date:20070409

Re: [PHP] keeping credit card info in session

2007-04-09 Thread Jochem Maas

[EMAIL PROTECTED] wrote:
> Thanks a lot every one. These are great replies.
> 
> I guess I should have explained a bit more about what I'm doing.
> 
> first of all, this is not my site, it's for a client of mine.

probably irrelevant from a legal pooint of view.
> 
> second, I did suggest using a paypal API or a paid site to take care of this, 
> but my client said no. She has a credit card processing account and how she 
> works with it right now, is that interested users email her, she calls them, 
> gets their credit card info and charges their card manually without the card 
> present.
> 
> so, this is not really my problem, it's what she's been doing before and 
> wants 
> to continue doing. All she asked me to do is that as part of the form that 
> people send their requests through, now she wants their credit card info as 
> well. So that she doesn't have to call them.

tell her 'PAYMENT PROVIDER OR BUST'. :-)

> 
> And the reason I'm keeping cc info in the session for a few steps, is to take 
> them to confirmation page, and then the reciept page. and after wards, I want 
> to keep it in there untill the client logs in to the admin page and sees new 
> requests, charges them and then deletes them for ever.

you think you want this, but you don't.

> 
> So now I've got two different responses, some people say do it, but use 
> encryption/decryption methods, and some people say don't do it. 

does your client have a million dollar budget (including cash surplus to handle
lawsuits and fines from banks or CC companies) to design and administer
the security of the complete software stack that the CC will be handled by
and stored on?

no I didn't think so, ergo don't go down this route  anyone tell you
its a good idea (regardless of encryption) needs their head examined.

> But if I don't 
> do it, that means I tell my client that I can't do it and I lose the job.
> 

good, dont take the job. some one else will take the blame when things go
seriously wrong (assuming she can find anyone to take the job.) and leaves
you to doa project that won't make you bankrupt.

> 
> 
> Thanks again,
> Siavash
> 
> 
> 
> 
> Quoting Travis Doherty <[EMAIL PROTECTED]>:
> 
>> Jochem Maas wrote:
>>
>>> unless you are a payment gateway or a bank don't touch credit card numbers.
>>> there are plenty of threads in the archive of this list that give good
>> reasons
>>> not to e.g. being sued out of existence.
>>>  
>>>
>> 100% agreed.  Never touch credit card numbers.  You can't just take
>> credit card numbers and manually process them in 'card not present'
>> transactions (or MOTO in more archaic terms.)  You need a merchant
>> account that allows for this -- usually at a higher discount rate. 
>> Check the merchant agreement.
>>
>> Your client should get an account like this, or better yet, provide you
>> with the instructions on how to integrate his site with the payment
>> providers so that you never have to worry about credit cards.
>>
>> As an additional note... Maybe your SSL cert secures the numbers from
>> the client to the server, and just maybe your PHP scripts have no
>> security flaws in them, but you must remember the server itself and
>> everything else outside of PHP.  What if someone found a flaw in the FTP
>> server for example, or the mail server even, and used that to get the CC
>> info.   I would hate to be explaining to a list of 1000 clients that I
>> was responsible for their card numbers being stolen.
>>
>> Travis Doherty
>>
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Design Dilemma - Database Data Abstraction

2007-04-09 Thread Lester Caine


Martin Alterisio wrote:

I have a dilemma on a design where I humbly ask your help. I'm working on
the model part of a web application (not to be understood in the "web2.0"
way, but in a more general way, where anything mounted on HTTP is a web
application) done in PHP5 following the MVC design pattern. But the strong
point is that the result must be those-who-never-RTFM-proof. But that's not
my dilemma, I only mention this so that no RoR concept or similar is thrown
into the table, that is, NO ActiveRecord.

The solution I presented is to access, and act upon, a database as if they
were PHP arrays, meaning that a table is presented as an array of records.
Here comes my dilemma. But first let me explain a bit about the scenario so
far:


I snip there - too much detail without defining the problem ;)

Database Data Abstraction normally refers to using a common internal structure 
which can be loaded from a range of database engines. It sounds as if you have 
no requirement to 'Abstract' the database, only to come up with a persistent 
object layer under a single database engine?


You have indicated that you are looking for a multi-user system, and so the 
raw data must be in the database, but as you have seen, the flexibility 
afforded by any database engine is difficult to duplicate. The thing to 
remember is that you should ONLY be reading the data you need for the current 
user, and so your persistent objects do not need to be as complex as you seem 
to be looking for. It is always faster to ask the database for an answer than 
to copy everything to PHP in order to work with it. With any decent database 
you can provide views of the data in a suitable format for the arrays you need 
display on the user interface.


I tried to find something suitable to point you at, but it's difficult
http://www.appelsiini.net/~tuupola/php/DB_DataContainer/
Is probably in line with your current outline?

--
Lester Caine - G8HFL
-
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] DOM and XSLTProcessor

2007-04-09 Thread Buesching, Logan J

Greetings,

 

I apologize if this is a little long, but I am trying to put as much
information as I have done in this first post.  I am running PHP 5 and
attempting to use DOM to create data to show on a webpage and using
XSLTProcessor with an XSLT sheet to output it into XHTML.  Everything is
pretty fine an dandy until I wish to print raw text, such as xdebug and
var_dump.

 

My knowledge of DOM and XSLTProcessor is about a 5/10, such that I know
most basics, but not the more advanced things.  Whenever I try to add
data using createTextNode, it is always escaped, such that if I do
something, when shown to the screen, it shows
 etc...  

 

Here is the general outline:

 

createElement("root");

$wantedCode=$doc->createTextNode("Something");

$root->appendChild($wantedCode);

$doc->appendChild($root);

$proc=new XSLTProcessor;

$proc->importStylesheet(DOMDocument::load("test.xslt"));

echo $proc->transformToXML($doc);

?>

 

SomeSheet is something like:







 

The expected output that I would like to get is:

Something

(This would just bold my text, not literally see the  tags).

 

The actual output is:

Something

(This outputs the  tags to the end user, which is what I do not
want).

 

I checked the manual at:
http://us3.php.net/manual/en/function.dom-domdocument-createtextnode.php
.  A user comment suggested to use CDATA nodes, so I attempted to change
my code to the following:

 

createElement("root");

//note the change right here

$wantedCode=$doc->createCDATASection("Something");

$root->appendChild($wantedCode);

$doc->appendChild($root);

$proc=new XSLTProcessor;

$proc->importStylesheet(DOMDocument::load("test.xslt"));

echo $proc->transformToXML($doc);

 

?>

 

But this was of no success; it just had the same output.

 

Is there anyone that is able to help me out here?

 

Thanks,

Logan

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Tijnema !

On 4/9/07, tedd <[EMAIL PROTECTED]> wrote: At 4:38 AM -0700 4/8/07, benifactor wrote: >hmm, why don't you md5 more then once.. I read somewhere that MD5'ing anything more than once, does not increase security. Cheers, tedd Not in this case, as it doesn't goes about decrypting the key here, that's impossible with MD5, you can only bruteforce. But that's totally not of interest, a cracker doesn't want to implement a MD5 bruteforcer in his bot that brute forces the MD5 key each time (which can take up to several years to complete on regular PCs). Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Micky Hulse

Tijnema ! wrote: You can't stop me :) http://86.86.80.41/dev/debug/tedd.php It's cracked again :) Maybe use flash for this... harder to crack? (Of course, Flash will open door to other problems.) Sorry, coming in on this late. Good work Tedd! Very interesting. M -- Wishlists: Switch: BCC?: My: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] DOM and XSLTProcessor

2007-04-09 Thread Tijnema !

On 4/9/07, Buesching, Logan J <[EMAIL PROTECTED]> wrote: Greetings, I apologize if this is a little long, but I am trying to put as much information as I have done in this first post. I am running PHP 5 and attempting to use DOM to create data to show on a webpage and using XSLTProcessor with an XSLT sheet to output it into XHTML. Everything is pretty fine an dandy until I wish to print raw text, such as xdebug and var_dump. My knowledge of DOM and XSLTProcessor is about a 5/10, such that I know most basics, but not the more advanced things. Whenever I try to add data using createTextNode, it is always escaped, such that if I do something, when shown to the screen, it shows etc... Here is the general outline: createElement("root"); $wantedCode=$doc->createTextNode("Something"); $root->appendChild($wantedCode); $doc->appendChild($root); $proc=new XSLTProcessor; $proc->importStylesheet(DOMDocument::load("test.xslt")); echo $proc->transformToXML($doc); ?> SomeSheet is something like: The expected output that I would like to get is: Something (This would just bold my text, not literally see the tags). The actual output is: Something (This outputs the tags to the end user, which is what I do not want). I checked the manual at: http://us3.php.net/manual/en/function.dom-domdocument-createtextnode.php . A user comment suggested to use CDATA nodes, so I attempted to change my code to the following: createElement("root"); //note the change right here $wantedCode=$doc->createCDATASection("Something"); $root->appendChild($wantedCode); $doc->appendChild($root); $proc=new XSLTProcessor; $proc->importStylesheet(DOMDocument::load("test.xslt")); echo $proc->transformToXML($doc); ?> But this was of no success; it just had the same output. Is there anyone that is able to help me out here? Thanks, Logan Try using htmlspecialchars_decode before outputting your data: http://www.php.net/manual/en/function.htmlspecialchars-decode.php Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] DOM and XSLTProcessor

2007-04-09 Thread Buesching, Logan J

This could offer a possible workaround. Let me first state that I cannot simply do: echo htmlspecialchars_decode($proc->transformToXML($doc)); If I were to do that, then it would assume that all of these encodings need to be decoded; which definitely is not the case. I only want to do this for a few of the encodings, which I will know before the XSL processing. I guess I can do some processing after it went through the XSL Processor to decode some of the encodings that I do not want, but that just seems like it would add a lot of unnecessary overhead if it can be avoided. Thanks for the idea though. -Logan -Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Monday, April 09, 2007 4:40 AM To: Buesching, Logan J Cc: php-general@lists.php.net Subject: Re: [PHP] DOM and XSLTProcessor On 4/9/07, Buesching, Logan J <[EMAIL PROTECTED]> wrote: > Greetings, > > > > I apologize if this is a little long, but I am trying to put as much > information as I have done in this first post. I am running PHP 5 and > attempting to use DOM to create data to show on a webpage and using > XSLTProcessor with an XSLT sheet to output it into XHTML. Everything is > pretty fine an dandy until I wish to print raw text, such as xdebug and > var_dump. > > > > My knowledge of DOM and XSLTProcessor is about a 5/10, such that I know > most basics, but not the more advanced things. Whenever I try to add > data using createTextNode, it is always escaped, such that if I do > something, when shown to the screen, it shows > etc... > > > > Here is the general outline: > > > > > $doc=new DOMDocument("1.0"); > > $root=$doc->createElement("root"); > > $wantedCode=$doc->createTextNode("Something"); > > $root->appendChild($wantedCode); > > $doc->appendChild($root); > > $proc=new XSLTProcessor; > > $proc->importStylesheet(DOMDocument::load("test.xslt")); > > echo $proc->transformToXML($doc); > > ?> > > > > SomeSheet is something like: > > > > > > > > > > The expected output that I would like to get is: > > Something > > (This would just bold my text, not literally see the tags). > > > > The actual output is: > > Something > > (This outputs the tags to the end user, which is what I do not > want). > > > > I checked the manual at: > http://us3.php.net/manual/en/function.dom-domdocument-createtextnode.php > . A user comment suggested to use CDATA nodes, so I attempted to change > my code to the following: > > > > > $doc=new DOMDocument("1.0"); > > $root=$doc->createElement("root"); > > //note the change right here > > $wantedCode=$doc->createCDATASection("Something"); > > $root->appendChild($wantedCode); > > $doc->appendChild($root); > > $proc=new XSLTProcessor; > > $proc->importStylesheet(DOMDocument::load("test.xslt")); > > echo $proc->transformToXML($doc); > > > > ?> > > > > But this was of no success; it just had the same output. > > > > Is there anyone that is able to help me out here? > > > > Thanks, > > Logan Try using htmlspecialchars_decode before outputting your data: http://www.php.net/manual/en/function.htmlspecialchars-decode.php Tijnema > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

2007-04-09 Thread Davi

Em Segunda 09 Abril 2007 01:12, [EMAIL PROTECTED] escreveu: > Thanks a lot every one. These are great replies. You're welcome! ^^ > > I guess I should have explained a bit more about what I'm doing. > > first of all, this is not my site, it's for a client of mine. Things going to be better... =] > > second, I did suggest using a paypal API or a paid site to take care of > this, but my client said no. She has a credit card processing account and > how she works with it right now, is that interested users email her, she > calls them, gets their credit card info and charges their card manually > without the card present. Ops... But... You can't solve death... All other you *can* do anything... =] > > so, this is not really my problem, it's what she's been doing before and > wants to continue doing. All she asked me to do is that as part of the form > that people send their requests through, now she wants their credit card > info as well. So that she doesn't have to call them. > > And the reason I'm keeping cc info in the session for a few steps, is to > take them to confirmation page, and then the reciept page. and after wards, > I want to keep it in there untill the client logs in to the admin page and > sees new requests, charges them and then deletes them for ever. > > So now I've got two different responses, some people say do it, but use > encryption/decryption methods, and some people say don't do it. But if I > don't do it, that means I tell my client that I can't do it and I lose the > job. Well... Last month I configured a mail server... Or I must say: a SPAM server? "But it's illegal!!!" Yes... I known... But it was my job... If I don't do it, I would lose money and... Another do that!!! Simple: do a "license agreement" that isents you about *any* legal implication about the PHP solution... And use the max security you can and charge for security updates!! =P It's what *I* would do, at least... > Thanks again, > Siavash > Well... Sorry my poor english and let me known if you don't understand *anything*... -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: " During a visit to America, Winston Churchill was invited to a buffet luncheon at which cold fried chicken was served. Returning for a second helping, he asked politely, "May I have some breast?" "Mr. Churchill," replied the hostess, "in this country we ask for white meat or dark meat." Churchill apologized profusely. The following morning, the lady received a magnificent orchid from her guest of honor. The accompanying card read: "I would be most obliged if you would pin this on your white meat."" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Session Authentication

2007-04-09 Thread Ólafur Waage

Lets say i have a login system. This system authenticates the user via mysql, when the user is authenticated, i set a session variable to let the system know the user is authenticated. ie. $_SESSION["authenticated"] = true; Lets also say i know that's how the system works, that a session variable within my browser is set to true. Could i do this if i knew all this info and "authenticate" myself by setting the variable from the client side? If it is possible, what can i do to prevent this or increase security?

[PHP] redirect http to https

2007-04-09 Thread Ben Liu

What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: {header("Location: https://".$_SERVER['SERVER_NAME'].$_SERVER ['SCRIPT_NAME']);exit;} ?> What do people think about this solution? Thanks, - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread tedd

At 1:21 AM -0700 4/9/07, Micky Hulse wrote: Maybe use flash for this... harder to crack? (Of course, Flash will open door to other problems.) Sorry, coming in on this late. Good work Tedd! Very interesting. M: Tijnema showed how MD5 could be used to identify an image file and crack my arrow captcha. That's really what this thread was about. I finally came up with enough variations to make it impractical. However, this did make me wonder about the images that M$ and others are using for captchas -- like find the kitty in a set of pictures. The MD5 application could be used to identify as many pictures as any spammer would need. So, I think MD5 method, as described in this thread, would work very well to crack those type of captchas. As for Flash, the only problems it presents is IF it's installed, or not. But, it has pretty good saturation. Of course, the major problem with Flash, and all this thread, is that visually impaired users can't use graphic images unless some other information accompanies it -- that's the reason for the alt attribute. Thanks, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: > At 1:21 AM -0700 4/9/07, Micky Hulse wrote: > >Maybe use flash for this... harder to crack? (Of course, Flash will > >open door to other problems.) > > > >Sorry, coming in on this late. Good work Tedd! Very interesting. > > > M: > > Tijnema showed how MD5 could be used to identify an image file and > crack my arrow captcha. That's really what this thread was about. I > finally came up with enough variations to make it impractical. > > However, this did make me wonder about the images that M$ and others > are using for captchas -- like find the kitty in a set of pictures. > The MD5 application could be used to identify as many pictures as any > spammer would need. So, I think MD5 method, as described in this > thread, would work very well to crack those type of captchas. I doubt Microsoft is using a static image repository for captchas. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Simple question on simplexml

2007-04-09 Thread Timothy Murphy

Haydar TUNA wrote: > You can use following example:) > >$xml = simplexml_load_file("test.xml"); > $xml->body[0]->addChild("book", "Atat�rk The Rebirth Of A Nation"); > ?> This doesn't work. It allows to add a child with some text, as in your example. But it doesn't allow you to add a tree, ie a node with sub-nodes, which is what I was looking for. If it does, could you give an example where eg the item to add is Smith, J PHP for dummies OUP >> I have a catalog in XML format: >> >> >> >>... >> >> >>... >> >> ... >> >> >> Now I want to add another book, >> which I have as a SimpleXMLElement: >> >>$book = new SimpleXMLElement($string); >> >> where $string reads >> >>... >> >> >> Can I add this new entry to the catalog >> using SimpleXML functions, >> or do I have to introduce a DOMDocument? >> >> As may be obvious, I am very new to PHP programming; >> and advice or suggestions gratefully received. >> >> -- >> Timothy Murphy >> e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie >> tel: +353-86-2336090, +353-1-2842366 >> s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland > -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Simple question on simplexml

2007-04-09 Thread Timothy Murphy

Jochem Maas wrote: > there is this: > > http://php.net/manual/en/function.simplexml-element-addChild.php > > which will allow adding of string data (so you won't be needing to > create the new SimpleXMLElement object as per your example below). > > obviously you will have to first load tghe complete xml document > into simplexml using one of the following: > > http://php.net/manual/en/function.simplexml-load-file.php > http://php.net/manual/en/function.simplexml-load-string.php I tried this, with several variations, and I have come to the conclusion that it is impossible to add a tree to a node as I asked using only simplexml functions. If you have such a solution, I would love to see it. If you would like an example, I might want to add the item: Smith, J PHP for dummies OUP My solution, for what it is worth, is something like - $docA = new DOMDocument; $docB = new DOMDocument; $docB->loadXML($book); $xpath = new DOMXPath($docB); $nodes = $xpath->query('//catalog/book'); foreach($nodes as $n) { $new = $docA->importNode($n, true); $docA->documentElement->appendChild($new); } $output = $docA->save("/tmp/catalog.xml"); - > Timothy Murphy wrote: >> I have a catalog in XML format: >> >> >> >> ... >> >> >> ... >> >> ... >> >> >> Now I want to add another book, >> which I have as a SimpleXMLElement: >> >> $book = new SimpleXMLElement($string); >> >> where $string reads >> >> ... >> >> >> Can I add this new entry to the catalog >> using SimpleXML functions, >> or do I have to introduce a DOMDocument? -- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Stut

Ólafur Waage wrote: Lets say i have a login system. This system authenticates the user via mysql, when the user is authenticated, i set a session variable to let the system know the user is authenticated. ie. $_SESSION["authenticated"] = true; Lets also say i know that's how the system works, that a session variable within my browser is set to true. Could i do this if i knew all this info and "authenticate" myself by setting the variable from the client side? If it is possible, what can i do to prevent this or increase security? No. You're teminology indicates a major lack of understanding regarding how sessions work. Session variables are not "within [your] browser". The only thing stored in the browser (usually as a cookie) is the session ID. The contents of the session are stored on the server. So, given that, the answer to your question is... not unless your code is exploitable to allow the user to arbitratily set session variables. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Ólafur Waage

Thanks, yes my knowledge of sessions was a little vague. 2007/4/9, Stut <[EMAIL PROTECTED]>: Ólafur Waage wrote: > Lets say i have a login system. This system authenticates the user via > mysql, when the user is authenticated, i set a session variable to let the > system know the user is authenticated. ie. $_SESSION["authenticated"] = > true; > > Lets also say i know that's how the system works, that a session variable > within my browser is set to true. Could i do this if i knew all this info > and "authenticate" myself by setting the variable from the client side? > > If it is possible, what can i do to prevent this or increase security? No. You're teminology indicates a major lack of understanding regarding how sessions work. Session variables are not "within [your] browser". The only thing stored in the browser (usually as a cookie) is the session ID. The contents of the session are stored on the server. So, given that, the answer to your question is... not unless your code is exploitable to allow the user to arbitratily set session variables. -Stut

Re: [PHP] redirect http to https

2007-04-09 Thread edwardspl

Ben Liu wrote: > What's the prescribed method for redirecting a user forcibly to from > the non-SSL secured version of a page to the SSL-secured version? Is > this handled at the web server level or at the script level. I found > this by googling: > > if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== "on") > {header("Location: https://".$_SERVER['SERVER_NAME'].$_SERVER > ['SCRIPT_NAME']);exit;} > ?> > > What do people think about this solution? > > Thanks, > > - Ben > Hello, Why not config this knid of function by using you Web Server ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] "Sense" last record

2007-04-09 Thread Mário Gamito

Hi, I'm doing this site that has three news in the homepage. You can see the static version here: http://www.telbit.pt As you can see, the two first news have "blocoTexto" class and the third, "blocoTextoLast" Now, i'm developing a dinamyc structure where the news are stored in a MySQL database and retrieved from there. My problem is with the third news and it's different class. I'm using AdoDB recordSet to get the news from the database. You can see it here: http://www.telbit.pt/2/ How can i "sense" that i've reached the last row and apply the "blocoTextoLast" class to it ? My code follows my signature. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- debug=1; $conn = &ADONewConnection('mysql'); $conn->PConnect($host,$user,$password,$database); // get news data $recordSet = &$conn->Execute("SELECT date, now, title, lead, body FROMnews ORDER BY date DESC LIMIT 3"); if (!$recordSet) print $conn->ErrorMsg(); else while (!$recordSet->EOF) { print '' . ' ' . $recordSet->fields[2] . '' . '' . $recordSet->fields[0] . '' . '' . $recordSet->fields[3] . '' . ''; $recordSet->MoveNext(); } echo ""; $recordSet->Close(); $conn->Close(); ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Martin Marques

Ólafur Waage escribió: Lets say i have a login system. This system authenticates the user via mysql, when the user is authenticated, i set a session variable to let the system know the user is authenticated. ie. $_SESSION["authenticated"] = true; Lets also say i know that's how the system works, that a session variable within my browser is set to true. Could i do this if i knew all this info and "authenticate" myself by setting the variable from the client side? The only way I know is, if you use transid (transparent session id), the cracker could hijack your session id and the system would think that it's you (suppose that it's your session that got hijacked) If it is possible, what can i do to prevent this or increase security? Yes: Don't use transparent session id, or even better, save the authentication in a cookie on the client (seperated from the session array). -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redirect http to https

2007-04-09 Thread Martin Marques

Ben Liu escribió: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. {header("Location: https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']);exit;} ?> Very bad solution. -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread tedd

At 8:49 AM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: At 1:21 AM -0700 4/9/07, Micky Hulse wrote: >Maybe use flash for this... harder to crack? (Of course, Flash will >open door to other problems.) > >Sorry, coming in on this late. Good work Tedd! Very interesting. M: Tijnema showed how MD5 could be used to identify an image file and crack my arrow captcha. That's really what this thread was about. I finally came up with enough variations to make it impractical. However, this did make me wonder about the images that M$ and others are using for captchas -- like find the kitty in a set of pictures. The MD5 application could be used to identify as many pictures as any spammer would need. So, I think MD5 method, as described in this thread, would work very well to crack those type of captchas. I doubt Microsoft is using a static image repository for captchas. Cheers, Rob. I doubt that their image repository infinite. Plus, I envision a method where a bot could: 1. Scan the site, gather the images and key phrase. 2 MD5 the images. 3. Place all the MD5's with the associate key phrase in a dB. 4. Refresh and repeat. With repeated refreshes (not attempts at trying to enter), the key phrases associated with the MD5's will build and the bot will learn. It works like this -- the phrase "find the kitty" or key word "kitty" will always be associated with the picture of the kitty WHEN "kitty" is the solution. All other key phrases/words associated with the kitty picture will eventually "stack out" as just be background noise as data is gathered. As such, a bot could have a foundation at making an intelligent guess. Also, every guess (successful or not) provides even more data to be considered. The more data gathered, the better the guess. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redirect http to https

2007-04-09 Thread Ben Liu

On 4/9/07, Martin Marques wrote: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. Um...guess I will have to check with our hosting company about this. Thanks. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 09:45 -0400, tedd wrote: > At 8:49 AM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: > >> At 1:21 AM -0700 4/9/07, Micky Hulse wrote: > >> >Maybe use flash for this... harder to crack? (Of course, Flash will > >> >open door to other problems.) > >> > > >> >Sorry, coming in on this late. Good work Tedd! Very interesting. > >> > >> > >> M: > >> > >> Tijnema showed how MD5 could be used to identify an image file and > >> crack my arrow captcha. That's really what this thread was about. I > >> finally came up with enough variations to make it impractical. > >> > >> However, this did make me wonder about the images that M$ and others > >> are using for captchas -- like find the kitty in a set of pictures. > >> The MD5 application could be used to identify as many pictures as any > >> spammer would need. So, I think MD5 method, as described in this > >> thread, would work very well to crack those type of captchas. > > > >I doubt Microsoft is using a static image repository for captchas. > > > >Cheers, > >Rob. > > I doubt that their image repository infinite. > > Plus, I envision a method where a bot could: > > 1. Scan the site, gather the images and key phrase. > > 2 MD5 the images. > > 3. Place all the MD5's with the associate key phrase in a dB. > > 4. Refresh and repeat. > > With repeated refreshes (not attempts at trying to enter), the key > phrases associated with the MD5's will build and the bot will learn. > > It works like this -- the phrase "find the kitty" or key word "kitty" > will always be associated with the picture of the kitty WHEN "kitty" > is the solution. All other key phrases/words associated with the > kitty picture will eventually "stack out" as just be background noise > as data is gathered. > > As such, a bot could have a foundation at making an intelligent > guess. Also, every guess (successful or not) provides even more data > to be considered. The more data gathered, the better the guess. Hi Tedd, Put down the crack pipe please... captcha images are usually generated on the fly. Their image repository is 0. Their image universe is all of the permutations of an image containing all of the range of serial codes embedded in the images according to their morphing routine. I highly doubt the US Government could afford the space required to store all of the permutations. Considering the number of bytes available to a dynamically generated image, it is highly likely that the images would be capable of exhausting the entire md5 universe. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redirect http to https

2007-04-09 Thread edwardspl

Ben Liu wrote: > On 4/9/07, Martin Marques wrote: > >> >> This should be done with the rewrite instruction of apache, or what ever >> instructionyour web server has. > > > Um...guess I will have to check with our hosting company about this. > Thanks. > > - Ben > Hello, FYI : https://www.yourdomain_name.com";); exit(); ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Tijnema !

On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 09:45 -0400, tedd wrote: > At 8:49 AM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 08:46 -0400, tedd wrote: > >> At 1:21 AM -0700 4/9/07, Micky Hulse wrote: > >> >Maybe use flash for this... harder to crack? (Of course, Flash will > >> >open door to other problems.) > >> > > >> >Sorry, coming in on this late. Good work Tedd! Very interesting. > >> > >> > >> M: > >> > >> Tijnema showed how MD5 could be used to identify an image file and > >> crack my arrow captcha. That's really what this thread was about. I > >> finally came up with enough variations to make it impractical. > >> > >> However, this did make me wonder about the images that M$ and others > >> are using for captchas -- like find the kitty in a set of pictures. > >> The MD5 application could be used to identify as many pictures as any > >> spammer would need. So, I think MD5 method, as described in this > >> thread, would work very well to crack those type of captchas. > > > >I doubt Microsoft is using a static image repository for captchas. > > > >Cheers, > >Rob. > > I doubt that their image repository infinite. > > Plus, I envision a method where a bot could: > > 1. Scan the site, gather the images and key phrase. > > 2 MD5 the images. > > 3. Place all the MD5's with the associate key phrase in a dB. > > 4. Refresh and repeat. > > With repeated refreshes (not attempts at trying to enter), the key > phrases associated with the MD5's will build and the bot will learn. > > It works like this -- the phrase "find the kitty" or key word "kitty" > will always be associated with the picture of the kitty WHEN "kitty" > is the solution. All other key phrases/words associated with the > kitty picture will eventually "stack out" as just be background noise > as data is gathered. > > As such, a bot could have a foundation at making an intelligent > guess. Also, every guess (successful or not) provides even more data > to be considered. The more data gathered, the better the guess. Hi Tedd, Put down the crack pipe please... captcha images are usually generated on the fly. Their image repository is 0. Their image universe is all of the permutations of an image containing all of the range of serial codes embedded in the images according to their morphing routine. I highly doubt the US Government could afford the space required to store all of the permutations. Considering the number of bytes available to a dynamically generated image, it is highly likely that the images would be capable of exhausting the entire md5 universe. Cheers, Rob. And then not to mention that md5 has a limitation, and that there probably would be 2 different images, with the same MD5... Using MD5 on the normal "write the key" CAPTCHAs isn't gonna work, they are mostly generated on the fly, and even if they weren't, then there probably a lot solutions, and not just 8 that i had with your arrow captcha. Those "write the key" CAPTCHAs are the best crackable with an OCR reader. But that's why they are so transformed these days. So that requires extra steps to make it readable. I think that we can conclude that a non-crackable CAPTCHA doesn't exist, but also that there doesn't exist a real "hard to crack" CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help in some cases, but only if the CAPTCHA uses static images/audio/video/etc. Just about your Audio CAPTCHA, you could use MD5 to crack it, as the number has the same MD5 sum each time. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > I think that we can conclude that a non-crackable CAPTCHA doesn't > exist, but also that there doesn't exist a real "hard to crack" > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help > in some cases, but only if the CAPTCHA uses static > images/audio/video/etc. Just about your Audio CAPTCHA, you could use > MD5 to crack it, as the number has the same MD5 sum each time. Similar methods could be applied to sound as to images to distort the sound enough to make it difficult for speech recognition software to understand, but not so much that real humans couldn't understand it. At any rate, it could be enough to prevent md5 indexing... but then again, that would require the audio be mutated on each request, and enough audio be mutated to prevent md5 indexing based on partial signatures -- similar to how viruses are detected - this is especially important if using dictionary words since the sample space is so small (could always use sentences though) :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redirect http to https

2007-04-09 Thread Tijnema !

On 4/9/07, Ben Liu <[EMAIL PROTECTED]> wrote: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: https://".$_SERVER['SERVER_NAME'].$_SERVER ['SCRIPT_NAME']);exit;} ?> What do people think about this solution? Thanks, - Ben Apache mod_rewrite maybe? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] "Sense" last record

2007-04-09 Thread Peter Lauri

Assuming you know it will be three records: $i = 1; while(...) { if($i==3) { //Do the stuff for the last one } else { //Do the rest of the stuff here } $i++; } Assuming you don't know: $count = mysql_num_rows($Result); //or equivalent in AdoDB $i=1; while(...) { if($i==$count) { //Do the stuff for the last one } else { //Do the rest of the stuff here } $i++; } Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free > -Original Message- > From: Mário Gamito [mailto:[EMAIL PROTECTED] > Sent: Monday, April 09, 2007 3:32 PM > To: php-general@lists.php.net > Subject: [PHP] "Sense" last record > > Hi, > > I'm doing this site that has three news in the homepage. > You can see the static version here: > http://www.telbit.pt > As you can see, the two first news have "blocoTexto" class and the > third, "blocoTextoLast" > > Now, i'm developing a dinamyc structure where the news are stored in a > MySQL database and retrieved from there. > > My problem is with the third news and it's different class. > I'm using AdoDB recordSet to get the news from the database. > You can see it here: > http://www.telbit.pt/2/ > > How can i "sense" that i've reached the last row and apply the > "blocoTextoLast" class to it ? > > My code follows my signature. > > Any help would be appreciated. > > Warm Regards > -- > :wq! Mário Gamito > -- > > include('config.php'); >include('adodb/adodb.inc.php'); > >// connect to MySQL >$conn->debug=1; >$conn = &ADONewConnection('mysql'); > > $conn->PConnect($host,$user,$password,$database); > >// get news data >$recordSet = &$conn->Execute("SELECT date, now, title, lead, body > FROMnews ORDER BY date DESC LIMIT 3"); > > if (!$recordSet) >print $conn->ErrorMsg(); > else >while (!$recordSet->EOF) { > print '' . ' ' . $recordSet->fields[2] . > '' . '' . $recordSet->fields[0] . '' . > '' . $recordSet->fields[3] . '' . ''; > > $recordSet->MoveNext(); > } > echo ""; > > $recordSet->Close(); > $conn->Close(); > ?> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Tijnema !

On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > I think that we can conclude that a non-crackable CAPTCHA doesn't > exist, but also that there doesn't exist a real "hard to crack" > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help > in some cases, but only if the CAPTCHA uses static > images/audio/video/etc. Just about your Audio CAPTCHA, you could use > MD5 to crack it, as the number has the same MD5 sum each time. Similar methods could be applied to sound as to images to distort the sound enough to make it difficult for speech recognition software to understand, but not so much that real humans couldn't understand it. At any rate, it could be enough to prevent md5 indexing... but then again, that would require the audio be mutated on each request, and enough audio be mutated to prevent md5 indexing based on partial signatures -- similar to how viruses are detected - this is especially important if using dictionary words since the sample space is so small (could always use sentences though) :) Cheers, Rob. But well, you can't have a audio only CAPTCHA on your site, a lot people don't have speakers on there PC. And some people can't recognize english numbers... So then you have an "write the key" CAPTHCA or smiliar on your site, and the cracker would use that :) Tijnema -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Tijnema !

On 4/9/07, Martin Marques wrote: Ólafur Waage escribió: > Lets say i have a login system. This system authenticates the user via > mysql, when the user is authenticated, i set a session variable to let the > system know the user is authenticated. ie. $_SESSION["authenticated"] = > true; > > Lets also say i know that's how the system works, that a session variable > within my browser is set to true. Could i do this if i knew all this info > and "authenticate" myself by setting the variable from the client side? The only way I know is, if you use transid (transparent session id), the cracker could hijack your session id and the system would think that it's you (suppose that it's your session that got hijacked) > If it is possible, what can i do to prevent this or increase security? Yes: Don't use transparent session id, or even better, save the authentication in a cookie on the client (seperated from the session array). And then the user would crack the cookie I know they are encrypted, but trust me, cookies can be edited. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] redirect http to https

2007-04-09 Thread Peter Lauri

> -Original Message- > From: Ben Liu [mailto:[EMAIL PROTECTED] > Sent: Monday, April 09, 2007 3:52 PM > To: Martin Marques; PHP > Subject: Re: [PHP] redirect http to https > > On 4/9/07, Martin Marques wrote: > > > > > This should be done with the rewrite instruction of apache, or what ever > > instructionyour web server has. > > Um...guess I will have to check with our hosting company about this. > Thanks. > > - Ben > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php [Peter Lauri - DWS Asia] You might be able to do this by putting an .htaccess file in your webroot of non-ssl: -- RewriteEngine On RewriteRule ^/(.*)$ https://www.yourdomain.com/$1 [L] -- Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Davi

Em Segunda 09 Abril 2007 10:04, Stut escreveu: > Ólafur Waage wrote: > > Lets say i have a login system. This system authenticates the user via > > mysql, when the user is authenticated, i set a session variable to let > > the system know the user is authenticated. ie. $_SESSION["authenticated"] > > = true; > > > > Lets also say i know that's how the system works, that a session variable > > within my browser is set to true. Could i do this if i knew all this info > > and "authenticate" myself by setting the variable from the client side? > > > > If it is possible, what can i do to prevent this or increase security? > > No. You're teminology indicates a major lack of understanding regarding > how sessions work. Session variables are not "within [your] browser". > The only thing stored in the browser (usually as a cookie) is the > session ID. The contents of the session are stored on the server. > > So, given that, the answer to your question is... not unless your code > is exploitable to allow the user to arbitratily set session variables. > > -Stut Sessions are stored in the temporary's server folder... So... If I known my session ID and where it's stored, I can do something... -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "Welcome to alt.os.linux.slackwre. We hope you will enjoy your stay. Your answer is here: http://www.catb.org/~esr/faqs/smart-questions.html> -- Faux Pseudo" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > > > > > I think that we can conclude that a non-crackable CAPTCHA doesn't > > > exist, but also that there doesn't exist a real "hard to crack" > > > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help > > > in some cases, but only if the CAPTCHA uses static > > > images/audio/video/etc. Just about your Audio CAPTCHA, you could use > > > MD5 to crack it, as the number has the same MD5 sum each time. > > > > Similar methods could be applied to sound as to images to distort the > > sound enough to make it difficult for speech recognition software to > > understand, but not so much that real humans couldn't understand it. At > > any rate, it could be enough to prevent md5 indexing... but then again, > > that would require the audio be mutated on each request, and enough > > audio be mutated to prevent md5 indexing based on partial signatures -- > > similar to how viruses are detected - this is especially important if > > using dictionary words since the sample space is so small (could always > > use sentences though) :) > > > > Cheers, > > Rob. > > But well, you can't have a audio only CAPTCHA on your site, a lot > people don't have speakers on there PC. And some people can't > recognize english numbers... > So then you have an "write the key" CAPTHCA or smiliar on your site, > and the cracker would use that :) Yep, like I said to Tedd before... kinda need multiple forms of captcha tailored to particular special needs audiences. Visual is good for pretty much all but the blind. Blind people can use audio captcha. Beyond that... is it worth the cost to target diminishing audiences? Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redirect http to https

2007-04-09 Thread Ben Liu

On 4/9/07, Peter Lauri <[EMAIL PROTECTED]> wrote: You might be able to do this by putting an .htaccess file in your webroot of non-ssl: -- RewriteEngine On RewriteRule ^/(.*)$ https://www.yourdomain.com/$1 [L] -- This appears to work: RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R] (sorry if off-topic) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] "Sense" last record

2007-04-09 Thread Satyam

I would use some JavaScript on the client side to go through the table and change the classes once the whole page is loaded. Otherwise, for a pure PHP solution, I might either load the whole table on an array, which is wasteful in memory, or defer the actual output of each record until the next record is read so, if no further records exist, I would change the class name of the row still in a variable and output the row right after the loop ends before the end of the table. Satyam - Original Message - From: "Mário Gamito" <[EMAIL PROTECTED]> To: Sent: Monday, April 09, 2007 3:31 PM Subject: [PHP] "Sense" last record Hi, I'm doing this site that has three news in the homepage. You can see the static version here: http://www.telbit.pt As you can see, the two first news have "blocoTexto" class and the third, "blocoTextoLast" Now, i'm developing a dinamyc structure where the news are stored in a MySQL database and retrieved from there. My problem is with the third news and it's different class. I'm using AdoDB recordSet to get the news from the database. You can see it here: http://www.telbit.pt/2/ How can i "sense" that i've reached the last row and apply the "blocoTextoLast" class to it ? My code follows my signature. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- debug=1; $conn = &ADONewConnection('mysql'); $conn->PConnect($host,$user,$password,$database); // get news data $recordSet = &$conn->Execute("SELECT date, now, title, lead, body FROM news ORDER BY date DESC LIMIT 3"); if (!$recordSet) print $conn->ErrorMsg(); else while (!$recordSet->EOF) { print '' . ' ' . $recordSet->fields[2] . '' . '' . $recordSet->fields[0] . '' . '' . $recordSet->fields[3] . '' . ''; $recordSet->MoveNext(); } echo ""; $recordSet->Close(); $conn->Close(); ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.0.0/752 - Release Date: 08/04/2007 20:34 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Tijnema !

On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > > > > > I think that we can conclude that a non-crackable CAPTCHA doesn't > > > exist, but also that there doesn't exist a real "hard to crack" > > > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help > > > in some cases, but only if the CAPTCHA uses static > > > images/audio/video/etc. Just about your Audio CAPTCHA, you could use > > > MD5 to crack it, as the number has the same MD5 sum each time. > > > > Similar methods could be applied to sound as to images to distort the > > sound enough to make it difficult for speech recognition software to > > understand, but not so much that real humans couldn't understand it. At > > any rate, it could be enough to prevent md5 indexing... but then again, > > that would require the audio be mutated on each request, and enough > > audio be mutated to prevent md5 indexing based on partial signatures -- > > similar to how viruses are detected - this is especially important if > > using dictionary words since the sample space is so small (could always > > use sentences though) :) > > > > Cheers, > > Rob. > > But well, you can't have a audio only CAPTCHA on your site, a lot > people don't have speakers on there PC. And some people can't > recognize english numbers... > So then you have an "write the key" CAPTHCA or smiliar on your site, > and the cracker would use that :) Yep, like I said to Tedd before... kinda need multiple forms of captcha tailored to particular special needs audiences. Visual is good for pretty much all but the blind. Blind people can use audio captcha. Beyond that... is it worth the cost to target diminishing audiences? Cheers, Rob. Uhm, blind people can't even view your page :P I think you mean visual impaired people :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] "Sense" last record

2007-04-09 Thread tg-php

Sorry, I only saw the one response to this question so not sure if what I'm going to propose was already mentioned and wouldn't work. Two things come to mind.. first, it looks like "blocoTextoLast" just has different margin settings, I assume because it's located on the right side of the page content. Would you care if, for example, you only had two news items and the second one (being the last) had margins set to what the first or second news items would have and not the "last" item? That is, does news item #1 or #2 need the special formatting that #3 does? Second, why not just get a count of the number of news items returned by the SQL query. If it's only one, then apply blockoTextoLast to item #1. If it's two, apply it to #2. If it's three or more, apply it to the third new item? I guess one more thing could be done. Create three containers, like you're doing now. Use "blockoTexto" for the first two, and "blockoTextoLast" to the third. It doesn't really matter if they have any content, the class stays the same. Then you don't have to worry if you have 1, 2 or 3 news items. -TG = = = Original message = = = - Original Message - From: "M~rio Gamito" <[EMAIL PROTECTED]> To: Sent: Monday, April 09, 2007 3:31 PM Subject: [PHP] "Sense" last record > Hi, > > I'm doing this site that has three news in the homepage. > You can see the static version here: > http://www.telbit.pt > As you can see, the two first news have "blocoTexto" class and the third, > "blocoTextoLast" > > Now, i'm developing a dinamyc structure where the news are stored in a > MySQL database and retrieved from there. > > My problem is with the third news and it's different class. > I'm using AdoDB recordSet to get the news from the database. > You can see it here: > http://www.telbit.pt/2/ > > How can i "sense" that i've reached the last row and apply the > "blocoTextoLast" class to it ? > > My code follows my signature. > > Any help would be appreciated. > > Warm Regards > -- > :wq! M~rio Gamito > -- > > include('config.php'); > include('adodb/adodb.inc.php'); > > // connect to MySQL > $conn->debug=1; > $conn = &ADONewConnection('mysql'); > > $conn->PConnect($host,$user,$password,$database); > > // get news data > $recordSet = &$conn->Execute("SELECT date, now, title, lead, body FROM > news ORDER BY date DESC LIMIT 3"); > > if (!$recordSet) > print $conn->ErrorMsg(); > else > while (!$recordSet->EOF) >print '' . ' ' . $recordSet->fields[2] . > '' . '' . $recordSet->fields[0] . '' . > '' . $recordSet->fields[3] . '' . ''; > > $recordSet->MoveNext(); > > echo ""; > $recordSet->Close(); > $conn->Close(); > ?> > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.446 / Virus Database: 269.0.0/752 - Release Date: 08/04/2007 > 20:34 > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ___ Sent by ePrompter, the premier email notification software. Free download at http://www.ePrompter.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Stut

Tijnema ! wrote: On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > > > > > I think that we can conclude that a non-crackable CAPTCHA doesn't > > > exist, but also that there doesn't exist a real "hard to crack" > > > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help > > > in some cases, but only if the CAPTCHA uses static > > > images/audio/video/etc. Just about your Audio CAPTCHA, you could use > > > MD5 to crack it, as the number has the same MD5 sum each time. > > > > Similar methods could be applied to sound as to images to distort the > > sound enough to make it difficult for speech recognition software to > > understand, but not so much that real humans couldn't understand it. At > > any rate, it could be enough to prevent md5 indexing... but then again, > > that would require the audio be mutated on each request, and enough > > audio be mutated to prevent md5 indexing based on partial signatures -- > > similar to how viruses are detected - this is especially important if > > using dictionary words since the sample space is so small (could always > > use sentences though) :) > > > > Cheers, > > Rob. > > But well, you can't have a audio only CAPTCHA on your site, a lot > people don't have speakers on there PC. And some people can't > recognize english numbers... > So then you have an "write the key" CAPTHCA or smiliar on your site, > and the cracker would use that :) Yep, like I said to Tedd before... kinda need multiple forms of captcha tailored to particular special needs audiences. Visual is good for pretty much all but the blind. Blind people can use audio captcha. Beyond that... is it worth the cost to target diminishing audiences? Cheers, Rob. Uhm, blind people can't even view your page :P I think you mean visual impaired people :) Yes they can... http://www.webaim.org/articles/visual/blind.php -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Tijnema !

On 4/9/07, Stut <[EMAIL PROTECTED]> wrote: Tijnema ! wrote: > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: >> On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: >> > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: >> > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: >> > > > >> > > > I think that we can conclude that a non-crackable CAPTCHA doesn't >> > > > exist, but also that there doesn't exist a real "hard to crack" >> > > > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can >> help >> > > > in some cases, but only if the CAPTCHA uses static >> > > > images/audio/video/etc. Just about your Audio CAPTCHA, you could >> use >> > > > MD5 to crack it, as the number has the same MD5 sum each time. >> > > >> > > Similar methods could be applied to sound as to images to distort the >> > > sound enough to make it difficult for speech recognition software to >> > > understand, but not so much that real humans couldn't understand >> it. At >> > > any rate, it could be enough to prevent md5 indexing... but then >> again, >> > > that would require the audio be mutated on each request, and enough >> > > audio be mutated to prevent md5 indexing based on partial >> signatures -- >> > > similar to how viruses are detected - this is especially important if >> > > using dictionary words since the sample space is so small (could >> always >> > > use sentences though) :) >> > > >> > > Cheers, >> > > Rob. >> > >> > But well, you can't have a audio only CAPTCHA on your site, a lot >> > people don't have speakers on there PC. And some people can't >> > recognize english numbers... >> > So then you have an "write the key" CAPTHCA or smiliar on your site, >> > and the cracker would use that :) >> >> Yep, like I said to Tedd before... kinda need multiple forms of captcha >> tailored to particular special needs audiences. Visual is good for >> pretty much all but the blind. Blind people can use audio captcha. >> Beyond that... is it worth the cost to target diminishing audiences? >> >> Cheers, >> Rob. > > Uhm, blind people can't even view your page :P > I think you mean visual impaired people :) Yes they can... http://www.webaim.org/articles/visual/blind.php -Stut Interesting... Didn't know that... :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] "Sense" last record

2007-04-09 Thread Mário Gamito

Hi, Thank you all for your answers. I solved the problem with: debug=1; $conn = &ADONewConnection('mysql'); $conn->PConnect($host,$user,$password,$database); // insert subscription values $recordSet = &$conn->Execute("SELECT id_news, date, now, title, lead, body FROM news ORDER BY now DESC LIMIT 3"); $counter = 0; if (!$recordSet) print $conn->ErrorMsg(); else while (!$recordSet->EOF) { $counter++; if ($counter == 3) $div = ''; else $div = ''; print($div); print '' . $recordSet->fields[3] . '' . '' . $recordSet->fields[1] . '' . '' . $recordSet->fields[4] . 'href=news.php?news='. $recordSet->fields[0] . '>[+]' . '' . ''; $recordSet->MoveNext(); } echo ""; $recordSet->Close(); $conn->Close(); ?> Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Martin Marques

Tijnema ! escribió: On 4/9/07, Martin Marques wrote: Yes: Don't use transparent session id, or even better, save the authentication in a cookie on the client (seperated from the session array). And then the user would crack the cookie I know they are encrypted, but trust me, cookies can be edited. So what? The user authenticated himself, so what is he gonna crack? You want better info on this subject, see how webmail apps store the suthentication information (gmail.com comes to mind now). -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 17:28 +0200, Tijnema ! wrote: > On 4/9/07, Stut <[EMAIL PROTECTED]> wrote: > > Tijnema ! wrote: > > > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > >> On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote: > > >> > On 4/9/07, Robert Cummings <[EMAIL PROTECTED]> wrote: > > >> > > On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote: > > >> > > > > > >> > > > I think that we can conclude that a non-crackable CAPTCHA doesn't > > >> > > > exist, but also that there doesn't exist a real "hard to crack" > > >> > > > CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can > > >> help > > >> > > > in some cases, but only if the CAPTCHA uses static > > >> > > > images/audio/video/etc. Just about your Audio CAPTCHA, you could > > >> use > > >> > > > MD5 to crack it, as the number has the same MD5 sum each time. > > >> > > > > >> > > Similar methods could be applied to sound as to images to distort the > > >> > > sound enough to make it difficult for speech recognition software to > > >> > > understand, but not so much that real humans couldn't understand > > >> it. At > > >> > > any rate, it could be enough to prevent md5 indexing... but then > > >> again, > > >> > > that would require the audio be mutated on each request, and enough > > >> > > audio be mutated to prevent md5 indexing based on partial > > >> signatures -- > > >> > > similar to how viruses are detected - this is especially important if > > >> > > using dictionary words since the sample space is so small (could > > >> always > > >> > > use sentences though) :) > > >> > > > > >> > > Cheers, > > >> > > Rob. > > >> > > > >> > But well, you can't have a audio only CAPTCHA on your site, a lot > > >> > people don't have speakers on there PC. And some people can't > > >> > recognize english numbers... > > >> > So then you have an "write the key" CAPTHCA or smiliar on your site, > > >> > and the cracker would use that :) > > >> > > >> Yep, like I said to Tedd before... kinda need multiple forms of captcha > > >> tailored to particular special needs audiences. Visual is good for > > >> pretty much all but the blind. Blind people can use audio captcha. > > >> Beyond that... is it worth the cost to target diminishing audiences? > > >> > > >> Cheers, > > >> Rob. > > > > > > Uhm, blind people can't even view your page :P > > > I think you mean visual impaired people :) > > > > Yes they can... http://www.webaim.org/articles/visual/blind.php > > > > -Stut > > Interesting... Didn't know that... :) By blind though I meant both visually impaired and as Stut pointed out for you, completely blind :) They sort of need the same solution unless the visual impairment is minor. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Tijnema !

On 4/9/07, Martin Marques wrote: Tijnema ! escribió: > On 4/9/07, Martin Marques wrote: >> >> Yes: >> >> Don't use transparent session id, or even better, save the >> authentication in a cookie on the client (seperated from the session >> array). > > And then the user would crack the cookie > I know they are encrypted, but trust me, cookies can be edited. So what? The user authenticated himself, so what is he gonna crack? Yes, but i guess you're not only storing if the user has authenticated, also storing a username? And if that's not the case, then you could authenticate by creating a cookie where it says authenticated = yes, and you're authenticated... Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Davi

Em Segunda 09 Abril 2007 12:37, Tijnema ! escreveu: > On 4/9/07, Martin Marques wrote: > > Tijnema ! escribió: > > > On 4/9/07, Martin Marques wrote: > > >> Yes: > > >> > > >> Don't use transparent session id, or even better, save the > > >> authentication in a cookie on the client (seperated from the session > > >> array). > > > > > > And then the user would crack the cookie > > > I know they are encrypted, but trust me, cookies can be edited. > > > > So what? The user authenticated himself, so what is he gonna crack? > > Yes, but i guess you're not only storing if the user has > authenticated, also storing a username? > > And if that's not the case, then you could authenticate by creating a > cookie where it says authenticated = yes, and you're authenticated... > > Tijnema ... and we get a security crater... =] -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "Crito, I owe a cock to Asclepius; will you remember to pay the debt? -- Socrates' last words" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session Authentication

2007-04-09 Thread Peter Lauri

> -Original Message- > From: Tijnema ! [mailto:[EMAIL PROTECTED] > Sent: Monday, April 09, 2007 5:38 PM > To: Martin Marques > Cc: Ólafur Waage; php-general@lists.php.net > Subject: Re: [PHP] Session Authentication > > On 4/9/07, Martin Marques wrote: > > Tijnema ! escribió: > > > On 4/9/07, Martin Marques wrote: > > >> > > >> Yes: > > >> > > >> Don't use transparent session id, or even better, save the > > >> authentication in a cookie on the client (seperated from the session > > >> array). > > > > > > And then the user would crack the cookie > > > I know they are encrypted, but trust me, cookies can be edited. > > > > So what? The user authenticated himself, so what is he gonna crack? > Yes, but i guess you're not only storing if the user has > authenticated, also storing a username? > > And if that's not the case, then you could authenticate by creating a > cookie where it says authenticated = yes, and you're authenticated... > > Tijnema > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php [Peter Lauri - DWS Asia] If cookies were that unsecured so you could create your own cookies that easily, then would cookies exist? Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Tijnema !

On 4/9/07, Peter Lauri <[EMAIL PROTECTED]> wrote: > -Original Message- > From: Tijnema ! [mailto:[EMAIL PROTECTED] > Sent: Monday, April 09, 2007 5:38 PM > To: Martin Marques > Cc: Ólafur Waage; php-general@lists.php.net > Subject: Re: [PHP] Session Authentication > > On 4/9/07, Martin Marques wrote: > > Tijnema ! escribió: > > > On 4/9/07, Martin Marques wrote: > > >> > > >> Yes: > > >> > > >> Don't use transparent session id, or even better, save the > > >> authentication in a cookie on the client (seperated from the session > > >> array). > > > > > > And then the user would crack the cookie > > > I know they are encrypted, but trust me, cookies can be edited. > > > > So what? The user authenticated himself, so what is he gonna crack? > Yes, but i guess you're not only storing if the user has > authenticated, also storing a username? > > And if that's not the case, then you could authenticate by creating a > cookie where it says authenticated = yes, and you're authenticated... > > Tijnema > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php [Peter Lauri - DWS Asia] If cookies were that unsecured so you could create your own cookies that easily, then would cookies exist? Best regards, Peter Lauri Cookies are old, so in the time they were introduced, today it is possible to create and modify cookies with some good tools. These tools are illegal, but every cracker is 99% illegal right? But that means i can't give you these tools to proof it, but it is possible. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Session Authentication

2007-04-09 Thread Peter Lauri

> > Cookies are old, so in the time they were introduced, today it is > possible to create and modify cookies with some good tools. These > tools are illegal, but every cracker is 99% illegal right? But that > means i can't give you these tools to proof it, but it is possible. > > Tijnema [Peter Lauri - DWS Asia] Having these tools is probably not illegal. But using them illegally is illegal :) Could you send me some more info "off-list" about this. Knowing how to use these tools will probably help me making my sites more secure, am I not right? :) Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Stut

Peter Lauri wrote: -Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Monday, April 09, 2007 5:38 PM To: Martin Marques Cc: Ólafur Waage; php-general@lists.php.net Subject: Re: [PHP] Session Authentication On 4/9/07, Martin Marques wrote: Tijnema ! escribió: On 4/9/07, Martin Marques wrote: Yes: Don't use transparent session id, or even better, save the authentication in a cookie on the client (seperated from the session array). And then the user would crack the cookie I know they are encrypted, but trust me, cookies can be edited. So what? The user authenticated himself, so what is he gonna crack? Yes, but i guess you're not only storing if the user has authenticated, also storing a username? And if that's not the case, then you could authenticate by creating a cookie where it says authenticated = yes, and you're authenticated... Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php [Peter Lauri - DWS Asia] If cookies were that unsecured so you could create your own cookies that easily, then would cookies exist? Cookies really are that insecure, which is why you *don't* use them to store whether the user has authenticated. You store that in the session and use a cookie purely to identify the session. The main thing to remember is that cookies are transmitted between client and server for every request. This means that they *can* be faked. Sessions live only on the server making them a lot more secure, but by no means completely secure. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Design Dilemma - Database Data Abstraction

2007-04-09 Thread Martin Alterisio

2007/4/9, Lester Caine <[EMAIL PROTECTED]>: Martin Alterisio wrote: > I have a dilemma on a design where I humbly ask your help. I'm working on > the model part of a web application (not to be understood in the "web2.0 " > way, but in a more general way, where anything mounted on HTTP is a web > application) done in PHP5 following the MVC design pattern. But the strong > point is that the result must be those-who-never-RTFM-proof. But that's not > my dilemma, I only mention this so that no RoR concept or similar is thrown > into the table, that is, NO ActiveRecord. > > The solution I presented is to access, and act upon, a database as if they > were PHP arrays, meaning that a table is presented as an array of records. > Here comes my dilemma. But first let me explain a bit about the scenario so > far: I snip there - too much detail without defining the problem ;) Yeah, sorry about that, the concept seems a bit difficult to explain. I didn't found anything similar to point as reference. Database Data Abstraction normally refers to using a common internal structure which can be loaded from a range of database engines. It sounds as if you have no requirement to 'Abstract' the database, only to come up with a persistent object layer under a single database engine? Nope. It's an abstraction layer where the API is the common array operations, implemented through the SPL interfaces for that purpose. No explicit database is involved, except that some constrains to the structure of the data shall be involved. You have indicated that you are looking for a multi-user system, and so the raw data must be in the database, but as you have seen, the flexibility afforded by any database engine is difficult to duplicate. The thing to remember is that you should ONLY be reading the data you need for the current user, and so your persistent objects do not need to be as complex as you seem to be looking for. It is always faster to ask the database for an answer than to copy everything to PHP in order to work with it. With any decent database you can provide views of the data in a suitable format for the arrays you need display on the user interface. I completely understand, that's why from the beginning I decided that no precaching nor caching would be done, and lazy evaluation would be the way to go. The array operations would be transparently mapped to their counterpart db action when needed. I tried to find something suitable to point you at, but it's difficult http://www.appelsiini.net/~tuupola/php/DB_DataContainer/ Is probably in line with your current outline? Thanks but that's exactly what I don't want to do. -- Lester Caine - G8HFL - Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact L.S.Caine Electronic Services - http://home.lsces.co.uk MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/ Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php Thanks for answering but my problem isn't how the abstraction will be actually implemented, but that the API (the array interface) stays as coherent as possible. If you have the time, please read what was snipped, those are my thoughts about how to make the array API coherent and what problems I encountered. Thanks again.

RE: [PHP] Session Authentication

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 18:57 +0200, Peter Lauri wrote: > > > > Cookies are old, so in the time they were introduced, today it is > > possible to create and modify cookies with some good tools. These > > tools are illegal, but every cracker is 99% illegal right? But that > > means i can't give you these tools to proof it, but it is possible. > > > > Tijnema > > [Peter Lauri - DWS Asia] > > Having these tools is probably not illegal. But using them illegally is > illegal :) Could you send me some more info "off-list" about this. Knowing > how to use these tools will probably help me making my sites more secure, am > I not right? :) You don't need tools. Just go find where your browser stores them. Alternatively, enable cookies when using Curl, then you have them and can mod them on the fly as you see fit. Hasn't anyone here had a boring day (yeears ago) when they created an auto vote bot for some stupid poll? >:B Cookies are only slightly more secure than trans sid PHPSESSID since it's less likely the ignorant masses will post their cookie contents to a forum :) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Stut

Peter Lauri wrote: Cookies are old, so in the time they were introduced, today it is possible to create and modify cookies with some good tools. These tools are illegal, but every cracker is 99% illegal right? But that means i can't give you these tools to proof it, but it is possible. Tijnema [Peter Lauri - DWS Asia] Having these tools is probably not illegal. But using them illegally is illegal :) Could you send me some more info "off-list" about this. Knowing how to use these tools will probably help me making my sites more secure, am I not right? :) Cookies are HTTP headers, nothing more, nothing less. The minimum "tool" you need is telnet. If you're writing web applications and don't know that, please take the time to read the HTTP spec, and then the cookie spec. Google for them. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Tijnema !

On 4/9/07, Stut <[EMAIL PROTECTED]> wrote: Peter Lauri wrote: >> Cookies are old, so in the time they were introduced, today it is >> possible to create and modify cookies with some good tools. These >> tools are illegal, but every cracker is 99% illegal right? But that >> means i can't give you these tools to proof it, but it is possible. >> >> Tijnema > > [Peter Lauri - DWS Asia] > > Having these tools is probably not illegal. But using them illegally is > illegal :) Could you send me some more info "off-list" about this. Knowing > how to use these tools will probably help me making my sites more secure, am > I not right? :) Cookies are HTTP headers, nothing more, nothing less. The minimum "tool" you need is telnet. If you're writing web applications and don't know that, please take the time to read the HTTP spec, and then the cookie spec. Google for them. -Stut Encrypted stuff maybe? Faking cookies can be done without any tools, but were talking about editing here... Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Tijnema !

On 4/9/07, Tijnema ! <[EMAIL PROTECTED]> wrote: On 4/9/07, Stut <[EMAIL PROTECTED]> wrote: > Peter Lauri wrote: > >> Cookies are old, so in the time they were introduced, today it is > >> possible to create and modify cookies with some good tools. These > >> tools are illegal, but every cracker is 99% illegal right? But that > >> means i can't give you these tools to proof it, but it is possible. > >> > >> Tijnema > > > > [Peter Lauri - DWS Asia] > > > > Having these tools is probably not illegal. But using them illegally is > > illegal :) Could you send me some more info "off-list" about this. Knowing > > how to use these tools will probably help me making my sites more secure, am > > I not right? :) > > Cookies are HTTP headers, nothing more, nothing less. The minimum "tool" > you need is telnet. If you're writing web applications and don't know > that, please take the time to read the HTTP spec, and then the cookie > spec. Google for them. > > -Stut Encrypted stuff maybe? Faking cookies can be done without any tools, but were talking about editing here... Tijnema Editing IE cookies, FireFox cookies can be edited in firefox i believe. Tijnema > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Davi

Em Segunda 09 Abril 2007 13:05, Robert Cummings escreveu: > (...) Hasn't anyone here had a boring > day (yeears ago) when they created an auto vote bot for some stupid > poll? >:B I never do this!!! =P But I changed a cookie of an browser game XD -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "Scintillation is not always identification for an auric substance." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Martin Marques

Tijnema ! escribió: On 4/9/07, Martin Marques wrote: So what? The user authenticated himself, so what is he gonna crack? Yes, but i guess you're not only storing if the user has authenticated, also storing a username? And if that's not the case, then you could authenticate by creating a cookie where it says authenticated = yes, and you're authenticated... That would the stupidest thing to do. I can't even imagine somebody thinking about doing it. -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Martin Marques

Davi escribió: Sessions are stored in the temporary's server folder... So... If I known my session ID and where it's stored, I can do something... Have you tried it? I mean, as a non-root, non-apache user. :-P -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Davi

Em Segunda 09 Abril 2007 13:47, Martin Marques escreveu: > Davi escribió: > > Sessions are stored in the temporary's server folder... So... If I known > > my session ID and where it's stored, I can do something... > > Have you tried it? I mean, as a non-root, non-apache user. :-P > No. And I known that is _impossible_... But... Don't expect it... ;-) -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "Asshole I'm talking to you." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread tedd

At 9:58 AM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 09:45 -0400, tedd wrote: > >> However, this did make me wonder about the images that M$ and others >> are using for captchas -- like find the kitty in a set of pictures. >> The MD5 application could be used to identify as many pictures as any >> spammer would need. So, I think MD5 method, as described in this >> thread, would work very well to crack those type of captchas. > >I doubt Microsoft is using a static image repository for captchas. > >Cheers, >Rob. I doubt that their image repository infinite. Plus, I envision a method where a bot could: 1. Scan the site, gather the images and key phrase. 2 MD5 the images. 3. Place all the MD5's with the associate key phrase in a dB. 4. Refresh and repeat. With repeated refreshes (not attempts at trying to enter), the key phrases associated with the MD5's will build and the bot will learn. It works like this -- the phrase "find the kitty" or key word "kitty" will always be associated with the picture of the kitty WHEN "kitty" is the solution. All other key phrases/words associated with the kitty picture will eventually "stack out" as just be background noise as data is gathered. As such, a bot could have a foundation at making an intelligent guess. Also, every guess (successful or not) provides even more data to be considered. The more data gathered, the better the guess. Hi Tedd, Put down the crack pipe please... captcha images are usually generated on the fly. Their image repository is 0. Their image universe is all of the permutations of an image containing all of the range of serial codes embedded in the images according to their morphing routine. I highly doubt the US Government could afford the space required to store all of the permutations. Considering the number of bytes available to a dynamically generated image, it is highly likely that the images would be capable of exhausting the entire md5 universe. Cheers, Rob. Rob: Duh -- put down the joint and stay on the subject. We were talking about M$'s "picture" captcha where they show pictures and ask a question like "Pick the picture that shows a kitty" and NOT an "on the fly" graphic captcha. There are different types of captchas. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > At 9:58 AM -0400 4/9/07, Robert Cummings wrote: > > >Hi Tedd, > > > >Put down the crack pipe please... captcha images are usually generated > >on the fly. Their image repository is 0. Their image universe is all of > >the permutations of an image containing all of the range of serial codes > >embedded in the images according to their morphing routine. I highly > >doubt the US Government could afford the space required to store all of > >the permutations. Considering the number of bytes available to a > >dynamically generated image, it is highly likely that the images would > >be capable of exhausting the entire md5 universe. > > > >Cheers, > >Rob. > > Rob: > > Duh -- put down the joint and stay on the subject. We were talking > about M$'s "picture" captcha where they show pictures and ask a > question like "Pick the picture that shows a kitty" and NOT an "on > the fly" graphic captcha. There are different types of captchas. Ah, I see. I was too lazy to go check since I don't use Microsoft except insofar as to make things work in their crappy browser. Either way, can you verify the images are static? See if getting two kitty cats produces the same md5 signature :) Just because it's a picture doesn't invalidate what I said. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread tedd

At 5:55 PM +0200 4/9/07, Tijnema ! wrote: Cookies are old, so in the time they were introduced, today it is possible to create and modify cookies with some good tools. These tools are illegal, I don't believe that. FireFox probably has most, if not all. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Tijnema !

On 4/9/07, tedd <[EMAIL PROTECTED]> wrote: At 5:55 PM +0200 4/9/07, Tijnema ! wrote: >Cookies are old, so in the time they were introduced, today it is >possible to create and modify cookies with some good tools. These >tools are illegal, I don't believe that. FireFox probably has most, if not all. Cheers, tedd Who said firefox is legal? :P I believe that what firefox can do is limited, some things that are illegal are not possible. I don't know exactly what's illegal, i searched for it a few years ago, and that's what i found then. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Martin Marques

Tijnema ! escribió: Who said firefox is legal? :P I believe that what firefox can do is limited, some things that are illegal are not possible. I don't know exactly what's illegal, i searched for it a few years ago, and that's what i found then. Explain how it would be illegal to modify cookies that are in MY computer. On the other hand, it's STUPID to rely on data that comes from a cookie without double checking it. -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Need a working SOAP example using SOAP -- PHP is blocking the calls

2007-04-09 Thread Daevid Vincent

> >> c, could you be having a problem related to the > >> allow_url_fopen ini setting? > > > > Now we're talkin! > > > > Okay, I made sure that allow_url_fopen and > > allow_url_include are both "on". > > Verified via phpinfo(); > > > > Still no luck. :-\ > > > > However, this sparked an idea... > > > > I have been using my WinXP and IE to hit my Gentoo notebook running > > apache2/php/etc. (samba mounting the /home/machine/... to > > edit the files) > > > > When I fired up KDE and hit the EXACT same pages (which are > > now local), they magically worked! > > > > So now the question is, what setting do I have to change in > > my php.ini file to get remote requests to work? > > I'm not following what you mean by local and remote and when > your considering something to be one or the other. (locutus) Gentoo/Notebook/Apache/PHP/Samba (gabriel) WinXP/IDE/IE6 All the code sits on locutus. I samba share the directory so can edit in my HomeSite IDE on gabriel. I edit my 'hosts' file (on both machines) to point at the proper IP (172.16.35.223 machine.locutus.com) setting up a vhost on locutus, etc... I can make the initial connection to client.php. I can do most anything (php, mysql, htaccess, etc), as locutus is a webserver -- I use this method to develop a dozen sites, all work flawlessley. You follow so far? This should be a pretty normal setup. Nothing fancy here. So, as stated in previous post. If I use gabriel to access http://machine.locutus.com, I can get to any of the individual pages related to this SOAP exercise (server.php, .wsdl, client.php, etc.). The problem is that the client.php can't make a server.php call though, and throws that exception. Now, to add to my confusion and simultaneiously lets me know that my actual CODE is working, as per the spark above, I fired up KDE on locutus. Then I hit the exact same URL, and pinch my ass and call me Charlie, the SOAP example works. SAME EXACT CODE. SAME EXACT FILES. SAME EXACT URLS. Something in PHP land (php.ini) seems to be horking me. I had a co-worker put my code on his linux (debian) box, and he could then connect from his XP to the URL and it worked for him too (even using https://). You might be thinking, well just diff the php.ini files and see. Not so easy my friend. They're not condusive to that. And we tried to eyeball what we could, but didn't see anything obvious. I thought for sure allow_url_fopen and allow_url_include were my silver bullets here, but they're 'On' in both php.ini files (his and mine). > windows firewall springs to mind but I can't tell if it could > even be involved from your current description. Windows Firewall should not be an issue here b/c the soap requests are originating from locutus to locutus -- the files are in the same directory. SOAP (at this stage) is only an exercise -- it's not making any remote calls across a network. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Need a working SOAP example using SOAP -- PHP is blocking the calls (scripts)

2007-04-09 Thread Daevid Vincent

Here is the code I'm using: client1.php http://machine.locutus.com/StockQuote/stockquote.wsdl";, # $client = new SoapClient("https://admin:[EMAIL PROTECTED]/stockquote.wsdl", array( # "login" => "admin", # "password" => "testing", "trace" => 1, "exceptions" => 0)); print($client->getQuote("ibm")); ?> server1.php http://devzone.zend.com/node/view/id/689 $quotes = array( "ibm" => 98.42 ); function getQuote($symbol) { global $quotes; return $quotes[$symbol]; } ini_set("soap.wsdl_cache_enabled", "0"); // disabling WSDL cache //exit( "foo"); $server = new SoapServer("stockquote.wsdl"); $server->addFunction("getQuote"); $server->handle(); ?> stockquote.wsdl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Where to insert a phrase in the right place

2007-04-09 Thread Mário Gamito

Hi, I'm making this site that was static and now has some dynamic features, so it's a little bit patched :) If you care to visit http://www.telbit.pt/2/login.php you'll notice that the word "Welcome" is already present, and only should be after the download. Also, the error "You didn't fill all fields, please try again." is being displayed on page load. This is my problem and to which i ask you for your help. How can i make the word "Welcome" appear only after the login ? My code follows my signature. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- Forgot your password ? debug=1; $conn = &ADONewConnection('mysql'); $conn->PConnect($host,$user,$password,$database); // get password from db $rsSel = "SELECT name, password FROM subscribers WHERE email = '$email' AND valid = '1'"; $rs = $conn->Execute($rsSel); $name= $rs->fields[0]; $password_db = $rs->fields[1]; if ($pass != $password_db) { "&field1=".urlencode($_POST['field1'])."&field2=".urlencode($_POST['field2']); echo " Wrong password, please try again. "; exit; } print('Welcome ' . $name); unset ($_SESSION['error']); $conn->Close(); ?> Copyright©2006 Telbit - Tecnologias de Informação, Lda. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Need a working SOAP example using SOAP -- PHP is blocking the calls

2007-04-09 Thread Lori Lay

Daevid Vincent wrote: c, could you be having a problem related to the allow_url_fopen ini setting? Now we're talkin! Okay, I made sure that allow_url_fopen and allow_url_include are both "on". Verified via phpinfo(); Still no luck. :-\ However, this sparked an idea... I have been using my WinXP and IE to hit my Gentoo notebook running apache2/php/etc. (samba mounting the /home/machine/... to edit the files) When I fired up KDE and hit the EXACT same pages (which are now local), they magically worked! So now the question is, what setting do I have to change in my php.ini file to get remote requests to work? I'm not following what you mean by local and remote and when your considering something to be one or the other. (locutus) Gentoo/Notebook/Apache/PHP/Samba (gabriel) WinXP/IDE/IE6 All the code sits on locutus. I samba share the directory so can edit in my HomeSite IDE on gabriel. I edit my 'hosts' file (on both machines) to point at the proper IP (172.16.35.223 machine.locutus.com) setting up a vhost on locutus, etc... I can make the initial connection to client.php. I can do most anything (php, mysql, htaccess, etc), as locutus is a webserver -- I use this method to develop a dozen sites, all work flawlessley. You follow so far? This should be a pretty normal setup. Nothing fancy here. So, as stated in previous post. If I use gabriel to access http://machine.locutus.com, I can get to any of the individual pages related to this SOAP exercise (server.php, .wsdl, client.php, etc.). The problem is that the client.php can't make a server.php call though, and throws that exception. Now, to add to my confusion and simultaneiously lets me know that my actual CODE is working, as per the spark above, I fired up KDE on locutus. Then I hit the exact same URL, and pinch my ass and call me Charlie, the SOAP example works. SAME EXACT CODE. SAME EXACT FILES. SAME EXACT URLS. Something in PHP land (php.ini) seems to be horking me. I had a co-worker put my code on his linux (debian) box, and he could then connect from his XP to the URL and it worked for him too (even using https://). You might be thinking, well just diff the php.ini files and see. Not so easy my friend. They're not condusive to that. And we tried to eyeball what we could, but didn't see anything obvious. I thought for sure allow_url_fopen and allow_url_include were my silver bullets here, but they're 'On' in both php.ini files (his and mine). windows firewall springs to mind but I can't tell if it could even be involved from your current description. Windows Firewall should not be an issue here b/c the soap requests are originating from locutus to locutus -- the files are in the same directory. SOAP (at this stage) is only an exercise -- it's not making any remote calls across a network. Daevid, I am by no means an expert on this, but I know that when we've had issues with running some scripts, we had to look into the Linux security settings. We're running SE Linux (Red Hat) and that shuts down a lot of the remote access. When we were trying to get some CURL scripts working, we had to temporarily disable the Linux firewall so that we could track the calls in the messages log. Then we could see what the required privileges were and set things up appropriately. I don't know if Gentoo has anything like that or if you have any of the security stuff turned on, but you might want to check the equivalent of the messages log in Gentoo and see if that's where you're being blocked. Lori -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Where to insert a phrase in the right place

2007-04-09 Thread Jay Blanchard

[snip] How can i make the word "Welcome" appear only after the login ? [/snip] If you set a cookie upon login you can then check for the existence of the cookie. If the cookie exists do not display 'Welcome'. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Travis Doherty

Robert Cummings wrote: >On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > > >>At 9:58 AM -0400 4/9/07, Robert Cummings wrote: >> >> >> >>>Hi Tedd, >>> >>>Put down the crack pipe please... captcha images are usually generated >>>on the fly. Their image repository is 0. Their image universe is all of >>>the permutations of an image containing all of the range of serial codes >>>embedded in the images according to their morphing routine. I highly >>>doubt the US Government could afford the space required to store all of >>>the permutations. Considering the number of bytes available to a >>>dynamically generated image, it is highly likely that the images would >>>be capable of exhausting the entire md5 universe. >>> >>>Cheers, >>>Rob. >>> >>> >>Rob: >> >>Duh -- put down the joint and stay on the subject. We were talking >>about M$'s "picture" captcha where they show pictures and ask a >>question like "Pick the picture that shows a kitty" and NOT an "on >>the fly" graphic captcha. There are different types of captchas. >> >> > >Ah, I see. I was too lazy to go check since I don't use Microsoft except >insofar as to make things work in their crappy browser. Either way, can >you verify the images are static? See if getting two kitty cats produces >the same md5 signature :) Just because it's a picture doesn't invalidate >what I said. > >Cheers, >Rob. > > Steganography has been able to "hide" text in images for quite some time now. Basically you cram whatever info you want into the 'unused' or 'less used' bytes of the image. With this in mind I imagine even if you did have an image repository of only 8 images you could add some random bytes to the right spots in the image without distorting it beyond recognition/corrupting it, and therefore get a hybrid of static/on-the-fly images, that hashing couldn't break so simply. 2 cents... Travis Doherty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Stut

Martin Marques wrote: Tijnema ! escribió: Who said firefox is legal? :P I believe that what firefox can do is limited, some things that are illegal are not possible. I don't know exactly what's illegal, i searched for it a few years ago, and that's what i found then. Explain how it would be illegal to modify cookies that are in MY computer. As with most things these days it probably breaches the DMCA. But frankly speaking, if doing that works then the developers of the application, and by extension the company, deserve everything they get. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Tijnema !

On 4/9/07, Travis Doherty <[EMAIL PROTECTED]> wrote: Robert Cummings wrote: >On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > > >>At 9:58 AM -0400 4/9/07, Robert Cummings wrote: >> >> >> >>>Hi Tedd, >>> >>>Put down the crack pipe please... captcha images are usually generated >>>on the fly. Their image repository is 0. Their image universe is all of >>>the permutations of an image containing all of the range of serial codes >>>embedded in the images according to their morphing routine. I highly >>>doubt the US Government could afford the space required to store all of >>>the permutations. Considering the number of bytes available to a >>>dynamically generated image, it is highly likely that the images would >>>be capable of exhausting the entire md5 universe. >>> >>>Cheers, >>>Rob. >>> >>> >>Rob: >> >>Duh -- put down the joint and stay on the subject. We were talking >>about M$'s "picture" captcha where they show pictures and ask a >>question like "Pick the picture that shows a kitty" and NOT an "on >>the fly" graphic captcha. There are different types of captchas. >> >> > >Ah, I see. I was too lazy to go check since I don't use Microsoft except >insofar as to make things work in their crappy browser. Either way, can >you verify the images are static? See if getting two kitty cats produces >the same md5 signature :) Just because it's a picture doesn't invalidate >what I said. > >Cheers, >Rob. > > Steganography has been able to "hide" text in images for quite some time now. Basically you cram whatever info you want into the 'unused' or 'less used' bytes of the image. With this in mind I imagine even if you did have an image repository of only 8 images you could add some random bytes to the right spots in the image without distorting it beyond recognition/corrupting it, and therefore get a hybrid of static/on-the-fly images, that hashing couldn't break so simply. 2 cents... Travis Doherty This is exactly what tedd did in his last arrow example. He edited the header of the GIF image, and so that would result in different MD5. Finding this part and skipping it in the MD5 check would do the job. :) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread tedd

At 1:04 PM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: >We were talking > about M$'s "picture" captcha where they show pictures and ask a question like "Pick the picture that shows a kitty" and NOT an "on the fly" graphic captcha. There are different types of captchas. Ah, I see. I was too lazy to go check since I don't use Microsoft except insofar as to make things work in their crappy browser. Either way, can you verify the images are static? See if getting two kitty cats produces the same md5 signature :) Just because it's a picture doesn't invalidate what I said. I'm not out to validate, or invalidate, what you said. I'm just making the point that a finite number of pictures is different than an almost infinite number of "on the fly" generated graphic images. The "new" captcha M$ is trying, is to use pictures of objects and have the user identify which are cat pictures, like so: http://research.microsoft.com/asirra/ The web site states that it has over two million pictures of cats and dogs. This captcha requires that you simply to select ALL the cat photos leaving the dog photos unchecked. After doing so, it checks your score to allow entry. This one is different than the first one I saw, which presented only one cat picture in several dog pictures -- I think I could break that. But, this one is more difficult. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread tedd

At 4:19 PM -0400 4/9/07, Travis Doherty wrote: Steganography has been able to "hide" text in images for quite some time now. Basically you cram whatever info you want into the 'unused' or 'less used' bytes of the image. With this in mind I imagine even if you did have an image repository of only 8 images you could add some random bytes to the right spots in the image without distorting it beyond recognition/corrupting it, and therefore get a hybrid of static/on-the-fly images, that hashing couldn't break so simply. Yes, that's the conclusion I came to in this experiment. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-09 Thread Martin Marques

Stut escribió: As with most things these days it probably breaches the DMCA. But frankly speaking, if doing that works then the developers of the application, and by extension the company, deserve everything they get. DMCA is a real piece of crap. -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > On 4/9/07, Travis Doherty <[EMAIL PROTECTED]> wrote: > > Robert Cummings wrote: > > > > >On Mon, 2007-04-09 at 12:51 -0400, tedd wrote: > > > > > > > > >>At 9:58 AM -0400 4/9/07, Robert Cummings wrote: > > >> > > >> > > >> > > >>>Hi Tedd, > > >>> > > >>>Put down the crack pipe please... captcha images are usually generated > > >>>on the fly. Their image repository is 0. Their image universe is all of > > >>>the permutations of an image containing all of the range of serial codes > > >>>embedded in the images according to their morphing routine. I highly > > >>>doubt the US Government could afford the space required to store all of > > >>>the permutations. Considering the number of bytes available to a > > >>>dynamically generated image, it is highly likely that the images would > > >>>be capable of exhausting the entire md5 universe. > > >>> > > >>>Cheers, > > >>>Rob. > > >>> > > >>> > > >>Rob: > > >> > > >>Duh -- put down the joint and stay on the subject. We were talking > > >>about M$'s "picture" captcha where they show pictures and ask a > > >>question like "Pick the picture that shows a kitty" and NOT an "on > > >>the fly" graphic captcha. There are different types of captchas. > > >> > > >> > > > > > >Ah, I see. I was too lazy to go check since I don't use Microsoft except > > >insofar as to make things work in their crappy browser. Either way, can > > >you verify the images are static? See if getting two kitty cats produces > > >the same md5 signature :) Just because it's a picture doesn't invalidate > > >what I said. > > > > > >Cheers, > > >Rob. > > > > > > > > Steganography has been able to "hide" text in images for quite some time > > now. Basically you cram whatever info you want into the 'unused' or > > 'less used' bytes of the image. > > > > With this in mind I imagine even if you did have an image repository of > > only 8 images you could add some random bytes to the right spots in the > > image without distorting it beyond recognition/corrupting it, and > > therefore get a hybrid of static/on-the-fly images, that hashing > > couldn't break so simply. > > > > 2 cents... > > > > Travis Doherty > > This is exactly what tedd did in his last arrow example. He edited the > header of the GIF image, and so that would result in different MD5. > > Finding this part and skipping it in the MD5 check would do the job. :) Yep, that's an obvious solution since it's the same way virus signatures are matched. The entire image needs some kind of permutation. Passing a couple of curved ripples across the image as a transformation, and in different directions should suffice to obfuscate the image signature without obfuscating the image itself :) Similarly watermarking the image using fractal patterns should also provide good noise. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Where to insert a phrase in the right place

2007-04-09 Thread Mário Gamito

Hi, Jay Blanchard wrote: > [snip] > How can i make the word "Welcome" appear only after the login ? > [/snip] > > If you set a cookie upon login you can then check for the existence of the > cookie. If the cookie exists do not display 'Welcome'. I have: session_start(); session_register("email"); in the beginning of the file. I've tried: if (isset($_SESSION['email'])) print('Welcome ' . $name); but obviously it prints the "Welcome" word as the same. Any ideas ? Thanks in advance. Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread tedd

At 4:39 PM -0400 4/9/07, Robert Cummings wrote: On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > This is exactly what tedd did in his last arrow example. He edited the header of the GIF image, and so that would result in different MD5. Finding this part and skipping it in the MD5 check would do the job. :) Yep, that's an obvious solution since it's the same way virus signatures are matched. The entire image needs some kind of permutation. Passing a couple of curved ripples across the image as a transformation, and in different directions should suffice to obfuscate the image signature without obfuscating the image itself :) Similarly watermarking the image using fractal patterns should also provide good noise. Cheers, Rob. Rob: It doesn't need to be complicated, just random placed pixels on the image from a selection of colors would provide millions of permutations. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] mysql if empty

2007-04-09 Thread chris

If I search for something in mysql that returns an empty result I cant get it to return "No result found" always returns "Found" even though the recoed does not exist... $sql = "SELECT Client FROM booked WHERE Name = 'larry'"; $result = mysql_query($sql); if ($result == "") { echo "No result found"; } echo "Found"; - Original Message - From: "Martin Marques" To: "Stut" <[EMAIL PROTECTED]> Cc: "Tijnema !" <[EMAIL PROTECTED]>; "tedd" <[EMAIL PROTECTED]>; "Peter Lauri" <[EMAIL PROTECTED]>; "Ólafur Waage" <[EMAIL PROTECTED]>; Sent: Monday, April 09, 2007 9:45 PM Subject: Re: [PHP] Session Authentication Stut escribió: As with most things these days it probably breaches the DMCA. But frankly speaking, if doing that works then the developers of the application, and by extension the company, deserve everything they get. DMCA is a real piece of crap. -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática | Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql if empty

2007-04-09 Thread afan

> If I search for something in mysql that returns an empty result I cant get > it to return > "No result found" always returns "Found" even though the recoed does not > exist... > > > $sql = "SELECT Client FROM booked WHERE Name = 'larry'"; > > $result = mysql_query($sql); > > if ($result == "") > { > echo "No result found"; > } > echo "Found"; try this: $sql = "SELECT Client FROM booked WHERE Name = 'larry'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { echo "No result found"; } else { $myresults = mysql_fetch_array($result); } -afan > > > - Original Message - > From: "Martin Marques" > To: "Stut" <[EMAIL PROTECTED]> > Cc: "Tijnema !" <[EMAIL PROTECTED]>; "tedd" <[EMAIL PROTECTED]>; "Peter > Lauri" <[EMAIL PROTECTED]>; "Ólafur Waage" <[EMAIL PROTECTED]>; > > Sent: Monday, April 09, 2007 9:45 PM > Subject: Re: [PHP] Session Authentication > > >> Stut escribió: >>> As with most things these days it probably breaches the DMCA. But >>> frankly >>> speaking, if doing that works then the developers of the application, >>> and >>> by extension the company, deserve everything they get. >> >> DMCA is a real piece of crap. >> >> -- >> select 'mmarques' || '@' || 'unl.edu.ar' AS email; >> - >> Martín Marqués | Programador, DBA >> Centro de Telemática | Administrador >>Universidad Nacional >> del Litoral >> - >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql if empty

2007-04-09 Thread Lori Lay

[EMAIL PROTECTED] wrote: If I search for something in mysql that returns an empty result I cant get it to return "No result found" always returns "Found" even though the recoed does not exist... $sql = "SELECT Client FROM booked WHERE Name = 'larry'"; $result = mysql_query($sql); if ($result == "") { echo "No result found"; } echo "Found"; Use isset. if (!isset($result)) { echo "No result found"; }... Lori -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql if empty

2007-04-09 Thread Davi

Em Segunda 09 Abril 2007 18:27, Lori Lay escreveu: > [EMAIL PROTECTED] wrote: > > If I search for something in mysql that returns an empty result I cant > > get it to return > > "No result found" always returns "Found" even though the recoed does > > not exist... > > > > > > $sql = "SELECT Client FROM booked WHERE Name = 'larry'"; > > > > $result = mysql_query($sql); > > > > if ($result == "") > > { > > echo "No result found"; > > } > > echo "Found"; > > Use isset. > > if (!isset($result)) { > echo "No result found"; > }... > > Lori $result is set ($result = mysql_query($query))... compare to 0 is satisfatory: $result=mysql_query($query) $results=mysql_num_rows($result) if($results==0) { echo "no result found"; } elseif($results<0) { echo "Some error? ".mysql_error(); } else { //your code here } -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: " I imagine bugs and girls have a dim perception that nature played a cruel trick on them, but they lack the intelligence to really comprehend the magnitude of it. -- Calvin" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Design Dilemma - Database Data Abstraction

2007-04-09 Thread Tony Marston

""Martin Alterisio"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >I have a dilemma on a design where I humbly ask your help. I'm working on > the model part of a web application (not to be understood in the "web2.0" > way, but in a more general way, where anything mounted on HTTP is a web > application) done in PHP5 following the MVC design pattern. But the strong > point is that the result must be those-who-never-RTFM-proof. But that's > not > my dilemma, I only mention this so that no RoR concept or similar is > thrown > into the table, that is, NO ActiveRecord. > > The solution I presented is to access, and act upon, a database as if they > were PHP arrays, meaning that a table is presented as an array of records. > Here comes my dilemma. But first let me explain a bit about the scenario > so > far: > > * It's aceptable that some restrictions are set upon the DB structure, > only > if at least the following constructions are allowed: > a) tables with only one field in the PK (usually an autonumeric int). > b) tables with a one-to-many relationship with itself, and one field PK > (a > tree structure). > c) tables with a one-to-one relationship, and at most two fields in the > PK, and if there are two, one is a FK. > d) tables with a one-to-many relationship with one of the before > mentioned > tables, at most two fields in the PK, and if there are two, one is a FK. > e) tables that create a many-to-many relationship between two of the > before mentioned tables, with possibly extra fields other than the fields > of > the relationship, at most three fields int the PK, and if there are two or > more, two of them are FK. > > * The actions than will be more used to access the data will be: > a) get one record using its PK, or a combination of FKs where it applies. > b) get one record using a unique key. > c) update or delete one record using its PK. > d) insert one record > e) loop on many records of one table, all or just one "page", or those > related to a FK. > f) order the records before the loop > > My dilemma is as follows: a PHP array is a construct more restricted than > a > DB table. In a PHP array the index is either an int or a string, in a > table > de index can be any combination of fields. Then, my problem is how to > design > coherently the indexing of the arrays that represent the DB tables. > > I could index by the order as they are presented by the DB: > > $DB['users'][0] is the first user from the query "SELECT * FROM users" > $DB['users'][1] is the second user from the query "SELECT * FROM users" > etc.. > > But this have many cons. First, without a deterministic order, the array > can > change its logic order on the whim of the DB, nobody assures that the > order > will be kept after a modification is made to the data, and this can be > confusing and error prone: > > $name1 = $DB['users'][3]['name']; > $name2 = $DB['users'][5]['name']; > $DB['users'][3]['name'] = $name2; > $DB['users'][5]['name'] = $name1; > > The last sentence may not be writing to the adequate record. > > But this indexation has its pros. It can be used with a traditional for > loop > (although it will prove inefficient in most cases). And the records after > and before can be easily obtained. > > Another possible indexation could be by the value of the PK, but this also > have some problems. First, it can be confusing if the PK is an autonumeric > int, as this might be seen as a numeric indexation. Second, not all tables > have only one field as PK (I can ask that all tables have at least a PK, > but > I can't ask that the PK is made of only one field). > > But I have many pros with this strategy. I solve the actions on one record > using the PK (only if the PK is made of only one field): > > $user = $DB['users'][$userid]; // get > $DB['users'][$userid] = $user; // update or insert > $DB['users'][] = $userid; // insert > unset($DB['users'][$userid]); // delete > > I think I could use other than ints and strings in the array index, but I > rather stick to keeping this as seemingly equal to PHP arrays. I also > could > use FK relationships to solve this, for example, if tone table has an > index > made of two fields, one is an FK to another table, I could make one table > look as an array inside the other: > > foreach ($DB['users'][$userid]['address_book'] as $address) { > ... > } > > In this case address_book refers to another table rather than a field (I > would have to ask that there are no fields with the same name). This table > has an FK to the id of the users tables and one other record working as a > PK. Accesing the array this way I have one of the values of the PK (the > user > id), and I use the other as the array index. > > There is also the problem with many-to-many relationships. If there was > only > one table that related two tables in this way, I could do the following: > > $DB['users'][$userid]['groups'] <- groups where the user belongs > $DB['groups'][$gro

Re: [PHP] Where to insert a phrase in the right place

2007-04-09 Thread Mário Gamito

Hi, André Medeiros wrote: > session_start(); > if(!isset($_SESSION['greeted'])) { >echo "Welcome"; >$_SESSION['greeted'] = 1; > } > ?> It doesn't work :( if ($_SESSION['greeted'] == 1) print('Welcome ' . $name); $_SESSION['greeted'] is always equal to 1 as set in the beginning of the file. http://www.telbit.pt/2/login.php Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Tijnema !

On 4/9/07, tedd <[EMAIL PROTECTED]> wrote: At 4:39 PM -0400 4/9/07, Robert Cummings wrote: >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > > > This is exactly what tedd did in his last arrow example. He edited the >> header of the GIF image, and so that would result in different MD5. >> >> Finding this part and skipping it in the MD5 check would do the job. :) > >Yep, that's an obvious solution since it's the same way virus signatures >are matched. The entire image needs some kind of permutation. Passing a >couple of curved ripples across the image as a transformation, and in >different directions should suffice to obfuscate the image signature >without obfuscating the image itself :) Similarly watermarking the image >using fractal patterns should also provide good noise. > >Cheers, >Rob. Rob: It doesn't need to be complicated, just random placed pixels on the image from a selection of colors would provide millions of permutations. Cheers, tedd But then OCR would still work, as when somebody scans a document, there are also some "not white" pixels. Tijnema -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql if empty

2007-04-09 Thread Paul Novitski

At 4/9/2007 02:18 PM, [EMAIL PROTECTED] wrote: If I search for something in mysql that returns an empty result I cant get it to return "No result found" always returns "Found" even though the recoed does not exist... $sql = "SELECT Client FROM booked WHERE Name = 'larry'"; $result = mysql_query($sql); if ($result == "") { echo "No result found"; } echo "Found"; $result tells you whether or not the query executed successfully. If ($result === FALSE), look to mysql_error() for a description of the problem. Otherwise, $result is the handle to the query's result. A successful (non-error-producing) query can return zero rows of data. A perfect example is when you check a user table to make sure a username isn't already taken before creating a new record. Read this page again carefully: http://php.net/mysql_query Regards, Paul __ Paul Novitski Juniper Webcraft Ltd. http://juniperwebcraft.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] DOM and XSLTProcessor

2007-04-09 Thread Tony Marston

If there are parts of an XML document where you do not want '<' and '>' changed in '<' and '>' during the transformation then you need to use the disable-output-escaping option, as in the following example. You also need to insert such text into the XML document using the createCDATASection() method otherwise the tags will be converted BEFORE the XSLT processor gets to look at it. -- Tony Marston http://www.tonymarston.net http://www.radicore.org ""Buesching, Logan J"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] This could offer a possible workaround. Let me first state that I cannot simply do: echo htmlspecialchars_decode($proc->transformToXML($doc)); If I were to do that, then it would assume that all of these encodings need to be decoded; which definitely is not the case. I only want to do this for a few of the encodings, which I will know before the XSL processing. I guess I can do some processing after it went through the XSL Processor to decode some of the encodings that I do not want, but that just seems like it would add a lot of unnecessary overhead if it can be avoided. Thanks for the idea though. -Logan -Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Monday, April 09, 2007 4:40 AM To: Buesching, Logan J Cc: php-general@lists.php.net Subject: Re: [PHP] DOM and XSLTProcessor On 4/9/07, Buesching, Logan J <[EMAIL PROTECTED]> wrote: > Greetings, > > > > I apologize if this is a little long, but I am trying to put as much > information as I have done in this first post. I am running PHP 5 and > attempting to use DOM to create data to show on a webpage and using > XSLTProcessor with an XSLT sheet to output it into XHTML. Everything is > pretty fine an dandy until I wish to print raw text, such as xdebug and > var_dump. > > > > My knowledge of DOM and XSLTProcessor is about a 5/10, such that I know > most basics, but not the more advanced things. Whenever I try to add > data using createTextNode, it is always escaped, such that if I do > something, when shown to the screen, it shows > etc... > > > > Here is the general outline: > > > > > $doc=new DOMDocument("1.0"); > > $root=$doc->createElement("root"); > > $wantedCode=$doc->createTextNode("Something"); > > $root->appendChild($wantedCode); > > $doc->appendChild($root); > > $proc=new XSLTProcessor; > > $proc->importStylesheet(DOMDocument::load("test.xslt")); > > echo $proc->transformToXML($doc); > > ?> > > > > SomeSheet is something like: > > > > > > > > > > The expected output that I would like to get is: > > Something > > (This would just bold my text, not literally see the tags). > > > > The actual output is: > > Something > > (This outputs the tags to the end user, which is what I do not > want). > > > > I checked the manual at: > http://us3.php.net/manual/en/function.dom-domdocument-createtextnode.php > . A user comment suggested to use CDATA nodes, so I attempted to change > my code to the following: > > > > > $doc=new DOMDocument("1.0"); > > $root=$doc->createElement("root"); > > //note the change right here > > $wantedCode=$doc->createCDATASection("Something"); > > $root->appendChild($wantedCode); > > $doc->appendChild($root); > > $proc=new XSLTProcessor; > > $proc->importStylesheet(DOMDocument::load("test.xslt")); > > echo $proc->transformToXML($doc); > > > > ?> > > > > But this was of no success; it just had the same output. > > > > Is there anyone that is able to help me out here? > > > > Thanks, > > Logan Try using htmlspecialchars_decode before outputting your data: http://www.php.net/manual/en/function.htmlspecialchars-decode.php Tijnema > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql if empty

2007-04-09 Thread Satyam

An empty result is still a valid result. As long as the SQL statement is valid, you will get a result set. This doesn't meant that the variable holding the reference to the result set is itself empty, but that you will fail to fetch any results from it. Satyam - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Monday, April 09, 2007 11:18 PM Subject: [PHP] mysql if empty If I search for something in mysql that returns an empty result I cant get it to return "No result found" always returns "Found" even though the recoed does not exist... $sql = "SELECT Client FROM booked WHERE Name = 'larry'"; $result = mysql_query($sql); if ($result == "") { echo "No result found"; } echo "Found"; - Original Message - From: "Martin Marques" To: "Stut" <[EMAIL PROTECTED]> Cc: "Tijnema !" <[EMAIL PROTECTED]>; "tedd" <[EMAIL PROTECTED]>; "Peter Lauri" <[EMAIL PROTECTED]>; "Ólafur Waage" <[EMAIL PROTECTED]>; Sent: Monday, April 09, 2007 9:45 PM Subject: Re: [PHP] Session Authentication Stut escribió: As with most things these days it probably breaches the DMCA. But frankly speaking, if doing that works then the developers of the application, and by extension the company, deserve everything they get. DMCA is a real piece of crap. -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática | Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.0.0/752 - Release Date: 08/04/2007 20:34 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Question about OO design

2007-04-09 Thread Chris W. Parker

Hello, I'm working on a project now and I'd like to get some feedback on how to implement a proper class (or two). This is an application that records an employee's used vacation time. There are two tables: (1) events, (2) users. Users: id (int) name (varchar) email (varchar) balance (mediumint, stored in seconds) // this is the balance for // the user after all events // have been accounted for. accrual (smallint, stored in seconds) is_manager (bool) Events: id (int) uid (int, users.id) date (date) duration (smallint, stored in seconds) balance (smallint, stored in seconds) // this is the balance for // the user at the time the // event was added. created (datetime) Currently I have just one class called User that looks like this: (I'm dealing with PHP4.) class User { var id; var name; var email; var balance; var accrual; var is_manager; function User($user_id) { $this->id = $user_id; $this->name = get_name(); // ... $this->accrual = get_accrual(); } function get_name() { // get name from db $sql = "..."; $db =& DB::singleton(); $db->execute($sql); } function get_email() function get_accrual() function is_manager() { // same as above more or less } function get_events() { // this function gets all the events for // the current users and returns them // as an array. } function add_event() { // this function adds a single event for // the current user. it also recalculates // the 'balance' for each event because // of data display requirements. } function del_event($event_id) { // delete an event from the current user's // events list based on $event_id. } } As I started to write this and use it I get the feeling that there should also be an Event class that is extended by the User class. Reason being that each User object is a reference to the currently logged in user, not anyone else. But if you're a manager you have the responsibility to approve/deny and/or add/delete events for your employees. But with that in mind I've gone from a class that handles the currently logged in user to one that handles the currently logged in user plus any number of other users. I guess I'm thinking of this in the same terms as db normalization. Ex: I could add an extra price_level column to my products table each time I need a new pricing level but it's probably better to create a separate table called products_prices. It's slightly more complicated but it would allow me to have as many pricing levels as I want without modifying my databse or code. I'd appreciate any kind of feedback on this. If I haven't been clear with something please let me know. Thanks, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Need a working SOAP example using SOAP -- PHP is blocking the calls

2007-04-09 Thread Jochem Maas

Daevid Vincent wrote: c, could you be having a problem related to the allow_url_fopen ini setting? >>> Now we're talkin! >>> >>> Okay, I made sure that allow_url_fopen and >>> allow_url_include are both "on". >>> Verified via phpinfo(); >>> >>> Still no luck. :-\ >>> >>> However, this sparked an idea... >>> >>> I have been using my WinXP and IE to hit my Gentoo notebook running >>> apache2/php/etc. (samba mounting the /home/machine/... to >>> edit the files) >>> >>> When I fired up KDE and hit the EXACT same pages (which are >>> now local), they magically worked! >>> >>> So now the question is, what setting do I have to change in >>> my php.ini file to get remote requests to work? >> I'm not following what you mean by local and remote and when >> your considering something to be one or the other. > > (locutus) Gentoo/Notebook/Apache/PHP/Samba > > (gabriel) WinXP/IDE/IE6 > > All the code sits on locutus. I samba share the directory so can edit in my > HomeSite IDE on gabriel. I edit my 'hosts' file (on both machines) to point > at the proper IP (172.16.35.223 machine.locutus.com) setting up a vhost on > locutus, etc... > ... I follow you now. doesn't smell like a php issue, more like something at the OS or firewall level. probably time to start tailing the relevant logs (e.g. apache, system message, etc) to see if you get a hint. what happens if you point machine.locutus.com to 127.0.0.1 on locutus? do the scripts on locutus return what you expect if you var_dump() the relevant calls to gethostbyname(), gethostbynamel(), gethostbyaddr()? > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Micky Hulse

tedd wrote: .. that's the reason for the alt attribute. Thanks for clarification! :) You are doing some great work with captchas... I also really like your audio captcha experiments. Keep up the great work! Cheers, Micky -- Wishlists: Switch: BCC?: My: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] MySQL exceptions

2007-04-09 Thread Davi

Hi all! I'm developing an OOP app using PHP 5. I want to use try-catch with mysql functions. So, the question is: what are the exceptions classes of MySQL? Where can I found it? TIA -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "BOFH Excuse #426: internet is needed to catch the etherbunny" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Design Dilemma - Database Data Abstraction

2007-04-09 Thread Martin Alterisio

2007/4/9, Tony Marston <[EMAIL PROTECTED]>: ""Martin Alterisio"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >I have a dilemma on a design where I humbly ask your help. I'm working on > the model part of a web application (not to be understood in the "web2.0 " > way, but in a more general way, where anything mounted on HTTP is a web > application) done in PHP5 following the MVC design pattern. But the strong > point is that the result must be those-who-never-RTFM-proof. But that's > not > my dilemma, I only mention this so that no RoR concept or similar is > thrown > into the table, that is, NO ActiveRecord. > > The solution I presented is to access, and act upon, a database as if they > were PHP arrays, meaning that a table is presented as an array of records. > Here comes my dilemma. But first let me explain a bit about the scenario > so > far: > > * It's aceptable that some restrictions are set upon the DB structure, > only > if at least the following constructions are allowed: > a) tables with only one field in the PK (usually an autonumeric int). > b) tables with a one-to-many relationship with itself, and one field PK > (a > tree structure). > c) tables with a one-to-one relationship, and at most two fields in the > PK, and if there are two, one is a FK. > d) tables with a one-to-many relationship with one of the before > mentioned > tables, at most two fields in the PK, and if there are two, one is a FK. > e) tables that create a many-to-many relationship between two of the > before mentioned tables, with possibly extra fields other than the fields > of > the relationship, at most three fields int the PK, and if there are two or > more, two of them are FK. > > * The actions than will be more used to access the data will be: > a) get one record using its PK, or a combination of FKs where it applies. > b) get one record using a unique key. > c) update or delete one record using its PK. > d) insert one record > e) loop on many records of one table, all or just one "page", or those > related to a FK. > f) order the records before the loop > > My dilemma is as follows: a PHP array is a construct more restricted than > a > DB table. In a PHP array the index is either an int or a string, in a > table > de index can be any combination of fields. Then, my problem is how to > design > coherently the indexing of the arrays that represent the DB tables. > > I could index by the order as they are presented by the DB: > > $DB['users'][0] is the first user from the query "SELECT * FROM users" > $DB['users'][1] is the second user from the query "SELECT * FROM users" > etc.. > > But this have many cons. First, without a deterministic order, the array > can > change its logic order on the whim of the DB, nobody assures that the > order > will be kept after a modification is made to the data, and this can be > confusing and error prone: > > $name1 = $DB['users'][3]['name']; > $name2 = $DB['users'][5]['name']; > $DB['users'][3]['name'] = $name2; > $DB['users'][5]['name'] = $name1; > > The last sentence may not be writing to the adequate record. > > But this indexation has its pros. It can be used with a traditional for > loop > (although it will prove inefficient in most cases). And the records after > and before can be easily obtained. > > Another possible indexation could be by the value of the PK, but this also > have some problems. First, it can be confusing if the PK is an autonumeric > int, as this might be seen as a numeric indexation. Second, not all tables > have only one field as PK (I can ask that all tables have at least a PK, > but > I can't ask that the PK is made of only one field). > > But I have many pros with this strategy. I solve the actions on one record > using the PK (only if the PK is made of only one field): > > $user = $DB['users'][$userid]; // get > $DB['users'][$userid] = $user; // update or insert > $DB['users'][] = $userid; // insert > unset($DB['users'][$userid]); // delete > > I think I could use other than ints and strings in the array index, but I > rather stick to keeping this as seemingly equal to PHP arrays. I also > could > use FK relationships to solve this, for example, if tone table has an > index > made of two fields, one is an FK to another table, I could make one table > look as an array inside the other: > > foreach ($DB['users'][$userid]['address_book'] as $address) { > ... > } > > In this case address_book refers to another table rather than a field (I > would have to ask that there are no fields with the same name). This table > has an FK to the id of the users tables and one other record working as a > PK. Accesing the array this way I have one of the values of the PK (the > user > id), and I use the other as the array index. > > There is also the problem with many-to-many relationships. If there was > only > one table that related two tables in this way, I could do the following: > > $DB['users'][$userid]['groups'] <- groups where the user

Re: [PHP] Session Authentication

2007-04-09 Thread Ólafur Waage

Thanks for the replies guys, became a pretty big thread. The actual code is just a select statement from the user table using sprintf and mysql_real_escape_string for the username and password. I count how many row's the select statement returns, if its not zero then i authenticate by setting a session variable to true (the one in my 1st post) Thanks again. 2007/4/9, Martin Marques : Stut escribió: > As with most things these days it probably breaches the DMCA. But > frankly speaking, if doing that works then the developers of the > application, and by extension the company, deserve everything they get. DMCA is a real piece of crap. -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral -

Re: [PHP] Question about OO design

2007-04-09 Thread Jochem Maas

Chris W. Parker wrote: > Hello, > > I'm working on a project now and I'd like to get some feedback on how to > implement a proper class (or two). > > This is an application that records an employee's used vacation time. > There are two tables: (1) events, (2) users. > > Users: > > id (int) > name (varchar) > email (varchar) > balance (mediumint, stored in seconds) // this is the balance for >// the user after all events >// have been accounted for. > accrual (smallint, stored in seconds) > is_manager (bool) > > Events: > > id (int) > uid (int, users.id) > date (date) > duration (smallint, stored in seconds) > balance (smallint, stored in seconds) // this is the balance for > // the user at the time the > // event was added. > created (datetime) > > > Currently I have just one class called User that looks like this: > > > (I'm dealing with PHP4.) > > class User > { > var id; > var name; > var email; > var balance; > var accrual; > var is_manager; > > function User($user_id) > { > $this->id = $user_id; > $this->name = get_name(); > // ... > $this->accrual = get_accrual(); > } > > function get_name() > { > // get name from db > $sql = "..."; > > $db =& DB::singleton(); > $db->execute($sql); you probably only want one DB call to populate the User object with all the relevant user data at the point where the object is created. function User($user_id) { // check the user id properly? // see the getEmployee() example below for the // reason for the array usage if (is_array($user_id)) { $this->id = $user_id['id']; $this->load($user_id); } else { $this->id = $user_id; $this->load(); } } function load($data = null) { if (!is_array($data) || empty($data)) { // get user data from db $sql = "SELECT * FROM users WHERE id={$this->id}"; // error checking? $db =& DB::singleton(); $db->execute($sql); $data = $db->getRow(); } $this->name = $data['name']; $this->accrual = $data['accrual']; $this->email= $data['email']; /// etc } > > function get_email() > function get_accrual() > function is_manager() > { > // same as above more or less > } > > function get_events() > { > // this function gets all the events for > // the current users and returns them > // as an array. > } > > function add_event() > { > // this function adds a single event for > // the current user. it also recalculates > // the 'balance' for each event because > // of data display requirements. > } > > function del_event($event_id) > { > // delete an event from the current user's > // events list based on $event_id. > } > } > > > As I started to write this and use it I get the feeling that there > should also be an Event class that is extended by the User class. Reason if you use an Event class then it should just represent an Event (and a User object would [probably] contain an array of Event objects). AFAICT there is no good reason to have Event extend User. > being that each User object is a reference to the currently logged in > user, not anyone else. the User class is merely a representation of *a* user - you can use an instance for the currently logged in user, but that doesn't stop you from using the same class to model the collection of users that fall under a given manager. > But if you're a manager you have the > responsibility to approve/deny and/or add/delete events for your > employees. // you might need to f around with returning references here, // (I can never quite get that right without a bit of trial and error in php4) function getEmployees() { // consider caching the result? $emps = array(); if ($this->is_manager) { // get user data from db $sql = "SELECT * FROM users WHERE manager_id={$this->id}"; // error checking? $db =& DB::singleton(); $db->execute($sql); while ($data = $db->getRow()) $emps[] =& new User($data); } return $emps; } > > But with that in mind I've gone from a class that handles the currently > logged in user to one that handles the currently logged in user plus any > number of other users. > > I guess

Re: [PHP] MySQL exceptions

2007-04-09 Thread Jochem Maas

Davi wrote: > Hi all! > > I'm developing an OOP app using PHP 5. > I want to use try-catch with mysql functions. > > So, the question is: what are the exceptions classes of MySQL? > Where can I found it? IIRC mysqli (certainly not mysql) extension does not throw exceptions, so write code that checks for errors using the relevant functions and throw your own exceptions as you see fit. the reasoning is that php doesn't force you to use exceptions - other than some caveats, like the SOAP extension, some SPL classes (I think), etc. > > TIA > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Question about OO design

2007-04-09 Thread Chris W. Parker

On Monday, April 09, 2007 3:51 PM Jochem Maas said: Thanks for the response Jochem. > Chris W. Parker wrote: [snip] > you probably only want one DB call to > populate the User object with all the relevant > user data at the point where the object is created. [snip] Ok. I see what you're saying. If I populate all that data during the constructor why would I ever call the function again right? [snip] >> As I started to write this and use it I get the feeling that there >> should also be an Event class that is extended by the User class. >> Reason > > if you use an Event class then it should just represent an Event (and > a User object would [probably] contain an array of Event objects). > AFAICT there is no good reason to have Event extend User. I see. >> being that each User object is a reference to the currently logged in >> user, not anyone else. > > the User class is merely a representation of *a* user - you can > use an instance for the currently logged in user, but that doesn't > stop you from using the same class to model the collection of users > that fall under a given manager. I see. > // you might need to f around with returning references here, > // (I can never quite get that right without a bit of trial and error > in php4) function getEmployees() > { > // consider caching the result? > $emps = array(); > if ($this->is_manager) { > > // get user data from db > $sql = "SELECT * FROM users WHERE manager_id={$this->id}"; > > // error checking? > $db =& DB::singleton(); > $db->execute($sql); > while ($data = $db->getRow()) > $emps[] =& new User($data); > } > > return $emps; > } How do I reference a User object within the $emps array? Is it like $emps[0]->accrual ? Thanks, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: MySQL exceptions

2007-04-09 Thread itoctopus

Use the @ in front of the statement and then check the result if it's valid. -- itoctopus - http://www.itoctopus.com "Davi" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi all! > > I'm developing an OOP app using PHP 5. > I want to use try-catch with mysql functions. > > So, the question is: what are the exceptions classes of MySQL? > Where can I found it? > > TIA > > > -- > Davi Vidal > [EMAIL PROTECTED] > [EMAIL PROTECTED] > -- > > Agora com fortune: > "BOFH Excuse #426: > > internet is needed to catch the etherbunny" -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question about OO design

2007-04-09 Thread Jochem Maas

Chris W. Parker wrote: > On Monday, April 09, 2007 3:51 PM Jochem Maas > said: > > Thanks for the response Jochem. > >> Chris W. Parker wrote: > > [snip] > >> you probably only want one DB call to >> populate the User object with all the relevant >> user data at the point where the object is created. > > [snip] > > Ok. I see what you're saying. If I populate all that data during the > constructor why would I ever call the function again right? you could refresh the data if needed - but basically the idea is to cut down the user data grab into a single sql call. > > [snip] > >>> As I started to write this and use it I get the feeling that there >>> should also be an Event class that is extended by the User class. >>> Reason >> if you use an Event class then it should just represent an Event (and >> a User object would [probably] contain an array of Event objects). >> AFAICT there is no good reason to have Event extend User. > > I see. > >>> being that each User object is a reference to the currently logged in >>> user, not anyone else. >> the User class is merely a representation of *a* user - you can >> use an instance for the currently logged in user, but that doesn't >> stop you from using the same class to model the collection of users >> that fall under a given manager. > > I see. > >> // you might need to f around with returning references here, >> // (I can never quite get that right without a bit of trial and error >> in php4) function getEmployees() >> { >> // consider caching the result? >> $emps = array(); >> if ($this->is_manager) { >> >> // get user data from db >> $sql = "SELECT * FROM users WHERE > manager_id={$this->id}"; >> // error checking? >> $db =& DB::singleton(); >> $db->execute($sql); >> while ($data = $db->getRow()) >> $emps[] =& new User($data); $emps[$data['id']] =& new User($data); >> } >> >> return $emps; >> } > > How do I reference a User object within the $emps array? > > Is it like $emps[0]->accrual ? that's one way, you might consider keying the emps array on the user id for easier retrieval (see above), which would allow you to quickly reference the correct employee User object when a manager performs an action on a given emp. or when a manager edits multiple employees: $manager =& new User($_SESSION['userid']); $emps= $manager->getEmployees(); // think about using references here? foreach ($emps as $id => $emp) { if (isset($_POST['emps'][$id])) { // just some vague 'update' concept/action thingummy $emp->doSomeUpdateStuff($_POST['emps'][$id]); $emp->saveUpdateStuffToDB(); } } or a different tack foreach ($_POST['emps'] as $id => $stuff)) { $manager->updateEmpStuff($id, $stuff); } // where updateEmpStuff does something like User { function updateEmpStuff($id, $stuff) { if ($this->is_manager) { // don't forget to cache the emps array?? // don't forget the use of references?? $emps = $this0>getEmployees(); if (isset($emps[$id])) { // again a vague thingummy representing something // a manager might [need to be able to] do. $emps[$id]->managerUpdatesStuff($stuff); } } } } > > > > Thanks, > Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: MySQL exceptions

2007-04-09 Thread Davi

Em Segunda 09 Abril 2007 21:21, itoctopus escreveu: > Use the @ in front of the statement and then check the result if it's > valid. > > -- > itoctopus - http://www.itoctopus.com I already use it, but I believe that try-catch would be _more_ useful... With try-cath I can _get_ more errors instead with a if-then-else clasule... i.e.: with if-then-else: $connect=mysql_connect(...); if($connect) { if(!(mysql_select_db(...,$connect))) { echo "Impossible select db."; } } else { echo "Impossible connect to server."; } If I want to get some debug info, I put some mysql_error() and I get the error string and error code (mysql_errno()), but I believe that with exception I can get some useful error message without... hum... *critical* infos... try { $connect=mysql_connect(...); mysql_select_db(...,$connect); } catch (CONNECTION_EXCEPTION $e) { echo "Impossible connect: ".$e->get_message(); } catch (SELECT_EXCEPTION $e) { echo "Impossible select db: ".$e->get_message(); } catch (ANOTHER_USEFUL_EXCEPTION $e) { echo "another error: ".$e->get_message(); } catch (Exception $e) { echo "Unknown error: ".$e->get_message(); } I'm right? TIA -- Davi Vidal [EMAIL PROTECTED] [EMAIL PROTECTED] -- Agora com fortune: "Stanford women are responsible for the success of many Stanford men: they give them "just one more reason" to stay in and study every night." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-09 Thread Robert Cummings

On Mon, 2007-04-09 at 17:14 -0400, tedd wrote: > At 4:39 PM -0400 4/9/07, Robert Cummings wrote: > >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote: > > > > > This is exactly what tedd did in his last arrow example. He edited the > >> header of the GIF image, and so that would result in different MD5. > >> > >> Finding this part and skipping it in the MD5 check would do the job. :) > > > >Yep, that's an obvious solution since it's the same way virus signatures > >are matched. The entire image needs some kind of permutation. Passing a > >couple of curved ripples across the image as a transformation, and in > >different directions should suffice to obfuscate the image signature > >without obfuscating the image itself :) Similarly watermarking the image > >using fractal patterns should also provide good noise. > > > >Cheers, > >Rob. > > Rob: > > It doesn't need to be complicated, just random placed pixels on the > image from a selection of colors would provide millions of > permutations. No, you're wrong. Read the part about I mentioned about virus signatures. A small portion of the whole can be used as an identifier where that portion is unique to the overall entity. For instance, I can throw a tub of tar over you, then a tub of feathers ;) ;) and if one of your fingers doesn't get covered, I can still identify your chicken ass ;) Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Curious Problem with $_POST

2007-04-09 Thread Stephen

I have a form for uploading files. It is intended to upload photos. I have it listed at the end. When I upload a jpg everything is fine. The $_POST variable is populated as expected. If I upload a zip file, it is empty! print_r ($_POST); gives Array ( ) If I upload a jpg Print_r gives: Array ( [form] => uploadimagesform [MAX_FILE_SIZE] => 10 [category] => 1 [photo_caption] => Array ( [0] => [1] => [2] => [3] => ) [submit] => Add Photos ) I am at a total loss to understand this, and don't know where to begin. Help! Thanks in advance Stephen name="upload_form"> Select Category Name Purple Photo 1: /> Caption: /> Photo 2: /> Caption: /> Photo 3: /> Caption: /> Photo 4: /> Caption: /> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

1 2 >

1 2 >

1 - 100 of 107 matches

Mail list logo