.2.camel@banner> <002901c3d6cf$efb189f0$6400a8c0@thinkpad> Message-ID: Does anyone know how the hell you type a " or a ' in Zend 3.0.1 when your keyboard is set to U.S International? I'm on RedHat 9 at the moment. Gratefully, --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jonbaer at jonbaer.net Sun Jan 11 19:11:39 2004 From: jonbaer at jonbaer.net (jon baer) Date: Sun, 11 Jan 2004 19:11:39 -0500 Subject: [nycphp-talk] [ot] some math help i think Message-ID: <007f01c3d8a0$a6fb2630$6400a8c0@thinkpad> greetings ... thank you for all the great suggestions for my other problems, i currently have a small math problem that maybe someone could help me out with ... basically for the hockey league i created a rating system where each player can rate another player on their team (from 1 to 10) and submit it ... then in turn it will calculate a rating on their hockey card from 70 (lowest) to 100 (hightest) ... what i do is combine the average rating from all the players votes received (x + y / total) and add the points per game (goals + assists / games) ... i did a very small test below but not being familiar with php math functions im sure there is something i can do to get a range/median value: $peer_average = $_GET['peer']; $goals = $_GET['goals']; $assists = $_GET['assists']; $games = $_GET['games']; $ppg = (($goals+$assists) / $games) * $peer_average; $rating = round(($ppg) + 70); // ugly i know if ($rating < 70) $rating = 70; if ($rating > 100) $rating = 100; echo "rating: " . $rating; pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From wiw at nyc.rr.com Mon Jan 12 07:51:12 2004 From: wiw at nyc.rr.com (Bill Wolf) Date: Mon, 12 Jan 2004 07:51:12 -0500 Subject: [nycphp-talk] Linux world In-Reply-To: <20040109170002.51082A8612@virtu.nyphp.org> Message-ID: <200401121251.i0CCp7Of007481@nycsmtp3out.rdc-nyc.rr.com> Anyone have a priority code they can share for free registration to Linuxworld? Thanks From Kbedi at inta.org Mon Jan 12 10:06:22 2004 From: Kbedi at inta.org (Kshitij Bedi) Date: Mon, 12 Jan 2004 10:06:22 -0500 Subject: [nycphp-talk] PHP.INI File on a LAMP Server Message-ID: I just set up PHP on Linux with Apache, can someone tell me how to turn the warnings and notices OFF. I do it on windows server by editing the PHP.ini file but I can't find the PHP.ini file on Linux. From jlacey at att.net Mon Jan 12 10:06:26 2004 From: jlacey at att.net (John Lacey) Date: Mon, 12 Jan 2004 08:06:26 -0700 Subject: [nycphp-talk] PHP.INI File on a LAMP Server In-Reply-To: References: Message-ID: <4002B7F2.7020209@att.net> look in the /etc directory Kshitij Bedi wrote: > I just set up PHP on Linux with Apache, can someone tell me how to turn the > warnings and notices OFF. I do it on windows server by editing the PHP.ini > file but I can't find the PHP.ini file on Linux. > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From Keith.Richardson at thompsonhealth.com Mon Jan 12 10:31:46 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Mon, 12 Jan 2004 10:31:46 -0500 Subject: [nycphp-talk] PHP.INI File on a LAMP Server Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B2A2@ffth-exc01.thompsonhealth.org> one workaround that I did for finding files on a dedicated server that I am renting on the net with cpanel installed on it, which puts things in wierd directories, was doing a find * and store it in a text file, then opening it up in pico and doing a search, and typing in the filename that I need to find. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Monday, January 12, 2004 10:06 AM To: 'NYPHP Talk' Subject: [nycphp-talk] PHP.INI File on a LAMP Server I just set up PHP on Linux with Apache, can someone tell me how to turn the warnings and notices OFF. I do it on windows server by editing the PHP.ini file but I can't find the PHP.ini file on Linux. _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Kbedi at inta.org Mon Jan 12 10:59:45 2004 From: Kbedi at inta.org (Kshitij Bedi) Date: Mon, 12 Jan 2004 10:59:45 -0500 Subject: [nycphp-talk] PHP.INI File on a LAMP Server Message-ID: that seems like a good idea I will try that -----Original Message----- From: Keith J Richardson [mailto:Keith.Richardson at thompsonhealth.com] Sent: Monday, January 12, 2004 10:32 AM To: NYPHP Talk Subject: RE: [nycphp-talk] PHP.INI File on a LAMP Server one workaround that I did for finding files on a dedicated server that I am renting on the net with cpanel installed on it, which puts things in wierd directories, was doing a find * and store it in a text file, then opening it up in pico and doing a search, and typing in the filename that I need to find. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi Sent: Monday, January 12, 2004 10:06 AM To: 'NYPHP Talk' Subject: [nycphp-talk] PHP.INI File on a LAMP Server I just set up PHP on Linux with Apache, can someone tell me how to turn the warnings and notices OFF. I do it on windows server by editing the PHP.ini file but I can't find the PHP.ini file on Linux. _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dcech at phpwerx.net Mon Jan 12 11:00:02 2004 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 12 Jan 2004 11:00:02 -0500 Subject: [nycphp-talk] PHP.INI File on a LAMP Server In-Reply-To: References: Message-ID: <4002C482.703@phpwerx.net> ahh, you'd be better off with: find /etc -name php.ini and if that fails: find / -name php.ini Dan Kshitij Bedi wrote: > that seems like a good idea I will try that > > -----Original Message----- > From: Keith J Richardson [mailto:Keith.Richardson at thompsonhealth.com] > Sent: Monday, January 12, 2004 10:32 AM > To: NYPHP Talk > Subject: RE: [nycphp-talk] PHP.INI File on a LAMP Server > > > one workaround that I did for finding files on a dedicated server that I am > renting on the net with cpanel installed on it, which puts things in wierd > directories, was doing a find * and store it in a text file, then opening it > up in pico and doing a search, and typing in the filename that I need to > find. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Kshitij Bedi > Sent: Monday, January 12, 2004 10:06 AM > To: 'NYPHP Talk' > Subject: [nycphp-talk] PHP.INI File on a LAMP Server > > > I just set up PHP on Linux with Apache, can someone tell me how to turn the > warnings and notices OFF. I do it on windows server by editing the PHP.ini > file but I can't find the PHP.ini file on Linux. > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Mon Jan 12 11:05:48 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Mon, 12 Jan 2004 11:05:48 -0500 Subject: [nycphp-talk] PHP.INI File on a LAMP Server In-Reply-To: Message-ID: <000201c3d925$f1e0ba40$bf8d3818@oberon1> If you want to know where php is reading its ini file from. If you can upload a file like this: test.php contents: If you execute that script it should give you some information like the following: Configuration File (php.ini) Path -- "/whereitsat/php.ini" T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jlacey at att.net Mon Jan 12 11:09:57 2004 From: jlacey at att.net (John Lacey) Date: Mon, 12 Jan 2004 09:09:57 -0700 Subject: [nycphp-talk] PHP.INI File on a LAMP Server In-Reply-To: <4002C482.703@phpwerx.net> References: <4002C482.703@phpwerx.net> Message-ID: <4002C6D5.7030805@att.net> Dan Cech wrote: > ahh, you'd be better off with: > > find /etc -name php.ini > > and if that fails: > > find / -name php.ini > > Dan > another way that's pretty convenient is to use the "locate filename" that searches a database that is updated by a default cron job (at least on redhat systems)... it is very quick. the only caveat is to keep in mind that, since the cron job runs once per day, files that are added or deleted will not be reflected until the cron job runs -- of course, you can manually run "updatedb" (it takes little time to run). But in most instances, things will be pretty much up to date. John From emm at scriptdigital.com Mon Jan 12 11:25:51 2004 From: emm at scriptdigital.com (Emmanuel =?iso-8859-1?Q?D=E9carie?=) Date: Mon, 12 Jan 2004 11:25:51 -0500 Subject: [nycphp-talk] Quoting and netiquette In-Reply-To: <20040110235754.D06EEA879B@virtu.nyphp.org> Message-ID: Hello, This list is excellent and I follow it with great pleasure. But unfortunately, this is one of the list I am on that have the worst netiquette regarding quoting. Can I humbly advice to be gentle to others list members and trim your quotes only to what is relevant in the message you?re are replying. Thanks! Cheers -Emmanuel -- Emmanuel D?carie / Programmation pour le Web - Programming for the Web - Blog: - AIM: scriptdigital From jeffknight at mac.com Mon Jan 12 13:04:51 2004 From: jeffknight at mac.com (PUTAMARE) Date: Mon, 12 Jan 2004 13:04:51 -0500 Subject: [nycphp-talk] Odd, Adobe is reselling Zend Studio on their GoLive Page Message-ID: http://www.adobe.com/store/products/master.jhtml?id=catGoLive Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From jonbaer at jonbaer.net Mon Jan 12 16:23:47 2004 From: jonbaer at jonbaer.net (jon baer) Date: Mon, 12 Jan 2004 16:23:47 -0500 Subject: [nycphp-talk] mysql + 0 rows affected error Message-ID: <006401c3d952$5ddbafd0$6400a8c0@thinkpad> greetings ... i am wondering if this is a client/server incompatibility issue or not, maybe someone has had the same issue ... when connected to mysql cli and performing an update or delete on a table i seem to always get "0 rows affected" in which the case is not true (confirmed by a followed select) ... it also seems to be problematic with the mysql_affected_rows() function. is there something else i should check? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From dcech at phpwerx.net Mon Jan 12 16:48:26 2004 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 12 Jan 2004 16:48:26 -0500 Subject: [nycphp-talk] mysql + 0 rows affected error In-Reply-To: <006401c3d952$5ddbafd0$6400a8c0@thinkpad> References: <006401c3d952$5ddbafd0$6400a8c0@thinkpad> Message-ID: <4003162A.3020705@phpwerx.net> That does sound very odd, though you would have to provide more details to be able to properly diagnose the problem. I do know that affected rows will return the number of rows actually changes by an update, so if you set a value to the value it currently has it will not be counted. As for a DELETE, it will return 0 affected rows if you do not specify a WHERE clause. This is due to an internal speed optimisation, if you don't specify a where clause (in autocommit mode) it actually performs a TRUNCATE on the table. I don't know if this helps you much, but they are the only cases I can think of where you should get an affected_rows value of 0. If your queries do not fall into one of these categories then there is definitely something fishy going on. Dan jon baer wrote: > greetings ... > > i am wondering if this is a client/server incompatibility issue or not, > maybe someone has had the same issue ... when connected to mysql cli and > performing an update or delete on a table i seem to always get "0 rows > affected" in which the case is not true (confirmed by a followed select) ... > > it also seems to be problematic with the mysql_affected_rows() function. > > is there something else i should check? > > - jon > > pgp key: http://www.jonbaer.net/jonbaer.asc > fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From webmaster at localnotion.com Mon Jan 12 20:00:57 2004 From: webmaster at localnotion.com (webmaster at localnotion.com) Date: Mon, 12 Jan 2004 20:00:57 -0500 Subject: [nycphp-talk] integrated toolkit Message-ID: I've always felt PHP needed an integrated toolkit like OpenACS at http://www.openacs.org or Zope. The closest I've seen is the CMS's like PHPNuke and they don't seem to have the breadth of these other systems. I saw somewhere that Chris Shiflett was organizing a PHP community site and I think that is an opportunity to create a unified system which later projects could install and use. It saves developers time initially and if ever new functionality is to be added. Install the core. Add the forums module.(maybe a variant of CLEW) Add the news and polls modules. etc. From felix at students.poly.edu Mon Jan 12 15:49:09 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Mon, 12 Jan 2004 15:49:09 -0500 Subject: [nycphp-talk] integrated toolkit In-Reply-To: References: Message-ID: <20040112154909.51c2c6da.felix@students.poly.edu> > The closest I've seen is the CMS's like PHPNuke and they don't seem to > have the breadth of these other systems. I doubt there is anything a good open source php progect that can be compared to Zope. PHPNuke is a content magement software its by no means a toolkit or framework of reusalbe components and by no means comes close to being compared to something like Zope. There is plenty of php frameworks that are aimed to help speed the process of creating applications. Take a look at this page to get you started http://www.phppatterns.com/index.php/link/category/34/ There is also just class libraries that are there to help you spead up creating coding like PEAR. I could even say that PHP itself id designed for rapid development of web applications. From saradiya at ameba6.com Mon Jan 12 21:56:30 2004 From: saradiya at ameba6.com (Mohanaraj) Date: Tue, 13 Jan 2004 10:56:30 +0800 Subject: [nycphp-talk] Setting up of a PHP Application Framework Index Message-ID: <1073962590.14447.24.camel@human> Hi all, I have been thinking about setting up a website to index and collate all the available PHP Application Frameworks. I am hoping to leave out the more CMS directed frameworks and solely focus on frameworks for generic php application development such as logicreate , seagull,mojavi , phpShop etc. I hope to also collate reviews and feedback from the community on these framework and also put them up on the site. This information and feedback will then be aggregated into some sort of index that I hope will allow PHP users to quickly determine whether a framework is suitable for them. Aspects of frameworks that might be listed in the index would probably be , the type of services it provides (i.e. templates, DB abstraction, caching, security etc), the quality of its documentation, community support etc. Initially this Index will just be a massive HTML table with all the relevant details in , however as the lists gets larger I probably want to make it an index that can be searched. I would be eternally grateful if you could help me answer a few of the questions below: 1.What do you think about the idea? Is it repeating stuff people have already done ? Is it woth the time ? Would it be useful to the community? 2.What would constitute a PHP Application Framework ? How do we discern between th hosts of Nuke derivatives that allow for module development but are not really suitable for more generic application development ? 3. What aspects of Application Frameworks do you think we would need to highlight in the index? Thanks for your time mates. Mohan From dmintz at davidmintz.org Mon Jan 12 22:12:19 2004 From: dmintz at davidmintz.org (David Mintz) Date: Mon, 12 Jan 2004 22:12:19 -0500 (EST) Subject: [nycphp-talk] PHP.INI File on a LAMP Server In-Reply-To: <4002C482.703@phpwerx.net> References: <4002C482.703@phpwerx.net> Message-ID: On Mon, 12 Jan 2004, Dan Cech wrote: > ahh, you'd be better off with: > > find /etc -name php.ini > > and if that fails: > > find / -name php.ini Might I suggest adding 2>/dev/null to that so your screen doesn't fill up with "permission denied" Anyway, the good news is, it ain't hard to figure out where your php.ini is (-: --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From Kbedi at inta.org Tue Jan 13 10:52:06 2004 From: Kbedi at inta.org (Kshitij Bedi) Date: Tue, 13 Jan 2004 10:52:06 -0500 Subject: [nycphp-talk] Array Search Message-ID: Does anyone know a nice way to search a nth dimension of a N dimensional array From chubbard at next-online.net Tue Jan 13 11:26:04 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Tue, 13 Jan 2004 08:26:04 -0800 Subject: [nycphp-talk] Setting up of a PHP Application Framework Index In-Reply-To: <1073962590.14447.24.camel@human> References: <1073962590.14447.24.camel@human> Message-ID: <2EA9AD28-45E5-11D8-98ED-000A95BAE752@next-online.net> Mohan, You might want to take a look at binarycloud. www.binarycloud.com Chris On Jan 12, 2004, at 6:56 PM, Mohanaraj wrote: > Hi all, > > I have been thinking about setting up a website to index and collate > all > the available PHP Application Frameworks. I am hoping to leave out the > more CMS directed frameworks and solely focus on frameworks for generic > php application development such as logicreate , seagull,mojavi , > phpShop etc. > > I hope to also collate reviews and feedback from the community on these > framework and also put them up on the site. > > This information and feedback will then be aggregated into some sort of > index that I hope will allow PHP users to quickly determine whether a > framework is suitable for them. Aspects of frameworks that might be > listed in the index would probably be , the type of services it > provides > (i.e. templates, DB abstraction, caching, security etc), the quality of > its documentation, community support etc. Initially this Index will > just > be a massive HTML table with all the relevant details in , however as > the lists gets larger I probably want to make it an index that can be > searched. > > I would be eternally grateful if you could help me answer a few of the > questions below: > > 1.What do you think about the idea? Is it repeating stuff people have > already done ? Is it woth the time ? Would it be useful to the > community? > > 2.What would constitute a PHP Application Framework ? How do we discern > between th hosts of Nuke derivatives that allow for module development > but are not really suitable for more generic application development ? > > 3. What aspects of Application Frameworks do you think we would need to > highlight in the index? > > > Thanks for your time mates. > > Mohan > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > Chris Hubbard chubbard at next-online.net 425 563 4153 From emm at scriptdigital.com Tue Jan 13 12:46:22 2004 From: emm at scriptdigital.com (Emmanuel =?iso-8859-1?Q?D=E9carie?=) Date: Tue, 13 Jan 2004 12:46:22 -0500 Subject: [nycphp-talk] IIS 5 and .inc files In-Reply-To: <20040112170002.EFF79A8612@virtu.nyphp.org> Message-ID: Hello, My client has a Win2000 server with IIS 5 installed. The sysadmin is saying to me that for IIS *not* to serve dot inc files (like lib.inc), you can't simply use the suffix of the file (as with Apache) and exclude all dot inc files based on their suffix. What you have to do is to put all your dot inc files in a repertory, and then tell IIS that the repertory contains files that are executable but not to be seen in the browser. I'm not a Windows guy (although I have IIS 5/Win2000 on a test machine), but I find it hard that IIS 5 can't discriminate files to be seen by the browser based on their suffix. Is it true? TIA Cheers -Emmanuel -- Emmanuel D?carie / Programmation pour le Web - Programming for the Web - Blog: - AIM: scriptdigital From geek at invisiblemute.com Tue Jan 13 12:58:20 2004 From: geek at invisiblemute.com (invisiblemute) Date: Tue, 13 Jan 2004 12:58:20 -0500 Subject: [nycphp-talk] OT: Health insurance Message-ID: <20040113175820.21661.qmail@hosting33.com> > basement while wearing multiple hats???Netting it out: is there anyone who > would be interested in forming a group so we can go shopping for health > insurance???I'm really tired of writing such a large check each month. I'm interested. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Keith.Richardson at thompsonhealth.com Tue Jan 13 13:23:06 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Tue, 13 Jan 2004 13:23:06 -0500 Subject: [nycphp-talk] IIS 5 and .inc files Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B2AF@ffth-exc01.thompsonhealth.org> I think I figured it out, if I can understand what you want done.. 1) Need PHP to include a file from a directory. in my example, it is http://localhost/testing/index.php 2) The include directory needs to have scripts able to read it, but must deny browsing to those pages. - http://localhost/testing/include/lib.inc What I did: 1) Go into IIS management, and select the directory that you want to change the persmissions on, and in my example, it is /testing/include/ 2) Right click on the folder, and select properties. 3) Uncheck read access. There should be nothing in the checkboxes. 4) Test! You disabled read access from IIS to access those files, so when you type in http://localhost/testing/include/lib.inc - it will give you a HTTP 403.2 - Forbidden: Read Access Forbidden error. The reason why PHP can read the files, is that the system has NTFS permissions to read the file. When php opens a file to read, unless it opens it via a http:// command, it will read it locally, which IIS has no control over. Hope that helps! Keith Richardson -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Emmanuel D?carie Sent: Tuesday, January 13, 2004 12:46 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] IIS 5 and .inc files Hello, My client has a Win2000 server with IIS 5 installed. The sysadmin is saying to me that for IIS *not* to serve dot inc files (like lib.inc), you can't simply use the suffix of the file (as with Apache) and exclude all dot inc files based on their suffix. What you have to do is to put all your dot inc files in a repertory, and then tell IIS that the repertory contains files that are executable but not to be seen in the browser. I'm not a Windows guy (although I have IIS 5/Win2000 on a test machine), but I find it hard that IIS 5 can't discriminate files to be seen by the browser based on their suffix. Is it true? TIA Cheers -Emmanuel -- Emmanuel D?carie / Programmation pour le Web - Programming for the Web - Blog: - AIM: scriptdigital _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Tue Jan 13 13:34:03 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 13 Jan 2004 13:34:03 -0500 Subject: [nycphp-talk] IIS 5 and .inc files In-Reply-To: Message-ID: <002b01c3da03$d21626d0$bf8d3818@oberon1> I don't understand what you are trying to do. given the statement: "I find it hard that IIS 5 can't discriminate files to be seen by the browser based on their suffix. Is it true? " I would suggest looking at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/spptsdk/h tml/tsfpmkvti_htmlextensions.asp if you are trying to establish the validity or non-validity of the quoted statement. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From emm at scriptdigital.com Tue Jan 13 13:40:01 2004 From: emm at scriptdigital.com (Emmanuel =?iso-8859-1?Q?D=E9carie?=) Date: Tue, 13 Jan 2004 13:40:01 -0500 Subject: [nycphp-talk] Re: IIS 5 and .inc files Message-ID: Hello Keith, thanks for the reply. If I understand you, your suggestion doesn't help to resolve my problem because the access control is based on a repertory when I want this access control based on the suffix of the file. Your solution will not work if I have a repertory with this content: http://localhost/testing/index.php http://localhost/testing/index.inc With Apache, it?s easy to tell the server not to serve files that ends with ".inc". I'm trying to figure out if this is possible with IIS 5. Cheers -Emmanuel >Keith J Richardson Keith.Richardson at thompsonhealth.com >Tue Jan 13 13:23:06 EST 2004 >1) Need PHP to include a file from a directory. in my example, it is http://localhost/testing/index.php >2) The include directory needs to have scripts able to read it, but must deny browsing to those pages. - http://localhost/testing/include/lib.inc > >What I did: > >1) Go into IIS management, and select the directory that you want to change the persmissions on, and in my example, it is /testing/include/ >2) Right click on the folder, and select properties. >3) Uncheck read access. There should be nothing in the checkboxes. >4) Test! > >You disabled read access from IIS to access those files, so when you type in http://localhost/testing/include/lib.inc - it will give you a HTTP 403.2 - Forbidden: Read Access Forbidden error. The reason why PHP can read the files, is that the system has NTFS permissions to read the file. When php opens a file to read, unless it opens it via a http:// command, it will read it locally, which IIS has no control over. -- Emmanuel D?carie / Programmation pour le Web - Programming for the Web - Blog: - AIM: scriptdigital From shiflett at php.net Tue Jan 13 13:45:47 2004 From: shiflett at php.net (Chris Shiflett) Date: Tue, 13 Jan 2004 10:45:47 -0800 (PST) Subject: [nycphp-talk] IIS 5 and .inc files In-Reply-To: <002b01c3da03$d21626d0$bf8d3818@oberon1> Message-ID: <20040113184547.91939.qmail@web14303.mail.yahoo.com> While I don't know the answer, I feel like the only one who understands the question. :-) He just wants to know if IIS can be configured to deny requests for URLs that end in .inc. A Windows guy told him that it can't do this, and he finds that hard to believe. I say if the client is using Windows, direct access to .inc files is the least of their worries. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From Keith.Richardson at thompsonhealth.com Tue Jan 13 13:55:01 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Tue, 13 Jan 2004 13:55:01 -0500 Subject: [nycphp-talk] IIS 5 and .inc files Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B2B2@ffth-exc01.thompsonhealth.org> I have a hard time finding it - I can see where you can have different files go to different drivers, say .php goes to php4isapi.dll - but I cant find where you can deny extentions. If someone puts up a word document, then they can download it, or any other wierd extension. If it were me, If I wanted protected files, I would do what I explained, or deny read access on a file by file basis if you dont want a whole directory, or find some wierd hack for IIS (If there is any) OR just install apache win32. :) -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Chris Shiflett Sent: Tuesday, January 13, 2004 1:46 PM To: NYPHP Talk Subject: RE: [nycphp-talk] IIS 5 and .inc files While I don't know the answer, I feel like the only one who understands the question. :-) He just wants to know if IIS can be configured to deny requests for URLs that end in .inc. A Windows guy told him that it can't do this, and he finds that hard to believe. I say if the client is using Windows, direct access to .inc files is the least of their worries. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dcech at phpwerx.net Tue Jan 13 13:55:26 2004 From: dcech at phpwerx.net (Dan Cech) Date: Tue, 13 Jan 2004 13:55:26 -0500 Subject: [nycphp-talk] Re: IIS 5 and .inc files In-Reply-To: References: Message-ID: <40043F1E.4020602@phpwerx.net> Hi Emmanuel, I do not use IIS myself, so I am not sure if there is a mechanism to perform the function you need, though I haven't been able to find anything in the documentation. One solution which may solve the problem is to associate the .inc extension with php, and then include the following code at the top of your .inc files: if ( $_SERVER['PHP_SELF'] == __FILE__ ) { exit; } You can gain similar functionality by defining a constant in your index.php with: define ('MY_CONSTANT', 1); and then in index.inc: if ( !defined ('MY_CONSTANT') ) { exit; } Other than that, my advice is to use a real webserver. Dan Emmanuel D?carie wrote: > Hello Keith, thanks for the reply. > > If I understand you, your suggestion doesn't help to resolve my problem because > the access control is based on a repertory when I want this access control based > on the suffix of the file. > > Your solution will not work if I have a repertory with this content: > http://localhost/testing/index.php > http://localhost/testing/index.inc > > With Apache, it?s easy to tell the server not to serve files that ends with > ".inc". I'm trying to figure out if this is possible with IIS 5. > > Cheers > -Emmanuel > > > >>Keith J Richardson Keith.Richardson at thompsonhealth.com >>Tue Jan 13 13:23:06 EST 2004 > > >>1) Need PHP to include a file from a directory. in my example, it is > > http://localhost/testing/index.php > >>2) The include directory needs to have scripts able to read it, but must deny > > browsing to those pages. - http://localhost/testing/include/lib.inc > >>What I did: >> >>1) Go into IIS management, and select the directory that you want to change the > > persmissions on, and in my example, it is /testing/include/ > >>2) Right click on the folder, and select properties. >>3) Uncheck read access. There should be nothing in the checkboxes. >>4) Test! >> >>You disabled read access from IIS to access those files, so when you type in > > http://localhost/testing/include/lib.inc - it will give you a HTTP 403.2 - > Forbidden: Read Access Forbidden error. The reason why PHP can read the files, > is that the system has NTFS permissions to read the file. When php opens a file > to read, unless it opens it via a http:// command, it will read it locally, > which IIS has no control over. > -- > Emmanuel D?carie / Programmation pour le Web - Programming for the Web > - Blog: - AIM: scriptdigital > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From Thomas.Freedman at ubs.com Tue Jan 13 14:43:09 2004 From: Thomas.Freedman at ubs.com (Freedman, Tom S.) Date: Tue, 13 Jan 2004 14:43:09 -0500 Subject: [nycphp-talk] Re: IIS 5 and .inc files Message-ID: I found a (possibly "the"?) solution here: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=7xxGhc1uDHA .736%40cpmsftngxa07.phx.gbl Refers to the url http://support.microsoft.com/?id=326444 It's a tool called URLScan, which is part of the IIS Lockdown Tool. The newsgroup article is a description by a Microsoft employee of how to configure URLScan to exclude based on file extension. -----Original Message----- From: Emmanuel D?carie [mailto:emm at scriptdigital.com] Sent: Tuesday, January 13, 2004 1:40 PM To: talk at lists.nyphp.org Subject: [nycphp-talk] Re: IIS 5 and .inc files Hello Keith, thanks for the reply. If I understand you, your suggestion doesn't help to resolve my problem because the access control is based on a repertory when I want this access control based on the suffix of the file. Your solution will not work if I have a repertory with this content: http://localhost/testing/index.php http://localhost/testing/index.inc With Apache, it's easy to tell the server not to serve files that ends with ".inc". I'm trying to figure out if this is possible with IIS 5. Cheers -Emmanuel >Keith J Richardson Keith.Richardson at thompsonhealth.com >Tue Jan 13 13:23:06 EST 2004 >1) Need PHP to include a file from a directory. in my example, it is http://localhost/testing/index.php >2) The include directory needs to have scripts able to read it, but must deny browsing to those pages. - http://localhost/testing/include/lib.inc > >What I did: > >1) Go into IIS management, and select the directory that you want to change the persmissions on, and in my example, it is /testing/include/ >2) Right click on the folder, and select properties. >3) Uncheck read access. There should be nothing in the checkboxes. >4) Test! > >You disabled read access from IIS to access those files, so when you type in http://localhost/testing/include/lib.inc - it will give you a HTTP 403.2 - Forbidden: Read Access Forbidden error. The reason why PHP can read the files, is that the system has NTFS permissions to read the file. When php opens a file to read, unless it opens it via a http:// command, it will read it locally, which IIS has no control over. -- Emmanuel D?carie / Programmation pour le Web - Programming for the Web - Blog: - AIM: scriptdigital _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk Please do not transmit orders or instructions regarding a UBS account by email. The information provided in this email or any attachments is not an official transaction confirmation or account statement. For your protection, do not include account numbers, Social Security numbers, credit card numbers, passwords or other non-public information in your email. Because the information contained in this message may be privileged, confidential, proprietary or otherwise protected from disclosure, please notify us immediately by replying to this message and deleting it from your computer if you have received this communication in error. Thank you. UBS Financial Services Inc. UBS International Inc. From jsiegel1 at optonline.net Tue Jan 13 15:22:20 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 13 Jan 2004 15:22:20 -0500 Subject: [nycphp-talk] Re: IIS 5 and .inc files In-Reply-To: References: Message-ID: <4004537C.4000805@optonline.net> Hmmm...is there a pattern emerging based on these replies? ;) "I say if the client is using Windows, direct access to .inc files is the least of their worries." "OR just install apache win32." "Other than that, my advice is to use a real webserver." Jeff Siegel Freedman, Tom S. wrote: > I found a (possibly "the"?) solution here: > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=7xxGhc1uDHA > .736%40cpmsftngxa07.phx.gbl > > Refers to the url http://support.microsoft.com/?id=326444 > > It's a tool called URLScan, which is part of the IIS Lockdown Tool. The > newsgroup article is a description by a Microsoft employee of how to > configure URLScan to exclude based on file extension. > > -----Original Message----- > From: Emmanuel D?carie [mailto:emm at scriptdigital.com] > Sent: Tuesday, January 13, 2004 1:40 PM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] Re: IIS 5 and .inc files > > Hello Keith, thanks for the reply. > > If I understand you, your suggestion doesn't help to resolve my problem > because > the access control is based on a repertory when I want this access control > based > on the suffix of the file. > > Your solution will not work if I have a repertory with this content: > http://localhost/testing/index.php > http://localhost/testing/index.inc > > With Apache, it's easy to tell the server not to serve files that ends with > ".inc". I'm trying to figure out if this is possible with IIS 5. > > Cheers > -Emmanuel > > > >>Keith J Richardson Keith.Richardson at thompsonhealth.com >>Tue Jan 13 13:23:06 EST 2004 > > >>1) Need PHP to include a file from a directory. in my example, it is > > http://localhost/testing/index.php > >>2) The include directory needs to have scripts able to read it, but must > > deny > browsing to those pages. - http://localhost/testing/include/lib.inc > >>What I did: >> >>1) Go into IIS management, and select the directory that you want to change > > the > persmissions on, and in my example, it is /testing/include/ > >>2) Right click on the folder, and select properties. >>3) Uncheck read access. There should be nothing in the checkboxes. >>4) Test! >> >>You disabled read access from IIS to access those files, so when you type > > in > http://localhost/testing/include/lib.inc - it will give you a HTTP 403.2 - > Forbidden: Read Access Forbidden error. The reason why PHP can read the > files, > is that the system has NTFS permissions to read the file. When php opens a > file > to read, unless it opens it via a http:// command, it will read it locally, > which IIS has no control over. > -- > Emmanuel D?carie / Programmation pour le Web - Programming for the Web > - Blog: - AIM: > scriptdigital > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > Please do not transmit orders or instructions regarding a UBS account by > email. The information provided in this email or any attachments is not an > official transaction confirmation or account statement. For your protection, > do not include account numbers, Social Security numbers, credit card > numbers, passwords or other non-public information in your email. Because > the information contained in this message may be privileged, confidential, > proprietary or otherwise protected from disclosure, please notify us > immediately by replying to this message and deleting it from your computer > if you have received this communication in error. Thank you. > > UBS Financial Services Inc. > UBS International Inc. > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From emm at scriptdigital.com Tue Jan 13 16:34:17 2004 From: emm at scriptdigital.com (Emmanuel =?iso-8859-1?Q?D=E9carie?=) Date: Tue, 13 Jan 2004 16:34:17 -0500 Subject: [nycphp-talk] Re: IIS 5 and .inc files In-Reply-To: <20040113202228.CE70EA876D@virtu.nyphp.org> Message-ID: Hey thanks Tom for the answer, its exactly what I was looking for. Thanks also to the others that replied. And sorry for not establishing clearly my question. Re Win2000 and IIS. These are not my choices. I'm always pushing for an Apache/FreeBSD/Debian/OS X solution. I rather develop on a *nix environment. Also, I'm using a framework where the important dot inc files are not in a public repertory. But I had some .inc files in the public repertory. These contains mainly html to be included in the .php files. >Date: Tue, 13 Jan 2004 14:43:09 -0500 >From: "Freedman, Tom S." >Refers to the url http://support.microsoft.com/?id=326444 > >It's a tool called URLScan, which is part of the IIS Lockdown Tool. The >newsgroup article is a description by a Microsoft employee of how to >configure URLScan to exclude based on file extension. Cheers -Emmanuel -- Emmanuel D?carie / Programmation pour le Web - Programming for the Web - Blog: - AIM: scriptdigital From jsiegel1 at optonline.net Tue Jan 13 21:49:22 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 13 Jan 2004 21:49:22 -0500 Subject: [nycphp-talk] OT: Unable to receive mail Message-ID: <4004AE32.1090708@optonline.net> I'm having what might be called a long-running "feud" with a client. Their computer tech claims the problem is in my code...I claim the problem is in their mail server. Here's the scenario. A PHP form sends out two emails upon completion: one to the client and a confirmation copy to the person who filled out the form. If I use my own email address in place of my client's address, I always receive the emails that come from the form. If I substitute my client's address as the recipient, the client never receives the email. I suspect that the problem lies in the configuration of the client's mail server, namely MS Exchange Server, that has a number of things shut down (or perhaps, filtered is the right term) so that spammers don't use their mail server. (Yes, this happened to them...some spammer figured out that they could use their mail server to send out a zillion emails.) Below is a copy of the message headers. What I think is happening is that whatever they've configured in Exchange Server prevents a message with these headers from getting through. Any help with this is greatly appreciated. Jeff Siegel ==================================== MESSAGE HEADERS FYI: 1) hofweb8.com is the ISP's mail server. 2) "website.com" doesn't exist...it's a bogus name ==================================== From - Tue Jan 13 17:43:24 2004 X-UIDL: 365417 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from hofweb8.com (hofweb8.com [209.139.92.11]) by dauntless.cnchost.com (ConcentricHost SMTP MX 1.43) id RAA20576 for ; Tue, 13 Jan 2004 17:41:56 -0500 (EST) Errors-To: Received: from mediplus by hofweb8.com with local (Exim 4.20) id 1AgXE9-0002aK-8f for jsiegel at mydomain.com; Tue, 13 Jan 2004 17:41:37 -0500 To: jsiegel at mydomain.com Subject: A new IME-Peer Review Request: Ref. Num.: C9D1567DFD6247 From: "jerrywebreferral at website.com" Reply-To: X-Sender: X-Mailer: PHP4 X-Priority: 1 Message-Id: Date: Tue, 13 Jan 2004 17:41:37 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - hofweb8.com X-AntiAbuse: Original Domain - mydomain.com X-AntiAbuse: Originator/Caller UID/GID - [1118 1119] / [26 6] X-AntiAbuse: Sender Address Domain - hofweb8.com X-UIDL: 365417 From dan at mx2pro.com Tue Jan 13 21:54:03 2004 From: dan at mx2pro.com (Dan Horning) Date: Tue, 13 Jan 2004 21:54:03 -0500 Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <4004AE32.1090708@optonline.net> Message-ID: <20040114025407.8DF2AA85E9@virtu.nyphp.org> send a copy of your code to me offlist.. w/o any changes to domains and such and I'll test it Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel Sent: Tuesday, January 13, 2004 9:49 PM To: NYPHP Talk Subject: [nycphp-talk] OT: Unable to receive mail I'm having what might be called a long-running "feud" with a client. Their computer tech claims the problem is in my code...I claim the problem is in their mail server. Here's the scenario. A PHP form sends out two emails upon completion: one to the client and a confirmation copy to the person who filled out the form. If I use my own email address in place of my client's address, I always receive the emails that come from the form. If I substitute my client's address as the recipient, the client never receives the email. I suspect that the problem lies in the configuration of the client's mail server, namely MS Exchange Server, that has a number of things shut down (or perhaps, filtered is the right term) so that spammers don't use their mail server. (Yes, this happened to them...some spammer figured out that they could use their mail server to send out a zillion emails.) Below is a copy of the message headers. What I think is happening is that whatever they've configured in Exchange Server prevents a message with these headers from getting through. Any help with this is greatly appreciated. Jeff Siegel ==================================== MESSAGE HEADERS FYI: 1) hofweb8.com is the ISP's mail server. 2) "website.com" doesn't exist...it's a bogus name ==================================== From - Tue Jan 13 17:43:24 2004 X-UIDL: 365417 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from hofweb8.com (hofweb8.com [209.139.92.11]) by dauntless.cnchost.com (ConcentricHost SMTP MX 1.43) id RAA20576 for ; Tue, 13 Jan 2004 17:41:56 -0500 (EST) Errors-To: Received: from mediplus by hofweb8.com with local (Exim 4.20) id 1AgXE9-0002aK-8f for jsiegel at mydomain.com; Tue, 13 Jan 2004 17:41:37 -0500 To: jsiegel at mydomain.com Subject: A new IME-Peer Review Request: Ref. Num.: C9D1567DFD6247 From: "jerrywebreferral at website.com" Reply-To: X-Sender: X-Mailer: PHP4 X-Priority: 1 Message-Id: Date: Tue, 13 Jan 2004 17:41:37 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - hofweb8.com X-AntiAbuse: Original Domain - mydomain.com X-AntiAbuse: Originator/Caller UID/GID - [1118 1119] / [26 6] X-AntiAbuse: Sender Address Domain - hofweb8.com X-UIDL: 365417 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From bpang at bpang.com Tue Jan 13 22:40:08 2004 From: bpang at bpang.com (bpang at bpang.com) Date: Tue, 13 Jan 2004 22:40:08 -0500 (EST) Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <20040114025407.8DF2AA85E9@virtu.nyphp.org> References: <4004AE32.1090708@optonline.net> <20040114025407.8DF2AA85E9@virtu.nyphp.org> Message-ID: <.38.117.145.89.1074051608.squirrel@www.bpang.com> I'm confused... Did you insert website.com for the sake of displaying the code in place of the real domain name? And what of mydomain.com? > 2) "website.com" doesn't exist...it's a bogus name From jsiegel1 at optonline.net Tue Jan 13 23:31:18 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 13 Jan 2004 23:31:18 -0500 Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <".38.117.145.89.1074051608.squirrel"@www.bpang.com> References: <4004AE32.1090708@optonline.net> <20040114025407.8DF2AA85E9@virtu.nyphp.org> <".38.117.145.89.1074051608.squirrel"@www.bpang.com> Message-ID: <4004C616.3070900@optonline.net> Actually...it wasn't for "display purposes" whereas "mydomain.com" was, indeed, for display purposes. The more I look into this the more I realize that the problem is in the headers. Whereas my ISP seems to let most anything slip through...my client's mail server does not. At least that's the conclusion I've come to at this late hour. ;) Jeff bpang at bpang.com wrote: > I'm confused... Did you insert website.com for the sake of displaying the > code in place of the real domain name? And what of mydomain.com? > > >>2) "website.com" doesn't exist...it's a bogus name > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From wiw at nyc.rr.com Tue Jan 13 23:56:38 2004 From: wiw at nyc.rr.com (Bill Wolf) Date: Tue, 13 Jan 2004 23:56:38 -0500 Subject: [nycphp-talk] Connecting to MySQL on host questions Message-ID: <200401140456.i0E4uaOf017421@nycsmtp3out.rdc-nyc.rr.com> Brand new to PHP. Got a couple of questions. The following code runs on my local machine but not on my host. On the host I'm not sure what value to use for the $site variable. Using the website or IP address isn't working. >> // connect to the RDBMS $db = mysql_connect("$site","$user","$pass") or die_now("

Could not connect to database server

Check passwords and sockets

$site,$user,$pass"); // select the database mysql_select_db("$database",$db) or die_now("

Could not select database $database

Check database name

"); << Also, why does one select the database after logging in with the user/pw? Does a username span all of my databases or are users under a given database? And also, on a typical web host that serves many accounts, am I sharing a database with other host accounts or do I have my very own MySQL instance? And lastly, is there a way to connect to MySQL on my host using a client side tool like MySQL Turbo Manager? Is the account I'd use the same account/pw I'd use to FTP files or is it one of the MYSQL usernames? Much thanks -Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Wed Jan 14 00:18:56 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 14 Jan 2004 00:18:56 -0500 Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <4004AE32.1090708@optonline.net> References: <4004AE32.1090708@optonline.net> Message-ID: <20040114051856.GA8186@panix.com> Hi Jeff: On Tue, Jan 13, 2004 at 09:49:22PM -0500, Jeff Siegel wrote: > If I use my own > email address in place of my client's address, I always receive the > emails that come from the form. If I substitute my client's address as > the recipient, the client never receives the email. > > I suspect that the problem lies in the configuration of the client's > mail server, namely MS Exchange Server Say no more! :) To prove to them that their mail server is the problem, have the script send out three emails. One to them, one to the client and then the third to some neutral email account that someone on their staff controls (Yahoo, Hotmail, other ISP). This way, they can verify that the emails are indeed being sent. Of course, IF they really knew what they were doing, they would have already looked at the mail server's logs and been able to see that your mails are getting to their server and are being rejected -- and tell you WHY they are being rejected -- and then fix the problem on their end. But, then they'd have to point the finger at themselves... and do some work... Oh well, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Wed Jan 14 00:25:12 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 14 Jan 2004 00:25:12 -0500 Subject: [nycphp-talk] Connecting to MySQL on host questions In-Reply-To: <200401140456.i0E4uaOf017421@nycsmtp3out.rdc-nyc.rr.com> References: <200401140456.i0E4uaOf017421@nycsmtp3out.rdc-nyc.rr.com> Message-ID: <20040114052512.GB8186@panix.com> On Tue, Jan 13, 2004 at 11:56:38PM -0500, Bill Wolf wrote: > > The following code runs on my local machine but not on my host. On the host > I'm not sure what value to use for the $site variable. Using the website or > IP address isn't working. Check $php_errormsg when doing mysql_connect() has problems. Also, chances are $site needs to be 'localhost' rather than the domain name. Also, does the MySQL installation there have all the permissions lined up for the host, user, password, database combination. All of this information should be given to you by your ISP -- or you can figure it out if you have access to the 'mysql' database which contains all of the priveleges information. I'm guessing you need to read up on the privileges system: http://www.mysql.com/doc/en/Privilege_system.html --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From wiw at nyc.rr.com Wed Jan 14 00:56:29 2004 From: wiw at nyc.rr.com (Bill Wolf) Date: Wed, 14 Jan 2004 00:56:29 -0500 Subject: [nycphp-talk] RE: Connecting to MySQL on host questions Message-ID: <200401140556.i0E5uQtu026072@nycsmtp4out-eri0.rdc-nyc.rr.com> Thanks Dan. You nailed it. I changed the db to localhost and it's working. THANKS!! Info from my isp? Not likely but that's what you get for $3.95 a month. _____ On Tue, Jan 13, 2004 at 11:56:38PM -0500, Bill Wolf wrote: > > The following code runs on my local machine but not on my host. On the host > I'm not sure what value to use for the $site variable. Using the website or > IP address isn't working. Check $php_errormsg when doing mysql_connect() has problems. Also, chances are $site needs to be 'localhost' rather than the domain name. Also, does the MySQL installation there have all the permissions lined up for the host, user, password, database combination. All of this information should be given to you by your ISP -- or you can figure it out if you have access to the 'mysql' database which contains all of the priveleges information. I'm guessing you need to read up on the privileges system: http://www.mysql.com/doc/en/Privilege_system.html --Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: From webapprentice at mail.com Wed Jan 14 00:02:40 2004 From: webapprentice at mail.com (Webapprentice .) Date: Wed, 14 Jan 2004 00:02:40 -0500 Subject: [nycphp-talk] Using $_FILES["whatever"]["type"] correctly Message-ID: <20040114050240.19693.qmail@mail.com> Hi, I'm trying to compare the type of file I uploaded with certain MIME types as part of a series of checks. In one case, $imageType was equal to "image/jpeg" but it still fell into my error area. Why? I thought at first it was "short-circuiting" on the if statement, but that would apply to && conditions, right? Thanks. Code snippet ------------ if ($_FILES["frontimage"]["name"] != "") { $imageType = $_FILES["frontimage"]["type"]; // Check MIME Type if ((strtolower($imageType) != "image/png") || (strtolower($imageType) != "image/jpeg") || (strtolower($imageType) != "image/gif")) { $errorMessage["frontimage"] = "Please upload images with the extension .jpg or .jpeg or .gif or .png only."; $errors = 1; echo($imageType); exit(); } } -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From webmaster at localnotion.com Wed Jan 14 07:01:12 2004 From: webmaster at localnotion.com (Terenzio) Date: Wed, 14 Jan 2004 07:01:12 -0500 Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <4004AE32.1090708@optonline.net> References: <4004AE32.1090708@optonline.net> Message-ID: <591B60EC-4689-11D8-8CFE-0003938BDF32@localnotion.com> While I no I set myself up to get stung in the rear, it's got to be their mail system. Or does Microsoft want programmers to have to start including platform specific code? If an email was sent.........it was sent. If one server can receive it and another can't........ Well, so its not that simple , but it probably is. On Jan 13, 2004, at 9:49 PM, Jeff Siegel wrote: > I'm having what might be called a long-running "feud" with a client. > Their computer tech claims the problem is in my code...I claim the > problem is in their mail server. Here's the scenario. > > A PHP form sends out two emails upon completion: one to the client and > a confirmation copy to the person who filled out the form. If I use my > own email address in place of my client's address, I always receive > the emails that come from the form. If I substitute my client's > address as the recipient, the client never receives the email. > > I suspect that the problem lies in the configuration of the client's > mail server, namely MS Exchange Server, that has a number of things > shut down (or perhaps, filtered is the right term) so that spammers > don't use their mail server. (Yes, this happened to them...some > spammer figured out that they could use their mail server to send out > a zillion emails.) > > Below is a copy of the message headers. What I think is happening is > that whatever they've configured in Exchange Server prevents a message > with these headers from getting through. > > Any help with this is greatly appreciated. > > Jeff Siegel > ==================================== > MESSAGE HEADERS > FYI: > 1) hofweb8.com is the ISP's mail server. > 2) "website.com" doesn't exist...it's a bogus name > > ==================================== > From - Tue Jan 13 17:43:24 2004 > X-UIDL: 365417 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-Path: > Received: from hofweb8.com (hofweb8.com [209.139.92.11]) > by dauntless.cnchost.com (ConcentricHost SMTP MX 1.43) > id RAA20576 for ; Tue, 13 Jan 2004 > 17:41:56 -0500 (EST) > Errors-To: > Received: from mediplus by hofweb8.com with local (Exim 4.20) > id 1AgXE9-0002aK-8f > for jsiegel at mydomain.com; Tue, 13 Jan 2004 17:41:37 -0500 > To: jsiegel at mydomain.com > Subject: A new IME-Peer Review Request: Ref. Num.: C9D1567DFD6247 > From: "jerrywebreferral at website.com" > Reply-To: > X-Sender: > X-Mailer: PHP4 > X-Priority: 1 > Message-Id: > Date: Tue, 13 Jan 2004 17:41:37 -0500 > X-AntiAbuse: This header was added to track abuse, please include it > with any abuse report > X-AntiAbuse: Primary Hostname - hofweb8.com > X-AntiAbuse: Original Domain - mydomain.com > X-AntiAbuse: Originator/Caller UID/GID - [1118 1119] / [26 6] > X-AntiAbuse: Sender Address Domain - hofweb8.com > X-UIDL: 365417 > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From webmaster at localnotion.com Wed Jan 14 07:25:01 2004 From: webmaster at localnotion.com (Terenzio) Date: Wed, 14 Jan 2004 07:25:01 -0500 Subject: [nycphp-talk] Using $_FILES["whatever"]["type"] correctly In-Reply-To: <20040114050240.19693.qmail@mail.com> References: <20040114050240.19693.qmail@mail.com> Message-ID: On Jan 14, 2004, at 12:02 AM, Webapprentice . wrote: > Hi, > > I'm trying to compare the type of file I uploaded with certain MIME > types as part of a series of checks. > > In one case, $imageType was equal to "image/jpeg" but it still fell > into my error area. By one case, do you mean one particular file always does this , or it happened once and not again? > Why? I thought at first it was "short-circuiting" on the if > statement, but that would apply to && conditions, right? > > > Thanks. > > > Code snippet > ------------ > > > if ($_FILES["frontimage"]["name"] != "") > { > $imageType = $_FILES["frontimage"]["type"]; > > // Check MIME Type > if ((strtolower($imageType) != "image/png") || > (strtolower($imageType) != "image/jpeg") || (strtolower($imageType) != > "image/gif")) > { > $errorMessage["frontimage"] = "Please upload images with the > extension .jpg or .jpeg or .gif or .png only."; > $errors = 1; > echo($imageType); > exit(); > } > } > > -- > ___________________________________________________________ > Sign-up for Ads Free at Mail.com > http://promo.mail.com/adsfreejump.htm > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From Keith.Richardson at thompsonhealth.com Wed Jan 14 08:01:50 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Wed, 14 Jan 2004 08:01:50 -0500 Subject: [nycphp-talk] OT: Unable to receive mail Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745E350@ffth-exc01.thompsonhealth.org> Here at work we use a MS Exchange 2000 server, which was installed recently. The one thing that they disabled was SMTP access unless you were logged into the domain, and they had to disable that to allow PHP to send emails. I am sure that we can make it "log on" to the mail server, but right now we decided not to. Here is my php.ini settings: SMTP is set to 172.17.1.13 (Internal Email server IP Address, not addressable from the internet) sendmail_from is set to php at thompsonhealth.org (an alias that I created for my account) sendmail_path is blank. I can create an email message with those settings just by doing: mail("keith.richardson at thompsonhealth.org","this is a test subject","This is a test message"); and it will send an email to myself. maybe it is a problem with your email address not being on the exchange server, so it denys email messages sending through it from you? I would believe that this is some setting in exchange that is blocking you. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel Sent: Tuesday, January 13, 2004 9:49 PM To: NYPHP Talk Subject: [nycphp-talk] OT: Unable to receive mail I'm having what might be called a long-running "feud" with a client. Their computer tech claims the problem is in my code...I claim the problem is in their mail server. Here's the scenario. A PHP form sends out two emails upon completion: one to the client and a confirmation copy to the person who filled out the form. If I use my own email address in place of my client's address, I always receive the emails that come from the form. If I substitute my client's address as the recipient, the client never receives the email. I suspect that the problem lies in the configuration of the client's mail server, namely MS Exchange Server, that has a number of things shut down (or perhaps, filtered is the right term) so that spammers don't use their mail server. (Yes, this happened to them...some spammer figured out that they could use their mail server to send out a zillion emails.) Below is a copy of the message headers. What I think is happening is that whatever they've configured in Exchange Server prevents a message with these headers from getting through. Any help with this is greatly appreciated. Jeff Siegel ==================================== MESSAGE HEADERS FYI: 1) hofweb8.com is the ISP's mail server. 2) "website.com" doesn't exist...it's a bogus name ==================================== From - Tue Jan 13 17:43:24 2004 X-UIDL: 365417 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Received: from hofweb8.com (hofweb8.com [209.139.92.11]) by dauntless.cnchost.com (ConcentricHost SMTP MX 1.43) id RAA20576 for ; Tue, 13 Jan 2004 17:41:56 -0500 (EST) Errors-To: Received: from mediplus by hofweb8.com with local (Exim 4.20) id 1AgXE9-0002aK-8f for jsiegel at mydomain.com; Tue, 13 Jan 2004 17:41:37 -0500 To: jsiegel at mydomain.com Subject: A new IME-Peer Review Request: Ref. Num.: C9D1567DFD6247 From: "jerrywebreferral at website.com" Reply-To: X-Sender: X-Mailer: PHP4 X-Priority: 1 Message-Id: Date: Tue, 13 Jan 2004 17:41:37 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - hofweb8.com X-AntiAbuse: Original Domain - mydomain.com X-AntiAbuse: Originator/Caller UID/GID - [1118 1119] / [26 6] X-AntiAbuse: Sender Address Domain - hofweb8.com X-UIDL: 365417 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Keith.Richardson at thompsonhealth.com Wed Jan 14 08:12:10 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Wed, 14 Jan 2004 08:12:10 -0500 Subject: [nycphp-talk] Connecting to MySQL on host questions Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745E351@ffth-exc01.thompsonhealth.org> If you need to run a mysql connection from a different machine than the localhost, you can add the ips and/or hostnames to the usernames to connect to mysql. You can say that user test/test can only connect from localhost, or from any host, or from your host, and then give them permissions that way. I have noticed that if you give access to some hosts, it maybe will say its connecting from another server, say the IP, the hostname, the hostname with a subdomain off of it, so to find out why you arent connecting, when you die() after the connect, use die(mysql_error()) - and it will display the proper error. I tried to connect from our intranet server to my win2k desktop that is running mysql, and mysql_error() puts out Access denied for user: 'root at 172.17.1.11' (Using password: YES) - so you know that you have to allow that user access from the host 172.17.1.11 - now if it was a machine with a FQDN, the domain name would probabally show up there. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Daniel Convissor Sent: Wednesday, January 14, 2004 12:25 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Connecting to MySQL on host questions On Tue, Jan 13, 2004 at 11:56:38PM -0500, Bill Wolf wrote: > > The following code runs on my local machine but not on my host. On the host > I'm not sure what value to use for the $site variable. Using the website or > IP address isn't working. Check $php_errormsg when doing mysql_connect() has problems. Also, chances are $site needs to be 'localhost' rather than the domain name. Also, does the MySQL installation there have all the permissions lined up for the host, user, password, database combination. All of this information should be given to you by your ISP -- or you can figure it out if you have access to the 'mysql' database which contains all of the priveleges information. I'm guessing you need to read up on the privileges system: http://www.mysql.com/doc/en/Privilege_system.html --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From eric at persson.tm Wed Jan 14 08:28:36 2004 From: eric at persson.tm (Eric Persson) Date: Wed, 14 Jan 2004 14:28:36 +0100 Subject: [nycphp-talk] Using $_FILES["whatever"]["type"] correctly In-Reply-To: <20040114050240.19693.qmail@mail.com> References: <20040114050240.19693.qmail@mail.com> Message-ID: <40054404.9080303@persson.tm> Webapprentice . wrote: > $imageType = $_FILES["frontimage"]["type"]; Using the type thats in $_FILES is generally a bad idea, since its set by the browser, and different browsers set different types for the same file. I usually use the *nix program file program to determine the filetype, then you know that it will always return the same typ for the same type of files. Something like file -ib gives the type on the last line. Just my idea. :) //Eric -- Help Webaid.se help the world. http://www.webaid.se From dcech at phpwerx.net Wed Jan 14 10:11:53 2004 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 14 Jan 2004 10:11:53 -0500 Subject: [nycphp-talk] Using $_FILES["whatever"]["type"] correctly In-Reply-To: <20040114050240.19693.qmail@mail.com> References: <20040114050240.19693.qmail@mail.com> Message-ID: <40055C39.7090505@phpwerx.net> Hi, Webapprentice . wrote: > Hi, > > I'm trying to compare the type of file I uploaded with certain MIME types as part of a series of checks. There are definite issues with using the provided mime type as it is provided by the browser. Realistically however you can probably get away with it for most situations. Once the script is running it may be an idea to put in some code to use mime_content_type or file -ib to get a more accurate mime type. > In one case, $imageType was equal to "image/jpeg" but it still fell into my error area. > Why? I thought at first it was "short-circuiting" on the if statement, but that would apply to && conditions, right? There is indeed an error in the construction of your if statement. Your test will NEVER return FALSE. A better routine would be: if ($_FILES['frontimage']['name'] != '') { $imageType = $_FILES['frontimage']['type']; // Check MIME Type if ( !in_array(strtolower($imageType),array('image/png','image/jpeg','image/gif')) ) { $errorMessage['frontimage'] = 'Please upload images with the extension .jpg or .jpeg or .gif or .png only.'; $errors = 1; echo($imageType); exit(); } } The critical line is: !in_array(strtolower($imageType),array('image/png','image/jpeg','image/gif')) Conceptually this makes a lot of sense, if the imagetype is not in the array of 'good' types, throw an error. The code will also be a lot faster because it eliminates several calls to strtolower, and all the double-quotes are replaced with single-quotes. Dan > Thanks. > > > Code snippet > ------------ > > > if ($_FILES["frontimage"]["name"] != "") > { > $imageType = $_FILES["frontimage"]["type"]; > > // Check MIME Type > if ((strtolower($imageType) != "image/png") || (strtolower($imageType) != "image/jpeg") || (strtolower($imageType) != "image/gif")) > { > $errorMessage["frontimage"] = "Please upload images with the extension .jpg or .jpeg or .gif or .png only."; > $errors = 1; > echo($imageType); > exit(); > } > } > >From hans not junk at nyphp.com Wed Jan 14 10:35:19 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 9D49CA85A6 for ; Wed, 14 Jan 2004 10:35:19 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] Quoting and netiquette Date: Wed, 14 Jan 2004 07:35:17 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F87374BD8 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] Quoting and netiquette Thread-Index: AcPZKN9547j6aHbvSxWW/1myRW6LnABiv20Q From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 15:35:20 -0000 > This list is excellent and I follow it with great pleasure.=20 > But unfortunately, this is one of the list I am on that have the worst > netiquette regarding quoting. Can I humbly advice to be gentle to others list=20 Granted, it can be bad, but I've seen some pretty bad quoting on other lists :) > members and trim your quotes only to what is relevant in the message you're are replying. Certainly valid... good quoting and email forming is critical. And, as clew takes shape and moves in to replace this system, messages *must* be well formed. We've been needing to get some posting guidelines and do's/don't's for the NYPHP lists. If anyone has any written up, I'll be happy to add them to nyphp.org H >From hans not junk at nyphp.com Wed Jan 14 10:39:04 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 5A2F7A85A6 for ; Wed, 14 Jan 2004 10:39:04 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] mysql + 0 rows affected error Date: Wed, 14 Jan 2004 07:39:02 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F87374BD9 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] mysql + 0 rows affected error Thread-Index: AcPZUmq7+EdpGi4vR426jbqw54rEHwBYdHxg From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 15:39:04 -0000 > i am wondering if this is a client/server incompatibility=20 > issue or not, maybe someone has had the same issue ... when connected to=20 > mysql cli and performing an update or delete on a table i seem to always get "0 rows > affected" in which the case is not true (confirmed by a followed select) ... Are you affecting all rows in the table? Is a WHERE clause specified? Otherwise, maybe the cli and server versions are incompatible... H >From hans not junk at nyphp.com Wed Jan 14 10:42:48 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 160FCA85A6 for ; Wed, 14 Jan 2004 10:42:48 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] php ncurses based mysql process watcher.. (preview) Date: Wed, 14 Jan 2004 07:42:46 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F87374BDB at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] php ncurses based mysql process watcher.. (preview) Thread-Index: AcPYeOvYpZv9IoRGRUyHKR8uW4evpwCO+crA From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 15:42:48 -0000 > Hi Hans, > Yea, that is me, just moved here to Manhattan from New Orleans (prior Welcome to NYC. > from the west coast). Found this list and am pretty excited=20 > about it as a php group in nola consists of a few guys sitting at a bar chatting > about what can be done in the language. Not really that much different here... > Anyway, if any of you are going to the Linux Expo at the Javitz center > (Jan 21st-23rd) you will be able to find me there. We sure are... http://nyphp.org/content/linuxworld/ Hope you can stop by the booth. > Mview will be released from one of my servers located in our=20 > New Orleans data center as per the restrictions for source control (it is part of > the deal in being able to opensource a project from my work). It is > already a tool that I always keep running here and most people at my > work are running throughout the day to see the realtime graphs of the > mysql servers. >=20 > I am looking at a two week or so timeframe to be able to=20 > opensource the project.=20 If you want to show the app off at LinuxWorld, you're welcomed to use our booth. > I am currently working on a version that uses lines for the graphs > instead of ascii. And hopefully can get a color-spread in so that it > varies from blue to red etc..=20 >=20 > It looks cool and serves a purpose. Looking forward to using it. H --- Hans Zaunere President http://nyphp.com From jsiegel1 at optonline.net Wed Jan 14 10:47:13 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 10:47:13 -0500 Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <591B60EC-4689-11D8-8CFE-0003938BDF32@localnotion.com> References: <4004AE32.1090708@optonline.net> <591B60EC-4689-11D8-8CFE-0003938BDF32@localnotion.com> Message-ID: <40056481.4060700@optonline.net> I'm wondering if it *is* that simple...but the jury is still out on this one. Jeff Terenzio wrote: > While I no I set myself up to get stung in the rear, it's got to be > their mail system. > Or does Microsoft want programmers to have to start including platform > specific code? > If an email was sent.........it was sent. > If one server can receive it and another can't........ > Well, so its not that simple , but it probably is. > > > On Jan 13, 2004, at 9:49 PM, Jeff Siegel wrote: > >> I'm having what might be called a long-running "feud" with a client. >> Their computer tech claims the problem is in my code...I claim the >> problem is in their mail server. Here's the scenario. >> >> A PHP form sends out two emails upon completion: one to the client and >> a confirmation copy to the person who filled out the form. If I use my >> own email address in place of my client's address, I always receive >> the emails that come from the form. If I substitute my client's >> address as the recipient, the client never receives the email. >> >> I suspect that the problem lies in the configuration of the client's >> mail server, namely MS Exchange Server, that has a number of things >> shut down (or perhaps, filtered is the right term) so that spammers >> don't use their mail server. (Yes, this happened to them...some >> spammer figured out that they could use their mail server to send out >> a zillion emails.) >> >> Below is a copy of the message headers. What I think is happening is >> that whatever they've configured in Exchange Server prevents a message >> with these headers from getting through. >> >> Any help with this is greatly appreciated. >> >> Jeff Siegel >> ==================================== >> MESSAGE HEADERS >> FYI: >> 1) hofweb8.com is the ISP's mail server. >> 2) "website.com" doesn't exist...it's a bogus name >> >> ==================================== >> From - Tue Jan 13 17:43:24 2004 >> X-UIDL: 365417 >> X-Mozilla-Status: 0001 >> X-Mozilla-Status2: 00000000 >> Return-Path: >> Received: from hofweb8.com (hofweb8.com [209.139.92.11]) >> by dauntless.cnchost.com (ConcentricHost SMTP MX 1.43) >> id RAA20576 for ; Tue, 13 Jan 2004 >> 17:41:56 -0500 (EST) >> Errors-To: >> Received: from mediplus by hofweb8.com with local (Exim 4.20) >> id 1AgXE9-0002aK-8f >> for jsiegel at mydomain.com; Tue, 13 Jan 2004 17:41:37 -0500 >> To: jsiegel at mydomain.com >> Subject: A new IME-Peer Review Request: Ref. Num.: C9D1567DFD6247 >> From: "jerrywebreferral at website.com" >> Reply-To: >> X-Sender: >> X-Mailer: PHP4 >> X-Priority: 1 >> Message-Id: >> Date: Tue, 13 Jan 2004 17:41:37 -0500 >> X-AntiAbuse: This header was added to track abuse, please include it >> with any abuse report >> X-AntiAbuse: Primary Hostname - hofweb8.com >> X-AntiAbuse: Original Domain - mydomain.com >> X-AntiAbuse: Originator/Caller UID/GID - [1118 1119] / [26 6] >> X-AntiAbuse: Sender Address Domain - hofweb8.com >> X-UIDL: 365417 >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Wed Jan 14 10:46:29 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 10:46:29 -0500 Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <20040114051856.GA8186@panix.com> References: <4004AE32.1090708@optonline.net> <20040114051856.GA8186@panix.com> Message-ID: <40056455.4040503@optonline.net> We went through this exercise...actually...a somewhat modified version. Whoever fills out the form always gets their confirmation. I then configured it to send it to client's home email account...and that works too. I haven't tried the Yahoo/Hotmail idea...perhaps that's the one that will finally convince them of the source of the problem. Jeff Daniel Convissor wrote: > Hi Jeff: > > On Tue, Jan 13, 2004 at 09:49:22PM -0500, Jeff Siegel wrote: > > >>If I use my own >>email address in place of my client's address, I always receive the >>emails that come from the form. If I substitute my client's address as >>the recipient, the client never receives the email. >> >>I suspect that the problem lies in the configuration of the client's >>mail server, namely MS Exchange Server > > > Say no more! :) To prove to them that their mail server is the problem, > have the script send out three emails. One to them, one to the client and > then the third to some neutral email account that someone on their staff > controls (Yahoo, Hotmail, other ISP). This way, they can verify that the > emails are indeed being sent. > > Of course, IF they really knew what they were doing, they would have > already looked at the mail server's logs and been able to see that your > mails are getting to their server and are being rejected -- and tell you > WHY they are being rejected -- and then fix the problem on their end. > > But, then they'd have to point the finger at themselves... and do some > work... > > Oh well, > > --Dan > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Wed Jan 14 10:50:08 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 10:50:08 -0500 Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745E350@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745E350@ffth-exc01.thompsonhealth.org> Message-ID: <40056530.90000@optonline.net> I wonder if the issue is that the mail is hosted in one place and the mail in another. Normally this isn't an issue if things are configured correctly but if it's not configured correctly..... I keep talking to the client's tech to find out if there is some sort of "white list" perhaps, that would let these emails in. Of course...I just get the telephone equivalent of a blank stare (i.e., silence on the phone). Jeff Keith J Richardson wrote: > Here at work we use a MS Exchange 2000 server, which was installed recently. The one thing that they disabled was SMTP access unless you were logged into the domain, and they had to disable that to allow PHP to send emails. I am sure that we can make it "log on" to the mail server, but right now we decided not to. > > Here is my php.ini settings: > SMTP is set to 172.17.1.13 (Internal Email server IP Address, not addressable from the internet) > sendmail_from is set to php at thompsonhealth.org (an alias that I created for my account) > sendmail_path is blank. > > I can create an email message with those settings just by doing: > mail("keith.richardson at thompsonhealth.org","this is a test subject","This is a test message"); > > and it will send an email to myself. > > maybe it is a problem with your email address not being on the exchange server, so it denys email messages sending through it from you? I would believe that this is some setting in exchange that is blocking you. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Jeff Siegel > Sent: Tuesday, January 13, 2004 9:49 PM > To: NYPHP Talk > Subject: [nycphp-talk] OT: Unable to receive mail > > > I'm having what might be called a long-running "feud" with a client. > Their computer tech claims the problem is in my code...I claim the > problem is in their mail server. Here's the scenario. > > A PHP form sends out two emails upon completion: one to the client and a > confirmation copy to the person who filled out the form. If I use my own > email address in place of my client's address, I always receive the > emails that come from the form. If I substitute my client's address as > the recipient, the client never receives the email. > > I suspect that the problem lies in the configuration of the client's > mail server, namely MS Exchange Server, that has a number of things shut > down (or perhaps, filtered is the right term) so that spammers don't use > their mail server. (Yes, this happened to them...some spammer figured > out that they could use their mail server to send out a zillion emails.) > > Below is a copy of the message headers. What I think is happening is > that whatever they've configured in Exchange Server prevents a message > with these headers from getting through. > > Any help with this is greatly appreciated. > > Jeff Siegel > ==================================== > MESSAGE HEADERS > FYI: > 1) hofweb8.com is the ISP's mail server. > 2) "website.com" doesn't exist...it's a bogus name > > ==================================== > From - Tue Jan 13 17:43:24 2004 > X-UIDL: 365417 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-Path: > Received: from hofweb8.com (hofweb8.com [209.139.92.11]) > by dauntless.cnchost.com (ConcentricHost SMTP MX 1.43) > id RAA20576 for ; Tue, 13 Jan 2004 > 17:41:56 -0500 (EST) > Errors-To: > Received: from mediplus by hofweb8.com with local (Exim 4.20) > id 1AgXE9-0002aK-8f > for jsiegel at mydomain.com; Tue, 13 Jan 2004 17:41:37 -0500 > To: jsiegel at mydomain.com > Subject: A new IME-Peer Review Request: Ref. Num.: C9D1567DFD6247 > From: "jerrywebreferral at website.com" > Reply-To: > X-Sender: > X-Mailer: PHP4 > X-Priority: 1 > Message-Id: > Date: Tue, 13 Jan 2004 17:41:37 -0500 > X-AntiAbuse: This header was added to track abuse, please include it > with any abuse report > X-AntiAbuse: Primary Hostname - hofweb8.com > X-AntiAbuse: Original Domain - mydomain.com > X-AntiAbuse: Originator/Caller UID/GID - [1118 1119] / [26 6] > X-AntiAbuse: Sender Address Domain - hofweb8.com > X-UIDL: 365417 > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Wed Jan 14 10:51:37 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 10:51:37 -0500 Subject: [nycphp-talk] Quoting and netiquette In-Reply-To: <41EE526EC2D3C74286415780D3BA9F87374BD8@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F87374BD8@ehost011-1.exch011.intermedia.net> Message-ID: <40056589.9020305@optonline.net> Some other lists send out a monthly "rules reminder" that addresses, not only etiquette, but also subscribing/unsubscribing to the list. Might be something we'd want to consider. Jeff Hans Zaunere wrote: >>This list is excellent and I follow it with great pleasure. >>But unfortunately, this is one of the list I am on that have the worst > > >>netiquette regarding quoting. Can I humbly advice to be gentle to > > others list > > Granted, it can be bad, but I've seen some pretty bad quoting on other > lists :) > > >>members and trim your quotes only to what is relevant in the message > > you're are replying. > > Certainly valid... good quoting and email forming is critical. And, as > clew takes shape and moves in to replace this system, messages *must* be > well formed. > > We've been needing to get some posting guidelines and do's/don't's for > the NYPHP lists. If anyone has any written up, I'll be happy to add > them to nyphp.org > > H > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From webapprentice at mail.com Wed Jan 14 10:56:18 2004 From: webapprentice at mail.com (Webapprentice .) Date: Wed, 14 Jan 2004 10:56:18 -0500 Subject: [nycphp-talk] Re: Using $_FILES["whatever"]["type"] correctly Message-ID: <20040114155619.41298.qmail@mail.com> Sorry, that was poor diction on my part. I meant to say "for example." I used a file whose extension was clearly .jpg I used pathinfo() to make sure it was, yet my if statement seems to be coming out false, resulting in my error message being used. It should not be that way. ------------------ Message: 3 Date: Wed, 14 Jan 2004 07:25:01 -0500 From: Terenzio Subject: Re: [nycphp-talk] Using $_FILES["whatever"]["type"] correctly To: NYPHP Talk Message-ID: Content-Type: text/plain; charset=US-ASCII; format=flowed On Jan 14, 2004, at 12:02 AM, Webapprentice . wrote: > Hi, > > I'm trying to compare the type of file I uploaded with certain MIME > types as part of a series of checks. > > In one case, $imageType was equal to "image/jpeg" but it still fell > into my error area. >By one case, do you mean one particular file always does this , or it >happened once and not again? -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From webapprentice at mail.com Wed Jan 14 11:01:35 2004 From: webapprentice at mail.com (Webapprentice .) Date: Wed, 14 Jan 2004 11:01:35 -0500 Subject: [nycphp-talk] file -ib? Re: Using $FILES["whatever"]["type"] correctly Message-ID: <20040114160135.46333.qmail@mail.com> Eric, I'm not well-versed in UNIX. How do I invoke a command-line program in PHP? Is there something like a system() call in some other languages? --Stephen >>>> Message: 6 Date: Wed, 14 Jan 2004 14:28:36 +0100 From: Eric Persson Subject: Re: [nycphp-talk] Using $_FILES["whatever"]["type"] correctly To: NYPHP Talk Message-ID: <40054404.9080303 at persson.tm> Content-Type: text/plain; charset=us-ascii; format=flowed Webapprentice . wrote: > $imageType = $_FILES["frontimage"]["type"]; Using the type thats in $_FILES is generally a bad idea, since its set by the browser, and different browsers set different types for the same file. I usually use the *nix program file program to determine the filetype, then you know that it will always return the same typ for the same type of files. Something like file -ib gives the type on the last line. Just my idea. :) //Eric<<< -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From stephen at musgrave.org Wed Jan 14 11:26:34 2004 From: stephen at musgrave.org (Stephen Musgrave) Date: Wed, 14 Jan 2004 11:26:34 -0500 Subject: [nycphp-talk] PHundamentals: virtual host addendum? Message-ID: yes, this is a great idea. thanks to all who contribute to these articles. in the rush to get the know the language, these finer details are all too often glazed over. [guilty.] i develop on MAC OS X and thought i would offer some additional pointers on the VIRTUAL HOSTING topic that may be added to the topic by whomever maintains it. http://phundamentals.nyphp.org/PH_virtualhosting.php?expiredate=10/10/2003 i would appreciate a peer review on this since i am not totally confident that my installation is typical (especially with regard to the location of the Sites directory). there might also be some tips to improve the language so as to be more helpful. to set up a virtual host on MAC OS X 1. Setting up the directories for the virtual host 1a. Create a directory within your 'Sites' directory that will hold all the files for your project. I typically append .dev to the domain name. So if I were working on a project for project.com, i would name the directory 'project.dev'. 1b. Within the project.dev directory, create your document root directory (htdocs, www or public_html). 2. Setting up a machine alias in Net Info Manager 2a. Open Net Info Manager (located in Applications/Utilities). 2b. In the middle column, select the 'machines' directory (/machines) and then select 'localhost'. Click on the 'duplicate' icon on the task bar. (Be sure that the you have unlocked the application before trying to duplicate or else the icon will be dim and you won't be able to duplicate.) 2c. Select the 'localhost copy' machine. The details (ip_address, name, servers) will show up in the panel below the list. double click on the value for name (localhost copy). Rename it to 'project.dev' or whatever you would like. This is the string you will enter for the URL in your browser to reach the virtual host. Close Net Info Manager 3. Edit the Apache httpd.conf file (/etc/httpd/httpd.conf). 3a. Using vi (or other editor), edit the httpd.conf file. It is likely you will have to use the sudo command: sudo vi httpd.conf (Make a backup first! -- sudo cp httpd.conf httpd.conf.bak) 3b. Scroll until you see: DocumentRoot /Users/username/Sites ServerName localhost 3c. Copy and paste this virtual host definition for localhost. Change the values to look like so: DocumentRoot /Users/username/Sites/project.dev/htdocs ServerName project.dev ErrorLog /Users/stephenm/Sites/project.dev/error_log 4d. Save the file. 5. Restart Apache 5a. Open 'System Preferences'. 5b. Click on 'Sharing'. 5c. Under the 'Services' tab, click 'Personal Web Sharing'. 5d. Click on the 'Stop' button. When it shows as 'Start', click it again. When it shows as 'Stop' you know that the server has restarted normally and there weren't any compilation errors entered in the httpd.conf file. 5e. Alternately, you can use the command 'apachectl graceful'. 6. Testing 6a. Create an 'index.html' file the document root fold of the virtual host (Sites/project.dev/htdocs) 6b. Enter 'http://project.dev' into the location of your browser. 6c. You should see file you just created. STEPHEN. ] stephen at musgrave.org ] http://stephen.musgrave.org/ From adam at trachtenberg.com Wed Jan 14 11:27:26 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Wed, 14 Jan 2004 11:27:26 -0500 (EST) Subject: [nycphp-talk] Using $_FILES["whatever"]["type"] correctly In-Reply-To: <40054404.9080303@persson.tm> References: <20040114050240.19693.qmail@mail.com> <40054404.9080303@persson.tm> Message-ID: On Wed, 14 Jan 2004, Eric Persson wrote: > Using the type thats in $_FILES is generally a bad idea, since its set > by the browser, and different browsers set different types for the same > file. I usually use the *nix program file program to determine the > filetype, then you know that it will always return the same typ for the > same type of files. Even better, use the mime-magic extension: http://www.php.net/mime-magic -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From adam at trachtenberg.com Wed Jan 14 11:31:53 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Wed, 14 Jan 2004 11:31:53 -0500 (EST) Subject: [nycphp-talk] Quoting and netiquette In-Reply-To: <41EE526EC2D3C74286415780D3BA9F87374BD8@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F87374BD8@ehost011-1.exch011.intermedia.net> Message-ID: On Wed, 14 Jan 2004, Hans Zaunere wrote: > We've been needing to get some posting guidelines and do's/don't's for > the NYPHP lists. If anyone has any written up, I'll be happy to add > them to nyphp.org This is the best list that I know of: http://webdesign-l.com/policies/ I may be able to get permission to "share" them (or that parts that apply to us) with NYPHP if we decide we like them. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From webapprentice at mail.com Wed Jan 14 11:35:21 2004 From: webapprentice at mail.com (Webapprentice .) Date: Wed, 14 Jan 2004 11:35:21 -0500 Subject: [nycphp-talk] Re: Using $_FILES["whatever"]["type"] correctly Message-ID: <20040114163522.51501.qmail@mail.com> Dan, Thanks for those tips as well. Since you are the secon person to mention file -ib, I'll have to look into that as well as mime_content_type. > In one case, $imageType was equal to "image/jpeg" but it still fell into my error area. > Why? I thought at first it was "short-circuiting" on the if statement, but that would apply to && conditions, right? >>>There is indeed an error in the construction of your if statement. Your test will NEVER return FALSE.<<< Oh shoot, I think I see why now... if $imageType was "image/jpeg," the other two conditions would always be true, and the || would always be true. Doh! > $imageType = $_FILES["frontimage"]["type"]; > > // Check MIME Type > if ((strtolower($imageType) != "image/png") || (strtolower($imageType) != "image/jpeg") || (strtolower($imageType) != "image/gif")) I have violated programming 101. *bangs head at wall...metaphorically* Thanks. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From webapprentice at mail.com Wed Jan 14 11:42:58 2004 From: webapprentice at mail.com (Webapprentice .) Date: Wed, 14 Jan 2004 11:42:58 -0500 Subject: [nycphp-talk] Re: File Types Message-ID: <20040114164258.60726.qmail@mail.com> Message: 8 Date: Wed, 14 Jan 2004 11:27:26 -0500 (EST) From: Adam Maccabee Trachtenberg >>>Even better, use the mime-magic extension: http://www.php.net/mime-magic -adam<<< I have to see if my host compiled its PHP processor with this option turned on. I'm trying to write small programs without a lot of extensions (i.e. PEAR), because some hosts don't install them. --Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From jsiegel1 at optonline.net Wed Jan 14 11:56:39 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 11:56:39 -0500 Subject: [nycphp-talk] PHundamentals: virtual host addendum? In-Reply-To: References: Message-ID: <400574C7.60509@optonline.net> If someone wants to "take the lead" on reviewing the technical details (I have zero experience with the Mac setup), we could then add an "addendum." Jeff Siegel 1/2 of the PHundamentals Team ;) Stephen Musgrave wrote: > yes, this is a great idea. thanks to all who contribute to these articles. > in the rush to get the know the language, these finer details are all too > often glazed over. > > [guilty.] > > i develop on MAC OS X and thought i would offer some additional pointers on > the VIRTUAL HOSTING topic that may be added to the topic by whomever > maintains it. > > http://phundamentals.nyphp.org/PH_virtualhosting.php?expiredate=10/10/2003 > > i would appreciate a peer review on this since i am not totally confident > that my installation is typical (especially with regard to the location of > the Sites directory). there might also be some tips to improve the language > so as to be more helpful. > > to set up a virtual host on MAC OS X > > 1. Setting up the directories for the virtual host > > 1a. Create a directory within your 'Sites' directory that will hold all the > files for your project. I typically append .dev to the domain name. So if > I were working on a project for project.com, i would name the directory > 'project.dev'. > > 1b. Within the project.dev directory, create your document root directory > (htdocs, www or public_html). > > 2. Setting up a machine alias in Net Info Manager > > 2a. Open Net Info Manager (located in Applications/Utilities). > > 2b. In the middle column, select the 'machines' directory (/machines) and > then select 'localhost'. Click on the 'duplicate' icon on the task bar. > (Be sure that the you have unlocked the application before trying to > duplicate or else the icon will be dim and you won't be able to duplicate.) > > 2c. Select the 'localhost copy' machine. The details (ip_address, name, > servers) will show up in the panel below the list. double click on the > value for name (localhost copy). Rename it to 'project.dev' or whatever you > would like. This is the string you will enter for the URL in your browser > to reach the virtual host. Close Net Info Manager > > 3. Edit the Apache httpd.conf file (/etc/httpd/httpd.conf). > > 3a. Using vi (or other editor), edit the httpd.conf file. It is likely you > will have to use the sudo command: sudo vi httpd.conf (Make a backup > first! -- sudo cp httpd.conf httpd.conf.bak) > > 3b. Scroll until you see: > > DocumentRoot /Users/username/Sites > ServerName localhost > > > 3c. Copy and paste this virtual host definition for localhost. Change the > values to look like so: > > DocumentRoot /Users/username/Sites/project.dev/htdocs > ServerName project.dev > ErrorLog /Users/stephenm/Sites/project.dev/error_log > > > 4d. Save the file. > > 5. Restart Apache > > 5a. Open 'System Preferences'. > 5b. Click on 'Sharing'. > 5c. Under the 'Services' tab, click 'Personal Web Sharing'. > 5d. Click on the 'Stop' button. When it shows as 'Start', click it again. > When it shows as 'Stop' you know that the server has restarted normally and > there weren't any compilation errors entered in the httpd.conf file. > 5e. Alternately, you can use the command 'apachectl graceful'. > > 6. Testing > > 6a. Create an 'index.html' file the document root fold of the virtual host > (Sites/project.dev/htdocs) > 6b. Enter 'http://project.dev' into the location of your browser. > 6c. You should see file you just created. > > > > > STEPHEN. > > ] stephen at musgrave.org > ] http://stephen.musgrave.org/ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" >From hans not junk at nyphp.com Wed Jan 14 12:03:58 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 5FF13A85A6 for ; Wed, 14 Jan 2004 12:03:58 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] Quoting and netiquette Date: Wed, 14 Jan 2004 09:03:56 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F87374BF9 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] Quoting and netiquette Thread-Index: AcPau+8bj3hmHFPTQaO4oBPPl4lA1gABFuUg From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 17:03:58 -0000 > > We've been needing to get some posting guidelines and=20 > > do's/don't's for the NYPHP lists. If anyone has any written up, > > I'll be happy to add > > them to nyphp.org >=20 > This is the best list that I know of: >=20 > http://webdesign-l.com/policies/ >=20 > I may be able to get permission to "share" them (or that parts that > apply to us) with NYPHP if we decide we like them. Now that's good policy! If you could Adam that'd be great...let me know. We can compile the pertinent information into our own policy and I see no reason to credit them as a source, and anyone else who contributes. H From jonbaer at jonbaer.net Wed Jan 14 12:07:23 2004 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 14 Jan 2004 12:07:23 -0500 Subject: [nycphp-talk] mysql + 0 rows affected error References: <41EE526EC2D3C74286415780D3BA9F87374BD9@ehost011-1.exch011.intermedia.net> Message-ID: <003701c3dac0$e1991d70$6400a8c0@thinkpad> yes i think its incompatability because when running local w/ 4.0.17-max the affected rows will row when using the same client and then when connecting to 3.23 on the server i get 0 rows reported ... it was just wierd to have php report the same. - jon ----- Original Message ----- From: "Hans Zaunere" To: "NYPHP Talk" Sent: Wednesday, January 14, 2004 10:39 AM Subject: RE: [nycphp-talk] mysql + 0 rows affected error > i am wondering if this is a client/server incompatibility > issue or not, maybe someone has had the same issue ... when connected to > mysql cli and performing an update or delete on a table i seem to always get "0 rows > affected" in which the case is not true (confirmed by a followed select) ... Are you affecting all rows in the table? Is a WHERE clause specified? Otherwise, maybe the cli and server versions are incompatible... H _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dcech at phpwerx.net Wed Jan 14 12:11:25 2004 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 14 Jan 2004 12:11:25 -0500 Subject: [nycphp-talk] PHundamentals: virtual host addendum? In-Reply-To: <400574C7.60509@optonline.net> References: <400574C7.60509@optonline.net> Message-ID: <4005783D.6000809@phpwerx.net> Jeff, An addendum for Mac user is a great idea, however there are also a few things which could be improved in the current howto. Maybe time for 'Virtual Hosting Setup 2.0 - Windows 98/XP & Linux with Apache'? Specifically some links to appropriate Apache documentation might be an idea, also some of those rules could be rewritten to be more friendly to IP address changes. Dan Jeff Siegel wrote: > If someone wants to "take the lead" on reviewing the technical details > (I have zero experience with the Mac setup), we could then add an > "addendum." > > Jeff Siegel > 1/2 of the PHundamentals Team ;) From jsiegel1 at optonline.net Wed Jan 14 12:43:04 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 12:43:04 -0500 Subject: [nycphp-talk] PHundamentals: virtual host addendum? In-Reply-To: <4005783D.6000809@phpwerx.net> References: <400574C7.60509@optonline.net> <4005783D.6000809@phpwerx.net> Message-ID: <40057FA8.5040303@optonline.net> Sounds great! Go for it! Jeff Siegel Dan Cech wrote: > Jeff, > > An addendum for Mac user is a great idea, however there are also a few > things which could be improved in the current howto. > > Maybe time for 'Virtual Hosting Setup 2.0 - Windows 98/XP & Linux with > Apache'? > > Specifically some links to appropriate Apache documentation might be an > idea, also some of those rules could be rewritten to be more friendly to > IP address changes. > > Dan > > Jeff Siegel wrote: > >> If someone wants to "take the lead" on reviewing the technical details >> (I have zero experience with the Mac setup), we could then add an >> "addendum." >> >> Jeff Siegel >> 1/2 of the PHundamentals Team ;) > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From Keith.Richardson at thompsonhealth.com Wed Jan 14 13:01:15 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Wed, 14 Jan 2004 13:01:15 -0500 Subject: [nycphp-talk] PHundamentals: virtual host addendum? Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B2BF@ffth-exc01.thompsonhealth.org> I am sure that the setup for Mac OS X is the same as *Nix - since I have added hosts on my Mac OS X machine using the /etc/hosts, which is the same place as my linux box on the net.. so the only difference is where you want to stick the hosts files in. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Dan Cech Sent: Wednesday, January 14, 2004 12:11 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PHundamentals: virtual host addendum? Jeff, An addendum for Mac user is a great idea, however there are also a few things which could be improved in the current howto. Maybe time for 'Virtual Hosting Setup 2.0 - Windows 98/XP & Linux with Apache'? Specifically some links to appropriate Apache documentation might be an idea, also some of those rules could be rewritten to be more friendly to IP address changes. Dan Jeff Siegel wrote: > If someone wants to "take the lead" on reviewing the technical details > (I have zero experience with the Mac setup), we could then add an > "addendum." > > Jeff Siegel > 1/2 of the PHundamentals Team ;) _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Wed Jan 14 13:12:42 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 13:12:42 -0500 Subject: [nycphp-talk] PHundamentals: virtual host addendum? In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B2BF@ffth-exc01.thompsonhealth.org> References: <05F6C3B4CA00D7419D1708F36A9F7745B2BF@ffth-exc01.thompsonhealth.org> Message-ID: <4005869A.4000801@optonline.net> I'll throw together a quick beta version of the steps so people can comment on it. Jeff Keith J Richardson wrote: > I am sure that the setup for Mac OS X is the same as *Nix - since I have added hosts on my Mac OS X machine using the /etc/hosts, which is the same place as my linux box on the net.. so the only difference is where you want to stick the hosts files in. > > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Dan Cech > Sent: Wednesday, January 14, 2004 12:11 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] PHundamentals: virtual host addendum? > > > Jeff, > > An addendum for Mac user is a great idea, however there are also a few > things which could be improved in the current howto. > > Maybe time for 'Virtual Hosting Setup 2.0 - Windows 98/XP & Linux with > Apache'? > > Specifically some links to appropriate Apache documentation might be an > idea, also some of those rules could be rewritten to be more friendly to > IP address changes. > > Dan > > Jeff Siegel wrote: > > >>If someone wants to "take the lead" on reviewing the technical details >>(I have zero experience with the Mac setup), we could then add an >>"addendum." >> >>Jeff Siegel >>1/2 of the PHundamentals Team ;) > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Wed Jan 14 15:54:43 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 14 Jan 2004 15:54:43 -0500 Subject: [nycphp-talk] MySQL usage up 30% Message-ID: <000d01c3dae0$a321b2d0$bf8d3818@oberon1> "MySQL usage has increased by more than 30% in the last year" It is interesting to note -- but the article doesn't give any detail (I guess they want you to buy the report). The article doesn't say how big the sample was for the survey was -- did it go from 100 to 133 installations or from 100,000 to 133,000. Still, 30% is 30%. from: http://www.evansdata.com/n2/pr/releases/Database_Winter_04.shtml T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From eric at persson.tm Wed Jan 14 17:27:30 2004 From: eric at persson.tm (Eric Persson) Date: Wed, 14 Jan 2004 23:27:30 +0100 Subject: [nycphp-talk] file -ib? Re: Using $FILES["whatever"]["type"] correctly In-Reply-To: <20040114160135.46333.qmail@mail.com> References: <20040114160135.46333.qmail@mail.com> Message-ID: <4005C252.2090303@persson.tm> Webapprentice . wrote: > Eric, > I'm not well-versed in UNIX. How do I invoke a command-line program in PHP? Is there something like a system() call in some other languages? > > --Stephen Yes, sure is, I attached my function below: function file_type($src){ $exec = '/usr/bin/file -ib '.$src; exec($exec, $return); if( is_array($return) && isset($return[0]) ){ return trim($return[0]); }else{ return false; } } make sure to change the path to your file program, but I think this is a somewhat standard place. see the difference between system() and exec() and you'll see why I'm using exec(). //Eric -- Help Webaid.se help the world. http://www.webaid.se From nyphp at enobrev.com Wed Jan 14 20:45:58 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Wed, 14 Jan 2004 20:45:58 -0500 Subject: [nycphp-talk] (no subject) Message-ID: Evening, all. I've built a cobntest registration system for a client. Now we need a random user picker. Now, I know how to do a random query, and have a general idea of randomly number generating in PHP, but I was wondering if any of you have any insight into makiong a truly random user picker ,or if just using an ORDER BY RAND() will do just fine. Hope you guys are doing alright in this cold... Mark. -------------- next part -------------- An HTML attachment was scrubbed... URL: From webapprentice at mail.com Wed Jan 14 22:10:52 2004 From: webapprentice at mail.com (Webapprentice .) Date: Wed, 14 Jan 2004 22:10:52 -0500 Subject: [nycphp-talk] file -ib Re: $_FILES["whatever"]["type"] Message-ID: <20040115031052.52163.qmail@mail.com> I'm sorry, but does anybody have an example on how I would call this function from PHP? I saw a system() command, but its return is a string containing the output of that command, so does that mean I have to parse the output to find out if it is a type I'm looking for? Thanks, Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From jsiegel1 at optonline.net Wed Jan 14 22:11:06 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 22:11:06 -0500 Subject: [nycphp-talk] Quoting and netiquette In-Reply-To: <40056589.9020305@optonline.net> References: <41EE526EC2D3C74286415780D3BA9F87374BD8@ehost011-1.exch011.intermedia.net> <40056589.9020305@optonline.net> Message-ID: <400604CA.9060600@optonline.net> An update: Did some more testing and found out something interesting. The emails sent to the mail server are not blocked or filtered in any way. It turns out that they seem to never even arrive at the server. So the latest line of thought is that there could be a problem with the DNS record and that the ISP's DNS Server may not have the "latest" information. To be continued..... Jeff Siegel From jsiegel1 at optonline.net Wed Jan 14 22:52:57 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 14 Jan 2004 22:52:57 -0500 Subject: [nycphp-talk] OT: Unable to receive mail In-Reply-To: <40056455.4040503@optonline.net> References: <4004AE32.1090708@optonline.net> <20040114051856.GA8186@panix.com> <40056455.4040503@optonline.net> Message-ID: <40060E99.2010003@optonline.net> An update: Did some more testing and found out something interesting. The emails sent to the mail server are not blocked or filtered in any way. It turns out that they seem to never even arrive at the server. So the latest line of thought is that there could be a problem with the DNS record and that the ISP's DNS Server may not have the "latest" information. To be continued..... Jeff Siegel From jsiegel1 at optonline.net Thu Jan 15 07:04:33 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 15 Jan 2004 07:04:33 -0500 Subject: [nycphp-talk] PHundamentals - Virtual Hosting on Mac - DRAFT VERSION Message-ID: <400681D1.1070702@optonline.net> A preliminary draft version of an article dealing with virtual hosting on the Mac has been posted. This article has not yet been edited for grammar or technical accurateness...it is simply a "copy/paste" from the email from Stephen Musgrave. We're looking for comments concerning its technical accuracy. See: http://phundamentals.nyphp.org/PH_virtualhosting_mac.php Jeff Siegel/Michael Southwell The PHundamentals Team From Keith.Richardson at thompsonhealth.com Thu Jan 15 08:10:23 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Thu, 15 Jan 2004 08:10:23 -0500 Subject: [nycphp-talk] (no subject) Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B2C1@ffth-exc01.thompsonhealth.org> http://www.random.org this is the interface written to get the random numbers from it.. its neat how they achieve truly random numbers, by taking the seed from atmospheric noise :) From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Mark Armendariz Sent: Wednesday, January 14, 2004 8:46 PM To: 'NYPHP Talk' Subject: [nycphp-talk] (no subject) Evening, all. I've built a cobntest registration system for a client. Now we need a random user picker. Now, I know how to do a random query, and have a general idea of randomly number generating in PHP, but I was wondering if any of you have any insight into makiong a truly random user picker ,or if just using an ORDER BY RAND() will do just fine. Hope you guys are doing alright in this cold... Mark. From nyphp at enobrev.com Thu Jan 15 08:24:05 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Thu, 15 Jan 2004 08:24:05 -0500 Subject: [nycphp-talk] Random In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B2C1@ffth-exc01.thompsonhealth.org> Message-ID: >> http://www.random.org >> this is the interface written to get the random numbers from it.. You are a scholar and a gentleman. I actaully recall reading about this or something very similar in Wired about a year back or so.. (I think it was wired). I also noticed their code section, but thank you for posting it here!!! Enjoy the snow!!! Mark From Keith.Richardson at thompsonhealth.com Thu Jan 15 09:04:18 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Thu, 15 Jan 2004 09:04:18 -0500 Subject: [nycphp-talk] Random Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B2C2@ffth-exc01.thompsonhealth.org> the snow is not the problem here in rochester, ny - its the damn 0 degree temperatures that does not make my morning commute fun - since it takes 20 minutes to defog my windows :P -----Original Message----- Enjoy the snow!!! _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From webapprentice at mail.com Thu Jan 15 10:37:50 2004 From: webapprentice at mail.com (Webapprentice .) Date: Thu, 15 Jan 2004 10:37:50 -0500 Subject: [nycphp-talk] Thanks Eric Re: file -ib Message-ID: <20040115153750.17798.qmail@mail.com> Thanks Eric for the code snippet. I'll go to php.net and read up on the difference between exec() and system(). --Stephen >>>Message: 8 Date: Wed, 14 Jan 2004 23:27:30 +0100 From: Eric Persson Subject: Re: [nycphp-talk] file -ib? Re: Using $FILES["whatever"]["type"] correctly To: NYPHP Talk Message-ID: <4005C252.2090303 at persson.tm> Content-Type: text/plain; charset=us-ascii; format=flowed Webapprentice . wrote: > Eric, > I'm not well-versed in UNIX. How do I invoke a command-line program in PHP? Is there something like a system() call in some other languages? > > --Stephen Yes, sure is, I attached my function below: function file_type($src){ $exec = '/usr/bin/file -ib '.$src; exec($exec, $return); if( is_array($return) && isset($return[0]) ){ return trim($return[0]); }else{ return false; } } make sure to change the path to your file program, but I think this is a somewhat standard place. see the difference between system() and exec() and you'll see why I'm using exec(). //Eric <<<< -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From webapprentice at mail.com Thu Jan 15 10:40:46 2004 From: webapprentice at mail.com (Webapprentice .) Date: Thu, 15 Jan 2004 10:40:46 -0500 Subject: [nycphp-talk] mime_content_type() doesn't exist Message-ID: <20040115154046.21252.qmail@mail.com> Hi, My host is running PHP 4.3.2, which according to the php docs, should have mime_content_type(). When I try to use it, PHP says the function doesn't exist. Does PHP have this by default or does it have to be compiled to get the feature? Thanks, Stephen -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From dcech at phpwerx.net Thu Jan 15 10:47:46 2004 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 15 Jan 2004 10:47:46 -0500 Subject: [nycphp-talk] mime_content_type() doesn't exist In-Reply-To: <20040115154046.21252.qmail@mail.com> References: <20040115154046.21252.qmail@mail.com> Message-ID: <4006B622.90006@phpwerx.net> Webapprentice . wrote: > Hi, > My host is running PHP 4.3.2, which according to the php docs, should have mime_content_type(). > > When I try to use it, PHP says the function doesn't exist. > > Does PHP have this by default or does it have to be compiled to get the feature? PHP needs to have the mime-magic extension for this function to be available, obviously your host does not. Dan > Thanks, > Stephen From tgales at tgaconnect.com Thu Jan 15 10:52:13 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 15 Jan 2004 10:52:13 -0500 Subject: [nycphp-talk] mime_content_type() doesn't exist In-Reply-To: <4006B622.90006@phpwerx.net> Message-ID: <002601c3db7f$8b4c2a60$bf8d3818@oberon1> Dan's right "You must compile PHP with the configure switch --with-mime-magic to get support for mime-type functions. The extension needs a copy of the simplified magic file that is distributed with the Apache httpd. " http://us3.php.net/manual/en/ref.mime-magic.php T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com > From lists at prusak.com Thu Jan 15 11:09:18 2004 From: lists at prusak.com (Ophir Prusak) Date: Thu, 15 Jan 2004 11:09:18 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? Message-ID: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> Hi All, I've reached the point where I really need a tool to help me combat spam. Until now the only weapon I've been using is the delete key :( I'm currently using Outlook Express and am checking 3 different accounts. One with pop3 and the other two with imap. I'd really like to know what other tools / solutions other people are using. Ideally I could keep on using Outlook Express, but am willing to consider other emails clients (like Thunderbird). Thanx, Ophir -------------- next part -------------- An HTML attachment was scrubbed... URL: From mitchy at spacemonkeylabs.com Thu Jan 15 11:17:16 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Thu, 15 Jan 2004 11:17:16 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> Message-ID: <200401151117.16662.mitchy@spacemonkeylabs.com> > Ideally I could keep on using Outlook Express, but am willing to consider > other emails clients (like Thunderbird). I switched to thunderbird at the 0.3 release (now 0.4) and really like the built-in filtering. Without switching to another email client, your best bet is doing something server-side. If you are not running your own mail server (or can get admin access to it) then I'd suggest taking a look at thunderbird. Of course the default answer from linuxland would be SpamAssassin, but I have never researched what it would take to get going in the Windows environment. Of course this message is sent through kmail (KDE) from a development box... And I really miss thunderbird right now! -- Mitch From danielc at analysisandsolutions.com Thu Jan 15 11:31:40 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Thu, 15 Jan 2004 11:31:40 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> Message-ID: <20040115163139.GA16004@panix.com> Ophir: I filter my mail on my shell accounts using procmail and SpamAssassin. If that wasn't available, there are two options: Mozilla's integrated mail client or their standalone Thunderbird program have Bayesian filtering. I believe Netscape has similar functionality in the 7.1 release. A friend of mine uses SpamPal with their Netscape mailer. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From nyphp at websapp.com Thu Jan 15 11:41:03 2004 From: nyphp at websapp.com (Daniel Kushner) Date: Thu, 15 Jan 2004 11:41:03 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: <20040115163139.GA16004@panix.com> Message-ID: These guys do a pretty good job on the client side: http://www.spamihilator.com/index2.php?lang=en --Daniel > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Daniel Convissor > Sent: Thursday, January 15, 2004 11:32 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] OT: What are you doing against Spam ? > > > Ophir: > > I filter my mail on my shell accounts using procmail and SpamAssassin. > > If that wasn't available, there are two options: > > Mozilla's integrated mail client or their standalone Thunderbird program > have Bayesian filtering. I believe Netscape has similar functionality > in the 7.1 release. > > A friend of mine uses SpamPal with their Netscape mailer. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at enobrev.com Thu Jan 15 11:56:49 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Thu, 15 Jan 2004 11:56:49 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: Message-ID: For the client side I have a combination of cloudmark spamnet and a bayesian based processor with ms outlook 03. Most of my spam is caught by cloudmark, and the bayesian pluigin catches everything else, which once a week, I flip though (basically just a glance over as it does an incredible job) and 'block' all the ones that got by cloudmark, which adds them to the cloudmark db. I probably get about 300 - 600 spam messages a week using appx. 25 accounts (most of my spam comes from one domain though). With these two tools I get about 3 - 10 per week. Cloudmark: SpamBayes: Cloudmark Stats --------------- Emails Processed 46,544 Spam Caught 19,061 Spam I've blocked 2,460 And spambayes has no stats for me. Serverside solutions tend to worry me as I can't scan them in my client. I like the fact that I can double check, although the draw of those emails never making it here is pretty tempting. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Daniel Kushner Sent: Thursday, January 15, 2004 11:41 AM To: NYPHP Talk Subject: RE: [nycphp-talk] OT: What are you doing against Spam ? These guys do a pretty good job on the client side: http://www.spamihilator.com/index2.php?lang=en --Daniel > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Daniel Convissor > Sent: Thursday, January 15, 2004 11:32 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] OT: What are you doing against Spam ? > > > Ophir: > > I filter my mail on my shell accounts using procmail and SpamAssassin. > > If that wasn't available, there are two options: > > Mozilla's integrated mail client or their standalone Thunderbird > program have Bayesian filtering. I believe Netscape has similar > functionality in the 7.1 release. > > A friend of mine uses SpamPal with their Netscape mailer. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From Thomas.Freedman at ubs.com Thu Jan 15 11:58:18 2004 From: Thomas.Freedman at ubs.com (Freedman, Tom S.) Date: Thu, 15 Jan 2004 11:58:18 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? Message-ID: It's probably not a cost-effective solution, but I found that the new spam filters built into Outlook 2003 are about 80% - 90% effective... about the same (or maybe a little better) than SpamAssassin. They have it set up to just flag emails (it puts ***SPAM*** in the subject line of detected emails) and I can often see unflagged spam that Outlook 2003 caught, and not often any that are the other way 'round (flagged by SA and ignored by Outlook). -----Original Message----- From: Ophir Prusak [mailto:lists at prusak.com] I'd really like to know what other tools / solutions other people are using. ? ? Please do not transmit orders or instructions regarding a UBS account by email. The information provided in this email or any attachments is not an official transaction confirmation or account statement. For your protection, do not include account numbers, Social Security numbers, credit card numbers, passwords or other non-public information in your email. Because the information contained in this message may be privileged, confidential, proprietary or otherwise protected from disclosure, please notify us immediately by replying to this message and deleting it from your computer if you have received this communication in error. Thank you. UBS Financial Services Inc. UBS International Inc. From jsiegel1 at optonline.net Thu Jan 15 12:01:07 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 15 Jan 2004 12:01:07 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> Message-ID: <4006C753.30603@optonline.net> That's an easy one! I just invoke the CAN SPAM Act! It works like a charm! ;) But on a serious note, this problem is really getting out of hand. With Outlook Express (and Outlook) I was using Spamkiller which does a fairly decent job of filtering the mail. (I wrote a mini-review of it which you can see at http://ezdatasolutions.com/About/index.html ...software reviews are at the bottom of the page). There are other programs out there that are similar to Spamkiller. Jeff Siegel Ophir Prusak wrote: > Hi All, > > I've reached the point where I really need a tool to help me combat spam. > Until now the only weapon I've been using is the delete key :( > > I'm currently using Outlook Express and am checking 3 different accounts. > One with pop3 and the other two with imap. > > I'd really like to know what other tools / solutions other people are using. > > Ideally I could keep on using Outlook Express, but am willing > to consider other emails clients (like Thunderbird). > > Thanx, > Ophir > > > > ------------------------------------------------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" >From hans not junk at nyphp.com Thu Jan 15 12:05:29 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id B9F6EA85FD for ; Thu, 15 Jan 2004 12:05:28 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] OT: What are you doing against Spam ? Date: Thu, 15 Jan 2004 09:05:26 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F87374CDF at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] OT: What are you doing against Spam ? Thread-Index: AcPbiMpgUW3mT71fSA+7cJX3qtwxrAAANtWg From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jan 2004 17:05:29 -0000 > It's probably not a cost-effective solution, but I found that=20 > the new spam filters built into Outlook 2003 are about 80% - 90%=20 I use OL2003's junk mail filters too and have them put everything in the Junk E-mail folder automatically - works better than any system I've seen, including server side. The only problem, however, is that if you use OL2003 against Exchange 2003 in online mode, the filtering is unavailable. Good ol' Microsoft... always thinking. To be fair, however, Exchange 2003 will soon have the email filtering built in, which I'm excited about. H From mjdewitt at alexcommgrp.com Thu Jan 15 12:23:09 2004 From: mjdewitt at alexcommgrp.com (DeWitt, Michael) Date: Thu, 15 Jan 2004 12:23:09 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? Message-ID: For those who are considering a server based approach with the need to filter for a group or company, you may want to consider Mailcorral http://bsmdevelopment.com This is a GPL based wrapper for Spamassassin which handles de-fanging and anti-spam tasks. The great feature of it is that mail is "corralled" and a report of all spam received is sent once a day to each recipient for review. Mail that has been falsely accused of being spam or defanged to the point of uselessness can be easily called out of the corral in its orginal form. Although a bit complicated to setup (and a couple of gotchas), I think it was worth it as it is flexible, fast and a network drop-in for those with an exisiting mailserver (like exchange). The setup and running of the system is well documented. The developer seems to be on hiatus right now, but I haven't found a product that can match it in terms of price and capability. I have been running this system for about a year and have recently activated the bayes filter of spamassassin on a global basis (which seems to be working well). There is only one bug that I have found for which there is a simple work-around. Mike From dan at mx2pro.com Thu Jan 15 12:25:54 2004 From: dan at mx2pro.com (Dan Horning) Date: Thu, 15 Jan 2004 12:25:54 -0500 Subject: [nycphp-talk] mp3.com by Cnet using phpBB Message-ID: <20040115172602.51BD9A85FD@virtu.nyphp.org> I'm just working on a few things, and found that the mp3.com forums maybe only temporarily .. but yet very simply powered by AMP tech .. they are using phpBB probably cuz it's simple to setup and admi.... bla bla bla... so in short... PHP is still getting bigger and more widely used. and for those who want to check it out http://music.download.com :-D Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) From Thomas.Freedman at ubs.com Thu Jan 15 12:36:32 2004 From: Thomas.Freedman at ubs.com (Freedman, Tom S.) Date: Thu, 15 Jan 2004 12:36:32 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? Message-ID: > > It's probably not a cost-effective solution, but I found that > > the new spam filters built into Outlook 2003 are about 80% - 90% > > I use OL2003's junk mail filters too and have them put everything in the > Junk E-mail folder automatically - works better than any system I've > seen, including server side. The only problem, however, is that if you > use OL2003 against Exchange 2003 in online mode, the filtering is > unavailable. Good ol' Microsoft... always thinking. D'oh! I'm only using OL2003 at home, so it's checking POP mailboxes. At work I've finally got Office XP (after 3 years running Office 97! Whee!), which doesn't have the spam filtering, but then, I don't use the address externally anywhere except here, so I get almost no spam (knock on wood). Please do not transmit orders or instructions regarding a UBS account by email. The information provided in this email or any attachments is not an official transaction confirmation or account statement. For your protection, do not include account numbers, Social Security numbers, credit card numbers, passwords or other non-public information in your email. Because the information contained in this message may be privileged, confidential, proprietary or otherwise protected from disclosure, please notify us immediately by replying to this message and deleting it from your computer if you have received this communication in error. Thank you. UBS Financial Services Inc. UBS International Inc. From eric at persson.tm Thu Jan 15 12:43:20 2004 From: eric at persson.tm (Eric Persson) Date: Thu, 15 Jan 2004 18:43:20 +0100 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> Message-ID: <4006D138.6020205@persson.tm> Ophir Prusak wrote: > Ideally I could keep on using Outlook Express, but am willing > to consider other emails clients (like Thunderbird). I dont like the client side approaches, mostly since I'm not always use the same client, sometimes I use webmail, wap or something else to check my mail and then the problem will still be there. So, my advice is to go for something serverside if possible, if you dont have admin access to all of your accounts, just forward everything to a server you have access to and then install the spamfilters on that machine. I use a combination of bogofilter and ordb(www.ordb.org) on my qmail server. It does a pretty good job most of the time, right after an update of bogofilter(look at sourceforge) I might see a sudden increase of spam, but it goes away after about a week. But always it takes to larger part of whats coming. Ordb is used to disallow mail transfers from mailservers which have been marked as open relays, works for some spam, but not all. However, the nice thing is that it kills the connection before the mail is transferred, so you do not have to waste your bandwidth on that mail. The drawback is that at least bogofilter is a bit of a pain to setup systemwide, but on one user it works ok. Ordb however goes systemwide easily. Well, my 2 cents. :) //Eric -- Download the new Mozilla Firebird web browser at http://www.mozilla.org/products/firebird/ From dmintz at davidmintz.org Thu Jan 15 13:19:28 2004 From: dmintz at davidmintz.org (David Mintz) Date: Thu, 15 Jan 2004 13:19:28 -0500 (EST) Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: <4006D138.6020205@persson.tm> References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> <4006D138.6020205@persson.tm> Message-ID: procmail and spamassassin running in daemon mode. SA seems to have some trouble with that damn filter-foiling gibberish. I'm teaching it but it takes time. Client-side is a buzzkiller if you have to download the spew in order to filter it, don't you think? I find that browsing through your quarantine/spam folder looking for false positives is amusing for the first 30 seconds or so, seeing all those cute subject lines, then it gets boring and you delete en masse without examining every subject/sender. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From joel at tagword.com Thu Jan 15 13:35:00 2004 From: joel at tagword.com (Joel De Gan) Date: Thu, 15 Jan 2004 13:35:00 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> Message-ID: <1074191700.2724.25.camel@bezel> On Thu, 2004-01-15 at 11:09, Ophir Prusak wrote: > I'd really like to know what other tools / solutions other people are > using. I actually started switching email addresses, but that quickly becomes ineffective. Always use mailinator.com or other similar services, I no longer trust *any* privacy policy as those seem to be highly open to interpetation depending on mood. I finally set up a whitelist (source code listed on my site) that I wrote in PHP and set up on my server with qmail. dotforward files. That limits my email to a trickle and basically allows my work address to only be mailed from work machines.. I have actually had multiple spammers go in and complete the captcha I wrote! Then resend the damn mail. I quickly remove them. I had excellent luck with popfile (popfile on sourceforge) but lost my database and wanted to write my own thing. Hope that helps a bit. Cheers -- joeldg - developer, Intercosmos media group. http://lucifer.intercosmos.net From jlacey at att.net Thu Jan 15 13:32:36 2004 From: jlacey at att.net (John Lacey) Date: Thu, 15 Jan 2004 11:32:36 -0700 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> <4006D138.6020205@persson.tm> Message-ID: <4006DCC4.409@att.net> David Mintz wrote: > procmail and spamassassin running in daemon mode. > > SA seems to have some trouble with that damn filter-foiling gibberish. I'm > teaching it but it takes time. > > Client-side is a buzzkiller if you have to download the spew in order to > filter it, don't you think? > > I find that browsing through your quarantine/spam folder looking for false > positives is amusing for the first 30 seconds or so, seeing all those cute > subject lines, then it gets boring and you delete en masse without > examining every subject/sender. all this talk about spam is spamming my mailbox :-( From csnyder at chxo.com Thu Jan 15 13:45:54 2004 From: csnyder at chxo.com (Chris Snyder) Date: Thu, 15 Jan 2004 13:45:54 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> <4006D138.6020205@persson.tm> Message-ID: <4006DFE2.5060203@chxo.com> David Mintz wrote: >procmail and spamassassin running in daemon mode. > > In case you don't have the resources to do this yourself, I highly recommend switching to a mailhost that will do it for you -- the constant updating and tweaking required to eliminate the UCE without causing false positives is something I'd rather leave to an expert. I use Tuffmail, http://tuffmail.com/ -- they have an impressive array of serverside controls and filters, and a fairly slick web interface to control it all. I wrote to them to find out if they were considering implementing spf (http://spf.pobox.com/) and they were like, "did it five days ago." Love that. csnyder From webapprentice at mail.com Thu Jan 15 15:47:29 2004 From: webapprentice at mail.com (Webapprentice .) Date: Thu, 15 Jan 2004 15:47:29 -0500 Subject: [nycphp-talk] Thanks Dan and Tim Re: mime_content_type does not exist Message-ID: <20040115204729.12099.qmail@mail.com> Tim and Dan, Thanks for clarifying that. That's why I'm trying to write stuff the hard way, since I don't have my own server and can't get certain extensions installed. :/ --Stephen ------------------ Message: 7 Date: Thu, 15 Jan 2004 10:47:46 -0500 From: Dan Cech Subject: Re: [nycphp-talk] mime_content_type() doesn't exist To: NYPHP Talk Message-ID: <4006B622.90006 at phpwerx.net> Content-Type: text/plain; charset=us-ascii; format=flowed PHP needs to have the mime-magic extension for this function to be available, obviously your host does not. Dan ------------------------------ Message: 8 Date: Thu, 15 Jan 2004 10:52:13 -0500 From: "Tim Gales" Dan's right "You must compile PHP with the configure switch --with-mime-magic to get support for mime-type functions. The extension needs a copy of the simplified magic file that is distributed with the Apache httpd. " http://us3.php.net/manual/en/ref.mime-magic.php http://www.tgaconnect.com > -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm From joel at tagword.com Thu Jan 15 16:53:57 2004 From: joel at tagword.com (Joel De Gan) Date: Thu, 15 Jan 2004 16:53:57 -0500 Subject: [nycphp-talk] OT: What are you doing against Spam ? In-Reply-To: <4006FE6A.3080008@persson.tm> References: <003201c3db81$fcdcaa90$5356a8c0@CPXPDEV10> <1074191700.2724.25.camel@bezel> <4006F020.3030000@persson.tm> <1074200064.2724.41.camel@bezel> <4006FE6A.3080008@persson.tm> Message-ID: <1074203637.2638.62.camel@bezel> On Thu, 2004-01-15 at 15:56, Eric Persson wrote: > Ahh.. me to, I havent yet added any code repository to my site, but its > probably a good idea. But I'm to lazy to write the documentation that > would probably be needed. documentation.... yea, I need to do more of that as well :) > > Are you working on a new whitelistversion? How much is left to do? currently no, the whitelist was a project that I did out of sheer fury. if you poke around on there and look at the honeymail project, It is plugin-based and can do reverse checking on the mail and I think I posted to code to auto-spamcop it. I probably could hack around in there a bit though. I am waiting for the go-ahead from work to opensource an ncurses-based mysql processviewer/graphing program. They are looking into various legal things that I need to add (disclaimer / limit of liability if it freaks out and totals some database worth millions.) I actually had to pull some code on that site that ended up in some work projects. oh yea, does anyone on this list know if there are any battle-bot competitions here in New York city? I want to build a beetle-weight (3 lbs) as it has been a while since I have done any physical engineering and am kind of wanting to solder together something. Beetle weights are cheap to make and fight ($500-$800 with very good motors and rc controller). I think robotcombat.com has some info on some things, but I have not seen any listings for scheduled battles here in NY. Cheers -- joeldg - developer, Intercosmos media group. http://lucifer.intercosmos.net From jim at bizcomputinginc.com Fri Jan 16 08:52:09 2004 From: jim at bizcomputinginc.com (Jim Hendricks) Date: Fri, 16 Jan 2004 08:52:09 -0500 Subject: [nycphp-talk] Lunarpages Message-ID: <003201c3dc37$efef8670$6401a8c0@Notebook> Anybody have experience with the webhost lunarpages.com? The packages they offer sound very reasonable. I have been increasingly unhappy with my current provider, but don't want to go through the time/expense/downtime of a switch to another host only to find I'm not happy with the new provider. TIA, Jim -------------- next part -------------- An HTML attachment was scrubbed... URL: From mitchy at spacemonkeylabs.com Fri Jan 16 08:58:19 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Fri, 16 Jan 2004 08:58:19 -0500 Subject: [nycphp-talk] Lunarpages In-Reply-To: <003201c3dc37$efef8670$6401a8c0@Notebook> References: <003201c3dc37$efef8670$6401a8c0@Notebook> Message-ID: <4007EDFB.4010200@spacemonkeylabs.com> Jim Hendricks wrote: > > Anybody have experience with the webhost lunarpages.com? > > The packages they offer sound very reasonable. I have been increasingly > unhappy with my current provider, but don't want to go through the > time/expense/downtime of a switch to another host only to find I'm not > happy with the new provider. I have not worked with lunarpages.com, because I have my own servers at Server Beach ($99/month). Yes, it's more than the hosted programs, but I get my own boxen, and they let me manage them the way I want. Having your own box means PHP gets built the way you need it, and your disk layouts can be done the way you want it done. I'd strongly suggest going this route unless cost is the biggest factor. No disclaimer needed, I'm just a happy customer. -- Mitch From Keith.Richardson at thompsonhealth.com Fri Jan 16 08:57:23 2004 From: Keith.Richardson at thompsonhealth.com (Keith J Richardson) Date: Fri, 16 Jan 2004 08:57:23 -0500 Subject: [nycphp-talk] Lunarpages Message-ID: <05F6C3B4CA00D7419D1708F36A9F7745B2C5@ffth-exc01.thompsonhealth.org> I Run a server on ev1servers.net and have been happy there. P4 1.7ghz 1gb ram 60gb hdd and 700gigs of transfer for 129$/month.. good when you have a bunch of sites that you run/help run that all consolidate onto 1 server, which makes things cheaper :) -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]On Behalf Of Mitch Pirtle Sent: Friday, January 16, 2004 8:58 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Lunarpages Jim Hendricks wrote: > > Anybody have experience with the webhost lunarpages.com? > > The packages they offer sound very reasonable. I have been increasingly > unhappy with my current provider, but don't want to go through the > time/expense/downtime of a switch to another host only to find I'm not > happy with the new provider. I have not worked with lunarpages.com, because I have my own servers at Server Beach ($99/month). Yes, it's more than the hosted programs, but I get my own boxen, and they let me manage them the way I want. Having your own box means PHP gets built the way you need it, and your disk layouts can be done the way you want it done. I'd strongly suggest going this route unless cost is the biggest factor. No disclaimer needed, I'm just a happy customer. -- Mitch _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Fri Jan 16 09:00:10 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 16 Jan 2004 09:00:10 -0500 Subject: [nycphp-talk] Lunarpages In-Reply-To: <003201c3dc37$efef8670$6401a8c0@Notebook> Message-ID: <000b01c3dc39$0e8a7f30$bf8d3818@oberon1> If you are unhappy with your current setup contact me off-list. T. Gales & Associates Helping People Connect with Technology http://www.tgaconnect.com From stephen at musgrave.org Fri Jan 16 09:31:43 2004 From: stephen at musgrave.org (Stephen Musgrave) Date: Fri, 16 Jan 2004 09:31:43 -0500 Subject: [nycphp-talk] Lunarpages In-Reply-To: <003201c3dc37$efef8670$6401a8c0@Notebook> Message-ID: i've had a really good experience with DIGITAL HOST. the servers are fast, the cost is low and the customer service is personal and unparalleled .. even with the $30/year plan! http://digitalhost.net STEPHEN. ] stephen at musgrave.org ] http://stephen.musgrave.org/ On 1/16/04 8:52 AM, "Jim Hendricks" wrote: > Anybody have experience with the webhost lunarpages.com? > > The packages they offer sound very reasonable. I have been increasingly > unhappy with my current provider, but don't want to go through the > time/expense/downtime of a switch to another host only to find I'm not happy > with the new provider. > > TIA, > > Jim > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jim at bizcomputinginc.com Fri Jan 16 09:53:36 2004 From: jim at bizcomputinginc.com (Jim Hendricks) Date: Fri, 16 Jan 2004 09:53:36 -0500 Subject: [nycphp-talk] Lunarpages References: <003201c3dc37$efef8670$6401a8c0@Notebook> <4007EDFB.4010200@spacemonkeylabs.com> Message-ID: <007f01c3dc40$95518070$6401a8c0@Notebook> I don't really need the dedicated space or control, and going from 9.95 a month to 99 a month is a huge leap when you don't really need it. Thanks anyway. Jim ----- Original Message ----- From: "Mitch Pirtle" To: "NYPHP Talk" Sent: Friday, January 16, 2004 8:58 AM Subject: Re: [nycphp-talk] Lunarpages > I have not worked with lunarpages.com, because I have my own servers at > Server Beach ($99/month). Yes, it's more than the hosted programs, but I > get my own boxen, and they let me manage them the way I want. > > Having your own box means PHP gets built the way you need it, and your > disk layouts can be done the way you want it done. I'd strongly suggest > going this route unless cost is the biggest factor. > > No disclaimer needed, I'm just a happy customer. > > -- Mitch From jim at bizcomputinginc.com Fri Jan 16 09:55:26 2004 From: jim at bizcomputinginc.com (Jim Hendricks) Date: Fri, 16 Jan 2004 09:55:26 -0500 Subject: [nycphp-talk] Lunarpages References: <05F6C3B4CA00D7419D1708F36A9F7745B2C5@ffth-exc01.thompsonhealth.org> Message-ID: <008001c3dc40$c6a89320$6401a8c0@Notebook> I do master on many websites, but I don't want to be in the hosting biz so I let my customers choose their own host and then I just manage their web. Jim ----- Original Message ----- From: "Keith J Richardson" To: "NYPHP Talk" Sent: Friday, January 16, 2004 8:57 AM Subject: RE: [nycphp-talk] Lunarpages I Run a server on ev1servers.net and have been happy there. P4 1.7ghz 1gb ram 60gb hdd and 700gigs of transfer for 129$/month.. good when you have a bunch of sites that you run/help run that all consolidate onto 1 server, which makes things cheaper :) From joshmccormack at travelersdiary.com Fri Jan 16 10:30:40 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Fri, 16 Jan 2004 09:30:40 -0600 (CST) Subject: [nycphp-talk] Lunarpages In-Reply-To: <008001c3dc40$c6a89320$6401a8c0@Notebook> Message-ID: What, you don't like being paged at 2 in the morning? :) Josh On Fri, 16 Jan 2004, Jim Hendricks wrote: > I do master on many websites, but I don't want to be in the hosting biz so I > let my customers choose their own host and then I just manage their web. > > Jim > > ----- Original Message ----- > From: "Keith J Richardson" > To: "NYPHP Talk" > Sent: Friday, January 16, 2004 8:57 AM > Subject: RE: [nycphp-talk] Lunarpages > > > I Run a server on ev1servers.net and have been happy there. P4 1.7ghz 1gb > ram 60gb hdd and 700gigs of transfer for 129$/month.. good when you have a > bunch of sites that you run/help run that all consolidate onto 1 server, > which makes things cheaper :) > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From yury at heavenspa.com Fri Jan 16 10:41:15 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 16 Jan 2004 10:41:15 -0500 Subject: [nycphp-talk] Lunarpages References: Message-ID: <004b01c3dc47$2d314be0$0400a8c0@heavenspanyc> 2 in the morning is ok.. we're probably still awake... but 9 am.. GeeZ!!! what are they thinking. ciao yury ----- Original Message ----- From: To: "NYPHP Talk" Sent: Friday, January 16, 2004 10:30 AM Subject: Re: [nycphp-talk] Lunarpages > What, you don't like being paged at 2 in the morning? :) > > Josh > > On Fri, 16 Jan 2004, Jim Hendricks wrote: > > > I do master on many websites, but I don't want to be in the hosting biz so I > > let my customers choose their own host and then I just manage their web. > > > > Jim > > > > ----- Original Message ----- > > From: "Keith J Richardson" > > To: "NYPHP Talk" > > Sent: Friday, January 16, 2004 8:57 AM > > Subject: RE: [nycphp-talk] Lunarpages > > > > > > I Run a server on ev1servers.net and have been happy there. P4 1.7ghz 1gb > > ram 60gb hdd and 700gigs of transfer for 129$/month.. good when you have a > > bunch of sites that you run/help run that all consolidate onto 1 server, > > which makes things cheaper :) > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From dhechtman at nyc.rr.com Fri Jan 16 10:44:01 2004 From: dhechtman at nyc.rr.com (dhechtman at nyc.rr.com) Date: Fri, 16 Jan 2004 10:44:01 -0500 Subject: [nycphp-talk] Lunarpages In-Reply-To: <003201c3dc37$efef8670$6401a8c0@Notebook> Message-ID: <4007C071.9190.2A27793@localhost> I am on lunarpages and they are quite nice. They give what they advertise, I run a postnuke site on them. They include a ready setup click-and-its-done php-nuke in the script folder but nothing prevents you from setting up your own. The database tools are set up and very easy to use And the price is nice, you can also add features on a piecemeal basis rather than jump right up to the more expensive package. If you can afford it, getting your own server is well worth the cash and highly recommended but if not lunarpages is a very good deal. > > Anybody have experience with the webhost lunarpages.com? > > The packages they offer sound very reasonable. I have been > increasingly unhappy with my current provider, but don't want to go > through the time/expense/downtime of a switch to another host only to > find I'm not happy with the new provider. > > TIA, > > Jim > Dov ******************************************************* * It takes two to tango with an animated mango! * * {Alahbamamantandra} * * * * dhechtman at nyc.rr.com * * * ******************************************************* From bpang at bpang.com Fri Jan 16 10:51:54 2004 From: bpang at bpang.com (bpang at bpang.com) Date: Fri, 16 Jan 2004 10:51:54 -0500 (EST) Subject: [nycphp-talk] Lunarpages In-Reply-To: <003201c3dc37$efef8670$6401a8c0@Notebook> References: <003201c3dc37$efef8670$6401a8c0@Notebook> Message-ID: <.38.117.145.89.1074268314.squirrel@www.bpang.com> since you're on this list, perhaps consider thehostingcompany.us I've been happy with them and they always respond to my emails to support in a reasonable period of time. > Anybody have experience with the webhost lunarpages.com? > > The packages they offer sound very reasonable. I have been increasingly > unhappy with my current provider, but don't want to go through the > time/expense/downtime of a switch to another host only to find I'm not > happy with the new provider. > > TIA, > > Jim > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From yury at heavenspa.com Fri Jan 16 11:12:50 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 16 Jan 2004 11:12:50 -0500 Subject: [nycphp-talk] Lunarpages References: <003201c3dc37$efef8670$6401a8c0@Notebook> <.38.117.145.89.1074268314.squirrel@www.bpang.com> Message-ID: <006501c3dc4b$96addb20$0400a8c0@heavenspanyc> FYI - anyone or any hosting company (linux/unix) with a script called fantastico will let you automatically install multiple message forums, scripts and a bunch of other things. ciao yury ----- Original Message ----- From: To: "NYPHP Talk" Sent: Friday, January 16, 2004 10:51 AM Subject: Re: [nycphp-talk] Lunarpages > since you're on this list, perhaps consider > thehostingcompany.us > > I've been happy with them and they always respond to my emails to support > in a reasonable period of time. > > > > > Anybody have experience with the webhost lunarpages.com? > > > > The packages they offer sound very reasonable. I have been increasingly > > unhappy with my current provider, but don't want to go through the > > time/expense/downtime of a switch to another host only to find I'm not > > happy with the new provider. > > > > TIA, > > > > Jim > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at enobrev.com Fri Jan 16 11:23:35 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 16 Jan 2004 11:23:35 -0500 Subject: [nycphp-talk] Random In-Reply-To: <05F6C3B4CA00D7419D1708F36A9F7745B2C2@ffth-exc01.thompsonhealth.org> Message-ID: Just a follow up, here's how I implemented the random number generator for my query (using adodb): ------------ snip -------------- require_once('includes/function.random.php'); // Total Members $members_count = $db->GetRow('SELECT' . ' COUNT(member_id) as member_count' . ' FROM ' . TABLE_MEMBERS . ' m' . ' WHERE m.contest_subscribed = 1' . ' AND m.contest_selected = 0' . ' AND m.member_enabled = 1'); // Generate random number from random.org $random_user_number = GetRandomNumber(1, $members_count['member_count'], 1); // Winner $winner = $db->GetRow('SELECT' . ' m.member_id' . ' FROM ' . TABLE_MEMBERS . ' m' . ' WHERE m.contest_subscribed = 1' . ' AND m.member_enabled = 1' . ' AND m.contest_selected = 0' . ' ORDER BY m.member_username' . ' LIMIT ' . ($random_user_number - 1) . ', 1'); // Make sure there's no current winner $db->Execute('UPDATE ' . TABLE_MEMBERS . ' SET' . ' contest_rocbox_current = 0' , ' WHERE 1'); // Update the winner to make sure they can only win once $db->Execute('UPDATE ' . TABLE_MEMBERS . ' SET' . ' contest_selected = 1,' . ' contest_date = NOW(),' . ' contest_current = 1' . ' WHERE member_id = ' . $winner['member_id']); ------------ snip -------------- Thanks for the help!!!! Mark From dcech at phpwerx.net Fri Jan 16 11:26:57 2004 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 16 Jan 2004 11:26:57 -0500 Subject: [nycphp-talk] Lunarpages In-Reply-To: <003201c3dc37$efef8670$6401a8c0@Notebook> References: <003201c3dc37$efef8670$6401a8c0@Notebook> Message-ID: <400810D1.5090406@phpwerx.net> Jim Hendricks wrote: > > Anybody have experience with the webhost lunarpages.com? > > The packages they offer sound very reasonable. I have been increasingly > unhappy with my current provider, but don't want to go through the > time/expense/downtime of a switch to another host only to find I'm not > happy with the new provider. Personally I use . If all you want is vanilla hosting they are not for you, but if you are interested in being able to manage your own server it is a great (cheaper) alternative to a dedicated box. The price is right, support is top notch, and I couldn't be happier with them. Dan From danielc at analysisandsolutions.com Fri Jan 16 11:34:22 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 16 Jan 2004 11:34:22 -0500 Subject: [nycphp-talk] passing optional arguments by reference Message-ID: <20040116163421.GA10841@panix.com> Hi Folks: I'm want the parameters for a function to be passed by reference. Normally, that's accomplished by placing a & in front of the variable. Trick is, the argument in question needs to be optional. Placing a & in front of an optional parameter creates a parse error. CODE: function &execute($stmt, &$data = array()) { } ERROR: Parse error: parse error, unexpected '=', expecting ')' Removing the "= array()" makes it parse fine. So, is there a way to do this, please? Thanks, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From dcech at phpwerx.net Fri Jan 16 11:47:26 2004 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 16 Jan 2004 11:47:26 -0500 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <20040116163421.GA10841@panix.com> References: <20040116163421.GA10841@panix.com> Message-ID: <4008159E.3050403@phpwerx.net> Daniel Convissor wrote: > Hi Folks: > > I'm want the parameters for a function to be passed by reference. > Normally, that's accomplished by placing a & in front of the variable. > Trick is, the argument in question needs to be optional. Placing a & in > front of an optional parameter creates a parse error. > > CODE: > function &execute($stmt, &$data = array()) { > } > > ERROR: > Parse error: parse error, unexpected '=', expecting ')' > > Removing the "= array()" makes it parse fine. > > So, is there a way to do this, please? AFAIK, no. There is a workaround though. If you create an array containing a reference, then pass that array normally, your function will work on a copy of the array, which contains a copy of the reference, which will still reference the same object. If that didn't make any sense: $myobj =& new stdClass (); print_r ($myobj); $myarr = array (); $myarr['myobj'] =& $myobj; function myfunc ($input = array ()) { if ( isset ($input['myobj']) ) { $input['myobj']->test = TRUE; } } myfunc ($myarr); print_r ($myobj); Hope this helps, Dan > Thanks, > > --Dan > From tgales at tgaconnect.com Fri Jan 16 12:51:07 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 16 Jan 2004 12:51:07 -0500 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <20040116163421.GA10841@panix.com> Message-ID: <002401c3dc59$51fe82a0$bf8d3818@oberon1> Is there some reason this will not work in your situation: function tst_func ($statement, &$test1) { if ( !isset ($test1) ) { $test1 = "the usual"; } echo $statement . $test1 . "\n"; } $tst_str = "something new"; $tst_ref = & $tst_str; tst_func( "Stuff was: ", $tst_ref ); tst_func( "Stuff was: " ); T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com p.s. kinda close to what was already posted sorry for the redundancy and repeating > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Daniel Convissor > Sent: Friday, January 16, 2004 11:34 AM > To: NYPHP Talk > Subject: [nycphp-talk] passing optional arguments by reference > > > Hi Folks: > > I'm want the parameters for a function to be passed by reference. > Normally, that's accomplished by placing a & in front of the > variable. > Trick is, the argument in question needs to be optional. > Placing a & in > front of an optional parameter creates a parse error. > > CODE: > function &execute($stmt, &$data = array()) { > } > > ERROR: > Parse error: parse error, unexpected '=', expecting ')' > > Removing the "= array()" makes it parse fine. > > So, is there a way to do this, please? > > Thanks, > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: > 718-854-0409 _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > From danielc at analysisandsolutions.com Fri Jan 16 12:57:55 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 16 Jan 2004 12:57:55 -0500 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <002401c3dc59$51fe82a0$bf8d3818@oberon1> References: <20040116163421.GA10841@panix.com> <002401c3dc59$51fe82a0$bf8d3818@oberon1> Message-ID: <20040116175755.GA18705@panix.com> On Fri, Jan 16, 2004 at 12:51:07PM -0500, Tim Gales wrote: > Is there some reason this > will not work in your situation: > > function tst_func ($statement, &$test1) { Yes. The second parameter must be optional. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From crisscott at netzero.com Fri Jan 16 12:58:19 2004 From: crisscott at netzero.com (Scott Mattocks) Date: Fri, 16 Jan 2004 12:58:19 -0500 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <20040116163421.GA10841@panix.com> References: <20040116163421.GA10841@panix.com> Message-ID: <4008263B.4070407@netzero.com> Daniel Convissor wrote: > I'm want the parameters for a function to be passed by reference. > Normally, that's accomplished by placing a & in front of the variable. > Trick is, the argument in question needs to be optional. Placing a & in > front of an optional parameter creates a parse error. Can it be done with some combination of func_num_args and func_get_args? function &execute($stmt) { if (func_num_args () > 1) { $args = func_get_args (); if (!is_array ($args[1])) $args[1] = array () } // The rest of the code... } This should avoid the wrong number of parameter errors I think and still allow give you the flexibility of passing the second parameter by reference. Scott Mattocks From danielc at analysisandsolutions.com Fri Jan 16 13:00:13 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 16 Jan 2004 13:00:13 -0500 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <4008263B.4070407@netzero.com> References: <20040116163421.GA10841@panix.com> <4008263B.4070407@netzero.com> Message-ID: <20040116180012.GB18705@panix.com> On Fri, Jan 16, 2004 at 12:58:19PM -0500, Scott Mattocks wrote: > > Can it be done with some combination of func_num_args and func_get_args? Maybe. But it's not worth the overhead in this case. Dan's workaround of creating the reference ahead of time works. Thanks, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From eric at persson.tm Fri Jan 16 13:46:10 2004 From: eric at persson.tm (Eric Persson) Date: Fri, 16 Jan 2004 19:46:10 +0100 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <20040116163421.GA10841@panix.com> References: <20040116163421.GA10841@panix.com> Message-ID: <40083172.7090007@persson.tm> Daniel Convissor wrote: > CODE: > function &execute($stmt, &$data = array()) { > } > > ERROR: > Parse error: parse error, unexpected '=', expecting ')' > > Removing the "= array()" makes it parse fine. > > So, is there a way to do this, please? Why not just skip the = array() part and do: function &execute($stmt, &$data = '' ) { if( is_array($data) ){ //then.... } } Or, did I perhaps misunderstand it? Best regards, Eric -- Download the new Mozilla Firebird web browser at http://www.mozilla.org/products/firebird/ From danielc at analysisandsolutions.com Fri Jan 16 14:06:34 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 16 Jan 2004 14:06:34 -0500 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <40083172.7090007@persson.tm> References: <20040116163421.GA10841@panix.com> <40083172.7090007@persson.tm> Message-ID: <20040116190634.GA26916@panix.com> On Fri, Jan 16, 2004 at 07:46:10PM +0100, Eric Persson wrote: > > function &execute($stmt, &$data = '' ) { That produces a parse error too. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From sklar at sklar.com Fri Jan 16 14:15:54 2004 From: sklar at sklar.com (David Sklar) Date: Fri, 16 Jan 2004 14:15:54 -0500 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <20040116190634.GA26916@panix.com> Message-ID: >> function &execute($stmt, &$data = '' ) { > > That produces a parse error too. It makes sense that you can't have a optional pass-by-reference argument: what is supposed to happen in this code?: ---- function &execute($stmt, &$data = '') { global $dbh; $data = $dbh->query($stmt); if (PEAR::isError($data)) { return false; } else { return true; } } // ... instantiate DB connection in $dbh ... $retval = execute('SELECT * FROM foo'); ---- If the second argument is optional and not provided, there's nothing to attach $data to inside the function and the value is tossed away. It seems reasonable that when a function says it expects a reference to a variable, that reference must be present for the function to work properly. David From shawn at shawnlawyer.com Fri Jan 16 14:28:14 2004 From: shawn at shawnlawyer.com (Shawn Lawyer) Date: Fri, 16 Jan 2004 14:28:14 -0500 Subject: [nycphp-talk] Lunarpages References: <003201c3dc37$efef8670$6401a8c0@Notebook> <400810D1.5090406@phpwerx.net> Message-ID: <031a01c3dc66$e3bcec10$f1a0d718@Vaio> Depending on what your needs are and a what your budget is, I recommend a partered company of mine. Whe have all our server in the same datacenter as Google, on the same pipes. The prices and service are unparalelled. Simpli Hosting offers shared hosting as low as $5 bucks a month and dedicated servers as low as $99. You won't find this quality of service, and this quality of a datacenter in to many places. The sales department can be reached on aim with the screen name 'simpli sales' or on the web at simpli.biz. you'll be speaking with Erica she's one of the hottest PHP programmers I know and so easy to work with. Shawn Lawyer From shawn at shawnlawyer.com Fri Jan 16 14:29:56 2004 From: shawn at shawnlawyer.com (Shawn Lawyer) Date: Fri, 16 Jan 2004 14:29:56 -0500 Subject: [nycphp-talk] Lunarpages References: <003201c3dc37$efef8670$6401a8c0@Notebook> <400810D1.5090406@phpwerx.net> Message-ID: <032701c3dc67$21880390$f1a0d718@Vaio> correction: Erica's aim name is simplisales, no space. -SL From dmintz at davidmintz.org Fri Jan 16 14:49:10 2004 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 16 Jan 2004 14:49:10 -0500 (EST) Subject: [nycphp-talk] PEAR DB_DataObject -- opinions? In-Reply-To: <031a01c3dc66$e3bcec10$f1a0d718@Vaio> References: <003201c3dc37$efef8670$6401a8c0@Notebook> <400810D1.5090406@phpwerx.net> <031a01c3dc66$e3bcec10$f1a0d718@Vaio> Message-ID: Does anybody with any experience with the Pear DB_DataObject package have any opinions about it? I have just begun to RTFM and it almost reminds me of Java EJB container-managed entity beans -- that is, complicated. One wonders if the great conveniences are worth the, well, inconvenience of learning it and setting it all up. OTOH it looks like once you really get rolling you might save yourself a ton of grunt coding. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From rob at nyc.yamaha.com Fri Jan 16 14:55:51 2004 From: rob at nyc.yamaha.com (Robert Redcay) Date: Fri, 16 Jan 2004 14:55:51 -0500 Subject: [nycphp-talk] PEAR DB_DataObject -- opinions? In-Reply-To: References: <003201c3dc37$efef8670$6401a8c0@Notebook> <400810D1.5090406@phpwerx.net> <031a01c3dc66$e3bcec10$f1a0d718@Vaio> Message-ID: <400841C7.7020208@nyc.yamaha.com> Though I have not worked with this library extensively, I've been interested in it for a while and almost used it in a recent project. Here's what I like: - automatically generated PHP objects to represent each table in your database - these objects inherit a bunch of useful methods from the base class (e.g. update, edit, delete, fetch, etc.) Here's what bothered me: - Joins of 2 or more tables require awkward config files and don't seem very mature (this may be more a problem of the "Data Object" concept than of DB_DataObject's actual implementation) - One reason to use these is to avoid hard-coded SQL, but you'd inevitably have to hard-code SQL in these objects for complex queries. I'm interested to here what others say... -Rob David Mintz wrote: >Does anybody with any experience with the Pear DB_DataObject package have >any opinions about it? I have just begun to RTFM and it almost reminds me >of Java EJB container-managed entity beans -- that is, complicated. One >wonders if the great conveniences are worth the, well, inconvenience of >learning it and setting it all up. OTOH it looks like once you really get >rolling you might save yourself a ton of grunt coding. > > >--- >David Mintz >http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 >_______________________________________________ >talk mailing list >talk at lists.nyphp.org >http://lists.nyphp.org/mailman/listinfo/talk > > > > -- Robert Redcay Yamaha Music Interactive Inc. p: 646.562.5892 f: 646.562.7664 e: rredcay at nyc.yamaha.com From mitchy at spacemonkeylabs.com Fri Jan 16 15:30:42 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Fri, 16 Jan 2004 15:30:42 -0500 Subject: [nycphp-talk] PEAR DB_DataObject -- opinions? In-Reply-To: <400841C7.7020208@nyc.yamaha.com> References: <003201c3dc37$efef8670$6401a8c0@Notebook> <400810D1.5090406@phpwerx.net> <031a01c3dc66$e3bcec10$f1a0d718@Vaio> <400841C7.7020208@nyc.yamaha.com> Message-ID: <400849F2.7070806@spacemonkeylabs.com> > Here's what I like: > - automatically generated PHP objects to represent each table in your > database > - these objects inherit a bunch of useful methods from the base class > (e.g. update, edit, delete, fetch, etc.) > > Here's what bothered me: > - Joins of 2 or more tables require awkward config files and don't seem > very mature > (this may be more a problem of the "Data Object" concept than of > DB_DataObject's actual implementation) > - One reason to use these is to avoid hard-coded SQL, but you'd > inevitably have to hard-code SQL in these objects for complex queries. > > I'm interested to here what others say... Ditto from here. If I was to build a phpMyAdmin clone it would be great with this library. But of course, this assumes you are only interested in working with one table at a time! Seemed like a great idea at first, but the more I worked with it, the more it reminded me of HTML templating systems - powerful, but complicated and time-consuming to learn, and sometimes restrictive enough to cost more effort down the road. -- Mitch >From hans not junk at nyphp.com Fri Jan 16 15:47:13 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 04437A85F0 for ; Fri, 16 Jan 2004 15:47:13 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] PEAR DB_DataObject -- opinions? Date: Fri, 16 Jan 2004 12:47:10 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752A9D1 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] PEAR DB_DataObject -- opinions? Thread-Index: AcPcadQgD/vaBvqUS4WaHztxz7EhBgABpWbw From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 20:47:13 -0000 > Does anybody with any experience with the Pear DB_DataObject=20 Nope. > package have any opinions about it?=20 Yup. I deeply dislike any frontend code that attempts to automatically build SQL statements for you, and/or wraps objects around tables. I understand the purpose, which is to abstract database access into easily managable pieces, but it's the wrong approach. This is why stored procedures were invented. So you use MySQL 4.x and don't have stored procs? Still, I see DataObject, and libs similar to it, as detrimental - for several reasons: -- you loose any benefit of the DB that you're actually using. Code specifically for your database - it's its own world. -- the overhead quickly becomes enourmous -- why does application level code need to wrap database access? SQL is it's own language - love it. But then again, this is coming from someone who thinks database abstraction (in app code, like PHP) is a Bad Thing to begin with. H From dmintz at davidmintz.org Fri Jan 16 15:59:39 2004 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 16 Jan 2004 15:59:39 -0500 (EST) Subject: [nycphp-talk] PEAR DB_DataObject -- opinions? In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752A9D1@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F8752A9D1@ehost011-1.exch011.intermedia.net> Message-ID: On Fri, 16 Jan 2004, Hans Zaunere wrote: > > > Does anybody with any experience with the Pear DB_DataObject > > Nope. > > > package have any opinions about it? > > Yup. > > I deeply dislike any frontend code that attempts to automatically build > SQL statements for you, and/or wraps objects around tables. I expected as much from the likes of Hans (-: ...especially when you consider that PEAR::DB is already a wrapper. Now comes DataObject to wrap the wrapper. Chinese dolls, anyone? --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 >From hans not junk at nyphp.com Fri Jan 16 16:04:01 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 5C34AA8799 for ; Fri, 16 Jan 2004 16:04:01 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Fri, 16 Jan 2004 13:03:59 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752A9D8 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Oracle and PHP Thread-Index: AcPccU6cE0wza1tHR5KJQMeqW8vTTwAAsJtg From: "Hans Zaunere" To: "NYPHP Talk" Subject: [nycphp-talk] FW: Oracle and PHP X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 21:04:01 -0000 > - can you also send me the names of who you think will be helping out=20 > from NYPHP at the installfest? > - will they already be badged for Linux World or do we need=20 > to get them in ? Anyone interested? Oracle will be doing a developer's installfest and PHP will be covered. They'd like someone from NYPHP to answer questions about PHP, etc. It'll be a relaxed environment, basically sitting around the table, and I doubt the questions will be very technical. If you're interested, let me know ASAP offlist: hans not junk at nyphp.com H From jonbaer at jonbaer.net Fri Jan 16 16:12:39 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 16 Jan 2004 16:12:39 -0500 Subject: [nycphp-talk] is there anything special to this? (PDF/PHP) Message-ID: <012d01c3dc75$7943d9c0$6400a8c0@thinkpad> i came across this little demo: http://www.fastio.com/forms/form1040.html HTML->Server->PDF it gave me an idea to create invoices/slips for people paying via check for certain things on a client site. but if im correct the black/white image in GD to PDF in an email attachment is technically feasible, am I right? - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From dcech at phpwerx.net Fri Jan 16 16:43:56 2004 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 16 Jan 2004 16:43:56 -0500 Subject: [nycphp-talk] is there anything special to this? (PDF/PHP) In-Reply-To: <012d01c3dc75$7943d9c0$6400a8c0@thinkpad> References: <012d01c3dc75$7943d9c0$6400a8c0@thinkpad> Message-ID: <40085B1C.5050705@phpwerx.net> jon baer wrote: > i came across this little demo: > > http://www.fastio.com/forms/form1040.html > > HTML->Server->PDF > > it gave me an idea to create invoices/slips for people paying via check for > certain things on a client site. but if im correct the black/white image in > GD to PDF in an email attachment is technically feasible, am I right? It's certainly cool, but nothing too complicated. The only thing that would be particularly impressive would be if they were starting with an existing pdf and adding annotation to 'fill' it. If you start with an image, or dynamically build the entire pdf, then you can do this kind of thing with ClibPDF or EzPdf . Dan From webmaster at localnotion.com Fri Jan 16 16:55:04 2004 From: webmaster at localnotion.com (Terenzio) Date: Fri, 16 Jan 2004 16:55:04 -0500 Subject: [nycphp-talk] EZ publish Message-ID: Anyone ever try EZ Publish . http://ez.no/ I'm looking into a collaborative framework for a community site with a strong user data model. So far, I think OpenACS(openacs,org) is the best, but I want a PHP solution. If nothing cuts it, I'll start my own project. >From hans not junk at nyphp.com Fri Jan 16 17:01:55 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id B0545A85FE for ; Fri, 16 Jan 2004 17:01:55 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] EZ publish Date: Fri, 16 Jan 2004 14:01:51 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752A9EE at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] EZ publish Thread-Index: AcPce2tlWUJ6ChG1Tp2RzSunWPAFwQAAL7LQ From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 22:01:56 -0000 > Anyone ever try EZ Publish . >=20 > http://ez.no/ >=20 > I'm looking into a collaborative framework for a community=20 > site with a strong user data model. > So far, I think OpenACS(openacs,org) is the best, but I want a PHP=20 > solution. If nothing cuts it, I'll start my own project. I haven't personally, but a good friend has and swears by it. He's done = tons of sites with it, including http://iqsquad.com (although now = probably isn't the best time to look at the site :) H From webmaster at localnotion.com Fri Jan 16 17:13:00 2004 From: webmaster at localnotion.com (Terenzio) Date: Fri, 16 Jan 2004 17:13:00 -0500 Subject: [nycphp-talk] EZ publish In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752A9EE@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F8752A9EE@ehost011-1.exch011.intermedia.net> Message-ID: <257E0C04-4871-11D8-B1EA-0003938BDF32@localnotion.com> Well, I'm going to take a look at it I just uploaded it to a server and there are about 50 files left.......out of over 2000. wow. On Jan 16, 2004, at 5:01 PM, Hans Zaunere wrote: >> Anyone ever try EZ Publish . >> >> http://ez.no/ >> >> I'm looking into a collaborative framework for a community >> site with a strong user data model. >> So far, I think OpenACS(openacs,org) is the best, but I want a PHP >> solution. If nothing cuts it, I'll start my own project. > > I haven't personally, but a good friend has and swears by it. He's > done tons of sites with it, including http://iqsquad.com (although > now probably isn't the best time to look at the site :) > > H > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From natrindex at yahoo.com Fri Jan 16 17:23:07 2004 From: natrindex at yahoo.com (charlie wang) Date: Fri, 16 Jan 2004 14:23:07 -0800 (PST) Subject: [nycphp-talk] EZ publish In-Reply-To: <257E0C04-4871-11D8-B1EA-0003938BDF32@localnotion.com> Message-ID: <20040116222307.39246.qmail@web13704.mail.yahoo.com> I once tried to use EZ publish. I had some problems setting up the site. Finally finished set up, then I found it's super slow. EZ everthing is OO design, probably that is the reason of being slow. Later I switch to PHPNUKE, developed few sites with ease. I will not switch to EZ. --- Terenzio wrote: > Well, I'm going to take a look at it I just uploaded > it to a server and > there are about 50 files left.......out of over > 2000. wow. > On Jan 16, 2004, at 5:01 PM, Hans Zaunere wrote: > > >> Anyone ever try EZ Publish . > >> > >> http://ez.no/ > >> > >> I'm looking into a collaborative framework for a > community > >> site with a strong user data model. > >> So far, I think OpenACS(openacs,org) is the best, > but I want a PHP > >> solution. If nothing cuts it, I'll start my own > project. > > > > I haven't personally, but a good friend has and > swears by it. He's > > done tons of sites with it, including > http://iqsquad.com (although > > now probably isn't the best time to look at the > site :) > > > > H > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus >From hans not junk at nyphp.com Fri Jan 16 17:23:17 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 3AE67A87AC for ; Fri, 16 Jan 2004 17:23:17 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] FW: Oracle and PHP Date: Fri, 16 Jan 2004 14:23:14 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752AA04 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] FW: Oracle and PHP Thread-Index: AcPccU6cE0wza1tHR5KJQMeqW8vTTwAAsJtgAAK257A= From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 22:23:18 -0000 > > - can you also send me the names of who you think will be helping = out=20 > > from NYPHP at the installfest? > > - will they already be badged for Linux World or do we need=20 > > to get them in ? >=20 > Anyone interested? Oracle will be doing a developer's installfest and > PHP will be covered. They'd like someone from NYPHP to answer = questions > about PHP, etc. It'll be a relaxed environment, basically sitting > around the table, and I doubt the questions will be very technical. >=20 > If you're interested, let me know ASAP offlist: hans not junk at nyphp.com More details: check out http://otn.oracle.com/linux installfest 21st 5:30pm-8:00pm I'll followup with more details to those who've contacted me already. Thanks, Hans From yury at heavenspa.com Fri Jan 16 17:36:48 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 16 Jan 2004 17:36:48 -0500 Subject: [nycphp-talk] EZ publish References: <20040116222307.39246.qmail@web13704.mail.yahoo.com> Message-ID: <016501c3dc81$3a6538f0$0400a8c0@heavenspanyc> mambo! I've installed mambo on sites in 4 minutes. Editing the layout took another 10.. Simple and effective: example: http://www.videogamesoutlet.com/ mambo link: http://www.mamboserver.com/ oh did i mention its FREE? regards yury ----- Original Message ----- From: "charlie wang" To: "NYPHP Talk" Sent: Friday, January 16, 2004 5:23 PM Subject: Re: [nycphp-talk] EZ publish > I once tried to use EZ publish. I had some problems > setting up the site. Finally finished set up, then I > found it's super slow. EZ everthing is OO design, > probably that is the reason of being slow. Later I > switch to PHPNUKE, developed few sites with ease. I > will not switch to EZ. > > > --- Terenzio wrote: > > Well, I'm going to take a look at it I just uploaded > > it to a server and > > there are about 50 files left.......out of over > > 2000. wow. > > On Jan 16, 2004, at 5:01 PM, Hans Zaunere wrote: > > > > >> Anyone ever try EZ Publish . > > >> > > >> http://ez.no/ > > >> > > >> I'm looking into a collaborative framework for a > > community > > >> site with a strong user data model. > > >> So far, I think OpenACS(openacs,org) is the best, > > but I want a PHP > > >> solution. If nothing cuts it, I'll start my own > > project. > > > > > > I haven't personally, but a good friend has and > > swears by it. He's > > > done tons of sites with it, including > > http://iqsquad.com (although > > > now probably isn't the best time to look at the > > site :) > > > > > > H > > > > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > __________________________________ > Do you Yahoo!? > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > http://hotjobs.sweepstakes.yahoo.com/signingbonus > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From webpage at ureach.com Fri Jan 16 18:35:56 2004 From: webpage at ureach.com (Web Page) Date: Fri, 16 Jan 2004 18:35:56 -0500 Subject: [nycphp-talk] EZ publish Message-ID: <200401162335.SAA01219@www23.ureach.com> Hello! I am installing it now. I installed it before and it was not so easy, but now, it is really smooth. I did not use the automatic install because I already have easyPHP on my Computer and I was not sure if it was going to install Apache and PHP etc again on the Computer so I just chose the tar.gz package. It now has an interface which acts as a wizard and will install 8 or 10 differen "styles" of EZ publish. Put it in "www" folder and aim at, http://localhost/ezpublish-3.3-2/pre_check.php Really smooth install. Interesting Install. WP Webbing Along ;):) ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Fri, 16 Jan 2004, charlie wang (natrindex at yahoo.com) wrote: > I once tried to use EZ publish. I had some problems > setting up the site. Finally finished set up, then I > found it's super slow. EZ everthing is OO design, > probably that is the reason of being slow. Later I > switch to PHPNUKE, developed few sites with ease. I > will not switch to EZ. > > > --- Terenzio wrote: > > Well, I'm going to take a look at it I just uploaded > > it to a server and > > there are about 50 files left.......out of over > > 2000. wow. > > On Jan 16, 2004, at 5:01 PM, Hans Zaunere wrote: > > > > >> Anyone ever try EZ Publish . > > >> > > >> http://ez.no/ > > >> > > >> I'm looking into a collaborative framework for a > > community > > >> site with a strong user data model. > > >> So far, I think OpenACS(openacs,org) is the best, > > but I want a PHP > > >> solution. If nothing cuts it, I'll start my own > > project. > > > > > > I haven't personally, but a good friend has and > > swears by it. He's > > > done tons of sites with it, including > > http://iqsquad.com (although > > > now probably isn't the best time to look at the > > site :) > > > > > > H > > > > > > _______________________________________________ > > > talk mailing list > > > talk at lists.nyphp.org > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > __________________________________ > Do you Yahoo!? > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > http://hotjobs.sweepstakes.yahoo.com/signingbonus > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > From webmaster at localnotion.com Fri Jan 16 18:58:57 2004 From: webmaster at localnotion.com (Terenzio) Date: Fri, 16 Jan 2004 18:58:57 -0500 Subject: [nycphp-talk] EZ publish In-Reply-To: <016501c3dc81$3a6538f0$0400a8c0@heavenspanyc> References: <20040116222307.39246.qmail@web13704.mail.yahoo.com> <016501c3dc81$3a6538f0$0400a8c0@heavenspanyc> Message-ID: I'm leaning more towards enterprise quality than ease of use. A unified data model. On Jan 16, 2004, at 5:36 PM, wrote: > mambo! I've installed mambo on sites in 4 minutes. Editing the layout > took > another 10.. Simple and effective: > > example: http://www.videogamesoutlet.com/ > > mambo link: http://www.mamboserver.com/ > > oh did i mention its FREE? > > regards > yury > ----- Original Message ----- > From: "charlie wang" > To: "NYPHP Talk" > Sent: Friday, January 16, 2004 5:23 PM > Subject: Re: [nycphp-talk] EZ publish > > >> I once tried to use EZ publish. I had some problems >> setting up the site. Finally finished set up, then I >> found it's super slow. EZ everthing is OO design, >> probably that is the reason of being slow. Later I >> switch to PHPNUKE, developed few sites with ease. I >> will not switch to EZ. >> >> >> --- Terenzio wrote: >>> Well, I'm going to take a look at it I just uploaded >>> it to a server and >>> there are about 50 files left.......out of over >>> 2000. wow. >>> On Jan 16, 2004, at 5:01 PM, Hans Zaunere wrote: >>> >>>>> Anyone ever try EZ Publish . >>>>> >>>>> http://ez.no/ >>>>> >>>>> I'm looking into a collaborative framework for a >>> community >>>>> site with a strong user data model. >>>>> So far, I think OpenACS(openacs,org) is the best, >>> but I want a PHP >>>>> solution. If nothing cuts it, I'll start my own >>> project. >>>> >>>> I haven't personally, but a good friend has and >>> swears by it. He's >>>> done tons of sites with it, including >>> http://iqsquad.com (although >>>> now probably isn't the best time to look at the >>> site :) >>>> >>>> H >>>> >>>> _______________________________________________ >>>> talk mailing list >>>> talk at lists.nyphp.org >>>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >> >> >> __________________________________ >> Do you Yahoo!? >> Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes >> http://hotjobs.sweepstakes.yahoo.com/signingbonus >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From eric at persson.tm Fri Jan 16 21:06:59 2004 From: eric at persson.tm (Eric Persson) Date: Sat, 17 Jan 2004 03:06:59 +0100 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <20040116190634.GA26916@panix.com> References: <20040116163421.GA10841@panix.com> <40083172.7090007@persson.tm> <20040116190634.GA26916@panix.com> Message-ID: <400898C3.4070809@persson.tm> Daniel Convissor wrote: > On Fri, Jan 16, 2004 at 07:46:10PM +0100, Eric Persson wrote: > >>function &execute($stmt, &$data = '' ) { > > > That produces a parse error too. Mmm..well, you're right, but thats probably caused by the &before $data, if you skip that and then go with execute($stmt, &$data); when you call the function, should give the same result? //Eric -- Download the new Mozilla Firebird web browser at http://www.mozilla.org/products/firebird/ From markert at optonline.net Fri Jan 16 23:01:31 2004 From: markert at optonline.net (John W. Markert) Date: Fri, 16 Jan 2004 23:01:31 -0500 Subject: [nycphp-talk] Lunarpages References: <003201c3dc37$efef8670$6401a8c0@Notebook> Message-ID: <007701c3dcae$97bb2370$0200a8c0@dads> I've used Lunarpages for a PHP/MySQL applicaion demo. Their service and support have been satisfactory. You will probably have to use a different connect on their server than you do on your local machine. ----- Original Message ----- From: Jim Hendricks To: NYPHP Talk Sent: Friday, January 16, 2004 8:52 AM Subject: [nycphp-talk] Lunarpages Anybody have experience with the webhost lunarpages.com? The packages they offer sound very reasonable. I have been increasingly unhappy with my current provider, but don't want to go through the time/expense/downtime of a switch to another host only to find I'm not happy with the new provider. TIA, Jim ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From nyphp at enobrev.com Fri Jan 16 23:15:22 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 16 Jan 2004 23:15:22 -0500 Subject: [nycphp-talk] PEAR DB_DataObject -- opinions? In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752A9D1@ehost011-1.exch011.intermedia.net> Message-ID: > SQL is it's own language - love it. I could not agree more. Mark From jonbaer at jonbaer.net Fri Jan 16 23:20:40 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 16 Jan 2004 23:20:40 -0500 Subject: [nycphp-talk] customizing phpmyadmin as cms tool Message-ID: <001901c3dcb1$4458ac90$6400a8c0@thinkpad> im just curious if anyone here uses the phpmyadmin interface and package as a CMS admin tool itself (either by graphically customizing it or such) ... im working on tweeking some items (like a popup date) and such + renaming links, etc ... for an easy way out it is working pretty smoothly for the guys who have to update things ... - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From jonbaer at jonbaer.net Sat Jan 17 02:31:58 2004 From: jonbaer at jonbaer.net (jon baer) Date: Sat, 17 Jan 2004 02:31:58 -0500 Subject: [nycphp-talk] pmadb (phpmyadmin + foreign keys) help Message-ID: <002901c3dccb$fdafbb10$6400a8c0@thinkpad> greetings ... ive recently finally gotten around to playing with the foreign key support in phpmyadmin - the pmadb tables (very impressive stuff) - took a while to get used to but once you have the knack of it its extremely helpful ... my question for anyone that knows it well or uses it is if you can create "display field" transformations or use multiple fields ... for example, i have a game linked to a scoresheet table and have no way of being able to select it without being more descriptive, ie: instead of: (date,time,home_team,away_team) any ideas? the pdf support is pretty sweet as well. - jon pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 From dcech at phpwerx.net Sat Jan 17 10:04:05 2004 From: dcech at phpwerx.net (Dan Cech) Date: Sat, 17 Jan 2004 10:04:05 -0500 Subject: [nycphp-talk] passing optional arguments by reference In-Reply-To: <20040116163421.GA10841@panix.com> References: <20040116163421.GA10841@panix.com> Message-ID: <40094EE5.9060303@phpwerx.net> > I'm want the parameters for a function to be passed by reference. > Normally, that's accomplished by placing a & in front of the variable. > Trick is, the argument in question needs to be optional. Placing a & in > front of an optional parameter creates a parse error. > > CODE: > function &execute($stmt, &$data = array()) { > } > > ERROR: > Parse error: parse error, unexpected '=', expecting ')' > > Removing the "= array()" makes it parse fine. > > So, is there a way to do this, please? Looking here: It appears this syntax is supported in PHP5. Dan From felix at students.poly.edu Sat Jan 17 06:54:31 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Sat, 17 Jan 2004 06:54:31 -0500 Subject: [nycphp-talk] EZ publish In-Reply-To: References: Message-ID: <20040117065431.7ee8dfda.felix@students.poly.edu> > I'm looking into a collaborative framework for a community site with a > strong user data model. > So far, I think OpenACS(openacs,org) is the best, but I want a PHP > solution. > If nothing cuts it, I'll start my own project. Take a look at drupal. Its not bloated and fast. I am using it to built my personal site so far I like it alot. From nyphp at enobrev.com Sat Jan 17 20:03:49 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Sat, 17 Jan 2004 20:03:49 -0500 Subject: [nycphp-talk] Enom API Message-ID: Evening all, Any of you know anyone who works with the Enom API? < http://www.enom.com/> Enom is a pretty large registrar. I've created a class for their api, and have been working on it for a few months now. Unfortunately, the only resource I've found is their pdf, which isn't exactly accurate and their support, which doesn't cover quite enough. I've been considering starting a forum, but I've no idea of the demand, as my queries come up pretty short. Regardless, enjoy the rest of your weekend! Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From nyphp at enobrev.com Sun Jan 18 11:17:52 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Sun, 18 Jan 2004 11:17:52 -0500 Subject: [nycphp-talk] Large SQL Query Message-ID: So is a query this size with this many joins completely nuts, fairly sensible or somewhere in between. It seems to run well on my dev server, but I've no idea how well mysql would handle this query under a load. The basic makeup of the db is a profiles table with a profile_details table. Each profile has 4 rows in the details table (one for each type - all of which will be used). Each profile type holds the same columns, data may differ according to type. This is 12 joins of 4 tables. Oh and these are the phpmyadmin results: Showing rows 0 - 0 (1 total, Query took 0.0012 sec) /* types ids: 1 Registrant 2 AuxBilling 3 Admin 4 Tech */ SELECT p.profile_id, p.account_id, p.profile_title, p.profile_default, r.profile_detail_id AS registrant_detail_id, r.profile_first_name AS registrant_first_name, r.profile_last_name AS registrant_last_name, r.profile_job_title AS registrant_job_title, r.profile_organization_name AS registrant_organization_name, r.profile_address1 AS registrant_address1, r.profile_address2 AS registrant_address2, r.profile_city AS registrant_city, r.state_id AS registrant_state_id, rs.state_title AS registrant_state_title, r.profile_state_province AS registrant_state_province, r.profile_postal_code AS registrant_postal_code, r.country_id AS registrant_country_id, rc.country_title AS registrant_country_title, r.profile_phone AS registrant_phone, r.profile_fax AS registrant_fax, r.profile_email AS registrant_email, t.profile_detail_id AS tech_detail_id, t.profile_first_name AS tech_fitst_name, t.profile_last_name AS tech_last_name, t.profile_job_title AS tech_job_title, t.profile_organization_name AS tech_organization_name, t.profile_address1 AS tech_address1, t.profile_address2 AS tech_address2, t.profile_city AS tech_city, t.state_id AS tech_state_id, ts.state_title AS tech_state_title, t.profile_state_province AS tech_state_province, t.profile_postal_code AS tech_postal_code, t.country_id AS tech_country_id, tc.country_title AS tech_country_title, t.profile_phone AS tech_phone, t.profile_fax AS tech_fax, t.profile_email AS tech_email, a.profile_detail_id AS admin_detail_id, a.profile_first_name AS admin_first_name, a.profile_last_name AS admin_last_name, a.profile_job_title AS admin_job_title, a.profile_organization_name AS admin_organization_name, a.profile_address1 AS admin_address1, a.profile_address2 AS admin_address2, a.profile_city AS admin_city, a.state_id AS admin_state_id, ast.state_title AS admin_state_title, a.profile_state_province AS admin_state_province, a.profile_postal_code AS admin_postal_code, a.country_id AS admin_country_id, ac.country_title AS admin_country_title, a.profile_phone AS admin_phone, a.profile_fax AS admin_fax, a.profile_email AS admin_email, b.profile_detail_id AS auxbilling_detail_id, b.profile_first_name AS auxbilling_first_name, b.profile_last_name AS auxbilling_last_name, b.profile_job_title AS auxbilling_job_title, b.profile_organization_name AS auxbilling_organization_name, b.profile_address1 AS auxbilling_address1, b.profile_address2 AS auxbilling_address2, b.profile_city AS auxbilling_city, b.state_id AS auxbilling_state_id, bs.state_title AS auxbilling_state_title, b.profile_state_province AS auxbilling_state_province, b.profile_postal_code AS auxbilling_postal_code, b.country_id AS auxbilling_country_id, bc.country_title AS auxbilling_country_title, b.profile_phone AS auxbilling_phone, b.profile_fax AS auxbilling_fax, b.profile_email AS auxbilling_email FROM TABLE_ACCOUNT_PROFILES p LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS r ON p.profile_id = r.profile_id AND r.profile_type_id = 1 LEFT JOIN TABLE_STATES rs ON r.state_id = rs.state_id LEFT JOIN TABLE_COUNTRIES rc ON r.country_id = rc.country_id LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS t ON p.profile_id = t.profile_id AND t.profile_type_id = 1 LEFT JOIN TABLE_STATES ts ON t.state_id = ts.state_id LEFT JOIN TABLE_COUNTRIES tc ON t.country_id = tc.country_id LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS a ON p.profile_id = a.profile_id AND a.profile_type_id = 1 LEFT JOIN TABLE_STATES ast ON a.state_id = ast.state_id LEFT JOIN TABLE_COUNTRIES ac ON a.country_id = ac.country_id LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS b ON p.profile_id = b.profile_id AND b.profile_type_id = 1 LEFT JOIN TABLE_STATES bs ON b.state_id = bs.state_id LEFT JOIN TABLE_COUNTRIES bc ON b.country_id = bc.country_id WHERE account_id = 1 AND p.profile_default = 1 Thanks for givin'er a look! Mark From nsr81 at ny-tech.net Sun Jan 18 17:09:58 2004 From: nsr81 at ny-tech.net (Nasir Zubair) Date: Sun, 18 Jan 2004 17:09:58 -0500 Subject: [nycphp-talk] Linux+ Certification from CompTIA Message-ID: <000701c3de0f$d0d0dad0$6401a8c0@main> Hi all, I want to get Linux+ certification. Can someone recommend an institute in Brooklyn/Manhattan area where they do preparation and examination for this? - Nasir From spot at deviantart.com Sun Jan 18 22:30:39 2004 From: spot at deviantart.com (Spot) Date: Sun, 18 Jan 2004 21:30:39 -0600 Subject: [nycphp-talk] Large SQL Query In-Reply-To: Message-ID: <004e01c3de3c$9c7fa180$5a01a8c0@spot> Mark, I found your post interesting and forwarded it to our dev list here at deviantART.com. Our CTO (Chris Bolt) responded with this: ------------- He's joining the same table 4 times (r, t, a, b) just to get the entire result as one row, when he could just join it once and get four rows back, and add a few lines of PHP to 'flatten' the rows and get the exact same end result. And his query would be: SELECT p.profile_id, p.account_id, p.profile_title, p.profile_default, d.*, ds.state_title, dc.country_title FROM TABLE_ACCOUNT_PROFILES p LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS d ON p.profile_id = d.profile_id LEFT JOIN TABLE_STATES ds ON d.state_id = ds.state_id LEFT JOIN TABLE_COUNTRIES dc ON d.country_id = dc.country_id WHERE p.account_id = 1 AND p.profile_default = 1 Also, he had a typo in the query he pasted below. In each of the joins (r, t, a, b) he left the profile_type_id = 1, when they should be 1, 4, 3 and 2 respectively. -------------- I thought you mind find it useful. Spot deviantART Inc. www.deviantart.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Mark Armendariz Sent: Sunday, January 18, 2004 10:18 AM To: 'NYPHP Talk' Subject: [nycphp-talk] Large SQL Query So is a query this size with this many joins completely nuts, fairly sensible or somewhere in between. It seems to run well on my dev server, but I've no idea how well mysql would handle this query under a load. The basic makeup of the db is a profiles table with a profile_details table. Each profile has 4 rows in the details table (one for each type - all of which will be used). Each profile type holds the same columns, data may differ according to type. This is 12 joins of 4 tables. Oh and these are the phpmyadmin results: Showing rows 0 - 0 (1 total, Query took 0.0012 sec) /* types ids: 1 Registrant 2 AuxBilling 3 Admin 4 Tech */ SELECT p.profile_id, p.account_id, p.profile_title, p.profile_default, r.profile_detail_id AS registrant_detail_id, r.profile_first_name AS registrant_first_name, r.profile_last_name AS registrant_last_name, r.profile_job_title AS registrant_job_title, r.profile_organization_name AS registrant_organization_name, r.profile_address1 AS registrant_address1, r.profile_address2 AS registrant_address2, r.profile_city AS registrant_city, r.state_id AS registrant_state_id, rs.state_title AS registrant_state_title, r.profile_state_province AS registrant_state_province, r.profile_postal_code AS registrant_postal_code, r.country_id AS registrant_country_id, rc.country_title AS registrant_country_title, r.profile_phone AS registrant_phone, r.profile_fax AS registrant_fax, r.profile_email AS registrant_email, t.profile_detail_id AS tech_detail_id, t.profile_first_name AS tech_fitst_name, t.profile_last_name AS tech_last_name, t.profile_job_title AS tech_job_title, t.profile_organization_name AS tech_organization_name, t.profile_address1 AS tech_address1, t.profile_address2 AS tech_address2, t.profile_city AS tech_city, t.state_id AS tech_state_id, ts.state_title AS tech_state_title, t.profile_state_province AS tech_state_province, t.profile_postal_code AS tech_postal_code, t.country_id AS tech_country_id, tc.country_title AS tech_country_title, t.profile_phone AS tech_phone, t.profile_fax AS tech_fax, t.profile_email AS tech_email, a.profile_detail_id AS admin_detail_id, a.profile_first_name AS admin_first_name, a.profile_last_name AS admin_last_name, a.profile_job_title AS admin_job_title, a.profile_organization_name AS admin_organization_name, a.profile_address1 AS admin_address1, a.profile_address2 AS admin_address2, a.profile_city AS admin_city, a.state_id AS admin_state_id, ast.state_title AS admin_state_title, a.profile_state_province AS admin_state_province, a.profile_postal_code AS admin_postal_code, a.country_id AS admin_country_id, ac.country_title AS admin_country_title, a.profile_phone AS admin_phone, a.profile_fax AS admin_fax, a.profile_email AS admin_email, b.profile_detail_id AS auxbilling_detail_id, b.profile_first_name AS auxbilling_first_name, b.profile_last_name AS auxbilling_last_name, b.profile_job_title AS auxbilling_job_title, b.profile_organization_name AS auxbilling_organization_name, b.profile_address1 AS auxbilling_address1, b.profile_address2 AS auxbilling_address2, b.profile_city AS auxbilling_city, b.state_id AS auxbilling_state_id, bs.state_title AS auxbilling_state_title, b.profile_state_province AS auxbilling_state_province, b.profile_postal_code AS auxbilling_postal_code, b.country_id AS auxbilling_country_id, bc.country_title AS auxbilling_country_title, b.profile_phone AS auxbilling_phone, b.profile_fax AS auxbilling_fax, b.profile_email AS auxbilling_email FROM TABLE_ACCOUNT_PROFILES p LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS r ON p.profile_id = r.profile_id AND r.profile_type_id = 1 LEFT JOIN TABLE_STATES rs ON r.state_id = rs.state_id LEFT JOIN TABLE_COUNTRIES rc ON r.country_id = rc.country_id LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS t ON p.profile_id = t.profile_id AND t.profile_type_id = 1 LEFT JOIN TABLE_STATES ts ON t.state_id = ts.state_id LEFT JOIN TABLE_COUNTRIES tc ON t.country_id = tc.country_id LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS a ON p.profile_id = a.profile_id AND a.profile_type_id = 1 LEFT JOIN TABLE_STATES ast ON a.state_id = ast.state_id LEFT JOIN TABLE_COUNTRIES ac ON a.country_id = ac.country_id LEFT JOIN TABLE_ACCOUNT_PROFILE_DETAILS b ON p.profile_id = b.profile_id AND b.profile_type_id = 1 LEFT JOIN TABLE_STATES bs ON b.state_id = bs.state_id LEFT JOIN TABLE_COUNTRIES bc ON b.country_id = bc.country_id WHERE account_id = 1 AND p.profile_default = 1 Thanks for givin'er a look! Mark _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From nyphp at enobrev.com Mon Jan 19 04:02:03 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Mon, 19 Jan 2004 04:02:03 -0500 Subject: [nycphp-talk] Large SQL Query In-Reply-To: <004e01c3de3c$9c7fa180$5a01a8c0@spot> Message-ID: >> He's joining the same table 4 times (r, t, a, b) just to get the >> entire result as one row, when he could just join it once and >> get four rows back, I agree, and had originally tried it that way, but I'm trying to figure out which end would like it more - the php loop or the mysql query. While the query is long, it's easier to read what fields are available (for the designer at least), and it allows the designer to do what he wants with the layout rather than using one specific design for 4 sections (within a loop). I'm going to run a timer later today to see which one seems to be happier. I suppose the idea is - is helping the designer out in this case going to hurt the processing of this page? Anyone know what I should be monitoring besides query and page load times? Thanks for passing it along. From nyphp at enobrev.com Mon Jan 19 07:36:14 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Mon, 19 Jan 2004 07:36:14 -0500 Subject: [nycphp-talk] Posting code... Message-ID: Found this interesting site which allows for posting color coded code in the following languages: C C99 C++ C# Java Pascal Perl PHP PL/I Python Ruby Visual Basic Plain Text Thought it could be useful in posting code examples since mail clients and servers can really chop code up something ugly. Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From sezery at damla.net Mon Jan 19 19:06:34 2004 From: sezery at damla.net (Sezer YALCIN) Date: Mon, 19 Jan 2004 19:06:34 -0500 Subject: [nycphp-talk] Re: Enom API Message-ID: <001e01c3dee9$4b9a5e60$6401a8c0@uni11> I developed and currently use a set of scripts that do fairly everything with enom.(domreg, modification, renewal etc.) If you have a question with it, I may have a comment. Sezer Evening all, Any of you know anyone who works with the Enom API? < http://www.enom.com/> Enom is a pretty large registrar. I've created a class for their api, and have been working on it for a few months now. Unfortunately, the only resource I've found is their pdf, which isn't exactly accurate and their support, which doesn't cover quite enough. I've been considering starting a forum, but I've no idea of the demand, as my queries come up pretty short. Regardless, enjoy the rest of your weekend! Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From tgales at tgaconnect.com Tue Jan 20 08:12:41 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 20 Jan 2004 08:12:41 -0500 Subject: [nycphp-talk] Simple XML discussion at Zend Message-ID: <001f01c3df57$16300360$bf8d3818@oberon1> There is a discussion about SimpleXML in PHP Weekly Summary | 19.JAN.2004 at: http://www.zend.com/zend/week/week169.php that will likely be of interest to readers of this list T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From adam at trachtenberg.com Tue Jan 20 10:37:11 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 20 Jan 2004 10:37:11 -0500 (EST) Subject: [nycphp-talk] Simple XML discussion at Zend In-Reply-To: <001f01c3df57$16300360$bf8d3818@oberon1> References: <001f01c3df57$16300360$bf8d3818@oberon1> Message-ID: On Tue, 20 Jan 2004, Tim Gales wrote: > There is a discussion about SimpleXML in > PHP Weekly Summary | 19.JAN.2004 at: > http://www.zend.com/zend/week/week169.php Unfortunately, I won't swear that my "excellent summary" is what's actually happening to SimpleXML. There's been a lot of changes since my message and also some things that I didn't say. I think right here is a good place to mention that I'll be giving a short talk at LinuxWorld on Wednesday at 2 pm on "A Sneak Preview of XML in PHP 5" at the O'Reilly Booth. More of a general overview than detailed list, but David and myself can answer questions during the "PHP Cookbook" book signing that will follow the talk. But back to SimpleXML. :) Right now, I would say the changes boil down to: 1) The xquery() method is now named xpath(). 2) You can no longer directly validate SimpleXML objects with XML Schema. 3) You used to be able to register namespaces to use as pseudo-properties and as XPath prefixes with the register_ns() method. This has been removed. You now use children() and attributes() methods and pass the namespace name. For XPath, you pass an additional array of prefix->namespace pairs. 4) The to_xml() and to_xml_file() methods as now one method named asXML(). Passing 0 parameters returns the data, passing 1 writes it to a file. asXML() now correctly only returns the data from the current node downward instead of the whole file. 5) SimpleXML now returns iterators instead of arrays, so you should now be able to cycle through results using foreach regardless of the number of elements returned. (i.e. even one element works.) 6) SimpleXML behaves in a far more consistent manner, should be less buggy, etc, etc. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From shiflett at php.net Tue Jan 20 10:49:13 2004 From: shiflett at php.net (Chris Shiflett) Date: Tue, 20 Jan 2004 07:49:13 -0800 (PST) Subject: [nycphp-talk] Simple XML discussion at Zend In-Reply-To: Message-ID: <20040120154913.23667.qmail@web14303.mail.yahoo.com> --- Adam Maccabee Trachtenberg wrote: > 5) SimpleXML now returns iterators instead of arrays, so you should > now be able to cycle through results using foreach regardless of > the number of elements returned. (i.e. even one element works.) Hey, why don't you give us a nice explanation of what iterators are. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jonbaer at jonbaer.net Tue Jan 20 10:52:09 2004 From: jonbaer at jonbaer.net (jon baer) Date: Tue, 20 Jan 2004 10:52:09 -0500 Subject: [nycphp-talk] Simple XML discussion at Zend References: <001f01c3df57$16300360$bf8d3818@oberon1> Message-ID: <005201c3df6d$5d08e840$6400a8c0@thinkpad> kinda funny, alot of the work/discussion/thoughts/etc really remind me of when JDOM (www.jdom.org) first started ... and the fact that its on the same type of path right now ... i still want to know if/why/how SimpleXML will be entirely plug-in based (so that it is available for PHP4) or if its so internal to the Zend core, there were different answers. my first impression was an extension library. - jon From sklar at sklar.com Tue Jan 20 10:54:11 2004 From: sklar at sklar.com (David Sklar) Date: Tue, 20 Jan 2004 10:54:11 -0500 Subject: [nycphp-talk] Simple XML discussion at Zend In-Reply-To: <005201c3df6d$5d08e840$6400a8c0@thinkpad> Message-ID: > to know if/why/how SimpleXML will be entirely plug-in > based (so that it is available for PHP4) or if its so internal to the > Zend core, there were different answers. my first impression was an > extension library. It is definitely PHP 5 only. David From adam at trachtenberg.com Tue Jan 20 10:58:41 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 20 Jan 2004 10:58:41 -0500 (EST) Subject: [nycphp-talk] Simple XML discussion at Zend In-Reply-To: <005201c3df6d$5d08e840$6400a8c0@thinkpad> References: <001f01c3df57$16300360$bf8d3818@oberon1> <005201c3df6d$5d08e840$6400a8c0@thinkpad> Message-ID: On Tue, 20 Jan 2004, jon baer wrote: > i still want to know if/why/how SimpleXML will be entirely plug-in based (so > that it is available for PHP4) or if its so internal to the Zend core, there > were different answers. my first impression was an extension library. SimpleXML is an extension, but it only works with PHP 5 because it relies upon many low-level features that are only available in Zend Engine 2, such as property and method overloading and iterators. (There are additional reasons, such as SimpleXML expecting to work in conjunction with PHP 5's base libxml2 extension, but the ones listed first are the most fundamental.) -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From adam at trachtenberg.com Tue Jan 20 11:02:16 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 20 Jan 2004 11:02:16 -0500 (EST) Subject: [nycphp-talk] Simple XML discussion at Zend In-Reply-To: <20040120154913.23667.qmail@web14303.mail.yahoo.com> References: <20040120154913.23667.qmail@web14303.mail.yahoo.com> Message-ID: On Tue, 20 Jan 2004, Chris Shiflett wrote: > --- Adam Maccabee Trachtenberg wrote: > > 5) SimpleXML now returns iterators instead of arrays, so you should > > now be able to cycle through results using foreach regardless of > > the number of elements returned. (i.e. even one element works.) > > Hey, why don't you give us a nice explanation of what iterators are. :-) Maybe next week. :) For now, iterators are ways to loop through results that aren't arrays (retrieved rows from a database, files in a directory, nodes in an XML document), in a foreach as if the results were placed in an array. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From tgales at tgaconnect.com Tue Jan 20 11:09:45 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 20 Jan 2004 11:09:45 -0500 Subject: [nycphp-talk] Simple XML discussion at Zend In-Reply-To: Message-ID: <002801c3df6f$d2a41b40$bf8d3818@oberon1> Adam Maccabee Trachtenberg writes: "Unfortunately, I won't swear that my "excellent summary" is what's actually happening to SimpleXML." Well it still is an excellent summary. Pulling together somewhat disparate posts on a mailing list can be rather labor intensive undertaking. But with 'clew' it will be considerably easier in that more than one person can work on it. (i.e. your summary of SimpleXML is an (excellent) example of the kind of summarization which will be facilitated by 'clew') Anyway, thanks for making the subject matter more accessible. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From spot at deviantart.com Tue Jan 20 11:27:27 2004 From: spot at deviantart.com (Spot) Date: Tue, 20 Jan 2004 10:27:27 -0600 Subject: [nycphp-talk] Error Traping Message-ID: <00e401c3df72$4c1646e0$5a01a8c0@spot> This may be a simple question, but I have asked quite a few hard core PHP people and they all said no. Is there anyway to trap fatal errors before they get to the browser? Spot deviantART Inc. www.deviantart.com From dcech at phpwerx.net Tue Jan 20 11:33:10 2004 From: dcech at phpwerx.net (Dan Cech) Date: Tue, 20 Jan 2004 11:33:10 -0500 Subject: [nycphp-talk] Error Traping In-Reply-To: <00e401c3df72$4c1646e0$5a01a8c0@spot> References: <00e401c3df72$4c1646e0$5a01a8c0@spot> Message-ID: <400D5846.9090103@phpwerx.net> Spot wrote: > This may be a simple question, but I have asked quite a few hard core > PHP people and they all said no. > > Is there anyway to trap fatal errors before they get to the browser? Not that I know of. A Fatal error is usually something that should halt execution, hence the 'Fatal' part. I suggest you rethink your code to prevent the error occurring in the first place. In general it is good coding practice to avoid creating code which generates errors of any kind, and especially Fatal errors. Dan > Spot > deviantART Inc. > www.deviantart.com From sezery at damla.net Tue Jan 20 11:41:24 2004 From: sezery at damla.net (Sezer YALCIN) Date: Tue, 20 Jan 2004 11:41:24 -0500 Subject: [nycphp-talk] Error Traping References: <00e401c3df72$4c1646e0$5a01a8c0@spot> Message-ID: <001b01c3df74$47182170$6401a8c0@uni11> Your can disable error reports with error_reporting(), set 0 or you can manage them with set_error_handler() Sezer ----- Original Message ----- From: "Spot" To: Sent: Tuesday, January 20, 2004 11:27 AM Subject: [nycphp-talk] Error Traping > This may be a simple question, but I have asked quite a few hard core > PHP people and they all said no. > > Is there anyway to trap fatal errors before they get to the browser? > > > Spot > deviantART Inc. > www.deviantart.com > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From csnyder at chxo.com Tue Jan 20 11:46:18 2004 From: csnyder at chxo.com (Chris Snyder) Date: Tue, 20 Jan 2004 11:46:18 -0500 Subject: [nycphp-talk] Simple XML discussion at Zend In-Reply-To: References: <20040120154913.23667.qmail@web14303.mail.yahoo.com> Message-ID: <400D5B5A.1010709@chxo.com> Adam Maccabee Trachtenberg wrote: > For now, iterators are ways to loop through results that aren't arrays > >(retrieved rows from a database, files in a directory, nodes in an XML >document), in a foreach as if the results were placed in an array. > > > For a (possibly dated) summary: http://www.php.net/zend-engine-2.php scroll to Iteration From adam at trachtenberg.com Tue Jan 20 12:14:16 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Tue, 20 Jan 2004 12:14:16 -0500 (EST) Subject: [nycphp-talk] Simple XML discussion at Zend In-Reply-To: <400D5B5A.1010709@chxo.com> References: <20040120154913.23667.qmail@web14303.mail.yahoo.com> <400D5B5A.1010709@chxo.com> Message-ID: On Tue, 20 Jan 2004, Chris Snyder wrote: > For a (possibly dated) summary: > http://www.php.net/zend-engine-2.php scroll to Iteration AFAIK, this is still correct for Iterators written in PHP; however, most of the Iterator power comes from SPL, which is not mentioned here. It is SPL that I still need to dive into and check out. I will probably do that next week, unless I'm playing with the new mysqli extension. :) -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From danielc at analysisandsolutions.com Wed Jan 21 00:41:33 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 21 Jan 2004 00:41:33 -0500 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 Message-ID: <20040121054133.GA4332@panix.com> Hi Folks: Sorry for the delay in posting these... ================================================================ Subject: SecurityFocus Newsletter #230 Date: Mon, 5 Jan 2004 15:17:29 -0700 (MST) Apache mod_php Module File Descriptor Leakage Vulnerability http://www.securityfocus.com/bid/9302 OpenBB Index.PHP Remote SQL Injection Vulnerability http://www.securityfocus.com/bid/9300 OpenBB Board.PHP Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/9303 PHP-Nuke Survey Module SQL Injection Vulnerability http://www.securityfocus.com/bid/9305 Private Message System index.php Page Parameter Cross-Site S... http://www.securityfocus.com/bid/9308 php-ping Count Parameter Command Execution Vulnerability http://www.securityfocus.com/bid/9309 MiniBB Profile Website Name HTML Injection Vulnerability http://www.securityfocus.com/bid/9310 phpBB GroupCP.PHP SQL Injection Vulnerability http://www.securityfocus.com/bid/9314 PHPCatalog ID Parameter SQL Injection Vulnerability http://www.securityfocus.com/bid/9318 ================================================================ Subject: SecurityFocus Newsletter #231 Date: Mon, 12 Jan 2004 15:02:17 -0700 (MST) EasyDynamicPages config_page.php Remote PHP File Include Vul... http://www.securityfocus.com/bid/9338 Invision Power Board Calendar.PHP SQL Injection Vulnerabilit... http://www.securityfocus.com/bid/9353 HotNews Multiple PHP File Include Vulnerabilities http://www.securityfocus.com/bid/9357 FreznoShop Search Script Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/9359 vBulletin Calendar Script SQL Injection Vulnerability http://www.securityfocus.com/bid/9360 Phorum Multiple Cross-Site Scripting/HTML Injection Vulnerab... http://www.securityfocus.com/bid/9361 Phorum Registration Script hide_email SQL Injection Vulnerab... http://www.securityfocus.com/bid/9363 ThWboard board.php Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/9367 PhpGedView Multiple PHP Remote File Include Vulnerabilities http://www.securityfocus.com/bid/9368 PhpGedView Search Script Cross-Site Scripting Vulnerability http://www.securityfocus.com/bid/9369 PhpGedView PHPInfo Information Disclosure Weakness http://www.securityfocus.com/bid/9371 PostCalendar Search Function SQL Injection Vulnerability http://www.securityfocus.com/bid/9372 ================================================================ Subject: SecurityFocus Newsletter #232 Date: Tue, 20 Jan 2004 14:45:23 -0700 (MST) Andy's PHP Projects Man Page Lookup Script Information Discl... http://www.securityfocus.com/bid/9395 VisualShapers EZContents Module.PHP Remote Command Execution... http://www.securityfocus.com/bid/9396 PHPDig Config.PHP Include Remote Command Execution Vulnerabi... http://www.securityfocus.com/bid/9424 PHPShop Project Multiple Vulnerabilities http://www.securityfocus.com/bid/9437 Enjoy, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From mz34 at nyu.edu Wed Jan 21 08:25:59 2004 From: mz34 at nyu.edu (Matthew Zimmerman) Date: Wed, 21 Jan 2004 08:25:59 -0500 Subject: [nycphp-talk] Examples of HTML forms/user interfaces. In-Reply-To: <001f01c3df57$16300360$bf8d3818@oberon1> References: <001f01c3df57$16300360$bf8d3818@oberon1> Message-ID: <59E52998-4C15-11D8-8FCF-000A95CCDD2C@nyu.edu> Hello List, I was wondering if anyone had any good tutorials or examples for designing HTML interfaces/forms for data entry into a MySQl database. In the past my databases have been quite simple so I could have text boxes and pull down menus for data entry. The database I am working on now has some more "advanced" features such as allowing a user to add more than one value per field and also allowing the user to update controlled vocabulary in look up tables. For instance there is a field called "musician" but often I there can be more than one musician. My DB schema is fine and normalized, and my programming logic is fine too. But I am a bit over my head in making a easy user interface for these things. If any one has an samples or tutorials it would be great. Matt From tgales at tgaconnect.com Wed Jan 21 09:10:11 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 21 Jan 2004 09:10:11 -0500 Subject: [nycphp-talk] (no subject) Message-ID: <005101c3e028$4872e9b0$bf8d3818@oberon1> I came across a post: http://news.php.net/article.php?group=php.internals&article=6997 by Sterling Hughes Here is a snippet from that post cut-out (which carries the usual caveat of being "out of context"). "... Much of the current code in SimpleXML is due to immaturities in either Zend or the LibXML interface at the time I was writing SimpleXML. I wanted to have cool things to show at conferences, plus other people wanted to see what was possible with simplexml, so features started to creep in. xsearch() and schema validation were the first added, then came other methods like hasChildren() and getChildren() (when a simple xpath query /child::node() can tell you this) Most of simplexml's methods are either redundant, or redundant based upon redundancy (hasChildren(), getChildren(), attributes(), count()). Each of these methods are actually a very simple, very optimized xpath expression..." When I read this I sort of translated it in my mind to read: "Due to popular demand I allowed non-orthogonal features to creep into SimpleXML causing bloat and making it -- well not simple." (I was considering apologizing for allowing a shade of an old thread on an old thread at: http://lists.nyphp.org/pipermail/talk/2004-January/007005.html to haunt this list -- not. "I wrote it and I'm glad". ) Of course there is nothing wrong with letting an api grow and even take on a 'life of its own' -- while its on the 'drawing board', because it is in an experimental stage (to see what works). When preparing an api as a release candidate it is often prudent to use a 'George Forman-esque' grilling approach (to produce leaner and meaner results). The leaner the api the less the need to inject "Klein" solution to reduce the discomfort during later surgery. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com "For complex systems, requirements may be ambiguous and hard to state. The design may not be able to be finalized without some experimentation in an actual program to see what works..." Fredrick Brooks 'The Mythical Man Month' Brooks also said: "Plan to throw the first system away you will anyway -- " From sklar at sklar.com Wed Jan 21 09:47:51 2004 From: sklar at sklar.com (David Sklar) Date: Wed, 21 Jan 2004 09:47:51 -0500 Subject: [nycphp-talk] (no subject) (SimpleXML) In-Reply-To: <005101c3e028$4872e9b0$bf8d3818@oberon1> Message-ID: Sterling wrote: > Much of the current code in SimpleXML is due to immaturities in either > Zend or the LibXML interface at the time I was writing SimpleXML. I > wanted to have cool things to show at conferences, plus other people > wanted to see what was possible with simplexml, so features started > to creep in. xsearch() and schema validation were the first added, > then came other methods like hasChildren() and getChildren() (when a > simple xpath query /child::node() can tell you this) > > Most of simplexml's methods are either redundant, or redundant based > upon redundancy (hasChildren(), getChildren(), attributes(), count()). > Each of these methods are actually a very simple, very optimized > xpath expression..." Tim wrote: > When I read this I sort of translated it in my mind to read: "Due to > popular demand I allowed non-orthogonal features > to creep into SimpleXML causing bloat and making it -- well not > simple." I think many of those features actually make SimpleXML *simpler* -- to the non-xpath initiate, is $document->children() simpler or is $document->xpath('/child::node()') simpler? Xpath is swell, everyone using XML a lot should certainly learn Xpath, but it's overkill for simple (there's that word again !:) operations. The SimpleXML methods that handle common cases are useful just like having a multiplication operator is useful -- sure, you could accomplish the same thing with the addition operator, but it's a pain. Agree? Disagree? Come congratulate/argue with me today at LinuxWorld! David From mitchy at spacemonkeylabs.com Wed Jan 21 10:08:03 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Wed, 21 Jan 2004 10:08:03 -0500 Subject: [nycphp-talk] Examples of HTML forms/user interfaces. In-Reply-To: <59E52998-4C15-11D8-8FCF-000A95CCDD2C@nyu.edu> References: <001f01c3df57$16300360$bf8d3818@oberon1> <59E52998-4C15-11D8-8FCF-000A95CCDD2C@nyu.edu> Message-ID: <400E95D3.1010003@spacemonkeylabs.com> Matthew Zimmerman wrote: > Hello List, > > I was wondering if anyone had any good tutorials or examples for > designing HTML interfaces/forms for data entry into a MySQl database. PEAR::HTML_Quickform is one really great way to get started with more complex forms, and also generates validation rules (both client-side and server-side); and best of all the package comes with documentation and some great examples, including your multiple-musician scenario. I would suggest taking a look there. There's also a much more advanced controller mechanism for multiple-part forms, but luckily I haven't had to get into that. > In the past my databases have been quite simple so I could have text boxes > and pull down menus for data entry. The database I am working on now has > some more "advanced" features such as allowing a user to add more than > one value per field and also allowing the user to update controlled > vocabulary in look up tables. For instance there is a field called > "musician" but often I there can be more than one musician. My DB schema > is fine and normalized, and my programming logic is fine too. But I am a > bit over my head in making a easy user interface for these things. One (old) trick is to give all of the musician form items the same name in an array nomenclature, that way you could iterate over the $musician[] array for each value. That should make it easy to deal with getting "n" musicians from the form. If there is enough demand then I guess I just found the topic for my next tutorial... ;^) -- Mitch From adam at trachtenberg.com Wed Jan 21 11:05:06 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Wed, 21 Jan 2004 11:05:06 -0500 (EST) Subject: [nycphp-talk] (no subject) (SimpleXML) In-Reply-To: References: Message-ID: On Wed, 21 Jan 2004, David Sklar wrote: > Tim wrote: > > When I read this I sort of translated it in my mind to read: "Due to > > popular demand I allowed non-orthogonal features > > to creep into SimpleXML causing bloat and making it -- well not > > simple." s/Due to popular demand/Due to not paying attention/ :) > I think many of those features actually make SimpleXML *simpler* -- to the > non-xpath initiate, is $document->children() simpler or is > $document->xpath('/child::node()') simpler? I think it's a question whether/how SimpleXML should provide introspection capabilities. If you know the document's schema, there's no need for either because you can do $document->foo instead which is simpler than either choice. If you do want to maneuver through an arbitrary document, I think DOM or SimpleXML/XPath is the way to go. > Agree? Disagree? Come congratulate/argue with me today at LinuxWorld! See you there, punk! -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From webmaster at localnotion.com Wed Jan 21 12:15:40 2004 From: webmaster at localnotion.com (Terenzio) Date: Wed, 21 Jan 2004 12:15:40 -0500 Subject: [nycphp-talk] Examples of HTML forms/user interfaces. In-Reply-To: <59E52998-4C15-11D8-8FCF-000A95CCDD2C@nyu.edu> References: <001f01c3df57$16300360$bf8d3818@oberon1> <59E52998-4C15-11D8-8FCF-000A95CCDD2C@nyu.edu> Message-ID: <70164FD9-4C35-11D8-A662-0003938BDF32@localnotion.com> There is a html drop down menu option (called multiple I think) which allows you to select more than one item in the drop down. Then you stuff it into an array, put it into the form you want for insertion and proceed as usual. On Jan 21, 2004, at 8:25 AM, Matthew Zimmerman wrote: > Hello List, > > I was wondering if anyone had any good tutorials or examples for > designing HTML interfaces/forms for data entry into a MySQl database. > In the past my databases have been quite simple so I could have text > boxes and pull down menus for data entry. The database I am working on > now has some more "advanced" features such as allowing a user to add > more than one value per field and also allowing the user to update > controlled vocabulary in look up tables. For instance there is a field > called "musician" but often I there can be more than one musician. My > DB schema is fine and normalized, and my programming logic is fine > too. But I am a bit over my head in making a easy user interface for > these things. > > If any one has an samples or tutorials it would be great. > > Matt > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jlacey at att.net Wed Jan 21 12:50:15 2004 From: jlacey at att.net (John Lacey) Date: Wed, 21 Jan 2004 10:50:15 -0700 Subject: [nycphp-talk] Examples of HTML forms/user interfaces. In-Reply-To: <70164FD9-4C35-11D8-A662-0003938BDF32@localnotion.com> References: <001f01c3df57$16300360$bf8d3818@oberon1> <59E52998-4C15-11D8-8FCF-000A95CCDD2C@nyu.edu> <70164FD9-4C35-11D8-A662-0003938BDF32@localnotion.com> Message-ID: <400EBBD7.8000103@att.net> > > On Jan 21, 2004, at 8:25 AM, Matthew Zimmerman wrote: > >> Hello List, >> >> I was wondering if anyone had any good tutorials or examples for >> designing HTML interfaces/forms for data entry into a MySQl database. >> In the past my databases have been quite simple so I could have text >> boxes and pull down menus for data entry. The database I am working on >> now has some more "advanced" features such as allowing a user to add >> more than one value per field and also allowing the user to update >> controlled vocabulary in look up tables. For instance there is a field >> called "musician" but often I there can be more than one musician. My >> DB schema is fine and normalized, and my programming logic is fine >> too. But I am a bit over my head in making a easy user interface for >> these things. >> >> If any one has an samples or tutorials it would be great. >> >> Matt although the name 'dadabik' is a little strange, you might go to their site for some ideas http://www.dadabik.org/ according to a blurb on the site: DaDaBIK is a free PHP application that allows you to easily create a highly customizable Web form interface for a MySQL database in order to search, insert, update and delete records; all you need do is specify a few configuration parameters. hope that helps, John >From hans not junk at nyphp.com Wed Jan 21 21:14:24 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 62BC6A85F3 for ; Wed, 21 Jan 2004 21:14:24 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] more crappy programs: security focus 230 - 232 Date: Wed, 21 Jan 2004 18:14:21 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752AD8A at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] more crappy programs: security focus 230 - 232 Thread-Index: AcPf4T9ArHzhvppWSnS5iNZDAwtCGwAq+Qyg From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jan 2004 02:14:24 -0000 > Apache mod_php Module File Descriptor Leakage Vulnerability > http://www.securityfocus.com/bid/9302 This is unbelievable. Don't trust "bug" reports from people with email = addresses like linux4ever at yahoo.com. From the fork() man page: The child process has its own copy of the parent's descriptors. These descriptors reference the same underlying objects, so that, for instance, file pointers in file objects are shared between the child and the parent, so that an lseek(2) on a descriptor in the child process can affect a subsequent read(2) or write(2) by the parent. This descriptor copying is also used by the shell to establish standard input and output for newly created processes as well as to set up pipes. H From spot at deviantart.com Thu Jan 22 00:52:59 2004 From: spot at deviantart.com (Spot) Date: Wed, 21 Jan 2004 23:52:59 -0600 Subject: [nycphp-talk] Error Traping In-Reply-To: <001b01c3df74$47182170$6401a8c0@uni11> Message-ID: <006301c3e0ab$fe14eec0$5a01a8c0@spot> Sezer, Thank you sir. It seemed very strange to me that there was no way to accomplish this. Thank you again. Spot -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Sezer YALCIN Sent: Tuesday, January 20, 2004 10:41 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Error Traping Your can disable error reports with error_reporting(), set 0 or you can manage them with set_error_handler() Sezer ----- Original Message ----- From: "Spot" To: Sent: Tuesday, January 20, 2004 11:27 AM Subject: [nycphp-talk] Error Traping > This may be a simple question, but I have asked quite a few hard core > PHP people and they all said no. > > Is there anyway to trap fatal errors before they get to the browser? > > > Spot > deviantART Inc. > www.deviantart.com > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From tgales at tgaconnect.com Thu Jan 22 07:44:04 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 22 Jan 2004 07:44:04 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd Message-ID: <000901c3e0e5$6bae8d40$bf8d3818@oberon1> I know not everyone on the list can make it to our booth at LinuxWorld. So, I thought the readers of this list might like to hear something about how things went the first day. Firstly, if I had had my thinking cap on, I would have kept a written journal. As it is, I will have to give the scraps of things which I can remember 'off the cuff'. I arrived later that I had intended -- about noon. The booth is located in the .org pavilion on a fairly well-trafficked row. Our booth is between the 'Bastille Linux' booth(#4) and NYLUG's booth (#12). (if you really interested here's a link to a map: http://www.linuxworldexpo.com/linuxworldny/V40/floorplan/floorplan.cvn?map =10 ) Our booth is not to far from the O'Reilly boot (#357) and that seemed at first to be where most of the foot-traffic was flowing from -- but later I noticed that the flow changed direction and strength randomly. We ran out of some of the handouts and ran low on others -- there is a lot of interest. Whoops this post rambled longer than I intended, sorry. If there is something that you want to know about at the expo contact me off list and I will try and act as you 'eyes and ears' at the show -- that is of course with restrictions caused by the limited time I will have at my disposal. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From cderr at simons-rock.edu Thu Jan 22 08:03:52 2004 From: cderr at simons-rock.edu (charlie derr) Date: Thu, 22 Jan 2004 08:03:52 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: <000901c3e0e5$6bae8d40$bf8d3818@oberon1> References: <000901c3e0e5$6bae8d40$bf8d3818@oberon1> Message-ID: <400FCA38.6060906@simons-rock.edu> As a (mostly lurking) recent subsbcriber to this list I just wanted to say that I enjoyed stopping by yesterday and introducing myself. Hans, I was the guy who mentioned that we use postgresql instead of mysql, and that I have written (among many other apps) an ldap-based web authentication system using php. I second Tim's recommendation that anyone who can should definitely try to make it by the nyphp booth. ~c -- This is not a democracy; it's a cheerocracy. -Torrance Shipman From jonbaer at jonbaer.net Thu Jan 22 08:31:17 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 22 Jan 2004 08:31:17 -0500 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 References: <41EE526EC2D3C74286415780D3BA9F8752AD8A@ehost011-1.exch011.intermedia.net> Message-ID: <004f01c3e0ec$0bd70350$6400a8c0@thinkpad> not to mention the phpbb bug which was also listed there is pretty old + has already been fixed - yet - was listed as *not* being supplied from the vendor which is false ... - jon ----- Original Message ----- From: "Hans Zaunere" To: "NYPHP Talk" Sent: Wednesday, January 21, 2004 9:14 PM Subject: RE: [nycphp-talk] more crappy programs: security focus 230 - 232 > Apache mod_php Module File Descriptor Leakage Vulnerability > http://www.securityfocus.com/bid/9302 This is unbelievable. Don't trust "bug" reports from people with email addresses like linux4ever at yahoo.com. From the fork() man page: The child process has its own copy of the parent's descriptors. These descriptors reference the same underlying objects, so that, for instance, file pointers in file objects are shared between the child and the parent, so that an lseek(2) on a descriptor in the child process can affect a subsequent read(2) or write(2) by the parent. This descriptor copying is also used by the shell to establish standard input and output for newly created processes as well as to set up pipes. H _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Thu Jan 22 08:38:40 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 22 Jan 2004 08:38:40 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] Message-ID: <400FD260.1010608@optonline.net> Some interesting stuff posted on NYLUG. ======================= Microsoft applies for a patent on xml format. full story: http://www.nzoss.org.nz/portal/modules.php?name=News&file=article&sid=284 SCO sent a letter to Congress trying to explain why the Open Source movement is a threat to national security and information technology industry. http://www.osforge.com/news/001280.html Jeff Siegel -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jeffknight at mac.com Thu Jan 22 09:01:32 2004 From: jeffknight at mac.com (putamare) Date: Thu, 22 Jan 2004 09:01:32 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <400FD260.1010608@optonline.net> References: <400FD260.1010608@optonline.net> Message-ID: <7B9E3FEA-4CE3-11D8-BF95-003065F9A07A@mac.com> On Jan 22, 2004, at 8:38 AM, Jeff Siegel wrote: > SCO sent a letter to Congress trying to explain why the Open Source > movement is a threat to national security and information technology > industry. No big deal, any reasonably intelligent adult can see right through their... oh wait... we're screwed! From tgales at tgaconnect.com Thu Jan 22 09:33:15 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 22 Jan 2004 09:33:15 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <400FD260.1010608@optonline.net> Message-ID: <000c01c3e0f4$ac216e60$bf8d3818@oberon1> Jeff Siegel writes: "Microsoft applies for a patent on xml format" Almost all the moves Microsoft makes could be qualified as 'disturbing' -- Is this news -- no this it is the old 'dog bites man' -- the article says something like "Microsoft is going to make a move to extract fees from other companies..." Hello there guys from 'down under' -- c'mon why do you thing Microsoft copyrights everything? The whole copyright law (at least in the U.S.) is getting warped. It used to be you protected an author's intellectual property for a set amount of time (17 years I think it was) (and another amount of time connected to the death of the author) with the possibility of one extension. After that it the work was supposed to be place in the public domain and everyone could use it freely. Now corporations (which never die) effectively can create copyrights which may be able to (for all real purposes) stay effect in perpetuity -- and never reach the public domain. Anyway these marketing moves (attempts to extract fees from companies) by Microsoft are going to 'blow up' in their face. Witness the announcement that there was no longer going to be any support for older windows (Windows 98 etc.) That 'marketing move' was a blatant attempt to move customers to the XP licensing model and ensure that Microsoft would be able to 'extract their fee' -- that went over like a 'lead balloon'. Microsoft had to do a quick 180 degree turn, because of the customer uproar against that move. Also at Linux World the Microsoft booth has a slogan of (as I recall) "get all the facts" . It is as if to say the open source community is knowingly withholding vital information which could affect your decision as to whether to go with 'closed source' or 'open source'. Well I'll leave that alone... T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From sezery at damla.net Thu Jan 22 09:39:24 2004 From: sezery at damla.net (Sezer YALCIN) Date: Thu, 22 Jan 2004 09:39:24 -0500 Subject: [nycphp-talk] Error Traping References: <006301c3e0ab$fe14eec0$5a01a8c0@spot> Message-ID: <004c01c3e0f5$903493c0$6401a8c0@uni11> You'r welcome. Let me know if you need any additional help on this. Sezer ----- Original Message ----- From: "Spot" To: "'NYPHP Talk'" Sent: Thursday, January 22, 2004 12:52 AM Subject: RE: [nycphp-talk] Error Traping > Sezer, > > Thank you sir. It seemed very strange to me that there was no way to > accomplish this. > > Thank you again. > > > Spot > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On Behalf Of Sezer YALCIN > Sent: Tuesday, January 20, 2004 10:41 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Error Traping > > > > Your can disable error reports with error_reporting(), set 0 > or you can manage them with set_error_handler() > > Sezer > > ----- Original Message ----- > From: "Spot" > To: > Sent: Tuesday, January 20, 2004 11:27 AM > Subject: [nycphp-talk] Error Traping > > > > This may be a simple question, but I have asked quite a few hard core > > PHP people and they all said no. > > > > Is there anyway to trap fatal errors before they get to the browser? > > > > > > Spot > > deviantART Inc. > > www.deviantart.com > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From shiflett at php.net Thu Jan 22 10:35:00 2004 From: shiflett at php.net (Chris Shiflett) Date: Thu, 22 Jan 2004 07:35:00 -0800 (PST) Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <004f01c3e0ec$0bd70350$6400a8c0@thinkpad> Message-ID: <20040122153500.60303.qmail@web14303.mail.yahoo.com> --- jon baer wrote: > not to mention the phpbb bug which was also listed there is pretty > old + has already been fixed - yet - was listed as *not* being > supplied from the vendor which is false ... Tim Gales made me realize recently how unreliable the sources of some of this information are (he asked for verification of a vulnerability on this list, and the claim was totally false). It doesn't take too terribly long to verify the validitity, or lack thereof, of what is mentioned on Security Focus relating to PHP. Maybe NYPHP could host a Snopes-like site for this type of thing. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From nyphp at enobrev.com Thu Jan 22 11:32:47 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Thu, 22 Jan 2004 11:32:47 -0500 Subject: [nycphp-talk] Re: File Types In-Reply-To: <20040114164258.60726.qmail@mail.com> Message-ID: >> I'm trying to write small programs without a lot of extensions >> (i.e. PEAR), because some hosts don't install them. I've been looking for a similar solution for getting file information which doesn't rely on extensions. After a bit of search, I found an obscenely incredible solution: http://getid3.sourceforge.net/ Mark From jlacey at att.net Thu Jan 22 11:45:56 2004 From: jlacey at att.net (John Lacey) Date: Thu, 22 Jan 2004 09:45:56 -0700 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <20040122153500.60303.qmail@web14303.mail.yahoo.com> References: <20040122153500.60303.qmail@web14303.mail.yahoo.com> Message-ID: <400FFE44.5040309@att.net> Chris Shiflett wrote: > > It doesn't take too terribly long to verify the validitity, or lack > thereof, of what is mentioned on Security Focus relating to PHP. Maybe > NYPHP could host a Snopes-like site for this type of thing. :-) I'll be delivering a short hands-on "what is it?" seminar on [CompTIA] Security+/i-Net+ using Knoppix, and there's been an idea about security as it applies to AMP in the back of my mind. This looks like a time to at least mention it. I was thinking that it would be a really cool and helpful project for interested NYPHP members to set up what amounts to a 'honeypot' -- with a different twist -- for proving/testing/evaluating/hacking/messing-with/bashing an AMP platform/apps./utilities/whatever. For example, a "you-can't-mess-this-box-up" platform could be set up using first of all, one O/S and then later including other flavors -- Windows, Linux, FreeBSD, etc. There are an untold myriad of learning/best-practice scenarios that can result with an ongoing project like this. And I believe NYPHP has the horsepower to pull it off. just a thought... John From jonbaer at jonbaer.net Thu Jan 22 12:32:23 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 22 Jan 2004 12:32:23 -0500 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 References: <20040122153500.60303.qmail@web14303.mail.yahoo.com> <400FFE44.5040309@att.net> Message-ID: <00a001c3e10d$b293c900$6400a8c0@thinkpad> in the "real world" is nessus pretty much a legit testing method based on php developers experience? for example go here: http://cgi.nessus.org/plugins/search.html and type "php" ... what pops up seems to be php sigs for examining some more common php apps, what id like to see a bit of a more compact type of nessus which can take those same sigs + sql injections + some other nasties and put into a free tool (maybe developed in php) ... - jon > I was thinking that it would be a really cool and helpful > project for interested NYPHP members to set up what amounts > to a 'honeypot' -- with a different twist -- for > proving/testing/evaluating/hacking/messing-with/bashing an > AMP platform/apps./utilities/whatever. From jlacey at att.net Thu Jan 22 12:39:50 2004 From: jlacey at att.net (John Lacey) Date: Thu, 22 Jan 2004 10:39:50 -0700 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <00a001c3e10d$b293c900$6400a8c0@thinkpad> References: <20040122153500.60303.qmail@web14303.mail.yahoo.com> <400FFE44.5040309@att.net> <00a001c3e10d$b293c900$6400a8c0@thinkpad> Message-ID: <40100AE6.4000007@att.net> jon baer wrote: > in the "real world" is nessus pretty much a legit testing method based on > php developers experience? for example go here: > > http://cgi.nessus.org/plugins/search.html > I think it's just a much better nmap (or nmapfe for the command-line challenged). J From shiflett at php.net Thu Jan 22 12:47:10 2004 From: shiflett at php.net (Chris Shiflett) Date: Thu, 22 Jan 2004 09:47:10 -0800 (PST) Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <00a001c3e10d$b293c900$6400a8c0@thinkpad> Message-ID: <20040122174710.27331.qmail@web14301.mail.yahoo.com> --- jon baer wrote: > in the "real world" is nessus pretty much a legit testing method based > on php developers experience? for example go here: > > http://cgi.nessus.org/plugins/search.html > > and type "php" ... what pops up seems to be php sigs for examining some > more common php apps, what id like to see a bit of a more compact type > of nessus which can take those same sigs + sql injections + some other > nasties and put into a free tool (maybe developed in php) ... Well, nessus is open source (I couldn't tell if you were suggesting otherwise), and it's basically just a tool that has a nice plugin architecture. So, most of its actual usefulness comes from the plugins and not so much the tool. Since anyone can write a plugin, I imagine that there are some good plugins and a lot of bad ones. I can't imagine automating Web application security with a lot of success, and most of those PHP plugins appear to test for specific known vulnerabilities in popular PHP packages such as the Nukes and phpBB (all of which are favorites on Security Focus). Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jsiegel1 at optonline.net Thu Jan 22 12:47:29 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 22 Jan 2004 12:47:29 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <000c01c3e0f4$ac216e60$bf8d3818@oberon1> References: <000c01c3e0f4$ac216e60$bf8d3818@oberon1> Message-ID: <40100CB1.6000803@optonline.net> The XP Licensing model has kept me from doing upgrades on all of my PCs. Jeff Tim Gales wrote: > Jeff Siegel writes: > "Microsoft applies for a patent on xml format" > > Almost all the moves Microsoft makes > could be qualified as 'disturbing' -- > Is this news -- no this it is the old > 'dog bites man' -- the article says > something like "Microsoft is going to > make a move to extract fees from other companies..." > > Hello there guys from 'down under' -- c'mon > why do you thing Microsoft copyrights everything? > > The whole copyright law (at least in the U.S.) > is getting warped. It used to be you protected an > author's intellectual property for a set amount of > time (17 years I think it was) (and another amount of > time connected to the death of the author) with the > possibility of one extension. After that it the work > was supposed to be place in the public domain and > everyone could use it freely. > > Now corporations (which never die) effectively can create > copyrights which may be able to (for all real purposes) stay > effect in perpetuity -- and never reach the public domain. > > Anyway these marketing moves (attempts to extract fees from > companies) by Microsoft are going to 'blow up' in their face. > > Witness the announcement that there was no longer going to > be any support for older windows (Windows 98 etc.) That > 'marketing move' was a blatant attempt to move customers > to the XP licensing model and ensure that Microsoft > would be able to 'extract their fee' -- that went over > like a 'lead balloon'. Microsoft had to do a quick 180 > degree turn, because of the customer uproar against that > move. > > Also at Linux World the Microsoft booth has a slogan > of (as I recall) "get all the facts" . It is as if to > say the open source community is knowingly withholding vital > information which could affect your decision as to > whether to go with 'closed source' or 'open source'. > > Well I'll leave that alone... > > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Thu Jan 22 12:48:39 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 22 Jan 2004 12:48:39 -0500 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <20040122153500.60303.qmail@web14303.mail.yahoo.com> References: <20040122153500.60303.qmail@web14303.mail.yahoo.com> Message-ID: <40100CF7.2040104@optonline.net> A snopes-like site would be great. I would add that not only security issues but "myths" about PHP itself would need to be addressed. Jeff Chris Shiflett wrote: > --- jon baer wrote: > >>not to mention the phpbb bug which was also listed there is pretty >>old + has already been fixed - yet - was listed as *not* being >>supplied from the vendor which is false ... > > > Tim Gales made me realize recently how unreliable the sources of some of > this information are (he asked for verification of a vulnerability on this > list, and the claim was totally false). > > It doesn't take too terribly long to verify the validitity, or lack > thereof, of what is mentioned on Security Focus relating to PHP. Maybe > NYPHP could host a Snopes-like site for this type of thing. :-) > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security Handbook > Coming mid-2004 > HTTP Developer's Handbook > http://httphandbook.org/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dan at mx2pro.com Thu Jan 22 13:12:52 2004 From: dan at mx2pro.com (Dan Horning) Date: Thu, 22 Jan 2004 13:12:52 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <40100CB1.6000803@optonline.net> Message-ID: <20040122181255.86F42A85F3@virtu.nyphp.org> have you heard of the open license program (you need to have 5 - 249 computers to use this program) Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel Sent: Thursday, January 22, 2004 12:47 PM To: NYPHP Talk Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] The XP Licensing model has kept me from doing upgrades on all of my PCs. Jeff Tim Gales wrote: > Jeff Siegel writes: > "Microsoft applies for a patent on xml format" > > Almost all the moves Microsoft makes > could be qualified as 'disturbing' -- > Is this news -- no this it is the old > 'dog bites man' -- the article says > something like "Microsoft is going to > make a move to extract fees from other companies..." > > Hello there guys from 'down under' -- c'mon > why do you thing Microsoft copyrights everything? > > The whole copyright law (at least in the U.S.) > is getting warped. It used to be you protected an > author's intellectual property for a set amount of > time (17 years I think it was) (and another amount of > time connected to the death of the author) with the > possibility of one extension. After that it the work > was supposed to be place in the public domain and > everyone could use it freely. > > Now corporations (which never die) effectively can create > copyrights which may be able to (for all real purposes) stay > effect in perpetuity -- and never reach the public domain. > > Anyway these marketing moves (attempts to extract fees from > companies) by Microsoft are going to 'blow up' in their face. > > Witness the announcement that there was no longer going to > be any support for older windows (Windows 98 etc.) That > 'marketing move' was a blatant attempt to move customers > to the XP licensing model and ensure that Microsoft > would be able to 'extract their fee' -- that went over > like a 'lead balloon'. Microsoft had to do a quick 180 > degree turn, because of the customer uproar against that > move. > > Also at Linux World the Microsoft booth has a slogan > of (as I recall) "get all the facts" . It is as if to > say the open source community is knowingly withholding vital > information which could affect your decision as to > whether to go with 'closed source' or 'open source'. > > Well I'll leave that alone... > > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Thu Jan 22 13:35:01 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 22 Jan 2004 13:35:01 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <20040122181255.86F42A85F3@virtu.nyphp.org> References: <20040122181255.86F42A85F3@virtu.nyphp.org> Message-ID: <401017D5.6010007@optonline.net> I rather dump Microsoft and, where possible, just move to a Linux-based desktop. Jeff Dan Horning wrote: > have you heard of the open license program > (you need to have 5 - 249 computers to use this program) > > > From dan at mx2pro.com Thu Jan 22 13:37:08 2004 From: dan at mx2pro.com (Dan Horning) Date: Thu, 22 Jan 2004 13:37:08 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <401017D5.6010007@optonline.net> Message-ID: <20040122183711.87854A85F5@virtu.nyphp.org> me too .. but most of my clients wouldn't hear it Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel Sent: Thursday, January 22, 2004 1:35 PM To: NYPHP Talk Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] I rather dump Microsoft and, where possible, just move to a Linux-based desktop. Jeff Dan Horning wrote: > have you heard of the open license program > (you need to have 5 - 249 computers to use this program) > > > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From joe_m at circlepressroom.com Thu Jan 22 13:45:53 2004 From: joe_m at circlepressroom.com (Joe M) Date: Thu, 22 Jan 2004 13:45:53 -0500 Subject: [nycphp-talk] timeouts In-Reply-To: <20040122183711.87854A85F5@virtu.nyphp.org> Message-ID: hello, switched from using a cgi script for uploading files to php4. problem is timeouts. i have increased the timeout in httpd.conf to 5000 secs. but does not seem to help. ok i am totally new to this-anyone? i have been searching web and newsgroups but don't have much time i am only it person here with win, novell, linux to look after. thanks joe ps i have recently been getting a "warn--php4 module already loaded" msg from configtest. i can post php.ini and httpd.conf if you want. From mitchy at spacemonkeylabs.com Thu Jan 22 13:53:33 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Thu, 22 Jan 2004 13:53:33 -0500 Subject: [nycphp-talk] timeouts In-Reply-To: References: Message-ID: <40101C2D.40708@spacemonkeylabs.com> Joe M wrote: > hello, > switched from using a cgi script for uploading files to php4. problem > is timeouts. i have increased the timeout in httpd.conf to 5000 secs. > but does not seem to help. ok i am totally new to this-anyone? i have > been searching web and newsgroups but don't have much time i am only it > person here with win, novell, linux to look after. thanks joe > ps i have recently been getting a "warn--php4 module already loaded" msg > from configtest. I had a similar problem a couple weeks ago, and had to balance between apache and php configurations to make it work. The php.ini parameters were max_execution_time and max_input_time, which for my problem both had to be tweaked... > i can post php.ini and httpd.conf if you want. php.ini might help. I'm a lurker so I hope this is ok - and if not, someone hit me with a cluestick and I will suddenly make sense again. -- Mitch From yury at heavenspa.com Thu Jan 22 14:07:46 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Thu, 22 Jan 2004 14:07:46 -0500 Subject: [nycphp-talk] timeouts References: <40101C2D.40708@spacemonkeylabs.com> Message-ID: <03bb01c3e11b$057b2930$0400a8c0@heavenspanyc> http://www.webmasterworld.com/forum88/2095.htm ciao yury ----- Original Message ----- From: "Mitch Pirtle" To: "NYPHP Talk" Sent: Thursday, January 22, 2004 1:53 PM Subject: Re: [nycphp-talk] timeouts > Joe M wrote: > > hello, > > switched from using a cgi script for uploading files to php4. problem > > is timeouts. i have increased the timeout in httpd.conf to 5000 secs. > > but does not seem to help. ok i am totally new to this-anyone? i have > > been searching web and newsgroups but don't have much time i am only it > > person here with win, novell, linux to look after. thanks joe > > ps i have recently been getting a "warn--php4 module already loaded" msg > > from configtest. > > I had a similar problem a couple weeks ago, and had to balance between > apache and php configurations to make it work. The php.ini parameters > were max_execution_time and max_input_time, which for my problem both > had to be tweaked... > > > i can post php.ini and httpd.conf if you want. > > php.ini might help. I'm a lurker so I hope this is ok - and if not, > someone hit me with a cluestick and I will suddenly make sense again. > > -- Mitch > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Thu Jan 22 14:21:47 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 22 Jan 2004 14:21:47 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <20040122183711.87854A85F5@virtu.nyphp.org> References: <20040122183711.87854A85F5@virtu.nyphp.org> Message-ID: <401022CB.7030101@optonline.net> That's a different story. :) Dan Horning wrote: > me too .. but most of my clients wouldn't hear it > > > Dan Horning - Music, Technology & Photography > http://www.dsoundmn.com/ > Technical Systems Administration > 1-866-284-3150 (Office/Home) > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Jeff Siegel > Sent: Thursday, January 22, 2004 1:35 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] > > I rather dump Microsoft and, where possible, just move to a Linux-based > desktop. > > Jeff > > Dan Horning wrote: > > >>have you heard of the open license program >>(you need to have 5 - 249 computers to use this program) >> >> >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From bpang at bpang.com Thu Jan 22 14:53:47 2004 From: bpang at bpang.com (bpang at bpang.com) Date: Thu, 22 Jan 2004 14:53:47 -0500 (EST) Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <401022CB.7030101@optonline.net> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> Message-ID: <.38.117.145.89.1074801227.squirrel@www.bpang.com> related article http://www.cnn.com/2004/TECH/ptech/01/22/linux.desktop.reut/index.html > That's a different story. :) > > Dan Horning wrote: > >> me too .. but most of my clients wouldn't hear it >> >> >> Dan Horning - Music, Technology & Photography >> http://www.dsoundmn.com/ >> Technical Systems Administration >> 1-866-284-3150 (Office/Home) >> -----Original Message----- >> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] >> On >> Behalf Of Jeff Siegel >> Sent: Thursday, January 22, 2004 1:35 PM >> To: NYPHP Talk >> Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] >> >> I rather dump Microsoft and, where possible, just move to a Linux-based >> desktop. >> >> Jeff >> >> Dan Horning wrote: >> >> >>>have you heard of the open license program >>>(you need to have 5 - 249 computers to use this program) >>> >>> >>> >> >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk >> > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Thu Jan 22 15:15:01 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 22 Jan 2004 15:15:01 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <".38.117.145.89.1074801227.squirrel"@www.bpang.com> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> Message-ID: <40102F45.4070907@optonline.net> Very interesting. My own experience is that the Linux desktop is not quite ready for prime time...at least in terms of replacing the Office suite. However, for my kids to get email and surf the web...it's absolutely fine. Jeff bpang at bpang.com wrote: > related article > > http://www.cnn.com/2004/TECH/ptech/01/22/linux.desktop.reut/index.html > > > > >>That's a different story. :) >> >>Dan Horning wrote: >> >> >>>me too .. but most of my clients wouldn't hear it >>> >>> >>>Dan Horning - Music, Technology & Photography >>> http://www.dsoundmn.com/ >>> Technical Systems Administration >>> 1-866-284-3150 (Office/Home) >>>-----Original Message----- >>>From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] >>>On >>>Behalf Of Jeff Siegel >>>Sent: Thursday, January 22, 2004 1:35 PM >>>To: NYPHP Talk >>>Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] >>> >>>I rather dump Microsoft and, where possible, just move to a Linux-based >>>desktop. >>> >>>Jeff >>> >>>Dan Horning wrote: >>> >>> >>> >>>>have you heard of the open license program >>>>(you need to have 5 - 249 computers to use this program) >>>> >>>> >>>> >>> >>> >>>_______________________________________________ >>>talk mailing list >>>talk at lists.nyphp.org >>>http://lists.nyphp.org/mailman/listinfo/talk >>> >>>_______________________________________________ >>>talk mailing list >>>talk at lists.nyphp.org >>>http://lists.nyphp.org/mailman/listinfo/talk >>> >> >>-- >>Found on the Simpson's Website: >>"Ooooooh, they have the internet on computers now!" >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From bpang at bpang.com Thu Jan 22 16:15:50 2004 From: bpang at bpang.com (bpang at bpang.com) Date: Thu, 22 Jan 2004 16:15:50 -0500 (EST) Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <40102F45.4070907@optonline.net> References: <20040122183711.87854A85F5@virtu.nyphp.org><401022CB.7030101@optonline .net><".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> Message-ID: <.38.117.145.89.1074806150.squirrel@www.bpang.com> As I'm sure I've expressed before, I've been using linux as my primary desktop for a couple of years and would say I'm 95% satisfied with it. It's true that the "Office" functions are somewhat lacking and/or problematic, so I do keep a W2k machine here that I connect to with VNC (no extra monitors). One of the stranger problems I end up having is that Mozilla works better than IE, so when I'm doing "tricky" front-end stuff, I have to modify/rewrite code to support the ailing browser. > Very interesting. My own experience is that the Linux desktop is not > quite ready for prime time...at least in terms of replacing the Office > suite. However, for my kids to get email and surf the web...it's > absolutely fine. > > Jeff > > bpang at bpang.com wrote: > >> related article >> >> http://www.cnn.com/2004/TECH/ptech/01/22/linux.desktop.reut/index.html From mitchy at spacemonkeylabs.com Thu Jan 22 17:06:55 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Thu, 22 Jan 2004 17:06:55 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <.38.117.145.89.1074806150.squirrel@www.bpang.com> References: <20040122183711.87854A85F5@virtu.nyphp.org><401022CB.7030101@optonline .net><".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <.38.117.145.89.1074806150.squirrel@www.bpang.com> Message-ID: <4010497F.1030200@spacemonkeylabs.com> bpang at bpang.com wrote: > As I'm sure I've expressed before, I've been using linux as my primary > desktop for a couple of years and would say I'm 95% satisfied with it. > > It's true that the "Office" functions are somewhat lacking and/or > problematic, so I do keep a W2k machine here that I connect to with VNC > (no extra monitors). > > One of the stranger problems I end up having is that Mozilla works better > than IE, so when I'm doing "tricky" front-end stuff, I have to > modify/rewrite code to support the ailing browser. I've been using linux exclusively on the desktop for at least 5 or 6 years, and I've even forced my wife and children to accompany me on this bizarre journey. For the most part, problems have been minimal (friends emailing jokes in Powerpoint(?!), lousy printer drivers, total lack of email virus infections). I even got Internet Explorer running via Wine, so prototyping front-ends was not an issue and I got to experience the joy and wonder of a completely crippled application. The thing that forced me to install a 'doze partition was Macromedia. As I got more and more involved in the front-end of application design, the more I needed to know how to create Flash and Director animation. So I do have to boot into XP, and hate it the entire time I am there - my cheapo AC'97 audio stinks up the house in Windows, but the ALSA driver sounds wonderful - but for the most part XP has pretty much caught up to Linux. As soon as I can get decent virtual-desktop support, I will be happy. (evil grin) -- Mitch From jsiegel1 at optonline.net Thu Jan 22 21:22:45 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 22 Jan 2004 21:22:45 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <".38.117.145.89.1074806150.squirrel"@www.bpang.com> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> Message-ID: <40108575.6040109@optonline.net> I do so much work in MS Word (and the documents need to be shareable with clients) that, though I tried using OpenOffice...it just didn't fit the bill. Jeff bpang at bpang.com wrote: > As I'm sure I've expressed before, I've been using linux as my primary > desktop for a couple of years and would say I'm 95% satisfied with it. > > It's true that the "Office" functions are somewhat lacking and/or > problematic, so I do keep a W2k machine here that I connect to with VNC > (no extra monitors). > > One of the stranger problems I end up having is that Mozilla works better > than IE, so when I'm doing "tricky" front-end stuff, I have to > modify/rewrite code to support the ailing browser. > > > >>Very interesting. My own experience is that the Linux desktop is not >>quite ready for prime time...at least in terms of replacing the Office >>suite. However, for my kids to get email and surf the web...it's >>absolutely fine. >> >>Jeff >> >>bpang at bpang.com wrote: >> >> >>>related article >>> >>>http://www.cnn.com/2004/TECH/ptech/01/22/linux.desktop.reut/index.html > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Thu Jan 22 21:24:10 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Thu, 22 Jan 2004 21:24:10 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <4010497F.1030200@spacemonkeylabs.com> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> Message-ID: <401085CA.6020907@optonline.net> "virtual-desktop support"...that's sorely needed in Windows. Jeff Mitch Pirtle wrote: > bpang at bpang.com wrote: > >> As I'm sure I've expressed before, I've been using linux as my primary >> desktop for a couple of years and would say I'm 95% satisfied with it. >> >> It's true that the "Office" functions are somewhat lacking and/or >> problematic, so I do keep a W2k machine here that I connect to with VNC >> (no extra monitors). >> >> One of the stranger problems I end up having is that Mozilla works better >> than IE, so when I'm doing "tricky" front-end stuff, I have to >> modify/rewrite code to support the ailing browser. > > > I've been using linux exclusively on the desktop for at least 5 or 6 > years, and I've even forced my wife and children to accompany me on this > bizarre journey. For the most part, problems have been minimal (friends > emailing jokes in Powerpoint(?!), lousy printer drivers, total lack of > email virus infections). I even got Internet Explorer running via Wine, > so prototyping front-ends was not an issue and I got to experience the > joy and wonder of a completely crippled application. > > The thing that forced me to install a 'doze partition was Macromedia. As > I got more and more involved in the front-end of application design, the > more I needed to know how to create Flash and Director animation. So I > do have to boot into XP, and hate it the entire time I am there - my > cheapo AC'97 audio stinks up the house in Windows, but the ALSA driver > sounds wonderful - but for the most part XP has pretty much caught up to > Linux. As soon as I can get decent virtual-desktop support, I will be > happy. > > (evil grin) > > -- Mitch > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dcech at phpwerx.net Thu Jan 22 22:06:58 2004 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 22 Jan 2004 22:06:58 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <401085CA.6020907@optonline.net> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> Message-ID: <40108FD2.1020604@phpwerx.net> Jeff Siegel wrote: > "virtual-desktop support"...that's sorely needed in Windows. http://www.microsoft.com/windowsxp/pro/downloads/powertoys.asp Enjoy, Dan From dan at cain.sh Thu Jan 22 22:16:31 2004 From: dan at cain.sh (Daniel J Cain Jr.) Date: Thu, 22 Jan 2004 21:16:31 -0600 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <401085CA.6020907@optonline.net> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> Message-ID: <1074827790.98780.13.camel@gigabeast.home.cain.sh> On Thu, 2004-01-22 at 20:24, Jeff Siegel wrote: > "virtual-desktop support"...that's sorely needed in Windows. > > Jeff Sorry to not have any PHP related content in this response, but this may help those that are stranded between *NIX and Windows for developing. In windows XP they have a 'power toy' that gives you four virtual desktops. I think its called Microsoft virtual desktop manager(MSVDM). Its not as smooth as in *NIX but hey it lets me run an X server on desktop 4 and the rest for other applications. Although I am mainly on a FreeBSD workstation and not so much Windows anymore. Also you can get UNIX services for windows (I have yet to install it) which I believe includes an X server for XP Pro (wont install on home). As well as the ability to run shell scripts natively(wrong term?) in XP ala /bin/sh? At one point you could get them to send you the CD for just shipping and handling (not sure if its still going on) which is how I got mine. I would provide links if I had any, but since I would have to Google them out I'll let those interested track it down. Happy Coding -dan From jonbaer at jonbaer.net Thu Jan 22 22:26:36 2004 From: jonbaer at jonbaer.net (jon baer) Date: Thu, 22 Jan 2004 22:26:36 -0500 Subject: [nycphp-talk] overriding strval(x)? Message-ID: <019701c3e160$b522e9a0$6400a8c0@thinkpad> greetings, basic question ... when oo-ing your code is there anyway to override the strval() function if its being performed on your object? in java its likened to having a known function (toString()) but if someone decided to debug an object in php can they do something similar to the same so u can see ur variable sets? strval($myObject) "x -> foo, y-> bar" - jon From adam at trachtenberg.com Fri Jan 23 00:27:50 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Fri, 23 Jan 2004 00:27:50 -0500 (EST) Subject: [nycphp-talk] overriding strval(x)? In-Reply-To: <019701c3e160$b522e9a0$6400a8c0@thinkpad> References: <019701c3e160$b522e9a0$6400a8c0@thinkpad> Message-ID: On Thu, 22 Jan 2004, jon baer wrote: > when oo-ing your code is there anyway to override the strval() function if > its being performed on your object? in java its likened to having a known > function (toString()) but if someone decided to debug an object in php can > they do something similar to the same so u can see ur variable sets? In PHP 5, there's a __toString() method. Also, have you tried doing foreach on the object? -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From jonbaer at jonbaer.net Fri Jan 23 00:34:09 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 23 Jan 2004 00:34:09 -0500 Subject: [nycphp-talk] overriding strval(x)? References: <019701c3e160$b522e9a0$6400a8c0@thinkpad> Message-ID: <01ca01c3e172$86e5bbf0$6400a8c0@thinkpad> Also, have you tried doing > foreach on the object? > can u explain? is this built-in introspection or did u mean on my own with my own method? thanks. - jon From adam at trachtenberg.com Fri Jan 23 02:26:12 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Fri, 23 Jan 2004 02:26:12 -0500 (EST) Subject: [nycphp-talk] overriding strval(x)? In-Reply-To: <01ca01c3e172$86e5bbf0$6400a8c0@thinkpad> References: <019701c3e160$b522e9a0$6400a8c0@thinkpad> <01ca01c3e172$86e5bbf0$6400a8c0@thinkpad> Message-ID: On Fri, 23 Jan 2004, jon baer wrote: > Also, have you tried doing > > foreach on the object? > > > > can u explain? is this built-in introspection or did u mean on my own with > my own method? This works in PHP 4 and PHP 5: class foo { var $a = 1; var $b = 'php'; } $foo = new foo; foreach ($foo as $k => $v) { print "$k: $v\n"; } a: 1 b: php I don't remember how PHP 5 modifies this to account for private and protected variables, but it should be easy to check. :) Also, if you're storing variables and arrays in the properties, you'll need to do a print_r() on them or otherwise check their type and handle them accordingly. There's also the PHP 5 introspection functions, but I won't be getting around to reading up on that until next month, so you're on your own here. Meanwhile you could check out the January 2004 issue of Linux Magazine (I picked up a free copy at LinuxWorld Expo) or check out: http://sitten-polizei.de/php/reflection_api/docs/language.reflection.html -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From jsiegel1 at optonline.net Fri Jan 23 05:03:04 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 05:03:04 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <40108FD2.1020604@phpwerx.net> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> <40108FD2.1020604@phpwerx.net> Message-ID: <4010F158.4060602@optonline.net> Didn't even know it existed (I used to have these "toys" with Win 98). Now...just to make sure I *still* take a swipe at WinXP...is it fair to complain that this is not part of the standard install? ;) Jeff Dan Cech wrote: > Jeff Siegel wrote: > >> "virtual-desktop support"...that's sorely needed in Windows. > > > http://www.microsoft.com/windowsxp/pro/downloads/powertoys.asp > > Enjoy, > > Dan > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Fri Jan 23 05:36:22 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 23 Jan 2004 05:36:22 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <4010F158.4060602@optonline.net> Message-ID: <001701c3e19c$beea9be0$bf8d3818@oberon1> Jeff Siegel writes: "it fair to complain that this is not part of the standard install?" Well the 'power toys' only work in the English language -- so they don't fit in the world-wide distribution scheme. Another thing is that if Microsoft were to put the power toy in the standard install, they would have to support it. If you have ever had to support software you've written for windows, the phrase 'dll hell' will probably be emotionally charged with unpleasant memories. Trying to explain to customers that they have altered the dynamic linking path for an executable can be a major time-waster. Along these lines, I think (or rather recall dimly) that many PHP installation instructions suggest you put your php dll's in the 'system32' (or the equivalent) folder. If you follow that advice, it can make setting up a (windows) test environment to compare PHP 4 and PHP 5 a real battle. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jsiegel1 at optonline.net Fri Jan 23 06:11:19 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 06:11:19 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <001701c3e19c$beea9be0$bf8d3818@oberon1> References: <001701c3e19c$beea9be0$bf8d3818@oberon1> Message-ID: <40110157.1040507@optonline.net> I spent too many years dealing with DLL Hell starting with Win 3.0 and it's one of the reasons why I've turned against MS. While on the one hand I think they have accomplished a great thing - I've built apps that tie MS Access into Word and Excel (and have done the same with most every flavor of Visual Basic beginning with 3.0) - I've also spent extraordinary amounts of time making sure that there were no DLL version issues, etc. So yes, you're absolutely correct...if the virtual desktop was part of the standard install they'd then have to support it. Maybe if they weren't always trying to conquer the world, they'd have time to add (and support) things like this in their standard installation. Overall, I view Microsoft as the software equivalent of AOL. In the same way that AOL made it possible for my parents generation to use email and browse the net, Microsoft has brought general software application use to the masses. But in both cases, this popularization comes with a price...measured, of course, in "software headache units." Jeff (formerly known as 71413.3354 at compuserve.com) Tim Gales wrote: > Jeff Siegel writes: > "it fair to complain that this is not part of > the standard install?" > > Well the 'power toys' only work in the English language -- > so they don't fit in the world-wide distribution > scheme. > > Another thing is that if Microsoft were to put the > power toy in the standard install, they would have to > support it. > > If you have ever had to support software you've > written for windows, the phrase 'dll hell' > will probably be emotionally charged with > unpleasant memories. > > Trying to explain to customers that they have > altered the dynamic linking path for an > executable can be a major time-waster. > > Along these lines, I think (or rather recall > dimly) that many PHP installation instructions > suggest you put your php dll's in the 'system32' > (or the equivalent) folder. > > If you follow that advice, it can make setting up > a (windows) test environment to compare PHP 4 and > PHP 5 a real battle. > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From mitchy at spacemonkeylabs.com Fri Jan 23 07:46:39 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Fri, 23 Jan 2004 07:46:39 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <4010F158.4060602@optonline.net> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> <40108FD2.1020604@phpwerx.net> <4010F158.4060602@optonline.net> Message-ID: <401117AF.4080000@spacemonkeylabs.com> Jeff Siegel wrote: > Didn't even know it existed (I used to have these "toys" with Win 98). > > Now...just to make sure I *still* take a swipe at WinXP...is it fair to > complain that this is not part of the standard install? ;) It's actually a good idea that it is NOT part of the standard install. I found this 'toy' some time ago and tried it out. I lasted for not quite one evening, as the jerkiness and performance woes forced me to remove the offending executable... Every time I switched desktops I had to save all open documents for fear of losing anything important! -- Mitch From jsiegel1 at optonline.net Fri Jan 23 08:01:30 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 08:01:30 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <401117AF.4080000@spacemonkeylabs.com> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> <40108FD2.1020604@phpwerx.net> <4010F158.4060602@optonline.net> <401117AF.4080000@spacemonkeylabs.com> Message-ID: <40111B2A.5040508@optonline.net> I can easily imagine someone opening a gazillion apps in each desktop and then the whole house of cards comes to a crash. Jeff Mitch Pirtle wrote: > Jeff Siegel wrote: > >> Didn't even know it existed (I used to have these "toys" with Win 98). >> >> Now...just to make sure I *still* take a swipe at WinXP...is it fair >> to complain that this is not part of the standard install? ;) > > > It's actually a good idea that it is NOT part of the standard install. I > found this 'toy' some time ago and tried it out. I lasted for not quite > one evening, as the jerkiness and performance woes forced me to remove > the offending executable... Every time I switched desktops I had to save > all open documents for fear of losing anything important! > > -- Mitch > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Fri Jan 23 08:29:21 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 23 Jan 2004 08:29:21 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <40111B2A.5040508@optonline.net> Message-ID: <001901c3e1b4$e97a5fe0$bf8d3818@oberon1> Jeff Siegel writes: " I can easily imagine someone opening a gazillion apps in each desktop and then the whole house of cards comes to a crash." Well Microsoft operating systems tend not to 'lock up' the way they used to after David Cutler was employed to work on NT. See: http://www3.sympatico.ca/n.rieck/docs/Windows-NT_is_VMS_re-implemented.htm l and http://en.wikipedia.org/wiki/Dave_Cutler I always would recommend to junior programmers working on 'VMS' projects to check the historical timelines of VMS and Unix before continuing to complain that they wanted to work on 'newer' operating systems like Unix. (in point of fact VMS is newer and for my money fixed things which could be characterized as 'occasionally problematic' in Unix) Once a week I light a candle for the WMS on the Itanium chip project at HP and hope everyone will come to their senses. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jsiegel1 at optonline.net Fri Jan 23 08:35:00 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 08:35:00 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <001901c3e1b4$e97a5fe0$bf8d3818@oberon1> References: <001901c3e1b4$e97a5fe0$bf8d3818@oberon1> Message-ID: <40112304.3050809@optonline.net> Definite improvement...until I have Dreamweaver, Fireworks, ACT, and Word open all at the same time. Jeff Tim Gales wrote: > Jeff Siegel writes: > " I can easily imagine someone opening a gazillion apps in each desktop > and then the whole house of cards comes to a crash." > > Well Microsoft operating systems tend not to 'lock up' > the way they used to after David Cutler was employed to > work on NT. > > See: > http://www3.sympatico.ca/n.rieck/docs/Windows-NT_is_VMS_re-implemented.htm > l > > and > http://en.wikipedia.org/wiki/Dave_Cutler > > I always would recommend to junior programmers working on 'VMS' > projects to check the historical timelines of VMS and > Unix before continuing to complain that they wanted to work on > 'newer' operating systems like Unix. > (in point of fact VMS is newer and for my money fixed things > which could be characterized as 'occasionally problematic' in > Unix) > > Once a week I light a candle for the WMS on the Itanium chip > project at HP and hope everyone will come to their senses. > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From tgales at tgaconnect.com Fri Jan 23 09:02:58 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Fri, 23 Jan 2004 09:02:58 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <40112304.3050809@optonline.net> Message-ID: <001a01c3e1b9$9baab080$bf8d3818@oberon1> Jeff Siegel writes: "Definite improvement...until I have Dreamweaver, Fireworks, ACT, and Word open all at the same time." You are making my case for me. I am sorry that my posts require effort to understand ( I don't spend the time to put them in proper shape) But take a look again (you followed the first link right?) at the part about "The "real operating system features" you speak of are at the UI and API level. They are not the reasons we consider NT to be a reimplementation of VMS at the internal level." And look again at the part about "Windows API mentality" T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jonbaer at jonbaer.net Fri Jan 23 11:54:21 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 23 Jan 2004 11:54:21 -0500 Subject: [nycphp-talk] mysql sync w/ php Message-ID: <02de01c3e1d1$8ca6c520$6400a8c0@thinkpad> greetings ... im trying to accomplish the same shell in only php without having to use shell_exec is it possible? mysqldump -h server1 -u user1 -psecret --add-drop-table db table(s) | mysql -h server2 -u user2 -psecret db - jon From yury at heavenspa.com Fri Jan 23 12:07:24 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 23 Jan 2004 12:07:24 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] References: <20040122183711.87854A85F5@virtu.nyphp.org><401022CB.7030101@optonline.net><".38.117.145.89.1074801227.squirrel"@www.bpang.com><40102F45.4070907@optonline.net><".38.117.145.89.1074806150.squirrel"@www.bpang.com><4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> <1074827790.98780.13.camel@gigabeast.home.cain.sh> Message-ID: <003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> http://www.firepages.com.au/ a great apache, php, mysql package that runs well on windows2k/xp... regards yury p.s. any php gurus live in Staten Island? ----- Original Message ----- From: "Daniel J Cain Jr." To: "NYPHP Talk" Sent: Thursday, January 22, 2004 10:16 PM Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] > On Thu, 2004-01-22 at 20:24, Jeff Siegel wrote: > > "virtual-desktop support"...that's sorely needed in Windows. > > > > Jeff > Sorry to not have any PHP related content in this response, but this may > help those that are stranded between *NIX and Windows for developing. > > In windows XP they have a 'power toy' that gives you four virtual > desktops. I think its called Microsoft virtual desktop manager(MSVDM). > Its not as smooth as in *NIX but hey it lets me run an X server on > desktop 4 and the rest for other applications. Although I am mainly on > a FreeBSD workstation and not so much Windows anymore. > > Also you can get UNIX services for windows (I have yet to install it) > which I believe includes an X server for XP Pro (wont install on home). > As well as the ability to run shell scripts natively(wrong term?) in XP > ala /bin/sh? At one point you could get them to send you the CD for > just shipping and handling (not sure if its still going on) which is how > I got mine. > > I would provide links if I had any, but since I would have to Google > them out I'll let those interested track it down. > > Happy Coding > -dan > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From dcech at phpwerx.net Fri Jan 23 12:02:12 2004 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 23 Jan 2004 12:02:12 -0500 Subject: [nycphp-talk] mysql sync w/ php In-Reply-To: <02de01c3e1d1$8ca6c520$6400a8c0@thinkpad> References: <02de01c3e1d1$8ca6c520$6400a8c0@thinkpad> Message-ID: <40115394.7010703@phpwerx.net> jon baer wrote: > greetings ... > > im trying to accomplish the same shell in only php without having to use > shell_exec is it possible? > > mysqldump -h server1 -u user1 -psecret --add-drop-table db table(s) | > mysql -h server2 -u user2 -psecret db > > - jon Possible - yes Easy - no If I understand you correctly you want to copy a database from one server to another using php. It is going to be much more efficient to use the shell commands than trying to go through the mysql extension for php, because it is restricted to executing only one sql command at a time, so each query would have to be executed separately. Not to mention you would need to devise some system to read data from your source database and convert it into SQL to execute against the second database. I am not sure exactly what the purpose of your script is, but you might be able to get some good pointers from checking out the source of phpMyAdmin. Dan From dmintz at davidmintz.org Fri Jan 23 12:20:55 2004 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 23 Jan 2004 12:20:55 -0500 (EST) Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: <400FCA38.6060906@simons-rock.edu> References: <000901c3e0e5$6bae8d40$bf8d3818@oberon1> <400FCA38.6060906@simons-rock.edu> Message-ID: Subjectively speaking, of course: I noticed that the low-rent district where the small booths (like NYPHP's) were located had a more exciting vibe than the upscale part of town where the flashy big corporate exhibits were. The conversation seemed more animated and interesting. Hats off to you guys who put in all those hours on your feet: Hans, Jeff K., Tim G., and whoever else. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jonbaer at jonbaer.net Fri Jan 23 13:11:19 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 23 Jan 2004 13:11:19 -0500 Subject: [nycphp-talk] mysql sync w/ php References: <02de01c3e1d1$8ca6c520$6400a8c0@thinkpad> <40115394.7010703@phpwerx.net> Message-ID: <002501c3e1dc$4d2ebff0$6400a8c0@thinkpad> > I am not sure exactly what the purpose of your script is, but you might > be able to get some good pointers from checking out the source of > phpMyAdmin. > im actually trying to work in a "Sync" button into phpMyAdmin, the purpose is that im using 1 db for local dev w/ code as such for virtual setups + dont want to mirror the same grant tables: if ($_SERVER['HTTP_HOST'] == "mysite") { mysql_connect("localhost","localuser","localpass"); mysql_select_db("my_db"); } else { mysql_connect("remoteserver","remoteuser","remotepass"); mysql_select_db("my_db"); } - jon From nyphp at enobrev.com Fri Jan 23 13:31:17 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 23 Jan 2004 13:31:17 -0500 Subject: [nycphp-talk] mysql sync w/ php In-Reply-To: <002501c3e1dc$4d2ebff0$6400a8c0@thinkpad> Message-ID: You could look into phpmyadmin's export funcions, have it generate the exported sql, and then run it's own import functions of that sql onto your production server. You would just need to allow access fro myour local server to your production server, byut phpMyAdmin does have al lthe functionality you would need. Their sql generation functions (export) are pretty nice and well thought out. If you'd like to separate it from the innards of phpMyadmin, I highly recommend using them. And the import functions basically ignores all the comments and loops through statement by statement split by semicolons. Good luck!' Mark From dan at mx2pro.com Fri Jan 23 14:13:19 2004 From: dan at mx2pro.com (Dan Horning) Date: Fri, 23 Jan 2004 14:13:19 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> Message-ID: <20040123191332.F19C7A85F0@virtu.nyphp.org> droooool works nicely... I'm impressed... worked with a few others which are nightmares Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of yury at heavenspa.com Sent: Friday, January 23, 2004 12:07 PM To: NYPHP Talk Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] http://www.firepages.com.au/ a great apache, php, mysql package that runs well on windows2k/xp... regards yury p.s. any php gurus live in Staten Island? ----- Original Message ----- From: "Daniel J Cain Jr." To: "NYPHP Talk" Sent: Thursday, January 22, 2004 10:16 PM Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] > On Thu, 2004-01-22 at 20:24, Jeff Siegel wrote: > > "virtual-desktop support"...that's sorely needed in Windows. > > > > Jeff > Sorry to not have any PHP related content in this response, but this may > help those that are stranded between *NIX and Windows for developing. > > In windows XP they have a 'power toy' that gives you four virtual > desktops. I think its called Microsoft virtual desktop manager(MSVDM). > Its not as smooth as in *NIX but hey it lets me run an X server on > desktop 4 and the rest for other applications. Although I am mainly on > a FreeBSD workstation and not so much Windows anymore. > > Also you can get UNIX services for windows (I have yet to install it) > which I believe includes an X server for XP Pro (wont install on home). > As well as the ability to run shell scripts natively(wrong term?) in XP > ala /bin/sh? At one point you could get them to send you the CD for > just shipping and handling (not sure if its still going on) which is how > I got mine. > > I would provide links if I had any, but since I would have to Google > them out I'll let those interested track it down. > > Happy Coding > -dan > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dcech at phpwerx.net Fri Jan 23 14:13:46 2004 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 23 Jan 2004 14:13:46 -0500 Subject: [nycphp-talk] mysql sync w/ php In-Reply-To: References: Message-ID: <4011726A.9020207@phpwerx.net> I'm with Mark on this one, the best method is going to be to combine the built-in phpMyAdmin export and import functions. This approach will be an order of magnitude slower than the mysqldump method, though you can probably gain a lot of speed by using the mysql extended insert syntax when populating the tables. Depending on the amount of data you are dealing with it might be best from a memory usage point of view to break the procedure up, generate and execute the structure SQL, then the data sql for each table separately, rather than trying to read it all into memory in one hit. Dan From jonbaer at jonbaer.net Fri Jan 23 14:13:27 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 23 Jan 2004 14:13:27 -0500 Subject: [nycphp-talk] mysql sync w/ php References: Message-ID: <001801c3e1e4$fb293240$6400a8c0@thinkpad> mark - great idea, thank you! hopefully i can do it in a way that would allow a patch. - jon > You could look into phpmyadmin's export funcions, have it generate the > exported sql, and then run it's own import functions of that sql onto your > production server. You would just need to allow access fro myour local From jsiegel1 at optonline.net Fri Jan 23 14:27:46 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 14:27:46 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> <1074827790.98780.13.camel@gigabeast.home.cain.sh> <003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> Message-ID: <401175B2.5070001@optonline.net> Thanks for pointing us to this package. We'll shortly have one...possibly two PHundamentals articles dealing with packages for installing AMP on Windows. Jeff yury at heavenspa.com wrote: > http://www.firepages.com.au/ > > a great apache, php, mysql package that runs well on windows2k/xp... > > regards > yury > > p.s. any php gurus live in Staten Island? > > > ----- Original Message ----- > From: "Daniel J Cain Jr." > To: "NYPHP Talk" > Sent: Thursday, January 22, 2004 10:16 PM > Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] > > > >>On Thu, 2004-01-22 at 20:24, Jeff Siegel wrote: >> >>>"virtual-desktop support"...that's sorely needed in Windows. >>> >>>Jeff >> >>Sorry to not have any PHP related content in this response, but this may >>help those that are stranded between *NIX and Windows for developing. >> >>In windows XP they have a 'power toy' that gives you four virtual >>desktops. I think its called Microsoft virtual desktop manager(MSVDM). >>Its not as smooth as in *NIX but hey it lets me run an X server on >>desktop 4 and the rest for other applications. Although I am mainly on >>a FreeBSD workstation and not so much Windows anymore. >> >>Also you can get UNIX services for windows (I have yet to install it) >>which I believe includes an X server for XP Pro (wont install on home). >>As well as the ability to run shell scripts natively(wrong term?) in XP >>ala /bin/sh? At one point you could get them to send you the CD for >>just shipping and handling (not sure if its still going on) which is how >>I got mine. >> >>I would provide links if I had any, but since I would have to Google >>them out I'll let those interested track it down. >> >>Happy Coding >>-dan >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Fri Jan 23 14:28:51 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 14:28:51 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: References: <000901c3e0e5$6bae8d40$bf8d3818@oberon1> <400FCA38.6060906@simons-rock.edu> Message-ID: <401175F3.8080206@optonline.net> I was there for a short time today and I think it may have been more "animated" because no one was trying to sell anything. Jeff David Mintz wrote: > Subjectively speaking, of course: I noticed that the low-rent district > where the small booths (like NYPHP's) were located had a more exciting > vibe than the upscale part of town where the flashy big corporate exhibits > were. The conversation seemed more animated and interesting. > > Hats off to you guys who put in all those hours on your feet: Hans, Jeff > K., Tim G., and whoever else. > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From yury at heavenspa.com Fri Jan 23 14:41:27 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 23 Jan 2004 14:41:27 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] References: <20040122183711.87854A85F5@virtu.nyphp.org><401022CB.7030101@optonline.net><".38.117.145.89.1074801227.squirrel"@www.bpang.com><40102F45.4070907@optonline.net><".38.117.145.89.1074806150.squirrel"@www.bpang.com><4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net><1074827790.98780.13.camel@gigabeast.home.cain.sh><003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> <401175B2.5070001@optonline.net> Message-ID: <008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> Jeff, for a hack like myself, i really enjoyed it. It a breeze to install and run, and it works! Which is a boon in itself. The only issue i found with it was that alot of the scripts I'd download and try to run would fail, due to the bundle being more upto date then the scripts. :)!~ regards yury ----- Original Message ----- From: "Jeff Siegel" To: "NYPHP Talk" Sent: Friday, January 23, 2004 2:27 PM Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] > Thanks for pointing us to this package. > We'll shortly have one...possibly two PHundamentals articles dealing > with packages for installing AMP on Windows. > > Jeff > > yury at heavenspa.com wrote: > > > http://www.firepages.com.au/ > > > > a great apache, php, mysql package that runs well on windows2k/xp... > > > > regards > > yury > > > > p.s. any php gurus live in Staten Island? > > > > > > ----- Original Message ----- > > From: "Daniel J Cain Jr." > > To: "NYPHP Talk" > > Sent: Thursday, January 22, 2004 10:16 PM > > Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] > > > > > > > >>On Thu, 2004-01-22 at 20:24, Jeff Siegel wrote: > >> > >>>"virtual-desktop support"...that's sorely needed in Windows. > >>> > >>>Jeff > >> > >>Sorry to not have any PHP related content in this response, but this may > >>help those that are stranded between *NIX and Windows for developing. > >> > >>In windows XP they have a 'power toy' that gives you four virtual > >>desktops. I think its called Microsoft virtual desktop manager(MSVDM). > >>Its not as smooth as in *NIX but hey it lets me run an X server on > >>desktop 4 and the rest for other applications. Although I am mainly on > >>a FreeBSD workstation and not so much Windows anymore. > >> > >>Also you can get UNIX services for windows (I have yet to install it) > >>which I believe includes an X server for XP Pro (wont install on home). > >>As well as the ability to run shell scripts natively(wrong term?) in XP > >>ala /bin/sh? At one point you could get them to send you the CD for > >>just shipping and handling (not sure if its still going on) which is how > >>I got mine. > >> > >>I would provide links if I had any, but since I would have to Google > >>them out I'll let those interested track it down. > >> > >>Happy Coding > >>-dan > >> > >>_______________________________________________ > >>talk mailing list > >>talk at lists.nyphp.org > >>http://lists.nyphp.org/mailman/listinfo/talk > >> > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jlacey at att.net Fri Jan 23 14:48:55 2004 From: jlacey at att.net (John Lacey) Date: Fri, 23 Jan 2004 12:48:55 -0700 Subject: [nycphp-talk] Re: firepages In-Reply-To: <008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> References: <20040122183711.87854A85F5@virtu.nyphp.org><401022CB.7030101@optonline.net><".38.117.145.89.1074801227.squirrel"@www.bpang.com><40102F45.4070907@optonline.net><".38.117.145.89.1074806150.squirrel"@www.bpang.com><4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net><1074827790.98780.13.camel@gigabeast.home.cain.sh><003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> <401175B2.5070001@optonline.net> <008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> Message-ID: <40117AA7.5080908@att.net> yury at heavenspa.com wrote: > Jeff, for a hack like myself, i really enjoyed it. It a breeze to install > and run, and it works! Which is a boon in itself. The only issue i found > with it was that alot of the scripts I'd download and try to run would fail, > due to the bundle being more upto date then the scripts. > > :)!~ > > regards > yury > > > yury, firepages' phpdev bundles don't appear to be kept uptodate anymore (witness the 4.23 php, apache 1.3.26, etc references). I believe the reason that your scripts failed is that they were probably written with register_globals=On and phpdev423 installed with the default php.ini value where it was Off XAMPP, on the other hand, is slightly modified to be "wide open" with register_globals=On so that many of the older scripts that depend on this condition will run. Jeff Siegel is going to post the XAMPP PHundamentals article pretty soon, I believe. I think you'll like that packaging hope that helps, John From Cbielanski at inta.org Fri Jan 23 14:52:15 2004 From: Cbielanski at inta.org (Chris Bielanski) Date: Fri, 23 Jan 2004 14:52:15 -0500 Subject: [nycphp-talk] making collections and collection items Message-ID: Greetings all, I'm coming into PHP from a Delphi-centric background and I'm trying to see if there's an existing package for doing parent/child collections like Delphi's TCollection ? I'm sure I can build one but it would be nice to see what's out there. Any input would be great! Thanks, Chris Bielanski Web Programmer International Trademark Association http://www.inta.org 212/768-9886 From yury at heavenspa.com Fri Jan 23 15:03:10 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 23 Jan 2004 15:03:10 -0500 Subject: [nycphp-talk] Re: firepages References: <20040122183711.87854A85F5@virtu.nyphp.org><401022CB.7030101@optonline.net><".38.117.145.89.1074801227.squirrel"@www.bpang.com><40102F45.4070907@optonline.net><".38.117.145.89.1074806150.squirrel"@www.bpang.com><4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net><1074827790.98780.13.camel@gigabeast.home.cain.sh><003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> <401175B2.5070001@optonline.net><008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> <40117AA7.5080908@att.net> Message-ID: <009a01c3e1eb$ed1b9d80$0400a8c0@heavenspanyc> John, thanks for the info... honestly - i'd like is to fall asleep and wake the next day knowing PHP :> That said, who does pro bono php tutoring hehe I'll look forward to that article, thanks! regards yury ----- Original Message ----- From: "John Lacey" To: "NYPHP Talk" Sent: Friday, January 23, 2004 2:48 PM Subject: [nycphp-talk] Re: firepages > > > yury at heavenspa.com wrote: > > > Jeff, for a hack like myself, i really enjoyed it. It a breeze to install > > and run, and it works! Which is a boon in itself. The only issue i found > > with it was that alot of the scripts I'd download and try to run would fail, > > due to the bundle being more upto date then the scripts. > > > > :)!~ > > > > regards > > yury > > > > > > > > yury, > > firepages' phpdev bundles don't appear to be kept uptodate > anymore (witness the 4.23 php, apache 1.3.26, etc references). > > I believe the reason that your scripts failed is that they > were probably written with register_globals=On and phpdev423 > installed with the default php.ini value where it was Off > > XAMPP, on the other hand, is slightly modified to be "wide > open" with register_globals=On so that many of the older > scripts that depend on this condition will run. > > Jeff Siegel is going to post the XAMPP PHundamentals article > pretty soon, I believe. I think you'll like that packaging > > hope that helps, > John > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From lists at natserv.com Fri Jan 23 10:03:55 2004 From: lists at natserv.com (Francisco Reyes) Date: Fri, 23 Jan 2004 15:03:55 +0000 (GMT) Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <40108575.6040109@optonline.net> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <40108575.6040109@optonline.net> Message-ID: <20040123150115.K95426@zoraida.natserv.net> On Thu, 22 Jan 2004, Jeff Siegel wrote: > I do so much work in MS Word (and the documents need to be shareable > with clients) that, though I tried using OpenOffice...it just didn't fit > the bill. > Jeff Have you tried Textmaker? I have tried several MS office replacements in the past and this is the first one I truly like. I tried OpenOffice, EasyOffice and now Textmaker. Waiting for their spreadsheet program. They have it in beta now. Once a year the company that makes textmaker has a crazy special due to some holiday party in their town and the program is less than $12. :-) From jlacey at att.net Fri Jan 23 15:03:47 2004 From: jlacey at att.net (John Lacey) Date: Fri, 23 Jan 2004 13:03:47 -0700 Subject: [nycphp-talk] Re: firepages In-Reply-To: <009a01c3e1eb$ed1b9d80$0400a8c0@heavenspanyc> References: <20040122183711.87854A85F5@virtu.nyphp.org><401022CB.7030101@optonline.net><".38.117.145.89.1074801227.squirrel"@www.bpang.com><40102F45.4070907@optonline.net><".38.117.145.89.1074806150.squirrel"@www.bpang.com><4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net><1074827790.98780.13.camel@gigabeast.home.cain.sh><003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> <401175B2.5070001@optonline.net><008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> <40117AA7.5080908@att.net> <009a01c3e1eb$ed1b9d80$0400a8c0@heavenspanyc> Message-ID: <40117E23.5010600@att.net> yury at heavenspa.com wrote: > John, thanks for the info... honestly - i'd like is to fall asleep and wake > the next day knowing PHP :> > That said, who does pro bono php tutoring hehe > > I'll look forward to that article, thanks! > > regards > yury Well, I teach a PHP/MySQL introductory course among other things such as Linux, but Colorado is a long way to come for tutoring :) I'd been away from coding for a couple of years and am now starting to dive back in. and... the only way to learn it is to code/debug/test/code/debug/test/code... My students think I'm nuts when I tell them I hope their programs don't work the first time 'cause they'll learn so much more debugging them :) J From yury at heavenspa.com Fri Jan 23 15:14:28 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 23 Jan 2004 15:14:28 -0500 Subject: [nycphp-talk] Re: firepages References: <20040122183711.87854A85F5@virtu.nyphp.org><401022CB.7030101@optonline.net><".38.117.145.89.1074801227.squirrel"@www.bpang.com><40102F45.4070907@optonline.net><".38.117.145.89.1074806150.squirrel"@www.bpang.com><4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net><1074827790.98780.13.camel@gigabeast.home.cain.sh><003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> <401175B2.5070001@optonline.net><008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> <40117AA7.5080908@att.net><009a01c3e1eb$ed1b9d80$0400a8c0@heavenspanyc> <40117E23.5010600@att.net> Message-ID: <00bf01c3e1ed$815361d0$0400a8c0@heavenspanyc> Sorry i just moved to NYC, Colorado is too far and I doubt my metro card will get me there LOL. build build build.. good idea! ciao yury ----- Original Message ----- From: "John Lacey" To: "NYPHP Talk" Sent: Friday, January 23, 2004 3:03 PM Subject: Re: [nycphp-talk] Re: firepages > > > yury at heavenspa.com wrote: > > > John, thanks for the info... honestly - i'd like is to fall asleep and wake > > the next day knowing PHP :> > > That said, who does pro bono php tutoring hehe > > > > I'll look forward to that article, thanks! > > > > regards > > yury > > Well, I teach a PHP/MySQL introductory course among other > things such as Linux, but Colorado is a long way to come for > tutoring :) I'd been away from coding for a couple of years > and am now starting to dive back in. and... the only way to > learn it is to code/debug/test/code/debug/test/code... > > My students think I'm nuts when I tell them I hope their > programs don't work the first time 'cause they'll learn so > much more debugging them :) > > J > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From nyphp at enobrev.com Fri Jan 23 15:06:25 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 23 Jan 2004 15:06:25 -0500 Subject: [nycphp-talk] 'In and out' of php Message-ID: Later today or this weekend, I'm hoping to find some time to run my own tests, but I was wondering if any of you talented people have any idea... I tend to try to seperate my php and xhtml as much as i can, but when I do have to use php within my html (for loops for instance), I try to put ONLY php code and vars in php tags and I exit php for ALL html. for instance i try to: &sort=id">ID
Title
instead of: ID' ?>' . "\n"; $output .= '' . "\n"; $output .= '' . "\n"; $output .= '' . "\n"; } echo $output; ?>
Title' ?>
' . $item['item_id'] . '' . $item['item_title'] . '
My primary reasons for keeping it seperate are, for one for readability, especially in editors with good color coding like DW which color both the html and the php pretty well, and also so when a designer looks at the code, usually using DWMX, they can see all thier html right away and can work around the php stuff a bit easier without worrying that some html might be ocming from my stuff. So my question: Is going 'in and out' of php as such expensive? Does it take more memory or added processing? It seems like a minor issue for something as small as a basic table loop, but when putting all the elements of a full site together, every ms counts. Thanks! Mark From nyphp at enobrev.com Fri Jan 23 15:14:31 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 23 Jan 2004 15:14:31 -0500 Subject: [nycphp-talk] Re: firepages (OT) In-Reply-To: <40117E23.5010600@att.net> Message-ID: >> but Colorado is a long way to come for tutoring My old job (software company) used to fly new customers out to their home office in Aspen for product training, and offered ski tickets or a trip on the CO river. I've always found that to be absolutely incredible as far as customer service is concerned. Excuse the OT... Mark From jonbaer at jonbaer.net Fri Jan 23 15:15:05 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 23 Jan 2004 15:15:05 -0500 Subject: [nycphp-talk] google ad sense + php question ... Message-ID: <005401c3e1ed$973b4ad0$6400a8c0@thinkpad> im having a problem w/ad sense. im running a hockey league website + trying to get more either a) local based ads or b) equipment related ads. everything i run right now turns out to be ads for "[a far away city] hockey tickets" which kinda defeats the purpose. so im thinking about including and include which tends to relate to more fake text based on the real related content ... something like this: ob_start(); include("../ads.php"); $ads = ob_get_contents(); ob_end_clean(); so id think that google would use the text only based on what appears for ads.php vs. what a user's page is actually included in. would doing something like this kill my server or is there a better way to accomplish such a feat? or would this just not work. jon From jlacey at att.net Fri Jan 23 15:21:14 2004 From: jlacey at att.net (John Lacey) Date: Fri, 23 Jan 2004 13:21:14 -0700 Subject: [nycphp-talk] Re: firepages (OT) In-Reply-To: References: Message-ID: <4011823A.2060707@att.net> Mark Armendariz wrote: >>>but Colorado is a long way to come for tutoring > > > My old job (software company) used to fly new customers out to their home > office in Aspen for product training, and offered ski tickets or a trip on > the CO river. I've always found that to be absolutely incredible as far as > customer service is concerned. > > Excuse the OT... > > Mark > yeah, about 8 years ago I worked up at Steamboat Springs for a year and 2 summers doing applications development on their central reservations system (AT&T Unix, C, Informix...) tough job but someone had to do it :) www.steamboat.com From yury at heavenspa.com Fri Jan 23 15:34:34 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 23 Jan 2004 15:34:34 -0500 Subject: [nycphp-talk] Re: firepages (OT) References: Message-ID: <00fd01c3e1f0$5047a8a0$0400a8c0@heavenspanyc> ok John, if you offer ski tickets and free drinks :) we're all coming.. mark, we offer a glass of NYC tap water :) and they we say " show us the money".. p.s. nice web work..checked out yoursites. ----- Original Message ----- From: "Mark Armendariz" To: "'NYPHP Talk'" Sent: Friday, January 23, 2004 3:14 PM Subject: RE: [nycphp-talk] Re: firepages (OT) > >> but Colorado is a long way to come for tutoring > > My old job (software company) used to fly new customers out to their home > office in Aspen for product training, and offered ski tickets or a trip on > the CO river. I've always found that to be absolutely incredible as far as > customer service is concerned. > > Excuse the OT... > > Mark > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Fri Jan 23 15:29:30 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 15:29:30 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> <1074827790.98780.13.camel@gigabeast.home.cain.sh> <003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> <401175B2.5070001@optonline.net> <008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> Message-ID: <4011842A.8050407@optonline.net> I've tried two different AMP packages: XAMPP (http://apachefriends.org) and EasyPHP (http://easyphp.org). Both are quite nice. Those scripts must be real antiques. ;) Jeff yury at heavenspa.com wrote: > Jeff, for a hack like myself, i really enjoyed it. It a breeze to install > and run, and it works! Which is a boon in itself. The only issue i found > with it was that alot of the scripts I'd download and try to run would fail, > due to the bundle being more upto date then the scripts. > > :)!~ > > regards > yury > > > > > ----- Original Message ----- > From: "Jeff Siegel" > To: "NYPHP Talk" > Sent: Friday, January 23, 2004 2:27 PM > Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] > > > >>Thanks for pointing us to this package. >>We'll shortly have one...possibly two PHundamentals articles dealing >>with packages for installing AMP on Windows. >> >>Jeff >> >>yury at heavenspa.com wrote: >> >> >>>http://www.firepages.com.au/ >>> >>>a great apache, php, mysql package that runs well on windows2k/xp... >>> >>>regards >>>yury >>> >>>p.s. any php gurus live in Staten Island? >>> >>> >>>----- Original Message ----- >>>From: "Daniel J Cain Jr." >>>To: "NYPHP Talk" >>>Sent: Thursday, January 22, 2004 10:16 PM >>>Subject: Re: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] >>> >>> >>> >>> >>>>On Thu, 2004-01-22 at 20:24, Jeff Siegel wrote: >>>> >>>> >>>>>"virtual-desktop support"...that's sorely needed in Windows. >>>>> >>>>>Jeff >>>> >>>>Sorry to not have any PHP related content in this response, but this may >>>>help those that are stranded between *NIX and Windows for developing. >>>> >>>>In windows XP they have a 'power toy' that gives you four virtual >>>>desktops. I think its called Microsoft virtual desktop manager(MSVDM). >>>>Its not as smooth as in *NIX but hey it lets me run an X server on >>>>desktop 4 and the rest for other applications. Although I am mainly on >>>>a FreeBSD workstation and not so much Windows anymore. >>>> >>>>Also you can get UNIX services for windows (I have yet to install it) >>>>which I believe includes an X server for XP Pro (wont install on home). >>>>As well as the ability to run shell scripts natively(wrong term?) in XP >>>>ala /bin/sh? At one point you could get them to send you the CD for >>>>just shipping and handling (not sure if its still going on) which is how >>>>I got mine. >>>> >>>>I would provide links if I had any, but since I would have to Google >>>>them out I'll let those interested track it down. >>>> >>>>Happy Coding >>>>-dan >>>> >>>>_______________________________________________ >>>>talk mailing list >>>>talk at lists.nyphp.org >>>>http://lists.nyphp.org/mailman/listinfo/talk >>>> >>> >>>_______________________________________________ >>>talk mailing list >>>talk at lists.nyphp.org >>>http://lists.nyphp.org/mailman/listinfo/talk >>> >> >>-- >>Found on the Simpson's Website: >>"Ooooooh, they have the internet on computers now!" >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Fri Jan 23 15:30:37 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 15:30:37 -0500 Subject: [nycphp-talk] Re: firepages In-Reply-To: <009a01c3e1eb$ed1b9d80$0400a8c0@heavenspanyc> References: <20040122183711.87854A85F5@virtu.nyphp.org> <401022CB.7030101@optonline.net> <".38.117.145.89.1074801227.squirrel"@www.bpang.com> <40102F45.4070907@optonline.net> <".38.117.145.89.1074806150.squirrel"@www.bpang.com> <4010497F.1030200@spacemonkeylabs.com> <401085CA.6020907@optonline.net> <1074827790.98780.13.camel@gigabeast.home.cain.sh> <003801c3e1d3$5f0fdcd0$0400a8c0@heavenspanyc> <401175B2.5070001@optonline.net> <008c01c3e1e8$e4bfe770$0400a8c0@heavenspanyc> <40117AA7.5080908@att.net> <009a01c3e1eb$ed1b9d80$0400a8c0@heavenspanyc> Message-ID: <4011846D.8030307@optonline.net> This "talk list" is sorta like "pro bono tutoring." Jeff yury at heavenspa.com wrote: > John, thanks for the info... honestly - i'd like is to fall asleep and wake > the next day knowing PHP :> > That said, who does pro bono php tutoring hehe > > I'll look forward to that article, thanks! > > regards > yury > > > ----- Original Message ----- > From: "John Lacey" > To: "NYPHP Talk" > Sent: Friday, January 23, 2004 2:48 PM > Subject: [nycphp-talk] Re: firepages > > > >> >>yury at heavenspa.com wrote: >> >> >>>Jeff, for a hack like myself, i really enjoyed it. It a breeze to > > install > >>>and run, and it works! Which is a boon in itself. The only issue i found >>>with it was that alot of the scripts I'd download and try to run would > > fail, > >>>due to the bundle being more upto date then the scripts. >>> >>>:)!~ >>> >>>regards >>>yury >>> >>> >>> >> >>yury, >> >>firepages' phpdev bundles don't appear to be kept uptodate >>anymore (witness the 4.23 php, apache 1.3.26, etc references). >> >>I believe the reason that your scripts failed is that they >>were probably written with register_globals=On and phpdev423 >>installed with the default php.ini value where it was Off >> >>XAMPP, on the other hand, is slightly modified to be "wide >>open" with register_globals=On so that many of the older >>scripts that depend on this condition will run. >> >>Jeff Siegel is going to post the XAMPP PHundamentals article >>pretty soon, I believe. I think you'll like that packaging >> >>hope that helps, >>John >> >> >>_______________________________________________ >>talk mailing list >>talk at lists.nyphp.org >>http://lists.nyphp.org/mailman/listinfo/talk >> > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jlacey at att.net Fri Jan 23 15:31:15 2004 From: jlacey at att.net (John Lacey) Date: Fri, 23 Jan 2004 13:31:15 -0700 Subject: [nycphp-talk] Re: firepages (OT) In-Reply-To: <00fd01c3e1f0$5047a8a0$0400a8c0@heavenspanyc> References: <00fd01c3e1f0$5047a8a0$0400a8c0@heavenspanyc> Message-ID: <40118493.2070802@att.net> yury at heavenspa.com wrote: > ok John, if you offer ski tickets and free drinks :) we're all coming.. > > mark, we offer a glass of NYC tap water :) and they we say " show us the > money".. > > p.s. nice web work..checked out yoursites. > > yes, it's nice, but I worked on their older system, and believe it or not ported their AT&T Unix running on old 3B2 hardware to a ComPAQ Proliant with ... drum roll... Novell Unixware 1.0 just after they released it.... gawd what a trip, but we got it all working! Steamboat bought new systems a few years ago and I see their now using .net (aspx extension) From dan at mx2pro.com Fri Jan 23 15:32:16 2004 From: dan at mx2pro.com (Dan Horning) Date: Fri, 23 Jan 2004 15:32:16 -0500 Subject: [nycphp-talk] Re: firepages In-Reply-To: <4011846D.8030307@optonline.net> Message-ID: <20040123203231.09E86A85F3@virtu.nyphp.org> maybe I should setup an e-learning system such as moodle.org on the system works very nice I'm currently implimenting it here -----> http://www.oursaviorsschool.com/moodle/ hehe not a bad thought actually hens.. email me offlist.. I'll figure out where it can go Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel > Sent: Friday, January 23, 2004 3:31 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Re: firepages > > This "talk list" is sorta like "pro bono tutoring." > > Jeff > > yury at heavenspa.com wrote: > > > John, thanks for the info... honestly - i'd like is to fall > asleep and wake > > the next day knowing PHP :> > > That said, who does pro bono php tutoring hehe > > > > I'll look forward to that article, thanks! > > > > regards > > yury > > > > > > ----- Original Message ----- > > From: "John Lacey" > > To: "NYPHP Talk" > > Sent: Friday, January 23, 2004 2:48 PM > > Subject: [nycphp-talk] Re: firepages > > > > > > > >> > >>yury at heavenspa.com wrote: > >> > >> > >>>Jeff, for a hack like myself, i really enjoyed it. It a breeze to > > > > install > > > >>>and run, and it works! Which is a boon in itself. The only > issue i found > >>>with it was that alot of the scripts I'd download and try > to run would > > > > fail, > > > >>>due to the bundle being more upto date then the scripts. > >>> > >>>:)!~ > >>> > >>>regards > >>>yury > >>> > >>> > >>> > >> > >>yury, > >> > >>firepages' phpdev bundles don't appear to be kept uptodate > >>anymore (witness the 4.23 php, apache 1.3.26, etc references). > >> > >>I believe the reason that your scripts failed is that they > >>were probably written with register_globals=On and phpdev423 > >>installed with the default php.ini value where it was Off > >> > >>XAMPP, on the other hand, is slightly modified to be "wide > >>open" with register_globals=On so that many of the older > >>scripts that depend on this condition will run. > >> > >>Jeff Siegel is going to post the XAMPP PHundamentals article > >>pretty soon, I believe. I think you'll like that packaging > >> > >>hope that helps, > >>John > >> > >> > >>_______________________________________________ > >>talk mailing list > >>talk at lists.nyphp.org > >>http://lists.nyphp.org/mailman/listinfo/talk > >> > > > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jlacey at att.net Fri Jan 23 15:36:05 2004 From: jlacey at att.net (John Lacey) Date: Fri, 23 Jan 2004 13:36:05 -0700 Subject: [nycphp-talk] Re: firepages In-Reply-To: <20040123203231.09E86A85F3@virtu.nyphp.org> References: <20040123203231.09E86A85F3@virtu.nyphp.org> Message-ID: <401185B5.9010504@att.net> Dan Horning wrote: > maybe I should setup an e-learning system such as moodle.org on the system > works very nice > I'm currently implimenting it here > -----> http://www.oursaviorsschool.com/moodle/ > I saw your name appear on yesterday's new members list :) John From jeffknight at mac.com Fri Jan 23 17:05:55 2004 From: jeffknight at mac.com (PUTAMARE) Date: Fri, 23 Jan 2004 17:05:55 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: References: <000901c3e0e5$6bae8d40$bf8d3818@oberon1> <400FCA38.6060906@simons-rock.edu> Message-ID: <513AAF19-4DF0-11D8-B347-000393B9FB36@mac.com> On Jan 23, 2004, at 12:20 PM, David Mintz wrote: > Hats off to you guys who put in all those hours on your feet: Hans, > Jeff > K., Tim G., and whoever else. I was only there for twenty minutes max. & it exhausted me, I don't know how the rest of them did it. What's up with post-world beers? Jeff Knight jeff not junkmail at lushmedia.com 212/213-6558 x 203 LUSH media 110 W 40th St #1502 New York, NY 10018 From mitchy at spacemonkeylabs.com Fri Jan 23 17:23:31 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Fri, 23 Jan 2004 17:23:31 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: References: <000901c3e0e5$6bae8d40$bf8d3818@oberon1> <400FCA38.6060906@simons-rock.edu> Message-ID: <40119EE3.3070907@spacemonkeylabs.com> David Mintz wrote: > Subjectively speaking, of course: I noticed that the low-rent district > where the small booths (like NYPHP's) were located had a more exciting > vibe than the upscale part of town where the flashy big corporate exhibits > were. The conversation seemed more animated and interesting. I compare the commercial/FOSS booths to television/Internet: with the first, you get talked at; and the second, talked to. > Hats off to you guys who put in all those hours on your feet: Hans, Jeff > K., Tim G., and whoever else. I second that one! Too bad I discovered you folks so recently, as my gift of gab would have certainly provided assistance... -- Mitch From jsiegel1 at optonline.net Fri Jan 23 17:37:21 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 23 Jan 2004 17:37:21 -0500 Subject: [nycphp-talk] [Fwd: [nylug-talk] Disturbing news] In-Reply-To: <001a01c3e1b9$9baab080$bf8d3818@oberon1> References: <001a01c3e1b9$9baab080$bf8d3818@oberon1> Message-ID: <4011A221.5060204@optonline.net> I took a closer look at those links...I found this comment listed under the "facts" to be interesting: "Windows-NT 5.0 was released as Windows-2000 and is probably the most stable OS ever released by Microsoft"...I agree. Jeff Tim Gales wrote: > Jeff Siegel writes: > "Definite improvement...until I have Dreamweaver, Fireworks, ACT, and > Word open all at the same time." > > You are making my case for me. > > I am sorry that my posts require effort to > understand ( I don't spend the time to > put them in proper shape) > > But take a look again (you followed the > first link right?) at the part about > "The "real operating system features" you speak of are at the UI and > API level. They are not the reasons we consider NT to be a > reimplementation of VMS at the internal level." > > And look again at the part about > "Windows API mentality" > > T. Gales & Associates > 'Helping People Connect with Technology' > > http://www.tgaconnect.com > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From dan at mx2pro.com Fri Jan 23 23:06:48 2004 From: dan at mx2pro.com (Dan Horning) Date: Fri, 23 Jan 2004 23:06:48 -0500 Subject: [nycphp-talk] Re: firepages In-Reply-To: <401185B5.9010504@att.net> Message-ID: <20040124040656.3541EA85F3@virtu.nyphp.org> on moodle? Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of John Lacey > Sent: Friday, January 23, 2004 3:36 PM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Re: firepages > > > > Dan Horning wrote: > > > maybe I should setup an e-learning system such as > moodle.org on the system > > works very nice > > I'm currently implimenting it here > > -----> http://www.oursaviorsschool.com/moodle/ > > > > I saw your name appear on yesterday's new members list :) > > John > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From tgales at tgaconnect.com Sat Jan 24 07:31:36 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 24 Jan 2004 07:31:36 -0500 Subject: [nycphp-talk] Re: firepages In-Reply-To: <009a01c3e1eb$ed1b9d80$0400a8c0@heavenspanyc> Message-ID: <000001c3e276$02401bc0$bf8d3818@oberon1> yury writes: "who does pro bono php tutoring" Every member of NYPHP I have met is willing to share what they know -- so, in effect, everyone at NYPHP does (pro bono) tutoring. To take advantage of the resources at NYPHP you should sign up on the 'dev' list so you can stay informed about the projects we're doing. And, you should come to the meetings. If you are on the 'dev' list you will find out more about the "Tea Party". Briefly "Tea Party" is (or rather will be) a 'learn by doing' project. The idea is that instead of 20 guys learning similar things in different directions and having 20 unrelated modules, we will investigate the same kinds of material but create a unified working system. Like John Lacey said elsewhere on the list: "the the only way to learn it (PHP) is to code/debug/test/code/debug/test/code..." T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From tgales at tgaconnect.com Sat Jan 24 08:26:15 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 24 Jan 2004 08:26:15 -0500 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <400FFE44.5040309@att.net> Message-ID: <000101c3e27d$b38827e0$bf8d3818@oberon1> John Lacey writes: "set up what amounts to a 'honeypot' -- with a different twist -- for proving/testing/evaluating/hacking/messing-with/bashing an AMP platform/apps./utilities/whatever... just a thought..." It is the type of thought that would make for a good 'area of interest' on clew. That is, an idea which incubated and given the right nutrition and care could really blossom. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From tgales at tgaconnect.com Sat Jan 24 09:48:33 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 24 Jan 2004 09:48:33 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: <40119EE3.3070907@spacemonkeylabs.com> Message-ID: <000401c3e289$248838d0$bf8d3818@oberon1> Mitch, Didn't you say you couldn't find a statistical extension for PHP? Anyway, if someone needs one I found something at http://ftp.stat.ucla.edu/Software/5/ If anyone wants to use something like this, you should test it ( I would like to know how the tests go, as I am mildly interested in this). the function: void cdfnor(int *which,double *p,double *q,double *x,double *mean, double *sd,int *status,double *bound) can calculate SD from P,Q,X and MEAN that is to say you can figure out the standard deviation given the normal(integral of) density(P), the range(Q), the (upper) limit of the normal-density, and the arithmetic mean (MEAN) (how else would you get it -- right?) It would seem the authors (of the extension) assume you have more than a passing acquaintance with cumulative normal distributions. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com x 2 1 / -t / 2 ---------- | e dt sqrt(2 pi) / -inf From mitchy at spacemonkeylabs.com Sat Jan 24 10:12:17 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Sat, 24 Jan 2004 10:12:17 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: <000401c3e289$248838d0$bf8d3818@oberon1> References: <000401c3e289$248838d0$bf8d3818@oberon1> Message-ID: <40128B51.8000200@spacemonkeylabs.com> Tim Gales wrote: > Mitch, > > Didn't you say you couldn't find a > statistical extension for PHP? > > Anyway, if someone needs one I found > something at http://ftp.stat.ucla.edu/Software/5/ > > If anyone wants to use something like this, you > should test it ( I would like to know how the > tests go, as I am mildly interested in this). Wow Tim, thanks for the pointer. I will be taking a close look at this, as I was about to head down the same path... And I will have some great performance metrics as I am also writing an automated job that will use SD on about 4,500 items - this should be a good test case. And to hazard a guess to an earlier question ("Why isn't there a PEAR module for statistical functions?"), perhaps an extension written in c is just a tad faster? ;) Again thanks for finding this for me. To quote the Monty Python-esque paper research character in the Guinness adds, "Excellent!" -- Mitch From jlacey at att.net Sat Jan 24 10:38:08 2004 From: jlacey at att.net (John Lacey) Date: Sat, 24 Jan 2004 08:38:08 -0700 Subject: [nycphp-talk] Re: firepages In-Reply-To: <20040124040656.3541EA85F3@virtu.nyphp.org> References: <20040124040656.3541EA85F3@virtu.nyphp.org> Message-ID: <40129160.10402@att.net> Dan Horning wrote: > on moodle? > > yes, I have an e-learning idea or two that I want to implement for Open Source software -- PHP being one of them I am working with a couple community colleges and a university here in the Denver area to get Open Source training programs on their schedules, and after literally years of trying, I've managed to get two colleges going with PHP/MySQL, Linux/Apache, etc. The next step is online learning. I had one of the schools apply for a free (not GPL) e-learning package that is only licensed to educational institutions. The reason I pushed them to get it is it's written in PHP and uses MySQL and other OSS software like Tomcat. When all the darn paperwork was finally approved and the school gave me a copy to work with, after getting it running I decided I didn't want to add features to it. That e-learning code was initially written around '97, and it was no doubt damn good at the time. Think of what PHP was like then and now. so, I turned to moodle... it looks like an excellent project to build on... 'nuff said John From dan at mx2pro.com Sat Jan 24 11:22:41 2004 From: dan at mx2pro.com (Dan Horning) Date: Sat, 24 Jan 2004 11:22:41 -0500 Subject: [nycphp-talk] Re: firepages In-Reply-To: <40129160.10402@att.net> Message-ID: <20040124162249.75C55A85F0@virtu.nyphp.org> yuppers :-D Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of John Lacey > Sent: Saturday, January 24, 2004 10:38 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] Re: firepages > > > > Dan Horning wrote: > > on moodle? > > > > > > yes, I have an e-learning idea or two that I want to > implement for Open Source software -- PHP being one of them > > I am working with a couple community colleges and a > university here in the Denver area to get Open Source > training programs on their schedules, and after literally > years of trying, I've managed to get two colleges going with > PHP/MySQL, Linux/Apache, etc. > > The next step is online learning. I had one of the schools > apply for a free (not GPL) e-learning package that is only > licensed to educational institutions. The reason I pushed > them to get it is it's written in PHP and uses MySQL and > other OSS software like Tomcat. When all the darn paperwork > was finally approved and the school gave me a copy to work > with, after getting it running I decided I didn't want to > add features to it. That e-learning code was initially > written around '97, and it was no doubt damn good at the > time. Think of what PHP was like then and now. > > so, I turned to moodle... it looks like an excellent project > to build on... 'nuff said > > John > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From adam at trachtenberg.com Sat Jan 24 12:45:10 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Sat, 24 Jan 2004 12:45:10 -0500 (EST) Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: <40128B51.8000200@spacemonkeylabs.com> References: <000401c3e289$248838d0$bf8d3818@oberon1> <40128B51.8000200@spacemonkeylabs.com> Message-ID: On Sat, 24 Jan 2004, Mitch Pirtle wrote: > Wow Tim, thanks for the pointer. I will be taking a close look at this, > as I was about to head down the same path... And I will have some great > performance metrics as I am also writing an automated job that will use > SD on about 4,500 items - this should be a good test case. http://www.phpmath.com/ http://www-106.ibm.com/developerworks/web/library/wa-probab/ -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From csnyder at chxo.com Sat Jan 24 13:04:19 2004 From: csnyder at chxo.com (Chris Snyder) Date: Sat, 24 Jan 2004 13:04:19 -0500 Subject: [nycphp-talk] 'In and out' of php In-Reply-To: References: Message-ID: <4012B3A3.7000704@chxo.com> Mark Armendariz wrote: >ID >Title > >So my question: Is going 'in and out' of php as such expensive? Does it >take more memory or added processing? > Since this is how PHP was originally designed to be used, my guess is no. I've always assumed that PHP was optimizing those somehow, but I don't really have any proof... From mitchy at spacemonkeylabs.com Sat Jan 24 13:35:55 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Sat, 24 Jan 2004 13:35:55 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: References: <000401c3e289$248838d0$bf8d3818@oberon1> <40128B51.8000200@spacemonkeylabs.com> Message-ID: <4012BB0B.6020205@spacemonkeylabs.com> Adam Maccabee Trachtenberg wrote: > http://www.phpmath.com/ .. which points me to a PEAR package called Math_Stats. (slaps forehead) From jv_nyphp at duikerbok.com Sat Jan 24 13:40:35 2004 From: jv_nyphp at duikerbok.com (Jose Villegas) Date: Sat, 24 Jan 2004 13:40:35 -0500 Subject: [nycphp-talk] 'In and out' of php In-Reply-To: <4012B3A3.7000704@chxo.com> References: <4012B3A3.7000704@chxo.com> Message-ID: From what I understand, the whole page needs to be parsed into the equivalent of php statements. If I'm correct, this: ID needs to be interpreted into something like this: echo('ID'); so there isn't really any "going in and out" of php. Jose On Jan 24, 2004, at 1:04 PM, Chris Snyder wrote: > Mark Armendariz wrote: > >> ID >> Title >> >> So my question: Is going 'in and out' of php as such expensive? Does >> it >> take more memory or added processing? >> > Since this is how PHP was originally designed to be used, my guess is > no. > > I've always assumed that PHP was optimizing those somehow, but I don't > really have any proof... From jonbaer at jonbaer.net Sat Jan 24 13:46:25 2004 From: jonbaer at jonbaer.net (jon baer) Date: Sat, 24 Jan 2004 13:46:25 -0500 Subject: [nycphp-talk] 'In and out' of php References: <4012B3A3.7000704@chxo.com> Message-ID: <00ae01c3e2aa$5ec5b9c0$6400a8c0@thinkpad> > so there isn't really any "going in and out" of php. > im under this impression as well ... its a scripting language so the whole entire page becomes a script in which case it doesn't really matter how you code it. jsp is the same way as i beleive asp is. i recently has to point that out to someone who had multiple mysql_connect code throughout each dynamic element of a page. i explained to him that you only need to open one connection + reuse throughout the page, a good example of no in and out. as per the zend engine's real functions behind the scenes im still learning more. - jon From nyphp at enobrev.com Sat Jan 24 13:53:06 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Sat, 24 Jan 2004 13:53:06 -0500 Subject: [nycphp-talk] 'In and out' of php In-Reply-To: Message-ID: > ID > > needs to be interpreted into something like this: > > echo('ID'); > > so there isn't really any "going in and out" of php. Ok, would... echo "ID"; ...and... echo 'ID'; ...be interpreted the same? Are any of the above interpreted faster, or are they all seen as the exact same thing by php? Thanks for the input Mark From nyphp at enobrev.com Sat Jan 24 14:02:04 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Sat, 24 Jan 2004 14:02:04 -0500 Subject: [nycphp-talk] 'In and out' of php In-Reply-To: <00ae01c3e2aa$5ec5b9c0$6400a8c0@thinkpad> Message-ID: > the whole entire page becomes a script in which case it > doesn't really matter how you code it I see... I recall when I was using CF (4.0), that it was reccommended only to put CF specific code in the tags as everythign else is ignored by the CF parser, but everything within would be preocessed. So you COULD surround an entire page with tags, but that would require EVERYTHING to be parsed by CF, while just putting your vars in it would save quite a bit of processing time. So 'getting out of' CF was essential to keeping load times down. Of course, since MX that may be different now as well. (wish I could site a source, but it's been a couple years) Good to know! Mark From jonbaer at jonbaer.net Sat Jan 24 14:17:37 2004 From: jonbaer at jonbaer.net (jon baer) Date: Sat, 24 Jan 2004 14:17:37 -0500 Subject: [nycphp-talk] 'In and out' of php References: Message-ID: <00b801c3e2ae$baf8f2d0$6400a8c0@thinkpad> This is probably the best read I have found on optimization: http://phplens.com/lens/php-book/optimizing-debugging-php.php If you read the bottom about "useless optimizations": c. 'var='.$var is faster than "var=$var" This used to be true in PHP 4.2 and earlier. This was fixed in PHP 4.3. - jon ----- Original Message ----- From: "Mark Armendariz" To: "'NYPHP Talk'" Sent: Saturday, January 24, 2004 1:53 PM Subject: RE: [nycphp-talk] 'In and out' of php > > > ID > > > > needs to be interpreted into something like this: > > > > echo('ID'); > > > > so there isn't really any "going in and out" of php. > > Ok, would... > > echo "ID"; > > ...and... > > echo 'ID'; > > ...be interpreted the same? > Are any of the above interpreted faster, or are they all seen as the exact > same thing by php? > > > > Thanks for the input > > Mark > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From sklar at sklar.com Sat Jan 24 20:57:52 2004 From: sklar at sklar.com (David Sklar) Date: Sat, 24 Jan 2004 20:57:52 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: <40119EE3.3070907@spacemonkeylabs.com> Message-ID: >> Subjectively speaking, of course: I noticed that the low-rent >> district where the small booths (like NYPHP's) were located had a >> more exciting vibe than the upscale part of town where the flashy >> big corporate exhibits were. The conversation seemed more animated >> and interesting. > > I compare the commercial/FOSS booths to television/Internet: with the > first, you get talked at; and the second, talked to. This is a tricky generalization. I had a fine time at the NYPHP booth (of course) but also a surprisingly pleasant time at the IBM mega-booth. I went over to voice my tiny opinion that although I love my Thinkpad, it would be nice if I could get a Thinkpad-aware version of Linux to run on it natively (with support for sleep/hibernation, display switching, firewire, etc.) The random IBM booth guy I approached with my question pointed me to a specific person to talk to who I spent about 15 informative minutes with. (Short answer: they have a distribution they use internally for 25,000 employees which consists of nice packaging for already externally available tools. No, I can't have it but as soon as some large company calls up IBM and says "We'd like 100k Thinkpads with Linux on them, please," that configuration will probably become a consumer option." That said, the guy in a penguin suit at the CA booth and the woman at the HP booth wearing a bridal veil who began her spiel with "I'm going to marry one of you guys [in the audience]" were both, each in their own way, very creepy. So I think it really depends on the questions you ask and who you're talking to. J. Random Developer is on the radar of the folks working a small or non-profit booth. CA doesn't care about one guy who might be interested in buying one copy of something they make. That's the way the world works. David From felix at students.poly.edu Sat Jan 24 16:23:45 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Sat, 24 Jan 2004 16:23:45 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: References: <40119EE3.3070907@spacemonkeylabs.com> Message-ID: <20040124162345.76d3b786.felix@students.poly.edu> On Sat, 24 Jan 2004 20:57:52 -0500 "David Sklar" wrote: > >> Subjectively speaking, of course: I noticed that the low-rent > >> district where the small booths (like NYPHP's) were located had a > >> more exciting vibe than the upscale part of town where the flashy > >> big corporate exhibits were. The conversation seemed more animated > >> and interesting. > > > > I compare the commercial/FOSS booths to television/Internet: with > > the first, you get talked at; and the second, talked to. I guess it is about what you are interested in. If you need to buy software for your company then yes you probably your would be more interested in the business section. Wondering around the place I wondered what all those people seating through all the boring presentation did. I guess they probably are not much interested in linux's open source roots. Out of curiousity I walked over to Oracle side and asked to see a demo of one of their "Big and expensive applications". They were more then happy to direct me to the project manager of one of their "Big and expensive applications", who gave me a demo and who I got a chance to ask a bunch of questions on what he does at oracle to how he considers people for hiring. They didn't seem to mind at all that I was taking their time because not that much people where around by end of the day anyway. Anyway the companies come there to sell and the techies are just part of it there is something for everyone. From rudy at taytek.com Sat Jan 24 23:02:34 2004 From: rudy at taytek.com (Rudy Gamberini) Date: Sat, 24 Jan 2004 23:02:34 -0500 Subject: [nycphp-talk] Credit Card Services Message-ID: I'm currently using Paypal to collect funds on one of my sites. The number of monthly transactions is small, eight to ten per month. The dollar amount is small which has made the Paypal interface the one of choice. Unfortunately Paypal has started to change their policies and more importantly their user friendliness which is making me consider alternative services. Anyone know of other credit card services that are suited for such a low volume site? Thanks, Rudy -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.net Sat Jan 24 23:27:18 2004 From: jonbaer at jonbaer.net (jon baer) Date: Sat, 24 Jan 2004 23:27:18 -0500 Subject: [nycphp-talk] Credit Card Services References: Message-ID: <010001c3e2fb$850fa6d0$6400a8c0@thinkpad> i think the fact that paypal is ebays payment of choice it makes it hard to "sell" the work of signing up for another service, im in the same boat, small transactions/micropayments in an easy fashion, i had c2it for a while but i think they went under. not sure what ur total monthly in is, but another option might be a merchant account ... http://www.merchantplus.cc/authorizenet.php - jon ----- Original Message ----- From: Rudy Gamberini To: NYPHP Talk Sent: Saturday, January 24, 2004 11:02 PM Subject: [nycphp-talk] Credit Card Services I'm currently using Paypal to collect funds on one of my sites. The number of monthly transactions is small, eight to ten per month. The dollar amount is small which has made the Paypal interface the one of choice. Unfortunately Paypal has started to change their policies and more importantly their user friendliness which is making me consider alternative services. Anyone know of other credit card services that are suited for such a low volume site? Thanks, Rudy ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlacey at att.net Sun Jan 25 00:33:17 2004 From: jlacey at att.net (John Lacey) Date: Sat, 24 Jan 2004 22:33:17 -0700 Subject: [nycphp-talk] 'In and out' of php In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752AFF2@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F8752AFF2@ehost011-1.exch011.intermedia.net> Message-ID: <4013551D.7090700@att.net> Hans Zaunere wrote: > > > There was a time when using double quotes around a string was overly-slow. I believe this bug has been fixed. That said, I prefer the double quote syntax anyway, for readability, if escaping out of PHP mode doesn't make sense is particular cases. > that's interesting... I use single quote syntax because I think it's more readable and only use double quotes when the code calls for it -- diff'rent strokes eh? J From leam at reuel.net Sun Jan 25 05:55:50 2004 From: leam at reuel.net (leam) Date: Sun, 25 Jan 2004 05:55:50 -0500 Subject: [nycphp-talk] perspective on NYPHP at Linuxworkd In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752AFF0@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F8752AFF0@ehost011-1.exch011.intermedia.net> Message-ID: <4013A0B6.70805@reuel.net> Hans Zaunere wrote: > I did see the penguin suit... very happy I missed the marriage proposal. It conjures images of the dancing monkey. > > Overall the conference was great - thank you to all those who helped. I must, however, apologize to those I missed meeting at the conference as I had promised. Things became quite busy and hectic. > > H I liked it because I found out about NYPHP. I'm new to PHP and want to learn it as the "P" of [LB]AMP. ciao! leam >From hans not junk at nyphp.com Sun Jan 25 10:37:46 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 89C83A85E9 for ; Sun, 25 Jan 2004 10:37:46 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] more crappy programs: security focus 230 - 232 Date: Sun, 25 Jan 2004 07:37:43 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752AFF8 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] more crappy programs: security focus 230 - 232 Thread-Index: AcPhBzr4xSYuo6sNQISiOfSubnz8rQB+W29w From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jan 2004 15:37:47 -0000 > Chris Shiflett wrote: >=20 > >=20 > > It doesn't take too terribly long to verify the validitity, or lack > > thereof, of what is mentioned on Security Focus relating to PHP. = Maybe > > NYPHP could host a Snopes-like site for this type of thing. :-) Very good thoughts. > From: John Lacey > > I was thinking that it would be a really cool and helpful=20 > project for interested NYPHP members to set up what amounts=20 > to a 'honeypot' -- with a different twist -- for=20 > proving/testing/evaluating/hacking/messing-with/bashing an=20 > AMP platform/apps./utilities/whatever. Ditto here, too. We have the horsepower to dedicate a server for this. = Also, we need to get our CMS solidified, at which point it'll be a snap = for people to get content (from both aforementioned topics) online ASAP. = We'll need someone to head these efforts up...? H From jlacey at att.net Sun Jan 25 11:24:00 2004 From: jlacey at att.net (John Lacey) Date: Sun, 25 Jan 2004 09:24:00 -0700 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752AFF8@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F8752AFF8@ehost011-1.exch011.intermedia.net> Message-ID: <4013EDA0.4090209@att.net> Hans Zaunere wrote: >>Chris Shiflett wrote: >> >> >>>It doesn't take too terribly long to verify the validitity, or lack >>>thereof, of what is mentioned on Security Focus relating to PHP. Maybe >>>NYPHP could host a Snopes-like site for this type of thing. :-) > > > Very good thoughts. > > >>From: John Lacey >> >>I was thinking that it would be a really cool and helpful >>project for interested NYPHP members to set up what amounts >>to a 'honeypot' -- with a different twist -- for >>proving/testing/evaluating/hacking/messing-with/bashing an >>AMP platform/apps./utilities/whatever. > > > Ditto here, too. We have the horsepower to dedicate a server for this. Also, we need to get our CMS solidified, at which point it'll be a snap for people to get content (from both aforementioned topics) online ASAP. We'll need someone to head these efforts up...? > Hi Hans, I'd like to volunteer to be involved with ongoing security issues from a distance, like testing code, or contributing to short (PHundamentals?) articles. But we need at least one local NYPHP member with more than a smattering of knowledge and experience in this area (and that's not me at the moment). Since my main interest is in teaching people who are newcomers to AMP and other OSS stuff, it is critically important they start off with good coding techniques (I teach PEAR Coding Standards) and especially the security concerns and repercussions of what they're doing. It's easy to say "Never trust user input", but that doesn't mean a whole hell of a lot unless you show people the HOW of it and they code it up for themselves. ... steps off learning soap box... I think NYPHP could provide an extremely valuable service to the AMP community at large with an ongoing security focus on both basic and advanced best practices. In that regard, I'm looking forward to Chris' Security book. Let me know how I can help. thanks, John From chendry at nyc.rr.com Sun Jan 25 14:50:07 2004 From: chendry at nyc.rr.com (Christopher Hendry) Date: Sun, 25 Jan 2004 14:50:07 -0500 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752AFF8@ehost011-1.exch011.intermedia.net> Message-ID: -> Also, we need to get our CMS solidified, at which -> point it'll be a snap for people to get content (from both -> aforementioned topics) online ASAP. We'll need someone to head -> these efforts up...? I will certainly finish up the CMS as soon as I get a spare moment (uhm...right). It just needs a couple more tweaks... From jsiegel1 at optonline.net Sun Jan 25 21:12:53 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sun, 25 Jan 2004 21:12:53 -0500 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <4013EDA0.4090209@att.net> References: <41EE526EC2D3C74286415780D3BA9F8752AFF8@ehost011-1.exch011.intermedia.net> <4013EDA0.4090209@att.net> Message-ID: <401477A5.8030203@optonline.net> > I'd like to volunteer to be involved with ongoing security issues from > a > distance, like testing code, or contributing to short (PHundamentals?) > articles. We *definitely* need some security-related articles for PHundamentals. If you (or anyone else) needed a "jumping off" point...Mike Southwell is wrapping up an article on php.ini so, I would think, a brief discussion of register globals may be a good topic for a short article. Jeff Siegel John Lacey wrote: > > > Hans Zaunere wrote: > >>> Chris Shiflett wrote: >>> >>> >>>> It doesn't take too terribly long to verify the validitity, or lack >>>> thereof, of what is mentioned on Security Focus relating to PHP. Maybe >>>> NYPHP could host a Snopes-like site for this type of thing. :-) >> >> >> >> Very good thoughts. >> >> >>> From: John Lacey >>> >>> I was thinking that it would be a really cool and helpful project for >>> interested NYPHP members to set up what amounts to a 'honeypot' -- >>> with a different twist -- for >>> proving/testing/evaluating/hacking/messing-with/bashing an AMP >>> platform/apps./utilities/whatever. >> >> >> >> Ditto here, too. We have the horsepower to dedicate a server for >> this. Also, we need to get our CMS solidified, at which point it'll >> be a snap for people to get content (from both aforementioned topics) >> online ASAP. We'll need someone to head these efforts up...? >> > > Hi Hans, > > I'd like to volunteer to be involved with ongoing security issues from a > distance, like testing code, or contributing to short (PHundamentals?) > articles. But we need at least one local NYPHP member with more than a > smattering of > knowledge and experience in this area (and that's not me at the > moment). Since my main interest is in teaching people who are newcomers > to AMP and other OSS stuff, it is critically important they start off > with good coding techniques (I teach PEAR Coding Standards) and > especially the security concerns and repercussions of what they're > doing. It's easy to say "Never trust user input", but that doesn't mean > a whole hell of a lot unless you show people the HOW of it and they code > it up for themselves. > > ... steps off learning soap box... > > I think NYPHP could provide an extremely valuable service to the AMP > community at large with an ongoing security focus on both basic and > advanced best practices. In that regard, I'm looking forward to Chris' > Security book. > > Let me know how I can help. > thanks, > John > > > > > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jlacey at att.net Sun Jan 25 22:14:14 2004 From: jlacey at att.net (John Lacey) Date: Sun, 25 Jan 2004 20:14:14 -0700 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <401477A5.8030203@optonline.net> References: <41EE526EC2D3C74286415780D3BA9F8752AFF8@ehost011-1.exch011.intermedia.net> <4013EDA0.4090209@att.net> <401477A5.8030203@optonline.net> Message-ID: <40148606.1020803@att.net> Jeff Siegel wrote: > > I'd like to volunteer to be involved with ongoing security issues > from > a > > distance, like testing code, or contributing to short (PHundamentals?) > > articles. > > We *definitely* need some security-related articles for PHundamentals. > If you (or anyone else) needed a "jumping off" point...Mike Southwell is > wrapping up an article on php.ini so, I would think, a brief discussion > of register globals may be a good topic for a short article. > might want to check in with Chris Shifflet first to see if an article or two could 'point to' his upcoming security work[-in-progress] J From jsiegel1 at optonline.net Sun Jan 25 22:44:43 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Sun, 25 Jan 2004 22:44:43 -0500 Subject: [nycphp-talk] more crappy programs: security focus 230 - 232 In-Reply-To: <40148606.1020803@att.net> References: <41EE526EC2D3C74286415780D3BA9F8752AFF8@ehost011-1.exch011.intermedia.net> <4013EDA0.4090209@att.net> <401477A5.8030203@optonline.net> <40148606.1020803@att.net> Message-ID: <40148D2B.7000300@optonline.net> > might want to check in with Chris Shifflet first to see if an article > or > two could 'point to' his upcoming security work[-in-progress] Chris...you listening? ;) Jeff Siegel John Lacey wrote: > > > Jeff Siegel wrote: > >> > I'd like to volunteer to be involved with ongoing security issues >> from > a >> > distance, like testing code, or contributing to short (PHundamentals?) >> > articles. >> >> We *definitely* need some security-related articles for PHundamentals. >> If you (or anyone else) needed a "jumping off" point...Mike Southwell >> is wrapping up an article on php.ini so, I would think, a brief >> discussion of register globals may be a good topic for a short article. >> > > might want to check in with Chris Shifflet first to see if an article or > two could 'point to' his upcoming security work[-in-progress] > > J > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From joshmccormack at travelersdiary.com Mon Jan 26 14:34:07 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Mon, 26 Jan 2004 13:34:07 -0600 (CST) Subject: [nycphp-talk] looking for comparison review program Message-ID: Rather than recreate the wheel, if it's alredy been done, does anyone know of an open source program that does approximaately the following: Allows users to add and edit -items for comparison (vw, bmw, mercedes, etc) -comparison points (doors, horsepower, cupholders, etc) -specific comparison info (4 doors, 420hp, 2 cupholders, etc) Allow choice of what items to compare Probably store it all in a database. Thanks, Josh From shiflett at php.net Mon Jan 26 15:37:07 2004 From: shiflett at php.net (Chris Shiflett) Date: Mon, 26 Jan 2004 12:37:07 -0800 (PST) Subject: [nycphp-talk] Security Phundamentals In-Reply-To: <40148D2B.7000300@optonline.net> Message-ID: <20040126203707.97584.qmail@web14302.mail.yahoo.com> --- Jeff Siegel wrote: > > might want to check in with Chris Shifflet first to see if an article > > or two could 'point to' his upcoming security work[-in-progress] > > Chris...you listening? ;) Sorry, I missed most of this thread. This is about contributing to a phundamentals article on a security-related topic? If so, I'd be happy to help. I'm a big fan of these phundamentals. I hope to be at tomorrow's meeting, so we can speak in person, if it would help. As for references to my book, I may do quite the opposite and reference phundamentals in my writings. :-) I can recommend plenty of security topics that I think people would be interested in. This is why I mentioned the possibility of rethinking our URL organization (and I have a message from Hans flagged for a reply; I think it was related to this suggestion). I'd be happy to do the work (there's not much to it). Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From enunez at tiaa-cref.org Mon Jan 26 17:17:03 2004 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Mon, 26 Jan 2004 15:17:03 -0700 Subject: [nycphp-talk] Function search on PHP.NET Message-ID: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9E10@msxnyusr01.msx.ops.tiaa-cref.org> I was wondering if anyone knows where I could find the code for the function search feature they were beta testing on PHP.NET for a while. Just typing a partial function name would bring down a DHTML generated box with possible function names selections based on the partial string typed in the text field. It looked very very promising, I really wanted to utilize this feature in our internal website but the encrypted data source they used seemed more complexity that I wanted to deal with, at the time. Might even be registered with sourceforge? Thxs... -EAN ************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From shiflett at php.net Mon Jan 26 19:06:22 2004 From: shiflett at php.net (Chris Shiflett) Date: Mon, 26 Jan 2004 16:06:22 -0800 (PST) Subject: [nycphp-talk] Function search on PHP.NET In-Reply-To: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9E10@msxnyusr01.msx.ops.tiaa-cref.org> Message-ID: <20040127000622.60807.qmail@web14308.mail.yahoo.com> --- "Nunez, Eddy" wrote: > I was wondering if anyone knows where I could find the code for > the function search feature they were beta testing on PHP.NET for > a while. http://cvs.php.net/cvs.php/phpweb All of the source, as well as all history of the source, is available via CVS. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From jsiegel1 at optonline.net Mon Jan 26 21:48:15 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 26 Jan 2004 21:48:15 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test Message-ID: <4015D16F.6030401@optonline.net> This is a call to anyone who has Quicktime ver. 6.4 or better. Please go to the following URL - http://www.ekproductions.com/Music_Staff/index.html and click on Jose's picture. It will open a pop-up window that will playing a streaming quicktime file. Please let me know if it plays correctly or if you have any problems. Of course, it plays fine for me and I've tried it on three different browsers but it doesn't play correctly on my client's computer. TIA for your help, Jeff Siegel From dan at mx2pro.com Mon Jan 26 21:56:25 2004 From: dan at mx2pro.com (Dan Horning) Date: Mon, 26 Jan 2004 21:56:25 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015D16F.6030401@optonline.net> Message-ID: <20040127025636.1DD30A8628@virtu.nyphp.org> umm nope... just sits and shows your logo forever why not just use sorensen and make it a flv (flash video) instead of trying to stream it out it has to be small enough for that Dan Horning - Music, Technology & Photography http://www.dsoundmn.com/ Technical Systems Administration 1-866-284-3150 (Office/Home) > -----Original Message----- > From: talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jeff Siegel > Sent: Monday, January 26, 2004 9:48 PM > To: NYPHP Talk > Subject: [nycphp-talk] OT: Quicktime Streaming Test > > This is a call to anyone who has Quicktime ver. 6.4 or > better. Please go > to the following URL - > http://www.ekproductions.com/Music_Staff/index.html > and click on Jose's picture. It will open a pop-up window that will > playing a streaming quicktime file. Please let me know if it plays > correctly or if you have any problems. Of course, it plays > fine for me > and I've tried it on three different browsers but it doesn't play > correctly on my client's computer. > > TIA for your help, > > Jeff Siegel > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From csnyder at chxo.com Mon Jan 26 22:04:49 2004 From: csnyder at chxo.com (Chris Snyder) Date: Mon, 26 Jan 2004 22:04:49 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015D16F.6030401@optonline.net> References: <4015D16F.6030401@optonline.net> Message-ID: <4015D551.9020705@chxo.com> Nope. Mac OSX 10.3.2 with QuickTime 6.5 -- there's a lot of connecting, reconnecting -- it finally buffers then plays the copyright scroll before.... stopping. The progress nub continues but the video doesn't play. I've got some heavy-ish network load right now, but still... doesn't seem right. Jeff Siegel wrote: > This is a call to anyone who has Quicktime ver. 6.4 or better. Please > go to the following URL - > http://www.ekproductions.com/Music_Staff/index.html > and click on Jose's picture. It will open a pop-up window that will > playing a streaming quicktime file. Please let me know if it plays > correctly or if you have any problems. Of course, it plays fine for me > and I've tried it on three different browsers but it doesn't play > correctly on my client's computer. > > TIA for your help, > > Jeff Siegel > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From mitchy at spacemonkeylabs.com Mon Jan 26 22:16:37 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Mon, 26 Jan 2004 22:16:37 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015D16F.6030401@optonline.net> References: <4015D16F.6030401@optonline.net> Message-ID: <4015D815.6050501@spacemonkeylabs.com> Windows XP, Firebird 0.7, the animation never load, just negotiates until I run out of patience :( -- Mitch From jsiegel1 at optonline.net Mon Jan 26 22:31:52 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 26 Jan 2004 22:31:52 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015D551.9020705@chxo.com> References: <4015D16F.6030401@optonline.net> <4015D551.9020705@chxo.com> Message-ID: <4015DBA8.2040203@optonline.net> Thanks to all for checking it out. I made a quick change to the javascript. Can you give it one more shot? Click on Jose's pic. ( http://www.ekproductions.com/Music_Staff/index.html ) Jeff Chris Snyder wrote: > Nope. > > Mac OSX 10.3.2 with QuickTime 6.5 -- there's a lot of connecting, > reconnecting -- it finally buffers then plays the copyright scroll > before.... stopping. > > The progress nub continues but the video doesn't play. > > I've got some heavy-ish network load right now, but still... doesn't > seem right. > > > > Jeff Siegel wrote: > >> This is a call to anyone who has Quicktime ver. 6.4 or better. Please >> go to the following URL - >> http://www.ekproductions.com/Music_Staff/index.html >> and click on Jose's picture. It will open a pop-up window that will >> playing a streaming quicktime file. Please let me know if it plays >> correctly or if you have any problems. Of course, it plays fine for me >> and I've tried it on three different browsers but it doesn't play >> correctly on my client's computer. >> >> TIA for your help, >> >> Jeff Siegel >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From jsiegel1 at optonline.net Mon Jan 26 22:37:53 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 26 Jan 2004 22:37:53 -0500 Subject: [nycphp-talk] Security Phundamentals In-Reply-To: <20040126203707.97584.qmail@web14302.mail.yahoo.com> References: <20040126203707.97584.qmail@web14302.mail.yahoo.com> Message-ID: <4015DD11.5070903@optonline.net> Unless the LIRR shuts down...I'll be there so we can talk about this. Jeff Chris Shiflett wrote: > --- Jeff Siegel wrote: > >> > might want to check in with Chris Shifflet first to see if an article >> > or two could 'point to' his upcoming security work[-in-progress] >> >>Chris...you listening? ;) > > > Sorry, I missed most of this thread. This is about contributing to a > phundamentals article on a security-related topic? If so, I'd be happy to > help. I'm a big fan of these phundamentals. > > I hope to be at tomorrow's meeting, so we can speak in person, if it would > help. > > As for references to my book, I may do quite the opposite and reference > phundamentals in my writings. :-) I can recommend plenty of security > topics that I think people would be interested in. This is why I mentioned > the possibility of rethinking our URL organization (and I have a message > from Hans flagged for a reply; I think it was related to this suggestion). > I'd be happy to do the work (there's not much to it). > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security Handbook > Coming mid-2004 > HTTP Developer's Handbook > http://httphandbook.org/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From agfische at email.smith.edu Mon Jan 26 22:56:44 2004 From: agfische at email.smith.edu (Aaron Fischer) Date: Mon, 26 Jan 2004 22:56:44 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015DBA8.2040203@optonline.net> References: <4015D16F.6030401@optonline.net> <4015D551.9020705@chxo.com> <4015DBA8.2040203@optonline.net> Message-ID: Jeff, I get something, but I'm sure it's not what you want. It loads a new window, loads the clip, after about 20 seconds or so I get an image of a few people out on a dance floor. The image stays static throughout the entire clip and there is no sound. Runs for about 20-30 seconds. Mac OS X and Quicktime 6.5 -Aaron On Jan 26, 2004, at 10:31 PM, Jeff Siegel wrote: > Thanks to all for checking it out. > I made a quick change to the javascript. > Can you give it one more shot? > Click on Jose's pic. > ( http://www.ekproductions.com/Music_Staff/index.html ) > > Jeff > > > Chris Snyder wrote: > >> Nope. >> Mac OSX 10.3.2 with QuickTime 6.5 -- there's a lot of connecting, >> reconnecting -- it finally buffers then plays the copyright scroll >> before.... stopping. >> The progress nub continues but the video doesn't play. >> I've got some heavy-ish network load right now, but still... doesn't >> seem right. >> Jeff Siegel wrote: >>> This is a call to anyone who has Quicktime ver. 6.4 or better. >>> Please go to the following URL - >>> http://www.ekproductions.com/Music_Staff/index.html >>> and click on Jose's picture. It will open a pop-up window that will >>> playing a streaming quicktime file. Please let me know if it plays >>> correctly or if you have any problems. Of course, it plays fine for >>> me and I've tried it on three different browsers but it doesn't play >>> correctly on my client's computer. >>> >>> TIA for your help, >>> >>> Jeff Siegel >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From mitchy at spacemonkeylabs.com Mon Jan 26 23:03:18 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Mon, 26 Jan 2004 23:03:18 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015DBA8.2040203@optonline.net> References: <4015D16F.6030401@optonline.net> <4015D551.9020705@chxo.com> <4015DBA8.2040203@optonline.net> Message-ID: <4015E306.8060906@spacemonkeylabs.com> Jeff Siegel wrote: > Thanks to all for checking it out. > I made a quick change to the javascript. > Can you give it one more shot? > Click on Jose's pic. > ( http://www.ekproductions.com/Music_Staff/index.html ) No joy :( I get 'Negotiating requested data' and then nothing happens, for over 60 seconds. Win XP, Firebird 0.7 and Explorer 6. -- Mitch From jsiegel1 at optonline.net Mon Jan 26 23:04:52 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Mon, 26 Jan 2004 23:04:52 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: References: <4015D16F.6030401@optonline.net> <4015D551.9020705@chxo.com> <4015DBA8.2040203@optonline.net> Message-ID: <4015E364.3000102@optonline.net> It is supposed to open a new window. I'm not sure why everyone (except me) is having that problem. Though it's streaming I still cleaned out my cache. Let me know how this one works. There's no fancy javascript here. http://www.ekproductions.com/stream_test3.html Jeff Aaron Fischer wrote: > Jeff, I get something, but I'm sure it's not what you want. It loads a > new window, loads the clip, after about 20 seconds or so I get an image > of a few people out on a dance floor. The image stays static throughout > the entire clip and there is no sound. Runs for about 20-30 seconds. > > Mac OS X and Quicktime 6.5 > > -Aaron > > On Jan 26, 2004, at 10:31 PM, Jeff Siegel wrote: > >> Thanks to all for checking it out. >> I made a quick change to the javascript. >> Can you give it one more shot? >> Click on Jose's pic. >> ( http://www.ekproductions.com/Music_Staff/index.html ) >> >> Jeff >> >> >> Chris Snyder wrote: >> >>> Nope. >>> Mac OSX 10.3.2 with QuickTime 6.5 -- there's a lot of connecting, >>> reconnecting -- it finally buffers then plays the copyright scroll >>> before.... stopping. >>> The progress nub continues but the video doesn't play. >>> I've got some heavy-ish network load right now, but still... doesn't >>> seem right. >>> Jeff Siegel wrote: >>> >>>> This is a call to anyone who has Quicktime ver. 6.4 or better. >>>> Please go to the following URL - >>>> http://www.ekproductions.com/Music_Staff/index.html >>>> and click on Jose's picture. It will open a pop-up window that will >>>> playing a streaming quicktime file. Please let me know if it plays >>>> correctly or if you have any problems. Of course, it plays fine for >>>> me and I've tried it on three different browsers but it doesn't play >>>> correctly on my client's computer. >>>> >>>> TIA for your help, >>>> >>>> Jeff Siegel >>>> >>>> _______________________________________________ >>>> talk mailing list >>>> talk at lists.nyphp.org >>>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >> >> >> -- >> Found on the Simpson's Website: >> "Ooooooh, they have the internet on computers now!" >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From nyphp at enobrev.com Mon Jan 26 23:09:15 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Mon, 26 Jan 2004 23:09:15 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015E306.8060906@spacemonkeylabs.com> Message-ID: Played for me on XP IE 6 and Firebird 0.7 using QT 6.5 From mitchy at spacemonkeylabs.com Mon Jan 26 23:09:57 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Mon, 26 Jan 2004 23:09:57 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015E364.3000102@optonline.net> References: <4015D16F.6030401@optonline.net> <4015D551.9020705@chxo.com> <4015DBA8.2040203@optonline.net> <4015E364.3000102@optonline.net> Message-ID: <4015E495.2000700@spacemonkeylabs.com> Jeff Siegel wrote: > It is supposed to open a new window. I'm not sure why everyone (except > me) is having that problem. Though it's streaming I still cleaned out my > cache. > > Let me know how this one works. There's no fancy javascript here. Same as before, 'Negotiating requested data' and loads and loads and loads... Reminds me of the famous quote from Curly of the Three Stooges: "I'm thinkin', but nuthin's happenin'!" -- Mitch From agfische at email.smith.edu Mon Jan 26 23:14:07 2004 From: agfische at email.smith.edu (Aaron Fischer) Date: Mon, 26 Jan 2004 23:14:07 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015E364.3000102@optonline.net> References: <4015D16F.6030401@optonline.net> <4015D551.9020705@chxo.com> <4015DBA8.2040203@optonline.net> <4015E364.3000102@optonline.net> Message-ID: <404325B5-507F-11D8-A305-000A95AF25D2@email.smith.edu> Get the band image, then scrolling text (that stops halfway on-halfway off the screen) and no sound. Clip runs like that for 15-20 seconds or so. On Jan 26, 2004, at 11:04 PM, Jeff Siegel wrote: > It is supposed to open a new window. I'm not sure why everyone (except > me) is having that problem. Though it's streaming I still cleaned out > my cache. > > Let me know how this one works. There's no fancy javascript here. > > http://www.ekproductions.com/stream_test3.html > > Jeff > > Aaron Fischer wrote: > >> Jeff, I get something, but I'm sure it's not what you want. It loads >> a new window, loads the clip, after about 20 seconds or so I get an >> image of a few people out on a dance floor. The image stays static >> throughout the entire clip and there is no sound. Runs for about >> 20-30 seconds. >> Mac OS X and Quicktime 6.5 >> -Aaron >> On Jan 26, 2004, at 10:31 PM, Jeff Siegel wrote: >>> Thanks to all for checking it out. >>> I made a quick change to the javascript. >>> Can you give it one more shot? >>> Click on Jose's pic. >>> ( http://www.ekproductions.com/Music_Staff/index.html ) >>> >>> Jeff >>> >>> >>> Chris Snyder wrote: >>> >>>> Nope. >>>> Mac OSX 10.3.2 with QuickTime 6.5 -- there's a lot of connecting, >>>> reconnecting -- it finally buffers then plays the copyright scroll >>>> before.... stopping. >>>> The progress nub continues but the video doesn't play. >>>> I've got some heavy-ish network load right now, but still... >>>> doesn't seem right. >>>> Jeff Siegel wrote: >>>> >>>>> This is a call to anyone who has Quicktime ver. 6.4 or better. >>>>> Please go to the following URL - >>>>> http://www.ekproductions.com/Music_Staff/index.html >>>>> and click on Jose's picture. It will open a pop-up window that >>>>> will playing a streaming quicktime file. Please let me know if it >>>>> plays correctly or if you have any problems. Of course, it plays >>>>> fine for me and I've tried it on three different browsers but it >>>>> doesn't play correctly on my client's computer. >>>>> >>>>> TIA for your help, >>>>> >>>>> Jeff Siegel >>>>> >>>>> _______________________________________________ >>>>> talk mailing list >>>>> talk at lists.nyphp.org >>>>> http://lists.nyphp.org/mailman/listinfo/talk >>>> >>>> _______________________________________________ >>>> talk mailing list >>>> talk at lists.nyphp.org >>>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> >>> -- >>> Found on the Simpson's Website: >>> "Ooooooh, they have the internet on computers now!" >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > -- > Found on the Simpson's Website: > "Ooooooh, they have the internet on computers now!" > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jsiegel1 at optonline.net Tue Jan 27 00:12:07 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 27 Jan 2004 00:12:07 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <404325B5-507F-11D8-A305-000A95AF25D2@email.smith.edu> References: <4015D16F.6030401@optonline.net> <4015D551.9020705@chxo.com> <4015DBA8.2040203@optonline.net> <4015E364.3000102@optonline.net> <404325B5-507F-11D8-A305-000A95AF25D2@email.smith.edu> Message-ID: <4015F327.4080408@optonline.net> Thanks again to everyone who tried the links. Since the last link I posted - http://www.ekproductions.com/stream_test3.html - has no javascript on the page (so we can eliminate that as a variable...the javascript was creating the necessary code on-the-fly), it's a bit of a puzzle why it works for one or two people but doesn't work for the majority. To be continued..... Jeff Aaron Fischer wrote: > Get the band image, then scrolling text (that stops halfway on-halfway > off the screen) and no sound. Clip runs like that for 15-20 seconds or so. > > > On Jan 26, 2004, at 11:04 PM, Jeff Siegel wrote: > >> It is supposed to open a new window. I'm not sure why everyone (except >> me) is having that problem. Though it's streaming I still cleaned out >> my cache. >> >> Let me know how this one works. There's no fancy javascript here. >> >> http://www.ekproductions.com/stream_test3.html >> >> Jeff >> >> Aaron Fischer wrote: >> >>> Jeff, I get something, but I'm sure it's not what you want. It loads >>> a new window, loads the clip, after about 20 seconds or so I get an >>> image of a few people out on a dance floor. The image stays static >>> throughout the entire clip and there is no sound. Runs for about >>> 20-30 seconds. >>> Mac OS X and Quicktime 6.5 >>> -Aaron >>> On Jan 26, 2004, at 10:31 PM, Jeff Siegel wrote: >>> >>>> Thanks to all for checking it out. >>>> I made a quick change to the javascript. >>>> Can you give it one more shot? >>>> Click on Jose's pic. >>>> ( http://www.ekproductions.com/Music_Staff/index.html ) >>>> >>>> Jeff >>>> >>>> >>>> Chris Snyder wrote: >>>> >>>>> Nope. >>>>> Mac OSX 10.3.2 with QuickTime 6.5 -- there's a lot of connecting, >>>>> reconnecting -- it finally buffers then plays the copyright scroll >>>>> before.... stopping. >>>>> The progress nub continues but the video doesn't play. >>>>> I've got some heavy-ish network load right now, but still... >>>>> doesn't seem right. >>>>> Jeff Siegel wrote: >>>>> >>>>>> This is a call to anyone who has Quicktime ver. 6.4 or better. >>>>>> Please go to the following URL - >>>>>> http://www.ekproductions.com/Music_Staff/index.html >>>>>> and click on Jose's picture. It will open a pop-up window that >>>>>> will playing a streaming quicktime file. Please let me know if it >>>>>> plays correctly or if you have any problems. Of course, it plays >>>>>> fine for me and I've tried it on three different browsers but it >>>>>> doesn't play correctly on my client's computer. >>>>>> >>>>>> TIA for your help, >>>>>> >>>>>> Jeff Siegel >>>>>> >>>>>> _______________________________________________ >>>>>> talk mailing list >>>>>> talk at lists.nyphp.org >>>>>> http://lists.nyphp.org/mailman/listinfo/talk >>>>> >>>>> >>>>> _______________________________________________ >>>>> talk mailing list >>>>> talk at lists.nyphp.org >>>>> http://lists.nyphp.org/mailman/listinfo/talk >>>> >>>> >>>> >>>> -- >>>> Found on the Simpson's Website: >>>> "Ooooooh, they have the internet on computers now!" >>>> >>>> _______________________________________________ >>>> talk mailing list >>>> talk at lists.nyphp.org >>>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> _______________________________________________ >>> talk mailing list >>> talk at lists.nyphp.org >>> http://lists.nyphp.org/mailman/listinfo/talk >> >> >> -- >> Found on the Simpson's Website: >> "Ooooooh, they have the internet on computers now!" >> >> _______________________________________________ >> talk mailing list >> talk at lists.nyphp.org >> http://lists.nyphp.org/mailman/listinfo/talk > > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From phplover at hotmail.com Tue Jan 27 01:04:55 2004 From: phplover at hotmail.com (PHPLover) Date: Tue, 27 Jan 2004 11:34:55 +0530 Subject: [nycphp-talk] Re: Function search on PHP.NET (Chris Shiflett) In-Reply-To: <20040127035652.0334DA87BC@virtu.nyphp.org> Message-ID: <000b01c3e49b$7c431220$021b10ac@HTS5ACC19> Yes, Functions.js is encrypted. Would be very useful if they are kind enough to give us the source code of the same. From southwell at dneba.com Tue Jan 27 09:53:26 2004 From: southwell at dneba.com (Michael Southwell) Date: Tue, 27 Jan 2004 09:53:26 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015D16F.6030401@optonline.net> References: <4015D16F.6030401@optonline.net> Message-ID: <6.0.1.1.2.20040127095140.01d5cc28@mail.optonline.net> At 09:48 PM 1/26/2004, you wrote: >This is a call to anyone who has Quicktime ver. 6.4 or better. Please go >to the following URL - http://www.ekproductions.com/Music_Staff/index.html 0945 on Tuesday (didn't see this until now), XP, Moz 1.5, works perfectly though I did have to click the play button Michael G. Southwell ================================= DNEBA Enterprises 81 South Road Bloomingdale, NJ 07403-1419 973/492-7873 (voice and fax) southwell at dneba.com http://www.dneba.com ====================================================== From southwell at dneba.com Tue Jan 27 09:57:06 2004 From: southwell at dneba.com (Michael Southwell) Date: Tue, 27 Jan 2004 09:57:06 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <4015E364.3000102@optonline.net> References: <4015D16F.6030401@optonline.net> <4015D551.9020705@chxo.com> <4015DBA8.2040203@optonline.net> <4015E364.3000102@optonline.net> Message-ID: <6.0.1.1.2.20040127095606.01d37b50@mail.optonline.net> At 11:04 PM 1/26/2004, you wrote: >It is supposed to open a new window. I'm not sure why everyone (except me) >is having that problem. Though it's streaming I still cleaned out my cache. > >Let me know how this one works. There's no fancy javascript here. > >http://www.ekproductions.com/stream_test3.html and this one also works, same setup. QT 1.4. didn't try any other browsers. Michael G. Southwell ================================= DNEBA Enterprises 81 South Road Bloomingdale, NJ 07403-1419 973/492-7873 (voice and fax) southwell at dneba.com http://www.dneba.com ====================================================== From jsiegel1 at optonline.net Tue Jan 27 10:04:00 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Tue, 27 Jan 2004 10:04:00 -0500 Subject: [nycphp-talk] OT: Quicktime Streaming Test In-Reply-To: <6.0.1.1.2.20040127095140.01d5cc28@mail.optonline.net> References: <4015D16F.6030401@optonline.net> <6.0.1.1.2.20040127095140.01d5cc28@mail.optonline.net> Message-ID: <40167DE0.7090104@optonline.net> Thanks so much for checking it out. Jeff Michael Southwell wrote: > At 09:48 PM 1/26/2004, you wrote: > >> This is a call to anyone who has Quicktime ver. 6.4 or better. Please >> go to the following URL - >> http://www.ekproductions.com/Music_Staff/index.html > > > 0945 on Tuesday (didn't see this until now), XP, Moz 1.5, works > perfectly though I did have to click the play button > > > > Michael G. Southwell ================================= > DNEBA Enterprises > 81 South Road > Bloomingdale, NJ 07403-1419 > 973/492-7873 (voice and fax) > southwell at dneba.com > http://www.dneba.com > ====================================================== > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From sklar at sklar.com Tue Jan 27 10:27:40 2004 From: sklar at sklar.com (David Sklar) Date: Tue, 27 Jan 2004 10:27:40 -0500 Subject: [nycphp-talk] Re: Function search on PHP.NET (Chris Shiflett) In-Reply-To: <000b01c3e49b$7c431220$021b10ac@HTS5ACC19> Message-ID: On Tuesday, January 27, 2004 1:05 AM, wrote: > Yes, > > Functions.js is encrypted. > Would be very useful if they are kind enough to give us the source > code of the same. Check out the scripts/quickref directory of the phpdoc module. David From danielc at analysisandsolutions.com Tue Jan 27 11:31:13 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 27 Jan 2004 11:31:13 -0500 Subject: [nycphp-talk] 'In and out' of php In-Reply-To: References: Message-ID: <20040127163113.GA20702@panix.com> On Sat, Jan 24, 2004 at 01:53:06PM -0500, Mark Armendariz wrote: > > echo "ID"; Of course, you would have to put {} around the array: echo "ID"; --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From enunez at tiaa-cref.org Tue Jan 27 11:32:31 2004 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Tue, 27 Jan 2004 11:32:31 -0500 Subject: [nycphp-talk] Re: Function search on PHP.NET (Chris Shiflett) Message-ID: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9E13@msxnyusr01.msx.ops.tiaa-cref.org> Thanks for the info so far... I've been trying to find "manual_en_contents.txt" under phpweb module without any success. It's suppose to be in the phpweb/manual/en/, but that doesn't exists under the CVS tree. I just want to see how it's structured. Anyone know? thxs. -EAN -----Original Message----- From: David Sklar [mailto:sklar at sklar.com] Sent: Tuesday, January 27, 2004 10:28 AM To: NYPHP Talk Subject: RE: [nycphp-talk] Re: Function search on PHP.NET (Chris Shiflett) On Tuesday, January 27, 2004 1:05 AM, wrote: > Yes, > > Functions.js is encrypted. > Would be very useful if they are kind enough to give us the source > code of the same. Check out the scripts/quickref directory of the phpdoc module. David _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk ************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** From chubbard at next-online.net Tue Jan 27 11:46:27 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Tue, 27 Jan 2004 08:46:27 -0800 Subject: [nycphp-talk] sessions and application security Message-ID: <401695E2.5010105@next-online.net> All, I'm back for more information. I need to port a financial application. So it's important to make the session management as strong as possible. One of the guys on the team advocates designing the application so it doesn't use sessions, basically passing a token in the URL that tells the server who the person is and where they are in the application. I'm leaning toward database session management. Who's right? or are we both right/wrong? The application when it's deployed will have two or three web servers handling the traffic, with a separate Oracle server. We will have multiple servers for two reasons, first handling the load, and second to provide some failover. So whatever mechanism we implement will need to scale. We definitely don't want to make it easy for people to hijack the session. And I'd like to make it so it takes Sterling more than 90 seconds to get the keys to the kingdom. The application will be running with SSL. I don't have control over the client environment, so I can't force users to use a particular browser, or browser settings. Can detect what they do have though (obviously). One thought is to use both a token in the url and database sessions, where the token in the url is a checksum of the database session, and possibly vice versa. That way I can check both. If I have a checksum in both, then I can compare the checksum. Hmm. Thoughts, suggestions, or even better what is the "best" way to do this? Chris From mjdewitt at alexcommgrp.com Tue Jan 27 11:49:45 2004 From: mjdewitt at alexcommgrp.com (DeWitt, Michael) Date: Tue, 27 Jan 2004 11:49:45 -0500 Subject: [nycphp-talk] OT:Virus Alert: MyDoom Message-ID: This one seems to be really catching on. We are getting a ton of these emails this morning. We allow ZIP files through and have to, so we have some exposure with this virus. People here are aware of this issue, but you never know if everyone will think "virus" when that juicy ZIP file is staring them in the face from their inbox. Here is something Watchguard sent me on this virus. Mike > -----Original Message----- > From: WatchGuard LiveSecurity > [SMTP:WatchGuard_LiveSecurity at tailorednews.com] > Sent: Monday, January 26, 2004 9:45 PM > To: DeWitt, Michael > Subject: LiveSecurity | Urgent: Virus Alert: MyDoom > > > .gif> > > > > > > WatchGuard Hardware Warranty > Extension > Safeguard your security > solution investment. > Learn more > > > > > > MyDoom > > > MyDoom Demonstrates > a True Viral Outbreak > > > 26 January 2004 > > > About the Virus > > > A new virus, MyDoom (also called Novarg by some vendors, Mimail.R by > others), is erupting on the Internet right now. Network Associates > received 19,500 copies of the virus from over 3,400 email addresses in a > single hour Monday afternoon, an extremely high rate. MyDoom seems to have > been launched today, around 1:00 PM Pacific Standard Time. The virus > presents a well-worded message advising that its attachment was necessary > because a technical error prevented normal email transmission, a more > clever social-engineering ploy than the garden variety "Here, open this." > Since this new virus carries a trojan, MyDoom might feel appropriately > named to its victims. > > > Distinguishing Characteristics > > > A MyDoom e-mail spoofs its sender so that it appears to come from one of > your friends, contacts, or a credible institutions such as a bank or phone > company. The Subject is randomized. So far we've seen the variations > below: > > * hi > * hello > * HELLO > * error > * Mail Delivery System > * Mail Transaction Failed > * Server Report > * status > * test > * Test > * Server Request > > MyDoom is so new that the anti-virus vendors have not compiled their list > of variations at the time of this writing. There may be other Subjects we > haven't listed. MyDoom's body is also random. So far we know of these > three variations: > > * The message cannot be represented in 7-bit ASCII encoding and has > been sent as a binary attachment. > * The message contains Unicode characters and has been sent as a > binary attachment. > * Mail transaction failed. Partial message is available. > > We believe those credible bodies partly contribute to MyDoom's suceess. > They certainly sound like legitimate errors and lead one to believe that > the attached file could be the message that your e-mail client can't > display. Don't fall for it! > > MyDoom uses random attachments that try to look like documents. It uses > the following extensions: > > * .exe > * .scr > * .pif > * .cmd > * .bat > * .zip <-- (The zip file contains an executable that looks like a > document; e.g., doc.txt [lots of spaces] .exe) > > Although details are still developing, MyDoom starts like most viruses. If > one of your users runs the virus' attachment, it starts by copying itself > to his computer and adding registry entries to ensure that it can restart > if your user reboots. It also harvests e-mail addresses from a number of > different file types and sends itself to others. > > According to the latest breaking news, MyDoom also seems to spread through > the popular Kazaa P2P, file-sharing application. Other reports indicate > MyDoom is engineered to target SCO for a Denial of Service attack. > > Finally, MyDoom installs a backdoor by opening a connection on TCP port > 3127. This could allow the virus author access to control an infected > machine. > > This virus has spread so fast that the anti-virus vendors are still > researching it. MyDoom's code is encrypted so it may take awhile for the > vendors to assess its true scope. We recommend you intermitently check > McAfee's alert > > for the latest developments. > > > What you can do > > > * As always, remind your users never to open unexpected attachments > from any source. > > * Most major anti-virus vendors already have signatures that detect > MyDoom. Check with your vendor for the latest update. If there is no > MyDoom update, search on variant names Novarg, Shimg, or Mimail.R, which > are terms for the same virus. > > * Firebox II / III and Vclass owners should follow the steps below. > The SMTP proxy can help. > > > Suggestions for SOHO owners > > > If you have a SOHO, your best bet to stop this worm is to get new virus > definitions from your vendor. Don't open e-mail attachments unless they > contain material you requested or expect. Scan e-mail attachments with > your anti-virus software, and open them only if they are proven clean. > > When it successfully infects a machine, MyDoom seems to open a connection > using TCP port 3127 in an attempt to allow the virus author access to your > machine. We recommend blocking this port, both Incoming and Outgoing. To > do this, connect to your SOHO and click "Custom Service" on the left side > of the screen. Name the service whatever you want (for example, > Block_MyDoom_Trojan) and add TCP port 3127 to the "Protocol Settings." > Change both Incoming and Outgoing Filter to "Deny." and Submit your > changes. This will not prevent the worm from infecting you, but it should > prevent the virus' backdoor from reaching the author. > > > Suggestions for Firebox II / III owners > > > MyDoom uses many attachment types. The Firebox II and III's SMTP Proxy > blocks most of MyDoom's attachments by default. However, it doesn't block > ZIP files by default. You can follow the steps below to block ZIP files > either temporarily or permanantly. Since MyDoom uses different file names, > blocking it requires you to block all ZIP files. Note that this procedure > stops your users from receiving any ZIP file, whether malicious or not. > > * If you have an SMTP Proxy icon in the WatchGuard Policy Manager, > double-click the icon, then go to Properties tab => Incoming => Content > Types tab => check for "*.zip" in the box labeled "Deny attachments based > on these file name patterns." If you see *.zip in the list, your Firebox > is configured to block this virus. If you don't see .zip in the list, > click the Add button and type *.zip. > > * If you don't have an SMTP Proxy icon in the WatchGuard Policy > Manager, go to: Edit => Add Service => Proxies => SMTP => Add => OK. The > newly enabled service blocks the worm by default. > > When it successfully infects a machine, MyDoom seems to open a connection > using TCP port 3127 in an attempt to allow the virus author access to your > machine. We recommend blocking this port, both Incoming and Outgoing. To > do this, click "Edit => Add Service => New." Name the service whatever you > want (e.g., Block_MyDoom_Trojan) and click "Add." Choose TCP port 3127, > and for "Client Port," choose Ignore from the drop-down menu, and click > "OK" twice to add the service to the list of services. Now, double-click > the new service to add it to your configuration. Change both Incoming and > Outgoing to "Enabled and Denied" and press "OK." Make sure to save this > change to your Firebox This change will not prevent the worm from > infecting you, but it should prevent the virus' backdoor from reaching the > author. > > > Suggestions for Vclass owners > > > Your Vclass does not block .zip files by default. You'll have to create or > adjust a custom proxy action based on SMTP-Incoming in order to strip .zip > attachments. Keep in mind, this does prevent your users from receiving any > ZIP file whether malicious or not. > > If you have created your own Proxy Action based on SMTP-Incoming, you can > edit it so that it blocks all .zip files. In the Vcontroller software, > click the Proxies button and double-click your custom proxy action. Under > the Content Checking tab, change "Category" to Attachment Filename and > click either the Add to Top or Insert After button (only one or the other > will display). Next, type ZIP files as the new rule's name, and choose > "Pattern Match." Next to Pattern Match, type *.zip and select Strip as the > Action. Now you can apply this new Proxy Action to your SMTP rule to > ensure zip files are blocked. > > When it successfully infects a machine, MyDoom seems to open a connection > using TCP port 3127 in an attempt to allow the virus author access to your > machine. We recommend blocking this port, both Incoming and Outgoing. To > do this, click on "Security Policy" in the Vcontroller software. Highlight > one of your services and press, "Insert." Name the service anything you > like (e. g., block.MyDoom.trojan). Choose "Any" for Source and > destination. Next to "Service" click the "New" button. Name the new port > "MyDoom.Trojan" and press "New." For Protocol, choose TCP, and enter > Server Port 3127. Press "Done" twice to get back to the "Insert Security > Policy" window. Next to Firewall, choose "Block" and press "Done" to add > the service. Finally, press "Apply" to add the service to your Vclass > Firebox. This change will not prevent the worm from infecting you, but it > should prevent the virus' backdoor from reaching the author. > > > References: > > > McAfee description of MyDoom > > > Symantec description of Novarg > tml> > > ComputerWorld write-up > 89449,00.html> > > Credits: Researched by Corey Nachreiner. > > Written by Corey Nachreiner and Scott Pinzon. > > _____ > > Was this alert clear and helpful to you? Have any suggestions on how we > could improve it? Let us know at lsseditor at watchguard.com > . > > For past alerts, log into the LiveSecurity Archive > . > > Stumped by jargon? Try the LiveSecurity Online Glossary > . > > Copyright 2004, WatchGuard Technologies, Inc. All rights reserved. > WatchGuard, LiveSecurity, Firebox and ServerLock are trademarks or > registered trademarks of WatchGuard Technologies, Inc. in the United > States and other countries. > > > > > _____ > > How would you rate this LiveSecurity Update? > Very helpful > Helpful > Somewhat Helpful > Not Helpful > > Will you tell us why you feel that way? > > > _____ > > NOTE: > This e-mail was sent from an unattended mailbox. Please do not reply. > ABOUT Questiva/TailoredMail: > WatchGuard has contracted with Questiva/TailoredMail, an industry leading > vendor of trusted email services, to send these emails and maintain a > record of your preferences confidentially. Personal information about you > is not sold or rented to Questiva/TailoredMail or to other companies. Both > WatchGuard and Questiva/TailoredMail are fully committed to your privacy, > as detailed in WatchGuard's privacy policy > . > TO UNSUBSCRIBE: > You received this e-mail because you subscribed to the WatchGuard > LiveSecurity Service, which advises about virus alerts, security best > practices, new hacking exploits, and more. If you no longer wish to be > advised of these things, please let us know: Unsubscribe > . > Copyright 2004 WatchGuard Technologies, Incorporated. All Rights Reserved. > WatchGuard, LiveSecurity and Firebox, and any other word listed as a > trademark in the "Terms of Use" portion of the WatchGuard Web site that is > used herein, are registered trademarks or trademarks of WatchGuard > Technologies, Inc. in the United States and/or other countries. All other > trademarks are the property of their respective owners. You may not > modify, reproduce, republish, post, transmit, or distribute this content > except as expressly permitted in writing by WatchGuard Technologies, Inc. > > > > > Copyright ? 1996 - 2004 > WatchGuard Technologies, Inc. > All rights reserved. | Terms of Use > > > > From jkelly at sussex.edu Tue Jan 27 11:53:32 2004 From: jkelly at sussex.edu (jessica kelly) Date: Tue, 27 Jan 2004 11:53:32 -0500 Subject: [nycphp-talk] OT:Virus Alert: MyDoom Message-ID: McAfee has released a DAT for it for those of us using windows & McAfee. I'm getting lots at the College I work at. Jessica >>> mjdewitt at alexcommgrp.com 1/27/04 11:49:45 AM >>> This one seems to be really catching on. We are getting a ton of these emails this morning. We allow ZIP files through and have to, so we have some exposure with this virus. People here are aware of this issue, but you never know if everyone will think "virus" when that juicy ZIP file is staring them in the face from their inbox. Here is something Watchguard sent me on this virus. Mike > -----Original Message----- > From: WatchGuard LiveSecurity > [SMTP:WatchGuard_LiveSecurity at tailorednews.com] > Sent: Monday, January 26, 2004 9:45 PM > To: DeWitt, Michael > Subject: LiveSecurity | Urgent: Virus Alert: MyDoom > > > .gif> > > > > > > WatchGuard Hardware Warranty > Extension > Safeguard your security > solution investment. > Learn more > > > > > > MyDoom > > > MyDoom Demonstrates > a True Viral Outbreak > > > 26 January 2004 > > > About the Virus > > > A new virus, MyDoom (also called Novarg by some vendors, Mimail.R by > others), is erupting on the Internet right now. Network Associates > received 19,500 copies of the virus from over 3,400 email addresses in a > single hour Monday afternoon, an extremely high rate. MyDoom seems to have > been launched today, around 1:00 PM Pacific Standard Time. The virus > presents a well-worded message advising that its attachment was necessary > because a technical error prevented normal email transmission, a more > clever social-engineering ploy than the garden variety "Here, open this." > Since this new virus carries a trojan, MyDoom might feel appropriately > named to its victims. > > > Distinguishing Characteristics > > > A MyDoom e-mail spoofs its sender so that it appears to come from one of > your friends, contacts, or a credible institutions such as a bank or phone > company. The Subject is randomized. So far we've seen the variations > below: > > * hi > * hello > * HELLO > * error > * Mail Delivery System > * Mail Transaction Failed > * Server Report > * status > * test > * Test > * Server Request > > MyDoom is so new that the anti-virus vendors have not compiled their list > of variations at the time of this writing. There may be other Subjects we > haven't listed. MyDoom's body is also random. So far we know of these > three variations: > > * The message cannot be represented in 7-bit ASCII encoding and has > been sent as a binary attachment. > * The message contains Unicode characters and has been sent as a > binary attachment. > * Mail transaction failed. Partial message is available. > > We believe those credible bodies partly contribute to MyDoom's suceess. > They certainly sound like legitimate errors and lead one to believe that > the attached file could be the message that your e-mail client can't > display. Don't fall for it! > > MyDoom uses random attachments that try to look like documents. It uses > the following extensions: > > * .exe > * .scr > * .pif > * .cmd > * .bat > * .zip <-- (The zip file contains an executable that looks like a > document; e.g., doc.txt [lots of spaces] .exe) > > Although details are still developing, MyDoom starts like most viruses. If > one of your users runs the virus' attachment, it starts by copying itself > to his computer and adding registry entries to ensure that it can restart > if your user reboots. It also harvests e-mail addresses from a number of > different file types and sends itself to others. > > According to the latest breaking news, MyDoom also seems to spread through > the popular Kazaa P2P, file-sharing application. Other reports indicate > MyDoom is engineered to target SCO for a Denial of Service attack. > > Finally, MyDoom installs a backdoor by opening a connection on TCP port > 3127. This could allow the virus author access to control an infected > machine. > > This virus has spread so fast that the anti-virus vendors are still > researching it. MyDoom's code is encrypted so it may take awhile for the > vendors to assess its true scope. We recommend you intermitently check > McAfee's alert > > for the latest developments. > > > What you can do > > > * As always, remind your users never to open unexpected attachments > from any source. > > * Most major anti-virus vendors already have signatures that detect > MyDoom. Check with your vendor for the latest update. If there is no > MyDoom update, search on variant names Novarg, Shimg, or Mimail.R, which > are terms for the same virus. > > * Firebox II / III and Vclass owners should follow the steps below. > The SMTP proxy can help. > > > Suggestions for SOHO owners > > > If you have a SOHO, your best bet to stop this worm is to get new virus > definitions from your vendor. Don't open e-mail attachments unless they > contain material you requested or expect. Scan e-mail attachments with > your anti-virus software, and open them only if they are proven clean. > > When it successfully infects a machine, MyDoom seems to open a connection > using TCP port 3127 in an attempt to allow the virus author access to your > machine. We recommend blocking this port, both Incoming and Outgoing. To > do this, connect to your SOHO and click "Custom Service" on the left side > of the screen. Name the service whatever you want (for example, > Block_MyDoom_Trojan) and add TCP port 3127 to the "Protocol Settings." > Change both Incoming and Outgoing Filter to "Deny." and Submit your > changes. This will not prevent the worm from infecting you, but it should > prevent the virus' backdoor from reaching the author. > > > Suggestions for Firebox II / III owners > > > MyDoom uses many attachment types. The Firebox II and III's SMTP Proxy > blocks most of MyDoom's attachments by default. However, it doesn't block > ZIP files by default. You can follow the steps below to block ZIP files > either temporarily or permanantly. Since MyDoom uses different file names, > blocking it requires you to block all ZIP files. Note that this procedure > stops your users from receiving any ZIP file, whether malicious or not. > > * If you have an SMTP Proxy icon in the WatchGuard Policy Manager, > double-click the icon, then go to Properties tab => Incoming => Content > Types tab => check for "*.zip" in the box labeled "Deny attachments based > on these file name patterns." If you see *.zip in the list, your Firebox > is configured to block this virus. If you don't see .zip in the list, > click the Add button and type *.zip. > > * If you don't have an SMTP Proxy icon in the WatchGuard Policy > Manager, go to: Edit => Add Service => Proxies => SMTP => Add => OK. The > newly enabled service blocks the worm by default. > > When it successfully infects a machine, MyDoom seems to open a connection > using TCP port 3127 in an attempt to allow the virus author access to your > machine. We recommend blocking this port, both Incoming and Outgoing. To > do this, click "Edit => Add Service => New." Name the service whatever you > want (e.g., Block_MyDoom_Trojan) and click "Add." Choose TCP port 3127, > and for "Client Port," choose Ignore from the drop-down menu, and click > "OK" twice to add the service to the list of services. Now, double-click > the new service to add it to your configuration. Change both Incoming and > Outgoing to "Enabled and Denied" and press "OK." Make sure to save this > change to your Firebox This change will not prevent the worm from > infecting you, but it should prevent the virus' backdoor from reaching the > author. > > > Suggestions for Vclass owners > > > Your Vclass does not block .zip files by default. You'll have to create or > adjust a custom proxy action based on SMTP-Incoming in order to strip .zip > attachments. Keep in mind, this does prevent your users from receiving any > ZIP file whether malicious or not. > > If you have created your own Proxy Action based on SMTP-Incoming, you can > edit it so that it blocks all .zip files. In the Vcontroller software, > click the Proxies button and double-click your custom proxy action. Under > the Content Checking tab, change "Category" to Attachment Filename and > click either the Add to Top or Insert After button (only one or the other > will display). Next, type ZIP files as the new rule's name, and choose > "Pattern Match." Next to Pattern Match, type *.zip and select Strip as the > Action. Now you can apply this new Proxy Action to your SMTP rule to > ensure zip files are blocked. > > When it successfully infects a machine, MyDoom seems to open a connection > using TCP port 3127 in an attempt to allow the virus author access to your > machine. We recommend blocking this port, both Incoming and Outgoing. To > do this, click on "Security Policy" in the Vcontroller software. Highlight > one of your services and press, "Insert." Name the service anything you > like (e. g., block.MyDoom.trojan). Choose "Any" for Source and > destination. Next to "Service" click the "New" button. Name the new port > "MyDoom.Trojan" and press "New." For Protocol, choose TCP, and enter > Server Port 3127. Press "Done" twice to get back to the "Insert Security > Policy" window. Next to Firewall, choose "Block" and press "Done" to add > the service. Finally, press "Apply" to add the service to your Vclass > Firebox. This change will not prevent the worm from infecting you, but it > should prevent the virus' backdoor from reaching the author. > > > References: > > > McAfee description of MyDoom > > > Symantec description of Novarg > tml> > > ComputerWorld write-up > 89449,00.html> > > Credits: Researched by Corey Nachreiner. > > Written by Corey Nachreiner and Scott Pinzon. > > _____ > > Was this alert clear and helpful to you? Have any suggestions on how we > could improve it? Let us know at lsseditor at watchguard.com > . > > For past alerts, log into the LiveSecurity Archive > . > > Stumped by jargon? Try the LiveSecurity Online Glossary > . > > Copyright 2004, WatchGuard Technologies, Inc. All rights reserved. > WatchGuard, LiveSecurity, Firebox and ServerLock are trademarks or > registered trademarks of WatchGuard Technologies, Inc. in the United > States and other countries. > > > > > _____ > > How would you rate this LiveSecurity Update? > Very helpful > Helpful > Somewhat Helpful > Not Helpful > > Will you tell us why you feel that way? > > > _____ > > NOTE: > This e-mail was sent from an unattended mailbox. Please do not reply. > ABOUT Questiva/TailoredMail: > WatchGuard has contracted with Questiva/TailoredMail, an industry leading > vendor of trusted email services, to send these emails and maintain a > record of your preferences confidentially. Personal information about you > is not sold or rented to Questiva/TailoredMail or to other companies. Both > WatchGuard and Questiva/TailoredMail are fully committed to your privacy, > as detailed in WatchGuard's privacy policy > . > TO UNSUBSCRIBE: > You received this e-mail because you subscribed to the WatchGuard > LiveSecurity Service, which advises about virus alerts, security best > practices, new hacking exploits, and more. If you no longer wish to be > advised of these things, please let us know: Unsubscribe > . > Copyright 2004 WatchGuard Technologies, Incorporated. All Rights Reserved. > WatchGuard, LiveSecurity and Firebox, and any other word listed as a > trademark in the "Terms of Use" portion of the WatchGuard Web site that is > used herein, are registered trademarks or trademarks of WatchGuard > Technologies, Inc. in the United States and/or other countries. All other > trademarks are the property of their respective owners. You may not > modify, reproduce, republish, post, transmit, or distribute this content > except as expressly permitted in writing by WatchGuard Technologies, Inc. > > > > > Copyright ? 1996 - 2004 > WatchGuard Technologies, Inc. > All rights reserved. | Terms of Use > > > > _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From shiflett at php.net Tue Jan 27 12:07:01 2004 From: shiflett at php.net (Chris Shiflett) Date: Tue, 27 Jan 2004 09:07:01 -0800 (PST) Subject: [nycphp-talk] sessions and application security In-Reply-To: <401695E2.5010105@next-online.net> Message-ID: <20040127170701.77789.qmail@web14307.mail.yahoo.com> --- Chris Hubbard wrote: > So it's important to make the session management as strong as possible. > One of the guys on the team advocates designing the application so it > doesn't use sessions, basically passing a token in the URL that tells > the server who the person is and where they are in the application. What is this guy's definition of a session? It sounds to me like he simply advocates passing session data back and forth across the public Internet rather than keeping it on the server. Which sounds more secure? :-) > The application when it's deployed will have two or three web servers > handling the traffic, with a separate Oracle server. We will have > multiple servers for two reasons, first handling the load, and second > to provide some failover. So whatever mechanism we implement will need > to scale. I hate that word, scale. I think you just mean that the session mechanism must function correctly in a clustered environment, right? Keeping session data in a database is a convenient way to achieve this, although there are other solutions as well. For example, msession is an extension that was designed specifically to share session data among a cluster of servers. I've never used it, but it might work well for you (assuming the database solution doesn't). Someone at a NYPHP had a pretty creative solution that basically achieved server affinity at the application level. Maybe they'll speak up and provide the details, but I remember it had something to do with setting a cookie that indicated which server had the user's session. As I recall, this worked well for this developer, and he had some decent traffic to handle. > We definitely don't want to make it easy for people to hijack the > session. I wrote an article recently on this that was intended to help get people started thinking about session security. You can get it for free from: http://www.phpmag.net/ssl/phppdf/ It's the free sample at the bottom, and the article is, "The Truth about Sessions." > Thoughts, suggestions, or even better what is the "best" way to do > this? What is best for one person isn't necessarily best for another. The architect of any Web application is likely to be the most qualified person to be deciding on the best session solution. All you need is a little background information along with some suggestions and example solutions, and you're set. Just don't let anyone who suggests passing session data back and forth across the Internet for every transaction be making decisions about session security. :-) Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ >From hans not junk at nyphp.com Tue Jan 27 12:12:38 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 7FE20A86D5 for ; Tue, 27 Jan 2004 12:12:38 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] OT:Virus Alert: MyDoom Date: Tue, 27 Jan 2004 09:12:35 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752B1C7 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] OT:Virus Alert: MyDoom Thread-Index: AcPk9ZZAZ3a8NyOtRcqeKmvUCdJ/AAAAwZuQ From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2004 17:12:38 -0000 > This one seems to be really catching on. We are getting a=20 > ton of these emails this morning. We allow ZIP files through and have to,=20 > so we have some exposure with this virus. People here are aware of this=20 > issue, but you never know if everyone will think "virus" when that juicy ZIP file is > staring them in the face from their inbox.=20 I've set Outlook to filter messages with a size of between 29 and 31 kb... works like a charm so far. But yeah, this one was hitting pretty hard. The NYPHP lists are getting slammed, but thankfully they are closed to non members :) H From dmintz at davidmintz.org Tue Jan 27 12:21:21 2004 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 27 Jan 2004 12:21:21 -0500 (EST) Subject: [nycphp-talk] OT:Virus Alert: MyDoom In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752B1C7@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F8752B1C7@ehost011-1.exch011.intermedia.net> Message-ID: The spew I am getting a lot of today is bounced messages that I never sent. Purportedly from people like sam at dmintzweb.com (no such user) addressed to random people I never heard of, they bounce to me because I am the catch-all for the domain's mail. And they have presumably evil attachments. Another fun day in the trenches (-: On Tue, 27 Jan 2004, Hans Zaunere wrote: > > > This one seems to be really catching on. We are getting a > > ton of these emails this morning. We allow ZIP files through and have > to, > > so we have some exposure with this virus. People here are aware of > this > > issue, but you never know if everyone will think "virus" when that > juicy ZIP file is > > staring them in the face from their inbox. > > I've set Outlook to filter messages with a size of between 29 and 31 > kb... works like a charm so far. > > But yeah, this one was hitting pretty hard. The NYPHP lists are getting > slammed, but thankfully they are closed to non members :) > > H > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From danielc at analysisandsolutions.com Tue Jan 27 12:28:01 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 27 Jan 2004 12:28:01 -0500 Subject: [nycphp-talk] in and out redux Message-ID: <20040127172800.GA28178@panix.com> Hi Folks: I deleted the in and out thread, but something came up, so I'm starting a new one... The discussion on in and out wound up touching on using variables inside strings. The consensus was that the speed differential between using variables inside and outside of strings was fixed. Well, there's a current thread on internals at php.net, aka php-dev, in which Andrei says that using variables outside of quotes is faster: http://marc.theaimsgroup.com/?l=php-dev&m=107522145908795&w=2 Enjoy, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From nyphp at enobrev.com Tue Jan 27 12:31:09 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Tue, 27 Jan 2004 12:31:09 -0500 Subject: [nycphp-talk] OT:Virus Alert: MyDoom In-Reply-To: Message-ID: I've been getting quite a few bounces to never owned addresses to my catch-alls as well on two of my domains. It seems I've also received the zip, although I've been filtering as well and killed it right away. I'm a bit concerned that it wasn't caught as pc-cillin did about 9 updates yesterday. It's snowing in brooklyn.. Err.. well it was a minute ago. Mark From nyphp at enobrev.com Tue Jan 27 12:39:31 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Tue, 27 Jan 2004 12:39:31 -0500 Subject: [nycphp-talk] PHP Functions toolbar?? Message-ID: Something I've been wanting to do since I'd first delved into php is a browser toolbar (like google, and now msn) for searching the php manual. Unfortunately, I'm just barely starting with my C/C++ learning endeavor. Has anyone ever seen or written one? Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmintz at davidmintz.org Tue Jan 27 12:51:29 2004 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 27 Jan 2004 12:51:29 -0500 (EST) Subject: [nycphp-talk] get just the column names (MySQL) In-Reply-To: References: <41EE526EC2D3C74286415780D3BA9F8752B1C7@ehost011-1.exch011.intermedia.net> Message-ID: I know about "show columns from myTable", "describe myTable",etc. I wonder if anyone knows an elegant way to get ~just~ the column names and no more (metadata). The lazy way I'm doing it now is with PEAR's DB_Common::getCol() (which, for all I know, is fetching and discarding the extra stuff under the hood (no I haven't peeked)). $this->attribs = $db->getCol("show columns from person"); --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From cderr at simons-rock.edu Tue Jan 27 13:06:22 2004 From: cderr at simons-rock.edu (charlie derr) Date: Tue, 27 Jan 2004 13:06:22 -0500 Subject: [nycphp-talk] sessions and application security In-Reply-To: <20040127170701.77789.qmail@web14307.mail.yahoo.com> References: <20040127170701.77789.qmail@web14307.mail.yahoo.com> Message-ID: <4016A89E.7090701@simons-rock.edu> Chris Shiflett wrote: > > What is best for one person isn't necessarily best for another. The > architect of any Web application is likely to be the most qualified person > to be deciding on the best session solution. All you need is a little > background information along with some suggestions and example solutions, > and you're set. > > Just don't let anyone who suggests passing session data back and forth > across the Internet for every transaction be making decisions about > session security. :-) One thing that occurs to me (which certainly wasn't implied in the original question, so I'm asking about this as a totally separate issue that was just "jogged" into the forefront of my mind by this highly illuminative post) is the following: If the entire transaction (both authentication and all content served) was done via https, then it really wouldn't be a security problem to use this model you scoff at (session data in the url), right? I'm not asking because I have any intention of doing this (our authentication code is backed by a database -- what travels over the internet is a cookie holding a randomly generated session key), rather I'm asking the question to simplyfurther my understanding. I'm just wondering if I'm missing something in my analysis -- the way I see it, if the entire conversation is encrypted via https, then it's not a real problem security-wise except for the one niggling issue of a public access machine being used to access the system (someone could conceivaly sit down later and prise anything that was in the url out of the browser history). thanks for your time, ~c > > Hope that helps. > it sure helped me :-] > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security Handbook > Coming mid-2004 > HTTP Developer's Handbook > http://httphandbook.org/ > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > -- This is not a democracy, it's a cheerocracy. -Torrance Shipman in _Bring it On_ From mitchy at spacemonkeylabs.com Tue Jan 27 13:00:14 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Tue, 27 Jan 2004 13:00:14 -0500 Subject: [nycphp-talk] sessions and application security In-Reply-To: <20040127170701.77789.qmail@web14307.mail.yahoo.com> References: <20040127170701.77789.qmail@web14307.mail.yahoo.com> Message-ID: <4016A72E.6030208@spacemonkeylabs.com> Chris Shiflett wrote: > --- Chris Hubbard wrote: > >>So it's important to make the session management as strong as possible. >>One of the guys on the team advocates designing the application so it >>doesn't use sessions, basically passing a token in the URL that tells >>the server who the person is and where they are in the application. > > > What is this guy's definition of a session? It sounds to me like he simply > advocates passing session data back and forth across the public Internet > rather than keeping it on the server. Which sounds more secure? :-) I agree 100% on this one. An excellent opportunity for you would be using ADODB's database-based sessions (http://php.weblogs.com/adodb-sessions). Using this system, ADODB also performs a crc32 check on the data and only hits the database when the session data is changed. Combine this with the ability of ADODB to cache query results and you have a pretty fast setup (not to mention database independence). Another option would be to use pound (http://www.apsis.ch/pound): "The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no warranty, it's free to use, copy and give away." I LOVE pound. I learned to use it while dealing with Plone and Zope sites, and now use it as a load-balancer with session awareness for PHP stuff too ;^) -- Mitch From yury at heavenspa.com Tue Jan 27 13:12:58 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Tue, 27 Jan 2004 13:12:58 -0500 Subject: [nycphp-talk] PHP Functions toolbar?? References: Message-ID: <022001c3e501$31fb8100$0400a8c0@heavenspanyc> Sounds interesting.. regards yury ----- Original Message ----- From: Mark Armendariz To: 'NYPHP Talk' Sent: Tuesday, January 27, 2004 12:39 PM Subject: [nycphp-talk] PHP Functions toolbar?? Something I've been wanting to do since I'd first delved into php is a browser toolbar (like google, and now msn) for searching the php manual. Unfortunately, I'm just barely starting with my C/C++ learning endeavor. Has anyone ever seen or written one? Mark ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From mitchy at spacemonkeylabs.com Tue Jan 27 13:04:32 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Tue, 27 Jan 2004 13:04:32 -0500 Subject: [nycphp-talk] sessions and application security In-Reply-To: <4016A89E.7090701@simons-rock.edu> References: <20040127170701.77789.qmail@web14307.mail.yahoo.com> <4016A89E.7090701@simons-rock.edu> Message-ID: <4016A830.7050700@spacemonkeylabs.com> charlie derr wrote: > One thing that occurs to me (which certainly wasn't implied in the > original question, > so I'm asking about this as a totally separate issue that was just > "jogged" into the > forefront of my mind by this highly illuminative post) is the following: > > If the entire transaction (both authentication and all content served) > was done via https, > then it really wouldn't be a security problem to use this model you > scoff at (session data > in the url), right? Nope, unfortunately your session data will be in the URL, which goes over in cleartext (think about HTTP_REFERER and such). -- Mitch From greg at mbwpartners.net Tue Jan 27 13:16:01 2004 From: greg at mbwpartners.net (Greg Wilson) Date: Tue, 27 Jan 2004 13:16:01 -0500 Subject: [nycphp-talk] get just the column names (MySQL) In-Reply-To: References: <41EE526EC2D3C74286415780D3BA9F8752B1C7@ehost011-1.exch011.intermedia.net> Message-ID: <1075227361.2664.26.camel@banner> how about: mysql_list_fields from http://www.php.net/function.mysql-list-fields Description resource mysql_list_fields ( string database_name, string table_name [, resource link_identifier]) mysql_list_fields() retrieves information about the given table name. Arguments are the database and the table name. A result pointer is returned which can be used with mysql_field_flags(), mysql_field_len(), mysql_field_name(), and mysql_field_type(). is that what you were after? greg On Tue, 2004-01-27 at 12:51, David Mintz wrote: > I know about "show columns from myTable", "describe myTable",etc. I wonder > if anyone knows an elegant way to get ~just~ the column names and no more > (metadata). The lazy way I'm doing it now is with PEAR's > DB_Common::getCol() (which, for all I know, is fetching and discarding the > extra stuff under the hood (no I haven't peeked)). > > $this->attribs = $db->getCol("show columns from person"); > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From cderr at simons-rock.edu Tue Jan 27 13:40:21 2004 From: cderr at simons-rock.edu (charlie derr) Date: Tue, 27 Jan 2004 13:40:21 -0500 Subject: [nycphp-talk] sessions and application security In-Reply-To: <4016A830.7050700@spacemonkeylabs.com> References: <20040127170701.77789.qmail@web14307.mail.yahoo.com> <4016A89E.7090701@simons-rock.edu> <4016A830.7050700@spacemonkeylabs.com> Message-ID: <4016B095.9080102@simons-rock.edu> Mitch Pirtle wrote: > charlie derr wrote: > >> One thing that occurs to me (which certainly wasn't implied in the >> original question, >> so I'm asking about this as a totally separate issue that was just >> "jogged" into the >> forefront of my mind by this highly illuminative post) is the following: >> >> If the entire transaction (both authentication and all content served) >> was done via https, >> then it really wouldn't be a security problem to use this model you >> scoff at (session data >> in the url), right? > > > Nope, unfortunately your session data will be in the URL, which goes > over in cleartext (think about HTTP_REFERER and such). > good point! i completely missed that one. just to be pedantic (well, and to understand more completely what's happening), if a person were to take this approach and make sure there were no links anywhere within the authenticated content to an outside page (only links to other authenticated pages and a "logout" page which would obviously remove the session information from the (next) url), then this would take care of that concern wouldn't it? or maybe there's a more insidious problem of some headers of an https session being sent cleartext (if this is the case I certainly wasn't aware of it previously) thanks again, ~c From tgales at tgaconnect.com Tue Jan 27 13:31:48 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 27 Jan 2004 13:31:48 -0500 Subject: [nycphp-talk] get just the column names (MySQL) In-Reply-To: Message-ID: <000d01c3e503$d3b60590$bf8d3818@oberon1> David Mintz writes: "I wonder if anyone knows an elegant way to get ~just~ the column names and no more" You might try something like: SELECT * FROM `table` LIMIT 1 (I wouldn't say it is elegant...) T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jonbaer at jonbaer.net Tue Jan 27 13:32:41 2004 From: jonbaer at jonbaer.net (jon baer) Date: Tue, 27 Jan 2004 13:32:41 -0500 Subject: [nycphp-talk] get just the column names (MySQL) References: <41EE526EC2D3C74286415780D3BA9F8752B1C7@ehost011-1.exch011.intermedia.net> Message-ID: <00dd01c3e503$f4ada870$6400a8c0@thinkpad> I beleive you *used* to be able to do this (before SHOW), the C API does have a function for this (just the column names), and so does PHP ... http://us4.php.net/manual/en/function.mysql-list-fields.php Which uses the C API im sure but its labeled as a deprecated method, so I wouldn't put it anywhere important. - jon ----- Original Message ----- From: "David Mintz" To: "NYPHP Talk" Sent: Tuesday, January 27, 2004 12:51 PM Subject: [nycphp-talk] get just the column names (MySQL) > > I know about "show columns from myTable", "describe myTable",etc. I wonder > if anyone knows an elegant way to get ~just~ the column names and no more > (metadata). The lazy way I'm doing it now is with PEAR's > DB_Common::getCol() (which, for all I know, is fetching and discarding the > extra stuff under the hood (no I haven't peeked)). > > $this->attribs = $db->getCol("show columns from person"); > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From shiflett at php.net Tue Jan 27 13:36:43 2004 From: shiflett at php.net (Chris Shiflett) Date: Tue, 27 Jan 2004 10:36:43 -0800 (PST) Subject: [nycphp-talk] sessions and application security In-Reply-To: <4016A89E.7090701@simons-rock.edu> Message-ID: <20040127183643.94077.qmail@web14307.mail.yahoo.com> --- charlie derr wrote: > If the entire transaction (both authentication and all content served) > was done via https, then it really wouldn't be a security problem to > use this model you scoff at (session data in the url), right? Scoff seems a bit harsh. :-) I was just trying to clarify what I thought was being suggested. Also, passing session data around on the Internet would include cookies and POST data also, not only URL variables. To answer your question, it would still be a security risk. Let me try to think of a crazy analogy to clarify this... Say you have a 5 year old daughter. You let her walk across the street, but in order to make sure it's safe, you only let her do this when there is no visible traffic in either direction. If there is no traffic, then she's perfectly safe, right? Well, perhaps she will be safe. But, why let her cross the street in the first place? This is an especially poor choice if there is no reason. Who knows what else can happen, and maybe you're not as good as you predict at sensing the absense of traffic. Why take an unnecessary risk? It makes no sense. The same goes for Web security in many ways. If we focus on preventing only the risks that we're aware of, being careless otherwise, we're sure to fail. There is no reason to be passing session data back and forth over the Internet for every transaction, unless: 1. The data can safely be considered public 2. You have plenty of extra bandwidth but need to save processing and storage resources That's about the only scenario I can think of where this would be an acceptable decision, although there may be others. > I'm just wondering if I'm missing something in my analysis -- the way > I see it, if the entire conversation is encrypted via https, then it's > not a real problem security-wise except for the one niggling issue of > a public access machine being used to access the system (someone could > conceivaly sit down later and prise anything that was in the url out of > the browser history). SSL certainly doesn't solve everything, otherwise Web application security wouldn't be much of a topic to talk about. :-) I can think of a dozen different types of attacks that can be successful despite SSL off the top of my head. For example: 1. Perhaps you think it is best to store all session data in cookies. You use SSL, and you even set the secure attribute in the cookies, so that they're not mistakenly sent over an insecure connection. This seems pretty safe, but unfortunately you find that some of your users use IE (seems likely), and then you learn that everyone's session data is being compromised by way of browser vulnerabilities (see http://www.peacefire.org/security/iecookies/ and http://shiflett.org/articles/passport-hacking-revisited - unfortunately the original source of the IE 5.5 and 6.0 vulnerability is now a 404). 2. So, you decide to change your approach, and you store all session data safely in a database, and you only put a session identifier in a cookie. You use SSL for everything again, so that you're protected. Oops! People are still having their cookies compromised, so attackers are using the stolen session identifiers to impersonate users on your site. Well, all SSL does for you is require the attackers to type an extra 's'. That didn't really help. 3. You decide that cookies must be the problem (and the fact that unknowing users don't realize the serious security hazards of using IE). You change your session mechanism to only pass the session identifier in the URL, and because you're using SSL, this should be safe. Oh no! Foiled again! You learn later that attackers are now using session fixation attacks to cause unknowing users to pass a session identifier of the attacker's choosing. So, while the attacker can't snoop the session identifier, it doesn't matter, because the attacker is the one who chose it. I could go on, but the point is that there is no simple solution to every potential risk. SSL is great, and it solves some fundamental problems, but it's a very small piece of the puzzle. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From dmintz at davidmintz.org Tue Jan 27 13:42:18 2004 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 27 Jan 2004 13:42:18 -0500 (EST) Subject: [nycphp-talk] get just the column names (MySQL) In-Reply-To: <000d01c3e503$d3b60590$bf8d3818@oberon1> References: <000d01c3e503$d3b60590$bf8d3818@oberon1> Message-ID: On Tue, 27 Jan 2004, Tim Gales wrote: > > You might try something like: > > SELECT * FROM `table` LIMIT 1 > (I wouldn't say it is elegant...) I see your point, grab a row and look at the field names not the values. But suppose the table is empty? This ain't a big problem, I was just curious, Thanks everyone. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From shiflett at php.net Tue Jan 27 13:44:13 2004 From: shiflett at php.net (Chris Shiflett) Date: Tue, 27 Jan 2004 10:44:13 -0800 (PST) Subject: [nycphp-talk] sessions and application security In-Reply-To: <4016B095.9080102@simons-rock.edu> Message-ID: <20040127184413.89479.qmail@web14301.mail.yahoo.com> --- charlie derr wrote: > or maybe there's a more insidious problem of some headers of an > https session being sent cleartext (if this is the case I certainly > wasn't aware of it previously) This is not the case. SSL lies between TCP and HTTP, so that everything at the HTTP level is protected. If that makes no sense, just know that the entire HTTP request and corresponding respnse is protected with SSL. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From andrew at digitalpulp.com Tue Jan 27 13:45:14 2004 From: andrew at digitalpulp.com (Andrew Yochum) Date: Tue, 27 Jan 2004 13:45:14 -0500 Subject: [nycphp-talk] PHP Functions toolbar?? In-Reply-To: References: Message-ID: <20040127184506.GL321@thighmaster.digitalpulp.com> On Tue, Jan 27, 2004 at 12:39:31PM -0500, Mark Armendariz wrote: > Something I've been wanting to do since I'd first delved into php is a > browser toolbar (like google, and now msn) for searching the php manual. > Unfortunately, I'm just barely starting with my C/C++ learning endeavor. > Has anyone ever seen or written one? I use this javascript bookmark (sometimes called a "bookmarklet") in my browser toolbar: javascript:void(f=prompt('PHP Function:',''));if(f)location.href='http://www.php.net/'+escape(f) Or if you want to pop a new window, you can do something like: javascript:void(f=prompt('PHP Function:',''));if(f)void(open('http://www.php.net/'+escape(f),'php function','width=600,height=400,scrollbars=1,resizable=1')); For the new window one, if you want a more functional window, play with the parameters on the end. See: http://devedge.netscape.com/library/manuals/2000/javascript/1.3/reference/window.html#1202731 To use them, just create a bookmark and drop the whole string ("javsacript:....") in as the URL. I think it should work in IE and Mozilla, although I only use Mozilla. HTH, Andrew -- Andrew Yochum Digital Pulp, Inc. 212.679.0676x255 andrew at digitalpulp.com From nyphp at enobrev.com Tue Jan 27 14:32:12 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Tue, 27 Jan 2004 14:32:12 -0500 Subject: [nycphp-talk] PHP Functions toolbar?? In-Reply-To: <20040127184506.GL321@thighmaster.digitalpulp.com> Message-ID: Ah, I remember these. Thanks for the example. It does the job. Mark From felix at students.poly.edu Tue Jan 27 09:33:25 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Tue, 27 Jan 2004 09:33:25 -0500 Subject: [nycphp-talk] sessions and application security In-Reply-To: <20040127183643.94077.qmail@web14307.mail.yahoo.com> References: <4016A89E.7090701@simons-rock.edu> <20040127183643.94077.qmail@web14307.mail.yahoo.com> Message-ID: <20040127093325.49f853be.felix@students.poly.edu> I like to only pose only my opinion on this subject. I agree it is imposible to have 100% secure HTTP session mechanism because the server application does not control the client side. I think ssl should be used to increase security as a starting point. Then use session cookie with secure attribute to carry the session id. The session id should not be used solely for actions that have lasting side effects such as POST that causes money to be transfered. In that case each POST like that should have additional token that can be used only once, and that token should have a expiration time just in case. As far as using tokens in URL I dont think its a good idea because of the potential risks and lack of benefits. Like someone said url's can be placed in Referer header or loged in server logs. And in general they will make application more complex. I had an idea recently of having url variables calculated by javascript which a token taken from hidden tag in html. This mechanism was supposed to help prevent csrf where a user can only create an url if the user has already received an html page from a session. Even if an attacker got a users session id from a cookie he would still not be able to request an html page without already having a valid html page. Now this may work but it still assumes too much. Attacker can still combine a xss with csrf or steal the url token and session id to get around this, in addition it would make application logic more complex. So my conclusion is to get a good mix of ssl , session cookie and hidden tokens in POST to get a pretty good level of security and make sure it all works correctly. As last resort educate users not to do stupid stuff like click on links from email and entering passwords thereafter. That seems to be a popular attack lately. -- felix[at]bebinary.com http://www.zaslavskiy.net/ From shiflett at php.net Tue Jan 27 15:10:00 2004 From: shiflett at php.net (Chris Shiflett) Date: Tue, 27 Jan 2004 12:10:00 -0800 (PST) Subject: [nycphp-talk] Security Phundamentals In-Reply-To: <4015DD11.5070903@optonline.net> Message-ID: <20040127201000.51088.qmail@web14310.mail.yahoo.com> --- Jeff Siegel wrote: > Unless the LIRR shuts down...I'll be there so we can talk about this. Unfortunately, things aren't going to work out for me to allow me to attend tonight. I was hoping to be able to make it, but that's not going to happen. I'm sure we'll be in touch via email. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ >From hans not junk at nyphp.com Tue Jan 27 15:38:27 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 3AD9CA8771 for ; Tue, 27 Jan 2004 15:38:27 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] sessions and application security Date: Tue, 27 Jan 2004 12:38:25 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752B210 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] sessions and application security Thread-Index: AcPk9VjLrexWDqFjS8SK2KbL7l7GwQAHmDCQ From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2004 20:38:27 -0000 > All, > I'm back for more information. I need to port a financial=20 > application. =20 > So it's important to make the session management as strong as=20 > possible. > One of the guys on the team advocates designing the application so it=20 > doesn't use sessions, basically passing a token in the URL that tells=20 > the server who the person is and where they are in the=20 > application. I'm leaning toward database session management. > Who's right? or are we both right/wrong? I'm a token passer myself. Burn an extra few CPU cycles and keep sensitive information on the endpoints, rather than in transit. > The application when it's deployed will have two or three web servers=20 > handling the traffic, with a separate Oracle server. We will have=20 > multiple servers for two reasons, first handling the load,=20 > and second to provide some failover. So whatever mechanism we implement=20 Don't forget that if one box goes down, the others get *all* the load... always balance across more boxes than you need to (there's some fancy forumla for this, too). > will need to scale. We definitely don't want to make it easy for people to hijack=20 > the session. And I'd like to make it so it takes Sterling more than 90=20 > seconds to get the keys to the kingdom. The application will=20 > be running with SSL. >=20 > I don't have control over the client environment, so I can't=20 > force users to use a particular browser, or browser settings. Can detect=20 > what they do have though (obviously). I think this is really the key. Backend security considerations can only be so good - the heart of it lies in the browser. For anyone who uses online banking (Citibank for instance) a great deal of their security is client side. JavaScript, browser detection, timeouts, etc. Security really breaks down into two parts: transit and endpoints. SSL generally should suffice for transit, and a strong backend architecture and system admins can handle the server endpoint. That leaves the browser, which from what I've seen and heard, is where the real problems are. > One thought is to use both a token in the url and database sessions,=20 > where the token in the url is a checksum of the database session, and=20 > possibly vice versa. That way I can check both. If I have a=20 > checksum in both, then I can compare the checksum. Hmm. Good ideas, but even so, if someone can get that key on the browser, he's in. Again, it's the browser - but perhaps rotating session keys can help - which could at least detect if a hijack was *attempted* and then shutdown the session. > Thoughts, suggestions, or even better what is the "best" way=20 > to do this? Don't use a web browser :) H From Cbielanski at inta.org Tue Jan 27 15:47:07 2004 From: Cbielanski at inta.org (Chris Bielanski) Date: Tue, 27 Jan 2004 15:47:07 -0500 Subject: [nycphp-talk] sessions and application security Message-ID: Only solution I've ever seen devised for this is a moving-target encryption. Public key handshake (within SSL) leads to an ever-changing series of private keys devised by your own proprietary method. Every transaction (every page) has a new key. The numerical application is left as an exercise to the reader. ;) No, it's not pretty. Yes, it makes Sterling and other beasts like it break out in cold sweat. Otherwise, yeah, get it off HTTP and on to your own protocol. That solves the problem most handily. ~Chris -----Original Message----- From: Hans Zaunere [mailto:hans not junk at nyphp.com] Sent: Tuesday, January 27, 2004 3:38 PM To: NYPHP Talk Subject: RE: [nycphp-talk] sessions and application security > One thought is to use both a token in the url and database sessions, > where the token in the url is a checksum of the database session, and > possibly vice versa. That way I can check both. If I have a > checksum in both, then I can compare the checksum. Hmm. Good ideas, but even so, if someone can get that key on the browser, he's in. Again, it's the browser - but perhaps rotating session keys can help - which could at least detect if a hijack was *attempted* and then shutdown the session. > Thoughts, suggestions, or even better what is the "best" way > to do this? Don't use a web browser :) H _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk >From hans not junk at nyphp.com Tue Jan 27 15:55:48 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 4A6A6A8771 for ; Tue, 27 Jan 2004 15:55:48 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] sessions and application security Date: Tue, 27 Jan 2004 12:55:46 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752B219 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] sessions and application security Thread-Index: AcPlFlqng//tD47gRza/wQOazTgU6AAAWUSg From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2004 20:55:48 -0000 > Only solution I've ever seen devised for this is a=20 > moving-target encryption. > Public key handshake (within SSL) leads to an ever-changing series of > private keys devised by your own proprietary method. Every transaction > (every page) has a new key. The numerical application is left=20 > as an exercise to the reader. ;) I had kicked around some sequencing sessions, modeled after TCP's SYN/ACK sequence numbers - but using the SSL keys... now that's-a-good-idea. I'm even thinking... depending on your platform, you could reach down the network stack and just grab the real TCP SYN/ACK numbers. But probably not doable in pure PHP :) H From Cbielanski at inta.org Tue Jan 27 16:04:38 2004 From: Cbielanski at inta.org (Chris Bielanski) Date: Tue, 27 Jan 2004 16:04:38 -0500 Subject: [nycphp-talk] sessions and application security Message-ID: This was actually a unique public key *after* SSL negotiation, so you have the SSL-secure layer to the browser, then the webapp secures the "key-tunnel" via PGP, Blowfish, or whatever, and each transaction was additionally secured via moving-target. The great advantage? There are no export laws against encryption strength of financial data. Write once, run everywhere. ~Chris -----Original Message----- From: Hans Zaunere [mailto:hans not junk at nyphp.com] Sent: Tuesday, January 27, 2004 3:56 PM To: NYPHP Talk Subject: RE: [nycphp-talk] sessions and application security > Only solution I've ever seen devised for this is a > moving-target encryption. > Public key handshake (within SSL) leads to an ever-changing series of > private keys devised by your own proprietary method. Every transaction > (every page) has a new key. The numerical application is left > as an exercise to the reader. ;) I had kicked around some sequencing sessions, modeled after TCP's SYN/ACK sequence numbers - but using the SSL keys... now that's-a-good-idea. I'm even thinking... depending on your platform, you could reach down the network stack and just grab the real TCP SYN/ACK numbers. But probably not doable in pure PHP :) H _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From heli_travel at yahoo.com Tue Jan 27 16:16:12 2004 From: heli_travel at yahoo.com (Nya2z.com) Date: Tue, 27 Jan 2004 13:16:12 -0800 (PST) Subject: [nycphp-talk] Looking for Larry In-Reply-To: Message-ID: <20040127211612.71272.qmail@web12202.mail.yahoo.com> Hi Larry: I am looking for the guy who posted a message for volunteer programmers. Please reply this Email personally at heli_travel at yahoo.com Thanks Ly __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ From ereyes at totalcreations.com Tue Jan 27 12:57:50 2004 From: ereyes at totalcreations.com (Edgar Reyes) Date: Tue, 27 Jan 2004 12:57:50 -0500 Subject: [nycphp-talk] OT:Virus Alert: MyDoom References: Message-ID: <0aae01c3e4ff$14a1fe60$6400a8c0@ERENTR> That's part of the virus (worm) that's going around . I've been getting about 25 of those every 10 min. It's call W32.Novarg.A at mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. just delete all those emails and ask your ISP to update their filters. Edgar ----- Original Message ----- From: "Mark Armendariz" To: "'NYPHP Talk'" Sent: Tuesday, January 27, 2004 12:31 PM Subject: RE: [nycphp-talk] OT:Virus Alert: MyDoom > I've been getting quite a few bounces to never owned addresses to my > catch-alls as well on two of my domains. > > It seems I've also received the zip, although I've been filtering as well > and killed it right away. I'm a bit concerned that it wasn't caught as > pc-cillin did about 9 updates yesterday. > > It's snowing in brooklyn.. Err.. well it was a minute ago. > > Mark > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > > From shiflett at php.net Tue Jan 27 17:04:47 2004 From: shiflett at php.net (Chris Shiflett) Date: Tue, 27 Jan 2004 14:04:47 -0800 (PST) Subject: [nycphp-talk] OT:Virus Alert: MyDoom In-Reply-To: <0aae01c3e4ff$14a1fe60$6400a8c0@ERENTR> Message-ID: <20040127220447.13952.qmail@web14302.mail.yahoo.com> --- Edgar Reyes wrote: > That's part of the virus (worm) that's going around. It's supposed to DDoS SCO on Feb 1. Amusing. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From dmintz at davidmintz.org Tue Jan 27 17:28:09 2004 From: dmintz at davidmintz.org (David Mintz) Date: Tue, 27 Jan 2004 17:28:09 -0500 (EST) Subject: [nycphp-talk] OT:Virus Alert: MyDoom In-Reply-To: <20040127220447.13952.qmail@web14302.mail.yahoo.com> References: <20040127220447.13952.qmail@web14302.mail.yahoo.com> Message-ID: On Tue, 27 Jan 2004, Chris Shiflett wrote: > --- Edgar Reyes wrote: > > That's part of the virus (worm) that's going around. > > It's supposed to DDoS SCO on Feb 1. Amusing. :-) > Hmmm, maybe a person ought to hang onto a copy.... (-: Does it work on Linux or just Windoze? --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From danielc at analysisandsolutions.com Tue Jan 27 17:34:24 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 27 Jan 2004 17:34:24 -0500 Subject: [nycphp-talk] get just the column names (MySQL) In-Reply-To: References: <41EE526EC2D3C74286415780D3BA9F8752B1C7@ehost011-1.exch011.intermedia.net> Message-ID: <20040127223423.GA5363@panix.com> On Tue, Jan 27, 2004 at 12:51:29PM -0500, David Mintz wrote: > > (metadata). The lazy way I'm doing it now is with PEAR's > DB_Common::getCol() (which, for all I know, is fetching and discarding the PEAR DB's DB_common::tableInfo() method has the ability to return metadata about a table or query result object. The method and it's related docblock and documentation have been overhauled in the new release: 1.6.0RC2. The documentation has yet to be compiled on the web servers, but should be soon. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Tue Jan 27 17:37:35 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 27 Jan 2004 17:37:35 -0500 Subject: [nycphp-talk] PHP Functions toolbar?? In-Reply-To: References: Message-ID: <20040127223735.GB5363@panix.com> On Tue, Jan 27, 2004 at 12:39:31PM -0500, Mark Armendariz wrote: > Something I've been wanting to do since I'd first delved into php is a > browser toolbar (like google, and now msn) for searching the php manual. The way I look up stuff is putting the following in my document location bar: "php.net/function_name" That will take you directly to the function's section in the manual in your native language. Can't get simpler than that -- well at least it seems that way to me. This was mentioned on this list in the past few days by the person trying to find out how that functionality worked. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From shiflett at php.net Tue Jan 27 18:00:04 2004 From: shiflett at php.net (Chris Shiflett) Date: Tue, 27 Jan 2004 15:00:04 -0800 (PST) Subject: [nycphp-talk] PHP Functions toolbar?? In-Reply-To: <20040127223735.GB5363@panix.com> Message-ID: <20040127230004.31001.qmail@web14301.mail.yahoo.com> --- Daniel Convissor wrote: > The way I look up stuff is putting the following in my document > location bar: "php.net/function_name" [snip] > This was mentioned on this list in the past few days by the person > trying to find out how that functionality worked. I think the question from a few days ago was about that weird client-side trick that supposedly pre-filled a form somewhere as you were typing. How to do the "php.net/function_name" stuff is a much easier question, in my opinion. :-) By the way, when are you going to give NYPHP a presentation on all of the cool stuff you're doing with PEAR:DB? :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From dcech at phpwerx.net Tue Jan 27 18:01:33 2004 From: dcech at phpwerx.net (Dan Cech) Date: Tue, 27 Jan 2004 18:01:33 -0500 Subject: [nycphp-talk] in and out redux In-Reply-To: <20040127172800.GA28178@panix.com> References: <20040127172800.GA28178@panix.com> Message-ID: <4016EDCD.1010101@phpwerx.net> Daniel Convissor wrote: > Hi Folks: > > I deleted the in and out thread, but something came up, so I'm starting a > new one... > > The discussion on in and out wound up touching on using variables inside > strings. The consensus was that the speed differential between using > variables inside and outside of strings was fixed. > > Well, there's a current thread on internals at php.net, aka php-dev, in which > Andrei says that using variables outside of quotes is faster: > http://marc.theaimsgroup.com/?l=php-dev&m=107522145908795&w=2 > > Enjoy, > > --Dan The point is that there is a fixed overhead on every double-quoted string, being the time it takes to parse it and determine if it contains any variables. I would guess that the procedure would then be something like: 1. split string into chunks (variable identifiers and sequences of characters) 3. replace variable chunks with the value of variables 4. put chunks back together This is compared to the single quotes where you don't have to decide what is a variable and what is just character data. Assuming the model above, it should be faster to use single-quotes, because you can eliminate step 1. My guess would be that the 'fix' simply made step 1 more efficient. All of this is purely my guess as to what is going on behind the scenes, I haven't actually looked at the source. The remark in that thread: 'If you use a compiler cache like apc, this performance hit will be totally removed as the optimizer compiles both representations into the same format.' Is probably fairly accurate, and would be great in a perfect world where everyone used caches...but in the real world it still appears that the single quotes method is faster. Dan From nyphp at enobrev.com Tue Jan 27 19:18:07 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Tue, 27 Jan 2004 19:18:07 -0500 Subject: [nycphp-talk] sessions and application security In-Reply-To: <20040127183643.94077.qmail@web14307.mail.yahoo.com> Message-ID: > likely), and then you learn that everyone's session data is > being compromised by way of browser vulnerabilities (see > Oops! People are still having their cookies compromised, so > attackers are using the stolen session identifiers to > impersonate users on your site. > attackers are now using session fixation attacks to cause > unknowing users to pass a session identifier of the > attacker's choosing I've been searching for a good list of potential security hazards via HTTP / browsers. Something like a good reference list to base web application security decisions on (Chris, you always tend to be a fountain of knowledge on the subject). Any books / sites you could recommend? From danielc at analysisandsolutions.com Wed Jan 28 00:58:13 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 28 Jan 2004 00:58:13 -0500 Subject: [nycphp-talk] PHP Functions toolbar?? In-Reply-To: <20040127230004.31001.qmail@web14301.mail.yahoo.com> References: <20040127223735.GB5363@panix.com> <20040127230004.31001.qmail@web14301.mail.yahoo.com> Message-ID: <20040128055813.GA17502@panix.com> Howdy: On Tue, Jan 27, 2004 at 03:00:04PM -0800, Chris Shiflett wrote: > > I think the question from a few days ago was about that weird client-side > trick that supposedly pre-filled a form somewhere as you were typing. Oh. I misunderstood. Particularly since JS turned off in my browser. > By the way, when are you going to give NYPHP a presentation on all of the > cool stuff you're doing with PEAR:DB? :-) Thanks! Name the date. :) --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From felix at students.poly.edu Tue Jan 27 20:21:23 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Tue, 27 Jan 2004 20:21:23 -0500 Subject: [nycphp-talk] OT:Virus Alert: MyDoom In-Reply-To: References: <20040127220447.13952.qmail@web14302.mail.yahoo.com> Message-ID: <20040127202123.306bf419.felix@students.poly.edu> > Hmmm, maybe a person ought to hang onto a copy.... (-: Does it work on > Linux or just Windoze? Not Linux. But you may want to give the Morris Worm a try here http://www.worm.net/ -- felix[at]bebinary.com http://www.zaslavskiy.net/ >From hans not junk at nyphp.com Wed Jan 28 08:48:03 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id D0787A85F0 for ; Wed, 28 Jan 2004 08:48:02 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Wed, 28 Jan 2004 05:47:59 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752B2CE at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: PEAR::DB Presentation WAS: PHP Functions toolbar?? Thread-Index: AcPlY7vypbZp12kMSMWDr9PVUJXW+gAQWurg From: "Hans Zaunere" To: "NYPHP Talk" Subject: [nycphp-talk] PEAR::DB Presentation WAS: PHP Functions toolbar?? X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2004 13:48:03 -0000 > > By the way, when are you going to give NYPHP a presentation on all = of the > > cool stuff you're doing with PEAR:DB? :-) >=20 > Thanks! Name the date. :) How about the fourth Tuesday of February (Feb 24)? H From dmintz at davidmintz.org Wed Jan 28 09:57:00 2004 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 28 Jan 2004 09:57:00 -0500 (EST) Subject: [nycphp-talk] PHP Functions toolbar?? In-Reply-To: <20040127223735.GB5363@panix.com> References: <20040127223735.GB5363@panix.com> Message-ID: You mean, you guys don't have all the formal parameters and return types and behaviors of all the functions of all the modern versions of PHP memorized? Lightweights. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From Cbielanski at inta.org Wed Jan 28 10:04:04 2004 From: Cbielanski at inta.org (Chris Bielanski) Date: Wed, 28 Jan 2004 10:04:04 -0500 Subject: [nycphp-talk] PHP Functions toolbar?? Message-ID: Well, look at it this way... If you speak a dozen languages, and half or more require a compiler... You Might Be a Geek. -----Original Message----- From: David Mintz [mailto:dmintz at davidmintz.org] Sent: Wednesday, January 28, 2004 9:57 AM To: NYPHP Talk Subject: Re: [nycphp-talk] PHP Functions toolbar?? You mean, you guys don't have all the formal parameters and return types and behaviors of all the functions of all the modern versions of PHP memorized? Lightweights. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dmintz at davidmintz.org Wed Jan 28 10:07:09 2004 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 28 Jan 2004 10:07:09 -0500 (EST) Subject: [nycphp-talk] PHP Functions toolbar?? In-Reply-To: References: Message-ID: <16073.208.27.111.121.1075302429.squirrel@webmail.pair.com> touch? (-: > Well, look at it this way... > > If you speak a dozen languages, and half or more require a compiler... > You Might Be a Geek. > > -----Original Message----- > From: David Mintz [mailto:dmintz at davidmintz.org] > Sent: Wednesday, January 28, 2004 9:57 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] PHP Functions toolbar?? > > > > You mean, you guys don't have all the formal parameters and return types > and behaviors of all the functions of all the modern versions of PHP > memorized? Lightweights. > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From jsiegel1 at optonline.net Wed Jan 28 10:16:00 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Wed, 28 Jan 2004 10:16:00 -0500 Subject: [nycphp-talk] New PHundamentals - Setting Up AMP in Windows/Setup LAMP Message-ID: <4017D230.60809@optonline.net> A new PHundamentals article entitled "From Zero to AMP with XAMPP" has been posted. The article describes how to install and set up a development environment in Windows or Linux. See: http://phundamentals.nyphp.org/ Jeff Siegel & Michael Southwell The PHundamentals Team From joe_m at circlepressroom.com Wed Jan 28 10:30:39 2004 From: joe_m at circlepressroom.com (Joe M) Date: Wed, 28 Jan 2004 10:30:39 -0500 Subject: [nycphp-talk] timeouts In-Reply-To: <40101C2D.40708@spacemonkeylabs.com> Message-ID: thanks everyone-putting LimitRequestBody in the virtual server box in Apache seemed to do it. joe On Thu, 22 Jan 2004 13:53:33 -0500 Mitch Pirtle wrote: >Joe M wrote: >>hello, >> switched from using a cgi script for uploading files to >>php4. problem >>is timeouts. i have increased the timeout in httpd.conf >>to 5000 secs. >>but does not seem to help. ok i am totally new to >>this-anyone? i have >>been searching web and newsgroups but don't have much >>time i am only it >>person here with win, novell, linux to look after. thanks >>joe >>ps i have recently been getting a "warn--php4 module >>already loaded" msg >>from configtest. > >I had a similar problem a couple weeks ago, and had to >balance between apache and php configurations to make it >work. The php.ini parameters were max_execution_time and >max_input_time, which for my problem both had to be >tweaked... > >>i can post php.ini and httpd.conf if you want. > >php.ini might help. I'm a lurker so I hope this is ok - >and if not, someone hit me with a cluestick and I will >suddenly make sense again. > >-- Mitch >_______________________________________________ >talk mailing list >talk at lists.nyphp.org >http://lists.nyphp.org/mailman/listinfo/talk From danielc at analysisandsolutions.com Wed Jan 28 10:33:30 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 28 Jan 2004 10:33:30 -0500 Subject: [nycphp-talk] PEAR::DB Presentation WAS: PHP Functions toolbar?? In-Reply-To: <41EE526EC2D3C74286415780D3BA9F8752B2CE@ehost011-1.exch011.intermedia.net> References: <41EE526EC2D3C74286415780D3BA9F8752B2CE@ehost011-1.exch011.intermedia.net> Message-ID: <20040128153330.GA7988@panix.com> On Wed, Jan 28, 2004 at 05:47:59AM -0800, Hans Zaunere wrote: > > How about the fourth Tuesday of February (Feb 24)? Okee dokee! --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From nyphp at enobrev.com Wed Jan 28 12:33:05 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Wed, 28 Jan 2004 12:33:05 -0500 Subject: [nycphp-talk] IE Security flaw Message-ID: http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/ seems I'm vulnerable and i'm completely up to date Mark. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sezery at damla.net Wed Jan 28 12:40:41 2004 From: sezery at damla.net (Sezer YALCIN) Date: Wed, 28 Jan 2004 12:40:41 -0500 Subject: [nycphp-talk] IE Security flaw References: Message-ID: <009401c3e5c5$e65fec70$6401a8c0@uni11> Yes this is pretty cool! No surprises at all. Sezer ----- Original Message ----- From: Mark Armendariz To: 'NYPHP Talk' Sent: Wednesday, January 28, 2004 12:33 PM Subject: [nycphp-talk] IE Security flaw http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/ seems I'm vulnerable and i'm completely up to date Mark. ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From dene at ulmschneiders.com Wed Jan 28 14:16:25 2004 From: dene at ulmschneiders.com (Dene Ulmschneider) Date: Wed, 28 Jan 2004 14:16:25 -0500 Subject: [nycphp-talk] lost functionality after upgrading to PHP 4.3.4 Message-ID: <200401281915.i0SJF7a18059@neo.datatechie.com> Hello- I am fairly new to this list so please bear with me. I recently installed "Gallery" which was dl'd from Sourceforge. The install gave me some problems and would not work correctly. After submitting a question to the forum - it was ascertained that the version of PHP on my server was a little old so I upgraded to 4.3.4 (I believe I was running 4.0.? or 4.1.?) Ever since I upgraded - I have been unable to use some of the functionality some web pages that contain php code. For instance: http://myip.datatechie.com and http://www.datatechie.com/tools.htm (the speed test link) (login as guest/guest) Can anyone offer any assistance or guidance as to what might have been altered in the PHP.INI file that might have turned off this functionality? I could have sworn I saved the old PHP.INI but now I cannot find it. Any help would be GREATLY appreciated. I also have the output of the <$phpinfo.php> file if it would help; I can send it to a private email address. Here are the specs on the system: RHL 7.3 Apache/1.3.27 mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.4 mod_perl/1.26 Regards, Dene Ulmschneider DATATECHIE www.datatechie.com dene at datatechie.com 516.741.7533 866.MY.PC.HELP DATATECHIE now offers free web based email accounts. Get your free email account now at "http://register.zerostamps.com". This service is provided FREE of charge. All email are VIRUS scanned and filtered for SPAM using our award winning email service "S.A.V.E." (spam and virus eliminator). -- This message has been scanned for viruses and dangerous content by Data Techie, and is believed to be clean. Data Techie... always there to protect you! http://www.datatechie.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam at trachtenberg.com Wed Jan 28 14:24:45 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Wed, 28 Jan 2004 14:24:45 -0500 (EST) Subject: [nycphp-talk] lost functionality after upgrading to PHP 4.3.4 In-Reply-To: <200401281915.i0SJF7a18059@neo.datatechie.com> References: <200401281915.i0SJF7a18059@neo.datatechie.com> Message-ID: On Wed, 28 Jan 2004, Dene Ulmschneider wrote: > I recently installed "Gallery" which was dl'd from Sourceforge. The install > gave me some problems and would not work correctly. After submitting a > question to the forum - it was ascertained that the version of PHP on my > server was a little old so I upgraded to 4.3.4 (I believe I was running > 4.0.? or 4.1.?) > > Ever since I upgraded - I have been unable to use some of the functionality > some web pages that contain php code. For instance: Starting with PHP 4.2, the register_globals php.ini configuration directive is set to Off. My assumption is that "Gallery" needs this to be set to On to work correctly. See http://us2.php.net/release_4_2_0.php for more details. Note that it is easier to write insecure scripts when this is enabled, so reenable this at your own risk. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From ksmith at centricle.com Wed Jan 28 14:51:24 2004 From: ksmith at centricle.com (kevin c smith) Date: Wed, 28 Jan 2004 14:51:24 -0500 (EST) Subject: [nycphp-talk] PHP Functions toolbar?? In-Reply-To: <20040127184506.GL321@thighmaster.digitalpulp.com> References: <20040127184506.GL321@thighmaster.digitalpulp.com> Message-ID: <53475.204.253.34.40.1075319484.squirrel@webmail.calathus.com> > javascript:void(f=prompt('PHP > Function:',''));if(f)location.href='http://www.php.net/'+escape(f) > > Or if you want to pop a new window, you can do something like: > > javascript:void(f=prompt('PHP > Function:',''));if(f)void(open('http://www.php.net/'+escape(f),'php > function','width=600,height=400,scrollbars=1,resizable=1')); FWIW, I wrote some a while back that search for the selected word: I know they work in Mozilla, but don't recall whether IE can handle them. -- kevin c smith http://centricle.com From Cbielanski at inta.org Wed Jan 28 15:14:17 2004 From: Cbielanski at inta.org (Chris Bielanski) Date: Wed, 28 Jan 2004 15:14:17 -0500 Subject: [nycphp-talk] PHP Functions toolbar?? Message-ID: A cursory glance shows that they should work fine in IE. M$ has yet to deviate *too* far from DOM... I stress *yet*. -----Original Message----- From: kevin c smith [mailto:ksmith at centricle.com] Sent: Wednesday, January 28, 2004 2:51 PM To: NYPHP Talk Cc: NYPHP Talk Subject: Re: [nycphp-talk] PHP Functions toolbar?? > javascript:void(f=prompt('PHP > Function:',''));if(f)location.href='http://www.php.net/'+escape(f) > > Or if you want to pop a new window, you can do something like: > > javascript:void(f=prompt('PHP > Function:',''));if(f)void(open('http://www.php.net/'+escape(f),'php > function','width=600,height=400,scrollbars=1,resizable=1')); FWIW, I wrote some a while back that search for the selected word: I know they work in Mozilla, but don't recall whether IE can handle them. -- kevin c smith http://centricle.com _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From dmintz at davidmintz.org Wed Jan 28 15:19:19 2004 From: dmintz at davidmintz.org (David Mintz) Date: Wed, 28 Jan 2004 15:19:19 -0500 (EST) Subject: [nycphp-talk] lost functionality after upgrading to PHP 4.3.4 In-Reply-To: References: <200401281915.i0SJF7a18059@neo.datatechie.com> Message-ID: On Wed, 28 Jan 2004, Adam Maccabee Trachtenberg wrote: > My assumption is that "Gallery" needs this to > be set to On to work correctly. Just for the record re Gallery 1.4.1, AFAIK it does not require register_globals to be on. I'm running it with register_globals off and it seems to be fine. --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From danielc at analysisandsolutions.com Wed Jan 28 15:26:31 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 28 Jan 2004 15:26:31 -0500 Subject: [nycphp-talk] lost functionality after upgrading to PHP 4.3.4 In-Reply-To: References: <200401281915.i0SJF7a18059@neo.datatechie.com> Message-ID: <20040128202631.GA6678@panix.com> On Wed, Jan 28, 2004 at 03:19:19PM -0500, David Mintz wrote: > > Just for the record re Gallery 1.4.1, AFAIK it does not require > register_globals to be on. I'm running it with register_globals off and > it seems to be fine. My initial guess -- without ever having looked at the program or knowing anything about it, so take this with a pound of salt -- was that the new php.ini file didn't have the needed extension uncommented (or it wasn't compiled in, if that's the route use for the platform you're on). --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From adam at trachtenberg.com Wed Jan 28 15:47:35 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Wed, 28 Jan 2004 15:47:35 -0500 (EST) Subject: [nycphp-talk] lost functionality after upgrading to PHP 4.3.4 In-Reply-To: <20040128202631.GA6678@panix.com> References: <200401281915.i0SJF7a18059@neo.datatechie.com> <20040128202631.GA6678@panix.com> Message-ID: On Wed, 28 Jan 2004, Daniel Convissor wrote: > On Wed, Jan 28, 2004 at 03:19:19PM -0500, David Mintz wrote: > > > > Just for the record re Gallery 1.4.1, AFAIK it does not require > > register_globals to be on. I'm running it with register_globals off and > > it seems to be fine. > > My initial guess -- without ever having looked at the program or knowing > anything about it, so take this with a pound of salt -- was that the new > php.ini file didn't have the needed extension uncommented (or it wasn't > compiled in, if that's the route use for the platform you're on). FWIW, Gallery 1.3.1 is the first version of Gallery to work with register_globals Off. That came out in the middle of 2002, but if you're upgrading a really old version of PHP, you might also have a really old version of Gallery. :) -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From dene at ulmschneiders.com Wed Jan 28 16:22:49 2004 From: dene at ulmschneiders.com (Dene Ulmschneider) Date: Wed, 28 Jan 2004 16:22:49 -0500 Subject: [nycphp-talk] lost functionality after upgrading to PHP 4.3.4 Message-ID: <200401282121.i0SLLhb03489@neo.datatechie.com> FB- Setting the register_globals = On did not help with this situation or the other one but your idea of using: $_SERVER["REMOTE_ADDR"]; Worked like a charm. I am still unable to properly use this tool: http://www.datatechie.com/tools/speedtest/meter.php and it was working before the upgrade. Any other suggestions that might help? Regards, Dene Ulmschneider DATATECHIE www.datatechie.com dene at datatechie.com 516.741.7533 866.MY.PC.HELP DATATECHIE now offers free web based email accounts. Get your free email account now at "http://register.zerostamps.com". This service is provided FREE of charge. All email are VIRUS scanned and filtered for SPAM using our award winning email service "S.A.V.E." (spam and virus eliminator). -- This message has been scanned for viruses and dangerous content by Data Techie, and is believed to be clean. Data Techie... always there to protect you! http://www.datatechie.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From sryBoston at hotmail.com Wed Jan 28 16:28:26 2004 From: sryBoston at hotmail.com (-sry) Date: Wed, 28 Jan 2004 16:28:26 -0500 Subject: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please Message-ID: Hiya guys, I read through the similarly-subjected thread felix started back in mid-December (thanks for asking the questions felix and for brainstorming on the list - I really got my thinking focused reading that thread). I definitely do NOT need anything that comprehensive. For one, all I really need to do is get a user id defined, get them logged in and logged out, track whether or not they've given me certain information before I let them access specific pages (yes, I need your DOB, SSN, first born child and if that was a male, his blood type; if your first-born was a female well, i'll let ya' slide by unchecked...bias gal that I am) Really, I am NOT doing any major security here. I just don't want to have to reinvent the wheel. If there is a class for the taking that I can use to create and manage users, please point me to it. If it will also let me manage myself as an admin of the mySQL database (i.e., not let anyone else gain admin access to the web pages or the database), great. This is not my box. I will have some pages hosted on GoDaddy and they control the actual mySQL admin but I meant, I'll want to do some stats gathering on the users accessing the pages and will design some admin type pages for myself to generate those reports....and probably some simple stuff like deleting a user / user's data. Adding users manually is not going to happen; users will not be given options to change their data except through forms that already know how to do it. TIA for any URLs or pointers - and, we accept all gifts! (but we'z broke so even small fees are prohibitive) -sry -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.net Wed Jan 28 17:05:45 2004 From: jonbaer at jonbaer.net (jon baer) Date: Wed, 28 Jan 2004 17:05:45 -0500 Subject: [nycphp-talk] IE Security flaw References: Message-ID: <025201c3e5ea$e11036b0$6400a8c0@thinkpad> "up to date" is a complete joke, M$ has not released an update for anything in over 2 1/2 months ... yet there have been major flaws ... did you test against the URL spoof? http://security.openwares.org/ i find it to be more dangerous. - jon ----- Original Message ----- From: Mark Armendariz To: 'NYPHP Talk' Sent: Wednesday, January 28, 2004 12:33 PM Subject: [nycphp-talk] IE Security flaw http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/ seems I'm vulnerable and i'm completely up to date Mark. ------------------------------------------------------------------------------ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk -------------- next part -------------- An HTML attachment was scrubbed... URL: From mitchy at spacemonkeylabs.com Wed Jan 28 17:48:09 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Wed, 28 Jan 2004 17:48:09 -0500 Subject: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please In-Reply-To: References: Message-ID: <40183C29.6010603@spacemonkeylabs.com> -sry wrote: > > Hiya guys, > > I read through the similarly-subjected thread felix started back in > mid-December (thanks for asking the questions felix and for > brainstorming on the list - I really got my thinking focused reading > that thread). I definitely do NOT need anything that comprehensive. Take a look at PEAR::Auth (http://pear.php.net/manual/en/package.authentication.php). It will even spit out a plain-jane login screen for you. All you have to do is add the accounts to a MySQL table, and you are good to go. As for getting the dirty on them before showing the goods, you could always set their status in the same database table, and look that up when they login to see what status they have. Feel free to come with questions, I have working examples just begging for Cut-N-Paste! -- Mitch From sryBoston at hotmail.com Wed Jan 28 18:20:21 2004 From: sryBoston at hotmail.com (-sry) Date: Wed, 28 Jan 2004 18:20:21 -0500 Subject: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please References: <40183C29.6010603@spacemonkeylabs.com> Message-ID: "Mitch Pirtle" On Wednesday, January 28, 2004 5:48 PM > -sry wrote: > > I read through the similarly-subjected thread felix started back in > > mid-December (thanks for asking the questions felix and for > > brainstorming on the list - I really got my thinking focused reading > > that thread). I definitely do NOT need anything that comprehensive. > > Take a look at PEAR::Auth > (http://pear.php.net/manual/en/package.authentication.php). It will > even spit out a plain-jane login screen for you. All you have to do is > add the accounts to a MySQL table, and you are good to go. Thanks Mitch. I did see the reference to PEAR::Auth in the Dec thread and I did check it out (re-read it over just now to refresh my memory) but to be honest, believe it or not, this is still a bit of overkill for my needs. Here's the scoop. I want to to track the user's "place" in a sequenced set of pages and I don't want to let them skip ahead in the sequence without completing the preceding "units" but I didn't really want to bother with a whole login screen. In fact, I'd like to give users the option of not giving me any kind of ID info at all. Of course, if they do decline to tell me who they are, I will only track their current session and when they go away, they lose their "place" and will have to start from scratch next time. Their loss (their choice). But for the non-paranoid, all I ask for is a name and email address and in that case, will create a "permanent" record for them in the mySQL table so they can come back a day or week or month later (provided I'm still able to keep the stuff online months later ;-)) and pick up where they left off. Other than checking "have you completed unit 3" before letting them go onto "unit 4", I'll store some Q&A stuff for my own person info, feedback type questions on the stuff in each unit. This is the "data" I'll want to collect later and view in some kind of report which I'll create for myself as "admin." Really, it's pretty basic. I'm being lazy, aren't I? I mean, I *could* just cut n' paste from PEAR::Auth, couldn't I? Is there anything ready-made out there that just tracks a user session without all the log in / log off screens and authentication stuff? I don't care if they aren't who they say they are--if they say they are Roger Rabbit, I will show them the pages where Roger Rabbit left off. :-) > Feel free to come with questions, I have working examples just begging > for Cut-N-Paste! > > -- Mitch ya' got something to cut n' paste that's *this* simple? :) -sry From mitchy at spacemonkeylabs.com Wed Jan 28 18:52:59 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Wed, 28 Jan 2004 18:52:59 -0500 Subject: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please In-Reply-To: References: <40183C29.6010603@spacemonkeylabs.com> Message-ID: <40184B5B.5080302@spacemonkeylabs.com> -sry wrote: > ya' got something to cut n' paste that's *this* simple? :) Ok, but only for you ;^) First is the form where they plug in whether they are Roger Rabbit or not. On the next page: // begin php code $_SESSION['who'] = $_POST['name']; $_SESSION['what'] = 'step two'; $_SESSION.... That should do it for you. Then, on the third page: if($_SESSION['what']!='step two') { // ok, they didn't submit the form, did they? include('form_two.php'); } else { // got form_two, move along include('form_three.php'); } I mean, that's almost as easy as it gets... The only thing making this easier would be using GET for your forms, and just doing everything out in the open in the URL! I mean, I'm feeding two kids and changing a diaper while writing this. I still think the true 'lazy' method would be to use PEAR::HTML_QuickForm to generate your forms (and client-side javascript validation), PHP4's built-in session support, and PEAR::DB for database access. That's obviously IMNSHO, though ;^P -- Mitch From sryBoston at hotmail.com Wed Jan 28 19:27:21 2004 From: sryBoston at hotmail.com (-sry) Date: Wed, 28 Jan 2004 19:27:21 -0500 Subject: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please References: <40183C29.6010603@spacemonkeylabs.com> <40184B5B.5080302@spacemonkeylabs.com> Message-ID: On January 28, 2004 6:52 PM "Mitch Pirtle" wrote: > -sry wrote: > > ya' got something to cut n' paste that's *this* simple? :) > > Ok, but only for you ;^) Awww, gee, shucks but umm, I think now you've gotten too simple. This is tracking my session? it seems to be just a form validation, which is nice, but I want to fake "saving state" in the stateless environment we call the web browser. Can't PHP create a an instance of a "session" that contains the user's state? (what page they are on, what forms they have / haven't completed, what default StyleSheet they prefer, etc.) The specific properties of the state object don't really matter (as I will edit to suit my needs) but I guess I'm looking for a class that already has the methods built for me to set and retrieve property values, catch and handle "errors" (you didn't read unit 3 yet, sorry, no unit 4 until you finish your vegetables) Is there something like that out there? [code snipped] > > I mean, that's almost as easy as it gets... The only thing making this > easier would be using GET for your forms, and just doing everything out > in the open in the URL! I mean, I'm feeding two kids and changing a > diaper while writing this. Well, we've got the baby down for the night here so I can give this my full attention so long as the cats stop walking on the keyboard or pushing my hands off of it with their heads. yeah, that's my excuse for the typos! > I still think the true 'lazy' method would be to use > PEAR::HTML_QuickForm to generate your forms (and client-side javascript > validation), PHP4's built-in session support, and PEAR::DB for database > access. That's obviously IMNSHO, though ;^P I planned on looking through the rest of PEAR :-) I'm getting there...but that kind of reading is for 6am before the house wakes up, including the darn cats. Thanks! -sry From mitchy at spacemonkeylabs.com Wed Jan 28 20:13:52 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Wed, 28 Jan 2004 20:13:52 -0500 Subject: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please In-Reply-To: References: <40183C29.6010603@spacemonkeylabs.com> <40184B5B.5080302@spacemonkeylabs.com> Message-ID: <40185E50.2060906@spacemonkeylabs.com> -sry wrote: > On January 28, 2004 6:52 PM "Mitch Pirtle" wrote: > >>-sry wrote: >> >>>ya' got something to cut n' paste that's *this* simple? :) >> >>Ok, but only for you ;^) > > > Awww, gee, shucks > but umm, I think now you've gotten too simple. This is > tracking my session? it seems to be just a form validation, > which is nice, but I want to fake "saving state" in the stateless > environment we call the web browser. Can't PHP create a > an instance of a "session" that contains the user's state? > (what page they are on, what forms they have / haven't > completed, what default StyleSheet they prefer, etc.) > > The specific properties of the state object don't really > matter (as I will edit to suit my needs) but I guess I'm > looking for a class that already has the methods built for > me to set and retrieve property values, catch and handle > "errors" (you didn't read unit 3 yet, sorry, no unit 4 until > you finish your vegetables) Is there something like that > out there? If you are really after a class, then http://www.phpclasses.org/ may have what you are looking for. What I was trying to point out was that once someone submitted 'form1', you could set it as a $_SESSION variable. You could even just set $_SESSION['form_1']=TRUE and be done with it - PHP4 tracks that for you (no muss, no fuss, no messy applicator brush!)... Please see http://us3.php.net/manual/en/ref.session.php for more details. In short, you can set $_SESSION['foo'] in one script, and then reference it in another - as long as that session is taking place (typically in a cookie or in the URL). So just set your variables for each form in $_SESSION, and as long as that user is at your site you will see where they have been, what they've done, etc. The server takes care of all the rest. No security whatsoever, but you wanted easy. And as for the cats, I once had a small tower that could be turned off by my cat as she rubbed up against the case; but our Swiss cat is only interested in stealing my seat. -- Mitch From tgales at tgaconnect.com Wed Jan 28 21:16:08 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Wed, 28 Jan 2004 21:16:08 -0500 Subject: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please In-Reply-To: Message-ID: <005101c3e60d$dba23570$bf8d3818@oberon1> sry writes: "Can't PHP create a an instance of a "session" that contains the user's state? (what page they are on, what forms they have / haven't completed, what default StyleSheet they prefer, etc.)" I am not sure, but you may be confusing communication protocol state with application state. For example http is a stateless protocol. Cookies can be used to create communication protocol state. Php's session support can make use of the client's protocol state to preserve application data over a series of http request/response interactions. That is to say, yes 'an instance of a "session" contains the user's (communication) state'-- but not "what default StyleSheet they prefer" (that is application data or application state). After thinking about the above, re-read what Mitch writes: "What I was trying to point out was that once someone submitted 'form1', you could set it as a $_SESSION variable. You could even just set $_SESSION['form_1']=TRUE and be done with it - PHP4 tracks that for you (no muss, no fuss, no messy applicator brush!)... Please see http://us3.php.net/manual/en/ref.session.php for more details." In other words, $_SESSION['form_1']=TRUE is equivalent to saying task_1 is done, now the user is ready to move to task_2 the next (applcation) state. Hope this sheds some light on the situation. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From sryBoston at hotmail.com Wed Jan 28 21:15:27 2004 From: sryBoston at hotmail.com (-sry) Date: Wed, 28 Jan 2004 21:15:27 -0500 Subject: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please References: <40183C29.6010603@spacemonkeylabs.com> <40184B5B.5080302@spacemonkeylabs.com> <40185E50.2060906@spacemonkeylabs.com> Message-ID: > If you are really after a class, then http://www.phpclasses.org/ may > have what you are looking for. Cool. I'll bookmark it and judging from the uhh, documentation, use it for sparking ideas! :) You know, I really won't learn if I don't just write something, now will I? I was just being lazy today. But I got a lot done for a lazy and sarcastic day! > What I was trying to point out was that > once someone submitted 'form1', you could set it as a $_SESSION > variable. You could even just set $_SESSION['form_1']=TRUE and be done > with it - PHP4 tracks that for you (no muss, no fuss, no messy > applicator brush!)... Please see > http://us3.php.net/manual/en/ref.session.php for more details. Now *this* has me thinking! Thanks, Mitch! I may just avoid writing a class of my own yet! :) Gonna have to plan this one out on paper, though :( > And as for the cats, I once had a small tower that could be turned off > by my cat as she rubbed up against the case; but our Swiss cat is only > interested in stealing my seat. *chuckle* I wish all they wanted was my chair!! There are 4 cats here, 3 of which simply won't be anywhere but where I am--and it's a big house. Keeping them from sitting on the desk next to my laptop is a fruitless effort since the friends with whom I'm staying have trained the cats to do just this (in the study upstairs where there are 3 other networked computers and laptops and the firewall box -- all of which make great, warm and vibrating "beds" for the smaller female cats but the big boys insist on my mammoth Dell Inspiron as the best bet. And if my Wacom pen "disappears" one more time, I'm going to get serious--and I *do* still have my claws! Though I must admit, the little butterfly animation in one banner ad on a page I visited was thoroughly amusing for *me* to watch the little fluffy female trying to "catch" it, like that ...what was it called? Nikkei cat? The screensaver kitten that sat at the bottom of your screen until your mouse cursor moved and then it chased after it?... This one sits about as high as my screen so this animated butterfly was right at her eye level...apparently she's never figured out that what's on the screen is not real...kinda like the little Nikkei cat :) My friends tell me she's just brain-damaged from too much pot smoke blown into her face as a kitten (they did not do this abuse to her; previous owners from whom they rescued her) but I think she's just neurotic and easily amused....and much too eager to help me type right now. I have a shot of her asleep with the Wacom pen, the little thief!! I took it back and she didn't even notice--so there. I've gotta find a chain for this Wacom pen or something. Why on earth do they all want it? Just because it's mine? It's a stupid piece of hard plastic and it doesn't even make noise. I don't get it. Gotta be a cat I guess. g'night from -sry and the Camion Court Cats http://www.sarahryoffa.com/gawne/cats/ (obviously, the albino Holstein is my "favorite" - the camera ham!) >From hans not junk at nyphp.com Wed Jan 28 21:23:52 2004 Return-Path: Received: from ehost011-1.exch011.intermedia.net (unknown [64.78.21.3]) by virtu.nyphp.org (Postfix) with ESMTP id 0911CA85F0 for ; Wed, 28 Jan 2004 21:23:52 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please Date: Wed, 28 Jan 2004 18:23:57 -0800 Message-ID: <41EE526EC2D3C74286415780D3BA9F8752B410 at ehost011-1.exch011.intermedia.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [nycphp-talk] User Login / Auth Class - SIMPLISTIC please Thread-Index: AcPl5j4uuaYVzgKxRyK/3rt/OTwqxgAKHu7w From: "Hans Zaunere" To: "NYPHP Talk" X-BeenThere: talk at lists.nyphp.org X-Mailman-Version: 2.1.2 Precedence: list Reply-To: NYPHP Talk List-Id: NYPHP Talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2004 02:23:52 -0000 > I read through the similarly-subjected thread felix started > back in mid-December (thanks for asking the questions felix > and for brainstorming on the list - I really got my thinking > focused reading that thread). I definitely do NOT need anything that > comprehensive.=20 >=20 > For one, all I really need to do is get a user id defined, > get them logged in and logged out, track whether or not > they've given me certain information before I let them access > specific pages (yes, I need your DOB, SSN, first born child > and if that was a male, his blood type; if your first-born > was a female well, i'll let ya' slide by unchecked...bias gal that I > am) I'll quickly throw out a package we've been working on for authorzation = and authentication. http://cvs.nyphp.org/cvsweb.cgi/pauth/ It might be more than you need at this point but if you do decide to = play with it, I'd love to hear about any suggestions, comments, etc. H From Cbielanski at inta.org Thu Jan 29 17:00:44 2004 From: Cbielanski at inta.org (Chris Bielanski) Date: Thu, 29 Jan 2004 17:00:44 -0500 Subject: [nycphp-talk] by ref or by val? for vs foreach + as Message-ID: Can I get confirmation on the details of reference passing when using a for loop as opposed to a foreach loop? It's clearly documented that foreach proxies the array being iterated. Does that behavior hold true when the array is passed in as a class member, ie foreach($foo->array as $bar)? I can't imagine it would act differently but I'm getting conflicted output in my own code. So just to make sure I'm crystal clear on this.. In a for loop (assume $i is the iterator and $array the array) one might assign to a local variable $foo = $array[$i]. At least I assume, based on doc and experience, that this is by-value. The by-ref operation would be $foo =& $array[$i], yes/no? With a foreach - foreach ($array as $foo) - we are talking about *precisely* the same operation under differing syntax, yes/no? and in both cases, $foo = 'bar' DOES NOT DO $array[$i] = 'bar', yes/no? and foreach(&$array as $foo) should be right out - it's only one value - the reference of $array, yes/no? I won't argue - this should be intuitive, but as I said, I'm getting conflicting output and I am not that good at writing up these questions!! :) Thanks, sorry if it's confusing!! Chris Bielanski - [CBielanski at inta.org] Web Programmer, International Trademark Association - [www.inta.org] 1133 Ave. of the Americas - Manhattan p - 212/642-1745 From adam at trachtenberg.com Thu Jan 29 17:11:59 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Thu, 29 Jan 2004 17:11:59 -0500 (EST) Subject: [nycphp-talk] by ref or by val? for vs foreach + as In-Reply-To: References: Message-ID: On Thu, 29 Jan 2004, Chris Bielanski wrote: > It's clearly documented that foreach proxies the array being iterated. Does > that behavior hold true when the array is passed in as a class member, ie > foreach($foo->array as $bar)? I believe it should work the same way, also operating on a copy of the array. > I can't imagine it would act differently but I'm getting conflicted output > in my own code. I just dummied up a test and it works this way for me: class foo { var $bar = array(1, 2, 3, 4, 5); } $f = new foo; foreach($f->bar as $b) { print "$b\n"; $b++; } foreach($f->bar as $b) { print "$b\n"; } 1 2 3 4 5 1 2 3 4 5 > So just to make sure I'm crystal clear on this.. > > In a for loop (assume $i is the iterator and $array the array) one might > assign to a local variable $foo = $array[$i]. At least I assume, based on > doc and experience, that this is by-value. The by-ref operation would be > $foo =& $array[$i], yes/no? By value. > With a foreach - foreach ($array as $foo) - we are talking about > *precisely* the same operation under differing syntax, yes/no? Pretty much. In a for loop, you can modify the array inside the loop and the changes will effect the loop. Inside an foreach, you're always iterating through a copy of the array as it was when you entered the iterator. For instance, if you append new elements to $array, and you're looping until $i < count($array), the loop will take this into account. If you do that with a foreach, you won't iterate over the appended elements. > and in both cases, $foo = 'bar' DOES NOT DO $array[$i] = 'bar', yes/no? I would think not. > and foreach(&$array as $foo) should be right out - it's only one value - the > reference of $array, yes/no? I've never tried this, but I'm willing to bet it won't give you a by-reference iteration. > I won't argue - this should be intuitive, but as I said, I'm getting > conflicting output and I am not that good at writing up these questions!! :) I try to simplify my code bit by bit until I reach the simplest case possible that still reproduces the unexpected behavior. Then at least you can post something understandable to a list for help when you can't make heads nor tails of it. :) -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From dcech at phpwerx.net Thu Jan 29 20:54:35 2004 From: dcech at phpwerx.net (Dan Cech) Date: Thu, 29 Jan 2004 20:54:35 -0500 Subject: [nycphp-talk] by ref or by val? for vs foreach + as In-Reply-To: References: Message-ID: <4019B95B.4030702@phpwerx.net> Adam Maccabee Trachtenberg wrote: > On Thu, 29 Jan 2004, Chris Bielanski wrote: >>and foreach(&$array as $foo) should be right out - it's only one value - the >>reference of $array, yes/no? > > I've never tried this, but I'm willing to bet it won't give you a > by-reference iteration. If you want to perform an operation on every member of an array using foreach, you can do: foreach ( array_keys($array) as $key ) { $array[$key] =& myfunction($array[$key]); } As always there are any number of ways to skin a cat, if you just wanted to increment every member of an array you could do: foreach ( $array as $key => $val ) { $array[$key]++; } which is equivalent to: foreach ( array_keys($array) as $key ) { $array[$key]++; } Dan From Cbielanski at inta.org Fri Jan 30 09:07:29 2004 From: Cbielanski at inta.org (Chris Bielanski) Date: Fri, 30 Jan 2004 09:07:29 -0500 Subject: [nycphp-talk] by ref or by val? for vs foreach + as Message-ID: Thanks for the input :) It's one of those "am-I-losing-my-marbles?" sort of situations and it's good to have feedback confirming my logic! Thanks, Chris Bielanski - [CBielanski at inta.org] Web Programmer, International Trademark Association - [www.inta.org] 1133 Ave. of the Americas - Manhattan p - 212/642-1745 -----Original Message----- From: Dan Cech [mailto:dcech at phpwerx.net] Sent: Thursday, January 29, 2004 8:55 PM To: NYPHP Talk Subject: Re: [nycphp-talk] by ref or by val? for vs foreach + as Adam Maccabee Trachtenberg wrote: > On Thu, 29 Jan 2004, Chris Bielanski wrote: >>and foreach(&$array as $foo) should be right out - it's only one value - the >>reference of $array, yes/no? > > I've never tried this, but I'm willing to bet it won't give you a > by-reference iteration. If you want to perform an operation on every member of an array using foreach, you can do: foreach ( array_keys($array) as $key ) { $array[$key] =& myfunction($array[$key]); } As always there are any number of ways to skin a cat, if you just wanted to increment every member of an array you could do: foreach ( $array as $key => $val ) { $array[$key]++; } which is equivalent to: foreach ( array_keys($array) as $key ) { $array[$key]++; } Dan _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk From lists at prusak.com Fri Jan 30 10:19:47 2004 From: lists at prusak.com (Ophir Prusak) Date: Fri, 30 Jan 2004 10:19:47 -0500 Subject: [nycphp-talk] Custom Form Fields Message-ID: <401A7613.4060104@prusak.com> Hi All, I've been tasked with a project that I think is applicable to almost every web based application: Giving the user the ability to add custom fields to their data / forms. After doing some thinking, I realized that the "engine" for such a feature could be totally generic and work for almost any web site. I looked on freshmeat, sourceforge and phpclasses but didn't see anything really geared toward this functionality. For example: Your client is a large car rental service and they wanted an intranet app that allows them to keep inventory of all their cars. Users enter make, model, color, year, A/C, miles, location, etc. After it's launched, the Dallas office wants to add a field for ground clearance (in inches) and four wheel drive (checkbox). The Miami office wants fields for Hitch (checkbox) and Engine Size (pulldown). You get the picture. What have you done or would you do when faced with this requirement ? Is this something you are in need of as well ? Comments / Suggestions ? I'm considering starting an open source project for this. I got an OK from my boss if it means other people will help out :). Are there other developers here who would be interested in joining a project like this ? Thanx, Ophir You just finished coding your app and now the client wants to add some more data fields. From danielc at analysisandsolutions.com Fri Jan 30 10:22:03 2004 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 30 Jan 2004 10:22:03 -0500 Subject: [nycphp-talk] Custom Form Fields In-Reply-To: <401A7613.4060104@prusak.com> References: <401A7613.4060104@prusak.com> Message-ID: <20040130152203.GA21542@panix.com> Hi Ophir: On Fri, Jan 30, 2004 at 10:19:47AM -0500, Ophir Prusak wrote: > > Giving the user the ability to add custom fields to their data / forms. While this might not be the entire answer, this may be of some help. I've never really looked at it, but have noticed it: http://pear.php.net/package/HTML_QuickForm Enjoy, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From nyphp at enobrev.com Fri Jan 30 10:24:51 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 30 Jan 2004 10:24:51 -0500 Subject: [nycphp-talk] Custom Form Fields In-Reply-To: <401A7613.4060104@prusak.com> Message-ID: I've been tossing about a similar idea, although since the majority of my clients are designers, it's really important for me to allow the client full control over the html of the forms. I posted an example of a prototype for allowing that recently. http://www.enobrev.com/form/ I think such a system should be built that would allow anywhere from full form generation to simply data handling, while giving the designer full control of display. I've given clients solutions in the past involving a sepereate table with a whole mishmosh of dependencies. It would be great to come up wth a good generic solution. Mark From joshmccormack at travelersdiary.com Fri Jan 30 10:32:29 2004 From: joshmccormack at travelersdiary.com (joshmccormack at travelersdiary.com) Date: Fri, 30 Jan 2004 09:32:29 -0600 (CST) Subject: [nycphp-talk] Custom Form Fields In-Reply-To: Message-ID: On Fri, 30 Jan 2004, Mark Armendariz wrote: > I've been tossing about a similar idea, although since the majority of my > clients are designers, it's really important for me to allow the client full > control over the html of the forms. I posted an example of a prototype for > allowing that recently. > > http://www.enobrev.com/form/ > > I think such a system should be built that would allow anywhere from full > form generation to simply data handling, while giving the designer full > control of display. > > I've given clients solutions in the past involving a sepereate table with a > whole mishmosh of dependencies. It would be great to come up wth a good > generic solution. > > Mark Has anyone seen this: http://www.dadabik.org/ "DaDaBIK is a free PHP application that allows you to easily create a highly customizable Web form interface for a MySQL database in order to search, insert, update and delete records; all you need do is specify a few configuration parameters." Just found it in my last ditch effort to find an existing script to allow a community to make product comparison charts, a la Consumer Reports. Looks good, think I'll give it a try. Josh From dcech at phpwerx.net Fri Jan 30 10:39:24 2004 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 30 Jan 2004 10:39:24 -0500 Subject: [nycphp-talk] Custom Form Fields In-Reply-To: <401A7613.4060104@prusak.com> References: <401A7613.4060104@prusak.com> Message-ID: <401A7AAC.7050300@phpwerx.net> Ophir Prusak wrote: > Hi All, > > I've been tasked with a project that I think is applicable to almost > every web based application: > Giving the user the ability to add custom fields to their data / forms. > After doing some thinking, I realized that the "engine" for such a > feature could be totally generic and work for almost any web site. > I looked on freshmeat, sourceforge and phpclasses but didn't see > anything really geared toward this functionality. > > For example: > Your client is a large car rental service and they wanted an intranet > app that allows them to keep inventory of all their cars. > Users enter make, model, color, year, A/C, miles, location, etc. > After it's launched, the Dallas office wants to add a field for ground > clearance (in inches) and four wheel drive (checkbox). > The Miami office wants fields for Hitch (checkbox) and Engine Size > (pulldown). > You get the picture. > > What have you done or would you do when faced with this requirement ? > Is this something you are in need of as well ? > Comments / Suggestions ? > > I'm considering starting an open source project for this. I got an OK > from my boss if it means other people will help out :). > Are there other developers here who would be interested in joining a > project like this ? I haven't seen anything geared directly towards this, but it can definitely be done. The approach I like to take when building my applications is to try and design all my database related code to be able to work with any number of columns: function load ($id) { $sql = 'SELECT * FROM mytable WHERE id=' $db->qstr ($id); $rs = $db->SelectLimit ($sql,1); if ( !is_object ($rs) ) { return FALSE; } return $rs->FetchRow (); } That is a fairly basic example, but you see that you can simply add an extra field in the database and it will automatically be added. Another approach to this problem from a database perspective is to add a table to hold these extra pieces of data, with columns id, att and val. That gets a little more complicated in the load and save routines, but is very good when you have extra data which is only applicable to a small subset of your objects. As for the forms, I did write an app a while ago which could generate multipage forms from definitions stored in a database, which would allow them to be edited through a web interface, that approach worked very well for me, might even be able to dig up a copy if anyone is interested... Dan From Cbielanski at inta.org Fri Jan 30 10:54:30 2004 From: Cbielanski at inta.org (Chris Bielanski) Date: Fri, 30 Jan 2004 10:54:30 -0500 Subject: [nycphp-talk] Custom Form Fields Message-ID: The biggest issue with Dan's is when you want to add Option or Radio groups. I'm in the middle of a flex-form nightmare where my responsibility is to create the script doing the text transformation from data collection via form, and outputting it to a pub-ready verbiage. This is SO not fun, because every time a unique set of options is required, we get table bloat. I have to note the actual values (list of values) and map them to literal values. It can be done, but be mindful of this step along the way... Thanks, Chris Bielanski - [CBielanski at inta.org] Web Programmer, International Trademark Association - [www.inta.org] 1133 Ave. of the Americas - Manhattan p - 212/642-1745 -----Original Message----- From: Dan Cech [mailto:dcech at phpwerx.net] Sent: Friday, January 30, 2004 10:39 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Custom Form Fields Ophir Prusak wrote: (clipped for brevity) and Dan Cech replied (also clipped) From mitchy at spacemonkeylabs.com Fri Jan 30 11:36:52 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Fri, 30 Jan 2004 11:36:52 -0500 Subject: [nycphp-talk] Custom Form Fields In-Reply-To: <20040130152203.GA21542@panix.com> References: <401A7613.4060104@prusak.com> <20040130152203.GA21542@panix.com> Message-ID: <401A8824.4010802@spacemonkeylabs.com> Daniel Convissor wrote: > While this might not be the entire answer, this may be of some help. I've > never really looked at it, but have noticed it: > > http://pear.php.net/package/HTML_QuickForm I'll second that one. I use it on many different sites, some of which have complex requirements. Using HTML_QuickForm will definitely make your life easier. Also, having an object interface to forms is what really makes this package helpful, as you are free to dynamically manipulate your form elements before rendering. Additional benefits are automated validation rules generation (even client-side javascript) and the ability to run functions on submitted data before the actual process starts. -- Mitch From chubbard at next-online.net Fri Jan 30 11:47:56 2004 From: chubbard at next-online.net (Chris Hubbard) Date: Fri, 30 Jan 2004 08:47:56 -0800 Subject: [nycphp-talk] back button, page timeout, sessions Message-ID: <401A8ABC.6070703@next-online.net> All, What are strategies you've implemented to eliminate the "this page has expired" that commonly gets displayed after a user clicks the back button? I've seen lots of sites that use sessions, where clicking the back button "breaks" the application by displaying the expired message. I've seen a couple pages where clicking the back button doesn't break the application. Hints, suggestions, thoughts? Thanks, Chris From mitchy at spacemonkeylabs.com Fri Jan 30 11:53:52 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Fri, 30 Jan 2004 11:53:52 -0500 Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <401A8ABC.6070703@next-online.net> References: <401A8ABC.6070703@next-online.net> Message-ID: <401A8C20.3040001@spacemonkeylabs.com> Chris Hubbard wrote: > All, > What are strategies you've implemented to eliminate the "this page has > expired" that commonly gets displayed after a user clicks the back button? > I've seen lots of sites that use sessions, where clicking the back > button "breaks" the application by displaying the expired message. I've > seen a couple pages where clicking the back button doesn't break the > application. > Hints, suggestions, thoughts? I've just recently become infatuated with the Mambo CMS (www.mamboserver.com). Their management interface has an impressive way of dealing with these errors. If you get the chance, try it out. Should be great inspiration :) -- Mitch From nyphp at enobrev.com Fri Jan 30 11:57:12 2004 From: nyphp at enobrev.com (Mark Armendariz) Date: Fri, 30 Jan 2004 11:57:12 -0500 Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <401A8ABC.6070703@next-online.net> Message-ID: Very basic way of solving is to use GET instead of POST, which is good for searches and such, but not good for hiding files, multi-select fields and textareas. Mark From dmintz at davidmintz.org Fri Jan 30 12:06:21 2004 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 30 Jan 2004 12:06:21 -0500 (EST) Subject: [nycphp-talk] Custom Form Fields (an aside re HTML_QuickForm) In-Reply-To: <401A8824.4010802@spacemonkeylabs.com> References: <401A7613.4060104@prusak.com> <20040130152203.GA21542@panix.com> <401A8824.4010802@spacemonkeylabs.com> Message-ID: Just a thank you to Mitch for speaking well of HTML_QuickForm because I am about to adopt it on a project and it's nice to get a little validation (for my decision as well as my form input). On Fri, 30 Jan 2004, Mitch Pirtle wrote: > I'll second that one. I use it on many different sites, some of which > have complex requirements. Using HTML_QuickForm will definitely make > your life easier. > > Also, having an object interface to forms is what really makes this > package helpful, as you are free to dynamically manipulate your form > elements before rendering. > > Additional benefits are automated validation rules generation (even > client-side javascript) and the ability to run functions on submitted > data before the actual process starts. > > -- Mitch --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From yury at heavenspa.com Fri Jan 30 12:18:56 2004 From: yury at heavenspa.com (yury at heavenspa.com) Date: Fri, 30 Jan 2004 12:18:56 -0500 Subject: [nycphp-talk] back button, page timeout, sessions References: <401A8ABC.6070703@next-online.net> <401A8C20.3040001@spacemonkeylabs.com> Message-ID: <025d01c3e755$247e01a0$0400a8c0@heavenspanyc> mambo, mambo, mambo -- been using it for a while.. multiple sites and love it. Installs in minutes, edit the look in minutes too.. ciao yury ----- Original Message ----- From: "Mitch Pirtle" To: "NYPHP Talk" Sent: Friday, January 30, 2004 11:53 AM Subject: Re: [nycphp-talk] back button, page timeout, sessions > Chris Hubbard wrote: > > All, > > What are strategies you've implemented to eliminate the "this page has > > expired" that commonly gets displayed after a user clicks the back button? > > I've seen lots of sites that use sessions, where clicking the back > > button "breaks" the application by displaying the expired message. I've > > seen a couple pages where clicking the back button doesn't break the > > application. > > Hints, suggestions, thoughts? > > I've just recently become infatuated with the Mambo CMS > (www.mamboserver.com). Their management interface has an impressive way > of dealing with these errors. If you get the chance, try it out. > Should be great inspiration :) > > -- Mitch > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From dcallaghan at linuxmail.org Fri Jan 30 12:16:24 2004 From: dcallaghan at linuxmail.org (Dave Callaghan) Date: Fri, 30 Jan 2004 12:16:24 -0500 Subject: [nycphp-talk] Custom Form Fields (an aside re HTML_QuickForm) Message-ID: <20040130171624.7612.qmail@linuxmail.org> I'm a huge fan of HTML_QuickForm. It may not be applicable to your application, but HTML_QuickForm_Controller is an excellent way to create tabbed forms and wizard interfaces. I rarely miss a chance to give it props! > > On Fri, 30 Jan 2004, David Mintz wrote > > Just a thank you to Mitch for speaking well of HTML_QuickForm because I am > about to adopt it on a project and it's nice to get a little validation > (for my decision as well as my form input). > > On Fri, 30 Jan 2004, Mitch Pirtle wrote: > > > I'll second that one. I use it on many different sites, some of which > > have complex requirements. Using HTML_QuickForm will definitely make > > your life easier. > > > > Also, having an object interface to forms is what really makes this > > package helpful, as you are free to dynamically manipulate your form > > elements before rendering. > > > > Additional benefits are automated validation rules generation (even > > client-side javascript) and the ability to run functions on submitted > > data before the actual process starts. > > > > -- Mitch > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze From dmintz at davidmintz.org Fri Jan 30 12:24:18 2004 From: dmintz at davidmintz.org (David Mintz) Date: Fri, 30 Jan 2004 12:24:18 -0500 (EST) Subject: [nycphp-talk] Custom Form Fields (an aside re HTML_QuickForm) In-Reply-To: <20040130171624.7612.qmail@linuxmail.org> References: <20040130171624.7612.qmail@linuxmail.org> Message-ID: Oh hell yeah, I'm gonna be taking a long look at HTML_QuickForm_Controller as soon as I get nice and comfortable with HTML_QuickForm. It's too bad the PEAR documentation/tutorials in general aren't a little better -- said he, looking the proverbial gift-horse in the mouth -- but I'll take it anyway thank you very much. On Fri, 30 Jan 2004, Dave Callaghan wrote: > I'm a huge fan of HTML_QuickForm. It may not be applicable to your > application, but HTML_QuickForm_Controller is an excellent way to create > tabbed forms and wizard interfaces. I rarely miss a chance to give it > props! > > > > On Fri, 30 Jan 2004, David Mintz wrote > > > > Just a thank you to Mitch for speaking well of HTML_QuickForm because I am > > about to adopt it on a project and it's nice to get a little validation > > (for my decision as well as my form input). > > --- David Mintz http://davidmintz.org/ "Anybody else got a problem with Webistics?" -- Sopranos 24:17 From lists at prusak.com Fri Jan 30 12:33:37 2004 From: lists at prusak.com (Ophir Prusak) Date: Fri, 30 Jan 2004 12:33:37 -0500 Subject: [nycphp-talk] Custom Form Fields In-Reply-To: <401A8824.4010802@spacemonkeylabs.com> References: <401A7613.4060104@prusak.com> <20040130152203.GA21542@panix.com> <401A8824.4010802@spacemonkeylabs.com> Message-ID: <401A9571.8090002@prusak.com> An HTML attachment was scrubbed... URL: From shiflett at php.net Fri Jan 30 12:34:07 2004 From: shiflett at php.net (Chris Shiflett) Date: Fri, 30 Jan 2004 09:34:07 -0800 (PST) Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <401A8ABC.6070703@next-online.net> Message-ID: <20040130173407.44356.qmail@web14308.mail.yahoo.com> --- Chris Hubbard wrote: > What are strategies you've implemented to eliminate the "this page has > expired" that commonly gets displayed after a user clicks the back > button? You can try: 1. Intermediate processing page that uses a protocol-level redirect, so that POST data is only ever sent to this intermeiate page. 2. Cache-Control: private 3. Someone else's suggestions. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From dcech at phpwerx.net Fri Jan 30 12:49:14 2004 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 30 Jan 2004 12:49:14 -0500 Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <20040130173407.44356.qmail@web14308.mail.yahoo.com> References: <20040130173407.44356.qmail@web14308.mail.yahoo.com> Message-ID: <401A991A.50209@phpwerx.net> Chris Shiflett wrote: > --- Chris Hubbard wrote: > >>What are strategies you've implemented to eliminate the "this page has >>expired" that commonly gets displayed after a user clicks the back >>button? > > You can try: > > 1. Intermediate processing page that uses a protocol-level redirect, so > that POST data is only ever sent to this intermeiate page. > 2. Cache-Control: private > 3. Someone else's suggestions. :-) Personally I have a strong aversion to using 'processing' pages, but that's just me.... I tend to use some cache control headers: Expires:?Fri,?30?Jan?2004?17:39:20?GMT Cache-Control:?private,?no-store,?no-cache,?no-transform,?must-revalidate Cache-Control:?max-age=1,?s-maxage=1,?pre-check=1,?post-check=1 Pragma:?no-cache I actually have a function to generate the appropriate headers...if anyone is interested I can mail it off-list. It can also generate appropriate headers for objects which should be cached by proxies and browsers (very useful for php generated images, etc). Other than than I also use a per-form token to ensure that a given form cannot be submitted twice. This solution seems to work fairly well, the headers ensure that use of the back and forward buttons still take you to a current version of the page, whilst the tokens prevent forms from being submitted twice (ie when a user submits a form, moves on, then uses the back button to return to the submission page). By combining this with a decent url rewriting system I can keep my urls short and readable and everything Just Works. Dan From dcallaghan at linuxmail.org Fri Jan 30 12:52:39 2004 From: dcallaghan at linuxmail.org (Dave Callaghan) Date: Fri, 30 Jan 2004 12:52:39 -0500 Subject: [nycphp-talk] Custom Form Fields (an aside re HTML_QuickForm) Message-ID: <20040130175239.5604.qmail@linuxmail.org> www.phpkitchen.com has some tutorials and the HTML_QuickForm is simple and effective. Without it, you might not freeze the form after successful validation and other not-so-obvious aspects of QuickForm. The samples in the PEAR docs are excellent for the controller and you can get up an running happily and quickly with them. Hint: refering to the pages as page1, page2, etc is NOT optional. You'll see what I mean and where I mean it ;) > On Fri, 30 Jan 2004, David Mintz wrote: > > Oh hell yeah, I'm gonna be taking a long look at HTML_QuickForm_Controller > as soon as I get nice and comfortable with HTML_QuickForm. > > It's too bad the PEAR documentation/tutorials in general aren't a little > better -- said he, looking the proverbial gift-horse in the mouth -- but > I'll take it anyway thank you very much. > > On Fri, 30 Jan 2004, Dave Callaghan wrote: > > > I'm a huge fan of HTML_QuickForm. It may not be applicable to your > > application, but HTML_QuickForm_Controller is an excellent way to create > > tabbed forms and wizard interfaces. I rarely miss a chance to give it > > props! > > > > > > On Fri, 30 Jan 2004, David Mintz wrote > > > > > > Just a thank you to Mitch for speaking well of HTML_QuickForm because I am > > > about to adopt it on a project and it's nice to get a little validation > > > (for my decision as well as my form input). > > > > > > --- > David Mintz > http://davidmintz.org/ > > "Anybody else got a problem with Webistics?" -- Sopranos 24:17 > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze From lists at prusak.com Fri Jan 30 13:12:49 2004 From: lists at prusak.com (Ophir Prusak) Date: Fri, 30 Jan 2004 13:12:49 -0500 Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <401A8ABC.6070703@next-online.net> References: <401A8ABC.6070703@next-online.net> Message-ID: <401A9EA1.8010902@prusak.com> I was recently tasked to fix this exact issue. In a nutshell, our solution was simply to change "post" to "get" in most of our forms. First of all, you need to check where this makes sense. For all the forms where submitting the form would not make any changes to the data (only use db selects) this was fine. For example, in all of our search and report pages. For all the forms where submitting the form could possibly change data, we chose not to change it to get, and leave the "this page has expired" error message. For example, if the user is inserting a new record into the database. We of course had to make some other changes, both to the backend and the forms themselves, The backend was quite simple, mostly changing $_POST to $_REQUEST. For the forms themselves, it was not enough to change POST to GET. It seems that for GET requests, the browser (at least IE 6) truncates anything after the ? in the action variable. For example, if you have this:
When u submit the form, the other=blah won't be there. I whipped up a working example for this at http://www.stationplay.com/dev/form_test.php where you can see this in action. Our solution was to pass in hidden variables, so it ended up being this: Hope that helps, Ophir Chris Hubbard wrote: > All, > What are strategies you've implemented to eliminate the "this page has > expired" that commonly gets displayed after a user clicks the back > button? > I've seen lots of sites that use sessions, where clicking the back > button "breaks" the application by displaying the expired message. > I've seen a couple pages where clicking the back button doesn't break > the application. > Hints, suggestions, thoughts? > Thanks, > Chris > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk From jonbaer at jonbaer.net Fri Jan 30 13:38:42 2004 From: jonbaer at jonbaer.net (jon baer) Date: Fri, 30 Jan 2004 13:38:42 -0500 Subject: [nycphp-talk] Custom Form Fields, osc References: <401A7613.4060104@prusak.com> Message-ID: <06b201c3e760$4a644db0$6400a8c0@thinkpad> to me this sounds alot like having custom product attributes like what is shown in osCommerce stuff. if i had that task you could just rip into that part of the app - or even just use it. i think the basics are there (db part) ... you just would have to reverse it into a label rather than an option ... - jon ----- Original Message ----- From: "Ophir Prusak" To: "NYPHP Talk" Sent: Friday, January 30, 2004 10:19 AM Subject: [nycphp-talk] Custom Form Fields > Hi All, > > I've been tasked with a project that I think is applicable to almost > every web based application: > Giving the user the ability to add custom fields to their data / forms. > After doing some thinking, I realized that the "engine" for such a > feature could be totally generic and work for almost any web site. > I looked on freshmeat, sourceforge and phpclasses but didn't see > anything really geared toward this functionality. > > For example: > Your client is a large car rental service and they wanted an intranet > app that allows them to keep inventory of all their cars. > Users enter make, model, color, year, A/C, miles, location, etc. > After it's launched, the Dallas office wants to add a field for ground > clearance (in inches) and four wheel drive (checkbox). > The Miami office wants fields for Hitch (checkbox) and Engine Size > (pulldown). > You get the picture. > > What have you done or would you do when faced with this requirement ? > Is this something you are in need of as well ? > Comments / Suggestions ? > > I'm considering starting an open source project for this. I got an OK > from my boss if it means other people will help out :). > Are there other developers here who would be interested in joining a > project like this ? > > Thanx, > Ophir > > > > > > > > > > > > You just finished coding your app and now the client wants to add some > more data fields. > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > From jsiegel1 at optonline.net Fri Jan 30 14:26:00 2004 From: jsiegel1 at optonline.net (Jeff Siegel) Date: Fri, 30 Jan 2004 14:26:00 -0500 Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: References: Message-ID: <401AAFC8.7010000@optonline.net> Where possible, I use GET instead of POST. Depending on the nature of the data that has to go into the URL, you could just send it out "in the clear" such as "dealer_search_results.php?Categories=2&State=Maine" while making sure, in your "receiving" code, that no one has mucked with the data by putting in inappropriate values. However, I've become a big fan of taking the stuff like above, creating an array and encoding it (using base64encode and serialization) and appending it to the URL like below. /small_ad.php?code=YToyOntzOjY6Ik15TWFrZSI7czozOiJBTUMiO3M6NjoiQWRUeXBlIjtzOjM6ImNhciI7fQ== On the receiving end, when I unserialize and decode, if there is a problem, I know the user mucked with the URL so I just redirect them to some generic page. Jeff Siegel Mark Armendariz wrote: > Very basic way of solving is to use GET instead of POST, which is good for > searches and such, but not good for hiding files, multi-select fields and > textareas. > > Mark > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > -- Found on the Simpson's Website: "Ooooooh, they have the internet on computers now!" From shiflett at php.net Fri Jan 30 14:35:00 2004 From: shiflett at php.net (Chris Shiflett) Date: Fri, 30 Jan 2004 11:35:00 -0800 (PST) Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <401A991A.50209@phpwerx.net> Message-ID: <20040130193501.91351.qmail@web14302.mail.yahoo.com> --- Dan Cech wrote: > I tend to use some cache control headers: > > Expires:?Fri,?30?Jan?2004?17:39:20?GMT > Cache-Control:?private,?no-store,?no-cache,?no-transform, >?must-revalidate > Cache-Control:?max-age=1,?s-maxage=1,?pre-check=1,?post-check=1 > Pragma:?no-cache I've seen this approach before by people who just want to eliminate caching altogether. That's not always best, and this question actually highlights one reason why. Using no-store is pretty absolute, although different browsers interpret this in different ways (see http://lists.nyphp.org/pipermail/talk/2003-March/002828.html). In general, it is better to understand the various directives for Cache-Control and use the ones most appropriate for your situation. > Other than than I also use a per-form token to ensure that a given form > cannot be submitted twice. This can ensure that a form is not submitted twice (as well as help to protect against CSRF and similar attacks), but it doesn't help the "page has expired" problem that was originally asked. The most common approach is to use an intermediate page for processing, so that the POST request does not exist in the browser's history mechanism. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From adam at trachtenberg.com Fri Jan 30 14:35:03 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Fri, 30 Jan 2004 14:35:03 -0500 (EST) Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <401A9EA1.8010902@prusak.com> References: <401A8ABC.6070703@next-online.net> <401A9EA1.8010902@prusak.com> Message-ID: On Fri, 30 Jan 2004, Ophir Prusak wrote: > I was recently tasked to fix this exact issue. > In a nutshell, our solution was simply to change "post" to "get" in most > of our forms. > > First of all, you need to check where this makes sense. > > For all the forms where submitting the form would not make any changes > to the data (only use db selects) this was fine. For example, in all of > our search and report pages. > > For all the forms where submitting the form could possibly change data, > we chose not to change it to get, and leave the "this page has expired" > error message. For example, if the user is inserting a new record into > the database. Roy Fielding would be so proud. If you read the HTTP RFC, you see that you're not supposed to alter any content as a result of a GET request. See section 9.1.1 of RFC 2616: > In particular, the convention has been established that the GET and > HEAD methods SHOULD NOT have the significance of taking an action > other than retrieval. These methods ought to be considered > "safe". This allows user agents to represent other methods, such as > POST, PUT and DELETE, in a special way, so that the user is made > aware of the fact that a possibly unsafe action is being requested. Of course, nobody actually pays attention to that portion of the spec. I would guess, however, that's why many browsers throw up a "contents may have changed" page when you try to go back to a POSTed page, since the assumption is that you've altered something as to make the original form potentially incorrect. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From enunez at tiaa-cref.org Fri Jan 30 14:41:50 2004 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Fri, 30 Jan 2004 12:41:50 -0700 Subject: [nycphp-talk] back button, page timeout, sessions Message-ID: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9E21@msxnyusr01.msx.ops.tiaa-cref.org> I've encountered this same problem with no real way to handle it... Question though: >The most common approach is to use an intermediate page for processing, so that the POST request does not exist in the browser's history mechanism. Does this mean that the intermediate page processes and generates an output file(or something) to redirect the user to? It makes sense to me, but would there be a better way than generating a temporary results page? -EAN -----Original Message----- From: Chris Shiflett [mailto:shiflett at php.net] Sent: Friday, January 30, 2004 2:35 PM To: NYPHP Talk Subject: Re: [nycphp-talk] back button, page timeout, sessions --- Dan Cech wrote: > I tend to use some cache control headers: > > Expires:?Fri,?30?Jan?2004?17:39:20?GMT > Cache-Control:?private,?no-store,?no-cache,?no-transform, >?must-revalidate > Cache-Control:?max-age=1,?s-maxage=1,?pre-check=1,?post-check=1 > Pragma:?no-cache I've seen this approach before by people who just want to eliminate caching altogether. That's not always best, and this question actually highlights one reason why. Using no-store is pretty absolute, although different browsers interpret this in different ways (see http://lists.nyphp.org/pipermail/talk/2003-March/002828.html). In general, it is better to understand the various directives for Cache-Control and use the ones most appropriate for your situation. > Other than than I also use a per-form token to ensure that a given form > cannot be submitted twice. This can ensure that a form is not submitted twice (as well as help to protect against CSRF and similar attacks), but it doesn't help the "page has expired" problem that was originally asked. The most common approach is to use an intermediate page for processing, so that the POST request does not exist in the browser's history mechanism. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk ************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** From shiflett at php.net Fri Jan 30 14:43:56 2004 From: shiflett at php.net (Chris Shiflett) Date: Fri, 30 Jan 2004 11:43:56 -0800 (PST) Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: Message-ID: <20040130194356.92435.qmail@web14302.mail.yahoo.com> --- Adam Maccabee Trachtenberg wrote: > Roy Fielding would be so proud. If you read the HTTP RFC, you see > that you're not supposed to alter any content as a result of a GET > request. See section 9.1.1 of RFC 2616: > > > In particular, the convention has been established that the GET and > > HEAD methods SHOULD NOT have the significance of taking an action > > other than retrieval. These methods ought to be considered > > "safe". This allows user agents to represent other methods, such as > > POST, PUT and DELETE, in a special way, so that the user is made > > aware of the fact that a possibly unsafe action is being requested. This is what he was referring to during my talk, if you remember. :-) Of course, things in the specification that are left to the developers of the actual Web clients (Apache, Mozilla, etc.) are more likely to be adhered to than the things which are left to the Web application developers. Unfortunately, we can't assume that a GET request is safe. Rasmus mentioned (with a hint of pride, actually) that he is largely responsible for this problem, and register_globals is a fundamental factor. Because PHP developers don't have to even know what the request method is, they are likely to not pay any attention when deciding whether to take some important action. This is yet another reason why disabling register_globals is a good idea. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From adam at trachtenberg.com Fri Jan 30 14:48:37 2004 From: adam at trachtenberg.com (Adam Maccabee Trachtenberg) Date: Fri, 30 Jan 2004 14:48:37 -0500 (EST) Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <20040130194356.92435.qmail@web14302.mail.yahoo.com> References: <20040130194356.92435.qmail@web14302.mail.yahoo.com> Message-ID: On Fri, 30 Jan 2004, Chris Shiflett wrote: > --- Adam Maccabee Trachtenberg wrote: > > Roy Fielding would be so proud. If you read the HTTP RFC, you see > > that you're not supposed to alter any content as a result of a GET > > request. See section 9.1.1 of RFC 2616: > > > > > In particular, the convention has been established that the GET and > > > HEAD methods SHOULD NOT have the significance of taking an action > > > other than retrieval. These methods ought to be considered > > > "safe". This allows user agents to represent other methods, such as > > > POST, PUT and DELETE, in a special way, so that the user is made > > > aware of the fact that a possibly unsafe action is being requested. > > This is what he was referring to during my talk, if you remember. :-) How do you think I know about this? :) > Rasmus mentioned (with a hint of pride, actually) that he is largely > responsible for this problem, and register_globals is a fundamental > factor. Because PHP developers don't have to even know what the request > method is, they are likely to not pay any attention when deciding whether > to take some important action. This is yet another reason why disabling > register_globals is a good idea. I would actually have to say Rasmus is probably right. -adam -- adam at trachtenberg.com author of o'reilly's php cookbook avoid the holiday rush, buy your copy today! From shiflett at php.net Fri Jan 30 14:52:11 2004 From: shiflett at php.net (Chris Shiflett) Date: Fri, 30 Jan 2004 11:52:11 -0800 (PST) Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9E21@msxnyusr01.msx.ops.tiaa-cref.org> Message-ID: <20040130195211.47567.qmail@web14307.mail.yahoo.com> --- "Nunez, Eddy" wrote: > > The most common approach is to use an intermediate page for > > processing, so that the POST request does not exist in the browser's > > history mechanism. > > Does this mean that the intermediate page processes and generates an > output file (or something) to redirect the user to? The intermediate "page" generates no output and has: header('Location: http://newurl/'); > It makes sense to me, but would there be a better way than generating > a temporary results page? Yes, I think the better solution is to find the Cache-Control directives that are best for your situation. In most every case, you can eliminate whatever behavior you dislike this way. However, using an intermediate page is more common, because it is easier to implement, and it is more reliable (it doesn't rely as much on browser interpretation). Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From enunez at tiaa-cref.org Fri Jan 30 14:59:01 2004 From: enunez at tiaa-cref.org (Nunez, Eddy) Date: Fri, 30 Jan 2004 12:59:01 -0700 Subject: [nycphp-talk] back button, page timeout, sessions Message-ID: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9E22@msxnyusr01.msx.ops.tiaa-cref.org> > The intermediate "page" generates no output and has: > > header('Location: http://newurl/'); This means you need to transfer any form data via the redirected link, essentially turning a POST into a GET. no? -EAN -----Original Message----- From: Chris Shiflett [mailto:shiflett at php.net] Sent: Friday, January 30, 2004 2:52 PM To: NYPHP Talk Subject: RE: [nycphp-talk] back button, page timeout, sessions --- "Nunez, Eddy" wrote: > > The most common approach is to use an intermediate page for > > processing, so that the POST request does not exist in the browser's > > history mechanism. > > Does this mean that the intermediate page processes and generates an > output file (or something) to redirect the user to? The intermediate "page" generates no output and has: header('Location: http://newurl/'); > It makes sense to me, but would there be a better way than generating > a temporary results page? Yes, I think the better solution is to find the Cache-Control directives that are best for your situation. In most every case, you can eliminate whatever behavior you dislike this way. However, using an intermediate page is more common, because it is easier to implement, and it is more reliable (it doesn't rely as much on browser interpretation). Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ _______________________________________________ talk mailing list talk at lists.nyphp.org http://lists.nyphp.org/mailman/listinfo/talk ************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************** From shiflett at php.net Fri Jan 30 15:09:18 2004 From: shiflett at php.net (Chris Shiflett) Date: Fri, 30 Jan 2004 12:09:18 -0800 (PST) Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <7CE0EC1FC2D0D411910700508BE38D0F0A6D9E22@msxnyusr01.msx.ops.tiaa-cref.org> Message-ID: <20040130200918.96501.qmail@web14302.mail.yahoo.com> --- "Nunez, Eddy" wrote: > > > The intermediate "page" generates no output and has: > > > > header('Location: http://newurl/'); > > This means you need to transfer any form data via the > redirected link, essentially turning a POST into a GET. no? No, you just do whatever you need to do with the form data on the intermediate page. This approach is much more difficult if you don't have a very good separation of presentation and logic, so it may not be a good choice for you. The idea is to do whatever you need to do with the data, and then you redirect to a "dumb" page that handles the presentation. Redirects require a separate HTTP transaction, so you should not make a habit of it, but they can be good for things like this. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ From dcech at phpwerx.net Fri Jan 30 15:18:10 2004 From: dcech at phpwerx.net (Dan Cech) Date: Fri, 30 Jan 2004 15:18:10 -0500 Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <20040130193501.91351.qmail@web14302.mail.yahoo.com> References: <20040130193501.91351.qmail@web14302.mail.yahoo.com> Message-ID: <401ABC02.4010307@phpwerx.net> Chris Shiflett wrote: > --- Dan Cech wrote: > >>I tend to use some cache control headers: >> >>Expires:?Fri,?30?Jan?2004?17:39:20?GMT >>Cache-Control:?private,?no-store,?no-cache,?no-transform, >>?must-revalidate >>Cache-Control:?max-age=1,?s-maxage=1,?pre-check=1,?post-check=1 >>Pragma:?no-cache > > I've seen this approach before by people who just want to eliminate > caching altogether. That's not always best, and this question actually > highlights one reason why. Using no-store is pretty absolute, although > different browsers interpret this in different ways (see > http://lists.nyphp.org/pipermail/talk/2003-March/002828.html). In general, > it is better to understand the various directives for Cache-Control and > use the ones most appropriate for your situation. You can find the source for my header-generation functions at: http://php.phpwerx.net/ The combination of different headers above should give the desired effect on the majority of browsers for web-application type situations, that is when you wish to always see a 'fresh' copy of a page. >>Other than than I also use a per-form token to ensure that a given form >>cannot be submitted twice. > > This can ensure that a form is not submitted twice (as well as help to > protect against CSRF and similar attacks), but it doesn't help the "page > has expired" problem that was originally asked. The most common approach > is to use an intermediate page for processing, so that the POST request > does not exist in the browser's history mechanism. Fair enough, I do see what you mean in terms of the browser history. Here again it really depends on the type of application you are building, as to whether or not you want to allow the users to go 'back' to a previous page. If this is desirable then the processing page approach has advantages, however if you are speaking in terms of a 'web application', you are just as well off avoiding the extra request cycle and using a token-based (or similar) system. As usual the best solution is dependent on the exact problem you are trying to solve. Dan From bpang at bpang.com Sat Jan 31 00:58:08 2004 From: bpang at bpang.com (bpang at bpang.com) Date: Sat, 31 Jan 2004 00:58:08 -0500 (EST) Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <401ABC02.4010307@phpwerx.net> References: <20040130193501.91351.qmail@web14302.mail.yahoo.com> <401ABC02.4010307@phpwerx.net> Message-ID: <.38.117.145.89.1075528688.squirrel@www.bpang.com> try messing around with this (look it up in the manual, there are a couple of other args you can use) session_cache_limiter('none'); From felix at students.poly.edu Fri Jan 30 19:23:23 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Fri, 30 Jan 2004 19:23:23 -0500 Subject: [nycphp-talk] back button, page timeout, sessions In-Reply-To: <401A8ABC.6070703@next-online.net> References: <401A8ABC.6070703@next-online.net> Message-ID: <20040130192323.470c50eb.felix@students.poly.edu> Could someone post some code to reproduce this problem ? -- felix[at]bebinary.com http://www.zaslavskiy.net/ From joshmccormack at travelersdiary.com Sat Jan 31 01:52:06 2004 From: joshmccormack at travelersdiary.com (Josh McCormack) Date: Sat, 31 Jan 2004 01:52:06 -0500 Subject: [nycphp-talk] Custom Form Fields In-Reply-To: <401A9571.8090002@prusak.com> References: <401A7613.4060104@prusak.com> <20040130152203.GA21542@panix.com> <401A8824.4010802@spacemonkeylabs.com> <401A9571.8090002@prusak.com> Message-ID: <401B5096.8090904@travelersdiary.com> Ophir Prusak wrote: > 2. I need to give administrators the ability to modify the custom form > fields via a web interface. Would the main database design change? In your example, could the central office add a 4 wheel drive column? > The second issue is storing the form field definitions, meta data and > actual result data. > I looked at http://www.dadabik.org/ and a few open source survey > applications. Conceptually, a survey application where the user can > create their own surveys is in many ways the same as what I'm trying to > do. I just need to separate the engine from any front end code. > This seems to be the more problematic issue which I need to solve. > I just finished installing dadabik, so if you have questions I can answer them. It's pretty nice, but there a few things that would be nice - levels of permission, ability to add columns, etc. Josh From tgales at tgaconnect.com Sat Jan 31 12:08:50 2004 From: tgales at tgaconnect.com (Tim Gales) Date: Sat, 31 Jan 2004 12:08:50 -0500 Subject: [nycphp-talk] php cms software Message-ID: <000801c3e81c$e69923b0$bf8d3818@oberon1> There seems to be some interest on this list about CMS (Content Management System) software from time to time. The following is a website with links to many CMS's and reviews (the reviews vary in quality). http://www.opensourcecms.com/index.php Still people might find the website provides them with a convenient way to find out more about what's out there. T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From felix at students.poly.edu Sat Jan 31 09:10:08 2004 From: felix at students.poly.edu (felix zaslavskiy) Date: Sat, 31 Jan 2004 09:10:08 -0500 Subject: [nycphp-talk] php cms software In-Reply-To: <000801c3e81c$e69923b0$bf8d3818@oberon1> References: <000801c3e81c$e69923b0$bf8d3818@oberon1> Message-ID: <20040131091008.0c98ad7f.felix@students.poly.edu> On Sat, 31 Jan 2004 12:08:50 -0500 "Tim Gales" wrote: > > There seems to be some interest on > this list about CMS (Content Management System) > software from time to time. > > The following is a website with links to > many CMS's and reviews (the reviews vary in quality). > > http://www.opensourcecms.com/index.php Its a good resource but they only present php with mysql and ignore the rest. Their excuse because that is what they know. So I still think one should at least take a look at other language cms like plone or bricolage for example. -- felix[at]bebinary.com http://www.zaslavskiy.net/ From mitchy at spacemonkeylabs.com Sat Jan 31 14:24:20 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Sat, 31 Jan 2004 14:24:20 -0500 Subject: [nycphp-talk] php cms software In-Reply-To: <20040131091008.0c98ad7f.felix@students.poly.edu> References: <000801c3e81c$e69923b0$bf8d3818@oberon1> <20040131091008.0c98ad7f.felix@students.poly.edu> Message-ID: <401C00E4.9000007@spacemonkeylabs.com> felix zaslavskiy wrote: > On Sat, 31 Jan 2004 12:08:50 -0500 > "Tim Gales" wrote: > >>http://www.opensourcecms.com/index.php > > > Its a good resource but they only present php with mysql and ignore the > rest. Their excuse because that is what they know. So I still think one > should at least take a look at other language cms like plone or > bricolage for example. Absolutely! Having worked with Zope/Plone for years I gotta say everyone should at least look at it. Totally different animal with complex requirements (and installation in a production environment is almost not possible) - but man, when it is going it is incredible... I'm happy to answer any questions about Zope/Plone for those interested. -- mitch From danielk at us.ibm.com Sat Jan 31 17:09:49 2004 From: danielk at us.ibm.com (Daniel Krook) Date: Sat, 31 Jan 2004 17:09:49 -0500 Subject: [nycphp-talk] php cms software In-Reply-To: <401C00E4.9000007@spacemonkeylabs.com> Message-ID: Not sure if this is a positive or negative but Sun and NASA use Plone to manage their Mars probe simulation website : ) http://mars.telascience.org/home/ > Absolutely! Having worked with Zope/Plone for years I gotta say > everyone should at least look at it. Totally different animal with > complex requirements (and installation in a production environment is > almost not possible) - but man, when it is going it is incredible... > > I'm happy to answer any questions about Zope/Plone for those interested. Daniel Krook, Application Developer, Production Services, ibm.com 1133 Westchester Avenue, White Plains, NY 10604 Tel: (914) 642-4474, Tieline 224-4474 danielk at us.ibm.com Personal: http://info.krook.org/ Persona: http://w3.ibm.com/persona/users/9/0/x/90MC212-P.html From mitchy at spacemonkeylabs.com Sat Jan 31 17:47:30 2004 From: mitchy at spacemonkeylabs.com (Mitch Pirtle) Date: Sat, 31 Jan 2004 17:47:30 -0500 Subject: [nycphp-talk] php cms software In-Reply-To: References: Message-ID: <401C3082.7070306@spacemonkeylabs.com> Daniel Krook wrote: > > > > > Not sure if this is a positive or negative but Sun and NASA use Plone to > manage their Mars probe simulation website : ) > http://mars.telascience.org/home/ NATO uses it to track boats, or so I've heard... -- Mitch