Re: [PHP] Where to insert a phrase in the right place

2007-04-10 Thread Jan Brucek 

Hi, it seems that you set the $_SESSION['greeted'] variable and
do not unset it anywhere.

If user wants to log-in, and his credentials are OK, you then create
session and set this varaible you want. If it isn't OK, you need to
unset the variable or/and destroy the session so that the variable
won't be set to 1 any more.

Then, you need also to have some logout form/page/whatever to destroy
the session in case user wants to. And unset the variable accordingly.

Hope that helps.

J.

Mário Gamito wrote:

Hi,

André Medeiros wrote:




It doesn't work :(

if ($_SESSION['greeted'] == 1)
 print('Welcome ' . $name);

$_SESSION['greeted'] is always equal to 1 as set in the beginning of the
file.

http://www.telbit.pt/2/login.php

Warm Regards


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] ribs (rsync) problem

2007-04-10 Thread Chris 

Sebe wrote:

anyone here using the ribs php rsync script?


There is a google group for it

http://www.rustyparts.com/ribs.php

So ask there.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redirect http to https

2007-04-10 Thread Chris 



{header("Location: 
https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']);exit;}

?>


Very bad solution.


Don't just tell us it's bad, explain why (even with an RTFM or URL to 
look at)... nobody learns from an answer like this.


The only thing I can think of is that $_SERVER variables can be 
compromised (ie you can't rely on them, they can be changed via curl or 
some other method).


But that's just a guess.

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: 0x9f54

2007-04-10 Thread Man-wai Chang 
> On the other hand, I remember you talked about the type of that
> column to be char(2).  Have you specified what encoding it's using?
> Moreover, I hope you're not using legacy encoding like Big5 or GB.  Use
> Unicode (UTF-8) if your database is a brand new one.

Unfortunately, I am still using Big5. you need a longer field to store
utf-8 codes for the same big5 string right?

-- 
  .~.   Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
 / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 6.10)  Linux 2.6.20.6
  ^ ^   19:11:01 up 3 days 2:02 0 users load average: 1.23 1.12 1.03
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: 0x9f54

2007-04-10 Thread Man-wai Chang 
> Well, show us a part of your code. Do var_dump($value) before you
> enter it into the database, and see if it still says 0x9f54.

The error:

string(2) ""
Duplicate entry '' for key 1

-- 
  .~.   Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
 / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 6.10)  Linux 2.6.20.6
  ^ ^   19:14:01 up 3 days 2:05 1 user load average: 2.24 1.42 1.14
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk
fhandle=new mysqli($host,$usr,$pwd,$db)
or die(mysqli_error($this->fhandle));
$this->query("set names 'big5'");
}
function query($sql_str) {
$this->row=mysqli_query($this->fhandle, $sql_str) or 
die(mysqli_error($this->fhandle));
}
function affected_rows() {
return mysqli_affected_rows($this->row);
}
function num_rows() {
return mysqli_num_rows($this->row);
}
function fetch_assoc() {
return mysqli_fetch_assoc($this->row);
}
function __destruct() {
mysqli_close($this->fhandle);
}
function begin_tran() {
mysqli_autocommit($this->fhandle, FALSE);
}
function commit() {
mysqli_commit($this->fhandle);
mysqli_autocommit($this->fhandle, TRUE);
}
function rollback() {
mysqli_rollback($this->fhandle);
mysqli_autocommit($this->fhandle, TRUE);
}
}

function showcode($cChar) {
return 
"[".dechex(ord(substr($cChar,0,1))).".".dechex(ord(substr($cChar,1,1)))."]";
}


$target=new MYSQL("localhost","testing","root","testing");

$fhandle=dbase_open("/home/bt/canton.DBF",0);
if ($fhandle) {
$reccount=dbase_numrecords($fhandle);
echo "input count: ".$reccount."\n";
$target->query("show tables like 'canton';");
if ($target->num_rows()>0)
$target->query("drop table canton");
$target->query(
"create table canton ("
. " big5 char(2) not null,"
. " thekey char(6),"
. " canton char(10),"
. " changjei char(10),"
. " touched integer,"
. " primary key (big5)"
. " ) character set big5;"
);
for ($ii=1; $ii<=$reccount; $ii++) {
$row=dbase_get_record_with_names($fhandle,$ii);
$ss=$row['BIG5'];
echo var_dump($ss);
$target->query("select * from canton where big5='".$ss."'");
$yy = $target->num_rows();
if ($yy>0) {
$query="update canton set touched="
. $row["TOUCHED"]
. " where big5='" . $ss . "';";
}
else {
$query="insert into canton ("
. " big5,"
. " thekey,"
. " changjei,"
. " canton,"
. " touched "
. ") values ("
. "'$ss',"
. "'".$row["THEKEY"]."',"
. "'".$row["CHANGJEI"]."',"
. "'".$row["CANTON"]."',"
. $row["TOUCHED"]
. ");";
}
$result=$target->query($query);
if (! $target->row)
echo showcode($ss);
}
$result=$target->query("select count(*) as cnt from canton");
$yy = $target->fetch_assoc();
echo "output count: ".$yy['cnt']."\n";
dbase_close($fhandle);
}
?>
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: 0x9f54

2007-04-10 Thread Man-wai Chang 
screenshot of the error:

-- 
  .~.   Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
 / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 6.10)  Linux 2.6.20.6
  ^ ^   19:25:01 up 3 days 2:16 1 user load average: 1.03 1.08 1.08
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] SimpleXML end of element/tag error

2007-04-10 Thread Don Don 
the code section is displayed below
   
  $xml = simplexml_load_file($_POST['feedurl']);
   
  foreach($xml->TT as $TT) 
{
foreach($TT->TOTS as $TOTS)
{
  $cnt++;
   
foreach($TT->TOTS[$cnt]->attributes() as $a => $b)   // problematic 
line.
{
   
  // DISPLAY THE TITLE AND THE VALUES
//echo " $a $b ";   
 }
}
}
   
  the error occours when the parser reaches the end of the last element and 
then fires the error
Fatal error: Call to a member function attributes() on a non-object in line 
(see problematic line)
   
  How can i solve that or determine when there are no more tags to parse.

JM Guillermin <[EMAIL PROTECTED]> wrote:
  And with :

foreach ($xml as $cs) {
.
}
??

jm

- Original Message - 
From: "Don Don" 

To: "PHP List" 

Sent: Thursday, April 05, 2007 10:32 AM
Subject: [PHP] SimpleXML end of element/tag error


>I am using simple xml to parse an xml file, the program parses the file and 
>produces an error at the end of the foreach loop when it reaches the end of 
>the tag, it tries to look for an element/tag when there is none and 
>produces an error "Call to a member function attributes() on a non-object" 
>the foreach loop looks like this
>
> foreach($xml->CS as $CS)
> {
> //processing takes place here
> }
>
> when there are no more CS it fires an error
>
> How can i detect when there are no more elements/tags to parse and handle 
> it?
>
>
> cheers
>
>
> -
> It's here! Your new message!
> Get new email alerts with the free Yahoo! Toolbar. 



 
-
Now that's room service! Choose from over 150,000 hotels 
in 45,000 destinations on Yahoo! Travel to find your fit.

Re: [PHP] keeping credit card info in session

2007-04-10 Thread Eric Butera 

On 4/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

Thanks a lot every one. These are great replies.

I guess I should have explained a bit more about what I'm doing.

first of all, this is not my site, it's for a client of mine.

second, I did suggest using a paypal API or a paid site to take care of this,
but my client said no. She has a credit card processing account and how she
works with it right now, is that interested users email her, she calls them,
gets their credit card info and charges their card manually without the card
present.

so, this is not really my problem, it's what she's been doing before and wants
to continue doing. All she asked me to do is that as part of the form that
people send their requests through, now she wants their credit card info as
well. So that she doesn't have to call them.

And the reason I'm keeping cc info in the session for a few steps, is to take
them to confirmation page, and then the reciept page. and after wards, I want
to keep it in there untill the client logs in to the admin page and sees new
requests, charges them and then deletes them for ever.

So now I've got two different responses, some people say do it, but use
encryption/decryption methods, and some people say don't do it. But if I don't
do it, that means I tell my client that I can't do it and I lose the job.



Thanks again,
Siavash




Quoting Travis Doherty <[EMAIL PROTECTED]>:

> Jochem Maas wrote:
>
> >unless you are a payment gateway or a bank don't touch credit card numbers.
> >there are plenty of threads in the archive of this list that give good
> reasons
> >not to e.g. being sued out of existence.
> >
> >
> 100% agreed.  Never touch credit card numbers.  You can't just take
> credit card numbers and manually process them in 'card not present'
> transactions (or MOTO in more archaic terms.)  You need a merchant
> account that allows for this -- usually at a higher discount rate.
> Check the merchant agreement.
>
> Your client should get an account like this, or better yet, provide you
> with the instructions on how to integrate his site with the payment
> providers so that you never have to worry about credit cards.
>
> As an additional note... Maybe your SSL cert secures the numbers from
> the client to the server, and just maybe your PHP scripts have no
> security flaws in them, but you must remember the server itself and
> everything else outside of PHP.  What if someone found a flaw in the FTP
> server for example, or the mail server even, and used that to get the CC
> info.   I would hate to be explaining to a list of 1000 clients that I
> was responsible for their card numbers being stolen.
>
> Travis Doherty
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Did you know sessions are just plain text files sitting on the
webserver in most cases?  So by putting a credit card in the session
it is actually just cleartext for people to read.

Also if for some reason you think the benefits of this job outweigh
the chances that something could go wrong and the credit cards are
compromised, make sure all pages that deal with this are SSL.  So on
the end-user side where they send data in and on the side where your
client checks them.  Also make sure to have something that purges the
credit cards after X amount of days or after a transaction has been
processed.

The company I work for deals with lots of people like this who are
stuck in their ways on "I already have a working system."  The problem
is that the liability is too high to do something on this level
without serious thought into security.  I think you should try to do a
better job of convincing your client that a payment gateway that does
a capture is the only way to go because it would change having the
liability of credit cards laying around in temp files for sessions and
databases.  You could get it down to existing only once for $_POST and
curl it away and be done.  People generally do budge once they realize
that the heavy hand can come down hard on them.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Session Authentication

2007-04-10 Thread tedd 

At 7:07 PM +0200 4/9/07, Tijnema ! wrote:

On 4/9/07, tedd <[EMAIL PROTECTED]> wrote:

At 5:55 PM +0200 4/9/07, Tijnema ! wrote:
 >Cookies are old, so in the time they were introduced, today it is

possible to create and modify cookies with some good tools. These

 >tools are illegal,

I don't believe that.

FireFox probably has most, if not all.

Cheers,

tedd


Who said firefox is legal? :P

Tijnema


Tijnema:

Read what was said -- no one said FireFox was illegal.

I simply added that FireFox probably has most of the tools you say are illegal.

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql if empty

2007-04-10 Thread tedd 

At 10:18 PM +0100 4/9/07, <[EMAIL PROTECTED]> wrote:
If I search for something in mysql that returns an empty result I 
cant get it to return
"No result found" always returns "Found" even though the recoed does 
not exist...



$sql = "SELECT Client FROM booked WHERE Name = 'larry'";

$result = mysql_query($sql);

if ($result == "")
{
echo "No result found";
}
echo "Found";


Try NULL

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: keeping credit card info in session

2007-04-10 Thread itoctopus 
Encryption is a mandatory part of PCI compliance...

--
itoctopus - http://www.itoctopus.com
"Jim King" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
>
> Does encrypting credit card information really do any good?  You have
> to store the keys somewhere to decrypt the data to use it.  As we
> have seen with blu-ray and HD DVD movies, the keys are the weak point
> that are easily compromised.  Besides, even encrypted data can be
> decrypted by brute force.  The strength of the encryption only
> dictates how long it will take.  Once you have the decryption key,
> the strength of the encryption means nothing.  Does anyone believe
> that all these botnets are just for sending spam?  You could use them
> to create a huge supercomputer for code busting.
>
> I think it is better to protect you network and passwords.  Use the
> Visa/MC/Amex standards that the companies themselves publish.  None
> of them require encryption, by the way.
>
>
>
> On Apr 8, 2007, at 4:56 PM, itoctopus wrote:
>
> > Usually paying should be the last step, so you might probably want
> > to review
> > your workflow.
> > Anyways, if you're storing the credit card in the database, then
> > why are you
> > also storing it in the session, you can just query the database for
> > the
> > credit card based on the session id (so you should also store the
> > session id
> > in that table).
> > Since you're storing the credit card in the database, then you should
> > encrypt the credit card (there are plenty of encryption/decrypting
> > algorithms on the internet for PHP).
> > Other than that, I think everything is fine, and your system should
> > work
> > smoothly.
> > --
> > itoctopus - http://www.itoctopus.com
> > <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> >>
> >> Hi All,
> >>
> >> I've got quite a bit or php experience, but I've never had to deal
> >> with
> > credit
> >> card info before. Now for a property rental site, I'm adding a way
> >> for
> > users to
> >> be able to fill out a form which also has some credit card info in
> >> it.
> >>
> >> After they submit the form, there are a couple of more steps and
> >> to pass
> > credit
> >> card info to the last page, I'm storing all the info in my
> >> session. Now, I
> > did
> >> go and bought an SSL certificate, so the booking section of the
> >> site is on
> > SSL
> >> (https). I'm just wondering if this is secure enough. as far as I
> >> know,
> > SSL
> >> means connection to server is secured, so session variables should be
> > secured
> >> too. no?
> >>
> >> Also after I get credit card info, I'm storing them in a mysql
> >> table until
> > an
> >> admin would log in to the site, see new reservations, charge them
> >> manually
> > and
> >> contact the customer, and then that entry will be removed from my
> >> database
> > for
> >> ever. Is this ok? or is it a really bad idea? originally the plan
> >> was to
> > send
> >> an email to the admin with credit card info, but then I realized that
> > emails
> >> are very unsecure. so I decided to keep the info on the SSL
> >> section of the
> > site.
> >>
> >> just because I'm dealing with credit cards, I'm so afraid of doing
> > anything
> >> now. Any suggestions? or perhaps any links to how to make it all more
> > secure?
> >>
> >> Thanks a lot in advance,
> >> Siavash
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question on Portfoilo's

2007-04-10 Thread clive 

Larry Garfield wrote:
This is why one should work on an open source project.  Much easier to show 
off legally. :-)  


unfortunately we aren't all fortunate enough to work for an open source 
project and earn a living, except Paul of course.




Regards,

Clive.

{No electrons were harmed in the creation, transmission or reading of 
this email. However, many were excited and some may well have enjoyed 
the experience.}


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-10 Thread tedd 

At 8:10 PM -0400 4/9/07, Robert Cummings wrote:

On Mon, 2007-04-09 at 17:14 -0400, tedd wrote:

 At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
 >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
 >
 >  > This is exactly what tedd did in his last arrow example. He edited the
 >>  header of the GIF image, and so that would result in different MD5.
 >>
 >>  Finding this part and skipping it in the MD5 check would do the job. :)
 >
 >Yep, that's an obvious solution since it's the same way virus signatures

 > >are matched. The entire image needs some kind of permutation. Passing a
 > >couple of curved ripples across the image as a transformation, and in

 >different directions should suffice to obfuscate the image signature

 > >without obfuscating the image itself :) Similarly watermarking the image
 > >using fractal patterns should also provide good noise.

 >
 >Cheers,
 >Rob.

 Rob:

 It doesn't need to be complicated, just random placed pixels on the
 image from a selection of colors would provide millions of
 permutations.


No, you're wrong. Read the part about I mentioned about virus
signatures. A small portion of the whole can be used as an identifier
where that portion is unique to the overall entity. For instance, I can
throw a tub of tar over you, then a tub of feathers ;) ;) and if one of
your fingers doesn't get covered, I can still identify your chicken
ass ;)

Cheers,
Rob.


Rob:

Your use of metaphor is quite colorful, but if you if change a single 
pixel in an image, then you change the MD5 signature -- that is what 
I was talking about -- and that is not wrong.


Plus, if you:

[A] Passing a couple of curved ripples across the image as a 
transformation, and in different directions should suffice to 
obfuscate the image signature without obfuscating the image itself


or

[B] Similarly watermarking the image using fractal patterns should 
also provide good noise.


You would still leave at least one pixel the same as it was before so 
your chicken ass would still be exposed, right? Or does your 
ripple/watermark application alter every pixel by changing its alpha 
channel or something?


And if so, then why is it that you are required to change every 
pixel? I am sure that there are images that have at least one pixel 
in common, so I don't see the point you're trying to make -- please 
explain.


Cheers,

tedd








--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] redirect http to https

2007-04-10 Thread Zoltán Németh 
I have separate document roots for the http and the https stuff, say
"htdocs" and "htdocs-secure" - this can be done with apache
configuration
then I need only to put a single redirecting line into the
htdocs/index.php like

https://my.server.com/";);
?>

and that's all

greets
Zoltán Németh

2007. 04. 9, hétfő keltezéssel 08.40-kor Ben Liu ezt írta:
> What's the prescribed method for redirecting a user forcibly to from  
> the non-SSL secured version of a page to the SSL-secured version? Is  
> this handled at the web server level or at the script level. I found  
> this by googling:
> 
>  if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== "on")
> {header("Location: https://".$_SERVER['SERVER_NAME'].$_SERVER 
> ['SCRIPT_NAME']);exit;}
> ?>
> 
> What do people think about this solution?
> 
> Thanks,
> 
> - Ben
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-10 Thread Ólafur Waage 

You were talking about an OCR reader for the arrows to see what letters it
is pointing to. If the arrow would be at a random location in the actual
image, the arrow being not an arrow but ie. a man pointing and the arm being
flexible (so even if the man himself would move around randomly, the arm
would always face the right direction for the image.

I like the idea of a pointing arrow, it could be quick, pretty effective
(not 100% since nothing is) and easy for the user to identify.

If there was a miniature version of this available, i would use it on my
site. Since i hate the text versions.

- Olafur W

2007/4/10, tedd <[EMAIL PROTECTED]>:


At 8:10 PM -0400 4/9/07, Robert Cummings wrote:
>On Mon, 2007-04-09 at 17:14 -0400, tedd wrote:
>>  At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
>>  >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
>>  >
>>  >  > This is exactly what tedd did in his last arrow example. He
edited the
>>  >>  header of the GIF image, and so that would result in different
MD5.
>>  >>
>>  >>  Finding this part and skipping it in the MD5 check would do the
job. :)
>>  >
>>  >Yep, that's an obvious solution since it's the same way virus
signatures
>  > >are matched. The entire image needs some kind of permutation.
Passing a
>  > >couple of curved ripples across the image as a transformation, and
in
>>  >different directions should suffice to obfuscate the image signature
>  > >without obfuscating the image itself :) Similarly watermarking the
image
>  > >using fractal patterns should also provide good noise.
>>  >
>>  >Cheers,
>>  >Rob.
>>
>>  Rob:
>>
>>  It doesn't need to be complicated, just random placed pixels on the
>>  image from a selection of colors would provide millions of
>>  permutations.
>
>No, you're wrong. Read the part about I mentioned about virus
>signatures. A small portion of the whole can be used as an identifier
>where that portion is unique to the overall entity. For instance, I can
>throw a tub of tar over you, then a tub of feathers ;) ;) and if one of
>your fingers doesn't get covered, I can still identify your chicken
>ass ;)
>
>Cheers,
>Rob.

Rob:

Your use of metaphor is quite colorful, but if you if change a single
pixel in an image, then you change the MD5 signature -- that is what
I was talking about -- and that is not wrong.

Plus, if you:

[A] Passing a couple of curved ripples across the image as a
transformation, and in different directions should suffice to
obfuscate the image signature without obfuscating the image itself

or

[B] Similarly watermarking the image using fractal patterns should
also provide good noise.

You would still leave at least one pixel the same as it was before so
your chicken ass would still be exposed, right? Or does your
ripple/watermark application alter every pixel by changing its alpha
channel or something?

And if so, then why is it that you are required to change every
pixel? I am sure that there are images that have at least one pixel
in common, so I don't see the point you're trying to make -- please
explain.

Cheers,

tedd








--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-10 Thread tedd 

At 10:46 PM +0100 4/9/07, Tijnema ! wrote:

On 4/9/07, tedd <[EMAIL PROTECTED]> wrote:

It doesn't need to be complicated, just random placed pixels on the
image from a selection of colors would provide millions of
permutations.

Cheers,

tedd


But then OCR would still work, as when somebody scans a document,
there are also some "not white" pixels.

Tijnema


Tijnema:

An OCR is an Optical Character Reader -- it's design is to recognize 
characters (A-Z 0-9), not images.


That's the reason why I previously used the term "OCR-like" 
application -- meaning that it would be designed/programmed to "see" 
the differences between images and then make a decision as to what to 
do. That requires more effort than an OCR program.


Add to that, that every image could present a new problem to decipher 
and you have the makings of a formidable deterrent. That's what 
asirra is all about, see:


http://www.asirra.com/examples/ExampleService.html

With millions of different images and more being added, it presents a 
considerable challenge to crack.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Dates and different time zones

2007-04-10 Thread Niklas Karlsson 
Hello,

 

I am creating an international site that is going to get used in both
American and Europe. And I wonder how to handle the different time zones,
because I want the date and time to be correct after the place your using
the application.

 

I now have the date_default_timezone_set() to "Europe/Stockholm", and all
dates that is saved into the database is timestamp with time zone (using
PostgreSQL).

 

So a wonder who to handle different time zones? Have any of your experience
of this?

 

Cheers

Niklas Karlsson

Re: [PHP] redirect http to https

2007-04-10 Thread Jason Karns 

On 4/10/07, Zoltán Németh <[EMAIL PROTECTED]> wrote:

I have separate document roots for the http and the https stuff, say
"htdocs" and "htdocs-secure" - this can be done with apache
configuration
then I need only to put a single redirecting line into the
htdocs/index.php like

https://my.server.com/";);
?>

and that's all

greets
Zoltán Németh

2007. 04. 9, hétfő keltezéssel 08.40-kor Ben Liu ezt írta:
> What's the prescribed method for redirecting a user forcibly to from
> the non-SSL secured version of a page to the SSL-secured version? Is
> this handled at the web server level or at the script level. I found
> this by googling:
>
>  if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== "on")
> {header("Location: https://".$_SERVER['SERVER_NAME'].$_SERVER
> ['SCRIPT_NAME']);exit;}
> ?>
>
> What do people think about this solution?
>
> Thanks,
>
> - Ben
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




I believe you should also be sending a 301 status header so user
agents can be made aware of the redirect and make updates accordingly
(bookmarks, etc.)

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.2

Re: [PHP] keeping credit card info in session

2007-04-10 Thread tedd 

At 8:05 AM -0400 4/10/07, Eric Butera wrote:

Did you know sessions are just plain text files sitting on the
webserver in most cases?  So by putting a credit card in the session
it is actually just cleartext for people to read.


Yes, all files reside somewhere.

Session files reside on the server and are as secure as the server 
environment. If someone breaches the server environment, then all 
data could exposed and is an excellent reason why not to store highly 
sensitive data there.


Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Dates and different time zones

2007-04-10 Thread Jay Blanchard 
[snip]
So a wonder who to handle different time zones? Have any of your
experience
of this?
[/snip]

The server lives in one time zone and therefore cannot handle multiples
unless there is some new widget available for this. There are a couple
of methods available;

1. Use JavaScript to capture 'local' (client-side) time to a PHP
variable.
2. Use time zone offsets for ranges of IP addresses known to be in each
time zone. 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Decoding from unknown charsets (inc. ks_c_5601-1987)

2007-04-10 Thread Edward Kay 
I have an app that stores email messages in a database. The app and DB are
UTF-8 but obviously the emails can be in a variety of character sets. Most
can be converted easily using mb_convert_encoding or iconv but I have some
emails encoded as ks_c_5601-1987, which neither of these two functions
handle.

Googling for ks_c_5601-1987 doesn't help. Most people just say it is an
invalid charset and can be ignored as spam, but we have genuine emails that
need to be stored in the DB.

If I don't convert the messages, they get truncated when inserted into the
database.

Any ideas?

Edward

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Dates and different time zones

2007-04-10 Thread Richard Davey 

Niklas Karlsson wrote:


I am creating an international site that is going to get used in both
American and Europe. And I wonder how to handle the different time zones,
because I want the date and time to be correct after the place your using
the application.

I now have the date_default_timezone_set() to "Europe/Stockholm", and all
dates that is saved into the database is timestamp with time zone (using
PostgreSQL).

So a wonder who to handle different time zones? Have any of your experience
of this?


Store all of your dates as GMT. Perform all date based calculations 
around GMT also, and then offset the values for localised display only.


This way you only need to store the GMT offsets for each user, i.e. 
GMT+1 or GMT-8 when it comes to displaying the dates to them. The trick 
is to use a constant base date for all data, and only being the user 
timezones into play when needed.


Cheers,

Rich
--
Zend Certified Engineer
http://www.corephp.co.uk

"Never trust a computer you can't throw out of a window"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: keeping credit card info in session

2007-04-10 Thread Jim King 


itocopus:

I stand corrected!

This document is the PCI self-assessment questionnaire for smaller  
merchants:


https://www.pcisecuritystandards.org/pdfs/pci_saq_v1-0.pdf

It lays out the requirements in detail (including encryption/ 
truncation) in one place and should answer all of the OP's  
questions.  I'll be updating my systems to comply.


Thanks!

-Jim

On Apr 10, 2007, at 9:18 AM, itoctopus wrote:


Encryption is a mandatory part of PCI compliance...

--
itoctopus - http://www.itoctopus.com
"Jim King" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]



Does encrypting credit card information really do any good?  You have
to store the keys somewhere to decrypt the data to use it.  As we
have seen with blu-ray and HD DVD movies, the keys are the weak point
that are easily compromised.  Besides, even encrypted data can be
decrypted by brute force.  The strength of the encryption only
dictates how long it will take.  Once you have the decryption key,
the strength of the encryption means nothing.  Does anyone believe
that all these botnets are just for sending spam?  You could use them
to create a huge supercomputer for code busting.

I think it is better to protect you network and passwords.  Use the
Visa/MC/Amex standards that the companies themselves publish.  None
of them require encryption, by the way.



On Apr 8, 2007, at 4:56 PM, itoctopus wrote:


Usually paying should be the last step, so you might probably want
to review
your workflow.
Anyways, if you're storing the credit card in the database, then
why are you
also storing it in the session, you can just query the database for
the
credit card based on the session id (so you should also store the
session id
in that table).
Since you're storing the credit card in the database, then you  
should

encrypt the credit card (there are plenty of encryption/decrypting
algorithms on the internet for PHP).
Other than that, I think everything is fine, and your system should
work
smoothly.
--
itoctopus - http://www.itoctopus.com
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]


Hi All,

I've got quite a bit or php experience, but I've never had to deal
with

credit

card info before. Now for a property rental site, I'm adding a way
for

users to

be able to fill out a form which also has some credit card info in
it.

After they submit the form, there are a couple of more steps and
to pass

credit

card info to the last page, I'm storing all the info in my
session. Now, I

did

go and bought an SSL certificate, so the booking section of the
site is on

SSL

(https). I'm just wondering if this is secure enough. as far as I
know,

SSL
means connection to server is secured, so session variables  
should be

secured

too. no?

Also after I get credit card info, I'm storing them in a mysql
table until

an

admin would log in to the site, see new reservations, charge them
manually

and

contact the customer, and then that entry will be removed from my
database

for

ever. Is this ok? or is it a really bad idea? originally the plan
was to

send
an email to the admin with credit card info, but then I realized  
that

emails

are very unsecure. so I decided to keep the info on the SSL
section of the

site.


just because I'm dealing with credit cards, I'm so afraid of doing

anything
now. Any suggestions? or perhaps any links to how to make it all  
more

secure?


Thanks a lot in advance,
Siavash


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Location of .so files on Linux box

2007-04-10 Thread Miles Thompson 

This probably belongs in php-install, but here goes.

Where should extension files be located? In php.ini the default entry for
extension_dir is:
   extension_dir= "./"

That's fine, but relative to which directory (locations in parentheses)?
  Where php.ini is located? (/usr/share/lib)
  Where apache2 loads it modules? (/usr/lib/apache2/modules)

I'm puzzled and could not find any clues in the documents. Apache2 is not
complaining on a restart. If I run PHP from the command line, it complains
that it cannot find the extensions, but I understand that.

Regards - Miles Thompson

Re: [PHP] Dates and different time zones

2007-04-10 Thread Satyam 


- Original Message - 
From: "Richard Davey" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, April 10, 2007 3:43 PM
Subject: Re: [PHP] Dates and different time zones



Niklas Karlsson wrote:


I am creating an international site that is going to get used in both
American and Europe. And I wonder how to handle the different time zones,
because I want the date and time to be correct after the place your using
the application.

I now have the date_default_timezone_set() to "Europe/Stockholm", and all
dates that is saved into the database is timestamp with time zone (using
PostgreSQL).

So a wonder who to handle different time zones? Have any of your 
experience

of this?


Store all of your dates as GMT. Perform all date based calculations around 
GMT also, and then offset the values for localised display only.


This way you only need to store the GMT offsets for each user, i.e. GMT+1 
or GMT-8 when it comes to displaying the dates to them. The trick is to 
use a constant base date for all data, and only being the user timezones 
into play when needed.




Actually, I find that it is better not to bother storing anything for the 
user at all.  At the first chance, get some JavaScript to read the local 
time of the client machine and send it back to the server, either with the 
login data, using some AJAX or along with any link the user might click on 
the welcome screen, for example, the language choice.  Then use the offset 
from his local time to the server time for every time information, substract 
it from any time information you read from them, add it to anything you send 
them.  This works whether the user is registered or not, whether he/she 
travels or remains in the same time zone and spares you the trouble of 
keeping your IP to country to timezone table updated.  It assumes that the 
user updates the time zone on his/her machine and if he doesn't it means she 
doesn't care, so why should you. (some travellers prefer to keep their 
portable machines set to their home-base time zone)


Satyam


Cheers,

Rich
--
Zend Certified Engineer
http://www.corephp.co.uk

"Never trust a computer you can't throw out of a window"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/754 - Release Date: 09/04/2007 
22:59





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Dates and different time zones

2007-04-10 Thread Lester Caine 

Satyam wrote:
Store all of your dates as GMT. Perform all date based calculations 
around GMT also, and then offset the values for localised display only.


This way you only need to store the GMT offsets for each user, i.e. 
GMT+1 or GMT-8 when it comes to displaying the dates to them. The 
trick is to use a constant base date for all data, and only being the 
user timezones into play when needed.


Actually, I find that it is better not to bother storing anything for 
the user at all.  At the first chance, get some JavaScript to read the 
local time of the client machine and send it back to the server, either 
with the login data, using some AJAX or along with any link the user 
might click on the welcome screen, for example, the language choice.  
Then use the offset from his local time to the server time for every 
time information, substract it from any time information you read from 
them, add it to anything you send them.  This works whether the user is 
registered or not, whether he/she travels or remains in the same time 
zone and spares you the trouble of keeping your IP to country to 
timezone table updated.  It assumes that the user updates the time zone 
on his/her machine and if he doesn't it means she doesn't care, so why 
should you. (some travellers prefer to keep their portable machines set 
to their home-base time zone)


Of cause the major fault with this is that it can only display the CURRENT 
time offset. You *ALSO* need the users Daylight Saving Zone as well. This has 
been giving us great fun since the winter dates and times need a different 
offset to the summer ones. Something that simplistic browser time offset does 
not supply. :(


The only way to get this working properly at present is to get the user to set 
their time/daylight settings in their profile, and then you can provide the 
correct offset for all days on a calendar. Remember that for users WITH a 
daylight saving offset, one day each year has 23 hours and one 25 hours ;)


--
Lester Caine - G8HFL
-
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Outlook task via email

2007-04-10 Thread Chris Boget 
I've done some searching on Google but haven't been able to come up with 
anything helpful.  Has anyone on the list done any work on sending an 
Outlook Task as part of an email?  Or does anyone know of a good resource 
that shows how this can be done?  I'm going to be using PHP's mail() to 
actually send and I'm familiar with attaching files to such emails but I'm 
just not sure how a task can be attached.


thnx,
Chris 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] uk date to mysql date and back again

2007-04-10 Thread Ross 
I have made a very messy function for this that splits the string up does 
all kinds of stuff but I was wondering if anyone has a 1 or 2 line function 
for gettting a uk date

dd/mm/ (it is a string)to mysql version -MM-DD

and then back again.

ta,

R.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] uk date to mysql date and back again

2007-04-10 Thread Stut 

Ross wrote:
I have made a very messy function for this that splits the string up does 
all kinds of stuff but I was wondering if anyone has a 1 or 2 line function 
for gettting a uk date


dd/mm/ (it is a string)to mysql version -MM-DD

and then back again.


Assuming you can guarantee that format...

$indate = '10/04/2007';
$outdate = implode('-', array_reverse(explode('/', $indate)));

And back...

$indate = '2007-04-10';
$outdate = implode('/', array_reverse(explode('-', $indate)));

-Stut

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] uk date to mysql date and back again

2007-04-10 Thread Jan Brucek 

Hi, maybe what you are looking for are functions strtotime() and date().
Since PHP5.1 you can also define timezone through 
date_default_timezone_set().


J.

Ross wrote:
I have made a very messy function for this that splits the string up does 
all kinds of stuff but I was wondering if anyone has a 1 or 2 line function 
for gettting a uk date


dd/mm/ (it is a string)to mysql version -MM-DD

and then back again.

ta,

R.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] uk date to mysql date and back again

2007-04-10 Thread Zoltán Németh 
2007. 04. 10, kedd keltezéssel 15.59-kor Ross ezt írta:
> I have made a very messy function for this that splits the string up does 
> all kinds of stuff but I was wondering if anyone has a 1 or 2 line function 
> for gettting a uk date
> 
> dd/mm/ (it is a string)to mysql version -MM-DD

what about doing it like

$dateparts = explode('/', $ukdate);
$sqldate = implode('-', array_reverse($dateparts));

greets
Zoltán Németh

> 
> and then back again.
> 
> ta,
> 
> R.
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Location of .so files on Linux box

2007-04-10 Thread Børge Holen 
On Tuesday 10 April 2007 15:24, Miles Thompson wrote:
> This probably belongs in php-install, but here goes.
>
> Where should extension files be located? In php.ini the default entry for
> extension_dir is:
> extension_dir= "./"
>
> That's fine, but relative to which directory (locations in parentheses)?
>Where php.ini is located? (/usr/share/lib)
>Where apache2 loads it modules? (/usr/lib/apache2/modules)
>
> I'm puzzled and could not find any clues in the documents. Apache2 is not
> complaining on a restart. If I run PHP from the command line, it complains
> that it cannot find the extensions, but I understand that.
>
> Regards - Miles Thompson

it probably defaults to the path configured at make time.
this also probably varies due to different opinions of both the dist and the 
makers camp.
but /usr/lib/  rather than /usr/share/  this is specific

-- 
---
Børge
http://www.arivene.net
---

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Dates and different time zones

2007-04-10 Thread Satyam 


- Original Message - 
From: "Lester Caine" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, April 10, 2007 4:37 PM
Subject: Re: [PHP] Dates and different time zones



Satyam wrote:
Store all of your dates as GMT. Perform all date based calculations 
around GMT also, and then offset the values for localised display only.


This way you only need to store the GMT offsets for each user, i.e. 
GMT+1 or GMT-8 when it comes to displaying the dates to them. The trick 
is to use a constant base date for all data, and only being the user 
timezones into play when needed.


Actually, I find that it is better not to bother storing anything for the 
user at all.  At the first chance, get some JavaScript to read the local 
time of the client machine and send it back to the server, either with 
the login data, using some AJAX or along with any link the user might 
click on the welcome screen, for example, the language choice.  Then use 
the offset from his local time to the server time for every time 
information, substract it from any time information you read from them, 
add it to anything you send them.  This works whether the user is 
registered or not, whether he/she travels or remains in the same time 
zone and spares you the trouble of keeping your IP to country to timezone 
table updated.  It assumes that the user updates the time zone on his/her 
machine and if he doesn't it means she doesn't care, so why should you. 
(some travellers prefer to keep their portable machines set to their 
home-base time zone)


Of cause the major fault with this is that it can only display the CURRENT 
time offset. You *ALSO* need the users Daylight Saving Zone as well. This 
has been giving us great fun since the winter dates and times need a 
different offset to the summer ones. Something that simplistic browser 
time offset does not supply. :(




The point is that you don't store the time offset in any user profile or 
anywhere but a session variable, which you keep for the duration of the 
session so it lasts only while the user is connected, whether logged in or 
not, profile or not.  Next time he/she connects you get the new offset.  If 
the time has changed due to daylight savings or the user travelling 
elsewhere, you'll get a new offset.


The only time it fails is if the user is connected while the time switch is 
happening, but so will most of the clocks, watches and whatever is on at the 
time.


Satyam


The only way to get this working properly at present is to get the user to 
set their time/daylight settings in their profile, and then you can 
provide the correct offset for all days on a calendar. Remember that for 
users WITH a daylight saving offset, one day each year has 23 hours and 
one 25 hours ;)


--
Lester Caine - G8HFL
-
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - 
http://www.firebirdsql.org/index.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/754 - Release Date: 09/04/2007 
22:59





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-10 Thread tedd 

At 12:55 PM + 4/10/07, Ólafur Waage wrote:

You were talking about an OCR reader for the arrows to see what letters it
is pointing to. If the arrow would be at a random location in the actual
image, the arrow being not an arrow but ie. a man pointing and the arm being
flexible (so even if the man himself would move around randomly, the arm
would always face the right direction for the image.

I like the idea of a pointing arrow, it could be quick, pretty effective
(not 100% since nothing is) and easy for the user to identify.

If there was a miniature version of this available, i would use it on my
site. Since i hate the text versions.

- Olafur W



Olafur:

I don't have a miniature version yet, but that's 
not a real problem because it's simply changing 
the css file.


If you want the code "as-is" just ask.

http://sperling.com/a/arrows/

Otherwise, I will eventually have it on my site 
as a style of visual captcha and will have this 
audio version as well:


http://sperling.com/examples/captcha/index.php

My intent is to provide several different types of captchas for public use.

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: uk date to mysql date and back again

2007-04-10 Thread Ross 
Thanks all.

Was not aware of the array_reverse() function.

Ross

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Dates and different time zones

2007-04-10 Thread Niklas Karlsson 
Thanks for good answers.
Okay, so I should set the default time zone to central GMT time, and then
save GMT offset for every user. This sounds realistic, because I don't think
that I need to correct the time for users that doesn't login.

So, if I now have the GMT offset for every user, how do I display the right
date? Can someone please show some phpcode? I would be very grateful if
someone could do that.

>>>Satyam wrote:
>>> Store all of your dates as GMT. Perform all date based calculations 
>>> around GMT also, and then offset the values for localised display only.
>>>
>>> This way you only need to store the GMT offsets for each user, i.e. 
>>> GMT+1 or GMT-8 when it comes to displaying the dates to them. The 
>>> trick is to use a constant base date for all data, and only being the 
>>> user timezones into play when needed.
>>>
>> Actually, I find that it is better not to bother storing anything for 
>> the user at all.  At the first chance, get some JavaScript to read the 
>> local time of the client machine and send it back to the server, either 
>> with the login data, using some AJAX or along with any link the user 
>> might click on the welcome screen, for example, the language choice.  
>> Then use the offset from his local time to the server time for every 
>> time information, substract it from any time information you read from 
>> them, add it to anything you send them.  This works whether the user is 
>> registered or not, whether he/she travels or remains in the same time 
>> zone and spares you the trouble of keeping your IP to country to 
>> timezone table updated.  It assumes that the user updates the time zone 
>> on his/her machine and if he doesn't it means she doesn't care, so why 
>> should you. (some travellers prefer to keep their portable machines set 
>> to their home-base time zone)

>Of cause the major fault with this is that it can only display the CURRENT 
>time offset. You *ALSO* need the users Daylight Saving Zone as well. This
>has 
>been giving us great fun since the winter dates and times need a different 
>offset to the summer ones. Something that simplistic browser time offset
>does 
>not supply. :(

>The only way to get this working properly at present is to get the user to
>set 
>their time/daylight settings in their profile, and then you can provide the

>correct offset for all days on a calendar. Remember that for users WITH a 
>daylight saving offset, one day each year has 23 hours and one 25 hours ;)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: 0x9f54

2007-04-10 Thread Seak, Teng-Fong 
Man-wai Chang wrote:
>> On the other hand, I remember you talked about the type of that
>> column to be char(2).  Have you specified what encoding it's using?
>> Moreover, I hope you're not using legacy encoding like Big5 or GB.  Use
>> Unicode (UTF-8) if your database is a brand new one.
>> 
>
> Unfortunately, I am still using Big5. you need a longer field to store
> utf-8 codes for the same big5 string right?
>   
Yes.  While in Big5 every (Chinese) character is represented by two
bytes, every Chinese character represented in UTF-8 uses at least three
bytes (in rare occasion, 4 bytes, if very rare characters are used such
as those in ancient Chinese).  This is because UTF-8 is designed to be
8-bit compatible to old data-processing functions.  In other words, for
a string containing pure Chinese characters, a UTF-8 one is 150% longer
than a Big-5 one.

You could, of course, use UTF-16 as the base format for your
string.  In this case, every character is represented by 2 bytes, be it
a Western Latin character or an Eastern CJK character.  OK, yes, for
rare characters, you would use up to 4 bytes, but this is rare.

Anyway, you should look at the positive side of using Unicode
instead of the dinosaur encoding, sorry, I mean Big5 :p  Hard drives
(and RAM) nowadays are getting real big, string size should be
considered as a first criterion to choose what encoding to use.

Unicode is done by an international consortium and it could support
most languages in the world.  For instance, using Big5, you can't even
represent the simplest of Western European characters like in these
words: español or français!!  But you could represent them using
Unicode.  Actually, the ability to represent (Western) European
characters might not interest you.  But using Unicode, you could store
both traditional and simplified Chinese!  And this, I'm sure you're
interested.  You can't do that in Big5, I'm 100% sure!

Still not convinced yet.  Well, Unicode even contains traditional
Chinese characters that Big5 doesn't support.  For example, a friend on
mine has this character 驊 in his first name.  This character isn't
supported in Big5 and in pre-Unicode period, he had to type (馬華)! 
Very stupid!  Another example: 氹 is quite a common word in southern
China but this character can't be found in Big5.

So, think about using Unicode.  We are in 2007 and be a modern man!



--
* Zoner PhotoStudio 8 - Your Photos perfect, shared, organised! 
www.zoner.com/zps
  You can download your free version.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: 0x9f54

2007-04-10 Thread Seak, Teng-Fong 
Seak, Teng-Fong wrote:
> Anyway, you should look at the positive side of using Unicode
> instead of the dinosaur encoding, sorry, I mean Big5 :p  Hard drives
> (and RAM) nowadays are getting real big, string size should be
>   
I wanted to mean: string size should NOT be considered . :p
> considered as a first criterion to choose what encoding to use.
>
> [snipped]
>
> Still not convinced yet.
Should be "Still not convinced yet?" with a question mark :p




--
* Zoner PhotoStudio 8 - Your Photos perfect, shared, organised! 
www.zoner.com/zps
  You can download your free version.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Dates and different time zones

2007-04-10 Thread Richard Davey 

Niklas Karlsson wrote:


Okay, so I should set the default time zone to central GMT time, and then
save GMT offset for every user. This sounds realistic, because I don't think
that I need to correct the time for users that doesn't login.

So, if I now have the GMT offset for every user, how do I display the right
date? Can someone please show some phpcode? I would be very grateful if
someone could do that.


It depends where the dates are coming from. My guess would be a 
database, and if so why not let MySQL do the work for you?


SELECT date_created, DATE_SUB(date_created, INTERVAL 8 HOUR) AS 
offset_date from your_table


The above assumes the users offset is -8 hours. Use DATE_ADD for GMT + 
values.


Then you'll have both values in PHP - the actual original GMT date the 
date was created, and an offset date you can use for display.


Or of course you can pluck just the GMT date out and start using PHP 
functions to convert to local timezones, etc. But if the shoe fits ...


Cheers,

Rich
--
Zend Certified Engineer
http://www.corephp.co.uk

"Never trust a computer you can't throw out of a window"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Dates and different time zones

2007-04-10 Thread Lester Caine 

Satyam wrote:

Of cause the major fault with this is that it can only display the 
CURRENT time offset. You *ALSO* need the users Daylight Saving Zone as 
well. This has been giving us great fun since the winter dates and 
times need a different offset to the summer ones. Something that 
simplistic browser time offset does not supply. :(


The point is that you don't store the time offset in any user profile or 
anywhere but a session variable, which you keep for the duration of the 
session so it lasts only while the user is connected, whether logged in 
or not, profile or not.  Next time he/she connects you get the new 
offset.  If the time has changed due to daylight savings or the user 
travelling elsewhere, you'll get a new offset.


The only time it fails is if the user is connected while the time switch 
is happening, but so will most of the clocks, watches and whatever is on 
at the time.


Please read what I wrote.

The time offset from the browser is only of use to map CURRENT time. It is no 
use to display dates and times stored in the database that are reliant on the 
daylight saving offset. If TOMORROW is after the change in daylight saving, 
then the browser offset will not give you the right offset for tomorrows. The 
problem is convincing people that there *IS* a real problem, and trying to 
display the correct times JUST from a timezone offset is wrong for at least 
half of the year! You need to know that the time is changing tonight so that 
you can display tomorrows calendar correctly?


--
Lester Caine - G8HFL
-
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Dates and different time zones

2007-04-10 Thread Satyam 


- Original Message - 
From: "Niklas Karlsson" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, April 10, 2007 5:32 PM
Subject: RE: [PHP] Dates and different time zones



Thanks for good answers.
Okay, so I should set the default time zone to central GMT time, and then
save GMT offset for every user. This sounds realistic, because I don't 
think

that I need to correct the time for users that doesn't login.



Well, that was my whole point.  If you store the GMT offsets for each user 
at a certain time in the year, they will turn invalid when they switch from 
daylight savings to no savings. Not all countries use daylight savings and 
even those that do don't switch at the same time. Furthermore, northern and 
southern hemispheres switch in opposite directions, if and when they do.  If 
your users have to log in, that is the perfect time to read their current 
local time from the browser and keep it just for the session.  Don't store 
it permanently.


In PHP dates are stored as seconds from an arbitrary zero set at Jan 1st, 
1970, so does MySql with date/time values though it shows them formatted but 
you can use the UNIX_TIMESTAMP function to get the actual timestamp. 
JavaScript uses milliseconds from the same base date.  The rest is plain 
arithmetic.


Satyam


So, if I now have the GMT offset for every user, how do I display the 
right

date? Can someone please show some phpcode? I would be very grateful if
someone could do that.


Satyam wrote:
Store all of your dates as GMT. Perform all date based calculations
around GMT also, and then offset the values for localised display only.

This way you only need to store the GMT offsets for each user, i.e.
GMT+1 or GMT-8 when it comes to displaying the dates to them. The
trick is to use a constant base date for all data, and only being the
user timezones into play when needed.


Actually, I find that it is better not to bother storing anything for
the user at all.  At the first chance, get some JavaScript to read the
local time of the client machine and send it back to the server, either
with the login data, using some AJAX or along with any link the user
might click on the welcome screen, for example, the language choice.
Then use the offset from his local time to the server time for every
time information, substract it from any time information you read from
them, add it to anything you send them.  This works whether the user is
registered or not, whether he/she travels or remains in the same time
zone and spares you the trouble of keeping your IP to country to
timezone table updated.  It assumes that the user updates the time zone
on his/her machine and if he doesn't it means she doesn't care, so why
should you. (some travellers prefer to keep their portable machines set
to their home-base time zone)



Of cause the major fault with this is that it can only display the CURRENT
time offset. You *ALSO* need the users Daylight Saving Zone as well. This
has
been giving us great fun since the winter dates and times need a different
offset to the summer ones. Something that simplistic browser time offset
does
not supply. :(



The only way to get this working properly at present is to get the user to
set
their time/daylight settings in their profile, and then you can provide 
the



correct offset for all days on a calendar. Remember that for users WITH a
daylight saving offset, one day each year has 23 hours and one 25 hours ;)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/754 - Release Date: 09/04/2007 
22:59





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Dates and different time zones

2007-04-10 Thread Satyam 
You are totally right, I am sorry.  I would hate to miss my plane or train 
due to such mistake.


Satyam

- Original Message - 
From: "Lester Caine" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, April 10, 2007 6:29 PM
Subject: Re: [PHP] Dates and different time zones



Satyam wrote:

Of cause the major fault with this is that it can only display the 
CURRENT time offset. You *ALSO* need the users Daylight Saving Zone as 
well. This has been giving us great fun since the winter dates and times 
need a different offset to the summer ones. Something that simplistic 
browser time offset does not supply. :(


The point is that you don't store the time offset in any user profile or 
anywhere but a session variable, which you keep for the duration of the 
session so it lasts only while the user is connected, whether logged in 
or not, profile or not.  Next time he/she connects you get the new 
offset.  If the time has changed due to daylight savings or the user 
travelling elsewhere, you'll get a new offset.


The only time it fails is if the user is connected while the time switch 
is happening, but so will most of the clocks, watches and whatever is on 
at the time.


Please read what I wrote.

The time offset from the browser is only of use to map CURRENT time. It is 
no use to display dates and times stored in the database that are reliant 
on the daylight saving offset. If TOMORROW is after the change in daylight 
saving, then the browser offset will not give you the right offset for 
tomorrows. The problem is convincing people that there *IS* a real 
problem, and trying to display the correct times JUST from a timezone 
offset is wrong for at least half of the year! You need to know that the 
time is changing tonight so that you can display tomorrows calendar 
correctly?


--
Lester Caine - G8HFL
-
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - 
http://www.firebirdsql.org/index.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/754 - Release Date: 09/04/2007 
22:59





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] mysql if empty

2007-04-10 Thread Jim Lucas 

[EMAIL PROTECTED] wrote:
If I search for something in mysql that returns an empty result I cant 
get it to return
"No result found" always returns "Found" even though the recoed does not 
exist...



$sql = "SELECT Client FROM booked WHERE Name = 'larry'";

$result = mysql_query($sql);

if ($result == "")
{
echo "No result found";
}
echo "Found";


- Original Message - From: "Martin Marques" 


To: "Stut" <[EMAIL PROTECTED]>
Cc: "Tijnema !" <[EMAIL PROTECTED]>; "tedd" <[EMAIL PROTECTED]>; "Peter 
Lauri" <[EMAIL PROTECTED]>; "Ólafur Waage" <[EMAIL PROTECTED]>; 


Sent: Monday, April 09, 2007 9:45 PM
Subject: Re: [PHP] Session Authentication



Stut escribió:
As with most things these days it probably breaches the DMCA. But 
frankly speaking, if doing that works then the developers of the 
application, and by extension the company, deserve everything they get.


DMCA is a real piece of crap.

--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
-
Martín Marqués  |   Programador, DBA
Centro de Telemática | Administrador
   Universidad Nacional
del Litoral
-

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php







$sql = "SELECT Client FROM booked WHERE Name = 'larry'";

$result = mysql_query($sql) OR die('[MYSQL ERROR] - ['.mysql_errno().']'.mysql_error());

while ( list($client) = mysql_fetch_row($result) ) {
echo "{$client}\n";
}


--
Enjoy,

Jim Lucas

Different eyes see different things. Different hearts beat on different strings. But there are times 
for you and me when all such things agree.


- Rush

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-10 Thread Robert Cummings 
On Tue, 2007-04-10 at 08:47 -0400, tedd wrote:
> At 8:10 PM -0400 4/9/07, Robert Cummings wrote:
> >On Mon, 2007-04-09 at 17:14 -0400, tedd wrote:
> >>  At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
> >>  >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
> >>  >
> >>  >  > This is exactly what tedd did in his last arrow example. He edited 
> >> the
> >>  >>  header of the GIF image, and so that would result in different MD5.
> >>  >>
> >>  >>  Finding this part and skipping it in the MD5 check would do the job. 
> >> :)
> >>  >
> >>  >Yep, that's an obvious solution since it's the same way virus signatures
> >  > >are matched. The entire image needs some kind of permutation. Passing a
> >  > >couple of curved ripples across the image as a transformation, and in
> >>  >different directions should suffice to obfuscate the image signature
> >  > >without obfuscating the image itself :) Similarly watermarking the image
> >  > >using fractal patterns should also provide good noise.
> >>  >
> >>  >Cheers,
> >>  >Rob.
> >>
> >>  Rob:
> >>
> >>  It doesn't need to be complicated, just random placed pixels on the
> >>  image from a selection of colors would provide millions of
> >>  permutations.
> >
> >No, you're wrong. Read the part about I mentioned about virus
> >signatures. A small portion of the whole can be used as an identifier
> >where that portion is unique to the overall entity. For instance, I can
> >throw a tub of tar over you, then a tub of feathers ;) ;) and if one of
> >your fingers doesn't get covered, I can still identify your chicken
> >ass ;)
> >
> >Cheers,
> >Rob.
> 
> Rob:
> 
> Your use of metaphor is quite colorful, but if you if change a single 
> pixel in an image, then you change the MD5 signature -- that is what 
> I was talking about -- and that is not wrong.

Yes but you completely missed the point of my metaphor :) The point is,
I can take an md5 signature of subset of the image's pixels and still
identify it if the subset is representative (this is the point about
still ID'ing someone with their finger print despite the rest of them
being tarred and feathered :) This is how many virus detection systems
work. They find a single portion of virus' binary program that is
representative and can use it as a search within other binaries to
detect the presence of the virus. So if you only change a few pixels,
there is a high likelyhood of a subset set md5 signature still being
recognized.

> 
> Plus, if you:
> 
> [A] Passing a couple of curved ripples across the image as a 
> transformation, and in different directions should suffice to 
> obfuscate the image signature without obfuscating the image itself
> 
> or
> 
> [B] Similarly watermarking the image using fractal patterns should 
> also provide good noise.
> 
> You would still leave at least one pixel
>
> the same as it was before so 
> your chicken ass would still be exposed, right? Or does your 
> ripple/watermark application alter every pixel by changing its alpha 
> channel or something?

These would alter every pixel, without generally affecting a human's
perception of the object... this is the point since now subset of the
images pixels would be representative.

> And if so, then why is it that you are required to change every 
> pixel? I am sure that there are images that have at least one pixel 
> in common, so I don't see the point you're trying to make -- please 
> explain.

Explanation above :)

Cheers,
Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-10 Thread Robert Cummings 
On Tue, 2007-04-10 at 13:13 -0400, Robert Cummings wrote:
> On Tue, 2007-04-10 at 08:47 -0400, tedd wrote:
> > 
> > Rob:
> > 
> > Your use of metaphor is quite colorful, but if you if change a single 
> > pixel in an image, then you change the MD5 signature -- that is what 
> > I was talking about -- and that is not wrong.
> 
> Yes but you completely missed the point of my metaphor :) The point is,
> I can take an md5 signature of subset of the image's pixels and still
> identify it if the subset is representative (this is the point about
> still ID'ing someone with their finger print despite the rest of them
> being tarred and feathered :) This is how many virus detection systems
> work. They find a single portion of virus' binary program that is
> representative and can use it as a search within other binaries to
> detect the presence of the virus. So if you only change a few pixels,
> there is a high likelyhood of a subset set md5 signature still being
> recognized.
> 
> > 
> > Plus, if you:
> > 
> > [A] Passing a couple of curved ripples across the image as a 
> > transformation, and in different directions should suffice to 
> > obfuscate the image signature without obfuscating the image itself
> > 
> > or
> > 
> > [B] Similarly watermarking the image using fractal patterns should 
> > also provide good noise.
> > 
> > You would still leave at least one pixel
> >
> > the same as it was before so 
> > your chicken ass would still be exposed, right? Or does your 
> > ripple/watermark application alter every pixel by changing its alpha 
> > channel or something?
> 
> These would alter every pixel, without generally affecting a human's
> perception of the object... this is the point since now subset of the

That should have read: "... since no subset of..."

> images pixels would be representative.
> 
> > And if so, then why is it that you are required to change every 
> > pixel? I am sure that there are images that have at least one pixel 
> > in common, so I don't see the point you're trying to make -- please 
> > explain.
> 
> Explanation above :)
> 
> Cheers,
> Rob.
-- 
..
| InterJinn Application Framework - http://www.interjinn.com |
::
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for   |
| creating re-usable components quickly and easily.  |
`'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Question about OO design

2007-04-10 Thread Chris W. Parker 
On Monday, April 09, 2007 4:24 PM Jochem Maas
 said:

>> Ok. I see what you're saying. If I populate all that data during the
>> constructor why would I ever call the function again right?
> 
> you could refresh the data if needed - but basically the idea is
> to cut down the user data grab into a single sql call.

[snip useful bits]

Thanks for the help Jochem! I appreciated it.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Oputting Forms Within a Class

2007-04-10 Thread CK 

Hi All,

Experimenting with OOP PHP,please be gentle. Attempting to output a  
form within a class:


From calculator.php:

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>

http://www.w3.org/1999/xhtml";>


Calculator OOP PHP








From class.calculator.php:
buildInt();
}


private function buildInt(){



//Form elements omitted for brevity


 }
}
?>

This is returned to the browser:

"Parse error: syntax error, unexpected '<' in /Users/chris/Sites/php/ 
oop/class.calculator.php on line 20"


What concept did I miss, if some online reference is available please  
pass along?


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Oputting Forms Within a Class

2007-04-10 Thread Brad Bonkoski 

CK wrote:

Hi All,

Experimenting with OOP PHP,please be gentle. Attempting to output a 
form within a class:


From calculator.php:

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>

http://www.w3.org/1999/xhtml";>


Calculator OOP PHP








From class.calculator.php:
buildInt();
}


private function buildInt(){

You should probably use the echo function to output the HTML...
i.e.
echo "\n";
...




//Form elements omitted for brevity



 }
}
?>

This is returned to the browser:

"Parse error: syntax error, unexpected '<' in 
/Users/chris/Sites/php/oop/class.calculator.php on line 20"


What concept did I miss, if some online reference is available please 
pass along?


--PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] coding MySQL error traps [WAS: mysql if empty]

2007-04-10 Thread Paul Novitski 



$sql = "SELECT Client FROM booked WHERE Name = 'larry'";

$result = mysql_query($sql) OR die('[MYSQL ERROR] - 
['.mysql_errno().']'.mysql_error());


while ( list($client) = mysql_fetch_row($result) ) {
echo "{$client}\n";
}



I agree with this logic overall.  The above is of course just 
oversimplified demo code, but I'd like to mention a few details I 
would change before putting this into practice.


The syntax "$result = mysql_query($sql) OR die();" is nicely compact 
but obfuscates the program logic.  PHP is not actually ORing two 
values, it's halting execution halfway through the statement if 
mysql_query() returns true.  This constitutes a hack because it 
depends entirely on the way the parser processes code rather than on 
explicit elements of the language.  To help keep legacy code from 
crashing with PHP version X I'd break this into two statements: run 
the query, then act on the result.  The parser won't care, and your 
code will be more easily readable by us humans.


Displaying mysql_error() is great for the developer but in a public 
application will expose the names of tables and fields to the public 
who shouldn't really see your wires and pipes.


mysql_error() doesn't usually contain the entire query and doesn't 
always contain the segment of the query that actually caused the 
error, so I always add the full query to the error message to save 
time in debugging.


Finally, die()ing on a mysql error is pretty harsh; a friendlier 
application would return the error state to parent layers, translate 
the error into advice a non-technical user can deal with, and display 
it in a way that doesn't crash the page.


Rather than trying to remember to go through the code later fixing 
these bits, I suggest adopting a convention early on that suits both 
development and publication, such as:

___

define('bDebug', true);
...
$bResult = mysql_query($sql);
if (!$bResult) return ReportSQLError('checking user name', 
mysql_errno(), mysql_error(), $sql);

...
function ReportSQLError($context, $errno, $errorMsg, $sql)
{
if (bDebug)
{
die("MYSQL ERROR $errno $context:/>\n$errorMsg\n$sql");

}
else
{
return $generate_friendly_error_message;
}
}
___

Regards,

Paul
__

Paul Novitski
Juniper Webcraft Ltd.
http://juniperwebcraft.com 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] coding MySQL error traps [WAS: mysql if empty]

2007-04-10 Thread Jim Lucas 

Paul Novitski wrote:



$sql = "SELECT Client FROM booked WHERE Name = 'larry'";

$result = mysql_query($sql) OR die('[MYSQL ERROR] - 
['.mysql_errno().']'.mysql_error());


while ( list($client) = mysql_fetch_row($result) ) {
echo "{$client}\n";
}



I agree with this logic overall.  The above is of course just 
oversimplified demo code, but I'd like to mention a few details I would 
change before putting this into practice.


The syntax "$result = mysql_query($sql) OR die();" is nicely compact but 
obfuscates the program logic.  PHP is not actually ORing two values, 
it's halting execution halfway through the statement if mysql_query() 
returns true.  This constitutes a hack because it depends entirely on 
the way the parser processes code rather than on explicit elements of 
the language.  To help keep legacy code from crashing with PHP version X 
I'd break this into two statements: run the query, then act on the 
result.  The parser won't care, and your code will be more easily 
readable by us humans.


Displaying mysql_error() is great for the developer but in a public 
application will expose the names of tables and fields to the public who 
shouldn't really see your wires and pipes.


mysql_error() doesn't usually contain the entire query and doesn't 
always contain the segment of the query that actually caused the error, 
so I always add the full query to the error message to save time in 
debugging.


Finally, die()ing on a mysql error is pretty harsh; a friendlier 
application would return the error state to parent layers, translate the 
error into advice a non-technical user can deal with, and display it in 
a way that doesn't crash the page.


Rather than trying to remember to go through the code later fixing these 
bits, I suggest adopting a convention early on that suits both 
development and publication, such as:

___

define('bDebug', true);
...
$bResult = mysql_query($sql);
if (!$bResult) return ReportSQLError('checking user name', 
mysql_errno(), mysql_error(), $sql);

...
function ReportSQLError($context, $errno, $errorMsg, $sql)
{
if (bDebug)
{
die("MYSQL ERROR $errno $context:\n$errorMsg/>\n$sql");

}
else
{
return $generate_friendly_error_message;
}
}
___

Regards,

Paul
__

Paul Novitski
Juniper Webcraft Ltd.
http://juniperwebcraft.com


Yes, this was intended to only show the OP a very simple way to get done what 
they were wanting to do.


--
Enjoy,

Jim Lucas

Different eyes see different things. Different hearts beat on different strings. But there are times 
for you and me when all such things agree.


- Rush

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Oputting Forms Within a Class

2007-04-10 Thread Richard Davey 

CK wrote:


private function buildInt(){



//Form elements omitted for brevity



 }
}
?>

This is returned to the browser:

"Parse error: syntax error, unexpected '<' in 
/Users/chris/Sites/php/oop/class.calculator.php on line 20"


Your buildInt() function jumps directly from PHP into HTML output, 
without first closing the currently open PHP tag. It needs to be:


private function buildInt()
{
?>

.. blah blah ..
The approach you are taking for this is going to cause you headaches in 
the future. I would strongly recommend that you make your class file do 
one of two things:


1) ECHO out the HTML, rather than dropping in and out of PHP. It gets 
real messy, real quick, especially when embedded in class files.


2) Build-up the HTML into a string and return it back to the calling PHP 
script, which can then echo it as required. I.e capture the output of 
your class, don't let the class itself ever output anything. (i.e. start 
to separate the presentation from the logic, if only mildly in this case)


Cheers,

Rich
--
Zend Certified Engineer
http://www.corephp.co.uk

"Never trust a computer you can't throw out of a window"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Oputting Forms Within a Class

2007-04-10 Thread Davi 
Em Terça 10 Abril 2007 14:49, CK escreveu:
> Hi All,
>
> Experimenting with OOP PHP,please be gentle. Attempting to output a
> form within a class:
>
>  From calculator.php:
>
>  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
> 
> 
> Calculator OOP PHP
> 
>
> 
>  include "class.calculator.php";
>
> ?>
> 
> 
>
>
>  From class.calculator.php:
>  class Calculator{
> //variable declaration
> //constuctor function
> function __construct(){//calls all methods
>   $this->buildInt();
> }
>
>
> private function buildInt(){
> 
>
> 
>   //Form elements omitted for brevity
>
> 
>   }
> }
> ?>
>
> This is returned to the browser:
>
> "Parse error: syntax error, unexpected '<' in /Users/chris/Sites/php/
> oop/class.calculator.php on line 20"
>
> What concept did I miss, if some online reference is available please
> pass along?

You can have a look at echo docs [1]. You'll found intersting things there... 
=]

What about:

 private function buildInt(){
echo <<

 
//Form elements omitted for brevity

 
MY_FORM;
   }


Enjoy!! =]



[1] - http://www.php.net/manual/en/function.echo.php


-- 
Davi Vidal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--

Agora com fortune:
"NOTICE:

-- THE ELEVATORS WILL BE OUT OF ORDER TODAY --

(The nearest working elevator is in the building across the street.)"

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Array remove function?

2007-04-10 Thread Tijnema ! 

Hi,

Is there currently a function that removes a key/value from an array?
I use this code right now:
function array_remove($array,$remove,$remove_value = true)
{
foreach($array as $key => $value) {
if($remove_value && $value != $remove) {
$new_array[$key] = $value;
} elseif (!$remove_value && $key != $remove) {
$new_array[$key] = $value;
}
}
return $new_array;
}

array_remove(array(1=>2,2=>3),2,true); // array (2=>3)
array_remove(array(1=>2,2=>3),2,false); // array (1=>2)

Anyone knows if there already exists such function?

Else should i create future request?

Tijnema

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Array remove function?

2007-04-10 Thread Richard Lynch 
http://php.net/unset


On Tue, April 10, 2007 2:49 pm, Tijnema ! wrote:
> Hi,
>
> Is there currently a function that removes a key/value from an array?
> I use this code right now:
> function array_remove($array,$remove,$remove_value = true)
> {
>   foreach($array as $key => $value) {
>   if($remove_value && $value != $remove) {
>   $new_array[$key] = $value;
>   } elseif (!$remove_value && $key != $remove) {
>   $new_array[$key] = $value;
>   }
>   }
>   return $new_array;
> }
>
> array_remove(array(1=>2,2=>3),2,true); // array (2=>3)
> array_remove(array(1=>2,2=>3),2,false); // array (1=>2)
>
> Anyone knows if there already exists such function?
>
> Else should i create future request?
>
> Tijnema
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Array remove function?

2007-04-10 Thread Tijnema ! 

On 4/10/07, Richard Lynch <[EMAIL PROTECTED]> wrote:

http://php.net/unset


That works when you know the key, but will that work when you only
know the value?

Tijnema



On Tue, April 10, 2007 2:49 pm, Tijnema ! wrote:
> Hi,
>
> Is there currently a function that removes a key/value from an array?
> I use this code right now:
> function array_remove($array,$remove,$remove_value = true)
> {
>   foreach($array as $key => $value) {
>   if($remove_value && $value != $remove) {
>   $new_array[$key] = $value;
>   } elseif (!$remove_value && $key != $remove) {
>   $new_array[$key] = $value;
>   }
>   }
>   return $new_array;
> }
>
> array_remove(array(1=>2,2=>3),2,true); // array (2=>3)
> array_remove(array(1=>2,2=>3),2,false); // array (1=>2)
>
> Anyone knows if there already exists such function?
>
> Else should i create future request?
>
> Tijnema
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-10 Thread tedd 

At 1:17 PM -0400 4/10/07, Robert Cummings wrote:

-snip-

That should have read: "... since no subset of..."


Oh well, now it makes sense ! :-)

Actually, I see exactly what you are saying. If you take a small 
portion of a file and MD5 it, it will give you a signature. If I 
simply change a single pixel in the image and that pixel is NOT 
included in the small portion you use for your MD5, then the MD5 
check will return the same signature as before the alteration.


However, if your portion includes the pixel change, then the 
resultant MD5 will be different. That's the reason why you need to 
alter a significant portion of the image so that smaller portions 
will probably contain some alteration.


Thanks for explaining that.

tedd


--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] MD5 & bot Question

2007-04-10 Thread Tijnema ! 

On 4/10/07, tedd <[EMAIL PROTECTED]> wrote:

At 1:17 PM -0400 4/10/07, Robert Cummings wrote:
>-snip-
>
>That should have read: "... since no subset of..."

Oh well, now it makes sense ! :-)

Actually, I see exactly what you are saying. If you take a small
portion of a file and MD5 it, it will give you a signature. If I
simply change a single pixel in the image and that pixel is NOT
included in the small portion you use for your MD5, then the MD5
check will return the same signature as before the alteration.

However, if your portion includes the pixel change, then the
resultant MD5 will be different. That's the reason why you need to
alter a significant portion of the image so that smaller portions
will probably contain some alteration.

Thanks for explaining that.

tedd


That just means that you should store about 10-20 MD5 summed parts,
and then take the same 10-20 parts (and MD5 sum) and compare, and if a
few (or maybe just 1) match, then you know it's same image :)

Tijnema








--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Directory List Script Files over 2 GB

2007-04-10 Thread Robert M 

Hello everyone

My OS information is
PHP Version 5.1.6
Apache/2.2.2 (Fedora)
Fedora Core 5 Kernel 2.6.20-1.2307.fc5


I am having some trouble with a script that displays files within a
directory.
the script does not appear to be displaying large files and the date thaty
is displayed on these large files is Dec-31-69

I did not create the script I downloaded it from
www.celerondude.com/php-indexer
I also tried to get some assistance from the authors site but have not been
repsonded to yet, so I thought I would try here.

The script itself is using php readdir and some javascript functions which
is why I am so confused.

the main portions of the script is

$f,'date'=>filemtime($path.$f),'url'=>'/backupdirs1.php?dir='.rawurlencode(trim("$dir/$f",'/')));


else$files[]=array('name'=>$f,'size'=>filesize($path.$f),'date'=>filemtime($path.$f),'url'=>trim("$root/$dir/".rawurlencode($f),'/'));
}
closedir($h);
$current_dir_name = basename($dir);
$up_dir=dirname($dir);
$up_url=($up_dir!=''&&$up_dir!='.')?'/backupdirs1.php?dir='.rawurlencode($up_dir):'/backupdirs1.php';
// END PHP ?>


Then within the actual HTML I have the following javascript