From paul at devonianfarm.com Sun Apr 1 22:10:18 2007 From: paul at devonianfarm.com (Paul Houle) Date: Sun, 01 Apr 2007 22:10:18 -0400 Subject: [nycphp-talk] Creating database tables when deploying products In-Reply-To: <000f01c7740e$9ce3fde0$6a01a8c0@gamebox> References: <01b001c76fb4$bef4f730$6a01a8c0@gamebox> <460F1387.2070105@devonianfarm.com> <000f01c7740e$9ce3fde0$6a01a8c0@gamebox> Message-ID: <4610660A.2070507@devonianfarm.com> Ben Sgro (ProjectSkyline) wrote: > I suppose I can use PEAR:DB:SQLwhatever, but I'm intimate > what my SQL code and don't want to give it up. I've mostly worked with ADODB. When I last looked, ADODB was far ahead of PEAR:DB, but it looks like PEAR:DB has come a long way. I have a few serious complaints with ADODB, but it sure beats having to switch between a few database APIs to do my work. Things I'd like to see in a database API are: (i) no use of globals to switch between numeric and associative result sets (ii) lazy initialization of database connections ('create' the connection early in your app, but don't suffer the overhead of using it until you need it) (iii) a subdivision of database exceptions, so I can write something like try { $db->Execute("INSERT ..."); } catch (DuplicateKeyException $e) { ... }; The 'spring' framework in Java does something like this. From cliff at pinestream.com Mon Apr 2 10:27:06 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Mon, 2 Apr 2007 09:27:06 -0500 Subject: [nycphp-talk] DB-based sessions and destructing objects problem Message-ID: <20070402142706.M83063@pinestream.com> I am implementing a MySQL-based session handler and am confused by the dialog in the PHP manual regarding this issue: "Write and Close handlers are called after destructing objects since PHP 5.0.5. Thus destructors can use sessions but session handler can't use objects. In prior versions, they were called in the opposite order. It is possible to call session_write_close() from the destructor to solve this chicken and egg problem." The English please.... First, my app uses PEAR DB. So should I use PEAR DB for access, or use the mysql or mysqli primitives and open a new connection? It seems like opening a new connection would be a waste of resources. But using PEAR DB adds overhead and brings up this object destruction problem. I've seen register_shutdown_function('session_write_close'); as a way to get around the destructor issue, but what is the PEAR DB class is destructed before the session handler? Thoroughly confused... Thoughts? Cliff From ben at projectskyline.com Mon Apr 2 11:27:54 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyline)) Date: Mon, 2 Apr 2007 11:27:54 -0400 Subject: [nycphp-talk] PHP auction software / experiance & comments Message-ID: <00d301c7753b$7be27f30$6a01a8c0@gamebox> Hello Again, I've been researching auction software .. and since I really dont want to attempt to write this kind of stuff, I need to find something that works well out of the box, plus includes the source (since I will be integrating it into another site). So far, the most promising software package I've found is: http://www.phpauction.net/index.php I believe the source code EP version would be best for my auction needs. Does anyone have experiance w/this company and its products? Thanks! - Ben ProjectSkyLine - Defining New Horizons -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Mon Apr 2 21:16:38 2007 From: ramons at gmx.net (David Krings) Date: Mon, 02 Apr 2007 21:16:38 -0400 Subject: [nycphp-talk] single quote vs. double quote Message-ID: <4611AAF6.1070306@gmx.net> Hi! The old topic is at it again. After some long long time I started again with doing some PHP. Task: internationalize my existing project. Goal: read strings from a text file. First step: open the file. I used this: $langfile = fopen('$langfileloc', 'r'); and constantly had it fail. The path and file name are OK, I quadruplechecked. Now, when I do this: $langfile = fopen("$langfileloc", "r"); It works like a charm. Which makes me wonder as some long time ago we had this nice discussion that ended with sth like "one needs only the single quote for everything in PHP". Do I recall this incorrectly or are the exceptions (bugs?) in PHP? Well, took me quite some time to figure out that my use of expert advise wasn't that great this time around. David From chsnyder at gmail.com Mon Apr 2 22:05:19 2007 From: chsnyder at gmail.com (csnyder) Date: Mon, 2 Apr 2007 22:05:19 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <4611AAF6.1070306@gmx.net> References: <4611AAF6.1070306@gmx.net> Message-ID: On 4/2/07, David Krings wrote: ... > $langfile = fopen('$langfileloc', 'r'); > and constantly had it fail. ... > Which makes me wonder as some long time ago we > had this nice discussion that ended with sth like "one needs only the > single quote for everything in PHP". > Ah, no. The discussion probably went along the lines of "use single quotes for faster program execution," because, as you learned, PHP does not need to check for and evaluate variables inside of single-quoted strings. But really, all you had to do was not quote at all. $langfile = fopen( $langfileloc, 'r' ); The difference would come into play if you wanted to, say, add a file extension to the end of $langfileloc. In that case, fopen( $langfileloc.'.txt', 'r' ) would be infintissimally faster than fopen( "$langfileloc.txt", 'r' ), because concatenation is supposed to be faster than string evaluation. Hans Z. will likely point out that fopen("{$langfileloc}.txt", 'r') is even faster, because concatenation is too slow for some folks. Processor speeds being what they are, the only good reason to use single quotes is so you don't have to use the shift key while you type your code. -- Chris Snyder http://chxo.com/ From lists at zaunere.com Mon Apr 2 22:09:05 2007 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 2 Apr 2007 22:09:05 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: References: <4611AAF6.1070306@gmx.net> Message-ID: <032501c77595$0e954930$660aa8c0@MobileZ> csnyder wrote on Monday, April 02, 2007 10:05 PM: > On 4/2/07, David Krings wrote: > ... > > $langfile = fopen('$langfileloc', 'r'); > > and constantly had it fail. > ... > > Which makes me wonder as some long time ago we > > had this nice discussion that ended with sth like "one needs only > > the single quote for everything in PHP". > > > > Ah, no. The discussion probably went along the lines of "use single > quotes for faster program execution," because, as you learned, PHP > does not need to check for and evaluate variables inside of > single-quoted strings. > > But really, all you had to do was not quote at all. > $langfile = fopen( $langfileloc, 'r' ); > > The difference would come into play if you wanted to, say, add a file > extension to the end of $langfileloc. In that case, fopen( > $langfileloc.'.txt', 'r' ) would be infintissimally faster than fopen( > "$langfileloc.txt", 'r' ), because concatenation is supposed to be > faster than string evaluation. Hans Z. will likely point out that > fopen("{$langfileloc}.txt", 'r') is even faster, because concatenation > is too slow for some folks. > > Processor speeds being what they are, the only good reason to use > single quotes is so you don't have to use the shift key while you type > your code. True, but I still like the ability to quickly look at a string and know wheather it should contain variables or is static :) H From kenrbnsn at rbnsn.com Mon Apr 2 22:53:48 2007 From: kenrbnsn at rbnsn.com (Ken Robinson) Date: Mon, 02 Apr 2007 22:53:48 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <032501c77595$0e954930$660aa8c0@MobileZ> References: <4611AAF6.1070306@gmx.net> <032501c77595$0e954930$660aa8c0@MobileZ> Message-ID: At 10:09 PM 4/2/2007, Hans Zaunere wrote: > > Processor speeds being what they are, the only good reason to use > > single quotes is so you don't have to use the shift key while you type > > your code. > >True, but I still like the ability to quickly look at a string and know >wheather it should contain variables or is static :) Another good reason is to enclose strings that contain double quotes, eliminating the ugly (IMHO) backslash double-quote escape that so many people use. Ken From arzala at gmail.com Mon Apr 2 23:42:21 2007 From: arzala at gmail.com (Anirudh Zala) Date: Tue, 3 Apr 2007 09:12:21 +0530 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <4611AAF6.1070306@gmx.net> References: <4611AAF6.1070306@gmx.net> Message-ID: <200704030912.21782.arzala@gmail.com> On Tuesday 03 April 2007 06:46, David Krings wrote: > Hi! > > The old topic is at it again. After some long long time I started again > with doing some PHP. Task: internationalize my existing project. Goal: > read strings from a text file. First step: open the file. > > I used this: > $langfile = fopen('$langfileloc', 'r'); > and constantly had it fail. The path and file name are OK, I > quadruplechecked. > > Now, when I do this: > $langfile = fopen("$langfileloc", "r"); > It works like a charm. Which makes me wonder as some long time ago we > had this nice discussion that ended with sth like "one needs only the > single quote for everything in PHP". > > Do I recall this incorrectly or are the exceptions (bugs?) in PHP? > > Well, took me quite some time to figure out that my use of expert advise > wasn't that great this time around. > > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php Please remember below rules while writing PHP expressions. #1 There is practically NO use of "double quotes" in PHP in writing expressions EXCEPT expanding sequences like converting "\n" into newline, "\t" to tabulator (in regex etc.). Which means you should not use "double quotes" at any other place than above. #2 When your data is static, use 'single quotes' to tell PHP to use it "as it is", if dynamic then should not be enclosed by ANY quote. #3 If you have mixture of static+dynamic then use $dynamic.'I am static' style to concat dynamic and static data. When you use "double quotes" PHP will try to EXPAND everything which is enclosed in "double quotes" which means variables will be expanded, static string will be looked for constants first and if not found then will be used as it is and then finally expression will be prepared. Hope these will clear your thoughts about '' vs. "" quotes. Anirudh Zala From ken at secdat.com Tue Apr 3 06:07:45 2007 From: ken at secdat.com (Kenneth Downs) Date: Tue, 03 Apr 2007 06:07:45 -0400 Subject: [nycphp-talk] High-powered file viewer Message-ID: <46122771.6030509@secdat.com> Wondering if anybody can give personal experience with a linux-based flexible file viewer. The file in question is a mixed binary/ascii (yes ascii, not utf-8) format from a DOS program. It appears that financial data and dates are encoded as binaries, probably to save space, and that would mean there are also pointers in there. I've got to identify about 4 important fields and pull them out. I've done jobs like this plenty of times, but not since my fox days, and fox was pretty good with stuff like this. I've never had to do it with *nix tools. I'm aware that there are plenty of hex viewers out there, what i'm hoping for is that somebody has done something similar or close and can recommend a good viewer from personal experience. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Tue Apr 3 06:36:59 2007 From: ramons at gmx.net (David Krings) Date: Tue, 03 Apr 2007 06:36:59 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: References: <4611AAF6.1070306@gmx.net> Message-ID: <46122E4B.8050401@gmx.net> csnyder wrote: > On 4/2/07, David Krings wrote: > ... >> $langfile = fopen('$langfileloc', 'r'); >> and constantly had it fail. > ... > But really, all you had to do was not quote at all. > $langfile = fopen( $langfileloc, 'r' ); That is indeed so! Thank you. I just wonder why the examples in the PHP manual on php.net do not show it like that. This is so much easier and, gee, more logical. > ... > Processor speeds being what they are, the only good reason to use > single quotes is so you don't have to use the shift key while you type > your code. > Yea, that would be if I'd use a US kezboard. I have a german kezboard and I need to shift either the 2 for the double quotes or the # for the single quote. I wonder how programming languages would look like if Germans would have invented them. I mean, all or most of them. Konrad Zuse did indeed invent the programming language, called 'Plankalk?l' in 1943. David From ramons at gmx.net Tue Apr 3 06:38:05 2007 From: ramons at gmx.net (David Krings) Date: Tue, 03 Apr 2007 06:38:05 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <200704030912.21782.arzala@gmail.com> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> Message-ID: <46122E8D.2010600@gmx.net> Anirudh Zala wrote: > Please remember below rules while writing PHP expressions. > > #1 There is practically NO use of "double quotes" in PHP in writing > expressions EXCEPT expanding sequences like converting "\n" into newline, > "\t" to tabulator (in regex etc.). Which means you should not use "double > quotes" at any other place than above. > > #2 When your data is static, use 'single quotes' to tell PHP to use it "as it > is", if dynamic then should not be enclosed by ANY quote. > > #3 If you have mixture of static+dynamic then use $dynamic.'I am static' style > to concat dynamic and static data. > > When you use "double quotes" PHP will try to EXPAND everything which is > enclosed in "double quotes" which means variables will be expanded, static > string will be looked for constants first and if not found then will be used > as it is and then finally expression will be prepared. > > Hope these will clear your thoughts about '' vs. "" quotes. Thank you very much. I'll print it out and pin it to my forehead. David From anieshjoseph at gmail.com Tue Apr 3 08:20:20 2007 From: anieshjoseph at gmail.com (Aniesh joseph) Date: Tue, 3 Apr 2007 17:50:20 +0530 Subject: [nycphp-talk] Can somebody suggest a site to download WYSIWYG editor ? Message-ID: <1b3d2fde0704030520g211f5e81g70bd2dd823a4e57e@mail.gmail.com> Hello Can somebody suggest a site to download WYSIWYG editor ? Regards Aniesh Joseph -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Tue Apr 3 08:43:14 2007 From: tedd at sperling.com (tedd) Date: Tue, 3 Apr 2007 08:43:14 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <200704030912.21782.arzala@gmail.com> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> Message-ID: At 9:12 AM +0530 4/3/07, Anirudh Zala wrote: >Please remember below rules while writing PHP expressions. > >#1 There is practically NO use of "double quotes" in PHP in writing >expressions EXCEPT expanding sequences like converting "\n" into newline, >"\t" to tabulator (in regex etc.). Which means you should not use "double >quotes" at any other place than above. I'm not sure if what you are saying includes this, but I use double quotes all the time in php for producing html. For example: [1] echo("$myResult
"); [2] echo('$myResult'); The use of double quotes in [1] allows me to print something without having to use the dot operator. The use of the single quotes in [2] allows me to use the double quotes in html without having to escape them. Note in both usages, the variable $myResult was used without regard to quotes. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From kenrbnsn at rbnsn.com Tue Apr 3 08:51:43 2007 From: kenrbnsn at rbnsn.com (Ken Robinson) Date: Tue, 03 Apr 2007 08:51:43 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> Message-ID: At 08:43 AM 4/3/2007, tedd wrote: >I'm not sure if what you are saying includes this, but I use double >quotes all the time in php for producing html. For example: > >[1] echo("$myResult
"); >[2] echo('$myResult'); > >The use of double quotes in [1] allows me to print something without >having to use the dot operator. How you write number [1] comes down to personal preference. I'd rather write it as: echo $myResult . '
'; In number [2], I hope you realize that the string '$myResult' will be treated as a static string and will not be evaluated. Also, since "echo" is a language construct and not a function, the parenthesis are not required. Ken From felix.shnir at gmail.com Tue Apr 3 09:00:59 2007 From: felix.shnir at gmail.com (Felix Shnir) Date: Tue, 3 Apr 2007 09:00:59 -0400 Subject: [nycphp-talk] Can somebody suggest a site to download WYSIWYG editor ? In-Reply-To: <1b3d2fde0704030520g211f5e81g70bd2dd823a4e57e@mail.gmail.com> References: <1b3d2fde0704030520g211f5e81g70bd2dd823a4e57e@mail.gmail.com> Message-ID: tinymce & fckeditor. google'em On 4/3/07, Aniesh joseph wrote: > Hello > > > Can somebody suggest a site to download WYSIWYG editor ? > > > Regards > Aniesh Joseph > From tedd at sperling.com Tue Apr 3 09:30:34 2007 From: tedd at sperling.com (tedd) Date: Tue, 3 Apr 2007 09:30:34 -0400 Subject: [nycphp-talk] single quote vs. double quote References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> Message-ID: At 8:51 AM -0400 4/3/07, Ken Robinson wrote: >At 08:43 AM 4/3/2007, tedd wrote: > >>I'm not sure if what you are saying includes this, but I use double >>quotes all the time in php for producing html. For example: >> >>[1] echo("$myResult
"); >>[2] echo('$myResult'); >> >>The use of double quotes in [1] allows me to print something >>without having to use the dot operator. > >How you write number [1] comes down to personal preference. I'd >rather write it as: > >echo $myResult . '
'; > >In number [2], I hope you realize that the string '$myResult' will >be treated as a static string and will not be evaluated. > >Also, since "echo" is a language construct and not a function, the >parenthesis are not required. 1. Yeah, you're right. In that example I have to put in those escape operators to get it to work correctly. But in my defense, I was typing code on the fly -- it was the topic and not the syntax I was addressing. echo("$myResult"); 2. Yes, echo is language construct and not a function, but my personal preference is to use the parentheses. It makes it easier for me to read and I know if I want to send it more than one parameter, then I can't use parentheses. But, my simplistic approach to problems usually finds another way. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From jonbaer at jonbaer.com Tue Apr 3 15:01:29 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Tue, 3 Apr 2007 15:01:29 -0400 Subject: [nycphp-talk] High-powered file viewer In-Reply-To: <46122771.6030509@secdat.com> References: <46122771.6030509@secdat.com> Message-ID: Not sure if you are looking to just parse/analyze but Ive used these scripting options: xxd -ps file.bin (pipe to grep | pipe to tr | piped to xxd -r) cut -b 10-13 | xxd -ps There is also a great rubygem called bindata which is dead simple to use, just build your own struct. http://bindata.rubyforge.org (Or were you just talking about a GUI app?) - Jon On Apr 3, 2007, at 6:07 AM, Kenneth Downs wrote: > Wondering if anybody can give personal experience with a linux- > based flexible file viewer. > > The file in question is a mixed binary/ascii (yes ascii, not utf-8) > format from a DOS program. It appears that financial data and > dates are encoded as binaries, probably to save space, and that > would mean there are also pointers in there. I've got to identify > about 4 important fields and pull them out. > > I've done jobs like this plenty of times, but not since my fox > days, and fox was pretty good with stuff like this. I've never had > to do it with *nix tools. > > I'm aware that there are plenty of hex viewers out there, what i'm > hoping for is that somebody has done something similar or close and > can recommend a good viewer from personal experience. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at devonianfarm.com Tue Apr 3 19:31:58 2007 From: paul at devonianfarm.com (Paul Houle) Date: Tue, 03 Apr 2007 19:31:58 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <200704030912.21782.arzala@gmail.com> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> Message-ID: <4612E3EE.9040605@devonianfarm.com> Anirudh Zala wrote: > #2 When your data is static, use 'single quotes' to tell PHP to use it "as it > is", if dynamic then should not be enclosed by ANY quote. > > #3 If you have mixture of static+dynamic then use $dynamic.'I am static' style > to concat dynamic and static data. > If I wanted to code like that, I'd be coding in Java. I did a long stint of programming in Perl, which offers you about 30,000 ways to quote text. Here are my rules for PHP. (1) Use ?>...some HTML... An embedded and charset-unspecified text was scrubbed... Name: not available URL: -------------- next part -------------- An HTML attachment was scrubbed... URL: From rick at napalmriot.com Tue Apr 3 23:37:23 2007 From: rick at napalmriot.com (Rick Olson) Date: Tue, 03 Apr 2007 20:37:23 -0700 Subject: [nycphp-talk] MySQL: Delete row In-Reply-To: <20070403.200519.21820.2363580@webmail10.nyc.untd.com> References: <20070403.200519.21820.2363580@webmail10.nyc.untd.com> Message-ID: <46131D73.6030209@napalmriot.com> > Scenario: > > Query the database table to get the result set: > > $Query = "SELECT * FROM $Tablename"; > > $Result = mysql_query($Query); //Returns the result set > > if (mysql_num_rows($Result) == 1) //if row I'm looking for is found > { while ($row = mysql_fetch_array($Result, MYSQL_ASSOC)) { $query = "DELETE FROM $Tablename WHERE [primary_key_field[s]] = '{$row['primary_key_result']}'"; mysql_query($query); } } Since I'm not sure on your database structure, I'm not really able to fill in the blanks there... not to mention you don't have a WHERE clause on that query, and you're checking to make sure there's only one row; unless your table has only one row in it, it's likely nothing will happen. Also, if you're looking to delete them, why not just replace your "SELECT * FROM" to a "DELETE FROM ..."? -- Rick From arzala at gmail.com Tue Apr 3 23:59:37 2007 From: arzala at gmail.com (Anirudh Zala) Date: Wed, 4 Apr 2007 09:29:37 +0530 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: References: <4611AAF6.1070306@gmx.net> Message-ID: <200704040929.37378.arzala@gmail.com> On Tuesday 03 April 2007 19:00, tedd wrote: > At 8:51 AM -0400 4/3/07, Ken Robinson wrote: > >At 08:43 AM 4/3/2007, tedd wrote: > >>I'm not sure if what you are saying includes this, but I use double > >>quotes all the time in php for producing html. For example: > >> > >>[1] echo("$myResult
"); > >>[2] echo('$myResult'); > >> > >>The use of double quotes in [1] allows me to print something > >>without having to use the dot operator. > > > >How you write number [1] comes down to personal preference. I'd > >rather write it as: > > > >echo $myResult . '
'; > > > >In number [2], I hope you realize that the string '$myResult' will > >be treated as a static string and will not be evaluated. > > > >Also, since "echo" is a language construct and not a function, the > >parenthesis are not required. > > 1. Yeah, you're right. In that example I have to put in those escape > operators to get it to work correctly. But in my defense, I was > typing code on the fly -- it was the topic and not the syntax I was > addressing. > > echo("$myResult"); It is matter of preference and convenience. As I said when you use double quotes to enclose expression, PHP will try to look for "constants" that will match part of static string. If constant is not found then will use string as it is but if found then will replace that part of string by matching constant's value. In your above example, if there is defined a constant as "href" (though not likely to exist) then it's value will be replaced in final output. That is why "" should not be used there. Hence proper expression could be written like below: echo ''.$myResult.''; Now there is no harm of expansion of static data. > > 2. Yes, echo is language construct and not a function, but my > personal preference is to use the parentheses. It makes it easier > for me to read and I know if I want to send it more than one > parameter, then I can't use parentheses. But, my simplistic approach > to problems usually finds another way. > > Cheers, > > tedd Anirudh Zala From ramons at gmx.net Wed Apr 4 09:57:12 2007 From: ramons at gmx.net (David Krings) Date: Wed, 04 Apr 2007 09:57:12 -0400 Subject: [nycphp-talk] Loading array from file Message-ID: <4613AEB8.5040801@gmx.net> Hi! Working on my internationalization project I am now ready to load the contents of a string file into an array and use the strings. Now, I have to ideas when to do this: a) run this on load of every page with output b) run it once on the start page and store the array in the session Does anyone have any experience with doing one or the other (or both)? I wonder which way is the faster / more robust. My guess is that after I'm done the string file will have several hundred entries. Thanks in advance. David From ben at projectskyline.com Wed Apr 4 10:01:36 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyline)) Date: Wed, 4 Apr 2007 10:01:36 -0400 Subject: [nycphp-talk] Loading array from file References: <4613AEB8.5040801@gmx.net> Message-ID: <036301c776c1$c2859ad0$6a01a8c0@gamebox> Hello, I worked on a large PHP project, we used to have HUGH arrays (it would sometimes timeout the script) I can't remember..but they were slow...but more often, a particular SQL statement was even slower when we did performance related tuning..it was SQL we always had to fix. What about storing the result in a temp table? - Ben ----- Original Message ----- From: "David Krings" To: "NYPHP Talk" Sent: Wednesday, April 04, 2007 9:57 AM Subject: [nycphp-talk] Loading array from file > Hi! > > Working on my internationalization project I am now ready to load the > contents of a string file into an array and use the strings. Now, I have > to ideas when to do this: > a) run this on load of every page with output > b) run it once on the start page and store the array in the session > > Does anyone have any experience with doing one or the other (or both)? I > wonder which way is the faster / more robust. > > My guess is that after I'm done the string file will have several hundred > entries. > > Thanks in advance. > > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ramons at gmx.net Wed Apr 4 10:46:06 2007 From: ramons at gmx.net (David Krings) Date: Wed, 04 Apr 2007 10:46:06 -0400 Subject: [nycphp-talk] Loading array from file In-Reply-To: <036301c776c1$c2859ad0$6a01a8c0@gamebox> References: <4613AEB8.5040801@gmx.net> <036301c776c1$c2859ad0$6a01a8c0@gamebox> Message-ID: <4613BA2E.2020808@gmx.net> Ben Sgro (ProjectSkyline) wrote: > Hello, > > > What about storing the result in a temp table? > There is no SQL or database table involved. I don't see any good reason to keep static stuff like text strings in a database table. Also, since I do not know all languages (only two) others will find it much easier to translate a flat ASCII file than something that is stuck in a table. I also don't see a point in loading the strings from file, putting them into a temp table, then use SQL to pull that stuff back out, stick it into an array, and then use it. Unless accessing a temp table is quicker than picking an element out of an array by key, but I doubt that is the case. David From g.hagger at gmail.com Wed Apr 4 11:02:15 2007 From: g.hagger at gmail.com (Graham Hagger) Date: Wed, 04 Apr 2007 11:02:15 -0400 Subject: [nycphp-talk] Loading array from file In-Reply-To: <4613AEB8.5040801@gmx.net> References: <4613AEB8.5040801@gmx.net> Message-ID: <4613BDF7.3020700@gmail.com> David, I recently had to do some work with our companies meeting room booking system, which was originally based on the open source PHP based MRBS project that's out there somewhere. For their internationalization they had used separate include files for each language, with the correct one being included at runtime based on the users language. Each of the language files basically just built the same associative array but with the correct translations for that language. The required language file does get read with every page load, but this seems to take no time whatsoever. Hope this helps... it is my first post to this list :) Graham David Krings wrote: > Hi! > > Working on my internationalization project I am now ready to load the > contents of a string file into an array and use the strings. Now, I > have to ideas when to do this: > a) run this on load of every page with output > b) run it once on the start page and store the array in the session > > Does anyone have any experience with doing one or the other (or both)? > I wonder which way is the faster / more robust. > > My guess is that after I'm done the string file will have several > hundred entries. > > Thanks in advance. > > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From chsnyder at gmail.com Wed Apr 4 11:47:54 2007 From: chsnyder at gmail.com (csnyder) Date: Wed, 4 Apr 2007 11:47:54 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <4612E3EE.9040605@devonianfarm.com> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> <4612E3EE.9040605@devonianfarm.com> Message-ID: On 4/3/07, Paul Houle wrote: > > Here are my rules for PHP. > > (1) Use ?>...some HTML... (2) Avoid heredoc -- it's particularly treacherous in PHP > (3) Use " in most situations. Use \ to escape ", $ and \. > (4) Make a habit of writing {$like_this} > Nicely put. -- Chris Snyder http://chxo.com/ From ramons at gmx.net Wed Apr 4 13:02:30 2007 From: ramons at gmx.net (David Krings) Date: Wed, 04 Apr 2007 13:02:30 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <4612E3EE.9040605@devonianfarm.com> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> <4612E3EE.9040605@devonianfarm.com> Message-ID: <4613DA26.209@gmx.net> Paul Houle wrote: > (4) Make a habit of writing {$like_this} Can you elaborate on this? Me guessing of what you mean is probably not a good approach. Thanks in advance. David From lists at zaunere.com Wed Apr 4 13:10:25 2007 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 4 Apr 2007 13:10:25 -0400 Subject: [nycphp-talk] FW: PHP statistics for March 2007 Message-ID: <012301c776dc$231d1660$6d0aa8c0@MobileZ> Some interesting stats for March... > PHP adoption statistics for March 2007 are released. > > * 5.2.1 growing fast > * PHP 5.2.0 leaving room for PHP 5.2.1 > * PHP 4.4.5/6 discreet > > As usual, lots of other details : PHP versions, Apache, country > details, etc. > Feel free to ask any other details, stats or context about the study. > > PHP stats evolution for March 2007 > > http://www.nexen.net/chiffres_cles/phpversion/16814-php_stats_evolution_for_ march_2007.php > PHP statistics for March 2007 > http://www.nexen.net/chiffres_cles/phpversion/16811-php_statistics_for_march _2007.php > > All nexen.net articles in English : > http://www.nexen.net/the_english_speaking_nexen.net.php From hendrel at telkomsa.net Wed Apr 4 13:27:18 2007 From: hendrel at telkomsa.net (Hendre Louw) Date: Wed, 4 Apr 2007 19:27:18 +0200 Subject: [nycphp-talk] PHP Web Frameworks Message-ID: <20070404172715.4DDB9221A@ctb-mesg4.saix.net> Hi What PHP web frameworks are out there? Does anybody know Symfony? Hendre -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Wed Apr 4 14:13:09 2007 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 4 Apr 2007 14:13:09 -0400 (EDT) Subject: [nycphp-talk] PHP Web Frameworks In-Reply-To: <20070404172715.4DDB9221A@ctb-mesg4.saix.net> Message-ID: On Wed, 4 Apr 2007, Hendre Louw wrote: > What PHP web frameworks are out there? Does anybody know Symfony? We're using Symfony for a major project. Yahoo Bookmarks is built on Symfony. Its pretty good (totally OOP and lots of Railsisms in it). Do you have any specific questions? -- Aj. (ajai at bitblit.net) From kenneth at ylayali.net Wed Apr 4 15:46:35 2007 From: kenneth at ylayali.net (Kenneth Dombrowski) Date: Wed, 4 Apr 2007 15:46:35 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <200704040929.37378.arzala@gmail.com> References: <4611AAF6.1070306@gmx.net> <200704040929.37378.arzala@gmail.com> Message-ID: <20070404194635.GA27906@ylayali.net> On 07-04-04 09:29 +0530, Anirudh Zala wrote: > On Tuesday 03 April 2007 19:00, tedd wrote: > > At 8:51 AM -0400 4/3/07, Ken Robinson wrote: > > >At 08:43 AM 4/3/2007, tedd wrote: > > >>I'm not sure if what you are saying includes this, but I use double > > >>quotes all the time in php for producing html. For example: > > >> > > >>[1] echo("$myResult
"); > > >>[2] echo('$myResult'); > > >> > > >>The use of double quotes in [1] allows me to print something > > >>without having to use the dot operator. > > It is matter of preference and convenience. As I said when you use double > quotes to enclose expression, PHP will try to look for "constants" that will > match part of static string. If constant is not found then will use string as > it is but if found then will replace that part of string by matching > constant's value. > > In your above example, if there is defined a constant as "href" (though not > likely to exist) then it's value will be replaced in final output. That is > why "" should not be used there. This is incorrect. Strings are never evaluated for constants. Double-quoted strings are evaluated for "$variableExpansion" , which incurs a slight processing cost Unquoted strings are first evaluated as constants, and if not found, an E_NOTICE is issued, and the unquoted string is treated as a string literal (as if it were surrounded by single quotes) kenneth at gilgamesh:/tmp$ php -r 'define("XYZ", "hi there"); echo "XYZ\n"; echo XYZ . "\n";' XYZ hi there except for that detail, I agree with Anirudh's advice to not use "" except for the few places you need it ("\n", etc) Kenneth From sal.perconte at verizon.net Wed Apr 4 17:20:55 2007 From: sal.perconte at verizon.net (Sal Perconte) Date: Wed, 04 Apr 2007 17:20:55 -0400 Subject: [nycphp-talk] PHP Web Frameworks In-Reply-To: Message-ID: <0JFZ00I3GSOVPH00@vms040.mailsrvcs.net> Try 'code igniter' -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Ajai Khattri Sent: Wednesday, April 04, 2007 2:13 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PHP Web Frameworks On Wed, 4 Apr 2007, Hendre Louw wrote: > What PHP web frameworks are out there? Does anybody know Symfony? We're using Symfony for a major project. Yahoo Bookmarks is built on Symfony. Its pretty good (totally OOP and lots of Railsisms in it). Do you have any specific questions? -- Aj. (ajai at bitblit.net) _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From paul at devonianfarm.com Wed Apr 4 18:41:12 2007 From: paul at devonianfarm.com (Paul Houle) Date: Wed, 04 Apr 2007 18:41:12 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <4613DA26.209@gmx.net> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> <4612E3EE.9040605@devonianfarm.com> <4613DA26.209@gmx.net> Message-ID: <46142988.9070800@devonianfarm.com> David Krings wrote: > Paul Houle wrote: >> (4) Make a habit of writing {$like_this} > > Can you elaborate on this? Me guessing of what you mean is probably > not a good approach. Thanks in advance. > There's a short form and long form of substitution in PHP. The short form is $x="$y an example of the short form"; and $x="{$y} is an example of the short form"; You can get in trouble with the short form because it's greedy. Imagine you're trying to make the name of a logfile $logfile_name="$year_$month_$day_logfile.txt"; PHP evaluates "$" expressions in a greedy manner, so it will look up the variables $year_ $month_ $day_logfile rather than $year $month $day that you probably want. $logfile_name="{$year}_{$month}_{$day}_logfile.txt"; gets the desired effect. The long form also lets you do cool things with arrays and object, like "{$my_array[$index]}" "{$my_array["i_can_really_use_quotes_to_have_a_string_here"]}" "{$object->special_property}" From ken at secdat.com Wed Apr 4 19:22:29 2007 From: ken at secdat.com (Kenneth Downs) Date: Wed, 04 Apr 2007 19:22:29 -0400 Subject: [nycphp-talk] PHP Web Frameworks In-Reply-To: <20070404172715.4DDB9221A@ctb-mesg4.saix.net> References: <20070404172715.4DDB9221A@ctb-mesg4.saix.net> Message-ID: <46143335.2050706@secdat.com> Hendre Louw wrote: > > Hi > > > > What PHP web frameworks are out there? Does anybody know Symfony? > If you do complex databases, where complete integration of security, constraints and automations are very important, then you may want to check out our Andromeda framework, www.andromeda-project.org. I should let you know that it is right now a linux-only, postgres-only project, so if you are married to mySQL or Windows it won't help you today. > > > Hendre > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From g.hagger at gmail.com Wed Apr 4 19:41:50 2007 From: g.hagger at gmail.com (Graham Hagger) Date: Wed, 04 Apr 2007 19:41:50 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <46142988.9070800@devonianfarm.com> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> <4612E3EE.9040605@devonianfarm.com> <4613DA26.209@gmx.net> <46142988.9070800@devonianfarm.com> Message-ID: <461437BE.80206@gmail.com> While I agree wholeheartedly it's important to note that.... Paul Houle wrote: > > > gets the desired effect. The long form also lets you do cool things > with arrays and object, like > > "{$my_array[$index]}" > "{$my_array["i_can_really_use_quotes_to_have_a_string_here"]}" > "{$object->special_property}" ...Using "{$object->method()}" does NOT work. As in {$object->getMemberVariableBecauseItsPrivate()} Graham From ramons at gmx.net Wed Apr 4 20:22:33 2007 From: ramons at gmx.net (David Krings) Date: Wed, 04 Apr 2007 20:22:33 -0400 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <46142988.9070800@devonianfarm.com> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> <4612E3EE.9040605@devonianfarm.com> <4613DA26.209@gmx.net> <46142988.9070800@devonianfarm.com> Message-ID: <46144149.7020208@gmx.net> Paul Houle wrote: > David Krings wrote: >> Paul Houle wrote: >>> (4) Make a habit of writing {$like_this} >> >> Can you elaborate on this? Me guessing of what you mean is probably >> not a good approach. Thanks in advance. >> > There's a short form and long form of substitution in PHP. The short > form is > > $x="$y an example of the short form"; > > and > > $x="{$y} is an example of the short form"; > > You can get in trouble with the short form because it's greedy. > Imagine you're trying to make the name of a logfile > > $logfile_name="$year_$month_$day_logfile.txt"; > > PHP evaluates "$" expressions in a greedy manner, so it will look up > the variables > > $year_ > $month_ > $day_logfile > > rather than > > $year > $month > $day Wouldn't I rather do the following anyway? $logfile_name=$year."_".$month."_".$day."_logfile.txt"; I would never have gotten the idea to do this the way you described. Concatenation of the strings is IMHO way easier to comprehend, at least for me and maybe even for PHP. David From chsnyder at gmail.com Wed Apr 4 21:21:08 2007 From: chsnyder at gmail.com (csnyder) Date: Wed, 4 Apr 2007 21:21:08 -0400 Subject: [nycphp-talk] Loading array from file In-Reply-To: <4613BDF7.3020700@gmail.com> References: <4613AEB8.5040801@gmx.net> <4613BDF7.3020700@gmail.com> Message-ID: On 4/4/07, Graham Hagger wrote: > For their internationalization they had used separate include files for > each language, with the correct one being included at runtime based on > the users language. > > Each of the language files basically just built the same associative > array but with the correct translations for that language. The required > language file does get read with every page load, but this seems to take > no time whatsoever. Yes, this all sounds so easy. Makes me wonder why I use gettext, in fact. If/when you use apc or some other compiler cache, you'll never notice the include of an array with a few hundred entries. Much better than doing database lookups, like I've seen in some applications. -- Chris Snyder http://chxo.com/ From nate at cakephp.org Wed Apr 4 21:58:58 2007 From: nate at cakephp.org (Nate Abele) Date: Wed, 4 Apr 2007 21:58:58 -0400 Subject: [nycphp-talk] PHP Web Frameworks In-Reply-To: <20070405011655.42A7710A806D@cakephp.org> References: <20070405011655.42A7710A806D@cakephp.org> Message-ID: <506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org> > Date: Wed, 4 Apr 2007 14:13:09 -0400 (EDT) > From: Ajai Khattri > Subject: Re: [nycphp-talk] PHP Web Frameworks > To: NYPHP Talk > Message-ID: > Content-Type: TEXT/PLAIN; charset=US-ASCII > > On Wed, 4 Apr 2007, Hendre Louw wrote: > >> What PHP web frameworks are out there? Does anybody know Symfony? > > We're using Symfony for a major project. Yahoo Bookmarks is built on > Symfony. Its pretty good (totally OOP and lots of Railsisms in it). > > Do you have any specific questions? > > > -- > Aj. (ajai at bitblit.net) > The Yahoo! team had to re-architect several parts of the framework to get it to do what they wanted. Regardless of that, I hear they were having some significant scaling issues. The Firefox Add-ons portal (https://addons.mozilla.org/) was built on CakePHP, and you can check out the source code here: http://svn.mozilla.org/addons/trunk/site/ app/. To date, the site has handled the arguably higher load without a hitch. - Nate From lists at silmail.com Wed Apr 4 22:36:36 2007 From: lists at silmail.com (Jiju Thomas Mathew) Date: Thu, 5 Apr 2007 08:06:36 +0530 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <46144149.7020208@gmx.net> References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com> <4612E3EE.9040605@devonianfarm.com> <4613DA26.209@gmx.net> <46142988.9070800@devonianfarm.com> <46144149.7020208@gmx.net> Message-ID: <6431a0f40704041936w45e595a8od29190e36fd4bf75@mail.gmail.com> > > > Wouldn't I rather do the following anyway? > $logfile_name=$year."_".$month."_".$day."_logfile.txt"; > > I would never have gotten the idea to do this the way you described. > Concatenation of the strings is IMHO way easier to comprehend, at least > for me and maybe even for PHP. > > Hi David I would prefer the following anyway? $logfile_name = $year . '_' . $month . '_' . $day . '_logfile.txt'; -- Jiju Thomas Mathew http://www.php-trivandrum.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From arzala at gmail.com Wed Apr 4 23:26:46 2007 From: arzala at gmail.com (Anirudh Zala) Date: Thu, 5 Apr 2007 08:56:46 +0530 Subject: [nycphp-talk] PHP Web Frameworks In-Reply-To: <20070404172715.4DDB9221A@ctb-mesg4.saix.net> References: <20070404172715.4DDB9221A@ctb-mesg4.saix.net> Message-ID: <200704050856.46704.arzala@gmail.com> On Wednesday 04 April 2007 22:57, Hendre Louw wrote: > Hi > > > > What PHP web frameworks are out there? Does anybody know Symfony? > > > > Hendre http://www.phpit.net/article/ten-different-php-frameworks/ Although I would love to use my own, but as you have asked for publically available frameworks then top 3 are Symfony, Zend and CakePHP (not in order of rankings) Thanks, Anirudh Zala From arzala at gmail.com Wed Apr 4 23:40:50 2007 From: arzala at gmail.com (Anirudh Zala) Date: Thu, 5 Apr 2007 09:10:50 +0530 Subject: [nycphp-talk] single quote vs. double quote In-Reply-To: <20070404194635.GA27906@ylayali.net> References: <4611AAF6.1070306@gmx.net> <200704040929.37378.arzala@gmail.com> <20070404194635.GA27906@ylayali.net> Message-ID: <200704050910.50721.arzala@gmail.com> On Thursday 05 April 2007 01:16, Kenneth Dombrowski wrote: > On 07-04-04 09:29 +0530, Anirudh Zala wrote: > > On Tuesday 03 April 2007 19:00, tedd wrote: > > > At 8:51 AM -0400 4/3/07, Ken Robinson wrote: > > > >At 08:43 AM 4/3/2007, tedd wrote: > > > >>I'm not sure if what you are saying includes this, but I use double > > > >>quotes all the time in php for producing html. For example: > > > >> > > > >>[1] echo("$myResult
"); > > > >>[2] echo('$myResult'); > > > >> > > > >>The use of double quotes in [1] allows me to print something > > > >>without having to use the dot operator. > > > > It is matter of preference and convenience. As I said when you use double > > quotes to enclose expression, PHP will try to look for "constants" that > > will match part of static string. If constant is not found then will use > > string as it is but if found then will replace that part of string by > > matching constant's value. > > > > In your above example, if there is defined a constant as "href" (though > > not likely to exist) then it's value will be replaced in final output. > > That is why "" should not be used there. > > This is incorrect. Strings are never evaluated for constants. > Double-quoted strings are evaluated for "$variableExpansion" , which > incurs a slight processing cost > > Unquoted strings are first evaluated as constants, and if not found, an > E_NOTICE is issued, and the unquoted string is treated as a string > literal (as if it were surrounded by single quotes) > > kenneth at gilgamesh:/tmp$ php -r 'define("XYZ", "hi there"); echo "XYZ\n"; > echo XYZ . "\n";' XYZ > hi there Thanks for correcting my belief. Looks like I had misconception about this issue. :) > > except for that detail, I agree with Anirudh's advice to not use "" except > for the few places you need it ("\n", etc) > > Kenneth > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php Anirudh Zala From cliff at pinestream.com Thu Apr 5 07:47:07 2007 From: cliff at pinestream.com (Cliff Hirsch) Date: Thu, 05 Apr 2007 07:47:07 -0400 Subject: [nycphp-talk] PHP Web Frameworks In-Reply-To: <506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org> Message-ID: On 4/4/07 9:58 PM, "Nate Abele" wrote: > The Yahoo! team had to re-architect several parts of the framework to > get it to do what they wanted. Regardless of that, I hear they were > having some significant scaling issues. The Firefox Add-ons portal > (https://addons.mozilla.org/) was built on CakePHP, and you can check > out the source code here: http://svn.mozilla.org/addons/trunk/site/ > app/. To date, the site has handled the arguably higher load without > a hitch. > > - Nate Do you have any additional insight into what "scaling issues" means? Database overload? Session problems? Bloated "helpers? Their YAML is compiled and caching is part of the framework, so I'm curious where the pain points are versus say...for example...Cake. Cliff From support at dailytechnology.net Thu Apr 5 09:10:05 2007 From: support at dailytechnology.net (Brian Dailey) Date: Thu, 05 Apr 2007 09:10:05 -0400 Subject: [nycphp-talk] PHP Web Frameworks In-Reply-To: <200704050856.46704.arzala@gmail.com> References: <20070404172715.4DDB9221A@ctb-mesg4.saix.net> <200704050856.46704.arzala@gmail.com> Message-ID: <4614F52D.7080809@dailytechnology.net> I've used CakePHP for several projects at this point and I'm pretty happy with it. I've also had a hand in symphony, RoR, and some others and found CakePHP to be the best fit for my needs and coding style. YMMV. - Brian Anirudh Zala wrote: > On Wednesday 04 April 2007 22:57, Hendre Louw wrote: >> Hi >> >> >> >> What PHP web frameworks are out there? Does anybody know Symfony? >> >> >> >> Hendre > > http://www.phpit.net/article/ten-different-php-frameworks/ > > Although I would love to use my own, but as you have asked for publically > available frameworks then top 3 are Symfony, Zend and CakePHP (not in order > of rankings) > > Thanks, > > Anirudh Zala > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From spangia at redcent.net Thu Apr 5 09:21:59 2007 From: spangia at redcent.net (Sean Pangia) Date: Thu, 05 Apr 2007 09:21:59 -0400 Subject: [nycphp-talk] PHP Web Frameworks In-Reply-To: <4614F52D.7080809@dailytechnology.net> References: <20070404172715.4DDB9221A@ctb-mesg4.saix.net> <200704050856.46704.arzala@gmail.com> <4614F52D.7080809@dailytechnology.net> Message-ID: <4614F7F7.6090900@redcent.net> cake rocks my world. Brian Dailey wrote: > I've used CakePHP for several projects at this point and I'm pretty > happy with it. I've also had a hand in symphony, RoR, and some others > and found CakePHP to be the best fit for my needs and coding style. YMMV. > > - Brian > > Anirudh Zala wrote: > >> On Wednesday 04 April 2007 22:57, Hendre Louw wrote: >> >>> Hi >>> >>> >>> >>> What PHP web frameworks are out there? Does anybody know Symfony? >>> >>> >>> >>> Hendre >> >> >> http://www.phpit.net/article/ten-different-php-frameworks/ >> >> Although I would love to use my own, but as you have asked for >> publically available frameworks then top 3 are Symfony, Zend and >> CakePHP (not in order of rankings) >> >> Thanks, >> >> Anirudh Zala >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- _______________________________________ Sean Pangia Red Cent 54 West 21st Street, #607 NYC 10010 212.255.3800 ext. 201 www.redcent.net From chsnyder at gmail.com Thu Apr 5 10:39:18 2007 From: chsnyder at gmail.com (csnyder) Date: Thu, 5 Apr 2007 10:39:18 -0400 Subject: [nycphp-talk] Use of unneutered JSON considered harmful Message-ID: I've recommended (and continue to recommend) JSON as an efficient alternative to XML for passing server-side date to client-side web apps. But, as explained in the report linked below, an attacker can use an everyday I am trying to update the table using the contact_id field, I did not return any values from AJAX action page. But this code did not work properly. If I uncomment the alert inside the function "check_form_values()", then updation will work perfectly. Can someone help me to fix this problem ? Regards Aniesh Joseph -------------- next part -------------- An HTML attachment was scrubbed... URL: From anieshjoseph at gmail.com Thu Apr 26 04:31:10 2007 From: anieshjoseph at gmail.com (Aniesh joseph) Date: Thu, 26 Apr 2007 14:01:10 +0530 Subject: [nycphp-talk] Send HTML mail with Javascript function Message-ID: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com> Hello All, I am trying to send one mail with HTML content. To do this, I have added HML header to mail function. Inside the content, I added a Javascript function that calls a Ajax Page( to send one mail to my mail address). I called this Javascript function on the onload of body of html like /* Javscript function and make call to AJAX action page */ /*matter*/ But it did not work . Can we able to call JavaScript when loading the content inside the mail ? Can somebody help me? Regards, Aniesh Joseph -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Thu Apr 26 06:29:42 2007 From: ramons at gmx.net (David Krings) Date: Thu, 26 Apr 2007 06:29:42 -0400 Subject: [nycphp-talk] Send HTML mail with Javascript function In-Reply-To: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com> References: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com> Message-ID: <46307F16.9080202@gmx.net> Aniesh joseph wrote: > > Hello All, > > I am trying to send one mail with HTML content. To do this, I have added > HML header to mail function. > I really wonder why? HTML is for port 80, not 21. HTML in emails is IMHO the biggest waste ever. Nobody likes it, but almost everybody sends it. If it is about adding graphics or other non-text content that is necessary, create an attachment. Sorry to sound so harsh, but in fact, not doing HTML emails will likely solve your problem. David From rmarscher at beaffinitive.com Thu Apr 26 11:39:17 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Thu, 26 Apr 2007 11:39:17 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <462D4D34.5050104@gmx.net> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> Message-ID: <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> >> Is there any way I can check which sessions are currently active >> and which aren't? I like to add some housekeeping code, but taking >> away things from active sessions would be just mean. Check out the documentation for session_set_save_handler -- http:// us.php.net/manual/en/function.session-set-save-handler.php This is how you can override the way php handles sessions by default and put in your own code. The "gc" function (stands for garbage collection) is where the "housekeeping" code goes. Note that the default php session handlers should be cleaning up the expired session temp files for you automatically. The location for these temp files is specified by the session.save_path php.ini setting. > My plan is to create a session, authenticate the user, then > generate a new session ID for the session )I read that this > improves security and is easy enough to do) As far as regenerating the session id after login, it *is* simple -- http://us.php.net/manual/en/function.session-regenerate-id.php -- but if you're overwriting the default session handler to store sessions in a database table, you need to make sure that it's getting updated the way you expect. ------------------ Rob Marscher Software Engineer rmarscher at beaffinitive.com 212.684.9100x17 From lists at enobrev.com Thu Apr 26 14:34:31 2007 From: lists at enobrev.com (Mark Armendariz) Date: Thu, 26 Apr 2007 14:34:31 -0400 Subject: [nycphp-talk] Send HTML mail with Javascript function In-Reply-To: <46307F16.9080202@gmx.net> References: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com> <46307F16.9080202@gmx.net> Message-ID: <01b001c78831$886a2060$6400a8c0@enobrev> > Aniesh joseph wrote: > > > > Hello All, > > > > I am trying to send one mail with HTML content. To do this, I have > > added HML header to mail function. > > > > I really wonder why? HTML is for port 80, not 21. HTML in > emails is IMHO the biggest waste ever. I'm not sure I can agree, David. HTML is merely a markup language meant for improving how information looks and definitely has a place in our most used means of commication. We have things such as bold, italics, listings, etc in all printing apps because how they help us communicate. Sure, some can be mocked in plain text but what's so wrong with someone selecting text and hitting ctrl-b to bold the text and having a standard any email client / browser will understand. As for images within, it can easily be misused, but so can ascii art and bananas in tail pipes. Just because it's handled poorly and poorly utilized doesn't mean it should be done away with. As for Javascript in emails, I'm not sure that email clients will run it, and if they do, I expect they would block XHR for security risks. I really really hope they would. XHR in emails worries me. If you're trying to track emails, consider adding an image and tracking that image's load - allowing the user the option to turn on their images in most modern clients. Or even better, give them a link to click and let them choose to be tracked (if that's what you're using it for). Mark From susan_shemin at yahoo.com Thu Apr 26 15:24:22 2007 From: susan_shemin at yahoo.com (Susan Shemin) Date: Thu, 26 Apr 2007 12:24:22 -0700 (PDT) Subject: [nycphp-talk] wonderful presentation on Tuesday Message-ID: <895514.65811.qm@web50206.mail.re2.yahoo.com> Chris did an excellent job with the introduction on how to make PHP code more secure. Love that he used an Ajax example. I do have a question since I wasn't able to go to the question time at TGIFriday's. How ever can someone inject their code/script onto my webpage? The code is on my server so they don't have access to it. Am I missing something here? Susan -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmarscher at beaffinitive.com Thu Apr 26 16:43:48 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Thu, 26 Apr 2007 16:43:48 -0400 Subject: [nycphp-talk] wonderful presentation on Tuesday In-Reply-To: <895514.65811.qm@web50206.mail.re2.yahoo.com> References: <895514.65811.qm@web50206.mail.re2.yahoo.com> Message-ID: <7250C145-3D49-45E5-A588-D23E543797A8@beaffinitive.com> > How ever can someone inject their code/script onto my webpage? The > code is on my server so they don't have access to it. Am I missing > something here? If you allow the user to submit anything that is then displayed our your site, they can inject javascript code unless you do a very good job "sanitizing" the user input. -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Thu Apr 26 17:08:36 2007 From: chsnyder at gmail.com (csnyder) Date: Thu, 26 Apr 2007 17:08:36 -0400 Subject: [nycphp-talk] wonderful presentation on Tuesday In-Reply-To: <7250C145-3D49-45E5-A588-D23E543797A8@beaffinitive.com> References: <895514.65811.qm@web50206.mail.re2.yahoo.com> <7250C145-3D49-45E5-A588-D23E543797A8@beaffinitive.com> Message-ID: On 4/26/07, Rob Marscher wrote: > > How ever can someone inject their code/script onto my webpage? The code is > on my server so they don't have access to it. Am I missing something here? > > If you allow the user to submit anything that is then displayed our your > site, they can inject javascript code unless you do a very good job > "sanitizing" the user input. And the submission may not just be limited to $_GET and $_POST... many of the $_SERVER vars can be problematic as well. The example Chris gave about Google's old 404 page, where it echoed the requested URI without escaping it first, could have been exploited by sending the following link to someone. I don't remember the mechanism exactly, but perhaps something like: hey victim, click here Given that link, if Google were to echo the value of $_SERVER['SCRIPT_URL'] without escaping, it would inject into the page. -- Chris Snyder http://chxo.com/ From susan_shemin at yahoo.com Thu Apr 26 17:19:17 2007 From: susan_shemin at yahoo.com (Susan Shemin) Date: Thu, 26 Apr 2007 14:19:17 -0700 (PDT) Subject: [nycphp-talk] wonderful presentation on Tuesday Message-ID: <730099.7462.qm@web50202.mail.re2.yahoo.com> That makes sense with database data, but how about "hijacking" the submit button by putting their script on the button/image that sends the login info to a different domain site? I'm not really looking for a specific how it's done (of course), but more for how ever is it possible if the webpage code is in a secure place? ----- Original Message ---- From: Rob Marscher To: NYPHP Talk Sent: Thursday, April 26, 2007 4:43:48 PM Subject: Re: [nycphp-talk] wonderful presentation on Tuesday How ever can someone inject their code/script onto my webpage? The code is on my server so they don't have access to it. Am I missing something here? If you allow the user to submit anything that is then displayed our your site, they can inject javascript code unless you do a very good job "sanitizing" the user input. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Thu Apr 26 19:07:29 2007 From: ramons at gmx.net (David Krings) Date: Thu, 26 Apr 2007 19:07:29 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> Message-ID: <463130B1.6040303@gmx.net> Rob Marscher wrote: >>> Is there any way I can check which sessions are currently active and >>> which aren't? I like to add some housekeeping code, but taking away >>> things from active sessions would be just mean. > > Check out the documentation for session_set_save_handler -- > http://us.php.net/manual/en/function.session-set-save-handler.php This > is how you can override the way php handles sessions by default and put > in your own code. The "gc" function (stands for garbage collection) is > where the "housekeeping" code goes. Note that the default php session > handlers should be cleaning up the expired session temp files for you > automatically. The location for these temp files is specified by the > session.save_path php.ini setting. Thanks for the pointer. I misused the term "temp file". What I do is create a folder that has to be unique and therefore is identical with the session id. That is not the temp folder that the web server / PHP creates when starting a session. I called it temp folder because I dump upload files and other stuff in there in order to do all kinds of things with it, once done the files are moved to the final resting spot. Since all this real client server and stateless stuff doesn't let me know when a client just went away, I have to come up with some way of cleaning up a bit at some point. When the client goes away right after an upload and before initiating the final submission, files may be left in there. While some stale folders and files are OK (although not nice), having them pile up over time will become a problem. So I need to keep track of the sessions that were generated through my script in order to ditch that folder with contents (annoyingly, there seems to be no PHP code word that does exactly that) when the session is most likely to be expired (24 hours later for example). >> My plan is to create a session, authenticate the user, then generate a >> new session ID for the session )I read that this improves security and >> is easy enough to do) > > As far as regenerating the session id after login, it *is* simple -- > http://us.php.net/manual/en/function.session-regenerate-id.php -- but if > you're overwriting the default session handler to store sessions in a > database table, you need to make sure that it's getting updated the way > you expect. Well, my idea is to start the session, do the login and authentication, when the user is accepted, regenerate the session id, and then write it to the table with a timestamp. I don't see any reason to write the first session id to the table, because I throw that one away soon after. I really only want to keep the ids because I want to clean up the folders that I created. Sounds like a workable and reliable approach to me...if I'd just had the time to finally do it. Working with ZIP files at the moment, which go to that session id folder as well. Still haven't really understood how the unpacking works and what this new and -> stuff is about, anyhow (OK, I read too much Bob Pease). Thanks for the help, David From ramons at gmx.net Thu Apr 26 19:18:52 2007 From: ramons at gmx.net (David Krings) Date: Thu, 26 Apr 2007 19:18:52 -0400 Subject: [nycphp-talk] Send HTML mail with Javascript function In-Reply-To: <01b001c78831$886a2060$6400a8c0@enobrev> References: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com> <46307F16.9080202@gmx.net> <01b001c78831$886a2060$6400a8c0@enobrev> Message-ID: <4631335C.1000908@gmx.net> Mark Armendariz wrote: > >> Aniesh joseph wrote: >>> Hello All, >>> >>> I am trying to send one mail with HTML content. To do this, I have >>> added HML header to mail function. >>> >> I really wonder why? HTML is for port 80, not 21. HTML in >> emails is IMHO the biggest waste ever. > > I'm not sure I can agree, David. HTML is merely a markup language meant for > improving how information looks and definitely has a place in our most used > means of commication. We have things such as bold, italics, listings, etc > in all printing apps because how they help us communicate. Sure, some can > be mocked in plain text but what's so wrong with someone selecting text and > hitting ctrl-b to bold the text and having a standard any email client / > browser will understand. > Those font attributes are in printing apps because they are printing apps. Email is and always was intended and therefore designed to handle flat ASCII. The main reason why I recommend against HTML in emails is that most popular email clients apparently have problems with either displaying or securely handling it (bad handling: Eudora, security problems see e.g. here http://tinyurl.com/267we7 [second page, middle]). You also refer to very basic font styling, which makes me think if there is a need to an email specific markup that does only that, but not all the stuff that HTML and ECMAScript can do. Let's say, there would be such an ESML (email styling markup language), email clients could simply ignore anything else but this. I had frequent problems with HTML emails and finally got convinced that turning all this eye candy crap off is the way to go. Since then I never came across a single occasion where I thought, gee, some bold or colour is really needed here. In regards to the original post, when HTML in the email isn't direly necessary (which I think it isn't) then the problem goes away, because it never occurs. Avoidance is a valid approach to problem handling. David From billy.reisinger at gmail.com Thu Apr 26 22:17:07 2007 From: billy.reisinger at gmail.com (Billy Reisinger) Date: Thu, 26 Apr 2007 21:17:07 -0500 Subject: [nycphp-talk] Send HTML mail with Javascript function In-Reply-To: <46307F16.9080202@gmx.net> References: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com> <46307F16.9080202@gmx.net> Message-ID: I think you meant that HTTP is for port 80. HTML is a markup language, not a protocol. Anyway, you can use HTTP on any port. Port 80 is what is webservers conventionally listen to. HTML in email is difficult mostly because there are so many email clients with different ideas of how to implement the HTML DOM. Think about it: not even the two major browsers on the market today can agree on this (Firefox, IE). I agree that it's a waste of time, but sometimes you don't have control over whether you have to do something like this or not. Billy On Apr 26, 2007, at 5:29 AM, David Krings wrote: > Aniesh joseph wrote: >> Hello All, >> I am trying to send one mail with HTML content. To do this, I have >> added HML header to mail function. > > I really wonder why? HTML is for port 80, not 21. HTML in emails is > IMHO the biggest waste ever. Nobody likes it, but almost everybody > sends it. > If it is about adding graphics or other non-text content that is > necessary, create an attachment. > Sorry to sound so harsh, but in fact, not doing HTML emails will > likely solve your problem. > > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From pyurt at yahoo.com Fri Apr 27 06:36:20 2007 From: pyurt at yahoo.com (P Yurt) Date: Fri, 27 Apr 2007 03:36:20 -0700 (PDT) Subject: [nycphp-talk] Send HTML mail with Javascript function Message-ID: <573855.46031.qm@web52204.mail.re2.yahoo.com> I get newsletters and flyers which have a picture based layouts. If I turn off HTML I cannot get a quick look at the page a know anything. To me this is a case where HTML mail is desirable and beneficial. I am not so sure I want my mail client doing AJAX round trips. There is way too much spam already, let alone spam which has dynamic content updates...that worries me. Paul Yurt The more credible, accurate & honest Web: www.mastermoz.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Krings Sent: Thursday, April 26, 2007 4:19 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Send HTML mail with Javascript function Mark Armendariz wrote: > >> Aniesh joseph wrote: >>> Hello All, >>> >>> I am trying to send one mail with HTML content. To do this, I have >>> added HML header to mail function. >>> >> I really wonder why? HTML is for port 80, not 21. HTML in >> emails is IMHO the biggest waste ever. > > I'm not sure I can agree, David. HTML is merely a markup language meant for > improving how information looks and definitely has a place in our most used > means of commication. We have things such as bold, italics, listings, etc > in all printing apps because how they help us communicate. Sure, some can > be mocked in plain text but what's so wrong with someone selecting text and > hitting ctrl-b to bold the text and having a standard any email client / > browser will understand. > Those font attributes are in printing apps because they are printing apps. Email is and always was intended and therefore designed to handle flat ASCII. The main reason why I recommend against HTML in emails is that most popular email clients apparently have problems with either displaying or securely handling it (bad handling: Eudora, security problems see e.g. here http://tinyurl.com/267we7 [second page, middle]). You also refer to very basic font styling, which makes me think if there is a need to an email specific markup that does only that, but not all the stuff that HTML and ECMAScript can do. Let's say, there would be such an ESML (email styling markup language), email clients could simply ignore anything else but this. I had frequent problems with HTML emails and finally got convinced that turning all this eye candy crap off is the way to go. Since then I never came across a single occasion where I thought, gee, some bold or colour is really needed here. In regards to the original post, when HTML in the email isn't direly necessary (which I think it isn't) then the problem goes away, because it never occurs. Avoidance is a valid approach to problem handling. David _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From anoland at indigente.net Fri Apr 27 09:12:26 2007 From: anoland at indigente.net (Adrian Noland) Date: Fri, 27 Apr 2007 09:12:26 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <463130B1.6040303@gmx.net> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> <463130B1.6040303@gmx.net> Message-ID: <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com> I think you need to think about your temp folder idea some more. You say that you are going to keep temp uploads and other things there that get destroyed after the user logs out. But if you are regenerating the user's session ID multiple times you will need to keep the temp folder in sync with that. I always think about the way online banks do it when I approach this problem. They put a META refresh or perhaps a setTimeout() on the page and force a page reload. If the request came from the refresh, then you know the user isn't paying attention anymore and can dump the session. On 4/26/07, David Krings wrote: > Rob Marscher wrote: > >>> Is there any way I can check which sessions are currently active and > >>> which aren't? I like to add some housekeeping code, but taking away > >>> things from active sessions would be just mean. > > > > Check out the documentation for session_set_save_handler -- > > http://us.php.net/manual/en/function.session-set-save-handler.php This > > is how you can override the way php handles sessions by default and put > > in your own code. The "gc" function (stands for garbage collection) is > > where the "housekeeping" code goes. Note that the default php session > > handlers should be cleaning up the expired session temp files for you > > automatically. The location for these temp files is specified by the > > session.save_path php.ini setting. > > Thanks for the pointer. I misused the term "temp file". What I do is > create a folder that has to be unique and therefore is identical with > the session id. That is not the temp folder that the web server / PHP > creates when starting a session. I called it temp folder because I dump > upload files and other stuff in there in order to do all kinds of things > with it, once done the files are moved to the final resting spot. Since > all this real client server and stateless stuff doesn't let me know when > a client just went away, I have to come up with some way of cleaning up > a bit at some point. When the client goes away right after an upload and > before initiating the final submission, files may be left in there. > While some stale folders and files are OK (although not nice), having > them pile up over time will become a problem. So I need to keep track of > the sessions that were generated through my script in order to ditch > that folder with contents (annoyingly, there seems to be no PHP code > word that does exactly that) when the session is most likely to be > expired (24 hours later for example). > > > >> My plan is to create a session, authenticate the user, then generate a > >> new session ID for the session )I read that this improves security and > >> is easy enough to do) > > > > As far as regenerating the session id after login, it *is* simple -- > > http://us.php.net/manual/en/function.session-regenerate-id.php -- but if > > you're overwriting the default session handler to store sessions in a > > database table, you need to make sure that it's getting updated the way > > you expect. > > Well, my idea is to start the session, do the login and authentication, > when the user is accepted, regenerate the session id, and then write it > to the table with a timestamp. I don't see any reason to write the first > session id to the table, because I throw that one away soon after. I > really only want to keep the ids because I want to clean up the folders > that I created. > > Sounds like a workable and reliable approach to me...if I'd just had the > time to finally do it. Working with ZIP files at the moment, which go to > that session id folder as well. Still haven't really understood how the > unpacking works and what this new and -> stuff is about, anyhow (OK, I > read too much Bob Pease). > > Thanks for the help, > > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From ajai at bitblit.net Fri Apr 27 11:15:56 2007 From: ajai at bitblit.net (Ajai Khattri) Date: Fri, 27 Apr 2007 11:15:56 -0400 (EDT) Subject: [nycphp-talk] wonderful presentation on Tuesday In-Reply-To: <730099.7462.qm@web50202.mail.re2.yahoo.com> Message-ID: On Thu, 26 Apr 2007, Susan Shemin wrote: > I'm not really looking for a specific how it's done (of course), but > more for how ever is it possible if the webpage code is in a secure place? I think you're missing the point - if you dont sanitize user input and then use it (maybe you re-display a form with an error message), then they could put JavaScript code into your page. This has nothing to do with how secure your server is because your code is NOT changed... -- Aj. From Consult at CovenantEDesign.com Fri Apr 27 11:27:19 2007 From: Consult at CovenantEDesign.com (CED) Date: Fri, 27 Apr 2007 11:27:19 -0400 Subject: [nycphp-talk] wonderful presentation on Tuesday References: Message-ID: <000601c788e0$8c51ee60$07d6f4a7@ced> Thank you AJ. I have been holding my breath. =D ----- Original Message ----- From: "Ajai Khattri" To: "NYPHP Talk" Sent: Friday, April 27, 2007 11:15 AM Subject: Re: [nycphp-talk] wonderful presentation on Tuesday > On Thu, 26 Apr 2007, Susan Shemin wrote: > > > I'm not really looking for a specific how it's done (of course), but > > more for how ever is it possible if the webpage code is in a secure place? > > I think you're missing the point - if you dont sanitize user input and > then use it (maybe you re-display a form with an error message), then they > could put JavaScript code into your page. > > This has nothing to do with how secure your server is because your code is > NOT changed... > > > -- > Aj. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From shiflett at php.net Fri Apr 27 11:31:23 2007 From: shiflett at php.net (Chris Shiflett) Date: Fri, 27 Apr 2007 11:31:23 -0400 Subject: [nycphp-talk] wonderful presentation on Tuesday In-Reply-To: <895514.65811.qm@web50206.mail.re2.yahoo.com> References: <895514.65811.qm@web50206.mail.re2.yahoo.com> Message-ID: <4632174B.1060303@php.net> Thanks for the kind feedback, Susan. I appreciate it. > How ever can someone inject their code/script onto my webpage? > The code is on my server so they don't have access to it. This is possibly a topic that I need to give more attention in the talk, and I appreciate the constructive criticism. I don't spend much time demonstrating what mistakes you might make to allow such things to happen, but in most cases, not doing what I suggest for remediation is all that's required. In other words, doing nothing is usually enough of a mistake. For example, here's a simple example that's likely vulnerable to XSS: Welcome back, {$html['user']}.

"; ?> If the Content-Type header does not indicate ISO-8859-1 as the character encoding (which htmlentities() uses by default), an attacker can provide a UTF-7 encoded payload as the value of $_GET['user']. Of course, a more obvious mistake is this: Welcome back, {$_GET['user']}.

"; ?> Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ From shiflett at php.net Fri Apr 27 11:35:18 2007 From: shiflett at php.net (Chris Shiflett) Date: Fri, 27 Apr 2007 11:35:18 -0400 Subject: [nycphp-talk] wonderful presentation on Tuesday In-Reply-To: References: <895514.65811.qm@web50206.mail.re2.yahoo.com> <7250C145-3D49-45E5-A588-D23E543797A8@beaffinitive.com> Message-ID: <46321836.4060108@php.net> Chris Snyder wrote: > The example Chris gave about Google's old 404 page, where it > echoed the requested URI without escaping it first, could > have been exploited by sending the following link to someone. For clarification, Google's mistake wasn't that they forgot to escape the value. (Sorry if I seemed to be making that assertion.) Rather, they didn't indicate the character encoding in the Content-Type header, and they escaped the value assuming UTF-8. Now they send this: Content-Type: text/html; charset=UTF-8 Chris -- Chris Shiflett http://shiflett.org/ From ramons at gmx.net Fri Apr 27 21:02:14 2007 From: ramons at gmx.net (David Krings) Date: Fri, 27 Apr 2007 21:02:14 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> <463130B1.6040303@gmx.net> <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com> Message-ID: <46329D16.6080407@gmx.net> Adrian Noland wrote: > I think you need to think about your temp folder idea some more. You > say that you are going to keep temp uploads and other things there > that get destroyed after the user logs out. But if you are > regenerating the user's session ID multiple times you will need to > keep the temp folder in sync with that. > > I always think about the way online banks do it when I approach this > problem. They put a META refresh or perhaps a setTimeout() on the page > and force a page reload. If the request came from the refresh, then > you know the user isn't paying attention anymore and can dump the > session. > Note: This is a longer response. I do not write concisely and probably will never do. If you are short of time, go on to the next message. Also, please keep in mind that I'm a hobbyist who learned PHP from a few books, trying things out, and lurking on this list. I never learned programming and in fact, I really hate it - with the exception of PHP. Stuff is so much easier and more logical in PHP than with Java or C. PHP is more like Commodore Basic V2 on the C64, something that is simple enough so that I can comprehend it. Adrian, thank you for your comments. I think I need to explain better what I do and I really regret using the term "temp folder" in my original post. That folder that I am talking about is not the folder that the server creates somewhere for storing the session data. I am working on an app that allows me to upload pictures (and later flash video) straight from my digital camera into a database supported system. The database keeps track of where the picture is stored, the date and time it was recorded, the name and description (one for each supported language), and ten categories and the location where the picture was taken (call it meta tags if you want) per picture and supported language. I also store if the picture needs to be rotated on the fly, who added it, when it was added, which user level is allowed to view it, how often the picture was viewed, when and who viewed it last, and some other stuff. Data such as date and time of the shot come from the exif header. I provide a simple browse box for individual uploads. Since I cannot control what gets uploaded, I have to accept the upload, then check if it is a jpeg or gif. I try to do this by figuring out what the file really is rather than to rely simply on the file extension. Once I deemed an upload to be a picture file in a supported format, I display it in a preview and allow for the entry of the name, description, categories, location. For all this checking and previewing I copy the file from the location where $_FILE put it into a folder. And THAT folder is the one that I create using the session id so that I can handle multiple uploads at the same time and not have them cross their paths. Once a picture is named and categorized it is written to the final storage location, which is a set of folders based on year and month. I don't want to rename picture files ever, but it can be that the PDRM0692.JPG from 2004 is not the same as the PDRM0692.JPG from 2007. If I throw it all into one big folder I will get collision at some point, latest after making 10.000 shots with my camera, likely earlier. Also, it is much easier to locate pictures in that setting without using the system. While holding the file in the session id named folder and before final submission several things can happen. The client can just go away, the user can decide not to add the picture (hence the preview from a momentary storage location before adding it to the final set of files), or other things that leave that session id named folder with content on the system. I also allow now uploading of zip archives either directly or from an ftp/http accessible location. That way I can stuff several dozen (hundred?) files in one go into the system and tag them with some bogus name and location (I decided to use ~~~~~~~~), filter the table on that, and worry about the correct name and description later. I also need this session id named folder for that purpose and things may happen (power loss of the server for example, this is the US after all) that leave now a considerable amount of gunk behind. Now I get back to the original question, how can I degunk these folders? I need to know which sessions are still likely to be active and which ones are not. That all has nothing to do with the temp folder that the web server creates somewhere for holding the session data. I have no idea where that temp folder is and if I'd now what happens when I just dump some files in it (such as the extracted files from the zip archive). I really like to know where the files and folders are and thus create/copy/move them on my own. OK, I could use the user ID as well for my folders, but then I'd need to guess when the user logged out. Of course, I have a logout function and I track last login date and time (maybe even logout, don't remember), but I can't expect anyone to use the logout function religiously. People just don't do that, they simply kill the browser. With a session id based folder for whatever I need to do before final commission I can be very sure that after the maximum lifetime of the session and a generous grace period that folder with contents is stale and can go. But how to know when that session was started? My first idea was to ask the server which sessions are currently active and then ditch all the folders that have session ids as name from sessions that are not active. But there seems to be no way for asking the server which sessions are currently active. I then decided to simply write the session id and a time stamp to a table. And while I am working on session tracking, I might as well throw in that extra line to generate a new session ID after authentication and before writing it to my session tracking table, assuming that this increases security a bit. I have no idea what banks do and I hope they do a better job than I. I do not claim to have designed the most reliable, secure, and optimized system. But I can follow its flow and explain what happens where and why (and I still can after not working on this project for almost six months). And above all, it just works. I am especially amazed how easy it was to get the zip stuff working. That is the real power of PHP. You want to do gnurf then there is probably a PHP command gnurf() for it. I love it! So many people are so much smarter than I am, but I can still make use of their ingenuity and unzip uploaded files, read out exif headers, and rotate an image on the fly, write a whole bunch of stuff to some database, and much more. Uh, and I love PHP's session handling, it is so nice to drop stuff into the session and have it available anywhere I go rather than to use tons of hidden inputs and post it all over the place. OK, back to work. :) David From ramons at gmx.net Sat Apr 28 07:32:17 2007 From: ramons at gmx.net (David Krings) Date: Sat, 28 Apr 2007 07:32:17 -0400 Subject: [nycphp-talk] Copying file from HTTP/FTP using copy() Message-ID: <463330C1.3020404@gmx.net> Hi! Here is what I like to do: Get a user entry (text string) that is either an HTTP or FTP url to a file, for example http://my.server.gov/download this.zip or ftp://username:password at your.server.gov/download that.zip and then use the copy() function to download it and store it locally on my server. This is the piece of my code that is supposed to do the copying: if ($nourl == FALSE) { // Make local zip file path and name $localzipfile = sessiondir.DIRECTORY_SEPARATOR.$sessionid.".zip"; // urlencode url $urlupload = urlencode($urlupload); // Copy file if(!copy($urlupload, $localzipfile)) $nourl = TRUE; } // Check if error occured if($nourl == TRUE) { errmessage("OUCH - Downloading the file from ".$urlupload. " to temporary storage failed! Try again!"); } $nourl is an error flag, $localzipfile is the path and name of the local file (directory exists, I created it earlier), $urlupload is the submission from the user (file on my own web server, if I put the url in a browser, the download works), errmessage is a function that displays a nice error message and some buttons to go back. The PHP manual claims that copy() handles the same wrappers that fopen supports. Unfortunately, the response from copy() is either 'worked' or 'did not work', not much to go by. The questions of the day: Why does copy($urlupload, $localzipfile) fail? Is copy() even the right command to use? I found a piece of code here http://sandalian.com/11/php/copy-remote-file-into-local-directory.htm but I wonder if that works for binary files as well. As usual, any help is greatly appreciated. David From jonbaer at jonbaer.com Sat Apr 28 08:55:54 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Sat, 28 Apr 2007 08:55:54 -0400 Subject: [nycphp-talk] Copying file from HTTP/FTP using copy() In-Reply-To: <463330C1.3020404@gmx.net> References: <463330C1.3020404@gmx.net> Message-ID: You would probably be better off using the libcurl commands ... http://us.php.net/curl As getinfo is one of the better options to get stats on the transfer in question ... http://us.php.net/manual/en/function.curl-getinfo.php - Jon On Apr 28, 2007, at 7:32 AM, David Krings wrote: > Hi! > > Here is what I like to do: > Get a user entry (text string) that is either an HTTP or FTP url to > a file, for example > http://my.server.gov/download this.zip > or > ftp://username:password at your.server.gov/download that.zip > and then use the copy() function to download it and store it > locally on my server. > > This is the piece of my code that is supposed to do the copying: > > if ($nourl == FALSE) { > // Make local zip file path and name > $localzipfile = sessiondir.DIRECTORY_SEPARATOR.$sessionid.".zip"; > // urlencode url > $urlupload = urlencode($urlupload); > // Copy file > if(!copy($urlupload, $localzipfile)) $nourl = TRUE; > } > // Check if error occured > if($nourl == TRUE) { > errmessage("OUCH - Downloading the file from ".$urlupload. > " to temporary storage failed! Try again!"); > } > > $nourl is an error flag, $localzipfile is the path and name of the > local file (directory exists, I created it earlier), $urlupload is > the submission from the user (file on my own web server, if I put > the url in a browser, the download works), errmessage is a function > that displays a nice error message and some buttons to go back. > The PHP manual claims that copy() handles the same wrappers that > fopen supports. Unfortunately, the response from copy() is either > 'worked' or 'did not work', not much to go by. > > The questions of the day: > Why does copy($urlupload, $localzipfile) fail? > Is copy() even the right command to use? > > I found a piece of code here > http://sandalian.com/11/php/copy-remote-file-into-local-directory.htm > but I wonder if that works for binary files as well. > > As usual, any help is greatly appreciated. > > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ramons at gmx.net Sat Apr 28 15:51:35 2007 From: ramons at gmx.net (David Krings) Date: Sat, 28 Apr 2007 15:51:35 -0400 Subject: [nycphp-talk] Copying file from HTTP/FTP using copy() In-Reply-To: References: <463330C1.3020404@gmx.net> Message-ID: <4633A5C7.8030200@gmx.net> Jon Baer wrote: > You would probably be better off using the libcurl commands ... > > http://us.php.net/curl > > As getinfo is one of the better options to get stats on the transfer in > question ... > > http://us.php.net/manual/en/function.curl-getinfo.php > > - Jon Thank you for this hint. I really is the far better way for downloading files via HTTP/FTP. I had some problems first with setting the right options, but managed to get this straightened out for allowing redirects and binary downloads. And once again I'm sitting here in front of a few lines of PHP code and can't believe how awesome this is! Now that I got the download portion done, I will go on for getting the stats. This is so kewl! Thanks again, David From jakob.buchgraber at googlemail.com Sun Apr 29 09:26:30 2007 From: jakob.buchgraber at googlemail.com (Jakob Buchgraber) Date: Sun, 29 Apr 2007 15:26:30 +0200 Subject: [nycphp-talk] Casting string "false" to boolean Message-ID: <46349D06.7020807@gmail.com> Hey! I'd like to cast a string "false" to a boolean. So I tried the following: Here var_dump gives me: bool(true) I also tried using settype: The same result here: bool(true); So is there a way to cast such a string to a boolean (without using conditions)? Cheers, Jay From dell at sala.ca Sun Apr 29 09:58:59 2007 From: dell at sala.ca (Dell Sala) Date: Sun, 29 Apr 2007 09:58:59 -0400 Subject: [nycphp-talk] Casting string "false" to boolean In-Reply-To: <46349D06.7020807@gmail.com> References: <46349D06.7020807@gmail.com> Message-ID: <97E58DBF-E900-4084-AB69-55EC723348D7@sala.ca> On Apr 29, 2007, at 9:26 AM, Jakob Buchgraber wrote: > I'd like to cast a string "false" to a boolean. > So is there a way to cast such a string to a boolean (without using > conditions)? The string "false" will evaluate to true, any way you slice it. The only strings that evaluate to false are "" and "0". http://www.php.net/manual/en/language.types.boolean.php I suppose you could eval the string... But you should think hard before doing this. I can't image a justification for it. If you're getting input for a false value as "false" you should really use some kind of conditional statement. -- Dell From anoland at indigente.net Mon Apr 30 09:13:35 2007 From: anoland at indigente.net (Adrian Noland) Date: Mon, 30 Apr 2007 09:13:35 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <46329D16.6080407@gmx.net> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> <463130B1.6040303@gmx.net> <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com> <46329D16.6080407@gmx.net> Message-ID: <1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com> > Now I get back to the original question, how can I degunk these folders? > I need to know which sessions are still likely to be active and which > ones are not. That all has nothing to do with the temp folder that the > web server creates somewhere for holding the session data. I have no > idea where that temp folder is and if I'd now what happens when I just > dump some files in it (such as the extracted files from the zip > archive). I really like to know where the files and folders are and thus > create/copy/move them on my own. Wow. No offense, but this sounds like a case of "All I have is a hammer, and everything looks like a nail". In a page taken from the ADODB manual: ( http://phplens.com/lens/adodb/docs-adodb.htm#cacheflush) If you want to flush all cached recordsets manually, execute the following > PHP code (works only under Unix): > system("rm -f `find ".$ADODB_CACHE_DIR." -name adodb_*.cache`"); > > For general cleanup of all expired files, you should use crontab on Unix, > or at.exe on Windows, and a shell script similar to the following: > #------------------------------------------------------ > # This particular example deletes files in the TMPPATH > # directory with the string ".cache" in their name that > # are more than 7 days old. > #------------------------------------------------------ > AGED=7 > find ${TMPPATH} -mtime +$AGED | grep "\.cache" | xargs rm -f > I use a slightly different line in my crontab: @daily find /path/to/tmp/files -mtime +1 -exec rm -rf {} \; -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at projectskyline.com Mon Apr 30 10:11:44 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyline)) Date: Mon, 30 Apr 2007 10:11:44 -0400 Subject: [nycphp-talk] Subscription Billing and Querying account status Message-ID: <00c701c78b31$7b872020$0200a8c0@gamebox> Hello, I'm using paypal to take CC payments from clients. One of our products, is subscription based, and I need to be able to check if the client has paid for the month. And if not, I'd like to suspend access. Can this be done w/paypal. If not, what type of E-Commerce or Merchant account allows that? Currently, I just have a link directly to paypal, and once they pay, I create the account. I'd like to automate this process, be able to query the account status, and even send out reoccuring billing/invoices. Any ideas/experiances? Thanks! - Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From ken at secdat.com Mon Apr 30 10:14:56 2007 From: ken at secdat.com (Kenneth Downs) Date: Mon, 30 Apr 2007 10:14:56 -0400 Subject: [nycphp-talk] Subscription Billing and Querying account status In-Reply-To: <00c701c78b31$7b872020$0200a8c0@gamebox> References: <00c701c78b31$7b872020$0200a8c0@gamebox> Message-ID: <4635F9E0.8060607@secdat.com> Are you talking about automatic monthly renewals, or cases where a person might subscribe for the year and you just want to know at any given moment if they've subscribed? Ben Sgro (ProjectSkyline) wrote: > Hello, > > I'm using paypal to take CC payments from clients. > > One of our products, is subscription based, and I need to be able to > check if the client has paid for the month. And if not, I'd like to > suspend > access. > > Can this be done w/paypal. > > If not, what type of E-Commerce or Merchant account allows that? > > Currently, I just have a link directly to paypal, and once they pay, I > create the account. > > I'd like to automate this process, be able to query the account > status, and even > send out reoccuring billing/invoices. > > Any ideas/experiances? > > Thanks! > > - Ben > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-379-7200 Fax: 631-689-0527 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at projectskyline.com Mon Apr 30 10:20:42 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyline)) Date: Mon, 30 Apr 2007 10:20:42 -0400 Subject: [nycphp-talk] Subscription Billing and Querying account status References: <00c701c78b31$7b872020$0200a8c0@gamebox> <4635F9E0.8060607@secdat.com> Message-ID: <00e701c78b32$bc384b20$0200a8c0@gamebox> Hello Kenneth, The first, but most likely both situations. - Ben ----- Original Message ----- From: Kenneth Downs To: NYPHP Talk Sent: Monday, April 30, 2007 10:14 AM Subject: Re: [nycphp-talk] Subscription Billing and Querying account status Are you talking about automatic monthly renewals, or cases where a person might subscribe for the year and you just want to know at any given moment if they've subscribed? Ben Sgro (ProjectSkyline) wrote: Hello, I'm using paypal to take CC payments from clients. One of our products, is subscription based, and I need to be able to check if the client has paid for the month. And if not, I'd like to suspend access. Can this be done w/paypal. If not, what type of E-Commerce or Merchant account allows that? Currently, I just have a link directly to paypal, and once they pay, I create the account. I'd like to automate this process, be able to query the account status, and even send out reoccuring billing/invoices. Any ideas/experiances? Thanks! - Ben ---------------------------------------------------------------------------- _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-379-7200 Fax: 631-689-0527 ------------------------------------------------------------------------------ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From ken at secdat.com Mon Apr 30 10:25:40 2007 From: ken at secdat.com (Kenneth Downs) Date: Mon, 30 Apr 2007 10:25:40 -0400 Subject: [nycphp-talk] Subscription Billing and Querying account status In-Reply-To: <00e701c78b32$bc384b20$0200a8c0@gamebox> References: <00c701c78b31$7b872020$0200a8c0@gamebox> <4635F9E0.8060607@secdat.com> <00e701c78b32$bc384b20$0200a8c0@gamebox> Message-ID: <4635FC64.1010208@secdat.com> Ben Sgro (ProjectSkyline) wrote: > Hello Kenneth, > > The first, but most likely both situations. I haven't done the first, but I have done the second. We do it the other way around from what you are describing. When a person subscribes, we send them to paypal for payment. When the paypal success call comes through, we mark them subscribed to whatever issues they have paid for. From there we don't have to ask paypal, we just query our own database on each resource access attempt. > > - Ben > > ----- Original Message ----- > *From:* Kenneth Downs > *To:* NYPHP Talk > *Sent:* Monday, April 30, 2007 10:14 AM > *Subject:* Re: [nycphp-talk] Subscription Billing and Querying > account status > > Are you talking about automatic monthly renewals, or cases where a > person might subscribe for the year and you just want to know at > any given moment if they've subscribed? > > > Ben Sgro (ProjectSkyline) wrote: >> Hello, >> >> I'm using paypal to take CC payments from clients. >> >> One of our products, is subscription based, and I need to be able to >> check if the client has paid for the month. And if not, I'd like >> to suspend >> access. >> >> Can this be done w/paypal. >> >> If not, what type of E-Commerce or Merchant account allows that? >> >> Currently, I just have a link directly to paypal, and once they >> pay, I create the account. >> >> I'd like to automate this process, be able to query the account >> status, and even >> send out reoccuring billing/invoices. >> >> Any ideas/experiances? >> >> Thanks! >> >> - Ben >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > > -- > Kenneth Downs > Secure Data Software, Inc. > www.secdat.com www.andromeda-project.org > 631-379-7200 Fax: 631-689-0527 > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-379-7200 Fax: 631-689-0527 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at projectskyline.com Mon Apr 30 10:30:13 2007 From: ben at projectskyline.com (Ben Sgro (ProjectSkyline)) Date: Mon, 30 Apr 2007 10:30:13 -0400 Subject: [nycphp-talk] Subscription Billing and Querying account status References: <00c701c78b31$7b872020$0200a8c0@gamebox> <4635F9E0.8060607@secdat.com><00e701c78b32$bc384b20$0200a8c0@gamebox> <4635FC64.1010208@secdat.com> Message-ID: <010301c78b34$1104b570$0200a8c0@gamebox> Hello Kenneth, What is "the paypal success call comes"? - A confirmation email? - Ben ----- Original Message ----- From: Kenneth Downs To: NYPHP Talk Sent: Monday, April 30, 2007 10:25 AM Subject: Re: [nycphp-talk] Subscription Billing and Querying account status Ben Sgro (ProjectSkyline) wrote: Hello Kenneth, The first, but most likely both situations. I haven't done the first, but I have done the second. We do it the other way around from what you are describing. When a person subscribes, we send them to paypal for payment. When the paypal success call comes through, we mark them subscribed to whatever issues they have paid for. From there we don't have to ask paypal, we just query our own database on each resource access attempt. - Ben ----- Original Message ----- From: Kenneth Downs To: NYPHP Talk Sent: Monday, April 30, 2007 10:14 AM Subject: Re: [nycphp-talk] Subscription Billing and Querying account status Are you talking about automatic monthly renewals, or cases where a person might subscribe for the year and you just want to know at any given moment if they've subscribed? Ben Sgro (ProjectSkyline) wrote: Hello, I'm using paypal to take CC payments from clients. One of our products, is subscription based, and I need to be able to check if the client has paid for the month. And if not, I'd like to suspend access. Can this be done w/paypal. If not, what type of E-Commerce or Merchant account allows that? Currently, I just have a link directly to paypal, and once they pay, I create the account. I'd like to automate this process, be able to query the account status, and even send out reoccuring billing/invoices. Any ideas/experiances? Thanks! - Ben _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-379-7200 Fax: 631-689-0527 _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php ---------------------------------------------------------------------------- _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-379-7200 Fax: 631-689-0527 ------------------------------------------------------------------------------ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonbaer at jonbaer.com Mon Apr 30 10:32:19 2007 From: jonbaer at jonbaer.com (Jon Baer) Date: Mon, 30 Apr 2007 10:32:19 -0400 Subject: [nycphp-talk] Subscription Billing and Querying account status In-Reply-To: <010301c78b34$1104b570$0200a8c0@gamebox> References: <00c701c78b31$7b872020$0200a8c0@gamebox> <4635F9E0.8060607@secdat.com><00e701c78b32$bc384b20$0200a8c0@gamebox> <4635FC64.1010208@secdat.com> <010301c78b34$1104b570$0200a8c0@gamebox> Message-ID: Sign up @ developer.paypal.com and do a search for IPN or Instant Payment Notification Essentially from what I remember anytime payment is made (via normal purchase or subscription) your server is pinged. The idea is then to calculate on your own if $user has made a payment for $month/$year, etc. - Jon On Apr 30, 2007, at 10:30 AM, Ben Sgro ((ProjectSkyline)) wrote: > Hello Kenneth, > > What is "the paypal success call comes"? - A confirmation email? > > - Ben > ----- Original Message ----- > From: Kenneth Downs > To: NYPHP Talk > Sent: Monday, April 30, 2007 10:25 AM > Subject: Re: [nycphp-talk] Subscription Billing and Querying > account status > > > Ben Sgro (ProjectSkyline) wrote: > Hello Kenneth, > > The first, but most likely both situations. > > I haven't done the first, but I have done the second. We do it > the other way around from what you are describing. When a person > subscribes, we send them to paypal for payment. When the paypal > success call comes through, we mark them subscribed to whatever > issues they have paid for. From there we don't have to ask paypal, > we just query our own database on each resource access attempt. > > > - Ben > ----- Original Message ----- > From: Kenneth Downs > To: NYPHP Talk > Sent: Monday, April 30, 2007 10:14 AM > Subject: Re: [nycphp-talk] Subscription Billing and Querying > account status > > > Are you talking about automatic monthly renewals, or cases > where a person might subscribe for the year and you just want to > know at any given moment if they've subscribed? > > > Ben Sgro (ProjectSkyline) wrote: > Hello, > > I'm using paypal to take CC payments from clients. > > One of our products, is subscription based, and I need to > be able to > check if the client has paid for the month. And if not, I'd > like to suspend > access. > > Can this be done w/paypal. > > If not, what type of E-Commerce or Merchant account allows > that? > > Currently, I just have a link directly to paypal, and once > they pay, I create the account. > > I'd like to automate this process, be able to query the > account status, and even > send out reoccuring billing/invoices. > > Any ideas/experiances? > > Thanks! > > - Ben > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- > Kenneth Downs > Secure Data Software, Inc. > www.secdat.com www.andromeda-project.org > 631-379-7200 Fax: 631-689-0527 > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ---------------------------------------------------------------------- > ------ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- > Kenneth Downs > Secure Data Software, Inc. > www.secdat.com www.andromeda-project.org > 631-379-7200 Fax: 631-689-0527 > > > ---------------------------------------------------------------------- > -------- > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/ > show_participation.php_______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From ken at secdat.com Mon Apr 30 10:40:27 2007 From: ken at secdat.com (Kenneth Downs) Date: Mon, 30 Apr 2007 10:40:27 -0400 Subject: [nycphp-talk] Subscription Billing and Querying account status In-Reply-To: <010301c78b34$1104b570$0200a8c0@gamebox> References: <00c701c78b31$7b872020$0200a8c0@gamebox> <4635F9E0.8060607@secdat.com><00e701c78b32$bc384b20$0200a8c0@gamebox> <4635FC64.1010208@secdat.com> <010301c78b34$1104b570$0200a8c0@gamebox> Message-ID: <4635FFDB.4000803@secdat.com> That's the whole Payapl IPN system. Download their demo code and dig through it and ask questions here. In a nutshell, when you send somebody to paypal, you populate this array and call some code the provide to you, which redirects the user to Paypal. Once the user pays, Paypal makes a POST to your server that contains all of the information on the payment. You have to be able to process this unseen, as the user doesn't know its happening, and you can't watch it. My code logs these events with lots of detail at each step so I can always see what happened on every payment. Then, when the user is done, they are sent back to your site, and you need a page for that too, the "Thanks for ordering, we're all done" page. Ben Sgro (ProjectSkyline) wrote: > Hello Kenneth, > > What is "the paypal success call comes"? - A confirmation email? > > - Ben > > ----- Original Message ----- > *From:* Kenneth Downs > *To:* NYPHP Talk > *Sent:* Monday, April 30, 2007 10:25 AM > *Subject:* Re: [nycphp-talk] Subscription Billing and Querying > account status > > Ben Sgro (ProjectSkyline) wrote: >> Hello Kenneth, >> >> The first, but most likely both situations. > > I haven't done the first, but I have done the second. We do it > the other way around from what you are describing. When a person > subscribes, we send them to paypal for payment. When the paypal > success call comes through, we mark them subscribed to whatever > issues they have paid for. From there we don't have to ask > paypal, we just query our own database on each resource access > attempt. >> >> - Ben >> >> ----- Original Message ----- >> *From:* Kenneth Downs >> *To:* NYPHP Talk >> *Sent:* Monday, April 30, 2007 10:14 AM >> *Subject:* Re: [nycphp-talk] Subscription Billing and Querying >> account status >> >> Are you talking about automatic monthly renewals, or cases >> where a person might subscribe for the year and you just want >> to know at any given moment if they've subscribed? >> >> >> Ben Sgro (ProjectSkyline) wrote: >>> Hello, >>> >>> I'm using paypal to take CC payments from clients. >>> >>> One of our products, is subscription based, and I need to be >>> able to >>> check if the client has paid for the month. And if not, I'd >>> like to suspend >>> access. >>> >>> Can this be done w/paypal. >>> >>> If not, what type of E-Commerce or Merchant account allows >>> that? >>> >>> Currently, I just have a link directly to paypal, and once >>> they pay, I create the account. >>> >>> I'd like to automate this process, be able to query the >>> account status, and even >>> send out reoccuring billing/invoices. >>> >>> Any ideas/experiances? >>> >>> Thanks! >>> >>> - Ben >>> >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >> >> >> -- >> Kenneth Downs >> Secure Data Software, Inc. >> www.secdat.com www.andromeda-project.org >> 631-379-7200 Fax: 631-689-0527 >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > > -- > Kenneth Downs > Secure Data Software, Inc. > www.secdat.com www.andromeda-project.org > 631-379-7200 Fax: 631-689-0527 > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-379-7200 Fax: 631-689-0527 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolan at omnistep.com Mon Apr 30 11:53:08 2007 From: rolan at omnistep.com (Rolan Yang) Date: Mon, 30 Apr 2007 11:53:08 -0400 Subject: [nycphp-talk] Subscription Billing and Querying account status In-Reply-To: <00c701c78b31$7b872020$0200a8c0@gamebox> References: <00c701c78b31$7b872020$0200a8c0@gamebox> Message-ID: <463610E4.10105@omnistep.com> Ben Sgro (ProjectSkyline) wrote: > Hello, > > I'm using paypal to take CC payments from clients. > > One of our products, is subscription based, and I need to be able to > check if the client has paid for the month. And if not, I'd like to > suspend > access. > > Can this be done w/paypal. > > If not, what type of E-Commerce or Merchant account allows that? > Paypal recurring payments/subscriptions combined with IPN works well, ( https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/subscr-intro-outside ) The only downside to using the paypal subscriptions is when you need to modify the amount to be charged (upgrades? downgrades?) It is a real pain. To do that, most people just cancel their existing subscription and sign up with the new plan. You could also obtain a regular merchant account and use a processor like authorize.net The break even point between authorize.net and Paypal is somewhere around 150 transactions at an average of $20/transaction per month. Above that, paypal becomes more expensive. ~Rolan From lists at zaunere.com Mon Apr 30 13:00:43 2007 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 30 Apr 2007 13:00:43 -0400 Subject: [nycphp-talk] April Audio Recording Message-ID: <00bf01c78b49$16a82420$6a0aa8c0@MobileZ> Hi all, Rumor has it that someone recorded the presentation last week. If someone did, please let us know and we can put the audio online. Slides, etc. will be coming soon too. Thanks, --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From ramons at gmx.net Mon Apr 30 13:34:07 2007 From: ramons at gmx.net (David Krings) Date: Mon, 30 Apr 2007 13:34:07 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> <463130B1.6040303@gmx.net> <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com> <46329D16.6080407@gmx.net> <1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com> Message-ID: <4636288F.7090206@gmx.net> Adrian Noland wrote: > > Now I get back to the original question, how can I degunk these folders? > > I need to know which sessions are still likely to be active and which > > ones are not. That all has nothing to do with the temp folder that the > > web server creates somewhere for holding the session data. I have no > > idea where that temp folder is and if I'd now what happens when I just > > dump some files in it (such as the extracted files from the zip > > archive). I really like to know where the files and folders are and thus > > create/copy/move them on my own. > > Wow. > No offense, but this sounds like a case of "All I have is a hammer, and > everything looks like a nail". That's a good one! Yes, I think that my approaches are often not what one would call "smart", "effective", or "to the book" - but in the end they work reliably. I have no professional training as a developer, I tried VB, C, Java, Pascal, and several other programming languages and IMHO they are all way to complicated for me. OK, I can make something happen in VB6, but that's old. PHP is different, maybe because I learned it on my own and nobody told me from the start what I have to do to prevent going to hell. Some things just have to bite me in the behind a few times before I understand what someone would have told me all along (comments in source code, initialization of variables, proper naming conventions, RTFM, etc.). Still, I'm a hobbyist and do this for fun, a few hours per week. > > In a page taken from the ADODB manual: > (http://phplens.com/lens/adodb/docs-adodb.htm#cacheflush) > > If you want to flush all cached recordsets manually, execute the I'm not flushing any recordsets. > I use a slightly different line in my crontab: > @daily find /path/to/tmp/files -mtime +1 -exec rm -rf {} \; Ah, now I see. Well, that would be one option, but one that wouldn't be part of my script and thus not portable that easily. It for sure would be faster and not burden the clients. I rather have me remove the mess I make than rely on some 3rd party to do the cleanup. I plan on adding configurable system settings at some point and may make this optional. Someone who doesn't like this can turn it off and do it on their own. Thanks for the tip. David From rmarscher at beaffinitive.com Mon Apr 30 13:45:11 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 30 Apr 2007 13:45:11 -0400 Subject: [nycphp-talk] Casting string "false" to boolean In-Reply-To: <97E58DBF-E900-4084-AB69-55EC723348D7@sala.ca> References: <46349D06.7020807@gmail.com> <97E58DBF-E900-4084-AB69-55EC723348D7@sala.ca> Message-ID: <345845F9-44ED-4676-9B78-70720E883AE2@beaffinitive.com> > If you're getting input for a false value as "false" you should > really use some kind of conditional statement. Yeah... like this: $string = 'false'; $bool = ($string != 'false'); var_dump($bool); -Rob From rmarscher at beaffinitive.com Mon Apr 30 19:00:50 2007 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Mon, 30 Apr 2007 19:00:50 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <4636288F.7090206@gmx.net> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> <463130B1.6040303@gmx.net> <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com> <46329D16.6080407@gmx.net> <1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com> <4636288F.7090206@gmx.net> Message-ID: <54E48EA6-E333-4B0F-B445-373C235EDFAC@beaffinitive.com> On Apr 30, 2007, at 1:34 PM, David Krings wrote: > Ah, now I see. Well, that would be one option, but one that > wouldn't be part of my script and thus not portable that easily. It > for sure would be faster and not burden the clients. I rather have > me remove the mess I make than rely on some 3rd party to do the > cleanup. I plan on adding configurable system settings at some > point and may make this optional. Someone who doesn't like this can > turn it off and do it on their own. I believe Adrian was showing how ADODB uses a Unix command to clean up it's files and saying that you could also use a Unix command. I'm not sure I would call it "3rd party" if you're always using a unix- based server. Of course, it wouldn't be portable to Windows. At any rate, you can use PHP's filesystem functions to go through your directories and figure out the last time they were changed via filemtime(): http://us.php.net/manual/en/function.filemtime.php On a side note, if you use custom session save_handlers like I mentioned before, then you can know which sessions are active. I use custom save_handlers to store all of my sessions in a database rather than in temp files. Then I can just query the database to find active sessions. The only downside is I'm not sure what libraries/ classes there are for storing sessions in a database that are easy to use and up to date. As I'm sure Chris' recent presentation showed (unfortunately I had to miss it... audio recording?), there are many ways for sessions to be compromised. Anyone know of a good, up-to-date, database session library? I originally used DB_eSession, but it hasn't been updated since 2004 and my version has been very customized and patched over the years. I think I'm happy with it, but would like to review some other code if there are other options out there. Thanks, Rob From ramons at gmx.net Mon Apr 30 22:06:56 2007 From: ramons at gmx.net (David Krings) Date: Mon, 30 Apr 2007 22:06:56 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <54E48EA6-E333-4B0F-B445-373C235EDFAC@beaffinitive.com> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> <463130B1.6040303@gmx.net> <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com> <46329D16.6080407@gmx.net> <1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com> <4636288F.7090206@gmx.net> <54E48EA6-E333-4B0F-B445-373C235EDFAC@beaffinitive.com> Message-ID: <4636A0C0.1030300@gmx.net> Rob Marscher wrote: > I believe Adrian was showing how ADODB uses a Unix command to clean up > it's files and saying that you could also use a Unix command. I'm not > sure I would call it "3rd party" if you're always using a unix-based > server. Of course, it wouldn't be portable to Windows. Not only that, anyone using my script would need to make sure that the cleanup task is present. Not everyone runs their own web server at home, although with Apachefriend's XAMPP and DynDNS I can't think of any reason why not...OK, I can, but the point is that many may want to run this on their web space that the ISP gives them. > At any rate, you can use PHP's filesystem functions to go through your > directories and figure out the last time they were changed via > filemtime(): http://us.php.net/manual/en/function.filemtime.php All I need to know is the age of the folder with all the files in it. The manual doesn't explicitly state if filemtime works on directories as well. I then could get all directories and check for their timestamp rather than hitting the database a few times for this. And it will save me from making yet another table. I will try this out. > On a side note, if you use custom session save_handlers like I mentioned > before, then you can know which sessions are active. I use custom > save_handlers to store all of my sessions in a database rather than in > temp files. Then I can just query the database to find active > sessions. I first planned on writing the session id and a timestamp to a db table and use that, but what I need to do hasn't anything to do with the session per s?. So, if filemtime works for dirs as well (and works on Windope) then I am much closer to something smarter. I then have a screwdriver and a hammer. ;) Great, this discussion really helps me a lot. I went from no clue over complicated and bloated to something that is potentially done in half a dozen of lines without the need of tables and queries and such. It's funny, half of my scripts come from NYPHP and the other half is just commentary. Nah, have to give myself some credit, I figured the zip stuff out on my own. That is quite an accomplishment for someone who still thinks that arrays are just wicked awesome. And it is still like magic that this stuff really works. Thanks to everyone who pushed my nose in a better direction. David From ramons at gmx.net Mon Apr 30 22:12:59 2007 From: ramons at gmx.net (David Krings) Date: Mon, 30 Apr 2007 22:12:59 -0400 Subject: [nycphp-talk] Checking active sessions In-Reply-To: <4636A0C0.1030300@gmx.net> References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net> <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com> <463130B1.6040303@gmx.net> <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com> <46329D16.6080407@gmx.net> <1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com> <4636288F.7090206@gmx.net> <54E48EA6-E333-4B0F-B445-373C235EDFAC@beaffinitive.com> <4636A0C0.1030300@gmx.net> Message-ID: <4636A22B.60801@gmx.net> David Krings wrote: > The manual doesn't explicitly state if filemtime works on directories as > well. I then could get all directories and check for their timestamp > rather than hitting the database a few times for this. And it will save > me from making yet another table. I will try this out. > Someone else already did: To get the last modification time of a directory, you can use this: $getLastModDir = filemtime("/path/to/directory/."); Take note on the last dot which is needed to see the directory as a file and to actually get a last modification date of it. This comes in handy when you want just one 'last updated' message on the frontpage of your website and still taking all files of your website into account. Regards, Frank Keijzers from http://terra.di.fct.unl.pt/docs/php/function.filemtime.php.htm Looks as if I'm all set. :) David