From mikesz at qualityadvantages.com Mon Oct 6 21:03:32 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Tue, 7 Oct 2008 09:03:32 +0800 Subject: [nycphp-talk] Timing an Input Form Entry Message-ID: <1333632725.20081007090332@qualityadvantages.com> Hello NYPHP, Greetings to All, I need to time how long it takes to fill out a registration form, from when it is called to submission. I am trying to compare the time frame difference between the form being manually filled out versus an automated script. Any ideas or direction about how to do this would be enormously appreciated. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From rolan at omnistep.com Mon Oct 6 21:10:37 2008 From: rolan at omnistep.com (Rolan Yang) Date: Mon, 06 Oct 2008 21:10:37 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <1333632725.20081007090332@qualityadvantages.com> References: <1333632725.20081007090332@qualityadvantages.com> Message-ID: <48EAB70D.1080208@omnistep.com> Put the timestamp of when the page was first served as a hidden variable in the form. Then compare it to the time when it was submitted (after completed). ~Rolan mikesz at qualityadvantages.com wrote: > Hello NYPHP, > > Greetings to All, > > I need to time how long it takes to fill out a registration form, from > when it is called to submission. I am trying to compare the time frame difference > between the form being manually filled out versus an automated script. > > Any ideas or direction about how to do this would be enormously > appreciated. > > From ramons at gmx.net Mon Oct 6 21:16:34 2008 From: ramons at gmx.net (David Krings) Date: Mon, 06 Oct 2008 21:16:34 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <48EAB70D.1080208@omnistep.com> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> Message-ID: <48EAB872.4050203@gmx.net> Rolan Yang wrote: > Isn't there one equal sign too many for value? From lists at zaunere.com Mon Oct 6 21:43:45 2008 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 6 Oct 2008 21:43:45 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <48EAB872.4050203@gmx.net> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> <48EAB872.4050203@gmx.net> Message-ID: <001b01c9281e$22be5a40$683b0ec0$@com> > > > > Isn't there one equal sign too many for value? That's the short tag syntax we all love: http://us.php.net/manual/en/ini.core.php#ini.short-open-tag http://us.php.net/manual/en/language.basic-syntax.php H From ramons at gmx.net Mon Oct 6 22:02:00 2008 From: ramons at gmx.net (David Krings) Date: Mon, 06 Oct 2008 22:02:00 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <001b01c9281e$22be5a40$683b0ec0$@com> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> <48EAB872.4050203@gmx.net> <001b01c9281e$22be5a40$683b0ec0$@com> Message-ID: <48EAC318.7000202@gmx.net> Hans Zaunere wrote: >>> >> Isn't there one equal sign too many for value? > > That's the short tag syntax we all love: > > http://us.php.net/manual/en/ini.core.php#ini.short-open-tag > > http://us.php.net/manual/en/language.basic-syntax.php > > H Thanks for the hint. Shows that I neither know the shortcuts nor what output tim() produces. Just keep on coding....don't pay attention to the guy brabbling in the corner. David From tedd at sperling.com Tue Oct 7 08:26:55 2008 From: tedd at sperling.com (tedd) Date: Tue, 7 Oct 2008 08:26:55 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <001b01c9281e$22be5a40$683b0ec0$@com> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> <48EAB872.4050203@gmx.net> <001b01c9281e$22be5a40$683b0ec0$@com> Message-ID: At 9:43 PM -0400 10/6/08, Hans Zaunere wrote: > > > >> >> Isn't there one equal sign too many for value? > >That's the short tag syntax we all love: Count me out of that "love". I hate seeing that in code because I always have to change it to what's correct. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From brenttech at gmail.com Tue Oct 7 08:42:26 2008 From: brenttech at gmail.com (Brent Baisley) Date: Tue, 7 Oct 2008 08:42:26 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <48EAB70D.1080208@omnistep.com> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> Message-ID: <5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com> If you put a time stamp in the form, you should also include a "check" to make sure the time was not changed and/or forged (which is very easy to do). An easy way to do this is to include another hidden field that is an md5 hash of the time plus a secret pass phrase that only resides on the server. When the form is submitted, you take the submitted time plus the pass phrase md5 hash and make sure it matches the submitted md5 hash. Ideally your md5 hash would use more than 2 pieces of information, but you get the idea. Brent Baisley On Mon, Oct 6, 2008 at 9:10 PM, Rolan Yang wrote: > Put the timestamp of when the page was first served as a hidden variable in > the form. Then compare it to the time when it was submitted (after > completed). > > > > ~Rolan > > mikesz at qualityadvantages.com wrote: >> >> Hello NYPHP, >> >> Greetings to All, >> >> I need to time how long it takes to fill out a registration form, from >> when it is called to submission. I am trying to compare the time frame >> difference >> between the form being manually filled out versus an automated script. >> >> Any ideas or direction about how to do this would be enormously >> appreciated. >> >> > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From tmpvar at gmail.com Tue Oct 7 08:47:03 2008 From: tmpvar at gmail.com (Elijah Insua) Date: Tue, 7 Oct 2008 05:47:03 -0700 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> <5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com> Message-ID: <2b4feca10810070547ga57463x6dc6c3b0c49743a4@mail.gmail.com> store the time in the users session and check it on post/get On Tue, Oct 7, 2008 at 5:42 AM, Brent Baisley wrote: > If you put a time stamp in the form, you should also include a "check" > to make sure the time was not changed and/or forged (which is very > easy to do). > An easy way to do this is to include another hidden field that is an > md5 hash of the time plus a secret pass phrase that only resides on > the server. When the form is submitted, you take the submitted time > plus the pass phrase md5 hash and make sure it matches the submitted > md5 hash. > Ideally your md5 hash would use more than 2 pieces of information, but > you get the idea. > > Brent Baisley > > On Mon, Oct 6, 2008 at 9:10 PM, Rolan Yang wrote: > > Put the timestamp of when the page was first served as a hidden variable > in > > the form. Then compare it to the time when it was submitted (after > > completed). > > > > > > > > ~Rolan > > > > mikesz at qualityadvantages.com wrote: > >> > >> Hello NYPHP, > >> > >> Greetings to All, > >> > >> I need to time how long it takes to fill out a registration form, from > >> when it is called to submission. I am trying to compare the time frame > >> difference > >> between the form being manually filled out versus an automated script. > >> > >> Any ideas or direction about how to do this would be enormously > >> appreciated. > >> > >> > > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Tue Oct 7 08:55:18 2008 From: tedd at sperling.com (tedd) Date: Tue, 7 Oct 2008 08:55:18 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <1333632725.20081007090332@qualityadvantages.com> References: <1333632725.20081007090332@qualityadvantages.com> Message-ID: At 9:03 AM +0800 10/7/08, mikesz at qualityadvantages.com wrote: >Hello NYPHP, > >Greetings to All, > >I need to time how long it takes to fill out a registration form, from >when it is called to submission. I am trying to compare the time >frame difference >between the form being manually filled out versus an automated script. > >Any ideas or direction about how to do this would be enormously >appreciated. > >-- >Best regards, > mikesz mailto:mikesz at qualityadvantages.com mikesz: To time form submission is a reasonable safeguard check. It's nothing to time it, just check server-side when the form is served to the browser and when the form is submitted back to the server. Here's a demo with code: http://www.webbytedd.com/b/timed-form Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From paulcheung at tiscali.co.uk Tue Oct 7 11:25:42 2008 From: paulcheung at tiscali.co.uk (PaulCheung) Date: Tue, 7 Oct 2008 16:25:42 +0100 Subject: [nycphp-talk] E-Commerce Shopping Carts References: <0K80001GJAB5CFT0@mta5.srv.hcvlny.cv.net> Message-ID: Hi Michele Thanks for your help, it was and still is very much appreciated. Just to let you know I am using a UK providor named PROTX and they have thing called VSPxxxxx-KIT which follows a lot of what you discribe plus lots of PHPcoded examples of all the bits and bobs needed for the shopping cart. So once again thank you for your help. Paul ----- Original Message ----- From: "(Margaret) Michele Waldman" To: "'NYPHP Talk'" Sent: Tuesday, September 30, 2008 12:23 PM Subject: RE: [nycphp-talk] E-Commerce Shopping Carts > Paul, > > Are you writing a shopping cart from scatch. > > I don't think this is the easiest way to implement a shopping cart. > > There are two open source shopping carts that I know about, oscommerce and > zencart. Plus, there are many inexpensive shopping carts. > > Zencart handles the payment notifications. If you use a non supported or > merchant that doesn't have a plugin available, you have to write some of > the > gateway yourself, but all of the email notifications come canned. > > As far as the payment gateway. If I'm correct, via curl or whatever you > sent connect to the merchant and request a payment, they return a success > or > non success value, after which you can send an email. > > You get the response right away, so I don't know why you want to poll. > > Here's so snippets of code: > > $QBMS_XML_Credit_Card_Charge = ' > > > > > '.$QBMS_Auth.' > > > > > > > > '.$QBMS_TransRequestID.' > > '.$_POST['CreditCardNumber'].' > > '.$_POST['ExpirationMonth'].' > > '.$_POST['ExpirationYear'].' > > true > > '.$_POST['Amount'].' > > '.$_POST['CreditCardOwner'].' > > '.$_POST['CreditCardAddress'].' > > '.$_POST['CreditCardPostalCode'].' de> > > '.$_POST['CardSecurityCode'].' > > > > > > '; > $QBMS_chargeRq = $this->qbms_call($QBMS_ApplicationPath, > $QBMS_XML_Credit_Card_Charge, MODULE_PAYMENT_QBMS_SSL_CERT); > > // Get the statusCode > $QBMS_ChargeRq_Status = 1; > $posLeft = strpos($QBMS_chargeRq, " statusCode=\"")+strlen(" $posRight = strpos($QBMS_chargeRq, "\"", $posLeft+1); > $QBMS_ChargeRq_Status = intval(substr($QBMS_chargeRq, $posLeft, > $posRight-$posLeft)); > > // QBMS will return statusCode="0" or "10100" if charge was > successful > switch ($QBMS_ChargeRq_Status) > { > case 0: > case 10100: > $this->qbms_charge_success($QBMS_chargeRq); > return; > case 10301: > case 10400: > case 10401: > case 10402: > case 10404: > case 10407: > case 10409: > $error = MODULE_PAYMENT_QBMS_TEXT_DECLINED; > break; > default: > $error = MODULE_PAYMENT_QBMS_TEXT_SYSTEM_ERROR . " " . > $QBMS_ChargeRq_Status . " "; > break; > } > $payment_error_return = 'payment_error=' . $this->code . '&error=' . > urlencode($error) . '&qbms_cc_owner=' . > urlencode($_POST['CreditCardOwner']) > . '&qbms_cc_expires_month=' . $_POST['ExpirationMonth'] . > '&qbms_cc_expires_year=' . $_POST['ExpirationYear']; > zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, > $payment_error_return, 'SSL', true, false)); > } > > > function qbms_call($qbmsURL, $qbmsRequest, $qbmsCert) { > global $_POST; > $PHP_Header[] = "Content-type: application/x-qbmsxml"; > $PHP_Header[] = "Content-length: ".strlen($qbmsRequest); > > $clientURL = curl_init(); > > curl_setopt($clientURL, CURLOPT_POST, 1); > curl_setopt($clientURL, CURLOPT_RETURNTRANSFER, 1); > curl_setopt($clientURL, CURLOPT_CUSTOMREQUEST, 'POST'); > curl_setopt($clientURL, CURLOPT_URL, $qbmsURL); > // curl_setopt($clientURL, CURLOPT_TIMEOUT, 60); > curl_setopt($clientURL, CURLOPT_HTTPHEADER, $PHP_Header); > curl_setopt($clientURL, CURLOPT_POSTFIELDS, $qbmsRequest); > curl_setopt($clientURL, CURLOPT_VERBOSE, 1); > curl_setopt($clientURL, CURLOPT_SSL_VERIFYPEER, 1); > // if (MODULE_PAYMENT_QBMS_HOSTEDORDESKTOP == 'Hosted') { > // curl_setopt($clientURL, CURLOPT_SSLCERT, $qbmsCert); > // } > curl_setopt($clientURL, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); > //?? > curl_setopt ($clientURL, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); > curl_setopt ($clientURL, > CURLOPT_PROXY,"http://proxy.shr.secureserver.net:3128"); > // if (MODULE_PAYMENT_QBMS_IP_ADDRESS != '') { > // curl_setopt($clientURL, CURLOPT_INTERFACE, > MODULE_PAYMENT_QBMS_IP_ADDRESS); > // } > > $qbmsResponse = curl_exec($clientURL); > > if ((curl_errno($clientURL)) || ($qbmsResponse == 1)) { > > $curlerrno = curl_errno($clientURL); > $error = MODULE_PAYMENT_QBMS_TEXT_SYSTEM_ERROR; > $payment_error_return = 'payment_error=' . $this->code . '&error=' . > urlencode($error) . '&qbms_cc_owner=' . > urlencode($_POST['CreditCardOwner']) > . '&qbms_cc_expires_month=' . $_POST['ExpirationMonth'] . > '&qbms_cc_expires_year=' . $_POST['ExpirationYear']; > zen_redirect(zen_href_link(FILENAME_CHECKOUT_PAYMENT, > $payment_error_return, 'SSL', true, false)); > } else { > curl_close($clientURL); > } > > return $qbmsResponse; > } > > Michele > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On > Behalf Of PaulCheung > Sent: Tuesday, September 30, 2008 4:49 AM > To: NYPHP Talk > Subject: [nycphp-talk] E-Commerce Shopping Carts > > Hi, > > Can anybody help?? I have run into a major problem, I do not understand > how > shopping carts work. I have tried asking technical support of the likes of > PayPal, while they are all very knowledgeable businesswise, they are not > PHP > > developers. I was told that I should check my email periodically. > > As a shopping cart newbie using PHP, I am lost. I understand it is develop > myself or much the easiest and best way is to use a shopping cart, which I > agree with. > >>From a merchant's point of view, here is what I want. Once payment has >>been > > made and confirmed, I want a token confirming payment (payment info) to be > sent to my site and then, without manual intervention, I want to dispatch > a > confirmation email to the customer an invoice and then the goods/services > to > > the customer. > > Is there a way of automatically polling for this info?? Is there a better > of doing things?? > > Cheers > > Paul > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From lists at zaunere.com Tue Oct 7 12:35:12 2008 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 7 Oct 2008 12:35:12 -0400 Subject: [nycphp-talk] new vs clone Performance Message-ID: <00ab01c9289a$ababd6d0$03038470$@com> Hi all, Out of curiosity, I wanted to get some benchmarks on using the new operator vs cloning. I wrote a simple script, attached, which is fun to play with. Upshot: clone is faster if used correctly (and depending on the object's operations). Also some interesting observations in the script itself, and I'm interested in hearing other's observations/experiences. By the way, PHP Meetup tonight at Pound & Pence: http://php.meetup.com/430/ See you there. Best, --- Hans Zaunere / Managing Member / New York PHP www.nyphp.org / ?www.nyphp.com -------------- next part -------------- A non-text attachment was scrubbed... Name: new-vs-clone-performance.psh Type: application/octet-stream Size: 1495 bytes Desc: not available URL: From chsnyder at gmail.com Tue Oct 7 12:44:37 2008 From: chsnyder at gmail.com (csnyder) Date: Tue, 7 Oct 2008 12:44:37 -0400 Subject: [nycphp-talk] new vs clone Performance In-Reply-To: <00ab01c9289a$ababd6d0$03038470$@com> References: <00ab01c9289a$ababd6d0$03038470$@com> Message-ID: On Tue, Oct 7, 2008 at 12:35 PM, Hans Zaunere wrote: > > Out of curiosity, I wanted to get some benchmarks on using the new operator > vs cloning. I wrote a simple script, attached, which is fun to play with. > Upshot: clone is faster if used correctly (and depending on the object's > operations). Also some interesting observations in the script itself, and > I'm interested in hearing other's observations/experiences. > By faster, how much faster do you mean? I never really thought of doing this kind of optimization, but it would be pretty easy to re-pattern object creation _if it was significantly faster_. The script ran out of memory on my Mac, what kind of speedup are you seeing, Hans? chris. From lists at zaunere.com Tue Oct 7 12:53:49 2008 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 7 Oct 2008 12:53:49 -0400 Subject: [nycphp-talk] new vs clone Performance In-Reply-To: References: <00ab01c9289a$ababd6d0$03038470$@com> Message-ID: <00b801c9289d$4596ff70$d0c4fe50$@com> > > Out of curiosity, I wanted to get some benchmarks on using the new operator > > vs cloning. I wrote a simple script, attached, which is fun to play with. > > Upshot: clone is faster if used correctly (and depending on the object's > > operations). Also some interesting observations in the script itself, and > > I'm interested in hearing other's observations/experiences. > > > > By faster, how much faster do you mean? Run the script :) It depends a lot on the class (and the use of __clone() and the heaviness of the class initialization in __construct()) but I was seeing consistent 20% - 30% across various classes. It's fun to play around with, using various builtin classes, and user defined ones. Sometimes, though, the increase was dramatic (use stdClass for example). > I never really thought of doing this kind of optimization, but it > would be pretty easy to re-pattern object creation _if it was > significantly faster_. The script ran out of memory on my Mac, what > kind of speedup are you seeing, Hans? Put $OCount to something smaller, like 100,000 or 10,000 Significantly faster will be a hard thing to quantify. Doing $OCount runs of 1,000,000 typically yielded only a fraction of seconds improvements (and that's when creating 1 million objects which no application really does). So I'm not sure how much of a real improvement this would have for a typical application. That said, the reason I started investigating this was because of APC. Theory being, create objects upon first request when the server comes online, cache them in APC, and then clone them as needed during subsequent requests. Depending on the object's initialization pattern, this could yield some real per-request performance gains. Of course, investigating APC's performance is TBD. Long story short, APC's dopy serialization/un-serialization of variables may make this all moot. --- Hans Zaunere / Managing Member / New York PHP www.nyphp.org / www.nyphp.com From rahmin at insite-out.com Tue Oct 7 14:56:24 2008 From: rahmin at insite-out.com (Rahmin Pavlovic) Date: Tue, 7 Oct 2008 14:56:24 -0400 Subject: [nycphp-talk] cURL question In-Reply-To: <00b801c9289d$4596ff70$d0c4fe50$@com> References: <00ab01c9289a$ababd6d0$03038470$@com> <00b801c9289d$4596ff70$d0c4fe50$@com> Message-ID: Hi, all: I'm wondering what the best way to do this is (may not be cURL): I'm currently building an API to connect to an HTTPS server. My first script POSTs login data as cleartext by way of cURL. The HTTPS server throws a secure cookie back at me, set to expire within 24 hours. So far, so good. Within that 24 hour period, I'd like a separate script (on the same server) to make subsequent requests; passing the authentication along such that HTTPS knows who I am. What's the best way to do that? Am I trying to re-invent the wheel here? From ka at kacomputerconsulting.com Tue Oct 7 15:32:12 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Tue, 7 Oct 2008 12:32:12 -0700 Subject: [nycphp-talk] front end list address Message-ID: <1223407932.32036@coral.he.net> Anyone remember the email address for that "front end dev/CSS" list that's been mentioned? Thanks. -- Kristina From ramons at gmx.net Tue Oct 7 15:45:13 2008 From: ramons at gmx.net (David Krings) Date: Tue, 07 Oct 2008 15:45:13 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> <5d515c620810070542q56cd8638mba09be0f00448470@mail.gmail.com> Message-ID: <48EBBC49.8080707@gmx.net> Brent Baisley wrote: > If you put a time stamp in the form, you should also include a "check" > to make sure the time was not changed and/or forged (which is very > easy to do). I think this is just for test metrics. While it is right that one can do that I doubt it applies in this case. David From michael.southwell at nyphp.com Tue Oct 7 15:50:54 2008 From: michael.southwell at nyphp.com (Michael Southwell) Date: Tue, 07 Oct 2008 15:50:54 -0400 Subject: [nycphp-talk] front end list address In-Reply-To: <1223407932.32036@coral.he.net> References: <1223407932.32036@coral.he.net> Message-ID: <48EBBD9E.7070001@nyphp.com> Kristina Anderson wrote: > Anyone remember the email address for that "front end dev/CSS" list > that's been mentioned? http://lists.nyphp.org/mailman/listinfo -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From tmpvar at gmail.com Tue Oct 7 16:06:56 2008 From: tmpvar at gmail.com (Elijah Insua) Date: Tue, 07 Oct 2008 13:06:56 -0700 Subject: [nycphp-talk] cURL question In-Reply-To: References: <00ab01c9289a$ababd6d0$03038470$@com> <00b801c9289d$4596ff70$d0c4fe50$@com> Message-ID: <48EBC160.6050306@gmail.com> Rahmin, As best practice you should secure your login data by sending it over https. Curl handles cookies rather well and should work for your needs. Regards, Elijah Insua > > > I'm currently building an API to connect to an HTTPS server. My first > script POSTs login data as cleartext by way of cURL. The HTTPS server > throws a secure cookie back at me, set to expire within 24 hours. So > far, so good. > > Within that 24 hour period, I'd like a separate script (on the same > server) to make subsequent requests; passing the authentication along > such that HTTPS knows who I am. > > What's the best way to do that? > > Am I trying to re-invent the wheel here? > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From 1j0lkq002 at sneakemail.com Tue Oct 7 16:59:58 2008 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Tue, 07 Oct 2008 13:59:58 -0700 Subject: [nycphp-talk] [OT] notebook recommendations - last call, Lenovo T400 or T61?? In-Reply-To: <01c701c8f9c2$c1b20460$45160d20$@com> References: <000101c8f818$17998620$46cc9260$@com> <32075-68096@sneakemail.com> <847-77570@sneakemail.com> <01c701c8f9c2$c1b20460$45160d20$@com> Message-ID: <6547-93446@sneakemail.com> Hans Zaunere lists-at-zaunere.com |nyphp MAIN ONE dev/internal group use| wrote: >>On the (excellent) advice of the PHP community almost 4 years ago, I >>bought a Thinkpad t42p. I still love it but it's time to plan retirement. >> >>Can anyone recommend the Lenovo t61p as a replacement, or is there >>something clearly better? No, I'm not going to switch to a mac. Thanks. >> >> > >I'm not paid, but I would definitely go with another Lenovo. I have the >T61P and the only thing I'm waiting for is getting the new T400/T500. > > Yes I know I started looking for a new notebook 2 months ago but I've been busy! -- now it's "last call" and I wonder if anyone has real-world experience with the new T400 vs. the T61? From lists at zaunere.com Tue Oct 7 17:27:13 2008 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 7 Oct 2008 17:27:13 -0400 Subject: [nycphp-talk] Blog Posts with Embedded Content Message-ID: <00ed01c928c3$7715a210$6540e630$@com> Hello, So people post blogs, which may include a youtube link or image or href embedded. In one part of the application, they want to show only the first X number of characters, before forcing a user to login. So we need to cut the submitted text at this character count, yet, of course, not cut in the middle of a tag. This has turned into a considerable annoyance and I'm wondering if anyone has a quick tip/pointer to a resource to solve this - without writing excessive text parsing code. My general plan (although I hope someone has something better) is to: -- write a function like DeltaOffsets( $Raw, $Stripped) where $Raw is the $Raw post and $Stripped is the post run through strip_tags. -- the function would return an array with the positions relative to the $Raw post of where the stripped text has started/stopped. -- then upon writing to the browser, we could intelligently insert stripped tags up to the cut-off-point of real text (ie, not counting the stripped tags). Although this seems like a lot of work for something that must be done all the time, right? Thoughts on how the other blog engines handle this? There's got to be an easier way...? Yes, security is another issue... H From ka at kacomputerconsulting.com Tue Oct 7 20:19:43 2008 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Tue, 7 Oct 2008 17:19:43 -0700 Subject: [nycphp-talk] front end list address Message-ID: <1223425183.29817@coral.he.net> Thanks Michael! > Kristina Anderson wrote: > > Anyone remember the email address for that "front end dev/CSS" list > > that's been mentioned? > > http://lists.nyphp.org/mailman/listinfo > > > > -- > ================= > Michael Southwell > Vice President, Education > NYPHP TRAINING: http://nyphp.com/Training/Indepth > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > ------------------- Kristina From jcampbell1 at gmail.com Tue Oct 7 21:19:25 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 7 Oct 2008 21:19:25 -0400 Subject: [nycphp-talk] Blog Posts with Embedded Content In-Reply-To: <00ed01c928c3$7715a210$6540e630$@com> References: <00ed01c928c3$7715a210$6540e630$@com> Message-ID: <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com> On Tue, Oct 7, 2008 at 5:27 PM, Hans Zaunere wrote: > In one part of the application, they want to show only the first X number of > characters, before forcing a user to login. So we need to cut the submitted > text at this character count, yet, of course, not cut in the middle of a > tag. > > This has turned into a considerable annoyance and I'm wondering if anyone > has a quick tip/pointer to a resource to solve this - without writing > excessive text parsing code. Interesting question, I have searched unsuccessfully for a solution to this in the past with no luck. I hacked together a solution for you, but I am not sure I would put it in production. It is reasonably safe because it escapes everything it doesn't recognize as a tag. If you use it, I would filter out all but a whitelist of tags (e.g. a,b,i,blockquote,strong) before passing it to the function. See the code at: http://php.pastebin.com/f7f5262cb The safest approach is probably to pass the html through tidy, and then into DOM, and traverse and count the length of text nodes, but that would be quite slow if you ran it on every request. Regards, John Campbell From chsnyder at gmail.com Wed Oct 8 14:15:38 2008 From: chsnyder at gmail.com (csnyder) Date: Wed, 8 Oct 2008 14:15:38 -0400 Subject: [nycphp-talk] Blog Posts with Embedded Content In-Reply-To: <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com> References: <00ed01c928c3$7715a210$6540e630$@com> <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com> Message-ID: On Tue, Oct 7, 2008 at 9:19 PM, John Campbell wrote: > The safest approach is probably to pass the html through tidy, and > then into DOM, and traverse and count the length of text nodes, but > that would be quite slow if you ran it on every request. Right, +1 for Tidy and DOM, it's the "real" way to do it. You won't need to do it on every request -- you can either store the summary itself as a separate text field, or store the length of the summary as an integer. This is crying out for a web service: The Excerpter. POST markup, get the first X display characters back as a response, with embedded HTML intact. Chris Snyder http://chxor.chxo.com/ From kenrbnsn at rbnsn.com Wed Oct 8 14:53:33 2008 From: kenrbnsn at rbnsn.com (Ken Robinson) Date: Wed, 8 Oct 2008 14:53:33 -0400 Subject: [nycphp-talk] Integrating Drupal 6 & KnowledgeTree In-Reply-To: References: <00ed01c928c3$7715a210$6540e630$@com> <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com> Message-ID: <018601c92977$2b359a30$81a0ce90$@com> Hi, Does anyone on the list have experience integrating Drupal 6 & KnowledgeTree? I've installed Knowledge Tree and the KT Module. It seems to work, except that when I connect from within Drupal, the output is restricted to a very small area of the screen and there are no scrollbars. Ken From tegwe002 at umn.edu Wed Oct 8 16:19:45 2008 From: tegwe002 at umn.edu (Joelle Tegwen) Date: Wed, 08 Oct 2008 15:19:45 -0500 Subject: [nycphp-talk] Restian PHP on IIS with encoded urls Message-ID: <48ED15E1.7040204@umn.edu> I'm writing a web services application on PHP 5.2. I develop on Linux/Apache but our test/production servers are running IIS 6 So I'm kind of clueless about how to configure IIS. Thanks in advance for any assistance. The problem that I'm having is that IIS is decoding encoded portions of my urls before they hit php, and that is making parsing an encoded rest url very difficult. I did google this and found a server variable "UNENCODED_URL" but it doesn't seem to be populated on my server. I found some references to the IIS Metabase, but nothing about what I would change to get what I want out of the server. Short version of the question: How do I get the original encoded URL in IIS? The URL I'm parsing is: http://localhost/resources/services.php/ttaf/transform/http%3A%2F%2Ficitest1.education.umn.edu%2Fici%2Fwelcome%2Fcaptions_ici_ttf.xml/http%3A%2F%2Ficitest1.education.umn.edu%2Fici%2Fwelcome%2Ftranscript.xsl Which I want to parse to ttaf transform http%3A%2F%2Flocalhost%2Fici%2Fwelcome%2Fcaptions_ici_ttf.xml http%3A%2F%2Ficitest1.education.umn.edu%2Fici%2Fwelcome%2Ftranscript.xsl Long explanation if needed/useful: To reduce the complexity of maintaining web server environments on several machines (developer and servers) we try to do everything inside of native PHP. This means no mod_rewrite or similar tools unless they are irreplaceable. In Apache I get [REQUEST_URI] => /resources/services.php/ttaf/transform/http%3A%2F%2Flocalhost%2Fsandbox%2Fflashxslt%2Fcaptions_ici_ttf.xml/http%3A%2F%2Flocalhost%2Fsandbox%2Fflashxslt%2Ftranscript.xsl [SCRIPT_NAME] => /resources/services.php which I can then parse out. In IIS I get: [PATH_INFO] => /ttaf/transform/http:/icitest1.education.umn.edu/ici/welcome/captions_ici_ttf.xml/http:/icitest1.education.umn.edu/ici/welcome/transcript.xsl [PATH_TRANSLATED] => c:/inetpub/wwwroot/ttaf/transform/http:/icitest1.education.umn.edu/ici/welcome/captions_ici_ttf.xml/http:/icitest1.education.umn.edu/ici/welc [ORIG_PATH_INFO] => /resources/services.php/ttaf/transform/http:/icitest1.education.umn.edu/ici/welcome/captions_ici_ttf.xml/http:/icitest1.education.umn.edu/ici/welcome/transcript.xsl [ORIG_PATH_TRANSLATED] => c:\inetpub\wwwroot\resources\services.php\ttaf\transform\http:\icitest1.education.umn.edu\ici\welcome\captions_ici_ttf.xml\http:\icitest1.education.umn.edu\ici\welcome\transcript.xsl But they're all already decoded. Thanks! Joelle From jeff987654 at yahoo.com Wed Oct 8 16:36:29 2008 From: jeff987654 at yahoo.com (Jeff Siegel) Date: Wed, 8 Oct 2008 13:36:29 -0700 (PDT) Subject: [nycphp-talk] Determine if your site has been defaced Message-ID: <610851.13440.qm@web110008.mail.gq1.yahoo.com> Anyone know of a PHP script that can be run from a cron and which can check whether a website has been defaced? Thanks, Jeff From dcech at phpwerx.net Wed Oct 8 16:39:57 2008 From: dcech at phpwerx.net (Dan Cech) Date: Wed, 08 Oct 2008 16:39:57 -0400 Subject: [nycphp-talk] Determine if your site has been defaced In-Reply-To: <610851.13440.qm@web110008.mail.gq1.yahoo.com> References: <610851.13440.qm@web110008.mail.gq1.yahoo.com> Message-ID: <48ED1A9D.50504@phpwerx.net> Jeff Siegel wrote: > Anyone know of a PHP script that can be run from a cron and which can check whether a website has been defaced? cURL + preg would do the trick I'd imagine. Dan From tim_lists at o2group.com Wed Oct 8 16:43:03 2008 From: tim_lists at o2group.com (Tim Lieberman) Date: Wed, 8 Oct 2008 14:43:03 -0600 Subject: [nycphp-talk] Determine if your site has been defaced In-Reply-To: <610851.13440.qm@web110008.mail.gq1.yahoo.com> References: <610851.13440.qm@web110008.mail.gq1.yahoo.com> Message-ID: <3399FDD7-4124-4C5A-B814-C47C12A6FAED@o2group.com> Pretty trivial to write one if you can come up with a decent definition for "defaced". For what's supposed to be a static page, you could use "Changed" as the definition for defaced. If the content changes, you could test for some string that should always be there. Either one can probably be tested in just a handful of lines of PHP. -Tim On Oct 8, 2008, at 2:36 PM, Jeff Siegel wrote: > Anyone know of a PHP script that can be run from a cron and which > can check whether a website has been defaced? > > Thanks, > > Jeff > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From codebowl at gmail.com Wed Oct 8 16:43:49 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 8 Oct 2008 16:43:49 -0400 Subject: [nycphp-talk] Determine if your site has been defaced In-Reply-To: <610851.13440.qm@web110008.mail.gq1.yahoo.com> References: <610851.13440.qm@web110008.mail.gq1.yahoo.com> Message-ID: <97119C14-E35B-4E5B-8B2B-3DB395BA3340@gmail.com> there is a nice os x application that can be used for this, I am not sure if you use OS X though :) http://sunflower.coleharbour.ca/ On Oct 8, 2008, at 4:36 PM, Jeff Siegel wrote: > Anyone know of a PHP script that can be run from a cron and which > can check whether a website has been defaced? > > Thanks, > > Jeff > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From jcampbell1 at gmail.com Wed Oct 8 16:45:38 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Wed, 8 Oct 2008 16:45:38 -0400 Subject: [nycphp-talk] Determine if your site has been defaced In-Reply-To: <610851.13440.qm@web110008.mail.gq1.yahoo.com> References: <610851.13440.qm@web110008.mail.gq1.yahoo.com> Message-ID: <8f0676b40810081345s4ee82f39ycaacd03e70af7cce@mail.gmail.com> On Wed, Oct 8, 2008 at 4:36 PM, Jeff Siegel wrote: > Anyone know of a PHP script that can be run from a cron and which can check whether a website has been defaced? I use Google Alerts, and use a search query like: site:example.com viagra OR levitra OR cialis OR penis OR hacked It's not fool proof, but it takes about 10 seconds to setup. Regards, John Campbell From sbeam at onsetcorps.net Wed Oct 8 16:53:33 2008 From: sbeam at onsetcorps.net (sbeam) Date: Wed, 8 Oct 2008 16:53:33 -0400 Subject: [nycphp-talk] Determine if your site has been defaced In-Reply-To: <48ED1A9D.50504@phpwerx.net> References: <610851.13440.qm@web110008.mail.gq1.yahoo.com> <48ED1A9D.50504@phpwerx.net> Message-ID: <200810081653.33634.sbeam@onsetcorps.net> On Wednesday 08 October 2008 16:39, Dan Cech wrote: > Jeff Siegel wrote: > > Anyone know of a PHP script that can be run from a cron and which can > > check whether a website has been defaced? > > cURL + preg would do the trick I'd imagine. interesting :) but yeah PHP is not needed. also md5/sha1 might do the trick, combined with curl GOODHASH=399257fc956120012baf094ffd7eed9b; \ HASH=`curl -s www.yoursite.com | md5sum`; \ if [ "$HASH" != "$GOODHASH" ]; then mail -s "uh-oh" you at yoursite.com; fi where you first get the value of "GOODHASH" with the same command as in HASH above. enjoy, Sam From chsnyder at gmail.com Wed Oct 8 17:02:46 2008 From: chsnyder at gmail.com (csnyder) Date: Wed, 8 Oct 2008 17:02:46 -0400 Subject: [nycphp-talk] Restian PHP on IIS with encoded urls In-Reply-To: <48ED15E1.7040204@umn.edu> References: <48ED15E1.7040204@umn.edu> Message-ID: On Wed, Oct 8, 2008 at 4:19 PM, Joelle Tegwen wrote: > In IIS I get: > [PATH_INFO] => > /ttaf/transform/http:/icitest1.education.umn.edu/ici/welcome/captions_ici_ttf.xml/http:/icitest1.education.umn.edu/ici/welcome/transcript.xsl This isn't going to answer your question, but you can pretty much guarantee that the token 'http:' isn't going to be part of a url, so you could use that to split PATH_INFO into its component parts. Kludgey, but you could make it work... Chris Snyder http://chxor.chxo.com/ From chsnyder at gmail.com Wed Oct 8 17:04:46 2008 From: chsnyder at gmail.com (csnyder) Date: Wed, 8 Oct 2008 17:04:46 -0400 Subject: [nycphp-talk] Determine if your site has been defaced In-Reply-To: <8f0676b40810081345s4ee82f39ycaacd03e70af7cce@mail.gmail.com> References: <610851.13440.qm@web110008.mail.gq1.yahoo.com> <8f0676b40810081345s4ee82f39ycaacd03e70af7cce@mail.gmail.com> Message-ID: On Wed, Oct 8, 2008 at 4:45 PM, John Campbell wrote: > On Wed, Oct 8, 2008 at 4:36 PM, Jeff Siegel wrote: >> Anyone know of a PHP script that can be run from a cron and which can check whether a website has been defaced? > > I use Google Alerts, and use a search query like: > > site:example.com viagra OR levitra OR cialis OR penis OR hacked > > It's not fool proof, but it takes about 10 seconds to setup. > Don't the alerts get nabbed by your spam filter? From ajai at bitblit.net Wed Oct 8 17:09:44 2008 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 8 Oct 2008 17:09:44 -0400 (EDT) Subject: [nycphp-talk] Freelancing Message-ID: What sites do people use to bid on freelance PHP projects? -- Aj. From codebowl at gmail.com Wed Oct 8 17:32:10 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 8 Oct 2008 17:32:10 -0400 Subject: [nycphp-talk] Freelancing In-Reply-To: References: Message-ID: The bestr i have used is guru.com but it's hard to get established. Once you get a few jobs it gets easier. On Oct 8, 2008, at 5:09 PM, Ajai Khattri wrote: > > What sites do people use to bid on freelance PHP projects? > > > -- > Aj. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From jeff987654 at yahoo.com Wed Oct 8 20:31:07 2008 From: jeff987654 at yahoo.com (Jeff Siegel) Date: Wed, 8 Oct 2008 17:31:07 -0700 (PDT) Subject: [nycphp-talk] Determine if your site has been defaced Message-ID: <746220.22089.qm@web110013.mail.gq1.yahoo.com> Thanks to all for your suggestions. Since the sites are usually dynamic...I kinda like Tim's suggestion of placing a string on the page, perhaps in a set of comment tags, and parsing for that string. Jeff From matt at atopia.net Thu Oct 9 12:28:58 2008 From: matt at atopia.net (Matt Juszczak) Date: Thu, 9 Oct 2008 12:28:58 -0400 (EDT) Subject: [nycphp-talk] Collaborative Software Message-ID: <20081009122616.V63110@mercury.atopia.net> A little OT, but since it will most likely be programmed in PHP, I'm looking to see what others have developed and/or used. I need to setup an "Intranet" for my FTJ. In this Intranet I was going to include a bunch of things, like nagios, cacti, and a wiki. The problem is that the requirements for the Intranet go well beyond what a simple wiki can accomplish. Not only do we need a wiki for documentation, but we also need a way to: - Share files with versioninng - Create tickets for tasks (RT?) - Track bugs (bugzilla?) and new feature requests for development - "Project manage" new development projects - etc. I was going to setup tikiwiki or dokuwiki, along with bugzilla, and perhaps RT, and a few other things, but I was wondering if anyone could recommend an "all in one" solution that includes wiki+file sharing+project manangement tools+ticketing+task tracking, etc. If not, I'll most likely go the independent software route. Thanks for any suggestions! -Matt From zippy1981 at gmail.com Thu Oct 9 12:38:11 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Thu, 9 Oct 2008 12:38:11 -0400 Subject: [nycphp-talk] Collaborative Software In-Reply-To: <20081009122616.V63110@mercury.atopia.net> References: <20081009122616.V63110@mercury.atopia.net> Message-ID: <5458db3c0810090938k7ce9facej7878f43a02cbd88c@mail.gmail.com> http://trac.edgewall.org/ This combines much of the wiki info. If you need to share files with versioning. you have two options. The first is SharePoint. This is expensive, especially for a PHP shop. The second is just to stored the files ina a Doc folder in subversion. Then you can just serve up subversion over https to view the files. If you have MACS accessing this repo be sure to read this: http://www.netmojo.ca/blog/2007/05/03/subversion-webdav-osx/ On Thu, Oct 9, 2008 at 12:28 PM, Matt Juszczak wrote: > A little OT, but since it will most likely be programmed in PHP, I'm > looking to see what others have developed and/or used. > > I need to setup an "Intranet" for my FTJ. In this Intranet I was going to > include a bunch of things, like nagios, cacti, and a wiki. > > The problem is that the requirements for the Intranet go well beyond what a > simple wiki can accomplish. Not only do we need a wiki for documentation, > but we also need a way to: > > - Share files with versioninng > - Create tickets for tasks (RT?) > - Track bugs (bugzilla?) and new feature requests for development > - "Project manage" new development projects > - etc. > > I was going to setup tikiwiki or dokuwiki, along with bugzilla, and perhaps > RT, and a few other things, but I was wondering if anyone could recommend an > "all in one" solution that includes wiki+file sharing+project manangement > tools+ticketing+task tracking, etc. > > If not, I'll most likely go the independent software route. Thanks for any > suggestions! > > -Matt > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at atopia.net Thu Oct 9 12:40:54 2008 From: matt at atopia.net (Matt Juszczak) Date: Thu, 9 Oct 2008 12:40:54 -0400 (EDT) Subject: [nycphp-talk] Collaborative Software In-Reply-To: <5458db3c0810090938k7ce9facej7878f43a02cbd88c@mail.gmail.com> References: <20081009122616.V63110@mercury.atopia.net> <5458db3c0810090938k7ce9facej7878f43a02cbd88c@mail.gmail.com> Message-ID: <20081009123951.R74607@mercury.atopia.net> > http://trac.edgewall.org/ > This combines much of the wiki info. We've been using this already, but not impressed at all. > If you need to share files with versioning. you have two options. The first > is SharePoint. This is expensive, especially for a PHP shop. The second is > just to stored the files ina a Doc folder in subversion. Then you can just > serve up subversion over https to view the files. If you have MACS accessing > this repo be sure to read this: Considered the web-based SVN repository, but were looking to see if there was another solution. What are your thoughts on tikiwiki? > http://www.netmojo.ca/blog/2007/05/03/subversion-webdav-osx/ > > On Thu, Oct 9, 2008 at 12:28 PM, Matt Juszczak wrote: > >> A little OT, but since it will most likely be programmed in PHP, I'm >> looking to see what others have developed and/or used. >> >> I need to setup an "Intranet" for my FTJ. In this Intranet I was going to >> include a bunch of things, like nagios, cacti, and a wiki. >> >> The problem is that the requirements for the Intranet go well beyond what a >> simple wiki can accomplish. Not only do we need a wiki for documentation, >> but we also need a way to: >> >> - Share files with versioninng >> - Create tickets for tasks (RT?) >> - Track bugs (bugzilla?) and new feature requests for development >> - "Project manage" new development projects >> - etc. >> >> I was going to setup tikiwiki or dokuwiki, along with bugzilla, and perhaps >> RT, and a few other things, but I was wondering if anyone could recommend an >> "all in one" solution that includes wiki+file sharing+project manangement >> tools+ticketing+task tracking, etc. >> >> If not, I'll most likely go the independent software route. Thanks for any >> suggestions! >> >> -Matt >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > From lists at enobrev.com Thu Oct 9 14:35:11 2008 From: lists at enobrev.com (Mark Armendariz) Date: Thu, 9 Oct 2008 14:35:11 -0400 Subject: [nycphp-talk] [OT] NYC Laywer Recommendation? Message-ID: <58f08dcf0810091135s6f1c3f40s95d38beb53b049c8@mail.gmail.com> I'm not in any trouble or anything. I need to get a software license in order for a client. Can anyone recommend a laywer here in NYC? Please respond off list. Sorry for the OT, but this is in-fact PHP related as it covers a PHP application. Thanks!! Mark From greg.rundlett at gmail.com Thu Oct 9 14:36:07 2008 From: greg.rundlett at gmail.com (Greg Rundlett) Date: Thu, 9 Oct 2008 14:36:07 -0400 Subject: [nycphp-talk] Collaborative Software In-Reply-To: <20081009122616.V63110@mercury.atopia.net> References: <20081009122616.V63110@mercury.atopia.net> Message-ID: <5e2aaca40810091136p1e330f78tc03145f123d1bf02@mail.gmail.com> On Thu, Oct 9, 2008 at 12:28 PM, Matt Juszczak wrote: > A little OT, but since it will most likely be programmed in PHP, I'm looking > to see what others have developed and/or used. > > I need to setup an "Intranet" for my FTJ. In this Intranet I was going to > include a bunch of things, like nagios, cacti, and a wiki. > > The problem is that the requirements for the Intranet go well beyond what a > simple wiki can accomplish. Not only do we need a wiki for documentation, > but we also need a way to: > > - Share files with versioninng > - Create tickets for tasks (RT?) > - Track bugs (bugzilla?) and new feature requests for development > - "Project manage" new development projects > - etc. > > I was going to setup tikiwiki or dokuwiki, along with bugzilla, and perhaps > RT, and a few other things, but I was wondering if anyone could recommend an > "all in one" solution that includes wiki+file sharing+project manangement > tools+ticketing+task tracking, etc. > > If not, I'll most likely go the independent software route. Thanks for any > suggestions! > > -Matt Hi Matt, You can combine KnowledgeTree, Drupal, Subversion, WebDAV / Apache ModDav, WebSVN, Eventum (to do over I'd use Drupal tracker, or something else), FreeMind, MediaWiki, and TaskJuggler into a complete platform. Still, it's a lot of work and depends entirely on adoption/fitting into the organizations workflows. I did not get a chance to actually document or share much of the "how to" of that system, but hope to someday. There are a lot of possibilities out there, but no matter how well crafted the solution is, the success is going to depend more on how motivated and engaged people are in seeing the system meet their needs. I would have to say that even among big/enterprise solutions, there is not a single product that does everything you mention. One other thought is that Ubuntu has a pretty good system (in several parts) that can stand as a model -- but it's neither available to install, nor a single solution. It bears repeating that their system too is highly dependent on agreements between educated participants about methods and procedures of the system. Greg -- skype/aim/irc freephile home office 978-225-8302 greg at freephile.com From ajai at bitblit.net Thu Oct 9 15:31:50 2008 From: ajai at bitblit.net (Ajai Khattri) Date: Thu, 9 Oct 2008 15:31:50 -0400 (EDT) Subject: [nycphp-talk] Collaborative Software In-Reply-To: <5e2aaca40810091136p1e330f78tc03145f123d1bf02@mail.gmail.com> Message-ID: On Thu, 9 Oct 2008, Greg Rundlett wrote: > I would have to say that even among big/enterprise solutions, there is > not a single product that does everything you mention. I haven't looked, but do ZoHo (zoho.com) have some of these pieces? They have also recently opened their platform for third-party apps too (which is very interesting to me). -- Aj. From ben at projectskyline.com Thu Oct 9 16:17:48 2008 From: ben at projectskyline.com (Ben Sgro) Date: Thu, 09 Oct 2008 16:17:48 -0400 Subject: [nycphp-talk] [OT] 1U up for sale (and a lappie) Message-ID: <48EE66EC.2080909@projectskyline.com> Hello, In trying to rid my basement of computers, I have up for grabs: http://www.geeks.com/details.asp?invtid=DL145&cat=SYS I believe we have a RAID setup w/either 250 or 500 GB HD's in RAID1. Best offer (and please pickup only, this thing weighs a ton!) I'm in Brooklyn NY. Also, I have an IBM T61 laptop w/Ubuntu installed. I bought it from http://laclinux.com/en/Start 6 months ago for a research project (HOPE 2008) and I don't need it anymore. That's it! Contact me off list - - Ben I coded PHP on both these computers = ] From mikesz at qualityadvantages.com Sat Oct 11 08:51:37 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sat, 11 Oct 2008 20:51:37 +0800 Subject: [nycphp-talk] Need some understanding about a hacker attack... Message-ID: <79812751.20081011205137@qualityadvantages.com> Hello NYPHP, One of my sites went down yesterday with "Out of Bandwidth". When I checked into it, a badguy had hijacked an application folder called /xml that usually contains one php file that serves the application menu system. I have no idea why the software developer chose this method. The /xml folder is read only (and has always been read only) Yesterday, in addition to the single php file, /xml contained a subfolder called odg which contained a porn distribution application with thousands of images that it was serving the planet though mediacatch.com and myhostdyn.com among others. I have no idea how the badguy got in and my ISP doesn't have a clue either. I got them to delete the junk because the badguy used a Unix system account to create the junk and I was unable to delete with the permissions I have. Now with that gone, I decided to add a .htaccess file to further restrict access to the /xml folder but when I did, the .htaccess file does not respond at all. Here is what I put in there: Options -Indexes order deny,allow Deny from All Allow from 127.0.0.1 localhost I expected that if I tried to access that folder directly that I would get a 403 but instead I got the application intro screen? I checked my test system also and when I do a directory the /xml folder, it shows me the content of the folder which is yet another outcome unexpected. The question I have is Does a folder named /xml have any special status or significance on a linux box that would cause it to act differently than say, an /includes folder that usually generates a blank screen? Any clues would be greatly appreciated. Notice that I haven't gotten into the hack at all, no idea how it happened and the ISP is really vague about what might have happened but is pointing the finger to my app and, of course, his server is completely secure, btw, its a shared server. My guess if that the bad guy ripped off the system account and ran amok on it but nobody is even hinting that this could be a possibility, to the contrary. Getting back to the /xml, why would I be getting the bizarre behavior from it? TIA -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From matt at atopia.net Sat Oct 11 08:53:19 2008 From: matt at atopia.net (matt at atopia.net) Date: Sat, 11 Oct 2008 12:53:19 +0000 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <79812751.20081011205137@qualityadvantages.com> References: <79812751.20081011205137@qualityadvantages.com> Message-ID: <1952377757-1223729639-cardhu_decombobulator_blackberry.rim.net-686289375-@bxe036.bisx.prod.on.blackberry> Are allowoverride and options set correctly in httpd.conf for that directory? -----Original Message----- From: mikesz at qualityadvantages.com Date: Sat, 11 Oct 2008 20:51:37 To: NYPHP Talk Subject: [nycphp-talk] Need some understanding about a hacker attack... Hello NYPHP, One of my sites went down yesterday with "Out of Bandwidth". When I checked into it, a badguy had hijacked an application folder called /xml that usually contains one php file that serves the application menu system. I have no idea why the software developer chose this method. The /xml folder is read only (and has always been read only) Yesterday, in addition to the single php file, /xml contained a subfolder called odg which contained a porn distribution application with thousands of images that it was serving the planet though mediacatch.com and myhostdyn.com among others. I have no idea how the badguy got in and my ISP doesn't have a clue either. I got them to delete the junk because the badguy used a Unix system account to create the junk and I was unable to delete with the permissions I have. Now with that gone, I decided to add a .htaccess file to further restrict access to the /xml folder but when I did, the .htaccess file does not respond at all. Here is what I put in there: Options -Indexes order deny,allow Deny from All Allow from 127.0.0.1 localhost I expected that if I tried to access that folder directly that I would get a 403 but instead I got the application intro screen? I checked my test system also and when I do a directory the /xml folder, it shows me the content of the folder which is yet another outcome unexpected. The question I have is Does a folder named /xml have any special status or significance on a linux box that would cause it to act differently than say, an /includes folder that usually generates a blank screen? Any clues would be greatly appreciated. Notice that I haven't gotten into the hack at all, no idea how it happened and the ISP is really vague about what might have happened but is pointing the finger to my app and, of course, his server is completely secure, btw, its a shared server. My guess if that the bad guy ripped off the system account and ran amok on it but nobody is even hinting that this could be a possibility, to the contrary. Getting back to the /xml, why would I be getting the bizarre behavior from it? TIA -- Best regards, mikesz mailto:mikesz at qualityadvantages.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ramons at gmx.net Sat Oct 11 09:42:46 2008 From: ramons at gmx.net (David Krings) Date: Sat, 11 Oct 2008 09:42:46 -0400 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <79812751.20081011205137@qualityadvantages.com> References: <79812751.20081011205137@qualityadvantages.com> Message-ID: <48F0AD56.1080107@gmx.net> mikesz at qualityadvantages.com wrote: > I checked my test system also and when I do a directory the /xml > folder, it shows me the content of the folder which is yet another > outcome unexpected. > There is a setting in the Apache config that prevents the listing of directories. In a production system that should be always turned off. Also, IIRC you can specify the name of the access file in the config as well, so it may not always be .htaccess, but I cannot think of any plausible reason to change that. But that may be worthwhile to check out. Oh, and at your earliest convenience change the hosting company. If they cannot tell you how such a takeover happened then I wonder what they charge you money for. Anyone with a PC can do that type of hosting... David From mikesz at qualityadvantages.com Sat Oct 11 09:55:34 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sat, 11 Oct 2008 21:55:34 +0800 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <48F0AD56.1080107@gmx.net> References: <79812751.20081011205137@qualityadvantages.com> <48F0AD56.1080107@gmx.net> Message-ID: <1628941357.20081011215534@qualityadvantages.com> Hello David, Saturday, October 11, 2008, 9:42:46 PM, you wrote: > mikesz at qualityadvantages.com wrote: >> I checked my test system also and when I do a directory the /xml >> folder, it shows me the content of the folder which is yet another >> outcome unexpected. >> > There is a setting in the Apache config that prevents the listing of > directories. In a production system that should be always turned off. > Also, IIRC you can specify the name of the access file in the config as well, > so it may not always be .htaccess, but I cannot think of any plausible reason > to change that. But that may be worthwhile to check out. > Oh, and at your earliest convenience change the hosting company. If they > cannot tell you how such a takeover happened then I wonder what they charge > you money for. Anyone with a PC can do that type of hosting... > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ Information from ESET Smart Security, version of virus > signature database 3514 (20081011) __________ > The message was checked by ESET Smart Security. > http://www.eset.com HA! My thoughts exactly. I was blown away when they suggested my scripts without ever checking their log files... Unbelievable! I thought it was a nobrainer to track such a blatant intrusion especially when the time frame of when the breach occurred is known almost to the second. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From dan.horning at planetnoc.com Sat Oct 11 10:00:40 2008 From: dan.horning at planetnoc.com (Dan Horning) Date: Sat, 11 Oct 2008 10:00:40 -0400 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <48F0AD56.1080107@gmx.net> References: <79812751.20081011205137@qualityadvantages.com> <48F0AD56.1080107@gmx.net> Message-ID: <1223733640.6313.12.camel@dan-linux-home.nycap.rr.com> On Sat, 2008-10-11 at 09:42 -0400, David Krings wrote: > mikesz at qualityadvantages.com wrote: > > I checked my test system also and when I do a directory the /xml > > folder, it shows me the content of the folder which is yet another > > outcome unexpected. > > > > There is a setting in the Apache config that prevents the listing of > directories. In a production system that should be always turned off. > Also, IIRC you can specify the name of the access file in the config as well, > so it may not always be .htaccess, but I cannot think of any plausible reason > to change that. But that may be worthwhile to check out. > > Oh, and at your earliest convenience change the hosting company. If they > cannot tell you how such a takeover happened then I wonder what they charge > you money for. Anyone with a PC can do that type of hosting... On one hand i can understand how the host wouldn't know exactly how the files got there - but the file ownership and logs should give much more information away and they should know if it was a shell attack, a remote file inclusion, or any number of common attacks. from your side though - are you using a common code base or module that might be vulnerable, or maybe an old version of a now patched software setup? if you are, what i use then might be something to look for in a web host - we use an intrusion detection system that combines mod_security with some well written rules along with some other software that monitors everything. With that in place although I'm sure there is still a way for someone to find a way into your system, it's incredibly less likely, and the automated attackers would most certainly not work. to answer your question about the .htaccess file - there is also a possibility that the host does not have all of the AllowOverride directive active for your hosting account. in that case some items would work and others wouldn't. next up the content of your .htaccess it's probably not what you wanted to do and i'm nearly positive that the deny/allow isn't working > -Indexes - turns off directory listings you may also need to change this to another name - thus triggering the default not to be shown > DirectoryIndex index.php - that will make the only file index.php that will show up when you did http://host/xml/ (correct me if i'm thinking the other directive it's early) -------------------------------------- > Options -Indexes > > order deny,allow > > > Deny from All > > > > Allow from 127.0.0.1 localhost > this is a working config for something i have running > Options -Indexes > > AuthUserFile /pathto/.htpasswd" > AuthType Basic > AuthName "Staff Only" > Satisfy Any > > > order deny,allow > deny from all > allow from some.ip.add.ress > require valid-user > -- Dan Horning American Digital Services - Where you are only limited by imagination. direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133 dan.horning at planetnoc.com http://www.americandigitalservices.com From dan.horning at planetnoc.com Sat Oct 11 10:01:47 2008 From: dan.horning at planetnoc.com (Dan Horning) Date: Sat, 11 Oct 2008 10:01:47 -0400 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <1628941357.20081011215534@qualityadvantages.com> References: <79812751.20081011205137@qualityadvantages.com> <48F0AD56.1080107@gmx.net> <1628941357.20081011215534@qualityadvantages.com> Message-ID: <1223733707.6313.14.camel@dan-linux-home.nycap.rr.com> On Sat, 2008-10-11 at 21:55 +0800, mikesz at qualityadvantages.com wrote: > Hello David, > > Saturday, October 11, 2008, 9:42:46 PM, you wrote: > > > mikesz at qualityadvantages.com wrote: > >> I checked my test system also and when I do a directory the /xml > >> folder, it shows me the content of the folder which is yet another > >> outcome unexpected. > >> > > > There is a setting in the Apache config that prevents the listing of > > directories. In a production system that should be always turned off. > > Also, IIRC you can specify the name of the access file in the config as well, > > so it may not always be .htaccess, but I cannot think of any plausible reason > > to change that. But that may be worthwhile to check out. > > > Oh, and at your earliest convenience change the hosting company. If they > > cannot tell you how such a takeover happened then I wonder what they charge > > you money for. Anyone with a PC can do that type of hosting... > HA! My thoughts exactly. I was blown away when they suggested my > scripts without ever checking their log files... Unbelievable! I > thought it was a nobrainer to track such a blatant intrusion > especially when the time frame of when the breach occurred is known > almost to the second. > i have to also +1 the new host thing.. ASAP -- Dan Horning American Digital Services - Where you are only limited by imagination. direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133 dan.horning at planetnoc.com http://www.americandigitalservices.com From brianw1975 at gmail.com Sat Oct 11 10:03:37 2008 From: brianw1975 at gmail.com (Brian Williams) Date: Sat, 11 Oct 2008 10:03:37 -0400 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <79812751.20081011205137@qualityadvantages.com> References: <79812751.20081011205137@qualityadvantages.com> Message-ID: this totally sucks and i'm sorry to hear this happened. It sounds like you'll need a crash course in Apache configuration... My advice to you is to do a couple things: a) Most importantly, consider *finding a new host*, because 1) they should have records of all connectivity to that server 2) their system is obviously insecure and when it comes to server security i believe that hosts have a '1 strike and you are out' grace period 3) the hacker probably got in through ssh if he was able to set permissions to the point where you were not able to delete them (they were probably under ownership of the account he used to hack the system) b) assuming that the .htaccess is local to the /xml directory only 1) (if you haven't done so already) create a .htaccess file in the root directory and put 'Options -Indexes in that 2) IIRC this: "Deny from All" is useless because "Allow from 127.0.0.1 localhost" will override it WITH the following caveat: the *main* apache config has to have AllowOverride All specified The use of .htaccess files can be disabled completely by setting the > AllowOverridedirective to > none: > that means you could make changes to your .htaccess file all day long and nothing will change (which i think is the problem on both machines, but not exactly sure since I don't have specifics of file names, references to those file names, etc) 3) if your .htaccess file is working correctly i think you want something more along the lines of Order Deny,Allow Deny from All Allow from 127.0.0.1 localhost Just off the top of my head though Good luck. On Sat, Oct 11, 2008 at 8:51 AM, wrote: > Hello NYPHP, > > One of my sites went down yesterday with "Out of Bandwidth". When I > checked into it, a badguy had hijacked an application folder called > /xml that usually contains one php file that serves the application > menu system. I have no idea why the software developer chose this > method. The /xml folder is read only (and has always been read only) > Yesterday, in addition to the single php file, /xml contained a > subfolder called odg which contained a porn distribution application > with thousands of images that it was serving the planet though > mediacatch.com and myhostdyn.com among others. I have no idea how > the badguy got in and my ISP doesn't have a clue either. I got them > to delete the junk because the badguy used a Unix system account to > create the junk and I was unable to delete with the permissions I > have. > > Now with that gone, I decided to add a .htaccess file to further > restrict access to the /xml folder but when I did, the .htaccess > file does not respond at all. Here is what I put in there: > > Options -Indexes > > order deny,allow > > > Deny from All > > > > Allow from 127.0.0.1 localhost > > > I expected that if I tried to access that folder directly that I would > get a 403 but instead I got the application intro screen? > > I checked my test system also and when I do a directory the /xml > folder, it shows me the content of the folder which is yet another > outcome unexpected. > > The question I have is Does a folder named /xml have any special > status or significance on a linux box that would cause it to act > differently than say, an /includes folder that usually generates a > blank screen? > > Any clues would be greatly appreciated. Notice that I haven't gotten > into the hack at all, no idea how it happened and the ISP is really > vague about what might have happened but is pointing the finger to my > app and, of course, his server is completely secure, btw, its a shared > server. My guess if that the bad guy ripped off the system account and > ran amok on it but nobody is even hinting that this could be a > possibility, to the contrary. Getting back to the /xml, why would I be > getting the bizarre behavior from it? > > TIA > > -- > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikesz at qualityadvantages.com Sat Oct 11 11:58:39 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sat, 11 Oct 2008 23:58:39 +0800 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: References: <79812751.20081011205137@qualityadvantages.com> Message-ID: <176297490.20081011235839@qualityadvantages.com> An HTML attachment was scrubbed... URL: From michael.southwell at nyphp.com Sat Oct 11 14:53:54 2008 From: michael.southwell at nyphp.com (Michael Southwell) Date: Sat, 11 Oct 2008 14:53:54 -0400 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <176297490.20081011235839@qualityadvantages.com> References: <79812751.20081011205137@qualityadvantages.com> <176297490.20081011235839@qualityadvantages.com> Message-ID: <48F0F642.1040704@nyphp.com> mikesz at qualityadvantages.com wrote: > Hello Brian, > > > Saturday, October 11, 2008, 10:03:37 PM, you wrote: > > > > Thanks very much for the feedback. I have been thinking since I moved to > this server in May that something wasn't quite right. and just who is this host? -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From mikesz at qualityadvantages.com Sat Oct 11 22:43:14 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sun, 12 Oct 2008 10:43:14 +0800 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: References: <79812751.20081011205137@qualityadvantages.com> Message-ID: <468069076.20081012104314@qualityadvantages.com> An HTML attachment was scrubbed... URL: From dan.horning at planetnoc.com Sat Oct 11 23:03:13 2008 From: dan.horning at planetnoc.com (Dan Horning) Date: Sat, 11 Oct 2008 23:03:13 -0400 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <468069076.20081012104314@qualityadvantages.com> References: <79812751.20081011205137@qualityadvantages.com> <468069076.20081012104314@qualityadvantages.com> Message-ID: <1223780593.13621.1.camel@dan-linux-home.nycap.rr.com> Mike, Please let us know if we can help - we do host sites in a more secure fashion and monitor all the servers at a high level rates are on planetnoc.com (we are small but very high powered) -Dan Horning On Sun, 2008-10-12 at 10:43 +0800, mikesz at qualityadvantages.com wrote: > > Thanks again. > > > -- > > Best regards, > > mikesz -- Dan Horning American Digital Services - Where you are only limited by imagination. direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133 dan.horning at planetnoc.com http://www.americandigitalservices.com From brianw1975 at gmail.com Sat Oct 11 23:13:01 2008 From: brianw1975 at gmail.com (Brian Williams) Date: Sat, 11 Oct 2008 23:13:01 -0400 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <468069076.20081012104314@qualityadvantages.com> References: <79812751.20081011205137@qualityadvantages.com> <468069076.20081012104314@qualityadvantages.com> Message-ID: Mike, Yeah, I've ran into hosts like that before. As soon as they refuse to accept even the remote possibility that they are at fault it's time to move on, especially when it comes to a hack to that extent. Did they even offer any logs that you could review so you could "fix your software" (since they say that's at fault) ? If you are ok with being a sys admin and ~25$ a month isn't too much, I recommend getting a VPS through knownhost.com I've been dealing with them for about 2 years now and have never had a problem last longer than an hour, and that was only one time. You'll have dedicated IP addresses, dedicated mail server, dedicated DNS, and just about anything else you want to install. The biggest up side is no chance of getting labeled as spam, or being at the mercy of someone elses whims, you'll have complete control over php settings and apache configs, and you'll be able to host however many domains,subdomains, etc you want. No, I'm not affiliated with them, nor employed by them, I just a *very* satisfied customer. I originally started at the $20/month plan and have since then upgraded twice. Good luck On Sat, Oct 11, 2008 at 10:43 PM, wrote: > Hello Brian, > > > I checked all the points you made and thanks for taking the time. > > > "It sounds like you'll need a crash course in Apache configuration..." > > > That works for me here on my development system that is an XP pro Box > running WAMPSERVER but unfortunately my host has all the marbles and seems > now to be less than enthusiastic about learning Apache than I would expect. > When I got the equivalent of "we are bulletproof" and you are not, I pretty > much got the idea that they either don't know what they are doing or the > "status quo" is a bigger priority than doing it right. > > > I have seen this before, though not to this extent, where a tech will say > "but they are configured identically" and when you do a phpinfo.php on each > of them, its like they are on different planet and clearly configured by > different people with totally different compile instructions. > > > I think your first point, and the one made by a few other people who > replied to me is the most relevant now, need to go hunting for a host again > clearly. > > > Thanks again. > > > -- > > Best regards, > > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikesz at qualityadvantages.com Sun Oct 12 00:59:05 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sun, 12 Oct 2008 12:59:05 +0800 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: References: <79812751.20081011205137@qualityadvantages.com> <468069076.20081012104314@qualityadvantages.com> Message-ID: <629309183.20081012125905@qualityadvantages.com> An HTML attachment was scrubbed... URL: From ramons at gmx.net Sun Oct 12 08:13:41 2008 From: ramons at gmx.net (David Krings) Date: Sun, 12 Oct 2008 08:13:41 -0400 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <629309183.20081012125905@qualityadvantages.com> References: <79812751.20081011205137@qualityadvantages.com> <468069076.20081012104314@qualityadvantages.com> <629309183.20081012125905@qualityadvantages.com> Message-ID: <48F1E9F5.1060300@gmx.net> mikesz at qualityadvantages.com wrote: > That was the part that floored me. They threw it out there with NO other > justification or ANY evidence to support their assumption, nothing and > in a really, really nonchalant tone which bugged me even more. Actually, > they did refer to the folders in the product that require write access > to do things like realtime image conversions and uploads, but definitely > NO, "we found a hacker using such and such folder" nothing like that and > as I mentioned the exploited folder was and is read only so that was > another red herring they threw at me. Maybe it was not a hack, but the hoster who rededicated your server space to someone else to rake in some more dough (pure speculation). Can you let us know who that hosting company is? David From mikesz at qualityadvantages.com Sun Oct 12 09:47:52 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sun, 12 Oct 2008 21:47:52 +0800 Subject: [nycphp-talk] Need some understanding about a hacker attack... In-Reply-To: <48F1E9F5.1060300@gmx.net> References: <79812751.20081011205137@qualityadvantages.com> <468069076.20081012104314@qualityadvantages.com> <629309183.20081012125905@qualityadvantages.com> <48F1E9F5.1060300@gmx.net> Message-ID: <1428220372.20081012214752@qualityadvantages.com> Hello David, Sunday, October 12, 2008, 8:13:41 PM, you wrote: > mikesz at qualityadvantages.com wrote: >> That was the part that floored me. They threw it out there with NO other >> justification or ANY evidence to support their assumption, nothing and >> in a really, really nonchalant tone which bugged me even more. Actually, >> they did refer to the folders in the product that require write access >> to do things like realtime image conversions and uploads, but definitely >> NO, "we found a hacker using such and such folder" nothing like that and >> as I mentioned the exploited folder was and is read only so that was >> another red herring they threw at me. > Maybe it was not a hack, but the hoster who rededicated your server space to > someone else to rake in some more dough (pure speculation). Can you let us > know who that hosting company is? > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ Information from ESET Smart Security, version of virus > signature database 3515 (20081011) __________ > The message was checked by ESET Smart Security. > http://www.eset.com Infrenion. That would really, really suck and I can see the plausibility of it too. I thought that it was weird that ONLY that folder on my site was owned by the UNIX system. I did a search on the "path" that the bad guys are still using to pound my site and that folder that is gone now and get thousands of error, not to mention my error log filling up with 304s and 403s "Results 11 - 20 of about 27,600 for /xml/odg/." They are all referencing warning messages/conditions from trying to access the junk that was but no longer on my site. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From dorgan at donaldorgan.com Sun Oct 12 18:31:09 2008 From: dorgan at donaldorgan.com (Donald J. Organ IV) Date: Sun, 12 Oct 2008 18:31:09 -0400 (EDT) Subject: [nycphp-talk] Open Source Conferences Message-ID: <28398471.61223850669279.JavaMail.root@twoguyshosting.com.> Does anyone know of any opensource conferences in -------------- next part -------------- An HTML attachment was scrubbed... URL: From dorgan at donaldorgan.com Sun Oct 12 18:32:09 2008 From: dorgan at donaldorgan.com (Donald J. Organ IV) Date: Sun, 12 Oct 2008 18:32:09 -0400 (EDT) Subject: [nycphp-talk] Open Source Conferences Message-ID: <20752754.91223850729560.JavaMail.root@twoguyshosting.com.> Ok lets try this again. Does anyone know of any opensource conferences coming up that are located in the tri-state area?? -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Sun Oct 12 19:19:11 2008 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 12 Oct 2008 19:19:11 -0400 Subject: [nycphp-talk] Blog Posts with Embedded Content In-Reply-To: References: <00ed01c928c3$7715a210$6540e630$@com> <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com> Message-ID: <005501c92cc0$ef84f1a0$ce8ed4e0$@com> Gentlemen, > > The safest approach is probably to pass the html through tidy, and > > then into DOM, and traverse and count the length of text nodes, but > > that would be quite slow if you ran it on every request. > > Right, +1 for Tidy and DOM, it's the "real" way to do it. You won't > need to do it on every request -- you can either store the summary > itself as a separate text field, or store the length of the summary as > an integer. I tried this, working through using both DOM and Tidy, and combinations of each - no luck. The problem is getting the differential between the two versions of the text. > This is crying out for a web service: The Excerpter. POST markup, get > the first X display characters back as a response, with embedded HTML > intact. Yeah, I agree - this has turned into a royal problem, and one that seems as though it'd had to be solved already. At the end of the day, what would be a very handy library - an object/etc that would store the text, in various forms, include various manipulation methods on it, meta data, etc, etc. I had written something like this for MIME, but would not look forward to doing it for HTML/etc. H From jcampbell1 at gmail.com Mon Oct 13 09:47:32 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Mon, 13 Oct 2008 09:47:32 -0400 Subject: [nycphp-talk] Blog Posts with Embedded Content In-Reply-To: <005501c92cc0$ef84f1a0$ce8ed4e0$@com> References: <00ed01c928c3$7715a210$6540e630$@com> <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com> <005501c92cc0$ef84f1a0$ce8ed4e0$@com> Message-ID: <8f0676b40810130647r66d940f7p749a97df36e88227@mail.gmail.com> On Sun, Oct 12, 2008 at 7:19 PM, Hans Zaunere wrote: > Gentlemen, > >> > The safest approach is probably to pass the html through tidy, and >> > then into DOM, and traverse and count the length of text nodes, but >> > that would be quite slow if you ran it on every request. >> >> Right, +1 for Tidy and DOM, it's the "real" way to do it. You won't >> need to do it on every request -- you can either store the summary >> itself as a separate text field, or store the length of the summary as >> an integer. > > I tried this, working through using both DOM and Tidy, and combinations of each - no luck. The problem is getting the differential between the two versions of the text. > This is a solvable problem, but the problem needs to be really well defined. I assume you want to snip the html, to show a preview. If you leave things like youtube videos and images, then the post could be really long without much text. Why do you need the differential between the two versions? As soon as you pass something through tidy, getting the differential is impossible because it can change the html in unpredictable ways. Not cutting in the middle of a tag is pretty easy to solve, just iterate and keep track of the open tags on a stack. -John Campbell From zippy1981 at gmail.com Mon Oct 13 10:01:43 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Mon, 13 Oct 2008 10:01:43 -0400 Subject: [nycphp-talk] Open Source Conferences In-Reply-To: <20752754.91223850729560.JavaMail.root@twoguyshosting.com.> References: <20752754.91223850729560.JavaMail.root@twoguyshosting.com.> Message-ID: <5458db3c0810130701n629f477dw3a259f1a14be827e@mail.gmail.com> You missed NYCBSDCON, and a pitsburg perl conference. Debianconf 10 is supposed to be in NYC. However devbianconf8 was this year so I aasume that will occur in 2010. Nothing else I know of. On Sun, Oct 12, 2008 at 6:32 PM, Donald J. Organ IV wrote: > Ok lets try this again. > > Does anyone know of any opensource conferences coming up that are located in > the tri-state area?? > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jmcgraw1 at gmail.com Mon Oct 13 10:12:24 2008 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Mon, 13 Oct 2008 10:12:24 -0400 Subject: [nycphp-talk] Blog Posts with Embedded Content In-Reply-To: <005501c92cc0$ef84f1a0$ce8ed4e0$@com> References: <00ed01c928c3$7715a210$6540e630$@com> <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com> <005501c92cc0$ef84f1a0$ce8ed4e0$@com> Message-ID: Forget diffs and HTML text, this problem totally ate up all my time at a startup where a JavaScript WYSIWYG editor was the only choice for generating a marked-up document. May I suggest Markdown [1,2] + the Showdown preview panel [3]. Markdown is a very light syntax for generating HTML documents, Showdown gives you a preview of your document while you're editing the textarea. I have already converted one custom CMS to Markdown and I think it's been quite successful. [1] http://daringfireball.net/projects/markdown/ [2] http://michelf.com/projects/php-markdown/ [3] http://attacklab.net/showdown/ - jake On Sun, Oct 12, 2008 at 7:19 PM, Hans Zaunere wrote: > Gentlemen, > >> > The safest approach is probably to pass the html through tidy, and >> > then into DOM, and traverse and count the length of text nodes, but >> > that would be quite slow if you ran it on every request. >> >> Right, +1 for Tidy and DOM, it's the "real" way to do it. You won't >> need to do it on every request -- you can either store the summary >> itself as a separate text field, or store the length of the summary as >> an integer. > > I tried this, working through using both DOM and Tidy, and combinations of each - no luck. The problem is getting the differential between the two versions of the text. > >> This is crying out for a web service: The Excerpter. POST markup, get >> the first X display characters back as a response, with embedded HTML >> intact. > > Yeah, I agree - this has turned into a royal problem, and one that seems as though it'd had to be solved already. > > At the end of the day, what would be a very handy library - an object/etc that would store the text, in various forms, include various manipulation methods on it, meta data, etc, etc. I had written something like this for MIME, but would not look forward to doing it for HTML/etc. > > H > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From chsnyder at gmail.com Mon Oct 13 10:38:13 2008 From: chsnyder at gmail.com (csnyder) Date: Mon, 13 Oct 2008 10:38:13 -0400 Subject: [nycphp-talk] Singular value decomposition with PHP Message-ID: I'm interested in playing around with singular value decomposition of matrices, and wondering: Does anyone here use this on a regular basis, and for what? I'm pretty much vector/matrix illiterate, so feel free to mention the obvious. And can you point me to an existing library in PHP (or better yet, a PHP extension) that handles the math? Chris Snyder http://chxor.chxo.com/ From ajai at bitblit.net Mon Oct 13 12:01:43 2008 From: ajai at bitblit.net (Ajai Khattri) Date: Mon, 13 Oct 2008 12:01:43 -0400 (EDT) Subject: [nycphp-talk] Open Source Conferences In-Reply-To: <28398471.61223850669279.JavaMail.root@twoguyshosting.com.> Message-ID: On Sun, 12 Oct 2008, Donald J. Organ IV wrote: > Does anyone know of any opensource conferences in LinuxWorld used to be in NYC at the Javits Center then it moved to Boston for awhile. Now I think its only on the west coast. Yeah, its annoying... UPDATE: Did some checking and it looks like its been renamed opensourceworld, still on the west coast only. -- Aj. From edwardpotter at gmail.com Mon Oct 13 13:07:20 2008 From: edwardpotter at gmail.com (Edward Potter) Date: Mon, 13 Oct 2008 13:07:20 -0400 Subject: [nycphp-talk] Singular value decomposition with PHP In-Reply-To: References: Message-ID: Ummm, that's like what my last GF told me as she dropped me - "it's just that, well you know, you're just an example of a Singular Value Decomposition Matrix, and that's not the crowd I hang with." Now I know. :-) yipes! :-) ed On Mon, Oct 13, 2008 at 10:38 AM, csnyder wrote: > I'm interested in playing around with singular value decomposition of > matrices, and wondering: > > Does anyone here use this on a regular basis, and for what? I'm pretty > much vector/matrix illiterate, so feel free to mention the obvious. > > And can you point me to an existing library in PHP (or better yet, a > PHP extension) that handles the math? > > > Chris Snyder > http://chxor.chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- IM/iChat: ejpusa Links: http://del.icio.us/ejpusa Blog: http://www.preceptress.com/blog Follow me: http://www.twitter.com/ejpusa Karma: http://www.coderswithconscience.com Projects: http://flickr.com/photos/86842405 at N00/ Store: http://astore.amazon.com/httpwwwutopic-20 From chsnyder at gmail.com Mon Oct 13 13:11:55 2008 From: chsnyder at gmail.com (csnyder) Date: Mon, 13 Oct 2008 13:11:55 -0400 Subject: [nycphp-talk] Blog Posts with Embedded Content In-Reply-To: References: <00ed01c928c3$7715a210$6540e630$@com> <8f0676b40810071819x4ad9e1e8k618b02fa2af1351b@mail.gmail.com> <005501c92cc0$ef84f1a0$ce8ed4e0$@com> Message-ID: On Mon, Oct 13, 2008 at 10:12 AM, Jake McGraw wrote: > Forget diffs and HTML text, this problem totally ate up all my time at > a startup where a JavaScript WYSIWYG editor was the only choice for > generating a marked-up document. May I suggest Markdown [1,2] + the > Showdown preview panel [3]. Markdown is a very light syntax for > generating HTML documents, Showdown gives you a preview of your > document while you're editing the textarea. I have already converted > one custom CMS to Markdown and I think it's been quite successful. > > [1] http://daringfireball.net/projects/markdown/ > [2] http://michelf.com/projects/php-markdown/ > [3] http://attacklab.net/showdown/ > > - jake > The biggest problem I've seen, that isn't solved by a switch to markdown or any other meta-markup technique, is that CMS users increasingly just want to paste in HTML snippets that include embedded objects, and have them work. Think YouTube, Vimeo, Google spreadsheets, Wufoo forms, all that crap. Markdown is great -- GREAT -- if you have enlightened editors and copywriters who agree that it's easier to use a simple syntax in order to create consistent results. It can even be combined with a WYSIWYG rich-text editor to get the best of both worlds. But it falls down as soon as you ask non-technical people to use it in place of HTML, because they don't really understand what HTML or Markdown is and why they should care, they just want to embed their widgets and move on. What Hans is looking for is a way to reliably get just the first few "lines" of any HTML document, whether it is properly HTML-formatted or not, without truncating embedded elements. chris. From chsnyder at gmail.com Mon Oct 13 13:17:37 2008 From: chsnyder at gmail.com (csnyder) Date: Mon, 13 Oct 2008 13:17:37 -0400 Subject: [nycphp-talk] Singular value decomposition with PHP In-Reply-To: References: Message-ID: On Mon, Oct 13, 2008 at 1:07 PM, Edward Potter wrote: > Ummm, that's like what my last GF told me as she dropped me - "it's > just that, well you know, you're just an example of a Singular Value > Decomposition Matrix, and that's not the crowd I hang with." > > Now I know. :-) Oh yeah, I'm totally going to use this stuff at cocktail parties. "And what do you do?" "I'm investigating the use of singular value decomposition algorithms to correctly predict relationships between entities in a matrix. How about you?" That should go swimmingly. From joedevon at yahoo.com Mon Oct 13 13:10:36 2008 From: joedevon at yahoo.com (Joe) Date: Mon, 13 Oct 2008 10:10:36 -0700 (PDT) Subject: [nycphp-talk] nyphp-talk Open Source Conference Message-ID: <219660.90445.qm@web83602.mail.sp1.yahoo.com> How about http://opensqlcamp.org From corey at gelform.com Mon Oct 13 13:38:25 2008 From: corey at gelform.com (Corey H Maass - gelform.com) Date: Mon, 13 Oct 2008 13:38:25 -0400 Subject: [nycphp-talk] Newbie books Message-ID: <1223919505.13746.1279039113@webmail.messagingengine.com> Hey, all. I wanted to introduce myself. I'm an experienced programmer (remember ASP, before dont net?) with little formal training, so often referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS, JS - now tackling PHP and loving it. A couple coworkers recommended this list, so I'll be eavesdropping. I'm looking to go thru a book or two and need some help. I know all about loops, conditional statements, and the basics of programming. I understand the concepts behind OOP, but have limited experience with actually using it. I immediately grasped the basics of the PHP syntax but am starting to balk at the double colon meaning a static class and the single vs double arrow... So I guess I'm looking for something intermediate, and wondering if anyone can make a suggestions? Thanks, Corey // Corey H Maass Gelform Design Brooklyn, NY Print and web design for art and business em corey at gelform.com ww http://www.gelform.com ph 646/228.5048 fx 866/502.4861 IM gelform From zippy1981 at gmail.com Mon Oct 13 15:14:08 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Mon, 13 Oct 2008 15:14:08 -0400 Subject: [nycphp-talk] nyphp-talk Open Source Conference In-Reply-To: <219660.90445.qm@web83602.mail.sp1.yahoo.com> References: <219660.90445.qm@web83602.mail.sp1.yahoo.com> Message-ID: <5458db3c0810131214x4e87631bta0cafb27ba8bb54c@mail.gmail.com> What about it? Do you want to go to it? Are you suggesting nyphp gets a table at it? Your message lacks context. On Mon, Oct 13, 2008 at 1:10 PM, Joe wrote: > How about http://opensqlcamp.org > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From dorgan at donaldorgan.com Mon Oct 13 15:15:57 2008 From: dorgan at donaldorgan.com (Donald J. Organ IV) Date: Mon, 13 Oct 2008 15:15:57 -0400 (EDT) Subject: [nycphp-talk] nyphp-talk Open Source Conference In-Reply-To: <5458db3c0810131214x4e87631bta0cafb27ba8bb54c@mail.gmail.com> Message-ID: <4711296.291223925357684.JavaMail.root@twoguyshosting.com.> I think he's just responding to my origianl question if anyone knew of any in the area. ----- Original Message ----- From: "Justin Dearing" To: "NYPHP Talk" Sent: Monday, October 13, 2008 3:14:08 PM GMT -05:00 US/Canada Eastern Subject: Re: [nycphp-talk] nyphp-talk Open Source Conference What about it? Do you want to go to it? Are you suggesting nyphp gets a table at it? Your message lacks context. On Mon, Oct 13, 2008 at 1:10 PM, Joe wrote: > How about http://opensqlcamp.org > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From porciem at FARMINGDALE.EDU Mon Oct 13 15:16:41 2008 From: porciem at FARMINGDALE.EDU (porciem at FARMINGDALE.EDU) Date: Mon, 13 Oct 2008 15:16:41 -0400 Subject: [nycphp-talk] Newbie books In-Reply-To: <1223919505.13746.1279039113@webmail.messagingengine.com> References: <1223919505.13746.1279039113@webmail.messagingengine.com> Message-ID: <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> I would recommend an older book - the Deitel book - Perl How to Program. Amazon has it (http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr _pr_product_top), and there are reviews on their site that are very favorable. Margaret M. Porciello Professor - Computer Systems Department Farmingdale State College 2350 Broadhollow Road Farmingdale, NY 11735 -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Corey H Maass - gelform.com Sent: Monday, October 13, 2008 1:38 PM To: NYPHP Talk Subject: [nycphp-talk] Newbie books Hey, all. I wanted to introduce myself. I'm an experienced programmer (remember ASP, before dont net?) with little formal training, so often referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS, JS - now tackling PHP and loving it. A couple coworkers recommended this list, so I'll be eavesdropping. I'm looking to go thru a book or two and need some help. I know all about loops, conditional statements, and the basics of programming. I understand the concepts behind OOP, but have limited experience with actually using it. I immediately grasped the basics of the PHP syntax but am starting to balk at the double colon meaning a static class and the single vs double arrow... So I guess I'm looking for something intermediate, and wondering if anyone can make a suggestions? Thanks, Corey // Corey H Maass Gelform Design Brooklyn, NY Print and web design for art and business em corey at gelform.com ww http://www.gelform.com ph 646/228.5048 fx 866/502.4861 IM gelform _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From mmwaldman at optonline.net Mon Oct 13 15:21:33 2008 From: mmwaldman at optonline.net ((Margaret) Michele Waldman) Date: Mon, 13 Oct 2008 15:21:33 -0400 Subject: [nycphp-talk] nyphp-talk Open Source Conference In-Reply-To: <5458db3c0810131214x4e87631bta0cafb27ba8bb54c@mail.gmail.com> Message-ID: <0K8O00DQJZ3TBZ01@mta4.srv.hcvlny.cv.net> Made sense to me. But then again, I read the previous emails. Funny. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Justin Dearing Sent: Monday, October 13, 2008 3:14 PM To: NYPHP Talk Subject: Re: [nycphp-talk] nyphp-talk Open Source Conference What about it? Do you want to go to it? Are you suggesting nyphp gets a table at it? Your message lacks context. On Mon, Oct 13, 2008 at 1:10 PM, Joe wrote: > How about http://opensqlcamp.org > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From tmpvar at gmail.com Mon Oct 13 15:26:01 2008 From: tmpvar at gmail.com (Elijah Insua) Date: Mon, 13 Oct 2008 12:26:01 -0700 Subject: [nycphp-talk] Newbie books In-Reply-To: <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> References: <1223919505.13746.1279039113@webmail.messagingengine.com> <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> Message-ID: <2b4feca10810131226i5549fd08q1e0c7a19b456f25a@mail.gmail.com> The zend php5 certification book is great (especially if you already know how to code in some language) -- Elijah On Mon, Oct 13, 2008 at 12:16 PM, wrote: > I would recommend an older book - the Deitel book - Perl How to Program. > Amazon has it > ( > http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr > _pr_product_top), and there are reviews on their site that are very > favorable. > Margaret M. Porciello > Professor - Computer Systems Department > Farmingdale State College > 2350 Broadhollow Road > Farmingdale, NY 11735 > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On > Behalf Of Corey H Maass - gelform.com > Sent: Monday, October 13, 2008 1:38 PM > To: NYPHP Talk > Subject: [nycphp-talk] Newbie books > > Hey, all. I wanted to introduce myself. I'm an experienced programmer > (remember ASP, before dont net?) with little formal training, so often > referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS, > JS - now tackling PHP and loving it. A couple coworkers recommended this > list, so I'll be eavesdropping. > > I'm looking to go thru a book or two and need some help. I know all > about loops, conditional statements, and the basics of programming. I > understand the concepts behind OOP, but have limited experience with > actually using it. I immediately grasped the basics of the PHP syntax > but am starting to balk at the double colon meaning a static class and > the single vs double arrow... So I guess I'm looking for something > intermediate, and wondering if anyone can make a suggestions? > > Thanks, > > Corey > > // > Corey H Maass > Gelform Design > Brooklyn, NY > Print and web design for art and business > > em corey at gelform.com > ww http://www.gelform.com > ph 646/228.5048 > fx 866/502.4861 > IM gelform > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zippy1981 at gmail.com Mon Oct 13 15:43:42 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Mon, 13 Oct 2008 15:43:42 -0400 Subject: [nycphp-talk] Newbie books In-Reply-To: <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> References: <1223919505.13746.1279039113@webmail.messagingengine.com> <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> Message-ID: <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> Professor Porciello, I'm quite confused here. The book is called programming perl, and the cover indicated it also has a Python edition to it. Also your responding to an email on a php list about a person that wants to learn PHP better. So, does this book have a PHP section? Are you suggesting that this is the best book on OOP out there and the OP would be best served learning OOP theory from it? There is one negative review on Amazon saying that the authors seem to rewrite the same book over and over again in different languages, and that perl due to its weirdness is not well served by this book. IMHO That *MIGHT* would serve as a positive review in this case, because the problem with perl is you can write it in any paradim you want ,procedural, functional, OO, etc. If this book is designed around generic OOP principles that apply to other languages, instead of teaching you all the perlisms, both good and bad, then it might have merit to a PHP Programmer Corey, Just out of curosity, do you disagree with the syntax of static function, or just not understand their purpose? Can you suggest a syntax you would prefer? The syntax btw is taken from C++. It is obtuse on one hand, but on the other hand its immediatly clear your calling a static function for a class and not a member function of an object. Regards, Justin Dearing On Mon, Oct 13, 2008 at 3:16 PM, wrote: > I would recommend an older book - the Deitel book - Perl How to Program. > Amazon has it > (http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr > _pr_product_top), and there are reviews on their site that are very > favorable. > Margaret M. Porciello > Professor - Computer Systems Department > Farmingdale State College > 2350 Broadhollow Road > Farmingdale, NY 11735 > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Corey H Maass - gelform.com > Sent: Monday, October 13, 2008 1:38 PM > To: NYPHP Talk > Subject: [nycphp-talk] Newbie books > > Hey, all. I wanted to introduce myself. I'm an experienced programmer > (remember ASP, before dont net?) with little formal training, so often > referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS, > JS - now tackling PHP and loving it. A couple coworkers recommended this > list, so I'll be eavesdropping. > > I'm looking to go thru a book or two and need some help. I know all > about loops, conditional statements, and the basics of programming. I > understand the concepts behind OOP, but have limited experience with > actually using it. I immediately grasped the basics of the PHP syntax > but am starting to balk at the double colon meaning a static class and > the single vs double arrow... So I guess I'm looking for something > intermediate, and wondering if anyone can make a suggestions? > > Thanks, > > Corey > > // > Corey H Maass > Gelform Design > Brooklyn, NY > Print and web design for art and business > > em corey at gelform.com > ww http://www.gelform.com > ph 646/228.5048 > fx 866/502.4861 > IM gelform > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From zippy1981 at gmail.com Mon Oct 13 15:47:18 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Mon, 13 Oct 2008 15:47:18 -0400 Subject: [nycphp-talk] nyphp-talk Open Source Conference In-Reply-To: <0K8O00DQJZ3TBZ01@mta4.srv.hcvlny.cv.net> References: <5458db3c0810131214x4e87631bta0cafb27ba8bb54c@mail.gmail.com> <0K8O00DQJZ3TBZ01@mta4.srv.hcvlny.cv.net> Message-ID: <5458db3c0810131247x30e16301ked93d60ea8fdc970@mail.gmail.com> On Mon, Oct 13, 2008 at 3:21 PM, (Margaret) Michele Waldman wrote: > Made sense to me. But then again, I read the previous emails. Funny. Yeah gmail didn't thread it for me and I didn't put two and two together. I guess I got a case of the Monday's. Sorry From ben at projectskyline.com Mon Oct 13 15:58:38 2008 From: ben at projectskyline.com (Ben Sgro) Date: Mon, 13 Oct 2008 15:58:38 -0400 Subject: [nycphp-talk] Newbie books In-Reply-To: <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> References: <1223919505.13746.1279039113@webmail.messagingengine.com> <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> Message-ID: <48F3A86E.7040600@projectskyline.com> Hello Corey, 1) http://www.amazon.com/PHP-5-Objects-Patterns-Practice/dp/1590593804 2) http://www.amazon.com/Object-Oriented-Thought-Process-Developers-Library/dp/0672330164/ref=sr_1_1?ie=UTF8&s=books&qid=1223927768&sr=1-1 3) http://www.amazon.com/Object-Oriented-Design-Heuristics-Arthur-Riel/dp/020163385X/ref=sr_1_1?ie=UTF8&s=books&qid=1223927814&sr=1-1 Also, just good coding reads/reference: 1. http://www.amazon.com/UNIX-Programming-Addison-Wesley-Professional-Computing/dp/0131429019/ref=sr_1_1?ie=UTF8&s=books&qid=1223927837&sr=1-1 2. http://www.amazon.com/Programming-Environment-Addison-Wesley-Professional-Computing/dp/0201433079/ref=sr_1_3?ie=UTF8&s=books&qid=1223927864&sr=1-3 - Ben Justin Dearing wrote: > Professor Porciello, > > I'm quite confused here. The book is called programming perl, and the > cover indicated it also has a Python edition to it. Also your > responding to an email on a php list about a person that wants to > learn PHP better. > > So, does this book have a PHP section? Are you suggesting that this is > the best book on OOP out there and the OP would be best served > learning OOP theory from it? > > There is one negative review on Amazon saying that the authors seem to > rewrite the same book over and over again in different languages, and > that perl due to its weirdness is not well served by this book. IMHO > That *MIGHT* would serve as a positive review in this case, because > the problem with perl is you can write it in any paradim you want > ,procedural, functional, OO, etc. If this book is designed around > generic OOP principles that apply to other languages, instead of > teaching you all the perlisms, both good and bad, then it might have > merit to a PHP Programmer > > Corey, > > Just out of curosity, do you disagree with the syntax of static > function, or just not understand their purpose? Can you suggest a > syntax you would prefer? The syntax btw is taken from C++. It is > obtuse on one hand, but on the other hand its immediatly clear your > calling a static function for a class and not a member function of an > object. > > Regards, > > Justin Dearing > > > > On Mon, Oct 13, 2008 at 3:16 PM, wrote: > >> I would recommend an older book - the Deitel book - Perl How to Program. >> Amazon has it >> (http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr >> _pr_product_top), and there are reviews on their site that are very >> favorable. >> Margaret M. Porciello >> Professor - Computer Systems Department >> Farmingdale State College >> 2350 Broadhollow Road >> Farmingdale, NY 11735 >> >> >> >> -----Original Message----- >> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On >> Behalf Of Corey H Maass - gelform.com >> Sent: Monday, October 13, 2008 1:38 PM >> To: NYPHP Talk >> Subject: [nycphp-talk] Newbie books >> >> Hey, all. I wanted to introduce myself. I'm an experienced programmer >> (remember ASP, before dont net?) with little formal training, so often >> referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS, >> JS - now tackling PHP and loving it. A couple coworkers recommended this >> list, so I'll be eavesdropping. >> >> I'm looking to go thru a book or two and need some help. I know all >> about loops, conditional statements, and the basics of programming. I >> understand the concepts behind OOP, but have limited experience with >> actually using it. I immediately grasped the basics of the PHP syntax >> but am starting to balk at the double colon meaning a static class and >> the single vs double arrow... So I guess I'm looking for something >> intermediate, and wondering if anyone can make a suggestions? >> >> Thanks, >> >> Corey >> >> // >> Corey H Maass >> Gelform Design >> Brooklyn, NY >> Print and web design for art and business >> >> em corey at gelform.com >> ww http://www.gelform.com >> ph 646/228.5048 >> fx 866/502.4861 >> IM gelform >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > From corey at gelform.com Mon Oct 13 16:03:33 2008 From: corey at gelform.com (Corey H Maass - gelform.com) Date: Mon, 13 Oct 2008 16:03:33 -0400 Subject: [nycphp-talk] Newbie books In-Reply-To: <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> References: <1223919505.13746.1279039113@webmail.messagingengine.com> <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> Message-ID: <1223928213.10540.1279064503@webmail.messagingengine.com> > Just out of curosity, do you disagree with the syntax of static > function, or just not understand their purpose? Can you suggest a > syntax you would prefer? The syntax btw is taken from C++. It is > obtuse on one hand, but on the other hand its immediatly clear your > calling a static function for a class and not a member function of an > object. Oh, I don't disagree with the syntax, I was just saying I'd reached the end of what I could figure out myself, and needed some help. The problem I've run into is that my knowledge carries me to the last third of most PHP intro books I've looked at. Hardly seems worth the money. Corey // Corey H Maass Gelform Design Brooklyn, NY Print and web design for art and business em corey at gelform.com ww http://www.gelform.com ph 646/228.5048 fx 866/502.4861 IM gelform From ajai at bitblit.net Mon Oct 13 16:14:21 2008 From: ajai at bitblit.net (Ajai Khattri) Date: Mon, 13 Oct 2008 16:14:21 -0400 (EDT) Subject: [nycphp-talk] nyphp-talk Open Source Conference In-Reply-To: <4711296.291223925357684.JavaMail.root@twoguyshosting.com.> Message-ID: On Mon, 13 Oct 2008, Donald J. Organ IV wrote: > I think he's just responding to my origianl question if anyone knew of any in the area. This is what happens when you top-post... -- Aj. From chsnyder at gmail.com Mon Oct 13 16:53:43 2008 From: chsnyder at gmail.com (csnyder) Date: Mon, 13 Oct 2008 16:53:43 -0400 Subject: [nycphp-talk] Newbie books In-Reply-To: <1223928213.10540.1279064503@webmail.messagingengine.com> References: <1223919505.13746.1279039113@webmail.messagingengine.com> <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> <1223928213.10540.1279064503@webmail.messagingengine.com> Message-ID: On Mon, Oct 13, 2008 at 4:03 PM, Corey H Maass - gelform.com wrote: > The problem I've run into is that my knowledge carries me to the last third of most > PHP intro books I've looked at. Gotta check, did you read the online manual? Specifically http://www.php.net/manual/en/language.oop5.php, but the entire Language Reference section is a must-read if you are new to php and want to make sure you have a comprehensive grasp of the language. It seems like you already know a lot about programming, and just need to find the "php way" to do things. The manual has been answering those questions for over ten years. Chris Snyder http://chxor.chxo.com/ From corey at gelform.com Mon Oct 13 17:02:51 2008 From: corey at gelform.com (Corey H Maass - gelform.com) Date: Mon, 13 Oct 2008 17:02:51 -0400 Subject: [nycphp-talk] Newbie books In-Reply-To: References: <1223919505.13746.1279039113@webmail.messagingengine.com> <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> <1223928213.10540.1279064503@webmail.messagingengine.com> Message-ID: <1223931771.22619.1279074937@webmail.messagingengine.com> Great, thx. And thx, Ben. I'll have a look. Corey On Mon, 13 Oct 2008 16:53:43 -0400, "csnyder" said: > On Mon, Oct 13, 2008 at 4:03 PM, Corey H Maass - gelform.com > wrote: > > The problem I've run into is that my knowledge carries me to the last third of most > > PHP intro books I've looked at. > > Gotta check, did you read the online manual? > Specifically http://www.php.net/manual/en/language.oop5.php, but the > entire Language Reference section is a must-read if you are new to php > and want to make sure you have a comprehensive grasp of the language. > > It seems like you already know a lot about programming, and just need > to find the "php way" to do things. The manual has been answering > those questions for over ten years. > > Chris Snyder > http://chxor.chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php // Corey H Maass Gelform Design Brooklyn, NY Print and web design for art and business em corey at gelform.com ww http://www.gelform.com ph 646/228.5048 fx 866/502.4861 IM gelform From porciem at FARMINGDALE.EDU Mon Oct 13 17:03:08 2008 From: porciem at FARMINGDALE.EDU (porciem at FARMINGDALE.EDU) Date: Mon, 13 Oct 2008 17:03:08 -0400 Subject: [nycphp-talk] Newbie books In-Reply-To: <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> References: <1223919505.13746.1279039113@webmail.messagingengine.com> <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CA@mail1.it.farmingdale.edu> <5458db3c0810131243pb48b9a5j3def443123a580cb@mail.gmail.com> Message-ID: <747A6ED6CE9BEC45A38EA0A1C19D94AC046121CB@mail1.it.farmingdale.edu> Sorry..... I was "thinking" Perl while reading the PHP listserv. My apologies. Margaret M. Porciello Professor - Computer Systems Department Farmingdale State College 2350 Broadhollow Road Farmingdale, NY 11735 -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Justin Dearing Sent: Monday, October 13, 2008 3:44 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Newbie books Professor Porciello, I'm quite confused here. The book is called programming perl, and the cover indicated it also has a Python edition to it. Also your responding to an email on a php list about a person that wants to learn PHP better. So, does this book have a PHP section? Are you suggesting that this is the best book on OOP out there and the OP would be best served learning OOP theory from it? There is one negative review on Amazon saying that the authors seem to rewrite the same book over and over again in different languages, and that perl due to its weirdness is not well served by this book. IMHO That *MIGHT* would serve as a positive review in this case, because the problem with perl is you can write it in any paradim you want ,procedural, functional, OO, etc. If this book is designed around generic OOP principles that apply to other languages, instead of teaching you all the perlisms, both good and bad, then it might have merit to a PHP Programmer Corey, Just out of curosity, do you disagree with the syntax of static function, or just not understand their purpose? Can you suggest a syntax you would prefer? The syntax btw is taken from C++. It is obtuse on one hand, but on the other hand its immediatly clear your calling a static function for a class and not a member function of an object. Regards, Justin Dearing On Mon, Oct 13, 2008 at 3:16 PM, wrote: > I would recommend an older book - the Deitel book - Perl How to Program. > Amazon has it > (http://www.amazon.com/Perl-How-Program-Harvey-Deitel/dp/0130284181/ref=cm_cr > _pr_product_top), and there are reviews on their site that are very > favorable. > Margaret M. Porciello > Professor - Computer Systems Department > Farmingdale State College > 2350 Broadhollow Road > Farmingdale, NY 11735 > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Corey H Maass - gelform.com > Sent: Monday, October 13, 2008 1:38 PM > To: NYPHP Talk > Subject: [nycphp-talk] Newbie books > > Hey, all. I wanted to introduce myself. I'm an experienced programmer > (remember ASP, before dont net?) with little formal training, so often > referred to as a hacker. I'm a professional Front End Dev - XHTML, CSS, > JS - now tackling PHP and loving it. A couple coworkers recommended this > list, so I'll be eavesdropping. > > I'm looking to go thru a book or two and need some help. I know all > about loops, conditional statements, and the basics of programming. I > understand the concepts behind OOP, but have limited experience with > actually using it. I immediately grasped the basics of the PHP syntax > but am starting to balk at the double colon meaning a static class and > the single vs double arrow... So I guess I'm looking for something > intermediate, and wondering if anyone can make a suggestions? > > Thanks, > > Corey > > // > Corey H Maass > Gelform Design > Brooklyn, NY > Print and web design for art and business > > em corey at gelform.com > ww http://www.gelform.com > ph 646/228.5048 > fx 866/502.4861 > IM gelform > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From mikesz at qualityadvantages.com Tue Oct 14 01:57:26 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Tue, 14 Oct 2008 13:57:26 +0800 Subject: [nycphp-talk] Timeouts ... how to get around it? Message-ID: <91916458.20081014135726@qualityadvantages.com> Hello NYPHP, I have an array that has 13000 email addresses. For now, its in the script but will be in a database table eventually. It is a list of known bad guys. I have a database table with 9000 records and one of the fields is an email address. In PHP I am using a foreach to loop through the array and do a database lookup to try to find any matching emails. I am using this query inside the foreach loop: $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'"); $numRows = mysql_num_rows($res); if ( !empty($numRows )) It processes about 12000 addresses in the array and the script times out. Anyone have a better idea for doing this task? TIA for any help. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From mmwaldman at optonline.net Tue Oct 14 02:07:02 2008 From: mmwaldman at optonline.net ((Margaret) Michele Waldman) Date: Tue, 14 Oct 2008 02:07:02 -0400 Subject: [nycphp-talk] Timeouts ... how to get around it? In-Reply-To: <91916458.20081014135726@qualityadvantages.com> Message-ID: <0K8P006V4SZNWE70@mta5.srv.hcvlny.cv.net> I take it email is indexed? Michele -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of mikesz at qualityadvantages.com Sent: Tuesday, October 14, 2008 1:57 AM To: NYPHP Talk Subject: [nycphp-talk] Timeouts ... how to get around it? Hello NYPHP, I have an array that has 13000 email addresses. For now, its in the script but will be in a database table eventually. It is a list of known bad guys. I have a database table with 9000 records and one of the fields is an email address. In PHP I am using a foreach to loop through the array and do a database lookup to try to find any matching emails. I am using this query inside the foreach loop: $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'"); $numRows = mysql_num_rows($res); if ( !empty($numRows )) It processes about 12000 addresses in the array and the script times out. Anyone have a better idea for doing this task? TIA for any help. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From codebowl at gmail.com Tue Oct 14 02:07:01 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Tue, 14 Oct 2008 02:07:01 -0400 Subject: [nycphp-talk] Timeouts ... how to get around it? In-Reply-To: <91916458.20081014135726@qualityadvantages.com> References: <91916458.20081014135726@qualityadvantages.com> Message-ID: First of all you will want to index your database. I am guessing the query is taking forever due to it not having indexes. Also I would suggest that you do this $res = ("SELECT * FROM table WHERE email = ' ". email2chk." ' "; also I would make sure you have no duplicates in the database by setting a UNIQUE on the email column. Doing these things should speed up the site however note that if you check this on every page load it will be resource intensive. also what is $email2Chk is it a string or your array of emails? Thanks, Joseph Crawford On Oct 14, 2008, at 1:57 AM, mikesz at qualityadvantages.com wrote: > Hello NYPHP, > > I have an array that has 13000 email addresses. For now, its in the > script but will be in a database table eventually. It is a list of > known bad guys. > > I have a database table with 9000 records and one of the fields is > an email address. > > In PHP I am using a foreach to loop through the array and do a > database lookup to try to find any matching emails. > > I am using this query inside the foreach loop: > > $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'"); > $numRows = mysql_num_rows($res); > if ( !empty($numRows )) > > > It processes about 12000 addresses in the array and the script > times out. > > Anyone have a better idea for doing this task? > > TIA for any help. > > -- > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From mikesz at qualityadvantages.com Tue Oct 14 02:15:48 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Tue, 14 Oct 2008 14:15:48 +0800 Subject: [nycphp-talk] Timeouts ... how to get around it? In-Reply-To: References: <91916458.20081014135726@qualityadvantages.com> Message-ID: <1515155909.20081014141548@qualityadvantages.com> Hello Joseph, Tuesday, October 14, 2008, 2:07:01 PM, you wrote: > First of all you will want to index your database. I am guessing the > query is taking forever due to it not having indexes. > Also I would suggest that you do this > $res = ("SELECT * FROM table WHERE email = ' ". email2chk." ' "; > also I would make sure you have no duplicates in the database by > setting a UNIQUE on the email column. > Doing these things should speed up the site however note that if you > check this on every page load it will be resource intensive. > also what is $email2Chk is it a string or your array of emails? > Thanks, > Joseph Crawford > On Oct 14, 2008, at 1:57 AM, mikesz at qualityadvantages.com wrote: >> Hello NYPHP, >> >> I have an array that has 13000 email addresses. For now, its in the >> script but will be in a database table eventually. It is a list of >> known bad guys. >> >> I have a database table with 9000 records and one of the fields is >> an email address. >> >> In PHP I am using a foreach to loop through the array and do a >> database lookup to try to find any matching emails. >> >> I am using this query inside the foreach loop: >> >> $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'"); >> $numRows = mysql_num_rows($res); >> if ( !empty($numRows )) >> >> >> It processes about 12000 addresses in the array and the script >> times out. >> >> Anyone have a better idea for doing this task? >> >> TIA for any help. >> >> -- >> Best regards, >> mikesz mailto:mikesz at qualityadvantages.com >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ Information from ESET Smart Security, version of virus > signature database 3519 (20081013) __________ > The message was checked by ESET Smart Security. > http://www.eset.com $email2Chk is an array element. I thought it was but email is not indexed. Weird, they index a lot of stuff that doesn't matter but email is missing.... -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From tmpvar at gmail.com Tue Oct 14 02:47:14 2008 From: tmpvar at gmail.com (Elijah Insua) Date: Mon, 13 Oct 2008 23:47:14 -0700 Subject: [nycphp-talk] Timeouts ... how to get around it? In-Reply-To: <1515155909.20081014141548@qualityadvantages.com> References: <91916458.20081014135726@qualityadvantages.com> <1515155909.20081014141548@qualityadvantages.com> Message-ID: <2b4feca10810132347n7c9a124bpffed00b655a662f9@mail.gmail.com> mikez, I would suggest you break this down a bit, for instance instead of running 13000 sql queries, do a simple look up using IN. For example: 'SELECT * FROM table WHERE email IN ("' . implode('","',$emailsArray) . '")' Also, selecting columns by name gives a performance boost. (I'm also guessing that you are going to be performing an action on the email by its id) 'SELECT email_id FROM table WHERE email in ("' . implode('","',$emailsArray) . '")' If this query gets too large, you can always break the loop down into smaller increments so instead of processing all of the email addresses at once, you could break it into 1000 increments. These techniques combined with the indexing should speed things up for you. Oh and by the way, if this is running on every page load I would add some sort of caching routine so it only runs every 15 minutes or so. Hope it helps! -- Elijah Insua On Mon, Oct 13, 2008 at 11:15 PM, wrote: > Hello Joseph, > > Tuesday, October 14, 2008, 2:07:01 PM, you wrote: > > > First of all you will want to index your database. I am guessing the > > query is taking forever due to it not having indexes. > > > Also I would suggest that you do this > > > $res = ("SELECT * FROM table WHERE email = ' ". email2chk." ' "; > > > also I would make sure you have no duplicates in the database by > > setting a UNIQUE on the email column. > > > Doing these things should speed up the site however note that if you > > check this on every page load it will be resource intensive. > > > also what is $email2Chk is it a string or your array of emails? > > > Thanks, > > Joseph Crawford > > > On Oct 14, 2008, at 1:57 AM, mikesz at qualityadvantages.com wrote: > > >> Hello NYPHP, > >> > >> I have an array that has 13000 email addresses. For now, its in the > >> script but will be in a database table eventually. It is a list of > >> known bad guys. > >> > >> I have a database table with 9000 records and one of the fields is > >> an email address. > >> > >> In PHP I am using a foreach to loop through the array and do a > >> database lookup to try to find any matching emails. > >> > >> I am using this query inside the foreach loop: > >> > >> $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'"); > >> $numRows = mysql_num_rows($res); > >> if ( !empty($numRows )) > >> > >> > >> It processes about 12000 addresses in the array and the script > >> times out. > >> > >> Anyone have a better idea for doing this task? > >> > >> TIA for any help. > >> > >> -- > >> Best regards, > >> mikesz mailto:mikesz at qualityadvantages.com > >> > >> _______________________________________________ > >> New York PHP Community Talk Mailing List > >> http://lists.nyphp.org/mailman/listinfo/talk > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > > > _______________________________________________ > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > __________ Information from ESET Smart Security, version of virus > > signature database 3519 (20081013) __________ > > > The message was checked by ESET Smart Security. > > > http://www.eset.com > > > $email2Chk is an array element. I thought it was but email is not > indexed. Weird, they index a lot of stuff that doesn't matter but > email is missing.... > > -- > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikesz at qualityadvantages.com Tue Oct 14 03:29:39 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Tue, 14 Oct 2008 15:29:39 +0800 Subject: [nycphp-talk] Timeouts ... how to get around it? In-Reply-To: <2b4feca10810132347n7c9a124bpffed00b655a662f9@mail.gmail.com> References: <91916458.20081014135726@qualityadvantages.com> <1515155909.20081014141548@qualityadvantages.com> <2b4feca10810132347n7c9a124bpffed00b655a662f9@mail.gmail.com> Message-ID: <14909196.20081014152939@qualityadvantages.com> An HTML attachment was scrubbed... URL: From mikesz at qualityadvantages.com Tue Oct 14 03:41:22 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Tue, 14 Oct 2008 15:41:22 +0800 Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too? Message-ID: <441539530.20081014154122@qualityadvantages.com> Hello NYPHP, I am seeing that Registration forms are taking a huge beating from scammers and spammers today, especially forum sites. I spend most of my time lately collecting and filtering data to find the freaks before they find the membership. Use to be and "every now and again" but now its thousands per day and you can't tell now whether its a robot or cheap labor doing the form input. Aside from my own sites that are getting pounded daily I have several client site that average 500 badguy hits a day now and those are just the ones I have a "known badguy" status, they are hijacking and adding new addresses everyday, spammers mostly, all forum sites. Just unbelievable, and of course, mustn't forget my recent episode with the porno pirate hijacking my server is still giving me no joy either. Anybody else having these kinds of problems? I think someone suggested (here I think) that the scammer/spammers were using CURL to access the database directly, is that possible? If so how, and how can that be prevented. In the trap that I have set up, I log the contents of $_REQUEST but I don't see anything unusual about the submission and all of a sudden the bad guy ends up in the system as a "Registered" user bypassing all the captcha security and "moderation" step in the approval process, like they are accessing the database directly but I don't see any of this database being passed in $_REQUEST? Any ideas? Or where else I need to be looking to trap the data that is being passed? TIA for any pointers. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From glenn310b at mac.com Tue Oct 14 08:03:02 2008 From: glenn310b at mac.com (Glenn) Date: Tue, 14 Oct 2008 08:03:02 -0400 Subject: [nycphp-talk] Timeouts ... how to get around it? In-Reply-To: <91916458.20081014135726@qualityadvantages.com> References: <91916458.20081014135726@qualityadvantages.com> Message-ID: Hi, Getting those 13000 into the db would be a good thing. Then you could index the email cols in both tables, and just do a join on the tables. In the meantime, maybe try getting ALL of the email values from the db into an associative array, (email => 1) and looping over an "array_key_exists". When you find a key match, THEN look up the full record in the db. hth, Glenn On Oct 14, 2008, 1:57 AM, mikesz at qualityadvantages.com wrote: > Hello NYPHP, > > I have an array that has 13000 email addresses. For now, its in the > script but will be in a database table eventually. It is a list of > known bad guys. > > I have a database table with 9000 records and one of the fields is > an email address. > > In PHP I am using a foreach to loop through the array and do a > database lookup to try to find any matching emails. > > I am using this query inside the foreach loop: > > $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'"); > $numRows = mysql_num_rows($res); > if ( !empty($numRows )) > > > It processes about 12000 addresses in the array and the script > times out. > > Anyone have a better idea for doing this task? > > TIA for any help. > > -- > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From sjmci at optonline.net Tue Oct 14 08:03:02 2008 From: sjmci at optonline.net (Steve Solomon) Date: Tue, 14 Oct 2008 08:03:02 -0400 Subject: [nycphp-talk] Timeouts ... how to get around it? In-Reply-To: <91916458.20081014135726@qualityadvantages.com> Message-ID: <005d01c92df4$cf24dee0$0200a8c0@T1400> 2 more efficient ways: 1 - mysql solution - (You will have to look up the exact syntax) - select table1.email from table1 where table1.email in (select table2.email from table2) into table3. This will give you all the matches in table3. Table1 should both probably be indexed on email, but you can do some testing to see if that matters. 2 - 1950's solution - create 2 sorted text files containing the email addresses. Then march through both in PHP, looking for matches. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of mikesz at qualityadvantages.com Sent: Tuesday, October 14, 2008 1:57 AM To: NYPHP Talk Subject: [nycphp-talk] Timeouts ... how to get around it? Hello NYPHP, I have an array that has 13000 email addresses. For now, its in the script but will be in a database table eventually. It is a list of known bad guys. I have a database table with 9000 records and one of the fields is an email address. In PHP I am using a foreach to loop through the array and do a database lookup to try to find any matching emails. I am using this query inside the foreach loop: $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'"); $numRows = mysql_num_rows($res); if ( !empty($numRows )) It processes about 12000 addresses in the array and the script times out. Anyone have a better idea for doing this task? TIA for any help. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.169 / Virus Database: 270.8.0/1720 - Release Date: 10/11/2008 3:59 PM From rolan at omnistep.com Tue Oct 14 09:56:55 2008 From: rolan at omnistep.com (Rolan Yang) Date: Tue, 14 Oct 2008 09:56:55 -0400 Subject: [nycphp-talk] Timeouts ... how to get around it? In-Reply-To: <91916458.20081014135726@qualityadvantages.com> References: <91916458.20081014135726@qualityadvantages.com> Message-ID: <48F4A527.30109@omnistep.com> mikesz at qualityadvantages.com wrote: > Hello NYPHP, > > I have an array that has 13000 email addresses. For now, its in the > script but will be in a database table eventually. It is a list of > known bad guys. > > I have a database table with 9000 records and one of the fields is > ... > Anyone have a better idea for doing this task? > > TIA for any help. > > The previous replies are all good suggestions to help you logically solve the task. If you want to avoid the timeout, put a "set_time_limit (0);" at the top of the script. I try to run all these processing type scripts under the command line interface because some browsers, I believe, will timeout after a set period anyway. ~Rolan From brianw1975 at gmail.com Tue Oct 14 11:32:29 2008 From: brianw1975 at gmail.com (Brian Williams) Date: Tue, 14 Oct 2008 11:32:29 -0400 Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too? In-Reply-To: <441539530.20081014154122@qualityadvantages.com> References: <441539530.20081014154122@qualityadvantages.com> Message-ID: IMO registration forms should only use POST beacuse REQUEST is a conglomerate of POST, GET, etc and is affected by the php.ini with the variables_order and can be messed up and set insecurely by the host; having said that, i do believe that cURL can do a POST. so it's not a 100% solution to the problem. Having said all of that -- make sure all of your forum software is up to date with the latest patches, etc; they release those for a reason, and it's not because they are bored. Can you specify which forums you are having problems with? A name might help with other solutions and suggestions. On Tue, Oct 14, 2008 at 3:41 AM, wrote: > Hello NYPHP, > > I am seeing that Registration forms are taking a huge beating from > scammers and spammers today, especially forum sites. I spend most > of my time lately collecting and filtering data to find the freaks > before they find the membership. Use to be and "every now and again" > but now its thousands per day and you can't tell now whether its a > robot or cheap labor doing the form input. Aside from my own sites > that are getting pounded daily I have several client site that average > 500 badguy hits a day now and those are just the ones I have a > "known badguy" status, they are hijacking and adding new addresses > everyday, spammers mostly, all forum sites. Just unbelievable, and of > course, mustn't forget my recent episode with the porno pirate hijacking > my server is still giving me no joy either. > > Anybody else having these kinds of problems? > > I think someone suggested (here I think) that the scammer/spammers > were using CURL to access the database directly, is that possible? If > so how, and how can that be prevented. > > In the trap that I have set up, I log the contents of $_REQUEST but I > don't see anything unusual about the submission and all of a sudden > the bad guy ends up in the system as a "Registered" user bypassing all > the captcha security and "moderation" step in the approval process, > like they are accessing the database directly but I don't see any of > this database being passed in $_REQUEST? Any ideas? Or where else I > need to be looking to trap the data that is being passed? > > TIA for any pointers. > > > -- > Best regards, > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikesz at qualityadvantages.com Tue Oct 14 11:48:54 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Tue, 14 Oct 2008 23:48:54 +0800 Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too? In-Reply-To: References: <441539530.20081014154122@qualityadvantages.com> Message-ID: <778347011.20081014234854@qualityadvantages.com> An HTML attachment was scrubbed... URL: From brianw1975 at gmail.com Tue Oct 14 11:58:55 2008 From: brianw1975 at gmail.com (Brian Williams) Date: Tue, 14 Oct 2008 11:58:55 -0400 Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too? In-Reply-To: <778347011.20081014234854@qualityadvantages.com> References: <441539530.20081014154122@qualityadvantages.com> <778347011.20081014234854@qualityadvantages.com> Message-ID: if it has only started happening with the latest version i would check the vBulletin forums and see if there is a fix for the bug, or to even make sure they know about it. On Tue, Oct 14, 2008 at 11:48 AM, wrote: > Hello Brian, > > > Thanks for the reply... > > > I only work on vBulletin and I always make sure I have the latest stuff > installed. Earlier versions didn't have problem but since 3.7 seems like the > badguys have found a way to just bypass the whole registration process. Like > I said in the previous post with captcha and moderation turned on, they > still end up in the "registered" member queue. I have not a clue how they > got there. > > > I am trapping $_REQUEST to retrieve as much as I can from the form > submission to try to analyze what's going on, the software is indeed using > $_POST, sorry for the miscommunication. > > > -- > > Best regards, > > mikesz mailto:mikesz at qualityadvantages.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From joedevon at yahoo.com Tue Oct 14 11:44:11 2008 From: joedevon at yahoo.com (Joe) Date: Tue, 14 Oct 2008 08:44:11 -0700 (PDT) Subject: [nycphp-talk] Dealing with forum spammers Message-ID: <148217.98468.qm@web83601.mail.sp1.yahoo.com> In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it. Other ideas. Create a question where people have answer for example "5+2". Or forego that because it's a pain and simply add a form field that you use css to hide from humans and if that field gets filled out, then you know it's a bot and you don't let them in. Or alternatively, if they fail that test, you can pop up a captcha. You can also add some javascript which scrapers tend not to scrape, so if the javascript wasn't pulled with the page, you know it's likely a bot. Also add a referer requirement. Make sure the previous page to form submission came from one of your domains. If it didn't, it's likely a scammer. Hope this helps. From jcampbell1 at gmail.com Tue Oct 14 12:03:08 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 14 Oct 2008 12:03:08 -0400 Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too? In-Reply-To: <778347011.20081014234854@qualityadvantages.com> References: <441539530.20081014154122@qualityadvantages.com> <778347011.20081014234854@qualityadvantages.com> Message-ID: <8f0676b40810140903v4852e05fp7a436dc3ff578975@mail.gmail.com> On Tue, Oct 14, 2008 at 11:48 AM, wrote: > Hello Brian, > > Thanks for the reply... > > I only work on vBulletin and I always make sure I have the latest stuff > installed. Earlier versions didn't have problem but since 3.7 seems like the > badguys have found a way to just bypass the whole registration process. Like > I said in the previous post with captcha and moderation turned on, they > still end up in the "registered" member queue. I have not a clue how they > got there. The tools to defeat captchas are getting better and easier to use. What is the registration process? If it is passing a captcha and confirming an email address, then you may be getting brute forced. Are your forum links "no follow"? If not, you could try taking the incentive to spam away. -jc From jellicle at gmail.com Tue Oct 14 12:07:05 2008 From: jellicle at gmail.com (Michael Sims) Date: Tue, 14 Oct 2008 12:07:05 -0400 Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too? In-Reply-To: <778347011.20081014234854@qualityadvantages.com> References: <441539530.20081014154122@qualityadvantages.com> <778347011.20081014234854@qualityadvantages.com> Message-ID: <200810141207.05728.jellicle@gmail.com> On Tuesday 14 October 2008, mikesz at qualityadvantages.com wrote: > I only work on vBulletin and I always make sure I have the latest stuff > installed. Earlier versions didn't have problem but since 3.7 seems like > the badguys have found a way to just bypass the whole registration > process. Like I said in the previous post with captcha and moderation > turned on, they still end up in the "registered" member queue. I have not > a clue how they got there. > > I am trapping $_REQUEST to retrieve as much as I can from the form > submission to try to analyze what's going on, the software is indeed > using $_POST, sorry for the miscommunication. Through SQL injection, the bad guys need not approach through the front-door registration process. Perhaps some query on a random page somewhere is being hijacked: Get the stupid widget from the stupid table, and oh, by the way, insert this new user into the registered members table. I'm not familiar with vBulletin but if you can grep through ALL the queries being executed on your site, and search for the new badguy usernames that are being injected into your table, then you can find which query is being used to add them. It need not be anywhere on the registration page. Michael Sims From mikesz at qualityadvantages.com Tue Oct 14 12:25:01 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Wed, 15 Oct 2008 00:25:01 +0800 Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too? In-Reply-To: References: <441539530.20081014154122@qualityadvantages.com> <778347011.20081014234854@qualityadvantages.com> Message-ID: <76044218.20081015002501@qualityadvantages.com> An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Tue Oct 14 12:39:52 2008 From: chsnyder at gmail.com (csnyder) Date: Tue, 14 Oct 2008 12:39:52 -0400 Subject: [nycphp-talk] Dealing with forum spammers In-Reply-To: <148217.98468.qm@web83601.mail.sp1.yahoo.com> References: <148217.98468.qm@web83601.mail.sp1.yahoo.com> Message-ID: On Tue, Oct 14, 2008 at 11:44 AM, Joe wrote: > In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it. > > Other ideas. > > Create a question where people have answer for example "5+2". Or forego that because it's a pain and simply add a form field that you use css to hide from humans and if that field gets filled out, then you know it's a bot and you don't let them in. Or alternatively, if they fail that test, you can pop up a captcha. You can also add some javascript which scrapers tend not to scrape, so if the javascript wasn't pulled with the page, you know it's likely a bot. > > Also add a referer requirement. Make sure the previous page to form submission came from one of your domains. If it didn't, it's likely a scammer. > > Hope this helps. > Yeah, this is a "really hard" problem, on the order of stopping spam from coming into your inbox. For most sites, on most days, you can get by with a few of the hacks suggested above. Your goal is really to make your site just different enough that the spammers will have to rewrite their script in order to spam you. Most will simply move on rather than do that. But since we're developers here, we kind of need to think long-term about the problem. The more 5+2 solutions and tarpit hidden fields that spammers encounter over time, the smarter their scripts are going to get. It's a classic arms race. If I was going to write any sort of comments framework today (and that includes web forms, or anything else that solicits input from the anonymous web) I would design it so that everything went through a spam filter first, and the bigger the better. Like GMail if you can accept that from a privacy point of view, or your organization's internal spam filter. Then, and only then, would I allow the filtered comments/responses back into the web system. The downside is a huge increase in complexity, and a potential lack of transparency (false positives are a problem, and how do you train the system?). But comment spam IS spam, they are the same problem. Actually a little worse, because it's much easier to find comments forms on the web than it is to find working email addresses. Chris Snyder http://chxor.chxo.com/ From chsnyder at gmail.com Tue Oct 14 13:11:39 2008 From: chsnyder at gmail.com (csnyder) Date: Tue, 14 Oct 2008 13:11:39 -0400 Subject: [nycphp-talk] Dealing with forum spammers In-Reply-To: References: <148217.98468.qm@web83601.mail.sp1.yahoo.com> Message-ID: On Tue, Oct 14, 2008 at 12:39 PM, csnyder wrote: > On Tue, Oct 14, 2008 at 11:44 AM, Joe wrote: >> In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it. Just looked at Bad Behavior, and it looks like an excellent tool to add to the kit. But really, how primitive are your spamming bots if they can't deliver a plausible set of HTTP headers? From sbeam at onsetcorps.net Tue Oct 14 13:31:20 2008 From: sbeam at onsetcorps.net (sbeam) Date: Tue, 14 Oct 2008 13:31:20 -0400 Subject: [nycphp-talk] Dealing with forum spammers In-Reply-To: References: <148217.98468.qm@web83601.mail.sp1.yahoo.com> Message-ID: <200810141331.20385.sbeam@onsetcorps.net> On Tuesday 14 October 2008 12:39, csnyder wrote: > I would design it so that everything went through a > spam filter first, and the bigger the better. Like GMail if you can > accept that from a privacy point of view, or your organization's > internal spam filter. Then, and only then, would I allow the filtered > comments/responses back into the web system. > > The downside is a huge increase in complexity, and a potential lack of > transparency (false positives are a problem, and how do you train the > system?). But comment spam IS spam, they are the same problem. > Actually a little worse, because it's much easier to find comments > forms on the web than it is to find working email addresses. Akismet should be mentioned here, a popular spam detection ASP, free for non-commercial use http://akismet.com/ Have used it in a couple sites, easy to use API and it has a really good effect. False positives about 2% of the time - but you can usually see why it "thought" they were spam.... The admin backend has a comment log where moderator can manually approve where needed, similar to wordpress. enjoy, Sam From sbeam at onsetcorps.net Tue Oct 14 13:53:25 2008 From: sbeam at onsetcorps.net (sbeam) Date: Tue, 14 Oct 2008 13:53:25 -0400 Subject: [nycphp-talk] Dealing with forum spammers In-Reply-To: References: <148217.98468.qm@web83601.mail.sp1.yahoo.com> Message-ID: <200810141353.25149.sbeam@onsetcorps.net> On Tuesday 14 October 2008 13:11, csnyder wrote: > Just looked at Bad Behavior, and it looks like an excellent tool to > add to the kit. > hey. that looks interesting too. But it sounds http://www.bad-behavior.ioerror.us/documentation/how-it-works/ like it is just looking at HTTP headers? if you are running Apache is maybe better handled by mod_security http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html which does that and a whole lot more, with less overhead because it never gets to the request processing phase. If you are a hosting provider and have untrusted web apps running on it, it has to be recommended. It will deny not only spam bots but most w0rms and brute force attacks (false positives being a problem here as well though) OTOH if you don't have root, then BB would be a good line of defense. > But really, how primitive are your spamming bots if they can't deliver > a plausible set of HTTP headers? most of them are very stupid and have "Perl/LWP" in the User-Agent header for instance. They are no more advanced than they have to be. Sam From smanes at magpie.com Tue Oct 14 15:25:53 2008 From: smanes at magpie.com (Steve Manes) Date: Tue, 14 Oct 2008 15:25:53 -0400 Subject: [nycphp-talk] Dealing with forum spammers In-Reply-To: <200810141331.20385.sbeam@onsetcorps.net> References: <148217.98468.qm@web83601.mail.sp1.yahoo.com> <200810141331.20385.sbeam@onsetcorps.net> Message-ID: <48F4F241.2050602@magpie.com> sbeam wrote: > Akismet should be mentioned here, a popular spam detection ASP, free for > non-commercial use > http://akismet.com/ Another new entry is Mollum (www.mollum.com). It was created by the lead developer of Drupal, Dries Buytaert. It bundles up concepts from Akismet, Captcha, Razor and SpamAssassin (Baysian filtering) into a pretty effective anti-spam package. I use it on BrooklynRowHouse.com. It only generates a Captcha (visual and aural) when it's unsure. From compustretch at gmail.com Tue Oct 14 16:08:58 2008 From: compustretch at gmail.com (forest mars) Date: Tue, 14 Oct 2008 16:08:58 -0400 Subject: [nycphp-talk] UNIGROUP Meeting 16-OCT-2008 (Thu): Asterisk Open Source PBX/Telephony System In-Reply-To: <200810111102.m9BB24oJ001255@progplus.com> References: <200810111102.m9BB24oJ001255@progplus.com> Message-ID: This promises to be very cool. A talk followed by a hands on lab. And a virtual haunted house in Asterisk. This Thursday! ==================================================================== UNIGROUP OF NEW YORK - UNIX USERS GROUP - OCTOBER 2008 ANNOUNCEMENTS ==================================================================== -------------------------------------- 1. UNIGROUP'S OCTOBER 2008 MEETING NOTICE -------------------------------------- When: THURSDAY, October 16th, 2008 (** 3rd Thursday **) Where: ** New Location ** The Cooper Union School of Engineering 51 Astor Place (8th Street, between 3rd and 4th Ave) East Village, Manhattan New York City Meeting Room: The Driscoll Room: 136E (1st Floor) ** Please RSVP ** Time: 6:15 PM - 6:25 PM Registration 6:25 PM - 6:45 PM Ask the Wizard, Questions, Answers and Current Events 6:45 PM - 7:00 PM Unigroup Business and Announcements 7:00 PM - 9:30 PM Main Presentation -------------------------------------- Topic: The Asterisk Open Source PBX/Telephony System: From The Ground Up! -------------------------------------- Speaker: Paul Charles Leddy ------------------------------------------------------------------- INTRODUCTION: ------------- The Asterisk web site says: Asterisk is the world's leading open source telephony engine and tool kit. This month, our speaker will give us a hands-on demonstration of setting up a free PBX (Phone System) and IVR (Interactive Voice Response) system, using VoIP (Voice over IP) phones and a VoIP provider (Internet Phone Service). Previously (back in the year 2000), Unigroup had presented the "Bayonne" Open Source Telephony Project. ------------------------------------------------------------------- SPECIAL INSTRUCTIONS: --------------------- To REGISTER for this event, please RSVP by using the Unigroup Registration Page: http://www.unigroup.org/unigroup-rsvp.html This will allow us to automate the registration process. (Registration will also add you to our mailing list.) Please avoid emailed RSVPs. Please continue to check the Unigroup web site and meeting page, for any last minute updates concerning this meeting. If you registered for this meeting, please check your email for any last minute announcements as the meeting approaches. Also make sure any anti-spam white-lists are updated to _ALLOW_ Unigroup traffic! If you block Unigroup Emails, your address will be dropped from our mailing list. Please RSVP as soon as possible, preferably at least 2-3 days prior to the meeting date, so we can plan the food order. RSVP deadline is usually the night before the meeting day. Note: RSVP is requested for this location to make sure the guard will let you into the building. RSVP also helps us to properly plan the meeting (food, drinks, handouts, seating, etc.) and speed up your sign-in at the meeting. If you forget to RSVP prior to the meeting day, you may still be able to show up and attend our meeting, however, we cannot guarantee what building security will do if you are "not on the list". ------------------------------------------------------------------- MAIN PRESENTATION ----------------- Topic: The Asterisk Open Source PBX/Telephony System: From The Ground Up! We'll compile the code and start up the asterisk server. Then hook up a couple of phones so we can make an internal PBX call. From there, we'll register with a VoIP provider and make a real call to someone in the audience. Last, we can also build a basic voice response system to make a virtual "haunted house" for this coming October 31st. Outline for the Talk: - About The Asterisk Project - Getting the code and compiling it - Basic configuration - Setting up phone extensions - Registering a SIP phone - Making an internal call - Registering with a VoIP service - Calling an outside line, receiving a call from an outside line - Basic call routing and IVR (Interactive Voice Response) - (Helping people get a system up and running on their laptops) Web Resources: -------------- Asterisk http://www.asterisk.org/ ------------------------------------------------------------------- Speaker Biography: ------------------ Paul Charles Leddy has been a Linux Systems Administrator for about 10 years. The story of how he got involved with computer telephony is: "Dreaming of voice over the Internet since circa '96, when Paul heard about Mark Spencer's Asterisk, he just had to get it up and running. He downloaded the code onto his Mac laptop and had a dial tone within minutes: Wow! Since then, he has gone on to implement a few phone extensions, Interactive Voice Response playhouses, hooked up to a real live VoIP service or two, like Junction Networks and VoipJet, and helped friends and family discover the wonderful world of cheap talk, walking the walk." ------------------------------------------------------------------- Company Biography: ------------------ Paul Charles Leddy is available for help and consultations. ------------------------------------------------------------------- Giveaways: ---------- Addison-Wesley Professional/Prentice Hall PTR has been kind enough to provide us with some of their books, which we will continue to raffle off as giveaways at our meetings. O'Reilly has been kind enough to provide us with some of their books, which we will continue to raffle off as giveaways at our meetings. Unigroup would like to thank both companies for the support provided by their User Group programs. Note: The chances tend to be about 1 in 5, that any attendee of our meeting will walk away with a fairly valuable giveaway (ie. most books are valued between $30 and $60)! As always, all of the books will be available for review at the start of the meeting. ------------------------------------------------------------------- Fee Schedule: ------------- Unigroup is a Professional Technical Organization and User Group, and its members pay a yearly membership fee. For Unigroup members, there is usually no additional charges (ie. no meeting fees) during their membership year. Non-members who wish to attend Unigroup meetings are usually required to pay a "Single Meeting Fee". Yearly Membership (includes all meetings): $ 50.00 Student Yearly Membership (with current ID): $ 25.00 Non-Member Single Meeting: $ 20.00 Non-Member Student Single Meeting (with ID): $ 5.00 * Payment Methods: Cash, Check, American Express. NOTE: Simply receiving Unigroup Email Announcements does NOT indicate membership in Unigroup. ------------------------------------------------------------------- Food: ----- Complimentary Food and Refreshments will be served. This includes "wraps" such as turkey, roast beef, chicken, tuna and grilled vegetables as well as assorted salads (potato, tossed, pasta, etc), cookies, brownies, bottled water and assorted SOFT beverages. ** Note: We will be using our normal caterer for this meeting. ------------------------------------------------------------------- Directions: ----------- The Cooper Union School of Engineering 51 Astor Place (8th Street, between 3rd and 4th Ave) East Village, Manhattan New York City Room: The Driscoll Room: 136E (1st Floor) Located on the North side of Astor Place (8th Street), between 3rd & 4th Avenues. Building lobby sign-in is required at the guard's desk. Enter the building, check in with the guard at the lobby for directions to The Driscoll Room (1st Floor)... From the main entrance, keep going straight beyond the guard till the end of the hall, make a left, pass the elevators (on your left), keep going, and Room 136E will be on your right. Nearest mass transit stations are: '6' to Astor Place (stops right at The Cooper Union). 'R' to 8th Street, then walk about 2 blocks East. '4/5/6/R/N/Q' to Union Square, then walk South and East. 'B/D/F/V' to Broadway-Lafayette, then walk North and East. We believe free street parking becomes available at 6pm. ----- Please mark this meeting on your calendar and join us! Please tell your friends about Unigroup! ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- -------------- 2. PRIOR MEETINGS -------------- ** Formal Thank You's to our previous speakers will appear in an upcoming announcement. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------- 3. UPCOMING MEETINGS ----------------- We have a series of meetings in the works: - 16-OCT-2008: The Asterisk Open Source PBX/Telephony System - 20-NOV-2008: Solaris (with OpenSolaris) Launch Meeting (Field Trip: Sun) - 15-JAN-2009: Linux Real-Time Messaging (Tervela) - 2009: The FreeBSD Networking Stack (George Neville-Neil) - MAR-2009: SuSE Linux Real-Time Kernel (Field Trip: Novell/SuSE) - Planning: IPsec and IPv6 and VPNs (possibly 3 meetings) - Planning: NO SPAM! - Planning: Embedded Linux Development - Planning: Unix/Linux/BSD Distribution Round Table Discussions - Unix/Linux/BSD Clusters and Clustered Databases - The latest on *BSD (NetBSD/OpenBSD) - Crypto / PKI / GPG-PGP - Patching and Updating Unix/Linux/BSD (rpm. yum, yast, etc.) - Building Custom Kernels Unix/Linux/BSD - Are there too many Linux Distributions? - Linux Clustering Part 3: Beowulf - Building a Firewall using FreeBSD and Linux - LAMP Part 2 - PHP - Field Trip to HP - Unix 35th Birthday Celebration (Sun has offered to host this!) - Samba - DNS - High Performance Internet Servers / Web Acceleration - Unix Office Tools: Word Processors, Spreadsheets, Accounting Packages. - GNU Development Environments - iSCSI, Serial ATA, and other new peripheral technologies - Java and/or JavaScript Programming ** Unigroup Needs Speakers!! Please let us know about any other meeting topics that you may be interested in. Potential speakers on Unix/Linux/BSD related technology topics should please contact the Unigroup Board. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- -------------------- 4. UNIGROUP INFORMATION -------------------- Unigroup is one of the oldest and largest Unix User's Groups serving the Greater New York City Regional Area since the early 1980s. Unigroup is a not-for-profit, vendor-neutral and member funded volunteer organization. Unigroup holds regular and special event meetings throughout the year on technical topics relating to Unix and the Unix/Linux/BSD User Community. Unigroup holds regular meetings planned for (at a minimum) the Third THURSDAY of Odd Months. We generally try to hold Field Trip or Vendor Specific Meetings on the Even Months, although we do have the ability to hold monthly meetings at our new downtown meeting location. Planned regular meeting dates are (usually 3rd Thursdays): 10/16/2008, 11/20/2008 (Field Trip), 1/15/2009, 3/19/2009 (Field Trip)... Watch for our Special Event meetings at the various trade shows in NYC as well as "Field Trips" to the facilities of local hardware and software vendors. ========================================================================= = For Unigroup Information, Events and Meeting Announcements be sure to = = visit our World Wide Web Home Page: = = http://www.unigroup.org = ========================================================================= For further information or to get on the Unigroup Electronic Mail Mailing List send an EMail message to: unilist (-a_t-) unigroup.org To contact the Board of Directors of Unigroup, send an EMail message to: uniboard (-a_t-) unigroup.org If you have recently attended a meeting and you are not receiving Email announcements, please send us an Email and we will make corrections to our lists. Please Email the Board with any suggestions, especially potential meeting topics and speakers. Unigroup welcomes contributions and content suggestions for our newsletter. Unigroup is a volunteer organization and we need your assistance! Please let us know if you can help! ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- -Rob Weiner Unigroup Executive Director unilist (-a_t-) unigroup.org http://www.unigroup.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From joedevon at yahoo.com Tue Oct 14 15:45:16 2008 From: joedevon at yahoo.com (Joe) Date: Tue, 14 Oct 2008 12:45:16 -0700 (PDT) Subject: [nycphp-talk] Re: talk Digest, Vol 24, Issue 15 Message-ID: <381630.50590.qm@web83604.mail.sp1.yahoo.com> I'm not used to working through lists. Just started. The other one I use they have a reply-to on the individual message so the subject get's appended. How do you guys get the "re" in the subject line? Anyway, I'm responding to the forum spammer thread. These days, if you put some energy into it, you can reduce spam to just a few a day or less. And using these methods will likely improve your ranking on google and reduce your bandwidth bill, but indeed it's an arms race. Also, I agree Akismet is great btw... From brianw1975 at gmail.com Tue Oct 14 19:14:07 2008 From: brianw1975 at gmail.com (Brian Williams) Date: Tue, 14 Oct 2008 19:14:07 -0400 Subject: [nycphp-talk] Re: talk Digest, Vol 24, Issue 15 In-Reply-To: <381630.50590.qm@web83604.mail.sp1.yahoo.com> References: <381630.50590.qm@web83604.mail.sp1.yahoo.com> Message-ID: it would appear that your "problems" are arrising from the use of the Digest volume. I've been on many a list in my day and the Digest version always breaks a message thread. If you continue to use the digest, you would probably be best off to copy the message that you are replying to into your email *above* your response. On Tue, Oct 14, 2008 at 3:45 PM, Joe wrote: > I'm not used to working through lists. Just started. The other one I use > they have a reply-to on the individual message so the subject get's > appended. How do you guys get the "re" in the subject line? > > Anyway, I'm responding to the forum spammer thread. These days, if you put > some energy into it, you can reduce spam to just a few a day or less. And > using these methods will likely improve your ranking on google and reduce > your bandwidth bill, but indeed it's an arms race. Also, I agree Akismet is > great btw... > > > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zippy1981 at gmail.com Tue Oct 14 19:23:45 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Tue, 14 Oct 2008 19:23:45 -0400 Subject: [nycphp-talk] Re: talk Digest, Vol 24, Issue 15 In-Reply-To: References: <381630.50590.qm@web83604.mail.sp1.yahoo.com> Message-ID: <5458db3c0810141623o719b9fe9ud434d858ee360077@mail.gmail.com> On Tue, Oct 14, 2008 at 7:14 PM, Brian Williams wrote: > I've been on many a list in my day and the Digest version always breaks a > message thread. Yeah, digests are bad, unless you are sure you will always be read only. I wonder if some of the list indexing services like nabble allow you to write a message to the list. From tgales at tgaconnect.com Thu Oct 16 16:28:27 2008 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 16 Oct 2008 16:28:27 -0400 Subject: [nycphp-talk] prospectus or offering Message-ID: <48F7A3EB.2080900@tgaconnect.com> Raf, On the phone we talked and I said it would be be helpful to get the prospectus which Knollwood offers to their clients. In other words, what they offered the clients. You said did I mean the something something memorandum (I think you said the Private Placement Memorandum) Now if we can get the binding agreement that would be even better. But what I thought we would go over at the meeting with Dave (the one that Pete couldn't get to) was what Knollwood has already promised to the end clients in general terms. -- Tim G. From level3 at nyc.rr.com Thu Oct 16 16:39:18 2008 From: level3 at nyc.rr.com (Gene Costanza) Date: Thu, 16 Oct 2008 16:39:18 -0400 Subject: [nycphp-talk] prospectus or offering In-Reply-To: <48F7A3EB.2080900@tgaconnect.com> Message-ID: <2E163106E7AB4A22A3FCB8DD66C6F37E@NATASHA> Is this for public knowledge? -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Tim Gales Sent: Thursday, October 16, 2008 16:28 To: NYPHP Talk Subject: [nycphp-talk] prospectus or offering Raf, On the phone we talked and I said it would be be helpful to get the prospectus which Knollwood offers to their clients. In other words, what they offered the clients. You said did I mean the something something memorandum (I think you said the Private Placement Memorandum) Now if we can get the binding agreement that would be even better. But what I thought we would go over at the meeting with Dave (the one that Pete couldn't get to) was what Knollwood has already promised to the end clients in general terms. -- Tim G. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ashaw at polymerdb.org Thu Oct 16 16:49:10 2008 From: ashaw at polymerdb.org (Allen Shaw) Date: Thu, 16 Oct 2008 15:49:10 -0500 Subject: [nycphp-talk] prospectus or offering In-Reply-To: <2E163106E7AB4A22A3FCB8DD66C6F37E@NATASHA> References: <2E163106E7AB4A22A3FCB8DD66C6F37E@NATASHA> Message-ID: <48F7A8C6.9050807@polymerdb.org> Gene Costanza wrote: > Is this for public knowledge? > It is now. -- Allen Shaw slidePresenter (http://slides.sourceforge.net) From chsnyder at gmail.com Thu Oct 16 22:05:55 2008 From: chsnyder at gmail.com (csnyder) Date: Thu, 16 Oct 2008 22:05:55 -0400 Subject: [nycphp-talk] prospectus or offering In-Reply-To: <48F7A8C6.9050807@polymerdb.org> References: <2E163106E7AB4A22A3FCB8DD66C6F37E@NATASHA> <48F7A8C6.9050807@polymerdb.org> Message-ID: On Thu, Oct 16, 2008 at 4:49 PM, Allen Shaw wrote: > Gene Costanza wrote: >> >> Is this for public knowledge? >> > > It is now. > Open source, baby. From ps at sun-code.com Fri Oct 17 06:03:00 2008 From: ps at sun-code.com (Peter Sawczynec) Date: Fri, 17 Oct 2008 06:03:00 -0400 Subject: [nycphp-talk] Thumb Drive Runs Linux OS or Firefox or Open Office Message-ID: <000501c9303f$8a615fc0$9f241f40$@com> http://www.informationweek.com/news/storage/reviews/showArticle.jhtml?ar ticleID=210602269 This article "12 Tricks to Teach Your Thumb Drive" includes info on how to run apps or an extra OS off a thumb drive. Then use the thumb to carry a work environment to remote locations. Also, explains a method to bring a browser with you so you can surf privately and plausibly leave no tracks at all. Very occasionally I post a tech article to this list that I believe could be generally valuable to a PHP programmer. All very interesting. Warmest regards, Peter Sawczynec Technology Dir. Sun-code Interactive Sun-code.com 941.893.0396 ps at sun-code.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikesz at qualityadvantages.com Fri Oct 17 07:14:00 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Fri, 17 Oct 2008 19:14:00 +0800 Subject: [nycphp-talk] accessibility issue, how to solve? Message-ID: <427215754.20081017191400@qualityadvantages.com> Hello NYPHP, I know I am going to get some heat for this one but here goes... Let me preface this by definitively stating that I am categorically NOT making a request for information on how to hack into a system. This is a legitimate programming problem that I am trying to solve. I have a situation where a visually impaired user needs to pass his username and password to a forum via a php script (preferably) for obvious reasons he can not physically pass the info himself. He is using a text reader software so once he is logged in to the forum at least he is able to participate or a least read the contents of the threads. The Forum Software provider has been pretty proactive in coding "injection prevention" methods so passing the username and password via a script may not be possible. Any accessibility experts got any suggestions on how to solve this problem. TIA for any help. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From rolan at omnistep.com Fri Oct 17 08:20:37 2008 From: rolan at omnistep.com (Rolan Yang) Date: Fri, 17 Oct 2008 08:20:37 -0400 Subject: [nycphp-talk] accessibility issue, how to solve? In-Reply-To: <427215754.20081017191400@qualityadvantages.com> References: <427215754.20081017191400@qualityadvantages.com> Message-ID: <48F88315.6080004@omnistep.com> mikesz at qualityadvantages.com wrote: > Hello NYPHP, > > I know I am going to get some heat for this one but here goes... > > Let me preface this by definitively stating that I am categorically > NOT making a request for information on how to hack into a system. > This is a legitimate programming problem that I am trying to solve. > > I have a situation where a visually impaired user needs to pass his > username and password to a forum via a php script (preferably) for obvious > reasons he can not physically pass the info himself. He is using a text > reader software so once he is logged in to the forum at least he is able to > participate or a least read the contents of the threads. > > The Forum Software provider has been pretty proactive in coding > "injection prevention" methods so passing the username and password > via a script may not be possible. > > Any accessibility experts got any suggestions on how to solve this > problem. > > TIA for any help. > > Don't have enough information. The injection countermeasures employed by the forum website need to be examined. In the simplest case, a Curl request might suffice. There might be some javascript "challenge" computation task or a captcha that would make things more difficult. If possible, I think the easier solution would be to have his browser "remember" the login and password. :) ~Rolan From mikesz at qualityadvantages.com Fri Oct 17 09:01:16 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Fri, 17 Oct 2008 21:01:16 +0800 Subject: [nycphp-talk] accessibility issue, how to solve? In-Reply-To: <48F88315.6080004@omnistep.com> References: <427215754.20081017191400@qualityadvantages.com> <48F88315.6080004@omnistep.com> Message-ID: <19510351101.20081017210116@qualityadvantages.com> Hello Rolan, Friday, October 17, 2008, 8:20:37 PM, you wrote: > mikesz at qualityadvantages.com wrote: >> Hello NYPHP, >> >> I know I am going to get some heat for this one but here goes... >> >> Let me preface this by definitively stating that I am categorically >> NOT making a request for information on how to hack into a system. >> This is a legitimate programming problem that I am trying to solve. >> >> I have a situation where a visually impaired user needs to pass his >> username and password to a forum via a php script (preferably) for obvious >> reasons he can not physically pass the info himself. He is using a text >> reader software so once he is logged in to the forum at least he is able to >> participate or a least read the contents of the threads. >> >> The Forum Software provider has been pretty proactive in coding >> "injection prevention" methods so passing the username and password >> via a script may not be possible. >> >> Any accessibility experts got any suggestions on how to solve this >> problem. >> >> TIA for any help. >> >> > Don't have enough information. The injection countermeasures employed by > the forum website need to be examined. In the simplest case, a Curl > request might suffice. There might be some javascript "challenge" > computation task or a captcha that would make things more difficult. If > possible, I think the easier solution would be to have his browser > "remember" the login and password. :) > ~Rolan > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ Information from ESET Smart Security, version of virus > signature database 3530 (20081017) __________ > The message was checked by ESET Smart Security. > http://www.eset.com thanks for the reply. That works "after" you have done the first login but if the browser cache get cleared for what ever reason you still have to pass the username and password somehow. I agree with the idea but I still have to get that initial login to be automated. The forum has a multistep compare of md5(password) + seed with stored password in the db. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From nynj.tech at hotmail.com Fri Oct 17 14:40:27 2008 From: nynj.tech at hotmail.com (chad qian) Date: Fri, 17 Oct 2008 14:40:27 -0400 Subject: [nycphp-talk] problem with localhost connection,MAMP Message-ID: I am working on a mac.I have MAMP installed. This is the apache mysql php combination.I try http://localhost/Applications/MAMP/htdocs/test.php and http://localhost/test.phpI believe apache is running. When I type or paste the above paths in my firefox browser I get this error message:The connection was refused when attempting to contact localhost. Any idea? Thnaks! chad _________________________________________________________________ Stay organized with simple drag and drop from Windows Live Hotmail. http://windowslive.com/Explore/hotmail?ocid=TXT_TAGLM_WL_hotmail_102008 -------------- next part -------------- An HTML attachment was scrubbed... URL: From level3 at nyc.rr.com Fri Oct 17 14:45:51 2008 From: level3 at nyc.rr.com (Gene Costanza) Date: Fri, 17 Oct 2008 14:45:51 -0400 Subject: [nycphp-talk] problem with localhost connection,MAMP In-Reply-To: Message-ID: <8EDBF553C877446DA58B2C301869E485@NATASHA> Specify your URL in a conf -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of chad qian Sent: Friday, October 17, 2008 14:40 To: talk at lists.nyphp.org Subject: [nycphp-talk] problem with localhost connection,MAMP I am working on a mac. I have MAMP installed. This is the apache mysql php combination.I try http://localhost/Applications/MAMP/htdocs/test.php and http://localhost/test.php I believe apache is running. When I type or paste the above paths in my firefox browser I get this error message: The connection was refused when attempting to contact localhost. Any idea? Thnaks! chad _____ Stay organized with simple drag and drop from Windows Live Hotmail. Try it -------------- next part -------------- An HTML attachment was scrubbed... URL: From brianw1975 at gmail.com Fri Oct 17 15:16:22 2008 From: brianw1975 at gmail.com (Brian Williams) Date: Fri, 17 Oct 2008 15:16:22 -0400 Subject: [nycphp-talk] problem with localhost connection,MAMP In-Reply-To: References: Message-ID: a) make sure MAMP has Apache active/started b) make sure you have MAMP set to listen to port 80 or if you can't do that alter your URL to http://localhost:8888/test.php c) make sure any firewall you have allows connection to localhost on port 8888 or 80 depending on what you do above I figure the most likely reason is #a or #b On Fri, Oct 17, 2008 at 2:40 PM, chad qian wrote: > I am working on a mac. > I have MAMP installed. This is the apache mysql php combination.I try > http://localhost/Applications/MAMP/htdocs/test.php and > http://localhost/test.php > I believe apache is running. > When I type or paste the above paths in my firefox browser I get this error > message: > The connection was refused when attempting to contact localhost. > > Any idea? > > Thnaks! > > chad > > ------------------------------ > Stay organized with simple drag and drop from Windows Live Hotmail. Try it > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikesz at qualityadvantages.com Sun Oct 19 02:34:34 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sun, 19 Oct 2008 14:34:34 +0800 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <48EAB70D.1080208@omnistep.com> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> Message-ID: <415910423.20081019143434@qualityadvantages.com> Hello Rolan, Tuesday, October 7, 2008, 9:10:37 AM, you wrote: > Put the timestamp of when the page was first served as a hidden variable > in the form. Then compare it to the time when it was submitted (after > completed). > > ~Rolan > mikesz at qualityadvantages.com wrote: >> Hello NYPHP, >> >> Greetings to All, >> >> I need to time how long it takes to fill out a registration form, from >> when it is called to submission. I am trying to compare the time frame difference >> between the form being manually filled out versus an automated script. >> >> Any ideas or direction about how to do this would be enormously >> appreciated. >> >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ Information from ESET Smart Security, version of virus > signature database 3497 (20081006) __________ > The message was checked by ESET Smart Security. > http://www.eset.com Update: I just discovered that the "robot" that is accessing and spamming my sites it XRumer. It hacks into gmail, gets a valid gmail account then it registers and spams as many Forum sites as it can find to "plant" illicit links so it can exploit google's PR system. Anyone know of an anti-XRumer script or detector? -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From mikesz at qualityadvantages.com Sun Oct 19 02:37:34 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sun, 19 Oct 2008 14:37:34 +0800 Subject: [nycphp-talk] Bypassing Registration forms on vBulletin forums ... I guess other forums are having similar problem too? In-Reply-To: <76044218.20081015002501@qualityadvantages.com> References: <441539530.20081014154122@qualityadvantages.com> <778347011.20081014234854@qualityadvantages.com> <76044218.20081015002501@qualityadvantages.com> Message-ID: <958454217.20081019143734@qualityadvantages.com> An HTML attachment was scrubbed... URL: From mikesz at qualityadvantages.com Sun Oct 19 02:44:19 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Sun, 19 Oct 2008 14:44:19 +0800 Subject: [nycphp-talk] accessibility issue, how to solve? In-Reply-To: <427215754.20081017191400@qualityadvantages.com> References: <427215754.20081017191400@qualityadvantages.com> Message-ID: <1314806234.20081019144419@qualityadvantages.com> Hello mikesz, Friday, October 17, 2008, 7:14:00 PM, you wrote: > Hello NYPHP, > I know I am going to get some heat for this one but here goes... > Let me preface this by definitively stating that I am categorically > NOT making a request for information on how to hack into a system. > This is a legitimate programming problem that I am trying to solve. > I have a situation where a visually impaired user needs to pass his > username and password to a forum via a php script (preferably) for obvious > reasons he can not physically pass the info himself. He is using a text > reader software so once he is logged in to the forum at least he is able to > participate or a least read the contents of the threads. > The Forum Software provider has been pretty proactive in coding > "injection prevention" methods so passing the username and password > via a script may not be possible. > Any accessibility experts got any suggestions on how to solve this > problem. > TIA for any help. I got only one reply to this post. I solved the problem with a simple html form and a javascript submit so that the blind person that needed the access just needs to click on an html link if anyone was interested. The script runs on the local computer and automatically logs them into their account much like a keystroke capture program would do. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From level3 at nyc.rr.com Sun Oct 19 06:28:43 2008 From: level3 at nyc.rr.com (Gene Costanza) Date: Sun, 19 Oct 2008 06:28:43 -0400 Subject: [nycphp-talk] accessibility issue, how to solve? In-Reply-To: <1314806234.20081019144419@qualityadvantages.com> Message-ID: <0F57BA3969E84C0BB034E732A123271F@XPPro> mikez, Can you top post when you reply please? It's difficult to read a reply when you have to scroll down 200 lines, then scroll back up to refer to the original. Thanks... >>>-----Original Message----- >>>From: talk-bounces at lists.nyphp.org >>>[mailto:talk-bounces at lists.nyphp.org] On Behalf Of >>>mikesz at qualityadvantages.com >>>Sent: Sunday, October 19, 2008 2:44 AM >>>To: NYPHP Talk >>>Subject: Re: [nycphp-talk] accessibility issue, how to solve? >>> >>> >>>Hello mikesz, >>> >>>Friday, October 17, 2008, 7:14:00 PM, you wrote: >>> >>>> Hello NYPHP, >>> >>>> I know I am going to get some heat for this one but here goes... >>> >>>> Let me preface this by definitively stating that I am >>>categorically >>>> NOT making a request for information on how to hack into a system. >>>> This is a legitimate programming problem that I am trying to solve. >>> >>>> I have a situation where a visually impaired user needs to >>>pass his >>>> username and password to a forum via a php script (preferably) for >>>> obvious reasons he can not physically pass the info himself. He is >>>> using a text reader software so once he is logged in to >>>the forum at >>>> least he is able to participate or a least read the >>>contents of the >>>> threads. >>> >>>> The Forum Software provider has been pretty proactive in coding >>>> "injection prevention" methods so passing the username and >>>password >>>> via a script may not be possible. >>> >>>> Any accessibility experts got any suggestions on how to solve this >>>> problem. >>> >>>> TIA for any help. >>> >>> >>>I got only one reply to this post. I solved the problem with >>>a simple html form and a javascript submit so that the blind >>>person that needed the access just needs to click on an html >>>link if anyone was interested. The script runs on the local >>>computer and automatically logs them into their account much >>>like a keystroke capture program would do. >>> >>>-- >>>Best regards, >>> mikesz >>>mailto:mikesz at qualityadvantages.com >>> >>>_______________________________________________ >>>New York PHP Community Talk Mailing List >>>http://lists.nyphp.org/mailman/listinfo/talk >>> >>>NYPHPCon 2006 Presentations Online >>>http://www.nyphpcon.com >>> >>>Show Your Participation in New York PHP >>>http://www.nyphp.org/show_participation.php >>> From rolan at omnistep.com Sun Oct 19 07:41:56 2008 From: rolan at omnistep.com (Rolan Yang) Date: Sun, 19 Oct 2008 07:41:56 -0400 Subject: [nycphp-talk] Timing an Input Form Entry In-Reply-To: <415910423.20081019143434@qualityadvantages.com> References: <1333632725.20081007090332@qualityadvantages.com> <48EAB70D.1080208@omnistep.com> <415910423.20081019143434@qualityadvantages.com> Message-ID: <48FB1D04.3070501@omnistep.com> mikesz at qualityadvantages.com wrote: > Update: I just discovered that the "robot" that is accessing and > spamming my sites it XRumer. It hacks into gmail, gets a valid gmail > account then it registers and spams as many Forum sites as it can find > to "plant" illicit links so it can exploit google's PR system. > > Anyone know of an anti-XRumer script or detector? > > Forum spamming is a typical problem. To stop that, you need to burden your users with a captcha upon registration, or if you don't require users to register, then burden them with a captcha upon each posting. I suppose if you code up your own exotic form submit scheme (maybe through javascript/ajax?) the bots may skip scanning your forms and move onto lower hanging fruit. ~Rolan From jusheehy at vassar.edu Wed Oct 22 07:54:05 2008 From: jusheehy at vassar.edu (Julia Sheehy) Date: Wed, 22 Oct 2008 07:54:05 -0400 Subject: [nycphp-talk] RFC -- Lever Voting System Message-ID: <48FF145D.60001@vassar.edu> A neighbor sent me a link which I actually opened this morning (usually not) and I was surprised I'd never heard about the backlash against the push to move to computerized voting. I guess in my geeky little world, it never occurred to me that people would object so strongly solely on the basis of security, I had thought the alienation of voters who were not comfortable using technology would be the chief complaint. What is your take? -- the link my neighbor sent: http://www.electiondefensealliance.org/save_ny_levers -------------- next part -------------- A non-text attachment was scrubbed... Name: jusheehy.vcf Type: text/x-vcard Size: 474 bytes Desc: not available URL: From randalrust at gmail.com Wed Oct 22 08:02:55 2008 From: randalrust at gmail.com (Randal Rust) Date: Wed, 22 Oct 2008 08:02:55 -0400 Subject: [nycphp-talk] RFC -- Lever Voting System In-Reply-To: <48FF145D.60001@vassar.edu> References: <48FF145D.60001@vassar.edu> Message-ID: On Wed, Oct 22, 2008 at 7:54 AM, Julia Sheehy wrote: > What is your take? -- the link my neighbor sent: > http://www.electiondefensealliance.org/save_ny_levers Obviously way OT, but the more I think about this, the more I am convinced that the Presidential election should be a one-week event, and that should be the only thing that is voted on. You go in the booth and push one button. Plain and simple. It gets rid of this early voting nonsense, along with hanging chads and the like. -- Randal Rust R.Squared Communications www.r2communications.com 614-370-0036 From codebowl at gmail.com Wed Oct 22 11:49:14 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 11:49:14 -0400 Subject: [nycphp-talk] [OT] - Politics.com Message-ID: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> I know this is not entirely on topic but I thought I would share this with you. Today at 3PM EST a site that I have been working on over the last few months is going to go live. http://www.politics.com/ - If you are political please come check out what has been keeping me busy over the last few months. Thanks, -- Joseph Crawford Zend Certified Engineer http://www.josephcrawford.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From dsteplight at gmail.com Wed Oct 22 11:52:57 2008 From: dsteplight at gmail.com (Darryle Steplight) Date: Wed, 22 Oct 2008 11:52:57 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> Message-ID: <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> Hey Joe, Looks like I need a username and password :) On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford wrote: > I know this is not entirely on topic but I thought I would share this with > you. > Today at 3PM EST a site that I have been working on over the last few months > is going to go live. > http://www.politics.com/ - If you are political please come check out what > has been keeping me busy over the last few months. > Thanks, > -- > Joseph Crawford > Zend Certified Engineer > http://www.josephcrawford.com/ > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From matt at atopia.net Wed Oct 22 11:54:31 2008 From: matt at atopia.net (Matt Juszczak) Date: Wed, 22 Oct 2008 11:54:31 -0400 (EDT) Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> Message-ID: <20081022115425.U72131@mercury.atopia.net> I think he means check it out @ 3 PM :) On Wed, 22 Oct 2008, Darryle Steplight wrote: > Hey Joe, > Looks like I need a username and password :) > > On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford wrote: >> I know this is not entirely on topic but I thought I would share this with >> you. >> Today at 3PM EST a site that I have been working on over the last few months >> is going to go live. >> http://www.politics.com/ - If you are political please come check out what >> has been keeping me busy over the last few months. >> Thanks, >> -- >> Joseph Crawford >> Zend Certified Engineer >> http://www.josephcrawford.com/ >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From codebowl at gmail.com Wed Oct 22 11:59:29 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 11:59:29 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> Message-ID: <19AFDFB3-B096-400E-AB9E-0C473A70B918@gmail.com> Darryle, that will be lifted at 3PM EST today :) On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote: > Hey Joe, > Looks like I need a username and password :) > > On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford > wrote: >> I know this is not entirely on topic but I thought I would share >> this with >> you. >> Today at 3PM EST a site that I have been working on over the last >> few months >> is going to go live. >> http://www.politics.com/ - If you are political please come check >> out what >> has been keeping me busy over the last few months. >> Thanks, >> -- >> Joseph Crawford >> Zend Certified Engineer >> http://www.josephcrawford.com/ >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From dsteplight at gmail.com Wed Oct 22 12:14:18 2008 From: dsteplight at gmail.com (Darryle Steplight) Date: Wed, 22 Oct 2008 12:14:18 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <19AFDFB3-B096-400E-AB9E-0C473A70B918@gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> <19AFDFB3-B096-400E-AB9E-0C473A70B918@gmail.com> Message-ID: <47f4c4570810220914y2a8ea73x45960b0fb5cafbda@mail.gmail.com> Thanks Matt, yeah I jumped the gun on that one. Realized it right when I hit the send button. On Wed, Oct 22, 2008 at 11:59 AM, Joseph Crawford wrote: > Darryle, > > that will be lifted at 3PM EST today :) > > > On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote: > >> Hey Joe, >> Looks like I need a username and password :) >> >> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford >> wrote: >>> >>> I know this is not entirely on topic but I thought I would share this >>> with >>> you. >>> Today at 3PM EST a site that I have been working on over the last few >>> months >>> is going to go live. >>> http://www.politics.com/ - If you are political please come check out >>> what >>> has been keeping me busy over the last few months. >>> Thanks, >>> -- >>> Joseph Crawford >>> Zend Certified Engineer >>> http://www.josephcrawford.com/ >>> >>> >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >>> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From jcampbell1 at gmail.com Wed Oct 22 12:21:33 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Wed, 22 Oct 2008 12:21:33 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> Message-ID: <8f0676b40810220921k28864618s856ee86fab892980@mail.gmail.com> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford wrote: > http://www.politics.com/ - If you are political please come check out what > has been keeping me busy over the last few months. Damn... nice domain name. My expectations are high. Cheers, John Campbell From codebowl at gmail.com Wed Oct 22 13:24:28 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 13:24:28 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> Message-ID: <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com> There is one minor annoyance for me and I have spoken up about it. While you are on the site in order to get to the detail page you have to click on the part of the article where it says '0 comments' you cannot click on the title or body of the article as it will just take you to the actual source of the article. If you also find this to be annoying and unclear please send an email to support at politics.com but this was not my decision :) Thanks, Joseph Crawford On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote: > Hey Joe, > Looks like I need a username and password :) > > On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford > wrote: >> I know this is not entirely on topic but I thought I would share >> this with >> you. >> Today at 3PM EST a site that I have been working on over the last >> few months >> is going to go live. >> http://www.politics.com/ - If you are political please come check >> out what >> has been keeping me busy over the last few months. >> Thanks, >> -- >> Joseph Crawford >> Zend Certified Engineer >> http://www.josephcrawford.com/ >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From rotsen at gmail.com Wed Oct 22 13:31:00 2008 From: rotsen at gmail.com (=?ISO-8859-1?Q?N=E9stor?=) Date: Wed, 22 Oct 2008 10:31:00 -0700 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com> Message-ID: I think that when you click on the title or the body, you should go to the article and then in the article you can/should have a link to the source :-) On Wed, Oct 22, 2008 at 10:24 AM, Joseph Crawford wrote: > There is one minor annoyance for me and I have spoken up about it. > > While you are on the site in order to get to the detail page you have to > click on the part of the article where it says '0 comments' you cannot click > on the title or body of the article as it will just take you to the actual > source of the article. > > If you also find this to be annoying and unclear please send an email to > support at politics.com > > but this was not my decision :) > > Thanks, > Joseph Crawford > > On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote: > > Hey Joe, >> Looks like I need a username and password :) >> >> On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford >> wrote: >> >>> I know this is not entirely on topic but I thought I would share this >>> with >>> you. >>> Today at 3PM EST a site that I have been working on over the last few >>> months >>> is going to go live. >>> http://www.politics.com/ - If you are political please come check out >>> what >>> has been keeping me busy over the last few months. >>> Thanks, >>> -- >>> Joseph Crawford >>> Zend Certified Engineer >>> http://www.josephcrawford.com/ >>> >>> >>> _______________________________________________ >>> New York PHP Community Talk Mailing List >>> http://lists.nyphp.org/mailman/listinfo/talk >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >>> >>> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tim_lists at o2group.com Wed Oct 22 13:47:05 2008 From: tim_lists at o2group.com (Tim Lieberman) Date: Wed, 22 Oct 2008 11:47:05 -0600 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com> Message-ID: <6F4AB845-E646-4D79-B7C0-D645BC328655@o2group.com> That seems sensible to me. But I'll have to wait and see what it's all actually about, really. -Tim On Oct 22, 2008, at 11:31 AM, N?stor wrote: > I think that when you click on the title or the body, > you should go to the article and then in the article > you can/should have a link to the source > > :-) > > On Wed, Oct 22, 2008 at 10:24 AM, Joseph Crawford > wrote: > There is one minor annoyance for me and I have spoken up about it. > > While you are on the site in order to get to the detail page you > have to click on the part of the article where it says '0 comments' > you cannot click on the title or body of the article as it will just > take you to the actual source of the article. > > If you also find this to be annoying and unclear please send an > email to support at politics.com > > but this was not my decision :) > > Thanks, > Joseph Crawford > > On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote: > > Hey Joe, > Looks like I need a username and password :) > > On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford > wrote: > I know this is not entirely on topic but I thought I would share > this with > you. > Today at 3PM EST a site that I have been working on over the last > few months > is going to go live. > http://www.politics.com/ - If you are political please come check > out what > has been keeping me busy over the last few months. > Thanks, > -- > Joseph Crawford > Zend Certified Engineer > http://www.josephcrawford.com/ > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From codebowl at gmail.com Wed Oct 22 14:00:45 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 14:00:45 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com> Message-ID: If you feel the same as Nestor and I please click the Feedback link in the header of the site and submit it there :) I would love to see that change but I doubt they will without the user input. Joseph Crawford On Oct 22, 2008, at 1:31 PM, N?stor wrote: > I think that when you click on the title or the body, > you should go to the article and then in the article > you can/should have a link to the source > > :-) > > On Wed, Oct 22, 2008 at 10:24 AM, Joseph Crawford > wrote: > There is one minor annoyance for me and I have spoken up about it. > > While you are on the site in order to get to the detail page you > have to click on the part of the article where it says '0 comments' > you cannot click on the title or body of the article as it will just > take you to the actual source of the article. > > If you also find this to be annoying and unclear please send an > email to support at politics.com > > but this was not my decision :) > > Thanks, > Joseph Crawford > > On Oct 22, 2008, at 11:52 AM, Darryle Steplight wrote: > > Hey Joe, > Looks like I need a username and password :) > > On Wed, Oct 22, 2008 at 11:49 AM, Joseph Crawford > wrote: > I know this is not entirely on topic but I thought I would share > this with > you. > Today at 3PM EST a site that I have been working on over the last > few months > is going to go live. > http://www.politics.com/ - If you are political please come check > out what > has been keeping me busy over the last few months. > Thanks, > -- > Joseph Crawford > Zend Certified Engineer > http://www.josephcrawford.com/ > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From zippy1981 at gmail.com Wed Oct 22 14:56:28 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Wed, 22 Oct 2008 14:56:28 -0400 Subject: [nycphp-talk] Re: [nycbug-talk] LinkedIn: Worth it or not? In-Reply-To: <5458db3c0810221155k779d47cbkff2878e43a0c7b51@mail.gmail.com> References: <20081021135558.P63279@mercury.atopia.net> <5458db3c0810221155k779d47cbkff2878e43a0c7b51@mail.gmail.com> Message-ID: <5458db3c0810221156p61f1929emc77542cfca6cc43b@mail.gmail.com> Damn reply to address. On Wed, Oct 22, 2008 at 2:55 PM, Justin Dearing wrote: > On Wed, Oct 22, 2008 at 1:54 PM, Miles Nordin wrote: > >> I find this type of work too degrading to associate that intimately >> with my personal identity. > > > You find your work degrading? The only time I was unable to find any level > of dignity in my work was a stint at Burger king. That was only because I > sucked at making burgers. Why do it if its degrading? > > Secondly I find it violating that someone would EXPECT to see a >> conveniently-formatted list of all the other people I know. Police >> and stalkers drool over such information, and that's the big part of >> why we don't like the kind of attention either gives us, and if it's a >> person judging me rather than merely a fan I feel doubly violated. >> > > To each their own. Its an opt in kind of thing. Some people live very > public lives. Granted, being a "social network whore" when one is young and > desperate might haunt a person when they are older. Man is a social animal, > we all need to engage in a certain level of intercourse (in the general, not > sexual sense) to meet our various needs and wants. > > Now personally, I'd prefer to hire or be hired by people that had a certain > level of knowledge of my personal life. If you have political view that are > 180 degrees from mine, I can work with you if you can respect my views. You > might not be able to tolerate my worldview though. I'd rather you find out > on your own by googling me rather than seeing a website on my monitor that > I'm looking at lunchtime. That way you never make me an offer and neither of > us are put in a hard position. Also, I refuse to remain absolutely ambiguous > of all my personal views for 40-60 hours a week. I'm not going to go out of > my way to preach my views, but I don't want to be afraid when topics come > up. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Wed Oct 22 15:15:42 2008 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 22 Oct 2008 15:15:42 -0400 (EDT) Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> Message-ID: On Wed, 22 Oct 2008, Joseph Crawford wrote: > Today at 3PM EST a site that I have been working on over the last few > months is going to go live. Still locked @ 3:15pm... -- Aj. From codebowl at gmail.com Wed Oct 22 16:06:44 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 16:06:44 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: References: Message-ID: Sorry it should be unlocked now. I am not sure what delayed them. I said 3PM they were supposed to have it done at 2:30PM :) Thanks, Joseph Crawford On Oct 22, 2008, at 3:15 PM, Ajai Khattri wrote: > On Wed, 22 Oct 2008, Joseph Crawford wrote: > >> Today at 3PM EST a site that I have been working on over the last few >> months is going to go live. > > Still locked @ 3:15pm... > > > > -- > Aj. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From smanes at magpie.com Wed Oct 22 16:11:53 2008 From: smanes at magpie.com (Steve Manes) Date: Wed, 22 Oct 2008 16:11:53 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com> Message-ID: <48FF8909.2000908@magpie.com> Joseph Crawford wrote: > There is one minor annoyance for me and I have spoken up about it. > > While you are on the site in order to get to the detail page you have to > click on the part of the article where it says '0 comments' you cannot > click on the title or body of the article as it will just take you to > the actual source of the article. One other minor annoyance, and I don't mean to pick because I have this problem with a lot of sites that require double-opt. But it's something that a lot of site developers seem to overlook: ya gotta register that outbound STMP server in DNS: Oct 22 16:08:14 jack postfix/smtpd[93665]: connect from unknown[208.91.206.42] Oct 22 16:08:14 jack postfix/smtpd[93665]: NOQUEUE: reject: CONNECT from unknown[208.91.206.42]: 554 5.7.1 Client host rejected: cannot find your hostname, [208.91.206.42]; proto=SMTP Oct 22 16:08:14 jack postfix/smtpd[93665]: disconnect from unknown[208.91.206.42] Mail servers like mine that do reverse DNS lookups to prevent spamming will reject inbound mail from unknown hosts. From sequethin at gmail.com Wed Oct 22 16:12:49 2008 From: sequethin at gmail.com (Michael Hernandez) Date: Wed, 22 Oct 2008 16:12:49 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: References: Message-ID: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> Looks cool. Is it Zend Framework? Or ? --Mike H On Oct 22, 2008, at 4:06 PM, Joseph Crawford wrote: > Sorry it should be unlocked now. > > I am not sure what delayed them. I said 3PM they were supposed to > have it done at 2:30PM :) > > Thanks, > Joseph Crawford > From codebowl at gmail.com Wed Oct 22 16:37:15 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 16:37:15 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <48FF8909.2000908@magpie.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> <47f4c4570810220852r2f3ce35fj3b9195f445180dc7@mail.gmail.com> <03B75D6C-E611-46CE-A6F0-1848E79631C1@gmail.com> <48FF8909.2000908@magpie.com> Message-ID: <3AB314A4-BBB7-4AE4-8A4B-ED56DF94A016@gmail.com> No need to pick, please do. I will make sure all issues are addressed. Thanks, Joseph Crawford On Oct 22, 2008, at 4:11 PM, Steve Manes wrote: > Joseph Crawford wrote: >> There is one minor annoyance for me and I have spoken up about it. >> While you are on the site in order to get to the detail page you >> have to click on the part of the article where it says '0 comments' >> you cannot click on the title or body of the article as it will >> just take you to the actual source of the article. > > One other minor annoyance, and I don't mean to pick because I have > this problem with a lot of sites that require double-opt. But it's > something that a lot of site developers seem to overlook: ya gotta > register that outbound STMP server in DNS: > > Oct 22 16:08:14 jack postfix/smtpd[93665]: connect from > unknown[208.91.206.42] > Oct 22 16:08:14 jack postfix/smtpd[93665]: NOQUEUE: reject: CONNECT > from unknown[208.91.206.42]: 554 5.7.1 Client host rejected: cannot > find your hostname, [208.91.206.42]; proto=SMTP > Oct 22 16:08:14 jack postfix/smtpd[93665]: disconnect from > unknown[208.91.206.42] > > Mail servers like mine that do reverse DNS lookups to prevent > spamming will reject inbound mail from unknown hosts. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From codebowl at gmail.com Wed Oct 22 16:37:47 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 16:37:47 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> References: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> Message-ID: <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com> Michael, Unfortunately no it is not ZF, it is a custom framework that my employer has developed and uses for all their sites. Thanks, Joseph Crawford On Oct 22, 2008, at 4:12 PM, Michael Hernandez wrote: > Looks cool. Is it Zend Framework? Or ? > > --Mike H > > > On Oct 22, 2008, at 4:06 PM, Joseph Crawford wrote: > >> Sorry it should be unlocked now. >> >> I am not sure what delayed them. I said 3PM they were supposed to >> have it done at 2:30PM :) >> >> Thanks, >> Joseph Crawford >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From petros.ziogas at gmail.com Wed Oct 22 18:49:30 2008 From: petros.ziogas at gmail.com (Petros Ziogas) Date: Thu, 23 Oct 2008 01:49:30 +0300 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com> References: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com> Message-ID: <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com> I think it is a very solid effort, well done. On a great domain of course. Only thing that might confuse a user, is the different behavior on the article links. You have to click on the "x comments" in order to stay in politics.com, every other link send to the actual story. I believe it needs a little clarification. It works like digg but even digg.com can seem peculiar to a first visitor. Petros Ziogas Athens, Greece 2008/10/22 Joseph Crawford > Michael, > > Unfortunately no it is not ZF, it is a custom framework that my employer > has developed and uses for all their sites. > > Thanks, > Joseph Crawford > > > On Oct 22, 2008, at 4:12 PM, Michael Hernandez wrote: > > Looks cool. Is it Zend Framework? Or ? >> >> --Mike H >> >> >> On Oct 22, 2008, at 4:06 PM, Joseph Crawford wrote: >> >> Sorry it should be unlocked now. >>> >>> I am not sure what delayed them. I said 3PM they were supposed to have >>> it done at 2:30PM :) >>> >>> Thanks, >>> Joseph Crawford >>> >>> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From codebowl at gmail.com Wed Oct 22 19:30:46 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 19:30:46 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com> References: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com> <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com> Message-ID: Petros, That is the annoyance I was talking about. Could you please click the feedback link in the header and send that to the PM :) They won't change it unless they get user feedback that it needs to change. Thanks, Joseph Crawford On Oct 22, 2008, at 6:49 PM, Petros Ziogas wrote: > I think it is a very solid effort, well done. On a great domain of > course. > > Only thing that might confuse a user, is the different behavior on > the article links. > > You have to click on the "x comments" in order to stay in > politics.com, every other link send to the actual story. > > I believe it needs a little clarification. It works like digg but > even digg.com can seem peculiar to a first visitor. > > Petros Ziogas > Athens, Greece > > > 2008/10/22 Joseph Crawford > Michael, > > Unfortunately no it is not ZF, it is a custom framework that my > employer has developed and uses for all their sites. > > Thanks, > Joseph Crawford > > > On Oct 22, 2008, at 4:12 PM, Michael Hernandez wrote: > > Looks cool. Is it Zend Framework? Or ? > > --Mike H > > > On Oct 22, 2008, at 4:06 PM, Joseph Crawford wrote: > > Sorry it should be unlocked now. > > I am not sure what delayed them. I said 3PM they were supposed to > have it done at 2:30PM :) > > Thanks, > Joseph Crawford > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From smanes at magpie.com Wed Oct 22 19:57:06 2008 From: smanes at magpie.com (Steve Manes) Date: Wed, 22 Oct 2008 19:57:06 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com> References: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com> <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com> Message-ID: <48FFBDD2.9000405@magpie.com> Petros Ziogas wrote: > You have to click on the "x comments" in order to stay in politics.com > , every other link send to the actual story. I presume there are copyright issues here? From codebowl at gmail.com Wed Oct 22 21:11:27 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Oct 2008 21:11:27 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <48FFBDD2.9000405@magpie.com> References: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com> <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com> <48FFBDD2.9000405@magpie.com> Message-ID: There would be no copyright issues if we linked to the source on the details page. On Oct 22, 2008, at 7:57 PM, Steve Manes wrote: > Petros Ziogas wrote: >> You have to click on the "x comments" in order to stay in >> politics.com , every other link send to the >> actual story. > > I presume there are copyright issues here? > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From smanes at magpie.com Wed Oct 22 21:54:29 2008 From: smanes at magpie.com (Steve Manes) Date: Wed, 22 Oct 2008 21:54:29 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: References: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com> <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com> <48FFBDD2.9000405@magpie.com> Message-ID: <48FFD955.3070707@magpie.com> Joseph Crawford wrote: > There would be no copyright issues if we linked to the source on the > details page. Fair Use only permits limited quotation of a copyrighted work. This summer AP went nuts when it floated a new policy requiring a license to republish even five words from one of its news articles: http://www.boingboing.net/2008/06/17/associated-press-exp.html From petros.ziogas at gmail.com Thu Oct 23 07:38:59 2008 From: petros.ziogas at gmail.com (Petros Ziogas) Date: Thu, 23 Oct 2008 14:38:59 +0300 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <48FFD955.3070707@magpie.com> References: <30ACCA9A-21B9-4C4D-8E0E-40FB20204AD8@gmail.com> <64AD4334-5C07-47BD-8E14-7EE45169459E@gmail.com> <236c3b210810221549k403bc5dn6acb61f5fbeb069@mail.gmail.com> <48FFBDD2.9000405@magpie.com> <48FFD955.3070707@magpie.com> Message-ID: <236c3b210810230438l560534f6m45d2107240a101d2@mail.gmail.com> I see the need to have a link to original story. It would be unfair to completely reproduce the text (even with a link mentioning the source). My note was actual on the implementation of this. It would seem more logical to have a "visit mentioned article" and a "comment on the article" or something similar. My English is not that good unfortunately. Joseph I am using the feedback right now... Petros Ziogas Athens, Greece 2008/10/23 Steve Manes > Joseph Crawford wrote: > >> There would be no copyright issues if we linked to the source on the >> details page. >> > > Fair Use only permits limited quotation of a copyrighted work. This summer > AP went nuts when it floated a new policy requiring a license to republish > even five words from one of its news articles: > > http://www.boingboing.net/2008/06/17/associated-press-exp.html > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Thu Oct 23 08:32:40 2008 From: tedd at sperling.com (tedd) Date: Thu, 23 Oct 2008 08:32:40 -0400 Subject: [nycphp-talk] [OT] - Politics.com In-Reply-To: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> References: <6A591C55-F1F2-4D86-8CCE-7CFBA8D62C43@gmail.com> Message-ID: At 11:49 AM -0400 10/22/08, Joseph Crawford wrote: >I know this is not entirely on topic but I thought I would share >this with you. > >Today at 3PM EST a site that I have been working on over the last >few months is going to go live. > >http://www.politics.com/ - If you are >political please come check out what has been keeping me busy over >the last few months. Joseph: Check out: Might want to fix some of those errors. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From nynj.tech at hotmail.com Fri Oct 24 16:09:50 2008 From: nynj.tech at hotmail.com (chad qian) Date: Fri, 24 Oct 2008 16:09:50 -0400 Subject: [nycphp-talk] phpmyadmin connected to mysql on MAC Message-ID: I install MAMP on MAC. I'm having trouble connecting the mamp phpMyAdmin page to mysql.I can't see created databases under phpmyadmin Where as the Mysql query browser and the Mysql administrator are seeing them. Any idea?Thanks! chad _________________________________________________________________ When your life is on the go?take your life with you. http://clk.atdmt.com/MRT/go/115298558/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From zippy1981 at gmail.com Fri Oct 24 16:19:13 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Fri, 24 Oct 2008 16:19:13 -0400 Subject: [nycphp-talk] phpmyadmin connected to mysql on MAC In-Reply-To: References: Message-ID: <5458db3c0810241319v5d89eae6hc5d41446efd92f6b@mail.gmail.com> are yu sure your connecting to the same database from mysqladmin as the console? did you check the apache error log, assuming mysql errors are configured to go there. On Fri, Oct 24, 2008 at 4:09 PM, chad qian wrote: > I install MAMP on MAC. > I'm having trouble connecting the mamp phpMyAdmin page to mysql.I can't see > created databases > under phpmyadmin Where as the Mysql query browser and the Mysql > administrator are seeing them. > > Any idea?Thanks! > > chad > > ________________________________ > When your life is on the go?take your life with you. Try Windows Mobile(R) > today > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From ajai at bitblit.net Fri Oct 24 16:19:40 2008 From: ajai at bitblit.net (Ajai Khattri) Date: Fri, 24 Oct 2008 16:19:40 -0400 (EDT) Subject: [nycphp-talk] phpmyadmin connected to mysql on MAC In-Reply-To: Message-ID: On Fri, 24 Oct 2008, chad qian wrote: > I install MAMP on MAC. > I'm having trouble connecting the mamp phpMyAdmin page to mysql.I can't > see created databases under phpmyadmin Where as the Mysql query browser > and the Mysql administrator are seeing them. You will only se databases your MySQL username is allowed to see. Maybe you used "root" in the query browser but not in phpMyAdmin? -- A From david at davidmintz.org Tue Oct 28 22:40:26 2008 From: david at davidmintz.org (David Mintz) Date: Tue, 28 Oct 2008 22:40:26 -0400 Subject: [nycphp-talk] serving a download only to authenticated users Message-ID: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com> You folks have done this a thousand times so it's cake to you. This is the first time I have had to make a Powerpoint download available only to authenticated users. Tell me if it's this simple: From zippy1981 at gmail.com Tue Oct 28 22:49:47 2008 From: zippy1981 at gmail.com (Justin Dearing) Date: Tue, 28 Oct 2008 22:49:47 -0400 Subject: [nycphp-talk] serving a download only to authenticated users In-Reply-To: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com> References: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com> Message-ID: <5458db3c0810281949s19d6bce9j204864769cd26d8b@mail.gmail.com> Yeah don't keep the powerpoint in the htdocs directory. Your methodology is sound. Of course, if this is the only thing password protected, just protect that directory with a htpasswd and htaccess file. On Tue, Oct 28, 2008 at 10:40 PM, David Mintz wrote: > > You folks have done this a thousand times so it's cake to you. This is the > first time I have had to make a Powerpoint download available only to > authenticated users. Tell me if it's this simple: > > /* download.php pr something like that */ > > // authentication logic. Then, if they're logged in... > > header('Content-disposition: attachment; filename=whatever.ppt'); > header('Content-type: application/vnd.ms-powerpoint'); > readfile('whatever.ppt'); > > And yes, I think I will put an apache directive in there to deny direct > browser access so they can't defeat it by accessing > http://example.org/password-protected-area/whatever.ppt. Or maybe put it > somewhere outside the public html. > > Is that it, or am I missing anything? > > -- > David Mintz > http://davidmintz.org/ > > The subtle source is clear and bright > The tributary streams flow through the darkness > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From corey at gelform.com Wed Oct 29 06:54:48 2008 From: corey at gelform.com (Corey H Maass - gelform.com) Date: Wed, 29 Oct 2008 06:54:48 -0400 Subject: [nycphp-talk] serving a download only to authenticated users In-Reply-To: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com> References: <721f1cc50810281940x5463c4c2sa092d5b6a375d4e7@mail.gmail.com> Message-ID: <1225277688.23218.1281850507@webmail.messagingengine.com> It's also straight forward to hide the location o the original file by using fopen, fread. // authentication logic, then... $fileName = 'whatever.ppt'; $filePath = 'folder/' $fileName; header('Content-Disposition: atachment; filename="' . $fileName . '"'); header("Content-Type: application/ppt"); // <-- not sure this is right header("Content-Length: " . filesize($filePath)); header("Pragma: no-cache"); header("Expires: 0"); $fp=fopen("$filePath","r"); print fread($fp, filesize("$filePath")); fclose($fp); On Tue, 28 Oct 2008 22:40:26 -0400, "David Mintz" said: > You folks have done this a thousand times so it's cake to you. This is > the > first time I have had to make a Powerpoint download available only to > authenticated users. Tell me if it's this simple: > > /* download.php pr something like that */ > > // authentication logic. Then, if they're logged in... > > header('Content-disposition: attachment; filename=whatever.ppt'); > header('Content-type: application/vnd.ms-powerpoint'); > readfile('whatever.ppt'); > > And yes, I think I will put an apache directive in there to deny direct > browser access so they can't defeat it by accessing > http://example.org/password-protected-area/whatever.ppt. Or maybe put it > somewhere outside the public html. > > Is that it, or am I missing anything? > > -- > David Mintz > http://davidmintz.org/ > > The subtle source is clear and bright > The tributary streams flow through the darkness // Corey H Maass Gelform Design Brooklyn, NY Print and web design for art and business em corey at gelform.com ww http://www.gelform.com ph 646/228.5048 fx 866/502.4861 IM gelform From lists at zaunere.com Wed Oct 29 12:20:54 2008 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 29 Oct 2008 12:20:54 -0400 Subject: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK Message-ID: <000901c939e2$51b8afa0$f52a0ee0$@com> All, We're pleased to host two of Sun/MySQL premier technical team members for a NYPHP Special Presentation, November 12th. We'll put the announcement out this week, but first you need to pick which presentation should be given - these are technical/overview presentations. These are the options (some have descriptions for greater clarity) - a simple plus one for ONE presentation that you'd like is all that's needed. Please provide feedback ASAP so that we can schedule things correctly. -- Writing Tag systems in PHP/MySQL, that scale to memcached, with XDebug for Profiling; Writing a social application such as forums, messaging or guilds with PHP/MySQL and what happens when a million people show up on opening day. -- MySQL 5.1 features -- Using MySQL partitions in practice -- MySQL Proxy wizardry -- Testing with MySQL Sandbox MySQL Sandbox is a tool that can install a side instance of MySQL in a few seconds, efficiently, precisely, and without influencing existing installations. Testing new versions can be tedious and error prone. Using MySQL Sandbox, the process of testing single servers or replication systems can be greatly simplified. -- MySQL Community How To A sort of movie of the ways a community member can participate to the MySQL project, with a step-by-step illustration of what is available and how to use it, from getting help with forums to contributing code, passing through events, reporting bugs, publishing projects. -- Creative cross-language programming with MySQL Although MySQL is sometimes perceived as a minimalist DBMS, it has a huge potential for creative hacks. The Federated and Blackhole engine, MySQL Proxy, user variables, and some other hooks allow the imaginative developer to achieve impressive results independently from the client's programming language. -- Advanced Lua programming for MySQL Proxy Having learned the basic of Lua programming for Proxy, some advanced topics can be covered. This session will explain how to tackle some difficult tasks with the Proxy, organizing your work so that you can create a new script in minutes: -- using a script loader to change script at run time, without restarting; -- creating new commands -- creating quick methods for returning datasets and error messages to the client; -- Executing multiple commands in the Proxy, while returning only one result to the client -- chaining more scripts to extend Proxy feature --- Hans Zaunere / Managing Member / New York PHP www.nyphp.org / ?www.nyphp.com From anthony at thrillist.com Wed Oct 29 12:32:35 2008 From: anthony at thrillist.com (Anthony Wlodarski) Date: Wed, 29 Oct 2008 12:32:35 -0400 Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK] Message-ID: <49089023.1030505@thrillist.com> An HTML attachment was scrubbed... URL: From ajai at bitblit.net Wed Oct 29 13:29:41 2008 From: ajai at bitblit.net (Ajai Khattri) Date: Wed, 29 Oct 2008 13:29:41 -0400 (EDT) Subject: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK In-Reply-To: <000901c939e2$51b8afa0$f52a0ee0$@com> Message-ID: On Wed, 29 Oct 2008, Hans Zaunere wrote: > -- Writing Tag systems in PHP/MySQL, that scale to memcached, with XDebug > for Profiling; Writing a social application such as forums, messaging or > guilds with PHP/MySQL and what happens when a million people show up on > opening day. +1 Good timing: Im thinking of using memcached in a project... -- Aj. From sh370 at nyu.edu Wed Oct 29 14:09:35 2008 From: sh370 at nyu.edu (Shari Halter) Date: Wed, 29 Oct 2008 14:09:35 -0400 Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK] In-Reply-To: <49089023.1030505@thrillist.com> Message-ID: <000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP> +1 for Writing Tag systems in PHP/MySQL -shari _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From tomsartain at gmail.com Wed Oct 29 15:16:22 2008 From: tomsartain at gmail.com (Tom Sartain) Date: Wed, 29 Oct 2008 15:16:22 -0400 Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK] In-Reply-To: <000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP> References: <49089023.1030505@thrillist.com> <000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP> Message-ID: <20190d950810291216k42ae1127r74eca45c55f52813@mail.gmail.com> +1 for Writing Tag Systems as well On 10/29/08, Shari Halter wrote: > > > +1 for Writing Tag systems in PHP/MySQL > > > > -shari > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From codebowl at gmail.com Wed Oct 29 15:30:54 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 29 Oct 2008 15:30:54 -0400 Subject: [nycphp-talk] Converting the pesky MS Word quotes and other characters Message-ID: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> Has anyone on here found a viable solution? Everything seems to work on the www side of things but as soon as i use the data in an RSS feed it does not seem to like the MS Word characters. Thanks, Joseph Crawford From lists at zaunere.com Wed Oct 29 15:40:33 2008 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 29 Oct 2008 15:40:33 -0400 Subject: [nycphp-talk] Converting the pesky MS Word quotes and other characters In-Reply-To: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> Message-ID: <006c01c939fe$359f5280$a0ddf780$@com> > Has anyone on here found a viable solution? Everything seems to work > on the www side of things but as soon as i use the data in an RSS feed > it does not seem to like the MS Word characters. Word/etc always manages to create new and exciting chars, but the following usually take care of most of them. $this->Value = str_replace(array(chr(0x92),chr(0x93), chr(0x94),chr(0x96),chr(0x97),chr(0x85)), array('\'','"','"','-','-','...'),$this->Value); H From chsnyder at gmail.com Wed Oct 29 15:41:56 2008 From: chsnyder at gmail.com (csnyder) Date: Wed, 29 Oct 2008 15:41:56 -0400 Subject: [nycphp-talk] Converting the pesky MS Word quotes and other characters In-Reply-To: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> Message-ID: On Wed, Oct 29, 2008 at 3:30 PM, Joseph Crawford wrote: > Has anyone on here found a viable solution? Everything seems to work on the > www side of things but as soon as i use the data in an RSS feed it does not > seem to like the MS Word characters. > That's for sure. Here's what I use, there's probably a more elegant/readable way to do it. // convert smart quotes and mdashes $wordchars=array('?','"','"',''',''',"?"); $fixedchars=array('—','"','"',"'","'","…"); $output = str_replace( $wordchars, $fixedchars, $output ); - chris. From chsnyder at gmail.com Wed Oct 29 15:43:45 2008 From: chsnyder at gmail.com (csnyder) Date: Wed, 29 Oct 2008 15:43:45 -0400 Subject: [nycphp-talk] Converting the pesky MS Word quotes and other characters In-Reply-To: <006c01c939fe$359f5280$a0ddf780$@com> References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> <006c01c939fe$359f5280$a0ddf780$@com> Message-ID: On Wed, Oct 29, 2008 at 3:40 PM, Hans Zaunere wrote: > > $this->Value = str_replace(array(chr(0x92),chr(0x93), > chr(0x94),chr(0x96),chr(0x97),chr(0x85)), > array('\'','"','"','-','-','...'),$this->Value); > Yep, use Hans' it's more readable. Chris Snyder http://chxor.chxo.com/ From codebowl at gmail.com Wed Oct 29 15:52:50 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 29 Oct 2008 15:52:50 -0400 Subject: [nycphp-talk] Converting the pesky MS Word quotes and other characters In-Reply-To: <006c01c939fe$359f5280$a0ddf780$@com> References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> <006c01c939fe$359f5280$a0ddf780$@com> Message-ID: <99605328-6C8B-4147-87D9-F92513CD0E85@gmail.com> I'm not sure why but neither suggestion seemed to work, here is what I found that does work /** * Remove unwanted MS Word high characters from a string * * @param string $string * @return string $string */ function sanitizeString($string = null) { if(is_null($string)) return false; //-> Replace all of those weird MS Word quotes and other high characters $badwordchars=array( "\xe2\x80\x98", // left single quote "\xe2\x80\x99", // right single quote "\xe2\x80\x9c", // left double quote "\xe2\x80\x9d", // right double quote "\xe2\x80\x94", // em dash "\xe2\x80\xa6" // elipses ); $fixedwordchars=array( "'", "'", '"', '"', '—', '...' ); return htmlspecialchars(str_replace($badwordchars,$fixedwordchars, $string)); } On Oct 29, 2008, at 3:40 PM, Hans Zaunere wrote: >> Has anyone on here found a viable solution? Everything seems to work >> on the www side of things but as soon as i use the data in an RSS >> feed >> it does not seem to like the MS Word characters. > > Word/etc always manages to create new and exciting chars, but the > following > usually take care of most of them. > > $this->Value = str_replace(array(chr(0x92),chr(0x93), > chr(0x94),chr(0x96),chr(0x97),chr(0x85)), > array('\'','"','"','-','-','...'),$this->Value); > > H > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From jmcgraw1 at gmail.com Wed Oct 29 16:48:43 2008 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Wed, 29 Oct 2008 16:48:43 -0400 Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK] In-Reply-To: <20190d950810291216k42ae1127r74eca45c55f52813@mail.gmail.com> References: <49089023.1030505@thrillist.com> <000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP> <20190d950810291216k42ae1127r74eca45c55f52813@mail.gmail.com> Message-ID: + 1 for Tag system On Wed, Oct 29, 2008 at 3:16 PM, Tom Sartain wrote: > +1 for Writing Tag Systems as well > > On 10/29/08, Shari Halter wrote: >> >> >> +1 for Writing Tag systems in PHP/MySQL >> >> >> >> -shari >> >> >> _______________________________________________ >> New York PHP Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From lists at zaunere.com Wed Oct 29 17:00:26 2008 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 29 Oct 2008 17:00:26 -0400 Subject: [nycphp-talk] Converting the pesky MS Word quotes and other characters In-Reply-To: References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> Message-ID: <009101c93a09$5e388990$1aa99cb0$@com> > // convert smart quotes and mdashes > $wordchars=array('?','"','"',''',''',"?"); I've ran into strange and subtle issues when actually putting the chars to replace themselves into code. This is especially frustrating with encoding/etc of various files, in which cases sometimes these won't match correctly. Thus, the chr(0x96) usage, which is more explicit. H From lists at zaunere.com Wed Oct 29 17:09:14 2008 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 29 Oct 2008 17:09:14 -0400 Subject: [Fwd: [nycphp-talk] Sun/MySQL/PHP Special Presentation - YOU PICK] In-Reply-To: References: <49089023.1030505@thrillist.com> <000d01c939f1$800a73c0$a9f07a80@TSOA0645WKWXP> <20190d950810291216k42ae1127r74eca45c55f52813@mail.gmail.com> Message-ID: <009501c93a0a$9929fec0$cb7dfc40$@com> > + 1 for Tag system Thanks all - I think this one is pretty much unanimous... H From mikesz at qualityadvantages.com Wed Oct 29 22:15:06 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Thu, 30 Oct 2008 10:15:06 +0800 Subject: [nycphp-talk] OpenID is what? Message-ID: <65161666.20081030101506@qualityadvantages.com> Hello NYPHP, Having been recently hacked and several of my webmaster email account names being hijacked by spammers, I am looking for viable solutions to safeguard my websites and the membership of these sites. I just ran across some discussion about openID (yes, I have been in a cave now for some time, lol) and am skeptical that the primary motivation is altruistic like when g$$gle first came on the scene, it too "looked like" a good thing for the planet but evolved into the world's biggest $$$ machine that is likely, if not already, to make micro$ look like chump change. I sense rather that OpenID is yet another marketing ploy to rake in huge piles of cash rather than provide warmth and security that it touts in its hype. Already, I see lots of RED FLAGS about being highly susceptible to phishing, like what isn't these days. All of my websites run php forum and CMS software of varying flavors so I am not convinced that OpenID is a viable solution to secure them against the kinds of attacks I have see recently and wonder about the integrity of a system that claims (from phpMyID): * The whole point of OpenID is to allow you to manage your own identity, and phpMyID lets you do that without giving control to a third party. * It's easy to install and easy to configure. Edit just a few lines in your config file, and you're off and running! * Allows "Smart Mode OpenID" (more secure) transactions, even if you don't have a "big math" library available. Seriously, phpMyID comes with a pure-PHP math library which can be used if you want to demand that extra level of security. * Ensures secure password transmission even if you don't have SSL! By using HTTP Digest authentication, phpMyID ensures your password is never sent or stored anywhere in clear or decypherable text. I would really appreciate an eye opener on this one. It looks like more flim flam to me. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From michael.southwell at nyphp.com Wed Oct 29 22:58:41 2008 From: michael.southwell at nyphp.com (Michael Southwell) Date: Wed, 29 Oct 2008 22:58:41 -0400 Subject: [nycphp-talk] Converting the pesky MS Word quotes and other characters In-Reply-To: <006c01c939fe$359f5280$a0ddf780$@com> References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> <006c01c939fe$359f5280$a0ddf780$@com> Message-ID: <490922E1.8060007@nyphp.com> Hans Zaunere wrote: >> Has anyone on here found a viable solution? Everything seems to work >> on the www side of things but as soon as i use the data in an RSS feed >> it does not seem to like the MS Word characters. > > Word/etc always manages to create new and exciting chars, but the following > usually take care of most of them. > > $this->Value = str_replace(array(chr(0x92),chr(0x93), > chr(0x94),chr(0x96),chr(0x97),chr(0x85)), > array('\'','"','"','-','-','...'),$this->Value); I would add to this the following: chr(0x91) -> '’' [backtick] chr(0xa0) -> ' ' [space] -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From danielc at analysisandsolutions.com Wed Oct 29 23:55:26 2008 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 29 Oct 2008 23:55:26 -0400 Subject: [nycphp-talk] Converting the pesky MS Word quotes and other characters In-Reply-To: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> References: <517F62E1-920D-4985-BACB-59A19092998C@gmail.com> Message-ID: <20081030035526.GA9945@panix.com> -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From codebowl at gmail.com Thu Oct 30 08:31:09 2008 From: codebowl at gmail.com (Joseph Crawford) Date: Thu, 30 Oct 2008 08:31:09 -0400 Subject: [nycphp-talk] XSL with RSS 2.0 Message-ID: Guys I am having a bit of a problem here. I have an RSS 2.0 Feed that I am trying to style up with XSL and it is not working properly. It seems that it is not picking up the XSL document that I have created. I finally figured out the problem that was keeping it from picking up the XSL document and that is when I put the tag into my RSS it set's the mime type to application/xml+xhtml and that is what throws things off. What I need to know is if there is a way to make XSL work while still including the tag. Thanks, Joseph Crawford From chsnyder at gmail.com Thu Oct 30 09:35:18 2008 From: chsnyder at gmail.com (csnyder) Date: Thu, 30 Oct 2008 09:35:18 -0400 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <65161666.20081030101506@qualityadvantages.com> References: <65161666.20081030101506@qualityadvantages.com> Message-ID: On Wed, Oct 29, 2008 at 10:15 PM, wrote: > All of my websites run php forum and CMS software of varying flavors > so I am not convinced that OpenID is a viable solution to secure them > against the kinds of attacks I have see recently OpenID is a means of authentication using a trusted third party. Its main benefit is to make it easy for users to register for and consume services at many different sites, without having to use different passwords at each one. A secondary benefit is that users don't need to trust the authentication mechanisms of each site they log into, they only need to trust their OpenID provider. OpenID is not going to do much of anything to make your sites more secure, unless your accounts were hijacked because the authentication process was inherently insecure (it took place over http, or passwords were stored as plain text, or it is easy to brute-force the login script). OpenID doesn't do anything about cross-site-scripting, sql injection, insecure file uploads, or any of the 999 other ways that clever bad guys attack poorly written webapps. Chris Snyder http://chxor.chxo.com/ From ben at projectskyline.com Thu Oct 30 11:29:27 2008 From: ben at projectskyline.com (Ben Sgro) Date: Thu, 30 Oct 2008 11:29:27 -0400 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <65161666.20081030101506@qualityadvantages.com> References: <65161666.20081030101506@qualityadvantages.com> Message-ID: <4909D2D7.1040504@projectskyline.com> Hello Mike, I think you have your real question here: Having been recently hacked and several of my webmaster email account names being hijacked by spammers, I am looking for viable solutions to safeguard my websites and the membership of these sites. How about fixing the problem, instead of adding new security measures? Please define "hacked"? Did they guess the passwords to theses accounts - Enforce non-standard/dictionary passwords, implement password expiration policies. Did they brute force an account - lock the account after N failed attempts in Y minutes (example: 15 failed logins in 1 minute). Did they sniff traffic - Require all credentials (and maybe everything) be sent over SSL. Did they sql inject - Bind your params & validate all user input. Don't let someone send out >N emails in Y minutes (example: 50 emails in 1 minute) - If you control the front end to the mail, you could add some last line of defense checks into that. - Ben mikesz at qualityadvantages.com wrote: > Hello NYPHP, > > Having been recently hacked and several of my webmaster email account > names being hijacked by spammers, I am looking for viable solutions to > safeguard my websites and the membership of these sites. > > I just ran across some discussion about openID (yes, I have been in a > cave now for some time, lol) and am skeptical that the primary motivation > is altruistic like when g$$gle first came on the scene, it too "looked like" > a good thing for the planet but evolved into the world's biggest $$$ machine > that is likely, if not already, to make micro$ look like chump change. > > I sense rather that OpenID is yet another marketing ploy to rake in > huge piles of cash rather than provide warmth and security that it > touts in its hype. Already, I see lots of RED FLAGS about being highly > susceptible to phishing, like what isn't these days. > > All of my websites run php forum and CMS software of varying flavors > so I am not convinced that OpenID is a viable solution to secure them > against the kinds of attacks I have see recently and wonder about the > integrity of a system that claims (from phpMyID): > > * The whole point of OpenID is to allow you to manage your own identity, and phpMyID lets you do that without giving control to a third party. > * It's easy to install and easy to configure. Edit just a few lines in your config file, and you're off and running! > * Allows "Smart Mode OpenID" (more secure) transactions, even if you don't have a "big math" library available. Seriously, phpMyID comes with a pure-PHP math library which can be used if you want to demand that extra level of security. > * Ensures secure password transmission even if you don't have SSL! By using HTTP Digest authentication, phpMyID ensures your password is never sent or stored anywhere in clear or decypherable text. > > I would really appreciate an eye opener on this one. It looks like > more flim flam to me. > > From mikesz at qualityadvantages.com Thu Oct 30 11:39:18 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Thu, 30 Oct 2008 23:39:18 +0800 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <4909D2D7.1040504@projectskyline.com> References: <65161666.20081030101506@qualityadvantages.com> <4909D2D7.1040504@projectskyline.com> Message-ID: <4510457903.20081030233918@qualityadvantages.com> Hello Ben, Thursday, October 30, 2008, 11:29:27 PM, you wrote: > Hello Mike, > I think you have your real question here: > Having been recently hacked and several of my webmaster email account > names being hijacked by spammers, I am looking for viable solutions to > safeguard my websites and the membership of these sites. > How about fixing the problem, instead of adding new security measures? > Please define "hacked"? Hacked meaning that they, the badguys managed to ftp a folder full of porn to one of my subdirectories and its still a mystery how they did that exactly. The ISP claims they took advantage of an exploit in the php code but has no data to support that claim thus far. So, I can't say that the site authorization was compromised with any certainty. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From mikesz at qualityadvantages.com Thu Oct 30 11:46:35 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Thu, 30 Oct 2008 23:46:35 +0800 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <4909D2D7.1040504@projectskyline.com> References: <65161666.20081030101506@qualityadvantages.com> <4909D2D7.1040504@projectskyline.com> Message-ID: <816451340.20081030234635@qualityadvantages.com> Hello Ben, Thursday, October 30, 2008, 11:29:27 PM, you wrote: > Hello Mike, > I think you have your real question here: > Having been recently hacked and several of my webmaster email account > names being hijacked by spammers, I am looking for viable solutions to > safeguard my websites and the membership of these sites. > How about fixing the problem, instead of adding new security measures? > Please define "hacked"? Sorry, didn't mean to downplay the seriousness of this hack, the badguys were server 10s or thousands of porn images for several days before the site ran out of bandwidth and shut down. That was the only way I discovered that they were there. I had not idea that my site was being used to distribute the junk before the bandwidth limit killed the site. Even now, I am getting thousands of requests per hour for the junk stuff that has been gone for a week. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From rolan at omnistep.com Thu Oct 30 12:54:31 2008 From: rolan at omnistep.com (Rolan Yang) Date: Thu, 30 Oct 2008 11:54:31 -0500 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <816451340.20081030234635@qualityadvantages.com> References: <65161666.20081030101506@qualityadvantages.com> <4909D2D7.1040504@projectskyline.com> <816451340.20081030234635@qualityadvantages.com> Message-ID: <4909E6C7.6080808@omnistep.com> mikesz at qualityadvantages.com wrote: > Sorry, didn't mean to downplay the seriousness of this hack, the > badguys were server 10s or thousands of porn images for several days > before the site ran out of bandwidth and shut down. That was the only > way I discovered that they were there. I had not idea that my site was > being used to distribute the junk before the bandwidth limit killed > the site. Even now, I am getting thousands of requests per hour for the > junk stuff that has been gone for a week. > > You should redirect all those requests to google adword pages. :) From jcampbell1 at gmail.com Thu Oct 30 12:04:02 2008 From: jcampbell1 at gmail.com (John Campbell) Date: Thu, 30 Oct 2008 12:04:02 -0400 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <4510457903.20081030233918@qualityadvantages.com> References: <65161666.20081030101506@qualityadvantages.com> <4909D2D7.1040504@projectskyline.com> <4510457903.20081030233918@qualityadvantages.com> Message-ID: <8f0676b40810300904v1fbf60f9x6c7e41eb1357a47b@mail.gmail.com> > > Hacked meaning that they, the badguys managed to ftp a folder full of > porn to one of my subdirectories and its still a mystery how they did > that exactly. The ISP claims they took advantage of an exploit in the > php code but has no data to support that claim thus far. So, I can't > say that the site authorization was compromised with any certainty. > How did you figure out that they did it over FTP? FTP is a pointless protocol these days... turn it off. Are you on a shared host? -John Campbell From arzala at gmail.com Fri Oct 31 00:50:59 2008 From: arzala at gmail.com (Anirudhsinh Zala) Date: Fri, 31 Oct 2008 10:20:59 +0530 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <4909D2D7.1040504@projectskyline.com> References: <65161666.20081030101506@qualityadvantages.com> <4909D2D7.1040504@projectskyline.com> Message-ID: <200810311020.59399.arzala@gmail.com> On Thursday 30 October 2008 20:59:27 Ben Sgro wrote: > Hello Mike, > > I think you have your real question here: > > Having been recently hacked and several of my webmaster email account > names being hijacked by spammers, I am looking for viable solutions to > safeguard my websites and the membership of these sites. > > How about fixing the problem, instead of adding new security measures? > Please define "hacked"? > > Did they guess the passwords to theses accounts - Enforce > non-standard/dictionary passwords, implement password expiration policies. > Did they brute force an account - lock the account after N failed > attempts in Y minutes (example: 15 failed logins in 1 minute). > Did they sniff traffic - Require all credentials (and maybe everything) > be sent over SSL. > Did they sql inject - Bind your params & validate all user input. > Don't let someone send out >N emails in Y minutes (example: 50 emails in > 1 minute) - If you control the front end to the mail, you could add some > last line of > defense checks into that. +1 to this. Prevention is better than cure. Anirudh Zala > > - Ben > > mikesz at qualityadvantages.com wrote: > > Hello NYPHP, > > > > Having been recently hacked and several of my webmaster email account > > names being hijacked by spammers, I am looking for viable solutions to > > safeguard my websites and the membership of these sites. > > > > I just ran across some discussion about openID (yes, I have been in a > > cave now for some time, lol) and am skeptical that the primary motivation > > is altruistic like when g$$gle first came on the scene, it too "looked > > like" a good thing for the planet but evolved into the world's biggest > > $$$ machine that is likely, if not already, to make micro$ look like > > chump change. > > > > I sense rather that OpenID is yet another marketing ploy to rake in > > huge piles of cash rather than provide warmth and security that it > > touts in its hype. Already, I see lots of RED FLAGS about being highly > > susceptible to phishing, like what isn't these days. > > > > All of my websites run php forum and CMS software of varying flavors > > so I am not convinced that OpenID is a viable solution to secure them > > against the kinds of attacks I have see recently and wonder about the > > integrity of a system that claims (from phpMyID): > > > > * The whole point of OpenID is to allow you to manage your own > > identity, and phpMyID lets you do that without giving control to a third > > party. * It's easy to install and easy to configure. Edit just a few > > lines in your config file, and you're off and running! * Allows "Smart > > Mode OpenID" (more secure) transactions, even if you don't have a "big > > math" library available. Seriously, phpMyID comes with a pure-PHP math > > library which can be used if you want to demand that extra level of > > security. * Ensures secure password transmission even if you don't have > > SSL! By using HTTP Digest authentication, phpMyID ensures your password > > is never sent or stored anywhere in clear or decypherable text. > > > > I would really appreciate an eye opener on this one. It looks like > > more flim flam to me. > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From arzala at gmail.com Fri Oct 31 00:51:44 2008 From: arzala at gmail.com (Anirudhsinh Zala) Date: Fri, 31 Oct 2008 10:21:44 +0530 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <4510457903.20081030233918@qualityadvantages.com> References: <65161666.20081030101506@qualityadvantages.com> <4909D2D7.1040504@projectskyline.com> <4510457903.20081030233918@qualityadvantages.com> Message-ID: <200810311021.44184.arzala@gmail.com> On Thursday 30 October 2008 21:09:18 mikesz at qualityadvantages.com wrote: > Hello Ben, > > Thursday, October 30, 2008, 11:29:27 PM, you wrote: > > Hello Mike, > > > > I think you have your real question here: > > > > Having been recently hacked and several of my webmaster email account > > names being hijacked by spammers, I am looking for viable solutions to > > safeguard my websites and the membership of these sites. > > > > How about fixing the problem, instead of adding new security measures? > > Please define "hacked"? > > Hacked meaning that they, the badguys managed to ftp a folder full of > porn to one of my subdirectories and its still a mystery how they did > that exactly. The ISP claims they took advantage of an exploit in the > php code but has no data to support that claim thus far. So, I can't > say that the site authorization was compromised with any certainty. To me, this seems manipulation of URL/s on your website that has file uploading feature. From mikesz at qualityadvantages.com Fri Oct 31 01:31:46 2008 From: mikesz at qualityadvantages.com (mikesz at qualityadvantages.com) Date: Fri, 31 Oct 2008 13:31:46 +0800 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <200810311021.44184.arzala@gmail.com> References: <65161666.20081030101506@qualityadvantages.com> <4909D2D7.1040504@projectskyline.com> <4510457903.20081030233918@qualityadvantages.com> <200810311021.44184.arzala@gmail.com> Message-ID: <215957242.20081031133146@qualityadvantages.com> Hello Anirudhsinh, Friday, October 31, 2008, 12:51:44 PM, you wrote: > On Thursday 30 October 2008 21:09:18 mikesz at qualityadvantages.com wrote: >> Hello Ben, >> >> Thursday, October 30, 2008, 11:29:27 PM, you wrote: >> > Hello Mike, >> > >> > I think you have your real question here: >> > >> > Having been recently hacked and several of my webmaster email account >> > names being hijacked by spammers, I am looking for viable solutions to >> > safeguard my websites and the membership of these sites. >> > >> > How about fixing the problem, instead of adding new security measures? >> > Please define "hacked"? >> >> Hacked meaning that they, the badguys managed to ftp a folder full of >> porn to one of my subdirectories and its still a mystery how they did >> that exactly. The ISP claims they took advantage of an exploit in the >> php code but has no data to support that claim thus far. So, I can't >> say that the site authorization was compromised with any certainty. > To me, this seems manipulation of URL/s on your website that has file > uploading feature. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ Information from ESET Smart Security, version of virus > signature database 3571 (20081030) __________ > The message was checked by ESET Smart Security. > http://www.eset.com That was essentially what the assumption was by the ISP, they think that the hacker got in using one of the folders that is required to be "writable" by the script for stuff like image processing and they speculated that having gotten in, they simply uploaded their junk to an obscure folder that contained a single php file. My problem with that theory is that they can not produce the hack that let them into the system, like I would normally see something like this in my logifles - /inc/design.inc.php?dir[inc]=http://www.etc Hackers try to use this technique on some of my site all the time but I have plugged that hole and have the script send me an email when they attempt to piggyback the url. I didn't get one for the hack that got executed to load the porn onto my site so its still a matter of speculation about how it actually got accomplished. No new exploits have been reported against this software either for that matter. I am reasonably certain that my site isn't the only one that has been hijacked by porno peddlers but I can only find references to my site when I do searches for keywords the badguys are using. I do think it might have been a URL manipulation in spite of the fact that I don't have a log entry to confirm it. thanks for the reply. -- Best regards, mikesz mailto:mikesz at qualityadvantages.com From chsnyder at gmail.com Fri Oct 31 09:12:19 2008 From: chsnyder at gmail.com (csnyder) Date: Fri, 31 Oct 2008 09:12:19 -0400 Subject: [nycphp-talk] OpenID is what? In-Reply-To: <215957242.20081031133146@qualityadvantages.com> References: <65161666.20081030101506@qualityadvantages.com> <4909D2D7.1040504@projectskyline.com> <4510457903.20081030233918@qualityadvantages.com> <200810311021.44184.arzala@gmail.com> <215957242.20081031133146@qualityadvantages.com> Message-ID: On Fri, Oct 31, 2008 at 1:31 AM, wrote: > That was essentially what the assumption was by the ISP, they think > that the hacker got in using one of the folders that is required to be > "writable" by the script for stuff like image processing and they > speculated that having gotten in, they simply uploaded their junk to > an obscure folder that contained a single php file. My problem with > that theory is that they can not produce the hack that let them into > the system, like I would normally see something like this in my > logifles - /inc/design.inc.php?dir[inc]=http://www.etc So the directory is writable by the script... what user does the script run as? Are there other accounts on the server that can also execute scripts as that user? If so, the access would be in their logs, not yours. From lists at zaunere.com Fri Oct 31 16:50:04 2008 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 31 Oct 2008 16:50:04 -0400 Subject: [nycphp-talk] 15% Discount on Packt Message-ID: <01de01c93b9a$4086d3b0$c1947b10$@com> Hello all, here's a little Halloween Treat, without the trick. Happy Halloween... H > The promotional code for your user group is: nyphpug. All the user > group members can use this code to avail 15% discount on all Packt > products. In order to get the discount, you need to follow these steps: > > 1.) Visit http://www.packtpub.com/books > > 2.) Click the "ADD TO CART" button to add any book to your shopping > cart. > > 3.) Now enter " " (without quotes) in the 'Promotional Code' field and > click "Update" button. The discounted price should now be reflected in > your order. -------------- next part -------------- A non-text attachment was scrubbed... Name: PacktLogo.png Type: image/png Size: 3937 bytes Desc: not available URL: