RE: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Zoltán Németh]

2008. 01. 18, péntek keltezéssel 20.03-kor Andrés Robinet ezt írta:
> Hey, your script doesn't like me, is it that you need
> quoted_printable_decode?
> 
> =?iso-8859-1?Q?Andr=E9s_Robinet?=

it does not like me either. ;)
=?ISO-8859-1?Q?Zolt=E1n_N=E9meth?=

for a similar task I wrote a function using imap_mime_header_decode and
mb_decode_mimeheader.
I'm sure he can solve it so this time I don't look up and post that
function, but I can if requested.

greets
Zoltán Németh

> 
> Rob
> > -Original Message-
> > From: Jay Blanchard [mailto:[EMAIL PROTECTED]
> > Sent: Friday, January 18, 2008 7:38 PM
> > To: PostTrack [Dan Brown]; php-general@lists.php.net
> > Subject: RE: [PHP] Posting Summary for Week Ending 18 January, 2008:
> > php-general@lists.php.net
> > 
> > Wow, I wasn't on the list. And I top posted. I really suck.
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of PostTrack [Dan
> > Brown]
> > Sent: Friday, January 18, 2008 3:01 PM
> > To: php-general@lists.php.net
> > Subject: [PHP] Posting Summary for Week Ending 18 January, 2008:
> > php-general@lists.php.net
> > 
> > 
> > Posting Summary for PHP-General List
> > Week Ending: Friday, 18 January, 2008
> > 
> > Messages| Bytes   | Sender
> > +-+--
> > 514 (100%) 975244 (100%)  EVERYONE
> > 69(13.4%)  92431(9.5%)  "Richard Lynch"
> > <[EMAIL PROTECTED]>
> > 46(8.9%)  78933(8.1%)  Jochem Maas
> > <[EMAIL PROTECTED]>
> > 29(5.6%)  48003(4.9%)  "Eric Butera"
> > <[EMAIL PROTECTED]>
> > 28(5.4%)  40764(4.2%)  "Nathan Nobbe"
> > <[EMAIL PROTECTED]>
> > 26(5.1%)  41149(4.2%)  "Daniel Brown"
> > <[EMAIL PROTECTED]>
> > 24(4.7%)  15837(1.6%)   Per Jessen
> > <[EMAIL PROTECTED]>
> > 19(3.7%)  40495(4.2%)  Manuel Lemos
> > <[EMAIL PROTECTED]>
> > 17(3.3%)  21478(2.2%)  Jim Lucas
> > <[EMAIL PROTECTED]>
> > 16(3.1%)  38021(3.9%)
> > =?iso-8859-1?Q?Andr=E9s_Robinet?= <[EMAIL PROTECTED]>
> > 14(2.7%)  10125(1%)  Richard Heyes
> > <[EMAIL PROTECTED]>
> > 11(2.1%)  14946(1.5%)  mike <[EMAIL PROTECTED]>
> > 9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
> > 9(1.8%)  11964(1.2%)  Europus
> > <[EMAIL PROTECTED]>
> > 7(1.4%)  9494(1%)  "Ken Kixmoeller -- reply to
> > [EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> > 7(1.4%)  5637(0.6%)  Chris <[EMAIL PROTECTED]>
> > 6(1.2%)  4881(0.5%)  Naz Gassiep <[EMAIL PROTECTED]>
> > 5(1%)  8497(0.9%)  "Andrew Ballard"
> > <[EMAIL PROTECTED]>
> > 5(1%)  8705(0.9%)
> > =?ISO-8859-1?Q?Zolt=E1n_N=E9meth?= <[EMAIL PROTECTED]>
> > 5(1%)  4932(0.5%)  Sancar Saran
> > <[EMAIL PROTECTED]>
> > 5(1%)  6174(0.6%)   Colin Guthrie
> > <[EMAIL PROTECTED]>
> > 5(1%)  7854(0.8%)  Wang Chen
> > <[EMAIL PROTECTED]>
> > 5(1%)  5875(0.6%)  "Javier Huerta"
> > <[EMAIL PROTECTED]>
> > 4(0.8%)  6000(0.6%)  Pastor Steve
> > <[EMAIL PROTECTED]>
> > 4(0.8%)  2214(0.2%)  "Lucas Prado Melo"
> > <[EMAIL PROTECTED]>
> > 4(0.8%)  11675(1.2%)  "David Giragosian"
> > <[EMAIL PROTECTED]>
> > 4(0.8%)  25354(2.6%)   Apple
> > <[EMAIL PROTECTED]>
> > 4(0.8%)  3892(0.4%)  clive
> > <[EMAIL PROTECTED]>
> > 4(0.8%)  5407(0.6%)  Larry Garfield
> > <[EMAIL PROTECTED]>
> > 4(0.8%)  3479(0.4%)  "Carole E. Mah"
> > <[EMAIL PROTECTED]>
> > 4(0.8%)  3104(0.3%)  Adam Williams
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  2552(0.3%)  tedd
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  5341(0.5%)  Scott Wilcox
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  3021(0.3%)  Max Antonov
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  4873(0.5%)  Casey
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  2819(0.3%)  "Tom Chubb"
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  3728(0.4%)  "mathieu leddet"
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  5052(0.5%)  "Sean-Michael"
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  3182(0.3%)  "A.smith"
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  3111(0.3%)  "Dotan Cohen"
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  4201(0.4%)  Richard
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  3449(0.4%)  "T.Lensselink"
> > <[EMAIL PROTECTED]>
> > 3(0.6%)  4133(0.4%)  julian
> > <[EMAIL PROTECTED]>
> > 2(0.4%)  2182(0.2%)  Paul Scott
> > <[EMAIL PROTECTED]>
> > 2(0.4%)

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Zoltán Németh]

2008. 01. 18, péntek keltezéssel 16.40-kor Jim Lucas ezt írta:
> Daniel Brown wrote:
> > On Jan 18, 2008 4:52 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
> >> PostTrack [Dan Brown] wrote:
> >>>   514 (100%) 975244 (100%)  EVERYONE
> >>>   69(13.4%)  92431(9.5%)  "Richard Lynch" <[EMAIL 
> >>> PROTECTED]>
> >>>   9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
> >>>   5(1%)  8497(0.9%)  "Andrew Ballard" <[EMAIL 
> >>> PROTECTED]>
> >>>   4(0.8%)  6000(0.6%)  Pastor Steve <[EMAIL 
> >>> PROTECTED]>
> >>>   2(0.4%)  201342(20.6%)  Improve Your Life 
> >>> Style<[EMAIL PROTECTED]>
> >> I need more str_pad()  :)
> > 
> > It's easier to give more cowbell.  ;-P
> > 
> > I actually thought the first comment on this would be how Richard
> > came out this afternoon at about 3:30p and started replying to every
> > thread.  The guy has fingers that are faster than most people blink, I
> > swear it!  His keyboard must smoke, sizzle, and pop at the end of the
> > day.
> > 
> 
> Does anybody know of a site/tool that will allow me to search the entire 
> archive of the mailing list.  I can't seem to find a search tool on the 
> php.net site.

for this I use
http://marc.info/?l=php-general


> 
> Plus, what about a tool/site that would allow me to view a graph of the 
> entire of the list/archive?  A graph including, but not limited to 
> post/person post/email address   posts/day  posts/country  etc...

I have no idea about this one...

greets
Zoltán Németh

> 
> Thanks
> 
> -- 
> Jim Lucas
> 
> "Some men are born to greatness, some achieve greatness,
> and some have greatness thrust upon them."
> 
> Twelfth Night, Act II, Scene V
>  by William Shakespeare
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Question About Blocking Email Addresses in Forms

[Per Jessen]

Richard Lynch wrote:

> On Fri, January 18, 2008 10:41 am, Per Jessen wrote:
>> 2. check that the domain exists and has an MX.
> 
> I believe this will foul you up...
> 
> I *think* many domains just use their regular domain as MX if there is
> no MX.

We've been using the method on public forms for at least 3 years with no
issues.  I have yet to come across a domain that actually does not have
an MX record and just relies on the default working.  But if it should
ever become a problem, the check is easily changed to look for an
A-record, which IS required for email-delivery.

> And the Bad Guy can easily change tactics to use [EMAIL PROTECTED] or
> whatever, once they figure out you only check for MX records...
> Though it could work as a stop-gap measure at least.

Sure - my two-step validation without CAPTCHA is minimal effort, but
that's good enough for me for the time being. 


/Per Jessen, Zürich

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Expand variable in comparison

[Jochem Maas]

Marcus schreef:

Hi!


Is there any way to get the following snippet returning a true?


...
$this->var = ?


$this->var = $preDefinedStringToTestWith;

echo $preDefinedStringToTestWith;


if ($this->var == $preDefinedStringToTestWith)
return true;
else
false;


what are you trying to do exactly? show us the code.



The problem:
I don't know, what $preDefinedStringToTestWith is!
$this->var can be set to any string.

I tried
$this->var = "${preDefinedStringToTestWith}"
but this doesn't get expanded.


Thanks for your help,

Marcus.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Per Jessen]

Eric Butera wrote:

> 
> Check out this blog post:
> http://www.tagarga.com/blok/on/070116

I can't believe someone actually bothered writing this up.


/Per Jessen, Zürich

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Jochem Maas]

Per Jessen schreef:

Eric Butera wrote:


Check out this blog post:
http://www.tagarga.com/blok/on/070116


I can't believe someone actually bothered writing this up.



why?  not everyone is as experienced as you - some people might genuinely
find this useful.

no?



/Per Jessen, Zürich



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Per Jessen]

Jochem Maas wrote:

> Per Jessen schreef:
>> Eric Butera wrote:
>> 
>>> Check out this blog post:
>>> http://www.tagarga.com/blok/on/070116
>> 
>> I can't believe someone actually bothered writing this up.
>> 
> 
> why?  not everyone is as experienced as you - some people might
> genuinely find this useful.
> 
> no?

Well, yeah, I guess so - it just seems so basic and something that most
people would know to solve with printf(). 
It's the sort of problem, where I can't help thinking "if you can't work
this out on your own, should you really be programming?"
Apologies if that sounds arrogant to you. 


/Per Jessen, Zürich

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Question About Blocking Email Addresses in Forms

[Richard Heyes]

Or even a simple text CAPTCHA "What is 16 divided by 4?".

Careful though, I made a class which converted numbers to text
(TextualNumbers IIRC) and it got broken.


Almost any CAPTCHA can be broken if somebody wants it badly enough.

Some are easier than others, of course.

But you get rid of a LOT of bottom-feeders with a CAPTCHA.

CAPTCHA has serious usability drawbacks, however.

I would suggest NOT going for something really hard for a human to use
-- I believe that it won't make THAT much difference to the number of
junk eliminated.


When I introduced a CAPTCHA on my blog (http://www.phpguru.org) site it 
reduced comment spam by nearly 100%. Not completely; I still get maybe 1 
per month, but it was well worth adding.


--
Richard Heyes
http://www.websupportsolutions.co.uk

Knowledge Base and Helpdesk software that eases your support
burden and helps increase your sales.

** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[David Powers]

PostTrack [Dan Brown] wrote:

Posting Summary for PHP-General List


Thanks a bundle, Dan, for publicizing everyone's email address. All the 
addresses are in plain text, even on the news server web interface ready 
for spambots to harvest.


--
David Powers

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Richard Heyes]

Check out this blog post:
http://www.tagarga.com/blok/on/070116

I can't believe someone actually bothered writing this up.


why?  not everyone is as experienced as you - some people might
genuinely find this useful.

no?


Well, yeah, I guess so - it just seems so basic and something that most
people would know to solve with printf(). 
It's the sort of problem, where I can't help thinking "if you can't work

this out on your own, should you really be programming?"
Apologies if that sounds arrogant to you. 


Admittedly coming to the thread rather late, but this chap obviously 
hasn't come across the Console_Table class in PEAR.


--
Richard Heyes
http://www.websupportsolutions.co.uk

Knowledge Base and Helpdesk software that eases your support
burden and helps increase your sales.

** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Still can't fix it.

[Apple7777]

Still can't fix it. I've checked everything like 20-30 times, I feel like crazy.
Everything should work fine, but it doesn't. :(

If anyone have an idea about what it can be, please let me know.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Still can't fix it.

[Nathan Nobbe]

On Jan 19, 2008 9:54 AM, Apple <[EMAIL PROTECTED]> wrote:

> Still can't fix it. I've checked everything like 20-30 times, I feel like
> crazy.
> Everything should work fine, but it doesn't. :(


im installing mencode; atm; ill mess with it for a little while once its
finished.

-nathan

Re: [PHP] Still can't fix it.

[Nathan Nobbe]

ok,
it seems to be working, pretty easily for me; note, this code is a gross
oversimplification
of anything i would use in production; its just a little test script.



here is the url i go to to trigger the script:
http://localhost/mEncode.php?sourceFile=WindowsMedia.wmv&destFile=WindowsMedia.avi

and heres the last bit of the output from the browser:
WindowsMedia.avi created successfully!

have you been trying to run the script from the cli, or from the browser?
i would first try to run your php script from the cli; eg.
php myMencoderScript.php  

if it works there, and not from the browser, id imagine its a permissions
issue.  but i was able
to run my script from the browser, w/o altering the perms on the mencoder
binary, as the stock
perms on my box are:
[EMAIL PROTECTED] ~/Desktop $ ls -l /usr/bin/mencoder
-rwxr-xr-x 1 root root 6637020 Jan 19 10:38 /usr/bin/mencoder

you can find out what they are on your system by issuing;
ls -l `which mencoder`

if other is, r-x, you should be good to go.  if your script isnt working
from the cli
then something probly needs to be cleaned up in there.  try to make it as
simple as
possible to start out.  once you get it working, you can add all the other
features you want.

-nathan

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Jochem Maas]

David Powers schreef:

PostTrack [Dan Brown] wrote:

Posting Summary for PHP-General List


Thanks a bundle, Dan, for publicizing everyone's email address. All the 
addresses are in plain text, even on the news server web interface ready 
for spambots to harvest.


that horse had bolted long before dan ever wrote & ran his script. I really
can't see how dan has made things any worse .. all the posters to this list
(and countless other lists) have been 'exposed' hundreds of times over already.



--
David Powers



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Daniel Brown]

On Jan 19, 2008 8:39 AM, David Powers <[EMAIL PROTECTED]> wrote:
> PostTrack [Dan Brown] wrote:
> >   Posting Summary for PHP-General List
>
> Thanks a bundle, Dan, for publicizing everyone's email address. All the
> addresses are in plain text, even on the news server web interface ready
> for spambots to harvest.

My pleasure, David but before you start sounding *completely*
victimized and pointing the finger, you may want to think about the
fact that your email address is already plain text on some of the
archive sites --- including MARC.  Just go to Google and type in your
address five results with plain text email address posting (and
much more when you visit each link).

However, if it's that big of a deal to you or anyone else, let me
know and I'll have the script omit your address from the report.  I'm
still going to track the information, including each email address,
but I'll remove the addresses of those who may otherwise have nothing
to whine about.  ;-P

Aside from that, Zoltan, if you happen to be able to find the
function to post without much problem, feel free, and I'll look into
incorporating it into the script.  Otherwise, I can fix it myself.  My
fault for not thinking about non-English characters and such.

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Still can't fix it.

[Jochem Maas]

Apple schreef:

Still can't fix it. I've checked everything like 20-30 times, I feel like crazy.
Everything should work fine, but it doesn't. :(

If anyone have an idea about what it can be, please let me know.


what's you exact code? how [exactly] do you run the code?





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Still can't fix it.

[Nathan Nobbe]

On Jan 19, 2008 11:13 AM, Jochem Maas <[EMAIL PROTECTED]> wrote:

> Apple schreef:
> > Still can't fix it. I've checked everything like 20-30 times, I feel
> like crazy.
> > Everything should work fine, but it doesn't. :(
> >
> > If anyone have an idea about what it can be, please let me know.
>
> what's you exact code? how [exactly] do you run the code?


i just posted my exact code and the url used to invoke it.
to change it to work from the cli; ive changed $_GET['sourceFile'] to
$argv[1], and $_GET['destFile'] to $argv[2].  then i can run it as follows
php mEncode.php WindowsMedia.wmv WindowsMedia.avi

and it works on my box.

-nathan

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Nathan Nobbe]

i think the script is pretty cool, dan ;)

-nathan

Re: [PHP] Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Wolf]

Sending to the LIST this time...  I personally replied, how dumb was *I* 
this morning...  And top posted...  Twice...


Dang Jay, you feeling OK?  You've been quiet the last week...  Or did 
Richard just tie you up so you couldn't post and he could get top honors 
this week?   :)


Jay Blanchard wrote:

Wow, I wasn't on the list. And I top posted. I really suck.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of PostTrack [Dan
Brown]
Sent: Friday, January 18, 2008 3:01 PM
To: php-general@lists.php.net
Subject: [PHP] Posting Summary for Week Ending 18 January, 2008:
php-general@lists.php.net


Posting Summary for PHP-General List
Week Ending: Friday, 18 January, 2008

Messages| Bytes   | Sender
+-+--
514 (100%) 975244 (100%)  EVERYONE
69(13.4%)  92431(9.5%)  "Richard Lynch"
<[EMAIL PROTECTED]>
46(8.9%)  78933(8.1%)  Jochem Maas
<[EMAIL PROTECTED]>
29(5.6%)  48003(4.9%)  "Eric Butera"
<[EMAIL PROTECTED]>
28(5.4%)  40764(4.2%)  "Nathan Nobbe"
<[EMAIL PROTECTED]>
26(5.1%)  41149(4.2%)  "Daniel Brown"
<[EMAIL PROTECTED]>
24(4.7%)  15837(1.6%)   Per Jessen
<[EMAIL PROTECTED]>
19(3.7%)  40495(4.2%)  Manuel Lemos
<[EMAIL PROTECTED]>
17(3.3%)  21478(2.2%)  Jim Lucas
<[EMAIL PROTECTED]>
16(3.1%)  38021(3.9%)
=?iso-8859-1?Q?Andr=E9s_Robinet?= <[EMAIL PROTECTED]>
14(2.7%)  10125(1%)  Richard Heyes
<[EMAIL PROTECTED]>
11(2.1%)  14946(1.5%)  mike <[EMAIL PROTECTED]>
9(1.8%)  22245(2.3%)  Wolf <[EMAIL PROTECTED]>
9(1.8%)  11964(1.2%)  Europus
<[EMAIL PROTECTED]>
7(1.4%)  9494(1%)  "Ken Kixmoeller -- reply to
[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
7(1.4%)  5637(0.6%)  Chris <[EMAIL PROTECTED]>
6(1.2%)  4881(0.5%)  Naz Gassiep <[EMAIL PROTECTED]>
5(1%)  8497(0.9%)  "Andrew Ballard"
<[EMAIL PROTECTED]>
5(1%)  8705(0.9%)
=?ISO-8859-1?Q?Zolt=E1n_N=E9meth?= <[EMAIL PROTECTED]>
5(1%)  4932(0.5%)  Sancar Saran
<[EMAIL PROTECTED]>
5(1%)  6174(0.6%)   Colin Guthrie
<[EMAIL PROTECTED]>
5(1%)  7854(0.8%)  Wang Chen
<[EMAIL PROTECTED]>
5(1%)  5875(0.6%)  "Javier Huerta"
<[EMAIL PROTECTED]>
4(0.8%)  6000(0.6%)  Pastor Steve
<[EMAIL PROTECTED]>
4(0.8%)  2214(0.2%)  "Lucas Prado Melo"
<[EMAIL PROTECTED]>
4(0.8%)  11675(1.2%)  "David Giragosian"
<[EMAIL PROTECTED]>
4(0.8%)  25354(2.6%)   Apple
<[EMAIL PROTECTED]>
4(0.8%)  3892(0.4%)  clive
<[EMAIL PROTECTED]>
4(0.8%)  5407(0.6%)  Larry Garfield
<[EMAIL PROTECTED]>
4(0.8%)  3479(0.4%)  "Carole E. Mah"
<[EMAIL PROTECTED]>
4(0.8%)  3104(0.3%)  Adam Williams
<[EMAIL PROTECTED]>
3(0.6%)  2552(0.3%)  tedd
<[EMAIL PROTECTED]>
3(0.6%)  5341(0.5%)  Scott Wilcox
<[EMAIL PROTECTED]>
3(0.6%)  3021(0.3%)  Max Antonov
<[EMAIL PROTECTED]>
3(0.6%)  4873(0.5%)  Casey
<[EMAIL PROTECTED]>
3(0.6%)  2819(0.3%)  "Tom Chubb"
<[EMAIL PROTECTED]>
3(0.6%)  3728(0.4%)  "mathieu leddet"
<[EMAIL PROTECTED]>
3(0.6%)  5052(0.5%)  "Sean-Michael"
<[EMAIL PROTECTED]>
3(0.6%)  3182(0.3%)  "A.smith"
<[EMAIL PROTECTED]>
3(0.6%)  3111(0.3%)  "Dotan Cohen"
<[EMAIL PROTECTED]>
3(0.6%)  4201(0.4%)  Richard
<[EMAIL PROTECTED]>
3(0.6%)  3449(0.4%)  "T.Lensselink"
<[EMAIL PROTECTED]>
3(0.6%)  4133(0.4%)  julian
<[EMAIL PROTECTED]>
2(0.4%)  2182(0.2%)  Paul Scott
<[EMAIL PROTECTED]>
2(0.4%)  2793(0.3%)  "Janet N"
<[EMAIL PROTECTED]>
2(0.4%)  11021(1.1%)  Jason Pruim
<[EMAIL PROTECTED]>
2(0.4%)  1818(0.2%)  Pierre Pintaric
<[EMAIL PROTECTED]>
2(0.4%)  2855(0.3%)  "Churchill, Craig"
<[EMAIL PROTECTED]>
2(0.4%)  201342(20.6%)  Improve Your Life
Style<[EMAIL PROTECTED]>
2(0.4%)  2542(0.3%)  Bastien Koert
<[EMAIL PROTECTED]>
2(0.4%)  1002(0.1%)  Silvio Porcellana
<[EMAIL PROTECTED]>
2(0.4%)  2947(0.3%)  Danny Brow
<[EMAIL PROTECTED]>
2(0.4%)  4571(0.5%)  Steve Ed

Re: [PHP] Re: system command runs application, but application doesn't work correctly

[Richard Lynch]

When you run it from the shell, you are you.

When you run it from a PHP web-server, you are not you.  You are
whatever user is configured in httpd.conf

That user will not have the same rights/permissions as you do.

They also won't have your same environment, e.g., home directory $HOME.

Check permissions on all files/directories.

Use complete pathnames from the root hard drive:
/home/apple/path/to/$outputFile

On Thu, January 17, 2008 5:48 pm, Apple wrote:
> Richard Lynch  l-i-e.com> writes:
>
>>
>> Try writing a 2-line .sh (shell) script that does what you want, and
>> call that 2-liner from exec().
>
>
> Thanks for idea, Richard. But it doesn't work.
>
> I wrote code as you said:
>
> 
> $first = "/usr/local/bin/mencoder -vf scale=448:-3,expand=448:336 -sws
> 9 -of
> lavf -ovc lavc -lavcopts
> vcodec=flv:vbitrate=250:trell:v4mv:mv0:mbd=2:cbp:aic:cmp=3:subcmp=3:vpass=1
> -frames 800 -ofps 24000/1001 -oac mp3lame -lameopts abr:br=64:mode=0
> -channels 1
> -srate 22050 -of lavf -lavfopts format=flv -o ".$outputFile."
> /home/re/ff/logo7.avi ".$inputFile."\n";
> $second = "/usr/local/bin/mencoder -vf scale=448:-3,expand=448:336
> -sws 9 -of
> lavf -ovc lavc -lavcopts
> vcodec=flv:vbitrate=250:trell:v4mv:mv0:mbd=2:cbp:aic:cmp=3:subcmp=3:vpass=2
> -frames 800 -ofps 24000/1001 -oac mp3lame -lameopts abr:br=64:mode=0
> -channels 1
> -srate 22050 -of lavf -lavfopts format=flv -o ".$outputFile."
> /home/re/ff/logo7.avi ".$inputFile;
>
> $fp = fopen("/home/re/video/enc", "w");
> fwrite($fp, $first);
> fwrite($fp, $second);
> fclose($fp);
>
> exec("/bin/bash /home/re/video/enc");
> 
>
>
> I've also tried system() instead of exec(), and it displayed same
> output text as
> I posted above.
>
> The strangest thing is when I run this script from shell, everything
> works fine!
> Video encodes well. But when I call that script from PHP, nothing
> works.
>
> Another strange thing is I run ImageMajick with system() in a lot of
> scripts on
> the same server and everything works fine.
>
> What is the problem? Do you have any idea?
>
>
>
>
>
>
>
>
>
>
>
>>
>> On Thu, January 17, 2008 6:46 am, Apple wrote:
>> > Daniel Brown  gmail.com> writes:
>> >
>> >> Try replacing system() with die() and letting it print out
>> the
>> >> information full command string.  That may give you an idea of a
>> >> variable that's either incorrect or undefined.  If you copy and
>> >> paste
>> >> it and run the command from the command line and it works, then
>> it
>> >> may
>> >> be permissions issues.
>> >
>> > Daniel,
>> >
>> > This doesn't display anything:
>> > die($first);
>> > die($second);
>> >
>> > Full commands are:
>> > first: /usr/local/bin/mencoder -vf scale=448:-3,expand=448:336
>> -sws 9
>> > -of lavf
>> > -ovc lavc -lavcopts
>> > vcodec=flv:vbitrate=250:trell:v4mv:mv0:mbd=2:cbp:aic:cmp=3:subcmp=3:vpass=1
>> > -frames 800 -ofps 24000/1001 -oac mp3lame -lameopts
>> abr:br=64:mode=0
>> > -channels 1
>> > -srate 22050 -of lavf -lavfopts format=flv -o
>> /home/re/video/2/16.flv
>> > /home/re/ff/logo7.avi /home/re/video/2/16temp
>> >
>> > second:
>> > /usr/local/bin/mencoder -vf scale=448:-3,expand=448:336 -sws 9 -of
>> > lavf -ovc
>> > lavc -lavcopts
>> > vcodec=flv:vbitrate=250:trell:v4mv:mv0:mbd=2:cbp:aic:cmp=3:subcmp=3:vpass=1
>> > -frames 800 -ofps 24000/1001 -oac mp3lame -lameopts
>> abr:br=64:mode=0
>> > -channels 1
>> > -srate 22050 -of lavf -lavfopts format=flv -o
>> /home/re/video/2/16.flv
>> > /home/re/ff/logo7.avi /home/re/video/2/16temp
>> >
>> >
>> > I've set permissions of all test files and directories to 777. But
>> > still my
>> > script doesn't work.
>> >
>> >
>> >
>> >
>> >>
>> >> One part of the snipped content that I noticed kept repeating
>> is
>> >> the following (and actually ending with this line):
>> >> 'VDecoder init failed :( Read DOCS/HTML/en/codecs.html'
>> >>
>> >> Did you follow the advice and read that document?
>> >
>> > Yes. It's just describes codecs. But I know mencoder support those
>> > codecs,
>> > because it encodes videos when it's called from SSH.
>> >
>> >
>> >> Beyond that, it's a question that should probably instead be
>> >> asked
>> >> on a mencoder mailing list, since PHP's system() function is
>> working
>> >> correctly, but apparently isn't getting the information it needs
>> to
>> >> pass stuff back-and-forth with the system.
>> >>
>> >
>> >
>> >
>> >
>> > I've already asked this question in Mencoder group, by noone
>> replied.
>> >
>> > I thinkit's because mencoder works fine and it doesn't work only
>> when
>> > I call it
>> > from PHP.
>> >
>> > The thing is when I copy/paste commands above to SSH, everything
>> works
>> > fine.
>> >
>> > Do you have any thoughts?
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >
>> >
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] Re: system command runs application, but application doesn't work correctly

[Richard Lynch]

On Fri, January 18, 2008 4:49 pm, Apple wrote:
> I wonder is it possible to run system() command, so mencoder will run
> as from
> root (user "500") and not PHP (user "43").

No.

system() versus exec() has nothing to do with which user runs it.

They only differ in how they handle input/output to your script.

exec is the most flexible, so use that.

> Maybe that's the problem?

If would be a HUGE problem if PHP could run as root, at all. [shudder]

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Richard Lynch]

On Sat, January 19, 2008 7:39 am, David Powers wrote:
> PostTrack [Dan Brown] wrote:
>>  Posting Summary for PHP-General List
>
> Thanks a bundle, Dan, for publicizing everyone's email address. All
> the
> addresses are in plain text, even on the news server web interface
> ready
> for spambots to harvest.

I agree with you in spirit.

This mailing list is already archived/re-posted in SO many places that
one more won't make much difference...

Still, every little bit helps.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: system command runs application, but application doesn't work correctly

[Apple7777]

Richard Lynch  l-i-e.com> writes:

> They also won't have your same environment, e.g., home directory $HOME.
> 
> Check permissions on all files/directories.
> 
> Use complete pathnames from the root hard drive:
> /home/apple/path/to/$outputFile

I do that. All permissions (files and directories) are set to 777.

I use complete paths for mencoder, input files and output file.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Still can't fix it.

[Apple7777]

Nathan Nobbe  gmail.com> writes:


> have you been trying to run the script from the cli, or from the browser?
> i would first try to run your php script from the cli; eg.
> php myMencoderScript.php  
> 

I've tried only to run it from browser.

I've just tried to run it from cli and I get error message:

Fatal error: Call to undefined function mysql_connect() in
/home/re/videoEncode.php on line 3

It seems CLI version doesn't use mysql (non cli PHP compiled with 
mysql built-in).

I will write simplier script without using mysql.


> if it works there, and not from the browser, id imagine its a permissions
> issue.  but i was able
> to run my script from the browser, w/o altering the perms on the mencoder
> binary, as the stock
> perms on my box are:
> nathan  trident ~/Desktop $ ls -l /usr/bin/mencoder
> -rwxr-xr-x 1 root root 6637020 Jan 19 10:38 /usr/bin/mencoder
> 
> you can find out what they are on your system by issuing;
> ls -l `which mencoder`
> 

It outputs:
-rwxr-xr-x 1 root root 8097152 Jan 13 20:46 /usr/local/bin/mencoder


> if other is, r-x, you should be good to go.  if your script isnt working
> from the cli
> then something probly needs to be cleaned up in there.  try to make it as
> simple as
> possible to start out.  once you get it working, you can add all the other
> features you want.
> 
> -nathan
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[David Powers]

Daniel Brown wrote:

My pleasure, David but before you start sounding *completely*
victimized and pointing the finger, you may want to think about the
fact that your email address is already plain text on some of the
archive sites --- including MARC.  Just go to Google and type in your
address five results with plain text email address posting (and
much more when you visit each link).


Yes, and it's obvious how that happens. It's because people, including 
yourself, don't have the courtesy to set up your email or newreader 
program to remove the sender's address from replies.



However, if it's that big of a deal to you or anyone else, let me
know and I'll have the script omit your address from the report.  I'm
still going to track the information, including each email address,
but I'll remove the addresses of those who may otherwise have nothing
to whine about.


This isn't a whine. The reason the PHP lists require a genuine email 
address for posting is to cut back on spam. I managed to keep this 
address spam-free for many years. Not any longer. Your action has not 
helped.


If you intend to store the email addresses of people using this mailing 
list, there should be a clear statement of privacy policy on the PHP 
site. If there is one, I couldn't find it.


--
David Powers

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Still can't fix it.

[Apple7777]

Jochem Maas  iamjochem.com> writes:

> 
> Apple schreef:
> > Still can't fix it. I've checked everything like 20-30 times, I feel 
like crazy.
> > Everything should work fine, but it doesn't. :(

> > 
> > If anyone have an idea about what it can be, please let me know.
> 
> what's you exact code? how [exactly] do you run the code?
> 
> > 
> 


Did you ask me or Nathan? My current code is (modified little bit, 
because Gmane doesn't allow to use lines longer than 80 characters):



error_reporting(E_ALL);
$conn = mysql_connect("localhost:3306", "login", "pass") or die('Could not
connect: ' . mysql_error());
mysql_select_db("geo", $conn);
mysql_query("SET NAMES 'utf8'");


$sql = "SELECT * FROM geo.video_temporary WHERE id = 1";
$trResult = mysql_query($sql, $conn) or die('Query failed: ' . mysql_error());
while ($trInfo = mysql_fetch_assoc($trResult)){
$mainStatus = $trInfo['status'];
}

if($mainStatus == 200){ exit; }


$sql = "SELECT * FROM geo.video_temporary WHERE status = 0";
$trResult = mysql_query($sql, $conn) or die('Query failed: ' . mysql_error());
while ($trInfo = mysql_fetch_assoc($trResult)){
$videoId = $trInfo['id'];
$videoUserid = $trInfo['userid'];
}

$userPath = "/home/re/video/".$videoUserid."/";


$sql = "UPDATE geo.video_temporary SET status = 200 WHERE id = 1";
$trResult = mysql_query($sql, $conn) or die('Query failed: ' . mysql_error());

$sql = "UPDATE geo.video_temporary SET status = 1 WHERE id = ".$videoId;
$trResult = mysql_query($sql, $conn) or die('Query failed: ' . mysql_error());

$inputFile = $userPath.$videoId."temp";
$outputFile = $userPath.$videoId.".flv";
print "input file: ".$inputFile."";
print "output file: ".$outputFile."";

$first = "/usr/local/bin/mencoder -really-quiet -vf scale=448:-3,expand=448:336
-sws 9 -of lavf -ovc lavc -lavcopts
vcodec=flv:vbitrate=250:trell:v4mv:mv0:mbd=2:cbp:aic:cmp=3:subcmp=3:vpass=1

-frames 800 -ofps 24000/1001 -oac mp3lame -lameopts abr:br=64:mode=0
 -channels 1 -srate 22050 -of lavf -lavfopts format=flv -o
 ".$outputFile." /home/re/ff/logo7.avi ".$inputFile;

$second = "/usr/local/bin/mencoder -really-quiet -vf scale=448:-3,expand=448:336
-sws 9 -of lavf -ovc lavc -lavcopts
vcodec=flv:vbitrate=250:trell:v4mv:mv0:mbd=2:cbp:aic:cmp=3:subcmp=3:vpass=2

-frames 800 -ofps 24000/1001 -oac mp3lame -lameopts abr:br=64:mode=0 
-channels 1 -srate 22050 -of lavf -lavfopts format=flv -o
 ".$outputFile." /home/re/ff/logo7.avi ".$inputFile;

print "first: ".$first."";
print "second: ".$second."";

print system("cd /usr/local/bin/");
print system($first);
print system($second);

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Still can't fix it.

[Nathan Nobbe]

On Jan 19, 2008 12:29 PM, Apple <[EMAIL PROTECTED]> wrote:

> I've tried only to run it from browser.
>
> I've just tried to run it from cli and I get error message:
>
> Fatal error: Call to undefined function mysql_connect() in
> /home/re/videoEncode.php on line 3
>

likely that was breaking it from the browser as well.
im surprised you werent seeing that from the browser; you may
have error output suppressed from the webserver context.  just for
testing, from the browser (when you get to that point), you can set
the error output dynamically, like this
ini_set('error_reporting', 'E_ALL');
ini_set('display_errors', 'On');

It seems CLI version doesn't use mysql (non cli PHP compiled with
> mysql built-in).
>
> I will write simplier script without using mysql.
>
> > you can find out what they are on your system by issuing;
> > ls -l `which mencoder`
> >
>
> It outputs:
> -rwxr-xr-x 1 root root 8097152 Jan 13 20:46 /usr/local/bin/mencoder


so it looks like you will be able to invoke the mencoder binary as the
webserver
user.  that can be crossed off the list of problems.
you will also need to ensure the directory where you intend to store the
file you
create is writeable by the web server user as well.

-nathan

Re: [PHP] Re: Still can't fix it.

[Nathan Nobbe]

On Jan 19, 2008 12:34 PM, Apple <[EMAIL PROTECTED]> wrote:

> Jochem Maas  iamjochem.com> writes:
> > what's you exact code? how [exactly] do you run the code?
>
> Did you ask me or Nathan? My current code is (modified little bit,
> because Gmane doesn't allow to use lines longer than 80 characters):


that looks like my bad; i thought you asked that, not jocheem :(

error_reporting(E_ALL);
> $conn = mysql_connect("localhost:3306", "login", "pass") or die('Could not
> connect: ' . mysql_error());
> mysql_select_db("geo", $conn);
> mysql_query("SET NAMES 'utf8'");
>
>
> $sql = "SELECT * FROM geo.video_temporary WHERE id = 1";
> $trResult = mysql_query($sql, $conn) or die('Query failed: ' .
> mysql_error());
> while ($trInfo = mysql_fetch_assoc($trResult)){
>$mainStatus = $trInfo['status'];
> }
>
> if($mainStatus == 200){ exit; }
>
>
> $sql = "SELECT * FROM geo.video_temporary WHERE status = 0";
> $trResult = mysql_query($sql, $conn) or die('Query failed: ' .
> mysql_error());
> while ($trInfo = mysql_fetch_assoc($trResult)){
>$videoId = $trInfo['id'];
>$videoUserid = $trInfo['userid'];
> }
>
> $userPath = "/home/re/video/".$videoUserid."/";
>
>
> $sql = "UPDATE geo.video_temporary SET status = 200 WHERE id = 1";
> $trResult = mysql_query($sql, $conn) or die('Query failed: ' .
> mysql_error());
>
> $sql = "UPDATE geo.video_temporary SET status = 1 WHERE id = ".$videoId;
> $trResult = mysql_query($sql, $conn) or die('Query failed: ' .
> mysql_error());
>
> $inputFile = $userPath.$videoId."temp";
> $outputFile = $userPath.$videoId.".flv";
> print "input file: ".$inputFile."";
> print "output file: ".$outputFile."";
>
> $first = "/usr/local/bin/mencoder -really-quiet -vf
> scale=448:-3,expand=448:336
> -sws 9 -of lavf -ovc lavc -lavcopts
>
> vcodec=flv:vbitrate=250:trell:v4mv:mv0:mbd=2:cbp:aic:cmp=3:subcmp=3:vpass=1
>
> -frames 800 -ofps 24000/1001 -oac mp3lame -lameopts abr:br=64:mode=0
>  -channels 1 -srate 22050 -of lavf -lavfopts format=flv -o
>  ".$outputFile." /home/re/ff/logo7.avi ".$inputFile;
>
> $second = "/usr/local/bin/mencoder -really-quiet -vf
> scale=448:-3,expand=448:336
> -sws 9 -of lavf -ovc lavc -lavcopts
>
> vcodec=flv:vbitrate=250:trell:v4mv:mv0:mbd=2:cbp:aic:cmp=3:subcmp=3:vpass=2
>
> -frames 800 -ofps 24000/1001 -oac mp3lame -lameopts abr:br=64:mode=0
> -channels 1 -srate 22050 -of lavf -lavfopts format=flv -o
>  ".$outputFile." /home/re/ff/logo7.avi ".$inputFile;
>
> print "first: ".$first."";
> print "second: ".$second."";
>
> print system("cd /usr/local/bin/");
> print system($first);
> print system($second);


ya; you should def get a simple version working w/ just mencoder from the
cli.
then get that working from the browser.  then add in the mysql support after
thats finished.

-nathan

Re: [PHP] Expand variable in comparison

[Richard Lynch]

You can cheat like this:

define('DEBUG', 1);

if (DEBUG || $this->var == $preDefinedStringToTestWith)
  return true;
else
  return false;

At some later date, you change the 1 to 0 in the define() statement.

Please tell us WHY you want do what you want to do...

On Fri, January 18, 2008 1:50 pm, Marcus wrote:
> Hi!
>
>
> Is there any way to get the following snippet returning a true?
>
>
> ...
> $this->var = ?
> if ($this->var == $preDefinedStringToTestWith)
>  return true;
> else
>  false;
>
>
>
> The problem:
> I don't know, what $preDefinedStringToTestWith is!
> $this->var can be set to any string.
>
> I tried
> $this->var = "${preDefinedStringToTestWith}"
> but this doesn't get expanded.
>
>
> Thanks for your help,
>
> Marcus.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Daniel Brown]

On Jan 19, 2008 12:30 PM, David Powers <[EMAIL PROTECTED]> wrote:
> Daniel Brown wrote:
> > My pleasure, David but before you start sounding *completely*
> > victimized and pointing the finger, you may want to think about the
> > fact that your email address is already plain text on some of the
> > archive sites --- including MARC.  Just go to Google and type in your
> > address five results with plain text email address posting (and
> > much more when you visit each link).
>
> Yes, and it's obvious how that happens. It's because people, including
> yourself, don't have the courtesy to set up your email or newreader
> program to remove the sender's address from replies.

By removing the email address, it completely defeats the purpose
of post tracking.  That bit may have escaped you from the layout of
the report.

> > However, if it's that big of a deal to you or anyone else, let me
> > know and I'll have the script omit your address from the report.  I'm
> > still going to track the information, including each email address,
> > but I'll remove the addresses of those who may otherwise have nothing
> > to whine about.
>
> This isn't a whine. The reason the PHP lists require a genuine email
> address for posting is to cut back on spam. I managed to keep this
> address spam-free for many years. Not any longer. Your action has not
> helped.

Considering this is the second time it's been (properly) sent out,
I highly doubt, David, that I've contributed to your inbox being
bombarded with SPAM.  Get to the point do you want your address
omitted?

> If you intend to store the email addresses of people using this mailing
> list, there should be a clear statement of privacy policy on the PHP
> site. If there is one, I couldn't find it.

That's because it has nothing to do with the PHP site or project.
It's a private project intended to be of interest to those who post
here.  And you're here as well.

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] avoid server folder reading

[Alain Roger]

Hi,

I would like to know how to avoid (using PHP code) any user to read the
content of my website folder ?
as my website is hosted by and external company, i do not have access to
apache conf file.

thanks a lot,

-- 
Alain

Windows XP SP2
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008

Re: [PHP] avoid server folder reading

[Nathan Nobbe]

On Jan 19, 2008 12:57 PM, Alain Roger <[EMAIL PROTECTED]> wrote:

> Hi,
>
> I would like to know how to avoid (using PHP code) any user to read the
> content of my website folder ?
> as my website is hosted by and external company, i do not have access to
> apache conf file.


you could take the code igniter approach.

have a script, like config.php, that has a constant; anything, like
define('IM_ALIVE',  true);

then, require that all your scripts must have this file included, first
thing.
and at that point you can do something like this:

if(!defined('IM_ALIVE')) { die('no direct access to scripts allowed!'); }

-nathan

Re: [PHP] Re: system command runs application, but application doesn't work correctly

[Nathan Nobbe]

On Jan 19, 2008 12:24 PM, Apple <[EMAIL PROTECTED]> wrote:

> Richard Lynch  l-i-e.com> writes:
>
> > They also won't have your same environment, e.g., home directory $HOME.
> >
> > Check permissions on all files/directories.
> >
> > Use complete pathnames from the root hard drive:
> > /home/apple/path/to/$outputFile
>
> I do that. All permissions (files and directories) are set to 777.
>
> I use complete paths for mencoder, input files and output file.


have you tried a trivial call to mencoder, like i suggested?
it looks like you were passing a lot of parameters to it in the code you
first
posted.  try starting out w/ something simple and get that working before
going
for the full blown finished version.

-nathan

[PHP] Re: system command runs application, but application doesn't work correctly

[Apple7777]

Nathan Nobbe  gmail.com> writes:

> have you tried a trivial call to mencoder, like i suggested?
> it looks like you were passing a lot of parameters to it in the code you
> first
> posted.  try starting out w/ something simple and get that working before
> going
> for the full blown finished version.

Yes, please look at the message above "I'm confused, but it works".

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] I'm confused, but it works

[Apple7777]

Nathan Nobbe  gmail.com> writes:

> if it works there, and not from the browser, id imagine its a permissions
> issue

Ok, I wrote simple script and run it from CLI.

It works. Then I've tried to run simple script from browser, it works too.

Then I thought it's some conflict of MySQL and Mencoder. I've tried to run
original script once again, and IT WORKED.

I feel like crazy, becuase I'm pretty sure I didn't modify anything in last
10-20 minutes. It never worked, now it works. I didn't change script, I didn't
change permissions, I didn't reboot server etc.

What does this happen? Maybe I do not understand something? I'm really afraid it
will stop work at any moment

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] snmp_set_valueretrieval depends on what?

[Richard Lynch]

On Fri, January 18, 2008 5:02 am, Per Jessen wrote:
> Richard Lynch wrote:
>
>> fumble-fingers!
>>
>> http://lxr.php.net/
>
> Do you know if that site is up-to-date and if it includes php
> extensions??  I searched for 'snmp_set_valueretrieval' and got
> nothing,
> yet that function is clearly defined in the SNMP extension. In 4.3.9
> and 5.2.3 (just two versions I happened to have available).

Does seem to be broken, doesn't it?

Keep getting "Search failed"

Oh well.

It's a PHP extension.

This page:
http://lxr.php.net/source/php-src/

has a directory named "ext" which has a directory named "snmp" which
has a file named "snmp.c" which has this link in it:

http://lxr.php.net/source/php-src/ext/snmp/snmp.c#143

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] I'm confused, but it works

[Nathan Nobbe]

On Jan 19, 2008 12:46 PM, Apple <[EMAIL PROTECTED]> wrote:

> Nathan Nobbe  gmail.com> writes:
>
> > if it works there, and not from the browser, id imagine its a
> permissions
> > issue
>
> Ok, I wrote simple script and run it from CLI.
>
> It works. Then I've tried to run simple script from browser, it works too.
>
> Then I thought it's some conflict of MySQL and Mencoder. I've tried to run
> original script once again, and IT WORKED.
>
> I feel like crazy, becuase I'm pretty sure I didn't modify anything in
> last
> 10-20 minutes. It never worked, now it works. I didn't change script, I
> didn't
> change permissions, I didn't reboot server etc.
>
> What does this happen? Maybe I do not understand something? I'm really
> afraid it
> will stop work at any moment


well good to hear its working at any rate.
you may want to split up your main script into a set of functions that
return boolean values.
then you will have a block of code that invokes the functions.
that way you can get some idea where things might be failing.
you should also consider logging these calls to a file, if youre going to
put this in production.
if you log the parameters of the calls and the return values of the calls,
this should help you
isolate what caused a problem when they arise.

-nathan

Re: [PHP] snmp_set_valueretrieval depends on what?

[Richard Lynch]

On Fri, January 18, 2008 5:02 am, Per Jessen wrote:
> Richard Lynch wrote:
>
>> fumble-fingers!
>>
>> http://lxr.php.net/
>
> Do you know if that site is up-to-date and if it includes php
> extensions??  I searched for 'snmp_set_valueretrieval' and got
> nothing,
> yet that function is clearly defined in the SNMP extension. In 4.3.9
> and 5.2.3 (just two versions I happened to have available).

The lxr.php.net search not working has been reported as a bug now, so
you needn't do that. :-)

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

[Jochem Maas]

Alain Roger schreef:

Hi,

I would like to know how to avoid (using PHP code) any user to read the
content of my website folder ?


what exactly are you trying to avoid being read? and in what context?


as my website is hosted by and external company, i do not have access to
apache conf file.


are you able to use .htaccess files?



thanks a lot,



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] New years resolution: To get serious with my programming! Anyone wanna help? :)

[Richard Lynch]

On Thu, January 17, 2008 3:05 pm, Daniel Brown wrote:
> On Jan 17, 2008 4:01 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:
>> And I don't recall the answer, and don't give a [bleep] since it's
>> almost never the bottleneck in an application in the first place...
>
> You swore.  I'm tellin' Mom.

Actally, "Mom" [*] *does* get mad at me even if I just say [bleep]
instead of cursing around her kids :-v

Oh well.

* http://www.l-i-e.com/weilin/snap.jpg

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

[Richard Lynch]

On Sat, January 19, 2008 11:57 am, Alain Roger wrote:
> I would like to know how to avoid (using PHP code) any user to read
> the
> content of my website folder ?
> as my website is hosted by and external company, i do not have access
> to
> apache conf file.

You're not making a lot of sense, really...

I you don't want ANY users to see ANYTHING that's in your folder,
don't have a website. :-)

The whole point of a website IS to show the world a bunch of stuff in
that folder.

So what you really must mean is (probably) one of these:
  hide the contents of some sub-folder
  hide some of things in that folder, but not others
  hide the included files
  hide specific content
  hide content from non-registered users

Pick one and we can answer that, or you can Google for it.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: system command runs application, but application doesn't work correctly

[Richard Lynch]

On Sat, January 19, 2008 11:24 am, Apple wrote:
> Richard Lynch  l-i-e.com> writes:
>
>> They also won't have your same environment, e.g., home directory
>> $HOME.
>>
>> Check permissions on all files/directories.
>>
>> Use complete pathnames from the root hard drive:
>> /home/apple/path/to/$outputFile
>
> I do that. All permissions (files and directories) are set to 777.
>
> I use complete paths for mencoder, input files and output file.

What does this say:
ls -als /usr/bin/mencoder

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

[Alain Roger]

I should be able to setup a .htaccess file.

On Jan 19, 2008 7:17 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:

> Alain Roger schreef:
> > Hi,
> >
> > I would like to know how to avoid (using PHP code) any user to read the
> > content of my website folder ?
>
> what exactly are you trying to avoid being read? and in what context?
>
> > as my website is hosted by and external company, i do not have access to
> > apache conf file.
>
> are you able to use .htaccess files?
>
> >
> > thanks a lot,
> >
>
>


-- 
Alain

Windows XP SP2
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008

Re: [PHP] avoid server folder reading

[Alain Roger]

Sorry if my post was not clear...
in fact i would like to hide the contant of my webfolders and avoid user to
see the index of "folders"... for sure users should be able to browse the
website, but not to see its structure by browsing the index :-)

On Jan 19, 2008 7:41 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:

> On Sat, January 19, 2008 11:57 am, Alain Roger wrote:
> > I would like to know how to avoid (using PHP code) any user to read
> > the
> > content of my website folder ?
> > as my website is hosted by and external company, i do not have access
> > to
> > apache conf file.
>
> You're not making a lot of sense, really...
>
> I you don't want ANY users to see ANYTHING that's in your folder,
> don't have a website. :-)
>
> The whole point of a website IS to show the world a bunch of stuff in
> that folder.
>
> So what you really must mean is (probably) one of these:
>  hide the contents of some sub-folder
>  hide some of things in that folder, but not others
>  hide the included files
>  hide specific content
>  hide content from non-registered users
>
> Pick one and we can answer that, or you can Google for it.
>
> --
> Some people have a "gift" link here.
> Know what I want?
> I want you to buy a CD from some indie artist.
> http://cdbaby.com/from/lynch
> Yeah, I get a buck. So?
>
>


-- 
Alain

Windows XP SP2
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Richard Lynch]

$email = str_replace(array('@', '.'), array(' AT ', ' DOT ', $email);

This will defeat 99.% of spambots, and still be quite usable for
any legitimate purpose.

On Sat, January 19, 2008 12:36 pm, David Powers wrote:
> Daniel Brown wrote:
>> On Jan 19, 2008 12:30 PM, David Powers wrote:
>
>>> Yes, and it's obvious how that happens. It's because people,
>>> including
>>> yourself, don't have the courtesy to set up your email or newreader
>>> program to remove the sender's address from replies.
>>
>> By removing the email address, it completely defeats the purpose
>> of post tracking.  That bit may have escaped you from the layout of
>> the report.
>
> I wasn't referring to that, but to the thoughtless way that you and
> others automatically include the sender's email address in plain text
> every time you respond to a post. Surely it's not too much to ask that
> you set your mail program or newsreader so that it doesn't display the
> address?
>
>> Considering this is the second time it's been (properly) sent
>> out,
>> I highly doubt, David, that I've contributed to your inbox being
>> bombarded with SPAM.  Get to the point do you want your address
>> omitted?
>
> Point 1: Yes, I do want my address removed.
>
> Point 2: My address has been exposed by the thoughtless acts of others
> not setting their mail program/newsreader options correctly. Apart
> from
> the ex-BBC forum (where I have since changed the settings and edited
> the
> relevant post), all Google references to my email address came from
> the
> archives of this list. That's where the spam has probably started. By
> publishing a weekly list of email addresses, you're just making life
> easier for the spam merchants.
>
>>> If you intend to store the email addresses of people using this
>>> mailing
>>> list, there should be a clear statement of privacy policy on the
>>> PHP
>>> site. If there is one, I couldn't find it.
>>
>> That's because it has nothing to do with the PHP site or
>> project.
>> It's a private project intended to be of interest to those who post
>> here.  And you're here as well.
>
> Whoah, hang on a moment. It has everything to do with the PHP site and
> project. It's hosted on the php.net news server. When I subscribed to
> the PHP general mailing list I did not give permission for this. This
> is
> an international list, and what you're doing breaks EU privacy laws,
> and
> possibly those in other countries too. Please remove my name and
> details
> from your system.
>
> --
> David Powers
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

[Nathan Nobbe]

On Jan 19, 2008 1:46 PM, Alain Roger <[EMAIL PROTECTED]> wrote:

> Sorry if my post was not clear...
> in fact i would like to hide the contant of my webfolders and avoid user
> to
> see the index of "folders"... for sure users should be able to browse the
> website, but not to see its structure by browsing the index :-)


then define an index.php file  for each directory that routes the users
appropriately.

-nathan

[PHP] Re: I'm confused, but it works

[Apple7777]

 
> isolate what caused a problem when they arise.
> 
> -nathan
> 


Thanks for advice, I'll do hard test for this script and if it will stop working
I'll do as you just said.

Thank you guys for everything. It's really appreciated.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[David Powers]

Daniel Brown wrote:

On Jan 19, 2008 12:30 PM, David Powers wrote:



Yes, and it's obvious how that happens. It's because people, including
yourself, don't have the courtesy to set up your email or newreader
program to remove the sender's address from replies.


By removing the email address, it completely defeats the purpose
of post tracking.  That bit may have escaped you from the layout of
the report.


I wasn't referring to that, but to the thoughtless way that you and 
others automatically include the sender's email address in plain text 
every time you respond to a post. Surely it's not too much to ask that 
you set your mail program or newsreader so that it doesn't display the 
address?



Considering this is the second time it's been (properly) sent out,
I highly doubt, David, that I've contributed to your inbox being
bombarded with SPAM.  Get to the point do you want your address
omitted?


Point 1: Yes, I do want my address removed.

Point 2: My address has been exposed by the thoughtless acts of others 
not setting their mail program/newsreader options correctly. Apart from 
the ex-BBC forum (where I have since changed the settings and edited the 
relevant post), all Google references to my email address came from the 
archives of this list. That's where the spam has probably started. By 
publishing a weekly list of email addresses, you're just making life 
easier for the spam merchants.



If you intend to store the email addresses of people using this mailing
list, there should be a clear statement of privacy policy on the PHP
site. If there is one, I couldn't find it.


That's because it has nothing to do with the PHP site or project.
It's a private project intended to be of interest to those who post
here.  And you're here as well.


Whoah, hang on a moment. It has everything to do with the PHP site and 
project. It's hosted on the php.net news server. When I subscribed to 
the PHP general mailing list I did not give permission for this. This is 
an international list, and what you're doing breaks EU privacy laws, and 
possibly those in other countries too. Please remove my name and details 
from your system.


--
David Powers

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Stut]

On 19 Jan 2008, at 18:36, David Powers wrote:
Point 2: My address has been exposed by the thoughtless acts of  
others not setting their mail program/newsreader options correctly.  
Apart from the ex-BBC forum (where I have since changed the settings  
and edited the relevant post), all Google references to my email  
address came from the archives of this list. That's where the spam  
has probably started. By publishing a weekly list of email  
addresses, you're just making life easier for the spam merchants.


If you intend to store the email addresses of people using this  
mailing

list, there should be a clear statement of privacy policy on the PHP
site. If there is one, I couldn't find it.

   That's because it has nothing to do with the PHP site or project.
It's a private project intended to be of interest to those who post
here.  And you're here as well.


Whoah, hang on a moment. It has everything to do with the PHP site  
and project. It's hosted on the php.net news server. When I  
subscribed to the PHP general mailing list I did not give permission  
for this. This is an international list, and what you're doing  
breaks EU privacy laws, and possibly those in other countries too.  
Please remove my name and details from your system.


This is a *public* mailing list. By posting an email to it you are  
exposing your email address to an unknown number of people you don't  
know. Any number of those could be spammers collecting email  
addresses, or archivers creating web-based archives over which you  
have no control. If you didn't want your email address to be put into  
the public domain you should not have sent emails to a public mailing  
list, period.


While I agree that Dan should be obfuscating the email addresses  
coming from his script I think your complaints are aimed at the wrong  
person. *You* are to blame for putting your email address out there,  
and I think we'd all appreciate it if you would stop blaming Dan.


I use a Gmail account for all mailing lists for precisely this reason.  
If you were stupid^Wnaive enough to use an  "important" email address  
that's your problem.


And no, I won't remove your address from the recipient list.

-Stut

--
http://stut.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Per Jessen]

David Powers wrote:

> I wasn't referring to that, but to the thoughtless way that you and
> others automatically include the sender's email address in plain text
> every time you respond to a post. Surely it's not too much to ask that
> you set your mail program or newsreader so that it doesn't display the
> address?

I think David is making a good point here.  I've never actually looked
at it myself, but my knode and thunderbird both only use the name of
the sender, not the email-address, when adding the "so-and-so wrote:"
line. 

> By publishing a weekly list of email addresses,
> you're just making life easier for the spam merchants.

I would tend to agree with that.  Besides, the posting stats will loose
nothing if the email-address is removed.

>> That's because it has nothing to do with the PHP site or project.
>> It's a private project intended to be of interest to those who post
>> here.  And you're here as well.
> 
> Whoah, hang on a moment. It has everything to do with the PHP site and
> project. It's hosted on the php.net news server.  

The mailing list yes, but not Daniels statistics.

> When I subscribed to the PHP general mailing list I did not give
> permission for this. This is an international list, and what you're
> doing breaks EU privacy laws, and possibly those in other countries
> too.

Hmm, I'm not so sure about that.  By participating on a public mailing
list, you accept that your postings and your email-address may be
essentially be sent to all and sundry. 


/Per Jessen, Zürich

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Per Jessen]

Nathan Nobbe wrote:

> On Jan 19, 2008 1:47 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:
> 
[snip]
> regarding configuring mail clients to omit the senders address in the
> reply, well, this is one of those things that you just cant expect
> every user to do. 

Not even you?  (see above)


/Per Jessen, Zürich

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Daniel Brown]

On Jan 19, 2008 1:36 PM, David Powers <[EMAIL PROTECTED]> wrote:
> Daniel Brown wrote:
> > On Jan 19, 2008 12:30 PM, David Powers wrote:
>
> >> Yes, and it's obvious how that happens. It's because people, including
> >> yourself, don't have the courtesy to set up your email or newreader
> >> program to remove the sender's address from replies.
> >
> > By removing the email address, it completely defeats the purpose
> > of post tracking.  That bit may have escaped you from the layout of
> > the report.
>
> I wasn't referring to that, but to the thoughtless way that you and
> others automatically include the sender's email address in plain text
> every time you respond to a post. Surely it's not too much to ask that
> you set your mail program or newsreader so that it doesn't display the
> address?

You may never heard of Gmail or any other hosted email clients
that don't offer this as an option.  Apparently not everyone
subscribes to the same level of paranoia.

> > Considering this is the second time it's been (properly) sent out,
> > I highly doubt, David, that I've contributed to your inbox being
> > bombarded with SPAM.  Get to the point do you want your address
> > omitted?
>
> Point 1: Yes, I do want my address removed.

Consider it very gladly done.

> Point 2: My address has been exposed by the thoughtless acts of others
> not setting their mail program/newsreader options correctly. Apart from
> the ex-BBC forum (where I have since changed the settings and edited the
> relevant post), all Google references to my email address came from the
> archives of this list. That's where the spam has probably started. By
> publishing a weekly list of email addresses, you're just making life
> easier for the spam merchants.

Poor you.  You may wish to try smoke signals.  If you don't want
people to see your email address, don't use email.  I'm not saying
that SPAM is a welcome thing, by any means, but I find it extremely
ludicrous to expect others to go through messages to remove your email
address.  Try changing your Reply-To header (or whatever other headers
you can change in your client) to rewrite your email address.  You'll
notice some people have it set to send their address as
[EMAIL PROTECTED] or the like.

> >> If you intend to store the email addresses of people using this mailing
> >> list, there should be a clear statement of privacy policy on the PHP
> >> site. If there is one, I couldn't find it.
> >
> > That's because it has nothing to do with the PHP site or project.
> > It's a private project intended to be of interest to those who post
> > here.  And you're here as well.
>
> Whoah, hang on a moment. It has everything to do with the PHP site and
> project. It's hosted on the php.net news server. When I subscribed to
> the PHP general mailing list I did not give permission for this. This is
> an international list, and what you're doing breaks EU privacy laws, and
> possibly those in other countries too. Please remove my name and details
> from your system.

First of all, before you dare bring the PHP site or project into
your field of vision and blame, get your facts straight.  The
PostTrack/ListWatch scripts are not hosted on any servers in any way
associated with the PHP project.  The mailing list is hosted there,
yes but that's not what we're talking about here.

Secondly, before you attempt to cite EU privacy law violations
against someone who has actually studied them to remain in compliance,
and doesn't just feel well-educated on the subject because he resides
in the UK, understand that I am within compliance even in this case.
Your name and email address is considered "personal information" as
identified by the Information Commissioner's Office (the body
responsible for your jurisdiction).  However, when subscribing to the
list, aside from common and public knowledge, you were made aware of
the public availability of your personal information on external
archives, to other subscribers, et cetera, upon posting a message to
the list.  My offer and action to remove your information from the
public report stands as a valid and legal method for protecting your
privacy.

Finally, I don't want you to think that I'm personally-attacking
you in the same way you did to me, because I understand your concerns,
no matter how groundless further arguments may be.  I don't hold that
part against you in any way, shape, or form.  As such, I've made
amendments to the system to remove your information from all future
reports (provided you don't change your email address), and hopefully
we can cease this discussion, because it's obviously detracting from
productive discussion.

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Nathan Nobbe]

On Jan 19, 2008 1:47 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:

> $email = str_replace(array('@', '.'), array(' AT ', ' DOT ', $email);
>
> This will defeat 99.% of spambots, and still be quite usable for
> any legitimate purpose.


this is a great idea; and its the same concept employed for posts to
user submitted messages on the php website.

regarding configuring mail clients to omit the senders address in the
reply, well, this is one of those things that you just cant expect every
user to do.  its in the same vein as the topic dan started about the
whole [SOLVED] thing.  you really cant enforce anything, since some
people dont care, and new people are signing up every day.  obviously,
there can be recommendations, but in accordance wich the basic
premise of the web, if you dont want to run the risk, then dont participate.
its really that simple.

-nathan

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Daniel Brown]

On Jan 19, 2008 1:47 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:
> $email = str_replace(array('@', '.'), array(' AT ', ' DOT ', $email);
>
> This will defeat 99.% of spambots, and still be quite usable for
> any legitimate purpose.

Yes, actually, I've already incorporated something like that into
the code.  I have no problem omitting people's information from the
reports if they ask, or protecting the data (so long as it's still
readable) through obfuscation.  It's more a matter of the manner in
which I was approached by a list member.

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

[Jochem Maas]

Nathan Nobbe schreef:

On Jan 19, 2008 1:46 PM, Alain Roger <[EMAIL PROTECTED]> wrote:


Sorry if my post was not clear...
in fact i would like to hide the contant of my webfolders and avoid user
to
see the index of "folders"... for sure users should be able to browse the
website, but not to see its structure by browsing the index :-)



then define an index.php file  for each directory that routes the users
appropriately.


or alternatively use that .htaccess to deny apache index listings.

that said if your site is well setup everything in the document root should
be neatly accessible and it shouldn't really matter how someone accesses it.

all [php] files you include can live happily outside of the webroot,in cases
where this is not feasable (e.g. hosts that use the homedir as the webroot)
you can use a simple .htaccess containing 'Deny From All' in a directory that
stores all your include files.



-nathan



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] password hashing and crypt()

[Nathan Nobbe]

hi all,

recently ive been debating a bit about the use of the crypt() function and
the best practice thereof, im hoping you can help to clarify this for me.

so, the crypt function
http://www.php.net/manual/en/function.crypt.php
has a second parameter, $salt, which, if not supplied will be automatically
generated and presumably become a prefix or suffix of the returned string.

now, the article on the phpsec website
http://phpsec.org/articles/2005/password-hashing.html
recommends to externally create a salt and to store that in a separate field
in the database, which would then be used for subsequent password
verification.

theoretically, however, if the password is generated without a user supplied
salt,
there is a salt already embedded in the password anyway.

so, i have the following questions

   1. is the phpsec technique bloated or unnecessary
   2. is it better to create a user supplied salt, and why or why not
   3. is crypt() 'intended' to be used w/o a user provided salt, since it
   is a stable algorithm

any other direction or hints you can supply are much appreciated.

thanks,

-nathan

Re: [PHP] avoid server folder reading

[Nathan Nobbe]

On Jan 19, 2008 3:08 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:

> or alternatively use that .htaccess to deny apache index listings.


i of course use .htaccess, but OP was asking for a php based solution, so
thats what i supplied, thats all.

-nathan

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Nathan Nobbe]

On Jan 19, 2008 2:06 PM, Per Jessen <[EMAIL PROTECTED]> wrote:

> Nathan Nobbe wrote:
>
> > On Jan 19, 2008 1:47 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:
> >
> [snip]
> > regarding configuring mail clients to omit the senders address in the
> > reply, well, this is one of those things that you just cant expect
> > every user to do.
>
> Not even you?  (see above)


i didnt see the option in gmail; but if you know where it is or how to set
it up in gmail, i will happily take the 2 seconds to enable it.

-nathan

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[David Powers]

Daniel Brown wrote:

Finally, I don't want you to think that I'm personally-attacking
you in the same way you did to me


Sorry, Dan, you just don't get it, do you? You published the name and 
email address of every single person who contributed to this mailing 
list in the past week. I didn't give you permission to publish my 
details, and I'm pretty sure the same goes for just about everyone else. 
Instead of apologizing to everyone here, you have sought to ridicule my 
position.


--
David Powers

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Daniel Brown]

On Jan 19, 2008 5:25 PM, David Powers <[EMAIL PROTECTED]> wrote:
> Daniel Brown wrote:
> > Finally, I don't want you to think that I'm personally-attacking
> > you in the same way you did to me
>
> Sorry, Dan, you just don't get it, do you? You published the name and
> email address of every single person who contributed to this mailing
> list in the past week. I didn't give you permission to publish my
> details, and I'm pretty sure the same goes for just about everyone else.
> Instead of apologizing to everyone here, you have sought to ridicule my
> position.

Notice, if you will and are able, that all other posts to this
thread are responses of interest, not the ramblings of a crybaby.  I
told you I would remove you from future reports, and I have.  I don't
know exactly who you think you are to crusade and demand my apologies
to "everyone here" when not only have I done nothing wrong, but I've
created something that is useful and stimulating to those who Actually
Matter[TM].  Thankfully, I don't feel as though I either have to
justify myself to you, or continue speaking with you about it.  So
with that





-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[David Powers]

Daniel Brown wrote:

Notice, if you will and are able, that all other posts to this
thread are responses of interest, not the ramblings of a crybaby.


I have also noticed that many of the responses come from #1 Rated 
"Year's Coolest Guy" By Self. A little humility might be in order.



I done nothing wrong, but I've
created something that is useful and stimulating to those who Actually
Matter[TM].


Just to remind everyone what this useful and stimulating exercise was 
for, in your own words, it was 'For bragging rights, to keep track of 
how much time you've spent doing "community service" or whatever else.'


By publishing everyone's email address, you screwed up, but don't have 
the decency to admit it. And at no time have I stooped to calling you names.


__
David Powers

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Jochem Maas]

David Powers schreef:

Daniel Brown wrote:

Finally, I don't want you to think that I'm personally-attacking
you in the same way you did to me


Sorry, Dan, you just don't get it, do you? 


good mantra - please repeat to yourself 20 times every morning whilst
you brush your teeth. actually I might do that might self, I'm sure I don't
get 'it' either most days and besides it has something strangely zen about it

there is an adage along the lines of "we tend to accuse others of things
we despise most in ourselves" ... I know I'm guilty of that on many an occasion.
how about you?

if I am correct you are or were a journalist. forgive if I have mistaken you
for another, but if that is correct then how often have you trodden on someone's
privacy for the sake of a story? it's just a thought not an accusation. but 
hopefully
you get the gist that maybe things are not so cut and dried as we sometimes 
like to think?

You published the name and 
email address of every single person who contributed to this mailing 
list in the past week. I didn't give you permission to publish my 
details


you already did that by posting so the info is already in the public domain and
as Dan pointed out he's not actually in violation of anything - having
explained to you the actually status quo with regard to british/european
privacy law.

, and I'm pretty sure the same goes for just about everyone else. 


he doesn't need my permission. but if he did he just got it, and that
probably goes for most other people on this list. I have a feeling you pretty
much on your own here.

Instead of apologizing to everyone here, you have sought to ridicule my 
position.


oh you did a pretty good job of that all by yourself from where I'm standing ;-)

why not get over it and join the club instead of knocking it?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[David Powers]

Jochem Maas wrote:
if I am correct you are or were a journalist. forgive if I have mistaken 
you
for another, but if that is correct then how often have you trodden on 
someone's

privacy for the sake of a story?


Yes, I was a journalist for some 30 years, but roughly two-thirds of 
that time was spent in an editorial capacity, not on the road. I cannot 
honestly remember an occasion on which I infringed someone's privacy for 
the sake of a story. The privacy guidelines that applied to my job are 
publicly available online:


http://www.bbc.co.uk/guidelines/editorialguidelines/edguide/privacy/consent.shtml


as Dan pointed out he's not actually in violation of anything


That's Dan's interpretation.


why not get over it and join the club instead of knocking it?


All that was necessary was for Dan to acknowledge that he'd made a 
mistake publishing a list of everyone's email address in plain text. It 
was wholly unnecessary for the purpose of creating a chart of the most 
prolific posters. Counting the number of posts is pretty meaningless 
anyway. It says nothing about the usefulness of those posts.


I rarely post here, not for any negative reasons, but because I can see 
there are plenty of knowledgeable people here giving a lot of valuable 
help to others. So I spend my time contributing to other forums where 
PHP expertise is thin on the ground.


If treating someone's complaint with contempt, even if you don't agree 
with the substance of it, is the way this "club" works, it's not one 
that I feel comfortable joining.


--
David Powers

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Jochem Maas]

David Powers schreef:

Jochem Maas wrote:
if I am correct you are or were a journalist. forgive if I have 
mistaken you
for another, but if that is correct then how often have you trodden on 
someone's

privacy for the sake of a story?


Yes, I was a journalist for some 30 years, but roughly two-thirds of 
that time was spent in an editorial capacity, not on the road. 


I can't quite see what difference that makes. you wrote something, you edited 
something,
you allowed something through - whats the difference for the current point 
being discussed?

I cannot 
honestly remember an occasion on which I infringed someone's privacy for 
the sake of a story. 


even if that's your honest opinion there might be someone who thought 
differently
at some stage when they were affected by something you produced, no?

The privacy guidelines that applied to my job are 
publicly available online:


http://www.bbc.co.uk/guidelines/editorialguidelines/edguide/privacy/consent.shtml 



it's quite possible to follow the letter of law whilst raping it's spirit.




as Dan pointed out he's not actually in violation of anything


That's Dan's interpretation.


isn't interpretation all we have? (not forgetting php is interpreted ;-))




why not get over it and join the club instead of knocking it?


All that was necessary was for Dan to acknowledge that he'd made a 
mistake publishing a list of everyone's email address in plain text. It 
was wholly unnecessary for the purpose of creating a chart of the most 
prolific posters. Counting the number of posts is pretty meaningless 
anyway. It says nothing about the usefulness of those posts.

>
I rarely post here, not for any negative reasons, but because I can see 
there are plenty of knowledgeable people here giving a lot of valuable 
help to others. So I spend my time contributing to other forums where 
PHP expertise is thin on the ground.


I'm of the opinion that this kind of knowledge should be concentrated in as
few places as possible, thereby offering newbies a bigger and juicier target
to aim their questions at. just a thought.



If treating someone's complaint with contempt, even if you don't agree 
with the substance of it, is the way this "club" works, it's not one 
that I feel comfortable joining.


you create the world you live in, if your confronted with contempt (in your
perception) then in the end that is wholly your doing. you can't force Dan or
anyone else to do/respond in any given way (i.e. a way you see as correct) so
it's futile - I am certain that had you approached with your grievance in a
different manner then you would have gotten a completely different result, 
namely
the one you desired. this is in your hands, not anyone elses. this applies
to everything not just Dan or this mailing list.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] password hashing and crypt()

[Jochem Maas]

Nathan Nobbe schreef:

hi all,

recently ive been debating a bit about the use of the crypt() function and
the best practice thereof, im hoping you can help to clarify this for me.

so, the crypt function
http://www.php.net/manual/en/function.crypt.php
has a second parameter, $salt, which, if not supplied will be automatically
generated and presumably become a prefix or suffix of the returned string.

now, the article on the phpsec website
http://phpsec.org/articles/2005/password-hashing.html
recommends to externally create a salt and to store that in a separate field
in the database, which would then be used for subsequent password
verification.

theoretically, however, if the password is generated without a user supplied
salt,
there is a salt already embedded in the password anyway.

so, i have the following questions

   1. is the phpsec technique bloated or unnecessary


I can't see a dictionary attack being thwarted by the salt given that the salt
is made available when a password is checked. I'm struggling to see how a salt
will help if it's made available. but it's late, may be better brain can 
enlighten us :-)

then again your question is a little skewed due to the fact that sha1() is
used in the phpsec article and your talking about crypt - which encryption is
better as it stands is the first question to ask no? AFAIK sha1() is
recommended over DES but maybe I'm misinformed.


   2. is it better to create a user supplied salt, and why or why not
   3. is crypt() 'intended' to be used w/o a user provided salt, since it
   is a stable algorithm


depends on the use - i.e. using it inconjunction with a .htpasswd file
will required no salt (auto-generated salt), other usage recommends using
an explicit salt.

all this salt is hurting my eyes - I have a blind spot.



any other direction or hints you can supply are much appreciated.

thanks,

-nathan



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Andrés Robinet]

> -Original Message-
> From: David Powers [mailto:[EMAIL PROTECTED]
> Sent: Saturday, January 19, 2008 10:22 PM
> To: php-general@lists.php.net
> Subject: Re: [PHP] Re: Posting Summary for Week Ending 18 January,
> 2008: php-general@lists.php.net
> 
> Jochem Maas wrote:
> > if I am correct you are or were a journalist. forgive if I have
> mistaken
> > you
> > for another, but if that is correct then how often have you trodden
> on
> > someone's
> > privacy for the sake of a story?
> 
> Yes, I was a journalist for some 30 years, but roughly two-thirds of
> that time was spent in an editorial capacity, not on the road. I cannot
> honestly remember an occasion on which I infringed someone's privacy
> for
> the sake of a story. The privacy guidelines that applied to my job are
> publicly available online:
> 
> http://www.bbc.co.uk/guidelines/editorialguidelines/edguide/privacy/con
> sent.shtml
> 
> > as Dan pointed out he's not actually in violation of anything
> 
> That's Dan's interpretation.
> 
> > why not get over it and join the club instead of knocking it?
> 
> All that was necessary was for Dan to acknowledge that he'd made a
> mistake publishing a list of everyone's email address in plain text. It
> was wholly unnecessary for the purpose of creating a chart of the most
> prolific posters. Counting the number of posts is pretty meaningless
> anyway. It says nothing about the usefulness of those posts.
> 
> I rarely post here, not for any negative reasons, but because I can see
> there are plenty of knowledgeable people here giving a lot of valuable
> help to others. So I spend my time contributing to other forums where
> PHP expertise is thin on the ground.
> 
> If treating someone's complaint with contempt, even if you don't agree
> with the substance of it, is the way this "club" works, it's not one
> that I feel comfortable joining.
> 
> --
> David Powers
> 
> --

I have some thoughts, I just hope you (all) don't start hunting for me. But if 
you do, well, do it:

1 - I do believe the posting summary adds nothing to this list. But I don't 
care about it either. I think this is all about "karma" and as such, "who has 
the biggest dick". We could argue for hours about this, and I know some of you 
will find the stats valuable (specially to show your boss how "karmatic" you 
are, or to show your boss how much time one of your partners spends instead of 
doing his job, lol).

2 - I don't have anything against my name and email being published in the 
stats (sure, I'd like support for the "é" character on my name :)). I don't 
care about spam either, we all get spam anyway, and that's why we have RBLs in 
our mail server and the MS Outlook junk folder. Moreover, if I was a spammer, I 
would also search for mailto: patterns like agrobinet+at+bestplace+dot+biz, so 
I think I'd get mangled email addresses anyway.

3 - I don't like the attitude of both Dan and David. IMHO, David thinks the 
issue is more severe than it is, and Dan just won't recognize that mangling 
email addresses is kind of a (arguably also) "standard practice". No public 
apologize is needed, but maybe "Yeah, I just didn't consider that" would be 
enough.

4 - I have two phrases I like very much, one of them is "one fault does not 
cover another" and the other one is "Hakuna Matata" (yes, I saw the lion king 
baby! lol).

Just one more thing, about...

> If treating someone's complaint with contempt, even if you don't agree
> with the substance of it, is the way this "club" works, it's not one
> that I feel comfortable joining.

... well, that's because you didn't taste the internals list yet, lol.

Regards,

Rob

Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308 | 
TEL 954-607-4207 | FAX 954-337-2695
Email: [EMAIL PROTECTED]  | MSN Chat: [EMAIL PROTECTED]  |  SKYPE: bestplace |  
Web: http://www.bestplace.biz | Web: http://www.seo-diy.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

[Jochem Maas]

Nathan Nobbe schreef:
On Jan 19, 2008 3:08 PM, Jochem Maas <[EMAIL PROTECTED] 
> wrote:


or alternatively use that .htaccess to deny apache index listings.


i of course use .htaccess, but OP was asking for a php based solution, so
thats what i supplied, thats all.


my reply was to the OP, not you as such, given that your also answering his 
question,
sorry for the misunderstanding.

that said I have found it's often a worthy exercise to poke/prod the OP as
to what they are really trying to achieve rather than blindly assume that what
they are asking is what they really want - this is quite often not the case - I 
think
you;ll agree :-)



-nathan



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Wolf]

David Powers wrote:

Daniel Brown wrote:

Notice, if you will and are able, that all other posts to this
thread are responses of interest, not the ramblings of a crybaby.


I have also noticed that many of the responses come from #1 Rated 
"Year's Coolest Guy" By Self. A little humility might be in order.


Humbleness DOES normally come with age sometimes, but one would assume 
that with your advanced years that you might look at things differently. 
 That being said, while I'm sure Dan believes he's the "Year's Coolest 
Guy", there are some out there who think otherwise.  To each their own 
as is their right.  We DO live in a democracy with the right of free 
thought and speech, as a journalist should well know.  Perhaps during 
your editorial years you missed editing all the privacy laws and such 
concerning public domain.  From the news reports *I* keep seeing, the 
use of "public" sources and gathering of "public" information seems more 
about how much the "public" can be stretched for the raping of 
information to tweak the story to their own designs instead of going 
after the whole truth.  Gotta love one-sided reporting...  But I digress...





I done nothing wrong, but I've
created something that is useful and stimulating to those who Actually
Matter[TM].


Just to remind everyone what this useful and stimulating exercise was 
for, in your own words, it was 'For bragging rights, to keep track of 
how much time you've spent doing "community service" or whatever else.'


By publishing everyone's email address, you screwed up, but don't have 
the decency to admit it. And at no time have I stooped to calling you 
names.


Following the posts, I do believe Dan is going to mangle the email 
addresses.  Heck, he can omit them to just the "name" of the poster if 
he wants, won't bother me but then I don't have an á or é in my name 
that's still getting fudged...


But that is all besides the point.  YOU posted to the list, thereby 
doing so with an email address which you have PUBLICLY posted.  That you 
are not happy with the list coming out means that you failed to pay 
attention to this list for the last couple of weeks when 1) Dan's script 
blew up and 2) last week when Richard wasn't even showing on the list.


My suggestion would be to increase your spam blocking mechanism(s) such 
as Thunderbird's spam learning feature or your ISP's filtering or even 
running your email through your own Linux server and using clamAV and 
SpamAssassin to clean your email before popping it off to your local 
machine.


Either way, your problem was your own making.  Now, you could apologize 
to the list and Dan for blowing things out of proportion, which would 
show some humility, but you're pretty much the only one here complaining 
about your email address being posted by some one else after you have 
already done so.


Wolf

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Daniel Brown]

On Jan 19, 2008 8:15 PM, Andrés Robinet <[EMAIL PROTECTED]> wrote:
> 2 - I don't have anything against my name and email being published in the 
> stats (sure, I'd like support for the "é" character on my name :)). I don't 
> care about spam either, we all get spam anyway, and that's why we have RBLs 
> in our mail server and the MS Outlook junk folder. Moreover, if I was a 
> spammer, I would also search for mailto: patterns like 
> agrobinet+at+bestplace+dot+biz, so I think I'd get mangled email addresses 
> anyway.

I am adding support for non-English characters (I think I
mentioned it this morning or last night).  Something I had forgotten
about until you and Zoltan Nemeth brought it up.  I'm unintentionally
closed-minded about that stuff sometimes, having the name Dan Brown.

> 3 - I don't like the attitude of both Dan and David. IMHO, David thinks the 
> issue is more severe than it is, and Dan just won't recognize that mangling 
> email addresses is kind of a (arguably also) "standard practice". No public 
> apologize is needed, but maybe "Yeah, I just didn't consider that" would be 
> enough.

Actually, I did say that.  It was a rather embarrassing oversight
on my part, and I updated the scripts as soon as it was pointed out to
me (by Richard Lynch, if memory serves correctly).  To be honest, it
wouldn't make any difference really, because the moment we click the
"send" button to this - or nearly any other active list - we are
likely having our addresses broadcast to SPAM catch-all addresses
piping our email addresses into a database, as well as listing them
(plain-text) in the archives.  Still, it is standard practice, and I
had forgotten to make it so in the script.

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Daniel Brown]

On Jan 19, 2008 8:55 PM, Wolf <[EMAIL PROTECTED]> wrote:
> David Powers wrote:
> > Daniel Brown wrote:
> >> Notice, if you will and are able, that all other posts to this
> >> thread are responses of interest, not the ramblings of a crybaby.
> >
> > I have also noticed that many of the responses come from #1 Rated
> > "Year's Coolest Guy" By Self. A little humility might be in order.
>
> Humbleness DOES normally come with age sometimes, but one would assume
> that with your advanced years that you might look at things differently.

It's on there as a joke, not out of lack of humility.  I always
have stupid little phrases in my signature lines.  This one was
actually meant to be a self-bashing line meaning, "I'm the only one
who thinks I'm cool."

>   That being said, while I'm sure Dan believes he's the "Year's Coolest
> Guy", there are some out there who think otherwise.

Dude there are A LOT of them

-- 


Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since
Nineteen-Seventy-[mumble].

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Wolf]

Daniel Brown wrote:

On Jan 19, 2008 8:55 PM, Wolf <[EMAIL PROTECTED]> wrote:

David Powers wrote:

Daniel Brown wrote:

Notice, if you will and are able, that all other posts to this
thread are responses of interest, not the ramblings of a crybaby.

I have also noticed that many of the responses come from #1 Rated
"Year's Coolest Guy" By Self. A little humility might be in order.

Humbleness DOES normally come with age sometimes, but one would assume
that with your advanced years that you might look at things differently.


It's on there as a joke, not out of lack of humility.  I always
have stupid little phrases in my signature lines.  This one was
actually meant to be a self-bashing line meaning, "I'm the only one
who thinks I'm cool."


Yeah, finding a random-quote adder for Thunderbird is NOT easy, even for 
a windoze system.  I used to have one with Outlook when I was forced to 
use it.  :/


But I think you're an OK kinda guy, but we'll have to see if Richard 
invites us to sit with the cool kids next time.  ;)





  That being said, while I'm sure Dan believes he's the "Year's Coolest
Guy", there are some out there who think otherwise.


Dude there are A LOT of them


Well I wasn't gonna go there...  ;)

Maybe I'm the only one who finds it interesting that jpni.co.uk is an 
empty apache setup that will only show a "This account is suspended" 
page when you go look at it.


And this little gem that David posted a while ago:
"With regard to the argument about free flow of information, all the
information in my books is freely available on the internet. However,
the value to most readers is that I have pulled together that
information, tested it, and presented it in a form that, hopefully,
makes it easier for beginners and intermediate developers to understand."

Now, while Dan hasn't posted his source code for the beginners and 
intermediates to cull through (maybe there are some other list admins of 
something productive like a good amateur porn site) that would like to 
use the same gathering tactics, he has used the free flow of information 
that is freely available on the internet to produce the posting summary.


Just some food for thought...

Wolf

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] password hashing and crypt()

[Eric Butera]

On Jan 19, 2008 8:02 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:
> Nathan Nobbe schreef:
> > hi all,
> >
> > recently ive been debating a bit about the use of the crypt() function and
> > the best practice thereof, im hoping you can help to clarify this for me.
> >
> > so, the crypt function
> > http://www.php.net/manual/en/function.crypt.php
> > has a second parameter, $salt, which, if not supplied will be automatically
> > generated and presumably become a prefix or suffix of the returned string.
> >
> > now, the article on the phpsec website
> > http://phpsec.org/articles/2005/password-hashing.html
> > recommends to externally create a salt and to store that in a separate field
> > in the database, which would then be used for subsequent password
> > verification.
> >
> > theoretically, however, if the password is generated without a user supplied
> > salt,
> > there is a salt already embedded in the password anyway.
> >
> > so, i have the following questions
> >
> >1. is the phpsec technique bloated or unnecessary
>
> I can't see a dictionary attack being thwarted by the salt given that the salt
> is made available when a password is checked. I'm struggling to see how a salt
> will help if it's made available. but it's late, may be better brain can 
> enlighten us :-)
>
> then again your question is a little skewed due to the fact that sha1() is
> used in the phpsec article and your talking about crypt - which encryption is
> better as it stands is the first question to ask no? AFAIK sha1() is
> recommended over DES but maybe I'm misinformed.
>
> >2. is it better to create a user supplied salt, and why or why not
> >3. is crypt() 'intended' to be used w/o a user provided salt, since it
> >is a stable algorithm
>
> depends on the use - i.e. using it inconjunction with a .htpasswd file
> will required no salt (auto-generated salt), other usage recommends using
> an explicit salt.
>
> all this salt is hurting my eyes - I have a blind spot.
>
>
> >
> > any other direction or hints you can supply are much appreciated.
> >
> > thanks,
> >
> > -nathan
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

They say sha1 has been compromised.
http://en.wikipedia.org/wiki/SHA_hash_functions

I always make sure that I use a site specific salt which is just
appended on the user supplied value.  I started doing that when I read
that people had created huge databases of hashed values that they can
just search on.  At least this way no matter what the password isn't a
dictionary word.  As for if that really adds value in the end I can't
say as I'm not really a security expert.

Eg. hash('sha256', $input.$salt);

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Ashley M. Kirchner]

   Well, at least we know which subject will make it to the top next 
week


--
H | It's not a bug - it's an undocumented feature.
 +
 Ashley M. Kirchner    .   303.442.6410 x130
 IT Director / SysAdmin / Websmith . 800.441.3873 x130
 Photo Craft Imaging   . 3550 Arapahoe Ave. #6
 http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A. 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

[Nathan Nobbe]

On Jan 19, 2008 7:50 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:

> my reply was to the OP, not you as such, given that your also answering
> his question,
> sorry for the misunderstanding.

i think half the time i get confused myself; like this morning when you said
show us your
exact code, to the OP of the thread, and i was like; 'i just posted my exact
code' :)


> that said I have found it's often a worthy exercise to poke/prod the OP as
> to what they are really trying to achieve rather than blindly assume that
> what
> they are asking is what they really want - this is quite often not the
> case - I think
> you;ll agree :-)


such was the case w/ the thread where tedd asked about embedding   in
the name
attribute of a input tag of type submit.
everybody was going on about how to handle it on the server side and i was
like, just
end it w/ a little css.  so yeah, i def agree.

-nathan

Re: [PHP] Re: Posting Summary for Week Ending 18 January, 2008: php-general@lists.php.net

[Nathan Nobbe]

On Jan 19, 2008 9:25 PM, Ashley M. Kirchner <[EMAIL PROTECTED]> wrote:

>
>Well, at least we know which subject will make it to the top next
> week


nice; say, dan, here comes another feature request; can we see the top
thread
(or 3 :)) as well ?

-nathan

RE: [PHP] password hashing and crypt()

[Andrés Robinet]

> -Original Message-
> From: Eric Butera [mailto:[EMAIL PROTECTED]
> Sent: Sunday, January 20, 2008 12:24 AM
> To: Jochem Maas
> Cc: Nathan Nobbe; PHP General List
> Subject: Re: [PHP] password hashing and crypt()
> 
> On Jan 19, 2008 8:02 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:
> > Nathan Nobbe schreef:
> > > hi all,
> > >
> > > recently ive been debating a bit about the use of the crypt()
> function and
> > > the best practice thereof, im hoping you can help to clarify this
> for me.
> > >
> > > so, the crypt function
> > > http://www.php.net/manual/en/function.crypt.php
> > > has a second parameter, $salt, which, if not supplied will be
> automatically
> > > generated and presumably become a prefix or suffix of the returned
> string.
> > >
> > > now, the article on the phpsec website
> > > http://phpsec.org/articles/2005/password-hashing.html
> > > recommends to externally create a salt and to store that in a
> separate field
> > > in the database, which would then be used for subsequent password
> > > verification.
> > >
> > > theoretically, however, if the password is generated without a user
> supplied
> > > salt,
> > > there is a salt already embedded in the password anyway.
> > >
> > > so, i have the following questions
> > >
> > >1. is the phpsec technique bloated or unnecessary
> >
> > I can't see a dictionary attack being thwarted by the salt given that
> the salt
> > is made available when a password is checked. I'm struggling to see
> how a salt
> > will help if it's made available. but it's late, may be better brain
> can enlighten us :-)
> >
> > then again your question is a little skewed due to the fact that
> sha1() is
> > used in the phpsec article and your talking about crypt - which
> encryption is
> > better as it stands is the first question to ask no? AFAIK sha1() is
> > recommended over DES but maybe I'm misinformed.
> >
> > >2. is it better to create a user supplied salt, and why or why
> not
> > >3. is crypt() 'intended' to be used w/o a user provided salt,
> since it
> > >is a stable algorithm
> >
> > depends on the use - i.e. using it inconjunction with a .htpasswd
> file
> > will required no salt (auto-generated salt), other usage recommends
> using
> > an explicit salt.
> >
> > all this salt is hurting my eyes - I have a blind spot.
> >
> >
> > >
> > > any other direction or hints you can supply are much appreciated.
> > >
> > > thanks,
> > >
> > > -nathan
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> 
> They say sha1 has been compromised.
> http://en.wikipedia.org/wiki/SHA_hash_functions
> 
> I always make sure that I use a site specific salt which is just
> appended on the user supplied value.  I started doing that when I read
> that people had created huge databases of hashed values that they can
> just search on.  At least this way no matter what the password isn't a
> dictionary word.  As for if that really adds value in the end I can't
> say as I'm not really a security expert.
> 
> Eg. hash('sha256', $input.$salt);
> 
> --

Let me share what I've read in a cryptography book some time ago. I hope to
remember it well, but for me it served as an explanation about what the
"SALT" is all about (for those of you who don't have a clue, like me). I
will put aside any cryptographic considerations like the strength of the
algorithms or steganography analysis. 

Let's build a scenario (yeah, I was kind of a teacher in the past, lol). For
the sake of simplicity, let's assume the following:

1 - You have a database (actually, a table) of 10 rows with user encrypted
passwords, and somebody (the cracker) had made it to sniff in and get access
to it. Let's assume passwords are encrypted using MD5 and the cracker knows
it.
2 - No other data has been compromised, or no other compromised data means
anything to the cracker. He only wants to reverse engineer your passwords,
meaning by that "to get valid passwords that match the encrypted (hashed is
the word) ones". Let's say that having those passwords, the cracker can
login to your system and do some interesting stuff, which is the only
ultimate goal of his.
3 - The cracker has a dictionary of 100 words to try, he hopes to find a
match within that dataset. Whether he finds one or more passwords using the
dictionary is not relevant to this scenario, but the metric here is how much
computational effort he has to make to reverse engineer the encryption.

Now, what would the cracker have to do to get one or more valid passwords?
Probably something like:

1 - Apply the MD5 function to the words in the dictionary. He gets a "hashed
dictionary" which probably he has already built long a go (for doing some
other "obscure task").
2 - Compare each of the values in the hashed dictionary to the passwords
table to find matches.

Step 2 can be optimized in several ways, but I'll not get deeper into it (I
won't either give you O[X] values, a

Re: [PHP] password hashing and crypt()

[Nathan Nobbe]

thanks for the great responses guys.
i guess what im really getting at though is, if crypt() will embed
a salt in the value it returns automatically, is there any benefit to
creating a salt to pass to the second argument and storing that
as well?
conceivably, passwords already have a salt using the
default crypt() behavior, so the general benefit of salting should
be supplied by said default behavior.
my guess is that there would be *some* benefit to creating a user
supplied salt.  greater entropy or something, im not sure what...
im just trying to rationalize creating a salt in userspace
and storing that in the database as opposed to not.  any takers
for either case?

-nathan

Re: [PHP] Expand variable in comparison

[Casey]

On Jan 19, 2008 9:52 AM, Richard Lynch <[EMAIL PROTECTED]> wrote:
> You can cheat like this:
>
> define('DEBUG', 1);
>
> if (DEBUG || $this->var == $preDefinedStringToTestWith)
>   return true;
> else
>   return false;
>
> At some later date, you change the 1 to 0 in the define() statement.
>
> Please tell us WHY you want do what you want to do...
>
>
> On Fri, January 18, 2008 1:50 pm, Marcus wrote:
> > Hi!
> >
> >
> > Is there any way to get the following snippet returning a true?
> >
> >
> > ...
> > $this->var = ?
> > if ($this->var == $preDefinedStringToTestWith)
> >  return true;
> > else
> >  false;
> >
> >
> >
> > The problem:
> > I don't know, what $preDefinedStringToTestWith is!
> > $this->var can be set to any string.
> >
> > I tried
> > $this->var = "${preDefinedStringToTestWith}"
> > but this doesn't get expanded.
> >
> >
> > Thanks for your help,
> >
> > Marcus.
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> --
> Some people have a "gift" link here.
> Know what I want?
> I want you to buy a CD from some indie artist.
> http://cdbaby.com/from/lynch
> Yeah, I get a buck. So?
>
>

I *think* you want:

return $this->var == $$preDefinedStringToTestWith;

http://us.php.net/language.variables.variable
-- 
-Casey

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

[Casey]

On Jan 19, 2008 6:36 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> On Jan 19, 2008 7:50 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:
>
> > my reply was to the OP, not you as such, given that your also answering
> > his question,
> > sorry for the misunderstanding.
>
> i think half the time i get confused myself; like this morning when you said
> show us your
> exact code, to the OP of the thread, and i was like; 'i just posted my exact
> code' :)
>
>
> > that said I have found it's often a worthy exercise to poke/prod the OP as
> > to what they are really trying to achieve rather than blindly assume that
> > what
> > they are asking is what they really want - this is quite often not the
> > case - I think
> > you;ll agree :-)
>
>
> such was the case w/ the thread where tedd asked about embedding   in
> the name
> attribute of a input tag of type submit.
> everybody was going on about how to handle it on the server side and i was
> like, just
> end it w/ a little css.  so yeah, i def agree.
>
> -nathan
>

Just add a simple index.php to every folder you want to hide, if you
want a "PHP solution".

index.php:
header('Location: http://yoursite.com');

-Casey

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] FPDF

[Brady Mitchell]

On Jan 18, 2008, at 1014AM, Balasubramanyam Ananthamurthy wrote:
I'm fetching content from database and printing it on the browser. I  
want add an link on the same page "Click here to view it in PDF". Is  
it possible to do it using FPDF? If yes, how can I do this?


Yes, this can be done with FPDF. Go to http://fpdf.org, click on  
scripts and you'll find multiple examples with MySQL, one with  
PostgreSQL and even one with MS Access. FPDF has pretty good  
documentation and lots of example code to browse.


I suggest using the forum on fpdf.org to ask specific questions as  
you'll likely get better help there than on this list, simply because  
it's focused specifically on fpdf.


Brady

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php