Re: [PHP] Re: Do you trim() usernames and passwords?

[Dotan Cohen]

On Wed, Dec 29, 2010 at 02:46, David Harkness  wrote:
> To address the OP, I would agree with skipping trim on both the user name
> and password. If it's a copy-paste error, they will try again.
>

They do try again: copying and pasting in the exact same manner. It
keeps happening.


> If you want
> to get fancy, warn when the password starts with or ends with spaces if it
> comes back incorrect, but I think that's probably going to be so rare as not
> to be worth the extra effort.
>

I've changed it to warn client-side (javascript) if there are leading
or trailing spaces in the the username only:
"Your username [begins||ends] with an errant space. Please reenter
your credentials more carefully."
I hope that they figure out to check their passwords as well.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Dotan Cohen]

On Wed, Dec 29, 2010 at 06:51, Paul M Foster  wrote:
>> I agree that users should not use weak passwords, but not everyone goes 
>> everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 
>> character full set passwords.
>>
>
> And so you assume everyone can do that? I can remember maybe 5 of the
> passwords I regularly need. (I rarely repeat passwords for different
> sites.) In addition, some passwords have been *assigned* to me and
> cannot readily be changed (and are usually difficult to remember). Many
> of the rest I so seldom use that it would be silly to try to remember
> them. Particularly when I do have a password-locked file I can use to
> record them for me.
>

Exactly. Even Lifehacker is now assigning passwords since the Gawker
exploit. Lifehacker users cannot choose their own passwords anymore,
they are assigned passwords.


> Under the circumstances I described, I have yet to hear in what way
> copying and pasting passwords compromises security of anything by
> itself. Please enlighten me.
>

I think this is the underwear rule: never leave passwords/underwear
out in the open where everyone can see them. Also, change them
frequently.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Dotan Cohen]

On Wed, Dec 29, 2010 at 07:00, David Hutto  wrote:
> Correct me if I'm wrong, but If you initially type the username and
> password into a file, and you have, in my paranoid scenario, a
> keylogger you don't know about, it get's logged, but also, i assume it
> would get logged if you typed it in as well, on the site, or that
> someone could lift the password if given the authority on your system,
> correct?
>

There is little us as serverside programmers can do when the user's
system is already compromised. However, securing the password down the
wire is certainly our job.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Omega -1911]

> Well, let's see. My system sits behind a firewall. No external services
> are advertised to the internet. All internal addresses are non-routable.
> I do not use or have any wifi. The system sits in my home office. I use
> a Debian Linux system and practice very safe computing. I often
> investigate little-known sites before surfing to them, and never accept
> temptations to click on ads. In fact, I have my /etc/hosts file set up
> to block the vast majority of ad servers (I see a fraction of the ads
> most people see). I never download content of questionable origin, nor
> accept it from others without investigating it first. I have a root kit
> detector installed, which I periodically use. I'm the only person who
> uses this computer. No one who enters this space is more knowledgeable
> than I am about computers (= not capable of hacking a computer).

Hi Paul - I am interested in knowing how you prevent intrusion with
your firewall when it is a known fact that post 9/11 companies that
develop such leave ports open for "Big Brother" as required. Remember
"Green Lantern", "Carnivore" and the like are roaming around and used
by various agencies. Even though a firewall reports that the ports are
blocked, they aren't.

Limiting surfing to only trusted sites does limit vulnerability, but
for the last couple of years, Google, Yahoo, Fbook, Youtube are
compromised by hackers installing "Antivirus 2009", "Antivirus 2010",
etc. viruses.

With a long list of sites improperly setting cookies, passwords and
usernames are easily compromised when a person visits other sites.
Most importantly,   how do you verify that the Internet Service
provider has not been compromised? Using SSL to pass passwords is
still not 100 percent safe as people may think because the real
problem lies in what and where the web site stores your information on
the server.

How do you thwart these possible and other  intrusion nodes?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Static content at runtime

[knl]

On Tue, 28 Dec 2010 23:25:57 -0600
Donovan Brooke  wrote:

> and btw, I found that Billy Hoffman article
> to be inaccurate in many of his assertions.

Would you mind sharing in what ways you found his assertions inaccurate?

Kind regards, 
Kim

> Cheers,
> Donovan
> 
> -- 
> D Brooke
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Dotan Cohen]

On Wed, Dec 29, 2010 at 11:20, Omega -1911 <1911...@gmail.com> wrote:
> Hi Paul - I am interested in knowing how you prevent intrusion with
> your firewall when it is a known fact that post 9/11 companies that
> develop such leave ports open for "Big Brother" as required. Remember
> "Green Lantern", "Carnivore" and the like are roaming around and used
> by various agencies. Even though a firewall reports that the ports are
> blocked, they aren't.
>
> Limiting surfing to only trusted sites does limit vulnerability, but
> for the last couple of years, Google, Yahoo, Fbook, Youtube are
> compromised by hackers installing "Antivirus 2009", "Antivirus 2010",
> etc. viruses.
>
> With a long list of sites improperly setting cookies, passwords and
> usernames are easily compromised when a person visits other sites.
> Most importantly,   how do you verify that the Internet Service
> provider has not been compromised? Using SSL to pass passwords is
> still not 100 percent safe as people may think because the real
> problem lies in what and where the web site stores your information on
> the server.
>
> How do you thwart these possible and other  intrusion nodes?
>

A different password on each potentially-weak site? Lasspass is great
for this. You can then export and print your Lastpass data, put it on
a removable media, or access it via web access.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Omega -1911]

Hi Doran - that may partially work, but what happens on the site's level? If
the site is hacked, millions of passwords are stolen. All of the hard work
put forth to protect your pc becomes useless. I think it has to be a two way
street ... On a shared host, security and the ability to capture passwords
is easily compromised.

[PHP] Printing PDF

[Steve Staples]

Hi!

I have an app that needs to be created, and it is all running on linux.
I am sure I shoulnd't really write it using PHP, but it's kinda what I
know, and am familiar with... so I am thinking about doing with PHP.

Anyway, for simplicity sake, i am creating a pdf through php (no
problems there) and it needs to be printed.  I've never done printing on
linux, but is there an easy way to send the pdf print job via command
lines to the local (or network) printer?

a friend of mine said "postscript" or "cups", but I am not familiar with
them, so I thought I would ask you GURU's here :)

thank in advance!

Steve


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Printing PDF

[Greg Bair]

On Wed, 29 Dec 2010 10:36:30 -0500
Steve Staples  wrote:

> Hi!
> 
> I have an app that needs to be created, and it is all running on
> linux. I am sure I shoulnd't really write it using PHP, but it's
> kinda what I know, and am familiar with... so I am thinking about
> doing with PHP.
> 
> Anyway, for simplicity sake, i am creating a pdf through php (no
> problems there) and it needs to be printed.  I've never done printing
> on linux, but is there an easy way to send the pdf print job via
> command lines to the local (or network) printer?
> 
> a friend of mine said "postscript" or "cups", but I am not familiar
> with them, so I thought I would ask you GURU's here :)
> 
> thank in advance!
> 
> Steve
> 
> 
You could use the lpr command.  Info here :
http://www.marksanborn.net/linux/printing-from-the-linux-command-line/

Greg

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Paul M Foster]

On Wed, Dec 29, 2010 at 04:20:58AM -0500, Omega -1911 wrote:

> > Well, let's see. My system sits behind a firewall. No external services
> > are advertised to the internet. All internal addresses are non-routable.
> > I do not use or have any wifi. The system sits in my home office. I use
> > a Debian Linux system and practice very safe computing. I often
> > investigate little-known sites before surfing to them, and never accept
> > temptations to click on ads. In fact, I have my /etc/hosts file set up
> > to block the vast majority of ad servers (I see a fraction of the ads
> > most people see). I never download content of questionable origin, nor
> > accept it from others without investigating it first. I have a root kit
> > detector installed, which I periodically use. I'm the only person who
> > uses this computer. No one who enters this space is more knowledgeable
> > than I am about computers (= not capable of hacking a computer).
> 
> Hi Paul - I am interested in knowing how you prevent intrusion with
> your firewall when it is a known fact that post 9/11 companies that
> develop such leave ports open for "Big Brother" as required. Remember
> "Green Lantern", "Carnivore" and the like are roaming around and used
> by various agencies. Even though a firewall reports that the ports are
> blocked, they aren't.

Carnivore was an email sniffing program. I can't find a reference to
"Green Lantern" as it relates to computer hacking. As for the "well
known fact" that companies leave ports open for the government, it must
be well known to people other than me. Such claims are sometimes true,
sometimes specious. I'd have to see real evidence first. (Don't get me
wrong-- I wouldn't be surprised.) And ports which show blocked but
aren't? How does that work? Do routers use some sort of "port knocking"
scheme?

Beyond all this, the context you're citing is the government snooping on
me. The government could seize my computer and have the NSA break my
best encryption in probably minutes flat. And they'd have... what? My
password to Amazon.com? My password to the Javascript mailing list?
Seriously? If the government wants my stuff, they can sit an NSA van
outside my house and read the E-M vibrations off my windows or somesuch.
I'm really not concerned for two reasons: 1) If they want my stuff, they
can get it any time wihout my permission; 2) There's not a blessed thing
I can do about it; 3) There isn't anything they'd be very interested in,
trust me. I rather doubt they're going to snag my credit card numbers
and charge a bunch of stuff at Walmart.

Also, I have it from people who know much more about network security
than I do that penetrating a LAN like mine (which is pretty standard) is
nearly or completely impossible *unless* a user on the inside does
something stupid.

> 
> Limiting surfing to only trusted sites does limit vulnerability, but
> for the last couple of years, Google, Yahoo, Fbook, Youtube are
> compromised by hackers installing "Antivirus 2009", "Antivirus 2010",
> etc. viruses.

Antivirus 2009 and 2010 are generally not harmful when it comes to
snagging user information. That's not what they're meant to do. They are
scareware designed to get you to buy software from the company to clean
fake virus infections. If Yahoo and the like have their servers
compromised because of this software, then they're running Windows on
internet servers, which is a bone-headed move anyway. Moreover, if the
admins for these servers see warnings because of this, then they should
do research before simply believing what some software tells them about
their servers. (Although, considering the tech knowledge of a lot of
Windows server admins, anything is possible.)

And, as I mentioned, I run Linux. If I saw some silly virus warning
about my computer, I'd laugh. It's not unheard of, but generally you'd
have to do something stupid to get infected with a virus under Linux.
After laughing, I'd run a rootkit check. And yawn.

> 
> With a long list of sites improperly setting cookies, passwords and
> usernames are easily compromised when a person visits other sites.
> Most importantly,   how do you verify that the Internet Service
> provider has not been compromised? Using SSL to pass passwords is
> still not 100 percent safe as people may think because the real
> problem lies in what and where the web site stores your information on
> the server.

How do I know my ISP isn't compromised? Well, how the hell would
*anyone* know that? You wouldn't. It's completely within the realm of
possibility that my ISP would open, decrypt and read every packet I send
through them. Like the government, I doubt my ISP is going to snag my
credit card numbers and start charging things at Walmart. Can you
imagine the PR debacle if a respected major national ISP/telephone
company was caught grabbing sensitive user information and using it for
nefarious purposes? And can you imagine what their rates with Mastercard
and Visa would go to if such

Re: [PHP] Static content at runtime

[Richard Quadling]

On 28 December 2010 17:18,   wrote:
> Hi.
>
> I am currently looking into improving a system that (like many systems)
> generate static content at runtime.
>
> I have always been against generating static content at runtime and
> believe static content should be generated by a cronjob or manually at
> some idle time (if possible).
>
> This will provide real static content (no PHP at all) that doesn't need
> to be checked every time a request is made hence a huge performance
> benefit is achieved.
>
> A nice article on the issue:
> http://zoompf.com/blog/2009/12/the-challenge-of-dynamically-generating-static-content
>
> Quote: "The moral of the story is never make the user pay for your
> laziness. Do not use the application tier of a website to dynamically
> generate static content at runtime. Instead do it at publishing time or
> even do it in a daily or hourly cron job. This approach allows you all
> the advantages of using application logic without drastically reducing
> the very web performance you were trying to improve in the first place!"
>
> Sometimes however many pages are linked together and when working with
> a system with hundreds or thousands of pages re-creating a lot of
> content each night perhaps isn't always the best way to do things.
> Especially if the content needs to be updated right away and can't wait
> for the nightly cronjob to do its business.
>
> To illustrate with a simple example..
>
> A blog system with a menu that displays how many posts exists in each
> category.
>
> - Home
> - About
> - Tech (412)
> - News (2030)
>
> etc.
>
> When a new page is added to the News category every single page in the
> system needs to get updated in order for the menu to display the new
> number (2031).
>
> Some use a compromise to include only changing items (like the menu
> in the above example), but that would mean using PHP and not serving
> pure static content.
>
> Others use "ugly" solutions like frames.
>
> Care to share your experiences and recommendations on the issue?
>
> Kind regards
>
> ---
> Kim N. Lesmer

As mentioned, using http://en.wikipedia.org/wiki/Server_Side_Includes
is going to be the simplest way to deal with semi static data.

When a new post is added, you update the text file (posts.txt), making
sure you handle all the locking so that 2 posts at the same time don't
end up as only 1 increment.

If you find that the locking is taking too much time (which would
indicate a lot of new posts simultaneously), only update the file if
you can get an exclusive lock. By the time you've failed, a few more
posts will have gone in and the file will have been unlocked at some
stage and then updated.

For something like a post count, I wouldn't consider this to be too
important to be kept 100% accurate. As long as the only usage is to
display to the user. If you need a realtime update, then the DB can
provide it along with an AJAX refresh of the 
element. If needed.


For things like CSS and JS, these tend to be static and should
probably be stored combined/minified/gzipped. Here is an old article I
used to help me get rid of the JS and CSS loading on my servers :
http://rakaz.nl/2006/12/make-your-pages-load-faster-by-combining-and-compressing-javascript-and-css-files.html.

So, a page load will get 1 HTML, 1 CSS and 1 JS call to the server.
The CSS and JS will be client side cached. For the first hit, the CSS
and JS will be minified and gzipped, so lowering your bandwidth usage.

I've never tried it, but I think you can also do something similar for
images. Rather than 1 request per image, 1 image per page request (or
fewer images per page request). http://www.quate.net/newsnet/read/48
and http://www.websiteoptimization.com/speed/tweak/combine/


So, that deals with a lot of request issues that the server is no
longer needing to deal with on every single page.

The server side includes for the semi-static text.




-- 
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Static content at runtime

[Richard Quadling]

On 29 December 2010 16:34, Richard Quadling  wrote:
> On 28 December 2010 17:18,   wrote:
>> Hi.
>>
>> I am currently looking into improving a system that (like many systems)
>> generate static content at runtime.
>>
>> I have always been against generating static content at runtime and
>> believe static content should be generated by a cronjob or manually at
>> some idle time (if possible).
>>
>> This will provide real static content (no PHP at all) that doesn't need
>> to be checked every time a request is made hence a huge performance
>> benefit is achieved.
>>
>> A nice article on the issue:
>> http://zoompf.com/blog/2009/12/the-challenge-of-dynamically-generating-static-content
>>
>> Quote: "The moral of the story is never make the user pay for your
>> laziness. Do not use the application tier of a website to dynamically
>> generate static content at runtime. Instead do it at publishing time or
>> even do it in a daily or hourly cron job. This approach allows you all
>> the advantages of using application logic without drastically reducing
>> the very web performance you were trying to improve in the first place!"
>>
>> Sometimes however many pages are linked together and when working with
>> a system with hundreds or thousands of pages re-creating a lot of
>> content each night perhaps isn't always the best way to do things.
>> Especially if the content needs to be updated right away and can't wait
>> for the nightly cronjob to do its business.
>>
>> To illustrate with a simple example..
>>
>> A blog system with a menu that displays how many posts exists in each
>> category.
>>
>> - Home
>> - About
>> - Tech (412)
>> - News (2030)
>>
>> etc.
>>
>> When a new page is added to the News category every single page in the
>> system needs to get updated in order for the menu to display the new
>> number (2031).
>>
>> Some use a compromise to include only changing items (like the menu
>> in the above example), but that would mean using PHP and not serving
>> pure static content.
>>
>> Others use "ugly" solutions like frames.
>>
>> Care to share your experiences and recommendations on the issue?
>>
>> Kind regards
>>
>> ---
>> Kim N. Lesmer
>
> As mentioned, using http://en.wikipedia.org/wiki/Server_Side_Includes
> is going to be the simplest way to deal with semi static data.
>
> When a new post is added, you update the text file (posts.txt), making
> sure you handle all the locking so that 2 posts at the same time don't
> end up as only 1 increment.
>
> If you find that the locking is taking too much time (which would
> indicate a lot of new posts simultaneously), only update the file if
> you can get an exclusive lock. By the time you've failed, a few more
> posts will have gone in and the file will have been unlocked at some
> stage and then updated.
>
> For something like a post count, I wouldn't consider this to be too
> important to be kept 100% accurate. As long as the only usage is to
> display to the user. If you need a realtime update, then the DB can
> provide it along with an AJAX refresh of the 
> element. If needed.
>
>
> For things like CSS and JS, these tend to be static and should
> probably be stored combined/minified/gzipped. Here is an old article I
> used to help me get rid of the JS and CSS loading on my servers :
> http://rakaz.nl/2006/12/make-your-pages-load-faster-by-combining-and-compressing-javascript-and-css-files.html.
>
> So, a page load will get 1 HTML, 1 CSS and 1 JS call to the server.
> The CSS and JS will be client side cached. For the first hit, the CSS
> and JS will be minified and gzipped, so lowering your bandwidth usage.
>
> I've never tried it, but I think you can also do something similar for
> images. Rather than 1 request per image, 1 image per page request (or
> fewer images per page request). http://www.quate.net/newsnet/read/48
> and http://www.websiteoptimization.com/speed/tweak/combine/
>
>
> So, that deals with a lot of request issues that the server is no
> longer needing to deal with on every single page.
>
> The server side includes for the semi-static text.
>
>
>
>
> --
> Richard Quadling
> Twitter : EE : Zend
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
>

http://ruweb.wordpress.com/2006/08/23/combine_images_web2_ajax/ (In
russian, but Google Chrome happily translated this into readable
English).

-- 
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Paul M Foster]

On Wed, Dec 29, 2010 at 11:06:15AM +0200, Dotan Cohen wrote:

> On Wed, Dec 29, 2010 at 06:51, Paul M Foster  wrote:



> 
> > Under the circumstances I described, I have yet to hear in what way
> > copying and pasting passwords compromises security of anything by
> > itself. Please enlighten me.
> >
> 
> I think this is the underwear rule: never leave passwords/underwear
> out in the open where everyone can see them. Also, change them
> frequently.

Wait... what? I should change my underwear frequently? Um... be right
back.

Paul

-- 
Paul M. Foster
http://noferblatz.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Nicholas Kell]

On Dec 29, 2010, at 10:40 AM, Paul M Foster wrote:

> On Wed, Dec 29, 2010 at 11:06:15AM +0200, Dotan Cohen wrote:
> 
>> On Wed, Dec 29, 2010 at 06:51, Paul M Foster  wrote:
> 
> 
> 
>> 
>>> Under the circumstances I described, I have yet to hear in what way
>>> copying and pasting passwords compromises security of anything by
>>> itself. Please enlighten me.
>>> 
>> 
>> I think this is the underwear rule: never leave passwords/underwear
>> out in the open where everyone can see them. Also, change them
>> frequently.
> 
> Wait... what? I should change my underwear frequently? Um... be right
> back.

I change my underwear once a month, whether it needs it or not.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Printing PDF

[Paul M Foster]

On Wed, Dec 29, 2010 at 10:36:30AM -0500, Steve Staples wrote:

> Hi!
> 
> I have an app that needs to be created, and it is all running on linux.
> I am sure I shoulnd't really write it using PHP, but it's kinda what I
> know, and am familiar with... so I am thinking about doing with PHP.
> 
> Anyway, for simplicity sake, i am creating a pdf through php (no
> problems there) and it needs to be printed.  I've never done printing on
> linux, but is there an easy way to send the pdf print job via command
> lines to the local (or network) printer?
> 
> a friend of mine said "postscript" or "cups", but I am not familiar with
> them, so I thought I would ask you GURU's here :)

The big problem here is that the site is on the server and the printer
is on the client (most likely). Normally if you provide a link to a PDF
in a webpage, the user/client downloads that PDF and the browser tries
to open it in whatever program it thinks is good for that (like XPDF
under Linux). The program in which it opens the PDF will have an option
to print the file. I've been printing invoices, checks and reports out
of my corporate system for years this way.

Paul

-- 
Paul M. Foster
http://noferblatz.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Omega -1911]

Those were some pretty confident statements there. "You doubt the government
would want to hack your computer..." Well, the U.S. tries to prevent over 1
million attacks per day as documented and has admitted to having been
breached more often than not... !!! But as someone who let's just say has
prior knowledge, I personally would not want your password unless I needed
to do some "social engineering" but rather hijack your connection to hide my
nefarious intent.

No, your yahoo login info wouldn't be of much use, but your bank login info
would be there are many who trade account info multiple times on private
networks for a few dollars at a time. Your login and account info doesn't
mean much to them, but a few hundred passwords can make thousands daily.

Why not store passwords inside of programs like "snow"?

With your pc being stealth, maybe you could help the government with how you
do it?

Carnivor can do more. Trust me. Programs like "SamInside" create an
interesting computer environment as well.

Re: [PHP] Printing PDF

[Steve Staples]

On Wed, 2010-12-29 at 11:49 -0500, Paul M Foster wrote:
> On Wed, Dec 29, 2010 at 10:36:30AM -0500, Steve Staples wrote:
> 
> > Hi!
> > 
> > I have an app that needs to be created, and it is all running on linux.
> > I am sure I shoulnd't really write it using PHP, but it's kinda what I
> > know, and am familiar with... so I am thinking about doing with PHP.
> > 
> > Anyway, for simplicity sake, i am creating a pdf through php (no
> > problems there) and it needs to be printed.  I've never done printing on
> > linux, but is there an easy way to send the pdf print job via command
> > lines to the local (or network) printer?
> > 
> > a friend of mine said "postscript" or "cups", but I am not familiar with
> > them, so I thought I would ask you GURU's here :)
> 
> The big problem here is that the site is on the server and the printer
> is on the client (most likely). Normally if you provide a link to a PDF
> in a webpage, the user/client downloads that PDF and the browser tries
> to open it in whatever program it thinks is good for that (like XPDF
> under Linux). The program in which it opens the PDF will have an option
> to print the file. I've been printing invoices, checks and reports out
> of my corporate system for years this way.
> 
> Paul
> 

actually... it is a localized app (it should be more of a C++ or Java
(or even Python), but I know PHP more weller than the others... and
there is also a few other things they want... so right now, it will be
on the local machine, but down the road, it will be on a "server", but
it is all on the local intranet, so the printers will be accessible.
this is not a "world" app, just internal.

I can create the PDF's no problem, it is just how to send the created
pdf to the printer to print (it is a label printer, printing 3x5 labels)


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[tedd]

At 4:06 PM -0500 12/28/10, Daniel Brown wrote:

On Tue, Dec 28, 2010 at 16:05, Dotan Cohen  wrote:


 Did you know that when you type 'brown1' we see it as **? Your
 system does that automatically.


That's how I see it, too.  It took me fourteen years to realize
that my password wasn't just six asterisks


Damn! Now, I have to change my password. Maybe I'll change it to "*1"

But seriously, I teach my students to find something that they can 
remember that doesn't appear in their personal data (i.e., tel 
number, address, SS, DOB, whatever).


I suggest using a phrase such as "An Apple A Day Keeps The Doctor 
Away" and combining it with a favorite number (i.e.,  "18") producing 
a password of "AAADKTDA18".


Additionally, one can also make access to their data a bit more 
secure by changing their user id to something not personal either, 
such as "mightymouse".


As for trimming passwords and user id's, I have always done that with 
an explanation of what characters are allowed/required in a password 
-- leading/trailing spaces are not. From my perspective, if a user 
provides a space before/after their password, then thay have made a 
mistake and it's automatically trimmed regardless. As such, the 
practice either way does not affect anything -- it works both ways.


This is from experience in dealing with users (10k db's) complaining 
that their user ID and/or password has somehow changed because they 
entered JohnDoe, johndoe, and finally johnDoe and couldn't access 
their account only to find that their user ID was actually jdoe. I 
don't want to complicate my life further by allowing leading/trailing 
spaces into the mix.


BTW -- One of my banks told me that my user id had to be uppercase, 
but when I entered my user id in lowercase, it worked. There should 
be consistency between what the user is told and what is practiced.


Make your life simpler.

Cheers,

tedd

--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How to send a GPG signed EMail with a PDF attached?

[Michelle Konzack]

Hello,

currently I am searching   for  a  solution  but
found nothing I need.

OK, I can write a string, mimeencode the PDF and send  it  using  exec()
and 'sendmail -t'.  Also I could use another exec() call to GPG sign the
message.

But is there a more PHP NATIVE solution?

I mean one without a bunch of exec() calls and I am trying to get rid of
this crap in all of my scripts (~1.700.000 lines of code in total).

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France EURL   itsyst...@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: [PHP] Printing PDF

[Richard Quadling]

On 29 December 2010 17:24, Steve Staples  wrote:
> I can create the PDF's no problem, it is just how to send the created
> pdf to the printer to print (it is a label printer, printing 3x5 labels)

What type of printer? Some printers require their own language and
won't have any sort of PS, PCL, Esc/2 or GDI support.

I've worked with industrial printers which take strings of plain text
to do page layout/description. You load template layouts into the
printer and can use them.

Completely useless under normal circumstances.

If the printer is something like an Epson TM-L90 (thermal label
printer with barcode support), then sending it a PDF isn't possible as
it doesn't have PS support. It is much easier to send it the string of
codes to have the barcode generated within the label.

On Windows, the drivers deal with all of this stuff. I've no idea on Unix.

The exact model of the printer would help.

-- 
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[tedd]

At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:

Also, change them {passwords} frequently.


I've always wondered about that -- if your password works, then why 
change it? Where's the logic in that?


From my perspective, it looks like "Hey, the crackers have not been 
able to crack this, so let's give them another chance". That doesn't 
sound logical.


There are things we "think" are right, but is this practice supported 
in some way that's provable?


Cheers,

tedd

--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[tedd]

At 11:57 AM -0500 12/29/10, Omega -1911 wrote:


Why not store passwords inside of programs like "snow"?


Maybe yellow snow, but never in something permanent.

My advice -- memorize your passwords -- don't commit them to storage.

I have a list of passwords committed to memory that fall into three 
groups (i.e., high, medium, and low security).


1. Bank accounts and financial data is high.

2. Mailing list and non-financial organizations (web sites) are medium.

3. Everything else is low.

If I should die, my family knows where my important accounts are and 
will have the legal authority to access those. Everything else, like 
my contribution to mankind, will pass without fanfare and fade within 
a couple of hours.


Cheers,

tedd

--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Joshua Kehn]

On Dec 29, 2010, at 12:37 PM, tedd wrote:

> At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
>> Also, change them {passwords} frequently.
> 
> I've always wondered about that -- if your password works, then why change 
> it? Where's the logic in that?
> 
> From my perspective, it looks like "Hey, the crackers have not been able to 
> crack this, so let's give them another chance". That doesn't sound logical.
> 
> There are things we "think" are right, but is this practice supported in some 
> way that's provable?
> 
> Cheers,
> 
> tedd
> 
> -- 
> ---
> http://sperling.com/

An attacker manages to obtain the hashes and starts an attack. You change your 
password. The attacker now has to restart the attack.

Changing your passwords prevents an attack from continuing past the length of 
time between password changes. 

Also if they _have_ managed to crack the password changing it forces them to 
crack it again, thus also limiting the time the account is compromised.

Regards,

-Josh

Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] File-Upload per Drag-N-Drop?

[Michelle Konzack]

Hello,

my users have an Online-File-Store with nearly anything  they  need  but
one feature is missing:  Drag-D-Drop.

I like to implement Drag-D-Drop so users can Drag a file  from  a  File-
Manager and Drop it on the Upload-Icon in my Webinterface.

Can someone tell me HOW THIS WORKS?

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France EURL   itsyst...@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: [PHP] Re: Do you trim() usernames and passwords?

[Daniel P. Brown]

On Wed, Dec 29, 2010 at 11:57, Omega -1911 <1911...@gmail.com> wrote:
> Those were some pretty confident statements there. "You doubt the government
> would want to hack your computer..." Well, the U.S. tries to prevent over 1
> million attacks per day as documented and has admitted to having been
> breached more often than not... !!! But as someone who let's just say has
> prior knowledge, I personally would not want your password unless I needed
> to do some "social engineering" but rather hijack your connection to hide my
> nefarious intent.

Is that how it works out there in Indianapolis, David Chapman?
Because, to the rest of the world, this whole diatribe just sounds
plain silly.

> No, your yahoo login info wouldn't be of much use, but your bank login info
> would be there are many who trade account info multiple times on private
> networks for a few dollars at a time. Your login and account info doesn't
> mean much to them, but a few hundred passwords can make thousands daily.

Wow.  Good thing folks don't use their Yahoo! email accounts for
password reminders, I guess.

Just wow.  Pfft.

-- 

Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File-Upload per Drag-N-Drop?

[Daniel P. Brown]

On Wed, Dec 29, 2010 at 13:23, Michelle Konzack
 wrote:
> Hello,
>
> my users have an Online-File-Store with nearly anything  they  need  but
> one feature is missing:  Drag-D-Drop.
>
> I like to implement Drag-D-Drop so users can Drag a file  from  a  File-
> Manager and Drop it on the Upload-Icon in my Webinterface.
>
> Can someone tell me HOW THIS WORKS?

That's more of a frontend question to which you and your
six-million-line signature should check Google to find the answer.
Don't get me wrong, Michelle, we've always tried to help out even with
off-topic questions, but this is really pushing it a bit too far with
all of the non-PHP questions you've been asking lately.

-- 

Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] File-Upload per Drag-N-Drop?

[Tommy Pham]

> -Original Message-
> From: Michelle Konzack [mailto:linux4miche...@tamay-dogan.net]
> Sent: Wednesday, December 29, 2010 10:23 AM
> To: PHP - General
> Subject: [PHP] File-Upload per Drag-N-Drop?
> 
> Hello,
> 
> my users have an Online-File-Store with nearly anything  they  need  but
> one feature is missing:  Drag-D-Drop.
> 
> I like to implement Drag-D-Drop so users can Drag a file  from  a  File-
> Manager and Drop it on the Upload-Icon in my Webinterface.
> 
> Can someone tell me HOW THIS WORKS?
> 

This sounds like RIA = Rich Internet Application.  Try google'ing for it.
YMMV depends on platform & technology supported.

Regards,
Tommy

> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
> 
> --
> # Debian GNU/Linux Consultant
> ##
>Development of Intranet and Embedded Systems with Debian GNU/Linux
> 
> itsyst...@tdnet France EURL   itsyst...@tdnet UG (limited liability)
> Owner Michelle KonzackOwner Michelle Konzack
> 
> Apt. 917 (homeoffice)
> 50, rue de Soultz Kinzigstraße 17
> 67100 Strasbourg/France   77694 Kehl/Germany
> Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
> Tel: +33-9-52705884 fix
> 
> 
> 
>  
> 
> Jabber linux4miche...@jabber.ccc.de
> 
> Linux-User #280138 with the Linux Counter, http://counter.li.org/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] How to send a GPG signed EMail with a PDF attached?

[Tommy Pham]

> -Original Message-
> From: Michelle Konzack [mailto:linux4miche...@tamay-dogan.net]
> Sent: Wednesday, December 29, 2010 9:34 AM
> To: PHP - General
> Subject: [PHP] How to send a GPG signed EMail with a PDF attached?
> 
> Hello,
> 
> currently I am searching   for  a  solution  but
found
> nothing I need.
> 

Phpclasses.org naturally may not have all possible solutions.  Thus, the
existence of search engines like google.  Try keywords 'php mime encode
gpg'.

Regards,
Tommy

> OK, I can write a string, mimeencode the PDF and send  it  using  exec()
and
> 'sendmail -t'.  Also I could use another exec() call to GPG sign the
message.
> 
> But is there a more PHP NATIVE solution?
> 
> I mean one without a bunch of exec() calls and I am trying to get rid of
this
> crap in all of my scripts (~1.700.000 lines of code in total).
> 
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
> 
> --
> # Debian GNU/Linux Consultant
> ##
>Development of Intranet and Embedded Systems with Debian GNU/Linux
> 
> itsyst...@tdnet France EURL   itsyst...@tdnet UG (limited liability)
> Owner Michelle KonzackOwner Michelle Konzack
> 
> Apt. 917 (homeoffice)
> 50, rue de Soultz Kinzigstraße 17
> 67100 Strasbourg/France   77694 Kehl/Germany
> Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
> Tel: +33-9-52705884 fix
> 
> 
> 
>  
> 
> Jabber linux4miche...@jabber.ccc.de
> 
> Linux-User #280138 with the Linux Counter, http://counter.li.org/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Static content at runtime

[Donovan Brooke]

k...@bitflop.com wrote:

On Tue, 28 Dec 2010 23:25:57 -0600
Donovan Brooke  wrote:


and btw, I found that Billy Hoffman article
to be inaccurate in many of his assertions.


Would you mind sharing in what ways you found his assertions inaccurate?

Kind regards,
Kim


Cheers,
Donovan

--
D Brooke



Well sure.. I have some time.. it's the holidays. ;-)

I don't entirely agree with the premise first of all... I think serving 
dynamic content at runtime works well 90% (loose figure) of the time and 
ultimately creates a system that is easy to troubleshoot and maintain, 
and which always has realtime accurate data.


I should first preface my comments that I am not against a publishing 
system, nor a caching system when the project needs, or 
growth/performance needs, would require (or could benefit from) it.. 
however, I also believe that those requirements are a small portion of 
the projects/jobs out there these days.


The author says:
"Since the web server is not serving a static file, there will be no 
Last-Modified header sent by default. That means no conditional GETs and 
no 304 responses which means lots of bandwidth consumption."



That is not quite accurate.. a programmer can force http headers.



"PHP, like virtually all application tiers, produces a chucked response. 
This is because the web server has no idea what the content length will 
be because it is dynamically generated. Dynamically generated chunked 
responses will not send the Accept-Range header. This means no pausing 
or resuming or error recovering. The entire resource must be re-downloaded."




First, I think he means "Accept-Ranges" header.. and as in my previous
comment, a programmer can manipulate http headers... which makes some of 
his other reasoning not quite accurate.


Lastly he proceeds on to illustrate a dynamic resource 
(http://example.com/combine.php?files=a.js|b.js|c.js), apparently, as a
a reason why serving dynamic content is not as good as serving static 
content (for security reasons). At this point, it's really just him 
showing off his ability to spot hackable code I think. ;-) My answer to

that is that it has nothing to do with runtime code vs. published static
content, and everything to do with the noob programmer who decided to
make a hackable get request a part of their app.

Overall, to me that article may provoke some good thought.. but I would 
treat it like Rush Limbaugh.. don't buy into all of it.


Donovan





--
D Brooke

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: How to send a GPG signed EMail with a PDF attached?

[Michelle Konzack]

Hello Tommy Pham,

Am 2010-12-29 10:38:39, hacktest Du folgendes herunter:
> Phpclasses.org naturally may not have all possible solutions.  Thus, the
> existence of search engines like google.  Try keywords 'php mime encode
> gpg'.

Already done and it returns 56.000 results where  the  first  500  where
notvery useful.

But I found via the gnupgp site gpg_encrypt() and now I changed my setup
to let users upload there public key and  then  they  get  the  invoices
crypted.  Otherwise as normal EMail or alternative as SMail.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France EURL   itsyst...@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

[PHP] Re: File-Upload per Drag-N-Drop?

[Michelle Konzack]

Hello Tommy Pham,

Am 2010-12-29 10:33:30, hacktest Du folgendes herunter:
> This sounds like RIA = Rich Internet Application.  Try google'ing for it.

This was the missing keyword.  Thanks.

Found DHTML and posibility  for  a  flash/gnash app  which  support  the
Drag-N-Drop.  If has only to create a normal fileupload where  the  rest
is handled as usual by PHP. Now have to check, whether gnash support it.

> YMMV depends on platform & technology supported.

Hmmm, if I see  and it woks on Linux the same
as on MacOS X as on Windows or BeOS.

> Regards,
> Tommy

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France EURL   itsyst...@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France   77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature

Re: [PHP] Re: File-Upload per Drag-N-Drop?

[Robert Cummings]

On 10-12-29 02:54 PM, Michelle Konzack wrote:

Hello Tommy Pham,

Am 2010-12-29 10:33:30, hacktest Du folgendes herunter:

This sounds like RIA = Rich Internet Application.  Try google'ing for it.


This was the missing keyword.  Thanks.

Found DHTML and posibility  for  a  flash/gnash app  which  support  the
Drag-N-Drop.  If has only to create a normal fileupload where  the  rest
is handled as usual by PHP. Now have to check, whether gnash support it.


YMMV depends on platform&  technology supported.


Hmmm, if I see  and it woks on Linux the same
as on MacOS X as on Windows or BeOS.


Regards,
Tommy


Thanks, Greetings and nice Day/Evening
 Michelle Konzack


You can get a nice multi upload in flash, but you cannot get drag and drop.

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: File-Upload per Drag-N-Drop?

[Robert Cummings]

On 10-12-29 03:02 PM, Robert Cummings wrote:

On 10-12-29 02:54 PM, Michelle Konzack wrote:

Hello Tommy Pham,

Am 2010-12-29 10:33:30, hacktest Du folgendes herunter:

This sounds like RIA = Rich Internet Application.  Try google'ing for it.


This was the missing keyword.  Thanks.

Found DHTML and posibility  for  a  flash/gnash app  which  support  the
Drag-N-Drop.  If has only to create a normal fileupload where  the  rest
is handled as usual by PHP. Now have to check, whether gnash support it.


YMMV depends on platform&   technology supported.


Hmmm, if I see   and it woks on Linux the same
as on MacOS X as on Windows or BeOS.


Regards,
Tommy


Thanks, Greetings and nice Day/Evening
  Michelle Konzack


You can get a nice multi upload in flash, but you cannot get drag and drop.


I should add that I don't know about Silverlight or whatever is the 
flavour of the week, but I believe you can do drag and drop with Java 
applets, but they'll require popup acceptance of the security privileges 
necessary to allow drag and drop.


Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: File-Upload per Drag-N-Drop?

[Bastien Koert]

On Wed, Dec 29, 2010 at 3:03 PM, Robert Cummings  wrote:
> On 10-12-29 03:02 PM, Robert Cummings wrote:
>>
>> On 10-12-29 02:54 PM, Michelle Konzack wrote:
>>>
>>> Hello Tommy Pham,
>>>
>>> Am 2010-12-29 10:33:30, hacktest Du folgendes herunter:

 This sounds like RIA = Rich Internet Application.  Try google'ing for
 it.
>>>
>>> This was the missing keyword.  Thanks.
>>>
>>> Found DHTML and posibility  for  a  flash/gnash app  which  support  the
>>> Drag-N-Drop.  If has only to create a normal fileupload where  the  rest
>>> is handled as usual by PHP. Now have to check, whether gnash support it.
>>>
 YMMV depends on platform&   technology supported.
>>>
>>> Hmmm, if I see   and it woks on Linux the same
>>> as on MacOS X as on Windows or BeOS.
>>>
 Regards,
 Tommy
>>>
>>> Thanks, Greetings and nice Day/Evening
>>>      Michelle Konzack
>>
>> You can get a nice multi upload in flash, but you cannot get drag and
>> drop.
>
> I should add that I don't know about Silverlight or whatever is the flavour
> of the week, but I believe you can do drag and drop with Java applets, but
> they'll require popup acceptance of the security privileges necessary to
> allow drag and drop.
>
> Cheers,
> Rob.
> --
> E-Mail Disclaimer: Information contained in this message and any
> attached documents is considered confidential and legally protected.
> This message is intended solely for the addressee(s). Disclosure,
> copying, and distribution are prohibited unless authorized.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Flex has some as well

http://www.flex888.com/296/9-flex-file-upload-examples-visited.html

-- 

Bastien

Cat, the other other white meat

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Printing PDF

[Steve Staples]

On Wed, 2010-12-29 at 17:36 +, Richard Quadling wrote:
> On 29 December 2010 17:24, Steve Staples  wrote:
> > I can create the PDF's no problem, it is just how to send the created
> > pdf to the printer to print (it is a label printer, printing 3x5 labels)
> 
> What type of printer? Some printers require their own language and
> won't have any sort of PS, PCL, Esc/2 or GDI support.
> 
> I've worked with industrial printers which take strings of plain text
> to do page layout/description. You load template layouts into the
> printer and can use them.
> 
> Completely useless under normal circumstances.
> 
> If the printer is something like an Epson TM-L90 (thermal label
> printer with barcode support), then sending it a PDF isn't possible as
> it doesn't have PS support. It is much easier to send it the string of
> codes to have the barcode generated within the label.
> 
> On Windows, the drivers deal with all of this stuff. I've no idea on Unix.
> 
> The exact model of the printer would help.

I am currently unaware of the printer model, I am mostly working at
building a quote for them.   I suppose I should get the make/models of
what they are going to be using... and hope to hell that they are
compatible.  I do know that the printer has a custom formatted label, so
I hope that there is some drivers or wahtever availble to linux that i
can send the PDF to it to print... looks like this will be some trial
and error (err... research and development?).   The printing is the only
real trivial part of the whole thing.

maybe i should just make this all a greenscreen app, using windows .bat
scripting :)

thanks for all your insight, and once i get some more information, and
after googleing some, if i have MORE questions, i'll be back!!

hope everyone's holidays (if you celebrated any over the last few weeks)
were good, and the new year treats you well!

Steve


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Omega -1911]

Sound silly? Why Daniel? It's all documented and public knowledge. What I
thought was silly was a entire thread about which ASCII combination was
best.. convert to a higher range above the 255 character range...

There is NOTHING I have mentioned that you or anyone can call a lie. Google
or eccouncil.org are great resources. You forte is php... what security
certs doyou hold that contradict my previous email?
On Dec 29, 2010 1:22 PM, "Daniel P. Brown" 
wrote:
>
> On Wed, Dec 29, 2010 at 11:57, Omega -1911 <1911...@gmail.com> wrote:
> > Those were some pretty confident statements there. "You doubt the
government
> > would want to hack your computer..." Well, the U.S. tries to prevent
over 1
> > million attacks per day as documented and has admitted to having been
> > breached more often than not... !!! But as someone who let's just say
has
> > prior knowledge, I personally would not want your password unless I
needed
> > to do some "social engineering" but rather hijack your connection to
hide my
> > nefarious intent.
>
>Is that how it works out there in Indianapolis, David Chapman?
> Because, to the rest of the world, this whole diatribe just sounds
> plain silly.
>
> > No, your yahoo login info wouldn't be of much use, but your bank login
info
> > would be there are many who trade account info multiple times on
private
> > networks for a few dollars at a time. Your login and account info
doesn't
> > mean much to them, but a few hundred passwords can make thousands daily.
>
>Wow.  Good thing folks don't use their Yahoo! email accounts for
> password reminders, I guess.
>
>Just wow.  Pfft.
>
> --
> 
> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> (866-) 725-4321
> http://www.parasane.net/

Re: [PHP] Printing PDF

[David Hutto]

On Wed, Dec 29, 2010 at 3:13 PM, Steve Staples  wrote:
> On Wed, 2010-12-29 at 17:36 +, Richard Quadling wrote:
>> On 29 December 2010 17:24, Steve Staples  wrote:
>> > I can create the PDF's no problem, it is just how to send the created
>> > pdf to the printer to print (it is a label printer, printing 3x5 labels)
>>
>> What type of printer? Some printers require their own language and
>> won't have any sort of PS, PCL, Esc/2 or GDI support.
>>
>> I've worked with industrial printers which take strings of plain text
>> to do page layout/description. You load template layouts into the
>> printer and can use them.
>>
>> Completely useless under normal circumstances.
>>
>> If the printer is something like an Epson TM-L90 (thermal label
>> printer with barcode support), then sending it a PDF isn't possible as
>> it doesn't have PS support. It is much easier to send it the string of
>> codes to have the barcode generated within the label.
>>
>> On Windows, the drivers deal with all of this stuff. I've no idea on Unix.
>>
>> The exact model of the printer would help.
>
> I am currently unaware of the printer model, I am mostly working at
> building a quote for them.

Welcome to being a software developer.

 I suppose I should get the make/models of
> what they are going to be using... and hope to hell that they are
> compatible.  I do know that the printer has a custom formatted label, so
> I hope that there is some drivers or wahtever availble to linux that i
> can send the PDF to it to print... looks like this will be some trial
> and error (err... research and development?).   The printing is the only
> real trivial part of the whole thing.
>.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File-Upload per Drag-N-Drop?

[Michael Shadle]

On Wed, Dec 29, 2010 at 10:30 AM, Daniel P. Brown
 wrote:

>    That's more of a frontend question to which you and your
> six-million-line signature should check Google to find the answer.
> Don't get me wrong, Michelle, we've always tried to help out even with
> off-topic questions, but this is really pushing it a bit too far with
> all of the non-PHP questions you've been asking lately.

a) +1 - this isn't php-general anymore this feels like
michelle-development-requests (with a horribly long signature) - but I
don't mean to be harsh.

b) HTML5 should be what you want, at some point very soon.

Silverlight isn't fully cross platform
Java is your most universal applet language
fFash has odd issues, but would be second best
but HTML5, that's going to address it all.

Google for "plupload" it has all the different upload applet types and
tries to determine which one will be best for you. has the client side
and server side pieces included.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File-Upload per Drag-N-Drop?

[a...@ashleysheridan.co.uk]

On a slight tangent, but is that signature why I'm not able to read any of 
michelles emails on my phone? For some reason, only her emails get stuck and 
won't download, so I have to wait til someone else replies.

To answer the question on this, I've not yet seen a cross platform answer to 
this question; only several different platform dependent solutions from one 
vendor to handle each main OS.

Thanks,
Ash
http://www.ashleysheridan.co.uk

- Reply message -
From: "Michael Shadle" 
Date: Wed, Dec 29, 2010 21:38
Subject: [PHP] File-Upload per Drag-N-Drop?
To: "Michelle Konzack" 
Cc: "PHP - General" 


On Wed, Dec 29, 2010 at 10:30 AM, Daniel P. Brown
 wrote:

>    That's more of a frontend question to which you and your
> six-million-line signature should check Google to find the answer.
> Don't get me wrong, Michelle, we've always tried to help out even with
> off-topic questions, but this is really pushing it a bit too far with
> all of the non-PHP questions you've been asking lately.

a) +1 - this isn't php-general anymore this feels like
michelle-development-requests (with a horribly long signature) - but I
don't mean to be harsh.

b) HTML5 should be what you want, at some point very soon.

Silverlight isn't fully cross platform
Java is your most universal applet language
fFash has odd issues, but would be second best
but HTML5, that's going to address it all.

Google for "plupload" it has all the different upload applet types and
tries to determine which one will be best for you. has the client side
and server side pieces included.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Printing PDF

[Paul M Foster]

On Wed, Dec 29, 2010 at 12:24:14PM -0500, Steve Staples wrote:

> On Wed, 2010-12-29 at 11:49 -0500, Paul M Foster wrote:
> > On Wed, Dec 29, 2010 at 10:36:30AM -0500, Steve Staples wrote:
> >
> > > Hi!
> > >
> > > I have an app that needs to be created, and it is all running on linux.
> > > I am sure I shoulnd't really write it using PHP, but it's kinda what I
> > > know, and am familiar with... so I am thinking about doing with PHP.
> > >
> > > Anyway, for simplicity sake, i am creating a pdf through php (no
> > > problems there) and it needs to be printed.  I've never done printing on
> > > linux, but is there an easy way to send the pdf print job via command
> > > lines to the local (or network) printer?
> > >
> > > a friend of mine said "postscript" or "cups", but I am not familiar with
> > > them, so I thought I would ask you GURU's here :)
> >
> > The big problem here is that the site is on the server and the printer
> > is on the client (most likely). Normally if you provide a link to a PDF
> > in a webpage, the user/client downloads that PDF and the browser tries
> > to open it in whatever program it thinks is good for that (like XPDF
> > under Linux). The program in which it opens the PDF will have an option
> > to print the file. I've been printing invoices, checks and reports out
> > of my corporate system for years this way.
> >
> > Paul
> >
> 
> actually... it is a localized app (it should be more of a C++ or Java
> (or even Python), but I know PHP more weller than the others... and
> there is also a few other things they want... so right now, it will be
> on the local machine, but down the road, it will be on a "server", but
> it is all on the local intranet, so the printers will be accessible.
> this is not a "world" app, just internal.
> 
> I can create the PDF's no problem, it is just how to send the created
> pdf to the printer to print (it is a label printer, printing 3x5 labels)

I have heard of (and seen) some Javascript code which can be embedded
in a PDF to make it print without the need for what I described. But I
don't recall where I saw it. Might have been on this list, so you could
check the archives.

Paul

-- 
Paul M. Foster
http://noferblatz.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Daniel P. Brown]

On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
> Sound silly? Why Daniel? It's all documented and public knowledge. What I
> thought was silly was a entire thread about which ASCII combination was
> best.. convert to a higher range above the 255 character range...
>
> There is NOTHING I have mentioned that you or anyone can call a lie. Google
> or eccouncil.org are great resources. You forte is php... what security
> certs doyou hold that contradict my previous email?

Aside from involvement with the now-defunct Federal agency, the
National Infrastructure Protection Center, training by the FBI's
Regional Computer Forensic Laboratories, accreditation as the first
private-sector mobile computer forensic investigation laboratory in
the tri-state area, multiple computer security certifications, and
about fourteen years of professional network and computer security
service to multiple public and private sector entities, I suppose not
much.

I was pleased earlier, however, to learn about your interest in
helping others by creating a venue for them to sell their own homemade
pornographic DVDs at such a low price, but then disappointed to learn
that your grasp of Perl and site management wasn't yet up to par.
"Hacking" didn't work out all that well over the last couple of years
either, but you could probably go, what, just a thousand feet or so to
hire one of the kids from Ben Davis high school to help out.  Pay them
a fair wage, though I mean, with your home last appraised at
$122,100 (on the 27th of July, 2007, so you might want to see if it's
appreciated more in value by now), we know you can afford to pay
better than minimum.  Heck, if they'd pave your street as well as your
driveway is sealed, that alone might help improve the value, at least
a little bit.  Which would be fine --- I mean, you already get the
benefits of better insurance, consider how close you are to that fire
hydrant.  (You know the one I mean, that little bluish-green one when
you turn right out of your driveway and cross the street.)

Speaking of blue-green, I love that picture of Javen.  Was that
done right on his iPhone, or did he do it on the computer before
uploading it?  Pretty cool either way, just like his name.  I'm just
not sure if it's pronounced with a "J" or an "H" sound.  I mean,
Arthur's name is easy enough, but I honestly am confused by Javen's
(except when he spells it out like James Vencent).  It's no surprise
that he's an intelligent kid, though, being born at the autumnal
equinox and all (and even before sunrise that morning).

That aside, you might be right.  Perhaps my qualifications don't
quite justify my opinion in contradicting anything you have to say.  I
mean, being contracted to trace people all over the world can
sometimes be almost as fun as knowing what tools to use to find out
who they are in the first place.  Still, one shouldn't spend so much
time doing just one thing, which is why we both enjoy programming.

Regardless, it doesn't matter, and I see no reason to get into any
kind of flame war --- especially with one of the famous Six Hounds
from the Darkside of Hell.  Anyway, sorry for being ten days late, but
happy birthday, Chap.  It was good getting to know you.  And, as the
Ques know, "friendship is essential to the soul."

-- 

Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Omega -1911]

AHHH... Searching by by an email is REALLY what you call hacking? Oh
wait, you said that with all your knowledge in forensics you can find
people all over the world. Thank God for Go0GlE.


(remoteclerk.com) c-174-59-179-206.hsd1.pa.comcast.net - -
[29/Dec/2010:10:19:50 -0800] "GET /quick_calendar.php HTTP/1.1" 302
227 
"http://webcache.googleusercontent.com/search?q=cache:a6QITlCqzRUJ:www.remoteclerk.com/content/privacy.php+%221911que%40gmail.com%22&cd=6&hl=en&ct=clnk&gl=us";
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML,
like Gecko) Chrome/8.0.552.224 Safari/534.10"

On Wed, Dec 29, 2010 at 5:32 PM, Daniel P. Brown
 wrote:
> On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
>> Sound silly? Why Daniel? It's all documented and public knowledge. What I
>> thought was silly was a entire thread about which ASCII combination was
>> best.. convert to a higher range above the 255 character range...
>>
>> There is NOTHING I have mentioned that you or anyone can call a lie. Google
>> or eccouncil.org are great resources. You forte is php... what security
>> certs doyou hold that contradict my previous email?
>
>    Aside from involvement with the now-defunct Federal agency, the
> National Infrastructure Protection Center, training by the FBI's
> Regional Computer Forensic Laboratories, accreditation as the first
> private-sector mobile computer forensic investigation laboratory in
> the tri-state area, multiple computer security certifications, and
> about fourteen years of professional network and computer security
> service to multiple public and private sector entities, I suppose not
> much.
>
>    I was pleased earlier, however, to learn about your interest in
> helping others by creating a venue for them to sell their own homemade
> pornographic DVDs at such a low price, but then disappointed to learn
> that your grasp of Perl and site management wasn't yet up to par.
> "Hacking" didn't work out all that well over the last couple of years
> either, but you could probably go, what, just a thousand feet or so to
> hire one of the kids from Ben Davis high school to help out.  Pay them
> a fair wage, though I mean, with your home last appraised at
> $122,100 (on the 27th of July, 2007, so you might want to see if it's
> appreciated more in value by now), we know you can afford to pay
> better than minimum.  Heck, if they'd pave your street as well as your
> driveway is sealed, that alone might help improve the value, at least
> a little bit.  Which would be fine --- I mean, you already get the
> benefits of better insurance, consider how close you are to that fire
> hydrant.  (You know the one I mean, that little bluish-green one when
> you turn right out of your driveway and cross the street.)
>
>    Speaking of blue-green, I love that picture of Javen.  Was that
> done right on his iPhone, or did he do it on the computer before
> uploading it?  Pretty cool either way, just like his name.  I'm just
> not sure if it's pronounced with a "J" or an "H" sound.  I mean,
> Arthur's name is easy enough, but I honestly am confused by Javen's
> (except when he spells it out like James Vencent).  It's no surprise
> that he's an intelligent kid, though, being born at the autumnal
> equinox and all (and even before sunrise that morning).
>
>    That aside, you might be right.  Perhaps my qualifications don't
> quite justify my opinion in contradicting anything you have to say.  I
> mean, being contracted to trace people all over the world can
> sometimes be almost as fun as knowing what tools to use to find out
> who they are in the first place.  Still, one shouldn't spend so much
> time doing just one thing, which is why we both enjoy programming.
>
>    Regardless, it doesn't matter, and I see no reason to get into any
> kind of flame war --- especially with one of the famous Six Hounds
> from the Darkside of Hell.  Anyway, sorry for being ten days late, but
> happy birthday, Chap.  It was good getting to know you.  And, as the
> Ques know, "friendship is essential to the soul."
>
> --
> 
> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> (866-) 725-4321
> http://www.parasane.net/
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Daniel P. Brown]

On Wed, Dec 29, 2010 at 18:20, Omega -1911 <1911...@gmail.com> wrote:
> AHHH... Searching by by an email is REALLY what you call hacking? Oh
> wait, you said that with all your knowledge in forensics you can find
> people all over the world. Thank God for Go0GlE.

Please don't top-post.

Never said I was "hacking."  And yes, I did see that infinite
redirect-loop you call a website (well, multiple, since they all
direct there).  And again, yes, I used Google (among other things).
However, for the rest of your statement (which you didn't even quote
properly), you're confusing two different jobs.

Anyway, you were the one who claimed I said your email was a lie.
Go back a few messages and you'll see I never even insinuated that at
all.  I meant your attempt to show your conspiracy-theory-driven
opinion as fact was silly.  The rest of it may well have been valid,
but - my apologies - I just honestly couldn't bear to keep reading it.

If you're otherwise unconvinced that I had no intent on any kind
of arguments or personal attacks, or if you'd like to continue with
your agenda, please shoot me an email off-list, where it belongs.
Even worse than anything else so far would be the two of us clogging
up everyone else's inbox.

-- 

Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Mujtaba Arshad]

Quote:

   I was pleased earlier, however, to learn about your interest in
helping others by creating a venue for them to sell their own homemade
pornographic DVDs at such a low price, but then disappointed to learn
that your grasp of Perl and site management wasn't yet up to par.

Lol what.

On Wed, Dec 29, 2010 at 6:20 PM, Omega -1911 <1911...@gmail.com> wrote:

> AHHH... Searching by by an email is REALLY what you call hacking? Oh
> wait, you said that with all your knowledge in forensics you can find
> people all over the world. Thank God for Go0GlE.
>
>
> (remoteclerk.com) c-174-59-179-206.hsd1.pa.comcast.net - -
> [29/Dec/2010:10:19:50 -0800] "GET /quick_calendar.php HTTP/1.1" 302
> 227 "
> http://webcache.googleusercontent.com/search?q=cache:a6QITlCqzRUJ:www.remoteclerk.com/content/privacy.php+%221911que%40gmail.com%22&cd=6&hl=en&ct=clnk&gl=us
> "
> "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML,
> like Gecko) Chrome/8.0.552.224 Safari/534.10"
>
> On Wed, Dec 29, 2010 at 5:32 PM, Daniel P. Brown
>  wrote:
> > On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
> >> Sound silly? Why Daniel? It's all documented and public knowledge. What
> I
> >> thought was silly was a entire thread about which ASCII combination was
> >> best.. convert to a higher range above the 255 character range...
> >>
> >> There is NOTHING I have mentioned that you or anyone can call a lie.
> Google
> >> or eccouncil.org are great resources. You forte is php... what security
> >> certs doyou hold that contradict my previous email?
> >
> >Aside from involvement with the now-defunct Federal agency, the
> > National Infrastructure Protection Center, training by the FBI's
> > Regional Computer Forensic Laboratories, accreditation as the first
> > private-sector mobile computer forensic investigation laboratory in
> > the tri-state area, multiple computer security certifications, and
> > about fourteen years of professional network and computer security
> > service to multiple public and private sector entities, I suppose not
> > much.
> >
> >I was pleased earlier, however, to learn about your interest in
> > helping others by creating a venue for them to sell their own homemade
> > pornographic DVDs at such a low price, but then disappointed to learn
> > that your grasp of Perl and site management wasn't yet up to par.
> > "Hacking" didn't work out all that well over the last couple of years
> > either, but you could probably go, what, just a thousand feet or so to
> > hire one of the kids from Ben Davis high school to help out.  Pay them
> > a fair wage, though I mean, with your home last appraised at
> > $122,100 (on the 27th of July, 2007, so you might want to see if it's
> > appreciated more in value by now), we know you can afford to pay
> > better than minimum.  Heck, if they'd pave your street as well as your
> > driveway is sealed, that alone might help improve the value, at least
> > a little bit.  Which would be fine --- I mean, you already get the
> > benefits of better insurance, consider how close you are to that fire
> > hydrant.  (You know the one I mean, that little bluish-green one when
> > you turn right out of your driveway and cross the street.)
> >
> >Speaking of blue-green, I love that picture of Javen.  Was that
> > done right on his iPhone, or did he do it on the computer before
> > uploading it?  Pretty cool either way, just like his name.  I'm just
> > not sure if it's pronounced with a "J" or an "H" sound.  I mean,
> > Arthur's name is easy enough, but I honestly am confused by Javen's
> > (except when he spells it out like James Vencent).  It's no surprise
> > that he's an intelligent kid, though, being born at the autumnal
> > equinox and all (and even before sunrise that morning).
> >
> >That aside, you might be right.  Perhaps my qualifications don't
> > quite justify my opinion in contradicting anything you have to say.  I
> > mean, being contracted to trace people all over the world can
> > sometimes be almost as fun as knowing what tools to use to find out
> > who they are in the first place.  Still, one shouldn't spend so much
> > time doing just one thing, which is why we both enjoy programming.
> >
> >Regardless, it doesn't matter, and I see no reason to get into any
> > kind of flame war --- especially with one of the famous Six Hounds
> > from the Darkside of Hell.  Anyway, sorry for being ten days late, but
> > happy birthday, Chap.  It was good getting to know you.  And, as the
> > Ques know, "friendship is essential to the soul."
> >
> > --
> > 
> > Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> > (866-) 725-4321
> > http://www.parasane.net/
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Mujtaba

Re: [PHP] Re: Do you trim() usernames and passwords?

[Omega -1911]

Etiquette went out the window a while ago. As Rambo said, "He drew
first blood..." If you could not PROVE ME WRONG, you could have kept
your mouth shut. You jumped in head first. And you have YET to prove
me wrong. Then to throw off the subject, you resort to telling the
world who you believe I am... That's what kids do as a last resort.
Now take your ball and run home. First, COULD YOU PLEASE PROVE ME
WRONG? You have open doors and windows (if you know what I mean...)

*PLONK*


On Wed, Dec 29, 2010 at 6:29 PM, Daniel P. Brown
 wrote:
> On Wed, Dec 29, 2010 at 18:20, Omega -1911 <1911...@gmail.com> wrote:
>> AHHH... Searching by by an email is REALLY what you call hacking? Oh
>> wait, you said that with all your knowledge in forensics you can find
>> people all over the world. Thank God for Go0GlE.
>
>    Please don't top-post.
>
>    Never said I was "hacking."  And yes, I did see that infinite
> redirect-loop you call a website (well, multiple, since they all
> direct there).  And again, yes, I used Google (among other things).
> However, for the rest of your statement (which you didn't even quote
> properly), you're confusing two different jobs.
>
>    Anyway, you were the one who claimed I said your email was a lie.
> Go back a few messages and you'll see I never even insinuated that at
> all.  I meant your attempt to show your conspiracy-theory-driven
> opinion as fact was silly.  The rest of it may well have been valid,
> but - my apologies - I just honestly couldn't bear to keep reading it.
>
>    If you're otherwise unconvinced that I had no intent on any kind
> of arguments or personal attacks, or if you'd like to continue with
> your agenda, please shoot me an email off-list, where it belongs.
> Even worse than anything else so far would be the two of us clogging
> up everyone else's inbox.
>
> --
> 
> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> (866-) 725-4321
> http://www.parasane.net/
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Daniel P. Brown]

On Wed, Dec 29, 2010 at 18:38, Omega -1911 <1911...@gmail.com> wrote:
> Etiquette went out the window a while ago. As Rambo said, "He drew
> first blood..." If you could not PROVE ME WRONG, you could have kept
> your mouth shut. You jumped in head first. And you have YET to prove
> me wrong. Then to throw off the subject, you resort to telling the
> world who you believe I am... That's what kids do as a last resort.
> Now take your ball and run home. First, COULD YOU PLEASE PROVE ME
> WRONG? You have open doors and windows (if you know what I mean...)

Like I said off-list.  I'll happily keep the conversation
going between us, but I sure won't continue to bother others just
because that's what you feel like doing for whatever reason.

-- 

Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[TR Shaw]

On Dec 29, 2010, at 12:56 PM, Joshua Kehn wrote:

> On Dec 29, 2010, at 12:37 PM, tedd wrote:
> 
>> At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
>>> Also, change them {passwords} frequently.
>> 
>> I've always wondered about that -- if your password works, then why change 
>> it? Where's the logic in that?
>> 
>> From my perspective, it looks like "Hey, the crackers have not been able to 
>> crack this, so let's give them another chance". That doesn't sound logical.
>> 
>> There are things we "think" are right, but is this practice supported in 
>> some way that's provable?
>> 
>> Cheers,
>> 
>> tedd
>> 
>> -- 
>> ---
>> http://sperling.com/
> 
> An attacker manages to obtain the hashes and starts an attack. You change 
> your password. The attacker now has to restart the attack.
> 
> Changing your passwords prevents an attack from continuing past the length of 
> time between password changes. 
> 
> Also if they _have_ managed to crack the password changing it forces them to 
> crack it again, thus also limiting the time the account is compromised.


Gosh. Think about it. Lets not take the "your machine is compromised case" 
and/or your password is moronic and/or you are not passing your password 
cleartext.

So the threat is external. Now there are 2 types of external: one in house and 
one on the 'net.

The one in house is simply detected by an IDS like snort looking for very rapid 
login attempts. Slow walkers are no risk at all. Further if your password is 
computationally hard your GigE LAN is not fast enough to support cracking a 
computationally hard password before you retire.  So there is no threat that 
your computationally hard password will be cracked so your password is safe.

For a 'net threat, the bandwidth is even more constrained so you could live 9 
lives and still not have your computationally hard password cracked. Further, 
log checking at the firewall and on internal machines can easily detect 
cracking attempts.  I detect about 4 per day on our mailserver looking for pop 
logons and about 25 a day against ssh where we don't even use passwords. ftp is 
not used.

So an external threat against your machine as defined above, is not a risk.

So now lets look at the case where there is malware on your machine which will 
try to brute force your computationally hard password and is smart enough to 
use your graphics engine to increased computational power.  Folks at MIT and 
Carnegie Mellon have already numerically proved that a 12 character password is 
not crackable using brute force in any reasonable timeframe. In fact an 8 
character one has strength of years. I would contend that using that much power 
will make its existence known to you and coupled with the fact that you restart 
your computer every now and again and that you run an antivirus periodically 
that will eventually find it even if you don't notice the slow down.

As you can see, cracking a password on your machine is so fruitless that no one 
would even try to since if you have access to the machine a keylogger, for 
example, is faster and more reliable. To thwart this you might want to run 
tripwire or equivalent and institute exfiltration detection.

The big problem today is that "security" people in IT and security wannabee's 
quote cracking numbers not based in the real world but mathematically based on 
quasi "real" preconditions. They and some crazy guys who I know at Microsoft 
along with some NIST guys are pushing 12 character minimums of upper, lower, 
numbers and specials, changed every 60 days and no reuse for 2 years in 
business settings. They say this will make the corporate machines safe. This is 
utter BS. And, in fact, makes corporate networks even more vulnerable due to 
the fact that people can't remember all these password so they write them down 
or make them relatively easy thus increasing social engineering break-in 
opportunities.

The best solution is to select a computationally hard password and then don't 
change it unless you have to. I also recommend that you select another that is 
different and use it for all 'net based logins with a extension concatenated 
for each service.

This comment about "if they _have_ managed to crack the password changing it 
forces them to crack it again, thus also limiting the time the account is 
compromised" is ridiculous.  First, I assume you really mean stealing rather 
than cracking for the reasons above.  Notwithstanding the fact that the site 
broken into should immediately lock down all accounts. Whats to say that the 
bad guys brake-in right after you have changed your password and they are not 
noticed. You are still at risk until you change it maybe 30, 60 90, 120 days 
later. So what is the real good of changing password routinely?  Nada!  The 
probability that your change matches the threat is miniscule.  It just make 
people feel good. In fact ,if the bad guys broke in to a financial system they 
wouldn't steal your password; they would ins

[PHP] Regex for telephone numbers

[Ethan Rosenberg]

Dear List -

Thank you for all your help in the past.

Here is another one

I would like to have a regex  which would validate that a telephone 
number is in the format xxx-xxx-.


Thanks.

Ethan

MySQL 5.1  PHP 5  Linux [Debian (sid)] 




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Regex for telephone numbers

[admin]

I suggest you try javascript.



Richard L. Buskirk

-Original Message-
From: Ethan Rosenberg [mailto:eth...@earthlink.net] 
Sent: Wednesday, December 29, 2010 7:12 PM
To: php-db-lists.php.net; php-general@lists.php.net
Subject: [PHP] Regex for telephone numbers

Dear List -

Thank you for all your help in the past.

Here is another one

I would like to have a regex  which would validate that a telephone 
number is in the format xxx-xxx-.

Thanks.

Ethan

MySQL 5.1  PHP 5  Linux [Debian (sid)] 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex for telephone numbers

[Simon J Welsh]

On 30/12/2010, at 1:12 PM, Ethan Rosenberg wrote:

> Dear List -
> 
> Thank you for all your help in the past.
> 
> Here is another one
> 
> I would like to have a regex  which would validate that a telephone number is 
> in the format xxx-xxx-.
> 
> Thanks.
> 
> Ethan
> 
> MySQL 5.1  PHP 5  Linux [Debian (sid)] 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

\d{3}-\d{3}-\d{4}

Also, have a look at the phoneNumber method in the relevant Validate PEAR 
package: http://pear.php.net/packages.php?catpid=50&catname=Validate

---
Simon Welsh
Admin of http://simon.geek.nz/

Who said Microsoft never created a bug-free program? The blue screen never, 
ever crashes!

http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Regex for telephone numbers

[admin]

Also remove your stupid Email filter.
If you need a email filter, you should not be on this list or learn to setup
rules one.


Richard L. Buskirk


-Original Message-
From: Ethan Rosenberg [mailto:eth...@earthlink.net] 
Sent: Wednesday, December 29, 2010 7:12 PM
To: php-db-lists.php.net; php-general@lists.php.net
Subject: [PHP] Regex for telephone numbers

Dear List -

Thank you for all your help in the past.

Here is another one

I would like to have a regex  which would validate that a telephone 
number is in the format xxx-xxx-.

Thanks.

Ethan

MySQL 5.1  PHP 5  Linux [Debian (sid)] 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex for telephone numbers

[Josh Kehn]

On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg  wrote:

> Dear List -
> 
> Thank you for all your help in the past.
> 
> Here is another one
> 
> I would like to have a regex  which would validate that a telephone number is 
> in the format xxx-xxx-.
> 
> Thanks.
> 
> Ethan
> 
> MySQL 5.1  PHP 5  Linux [Debian (sid)] 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

You can't, phone numbers are more complex then that. You could use 
\d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though.

Regards,

-Josh
___
http://joshuakehn.com
Sent from my iPod
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Bastien]

On 2010-12-29, at 5:32 PM, "Daniel P. Brown"  wrote:

> On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
>> Sound silly? Why Daniel? It's all documented and public knowledge. What I
>> thought was silly was a entire thread about which ASCII combination was
>> best.. convert to a higher range above the 255 character range...
>> 
>> There is NOTHING I have mentioned that you or anyone can call a lie. Google
>> or eccouncil.org are great resources. You forte is php... what security
>> certs doyou hold that contradict my previous email?
> 
>Aside from involvement with the now-defunct Federal agency, the
> National Infrastructure Protection Center, training by the FBI's
> Regional Computer Forensic Laboratories, accreditation as the first
> private-sector mobile computer forensic investigation laboratory in
> the tri-state area, multiple computer security certifications, and
> about fourteen years of professional network and computer security
> service to multiple public and private sector entities, I suppose not
> much.
> 
>I was pleased earlier, however, to learn about your interest in
> helping others by creating a venue for them to sell their own homemade
> pornographic DVDs at such a low price, but then disappointed to learn
> that your grasp of Perl and site management wasn't yet up to par.
> "Hacking" didn't work out all that well over the last couple of years
> either, but you could probably go, what, just a thousand feet or so to
> hire one of the kids from Ben Davis high school to help out.  Pay them
> a fair wage, though I mean, with your home last appraised at
> $122,100 (on the 27th of July, 2007, so you might want to see if it's
> appreciated more in value by now), we know you can afford to pay
> better than minimum.  Heck, if they'd pave your street as well as your
> driveway is sealed, that alone might help improve the value, at least
> a little bit.  Which would be fine --- I mean, you already get the
> benefits of better insurance, consider how close you are to that fire
> hydrant.  (You know the one I mean, that little bluish-green one when
> you turn right out of your driveway and cross the street.)
> 
>Speaking of blue-green, I love that picture of Javen.  Was that
> done right on his iPhone, or did he do it on the computer before
> uploading it?  Pretty cool either way, just like his name.  I'm just
> not sure if it's pronounced with a "J" or an "H" sound.  I mean,
> Arthur's name is easy enough, but I honestly am confused by Javen's
> (except when he spells it out like James Vencent).  It's no surprise
> that he's an intelligent kid, though, being born at the autumnal
> equinox and all (and even before sunrise that morning).
> 
>That aside, you might be right.  Perhaps my qualifications don't
> quite justify my opinion in contradicting anything you have to say.  I
> mean, being contracted to trace people all over the world can
> sometimes be almost as fun as knowing what tools to use to find out
> who they are in the first place.  Still, one shouldn't spend so much
> time doing just one thing, which is why we both enjoy programming.
> 
>Regardless, it doesn't matter, and I see no reason to get into any
> kind of flame war --- especially with one of the famous Six Hounds
> from the Darkside of Hell.  Anyway, sorry for being ten days late, but
> happy birthday, Chap.  It was good getting to know you.  And, as the
> Ques know, "friendship is essential to the soul."
> 
> -- 
> 
> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
> (866-) 725-4321
> http://www.parasane.net/
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

Wow, dan! That was awesomely funny! And it's not even Friday yet!

Bastien Koert
Sent from my iPhone
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Omega -1911]

I know something funnier... Let's wait for Dani's response.

On Wed, Dec 29, 2010 at 7:28 PM, Bastien  wrote:
>
>
> On 2010-12-29, at 5:32 PM, "Daniel P. Brown"  
> wrote:
>
>> On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
>>> Sound silly? Why Daniel? It's all documented and public knowledge. What I
>>> thought was silly was a entire thread about which ASCII combination was
>>> best.. convert to a higher range above the 255 character range...
>>>
>>> There is NOTHING I have mentioned that you or anyone can call a lie. Google
>>> or eccouncil.org are great resources. You forte is php... what security
>>> certs doyou hold that contradict my previous email?
>>
>>    Aside from involvement with the now-defunct Federal agency, the
>> National Infrastructure Protection Center, training by the FBI's
>> Regional Computer Forensic Laboratories, accreditation as the first
>> private-sector mobile computer forensic investigation laboratory in
>> the tri-state area, multiple computer security certifications, and
>> about fourteen years of professional network and computer security
>> service to multiple public and private sector entities, I suppose not
>> much.
>>
>>    I was pleased earlier, however, to learn about your interest in
>> helping others by creating a venue for them to sell their own homemade
>> pornographic DVDs at such a low price, but then disappointed to learn
>> that your grasp of Perl and site management wasn't yet up to par.
>> "Hacking" didn't work out all that well over the last couple of years
>> either, but you could probably go, what, just a thousand feet or so to
>> hire one of the kids from Ben Davis high school to help out.  Pay them
>> a fair wage, though I mean, with your home last appraised at
>> $122,100 (on the 27th of July, 2007, so you might want to see if it's
>> appreciated more in value by now), we know you can afford to pay
>> better than minimum.  Heck, if they'd pave your street as well as your
>> driveway is sealed, that alone might help improve the value, at least
>> a little bit.  Which would be fine --- I mean, you already get the
>> benefits of better insurance, consider how close you are to that fire
>> hydrant.  (You know the one I mean, that little bluish-green one when
>> you turn right out of your driveway and cross the street.)
>>
>>    Speaking of blue-green, I love that picture of Javen.  Was that
>> done right on his iPhone, or did he do it on the computer before
>> uploading it?  Pretty cool either way, just like his name.  I'm just
>> not sure if it's pronounced with a "J" or an "H" sound.  I mean,
>> Arthur's name is easy enough, but I honestly am confused by Javen's
>> (except when he spells it out like James Vencent).  It's no surprise
>> that he's an intelligent kid, though, being born at the autumnal
>> equinox and all (and even before sunrise that morning).
>>
>>    That aside, you might be right.  Perhaps my qualifications don't
>> quite justify my opinion in contradicting anything you have to say.  I
>> mean, being contracted to trace people all over the world can
>> sometimes be almost as fun as knowing what tools to use to find out
>> who they are in the first place.  Still, one shouldn't spend so much
>> time doing just one thing, which is why we both enjoy programming.
>>
>>    Regardless, it doesn't matter, and I see no reason to get into any
>> kind of flame war --- especially with one of the famous Six Hounds
>> from the Darkside of Hell.  Anyway, sorry for being ten days late, but
>> happy birthday, Chap.  It was good getting to know you.  And, as the
>> Ques know, "friendship is essential to the soul."
>>
>> --
>> 
>> Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
>> (866-) 725-4321
>> http://www.parasane.net/
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> Wow, dan! That was awesomely funny! And it's not even Friday yet!
>
> Bastien Koert
> Sent from my iPhone

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Joshua Kehn]

On Dec 29, 2010, at 6:52 PM, TR Shaw wrote:

> 
> On Dec 29, 2010, at 12:56 PM, Joshua Kehn wrote:
> 
>> On Dec 29, 2010, at 12:37 PM, tedd wrote:
>> 
>>> At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
 Also, change them {passwords} frequently.
>>> 
>>> I've always wondered about that -- if your password works, then why change 
>>> it? Where's the logic in that?
>>> 
>>> From my perspective, it looks like "Hey, the crackers have not been able to 
>>> crack this, so let's give them another chance". That doesn't sound logical.
>>> 
>>> There are things we "think" are right, but is this practice supported in 
>>> some way that's provable?
>>> 
>>> Cheers,
>>> 
>>> tedd
>>> 
>>> -- 
>>> ---
>>> http://sperling.com/
>> 
>> An attacker manages to obtain the hashes and starts an attack. You change 
>> your password. The attacker now has to restart the attack.
>> 
>> Changing your passwords prevents an attack from continuing past the length 
>> of time between password changes. 
>> 
>> Also if they _have_ managed to crack the password changing it forces them to 
>> crack it again, thus also limiting the time the account is compromised.
> 
> 
> Gosh. Think about it. Lets not take the "your machine is compromised case" 
> and/or your password is moronic and/or you are not passing your password 
> cleartext.
> 
> So the threat is external. Now there are 2 types of external: one in house 
> and one on the 'net.
> 
> The one in house is simply detected by an IDS like snort looking for very 
> rapid login attempts. Slow walkers are no risk at all. Further if your 
> password is computationally hard your GigE LAN is not fast enough to support 
> cracking a computationally hard password before you retire.  So there is no 
> threat that your computationally hard password will be cracked so your 
> password is safe.
> 
> For a 'net threat, the bandwidth is even more constrained so you could live 9 
> lives and still not have your computationally hard password cracked. Further, 
> log checking at the firewall and on internal machines can easily detect 
> cracking attempts.  I detect about 4 per day on our mailserver looking for 
> pop logons and about 25 a day against ssh where we don't even use passwords. 
> ftp is not used.
> 
> So an external threat against your machine as defined above, is not a risk.
> 
> So now lets look at the case where there is malware on your machine which 
> will try to brute force your computationally hard password and is smart 
> enough to use your graphics engine to increased computational power.  Folks 
> at MIT and Carnegie Mellon have already numerically proved that a 12 
> character password is not crackable using brute force in any reasonable 
> timeframe. In fact an 8 character one has strength of years. I would contend 
> that using that much power will make its existence known to you and coupled 
> with the fact that you restart your computer every now and again and that you 
> run an antivirus periodically that will eventually find it even if you don't 
> notice the slow down.
> 
> As you can see, cracking a password on your machine is so fruitless that no 
> one would even try to since if you have access to the machine a keylogger, 
> for example, is faster and more reliable. To thwart this you might want to 
> run tripwire or equivalent and institute exfiltration detection.
> 
> The big problem today is that "security" people in IT and security wannabee's 
> quote cracking numbers not based in the real world but mathematically based 
> on quasi "real" preconditions. They and some crazy guys who I know at 
> Microsoft along with some NIST guys are pushing 12 character minimums of 
> upper, lower, numbers and specials, changed every 60 days and no reuse for 2 
> years in business settings. They say this will make the corporate machines 
> safe. This is utter BS. And, in fact, makes corporate networks even more 
> vulnerable due to the fact that people can't remember all these password so 
> they write them down or make them relatively easy thus increasing social 
> engineering break-in opportunities.
> 
> The best solution is to select a computationally hard password and then don't 
> change it unless you have to. I also recommend that you select another that 
> is different and use it for all 'net based logins with a extension 
> concatenated for each service.
> 
> This comment about "if they _have_ managed to crack the password changing it 
> forces them to crack it again, thus also limiting the time the account is 
> compromised" is ridiculous.  First, I assume you really mean stealing rather 
> than cracking for the reasons above.  Notwithstanding the fact that the site 
> broken into should immediately lock down all accounts. Whats to say that the 
> bad guys brake-in right after you have changed your password and they are not 
> noticed. You are still at risk until you change it maybe 30, 60 90, 120 days 
> later. So what is the real good of changing password routinely?  

[PHP] Re: [PHP-DB] Re: [PHP] Regex for telephone numbers

[Karl DeSaulniers]

Hi Ethan,
Could you do a string compare and check at certain characters for a  
dash?

IE:
check the second character to see if it is a dash for 1-800...
if that is not a dash, check the fourth character for a dash, 469-9...
then the other places  where dashes would be based on those two  
characters.
You may have to investigate how international numbers would work and  
adjust appropriately, but for the US, that should work.

Then just send an error message when it isn't like you want.
JAT

Karl


On Dec 29, 2010, at 6:27 PM, Josh Kehn wrote:




On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg   
wrote:



Dear List -

Thank you for all your help in the past.

Here is another one

I would like to have a regex  which would validate that a  
telephone number is in the format xxx-xxx-.


Thanks.

Ethan

MySQL 5.1  PHP 5  Linux [Debian (sid)]


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



You can't, phone numbers are more complex then that. You could use  
\d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though.


Regards,

-Josh
___
http://joshuakehn.com
Sent from my iPod
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: [PHP-DB] Re: [PHP] Regex for telephone numbers

[Karl DeSaulniers]

You could also help them out a little with something like..

$phone = str_replace("(", "", $phone);
$phone = str_replace(")", "-", $phone);

HTH,

Karl


On Dec 29, 2010, at 6:27 PM, Josh Kehn wrote:




On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg   
wrote:



Dear List -

Thank you for all your help in the past.

Here is another one

I would like to have a regex  which would validate that a  
telephone number is in the format xxx-xxx-.


Thanks.

Ethan

MySQL 5.1  PHP 5  Linux [Debian (sid)]


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



You can't, phone numbers are more complex then that. You could use  
\d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though.


Regards,

-Josh
___
http://joshuakehn.com
Sent from my iPod
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] IPV6

[TR Shaw]

IPV6 support needs to be incorporated ASAP as the network is moving fast that 
way. We are adding IPV6 this year yet all network functions 
(http://us2.php.net/manual/en/ref.network.php) still are only IPV4.  

Given the transition pain to come, early IPV6 support would help ease the 
transition.

Any ideas on timeframe?

Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: [PHP-DB] Re: [PHP] Regex for telephone numbers

[Alexis]

Why not have three separate fields for each part, as that way you don't 
need to bother about how the user separates them, as trust me, if they 
can break it, they will.
I have found it is best to always limit the amount of free entry you 
permit a user, as that will drastically cut back in data entry validation.


Alexis


On 29/12/10 17:46, Karl DeSaulniers wrote:

Hi Ethan,
Could you do a string compare and check at certain characters for a dash?
IE:
check the second character to see if it is a dash for 1-800...
if that is not a dash, check the fourth character for a dash, 469-9...
then the other places where dashes would be based on those two characters.
You may have to investigate how international numbers would work and
adjust appropriately, but for the US, that should work.
Then just send an error message when it isn't like you want.
JAT

Karl


On Dec 29, 2010, at 6:27 PM, Josh Kehn wrote:




On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg 
wrote:


Dear List -

Thank you for all your help in the past.

Here is another one

I would like to have a regex which would validate that a telephone
number is in the format xxx-xxx-.

Thanks.

Ethan

MySQL 5.1 PHP 5 Linux [Debian (sid)]


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



You can't, phone numbers are more complex then that. You could use
\d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though.

Regards,

-Josh
___
http://joshuakehn.com
Sent from my iPod
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Fwd: Re: [PHP] Re: Do you trim() usernames and passwords?

[Alexis]

What has any of this got to do with PHP!!!

If the moderator is reading this can they please out a stop to it at
once, as it appears to have got way out of control.

Thanks and a Happy New year to one and all




On 29/12/10 16:38, Omega -1911 wrote:

Etiquette went out the window a while ago. As Rambo said, "He drew
first blood..." If you could not PROVE ME WRONG, you could have kept
your mouth shut. You jumped in head first. And you have YET to prove
me wrong. Then to throw off the subject, you resort to telling the
world who you believe I am... That's what kids do as a last resort.
Now take your ball and run home. First, COULD YOU PLEASE PROVE ME
WRONG? You have open doors and windows (if you know what I mean...)

*PLONK*


On Wed, Dec 29, 2010 at 6:29 PM, Daniel P. Brown
  wrote:

On Wed, Dec 29, 2010 at 18:20, Omega -1911<1911...@gmail.com>  wrote:

AHHH... Searching by by an email is REALLY what you call hacking? Oh
wait, you said that with all your knowledge in forensics you can find
people all over the world. Thank God for Go0GlE.


Please don't top-post.

Never said I was "hacking."  And yes, I did see that infinite
redirect-loop you call a website (well, multiple, since they all
direct there).  And again, yes, I used Google (among other things).
However, for the rest of your statement (which you didn't even quote
properly), you're confusing two different jobs.

Anyway, you were the one who claimed I said your email was a lie.
Go back a few messages and you'll see I never even insinuated that at
all.  I meant your attempt to show your conspiracy-theory-driven
opinion as fact was silly.  The rest of it may well have been valid,
but - my apologies - I just honestly couldn't bear to keep reading it.

If you're otherwise unconvinced that I had no intent on any kind
of arguments or personal attacks, or if you'd like to continue with
your agenda, please shoot me an email off-list, where it belongs.
Even worse than anything else so far would be the two of us clogging
up everyone else's inbox.

--

Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Regex for telephone numbers

[Daniel P. Brown]

On Wed, Dec 29, 2010 at 19:12, Ethan Rosenberg  wrote:
> Dear List -
>
> Thank you for all your help in the past.
>
> Here is another one
>
> I would like to have a regex  which would validate that a telephone number
> is in the format xxx-xxx-.

Congrats.  People in Hell would like ice water.  Now we all know
that everyone wants something.  ;-P

Really, this isn't a PHP question, but rather one of regular
expressions.  That said, something like this (untested) should work:




-- 

Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Nicholas Kell]

On Dec 29, 2010, at 6:37 PM, Omega -1911 wrote:

> I know something funnier... Let's wait for Dani's response.
> 
> On Wed, Dec 29, 2010 at 7:28 PM, Bastien  wrote:
>> 
>> 
>> On 2010-12-29, at 5:32 PM, "Daniel P. Brown"  
>> wrote:
>> 
>>> On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
 Sound silly? Why Daniel? It's all documented and public knowledge. What I
 thought was silly was a entire thread about which ASCII combination was
 best.. convert to a higher range above the 255 character range...
 
 There is NOTHING I have mentioned that you or anyone can call a lie. Google
 or eccouncil.org are great resources. You forte is php... what security
 certs doyou hold that contradict my previous email?
>>> 
>>>Aside from involvement with the now-defunct Federal agency, the
>>> National Infrastructure Protection Center, training by the FBI's
>>> Regional Computer Forensic Laboratories, accreditation as the first
>>> private-sector mobile computer forensic investigation laboratory in
>>> the tri-state area, multiple computer security certifications, and
>>> about fourteen years of professional network and computer security
>>> service to multiple public and private sector entities, I suppose not
>>> much.



Even funnier yet - bottom post like you were asked. And to really bust your 
gut, this thread has gone on far too long off topic.

I believe that the person you are referring to as Dani, is in fact Daniel. I 
don't, nor would I ever start to call you Omeggie just to get under your skin.

Use your prestigious fraternity flaunting email and message Daniel directly to 
continue arguing. 

I'm not trying to be rude, but I do believe it is in the best interest of the 
list to kill this thread. Dotan, please chime in if your problem hasn't been 
solved. I will, as I am sure the rest of the list will be happy to help if it 
hasn't. 



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re: [PHP] Re: Do you trim() usernames and passwords?

[Daniel Brown]

On Wed, Dec 29, 2010 at 20:04, Alexis  wrote:
>
> What has any of this got to do with PHP!!!
>
> If the moderator is reading this can they please out a stop to it at
> once, as it appears to have got way out of control.
>
> Thanks and a Happy New year to one and all

What moderator?  It's an open list, and - if anything - you're
contributing to the continuance of the subject.

-- 

Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Omega -1911]

< I see you Waving your pom poms...>
I guess it was ok for Dani to say " I'm just
not sure if it's pronounced with a "J" or an "H" sound.  I mean,
Arthur's name is easy enough, but I honestly am confused by Javen's
(except when he spells it out like James Vencent)."

First, that is assuming a lot... on Dani part. Second, don't dwell on
Dani's words, PROVE ME WRONG ON WHAT DANI COMMENTED IN HIS FIRST REPLY
TO THIS THREAD.
Thanks and now, back to the cheerleader section you go..

On Wed, Dec 29, 2010 at 8:05 PM, Nicholas Kell  wrote:
>
> On Dec 29, 2010, at 6:37 PM, Omega -1911 wrote:
>
>> I know something funnier... Let's wait for Dani's response.
>>
>> On Wed, Dec 29, 2010 at 7:28 PM, Bastien  wrote:
>>>
>>>
>>> On 2010-12-29, at 5:32 PM, "Daniel P. Brown"  
>>> wrote:
>>>
 On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
> Sound silly? Why Daniel? It's all documented and public knowledge. What I
> thought was silly was a entire thread about which ASCII combination was
> best.. convert to a higher range above the 255 character range...
>
> There is NOTHING I have mentioned that you or anyone can call a lie. 
> Google
> or eccouncil.org are great resources. You forte is php... what security
> certs doyou hold that contradict my previous email?

    Aside from involvement with the now-defunct Federal agency, the
 National Infrastructure Protection Center, training by the FBI's
 Regional Computer Forensic Laboratories, accreditation as the first
 private-sector mobile computer forensic investigation laboratory in
 the tri-state area, multiple computer security certifications, and
 about fourteen years of professional network and computer security
 service to multiple public and private sector entities, I suppose not
 much.
>
>
>
> Even funnier yet - bottom post like you were asked. And to really bust your 
> gut, this thread has gone on far too long off topic.
>
> I believe that the person you are referring to as Dani, is in fact Daniel. I 
> don't, nor would I ever start to call you Omeggie just to get under your skin.
>
> Use your prestigious fraternity flaunting email and message Daniel directly 
> to continue arguing.
>
> I'm not trying to be rude, but I do believe it is in the best interest of the 
> list to kill this thread. Dotan, please chime in if your problem hasn't been 
> solved. I will, as I am sure the rest of the list will be happy to help if it 
> hasn't.
>
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Do you trim() usernames and passwords?

[Mujtaba Arshad]

craphound.com/images/xkcdwrongoninternet.jpg

Perfect way to describe how the members on this list are behaving right now.

On Wed, Dec 29, 2010 at 8:17 PM, Omega -1911 <1911...@gmail.com> wrote:

> < I see you Waving your pom poms...>
> I guess it was ok for Dani to say " I'm just
> not sure if it's pronounced with a "J" or an "H" sound.  I mean,
> Arthur's name is easy enough, but I honestly am confused by Javen's
> (except when he spells it out like James Vencent)."
>
> First, that is assuming a lot... on Dani part. Second, don't dwell on
> Dani's words, PROVE ME WRONG ON WHAT DANI COMMENTED IN HIS FIRST REPLY
> TO THIS THREAD.
> Thanks and now, back to the cheerleader section you go..
>
> On Wed, Dec 29, 2010 at 8:05 PM, Nicholas Kell 
> wrote:
> >
> > On Dec 29, 2010, at 6:37 PM, Omega -1911 wrote:
> >
> >> I know something funnier... Let's wait for Dani's response.
> >>
> >> On Wed, Dec 29, 2010 at 7:28 PM, Bastien  wrote:
> >>>
> >>>
> >>> On 2010-12-29, at 5:32 PM, "Daniel P. Brown" <
> daniel.br...@parasane.net> wrote:
> >>>
>  On Wed, Dec 29, 2010 at 15:16, Omega -1911 <1911...@gmail.com> wrote:
> > Sound silly? Why Daniel? It's all documented and public knowledge.
> What I
> > thought was silly was a entire thread about which ASCII combination
> was
> > best.. convert to a higher range above the 255 character range...
> >
> > There is NOTHING I have mentioned that you or anyone can call a lie.
> Google
> > or eccouncil.org are great resources. You forte is php... what
> security
> > certs doyou hold that contradict my previous email?
> 
> Aside from involvement with the now-defunct Federal agency, the
>  National Infrastructure Protection Center, training by the FBI's
>  Regional Computer Forensic Laboratories, accreditation as the first
>  private-sector mobile computer forensic investigation laboratory in
>  the tri-state area, multiple computer security certifications, and
>  about fourteen years of professional network and computer security
>  service to multiple public and private sector entities, I suppose not
>  much.
> >
> >
> >
> > Even funnier yet - bottom post like you were asked. And to really bust
> your gut, this thread has gone on far too long off topic.
> >
> > I believe that the person you are referring to as Dani, is in fact
> Daniel. I don't, nor would I ever start to call you Omeggie just to get
> under your skin.
> >
> > Use your prestigious fraternity flaunting email and message Daniel
> directly to continue arguing.
> >
> > I'm not trying to be rude, but I do believe it is in the best interest of
> the list to kill this thread. Dotan, please chime in if your problem hasn't
> been solved. I will, as I am sure the rest of the list will be happy to help
> if it hasn't.
> >
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Mujtaba

[PHP] Hot Topics

[Daniel Brown]

First, I have to admit that what I did was wrong.  I had assumed
(ASS-umed) that the other party in a discussion under a different
thread would understand and appreciate the irony of my email in reply
to his inappropriate message.  Those of you who were barraged with the
fallout know what I mean.  Unfortunately, it was not well-received by
the other person, which led to even further flaming and trolling.
While I had tried both on- and off-list to urge the other party to
move the discussion from the public forum to a private, one-on-one
conversation, it was ignored and actually seemed to exacerbate the
situation.  For my part in that, I just wanted to send my general
apologies to those bombarded with an unnecessary and somewhat
illogical series of emails.  If being married has taught me anything,
it's that it's better to just apologize and move on, regardless of
who's right or wrong.  And if being married has taught me anything
else, it's that, at least in this house, I'm always wrong.  So
sorry for the unnecessary banter.

Moving on, those of you who have been on the list for several
years may recall when I was running the ListWatch and PostTrack
system, which would send a weekly summary of the list's activities at
the time.  Before stopping it (it was on a server that burned out, and
I just never put it back online), I had added a topic tracker as well,
which would give the percentage of activity for a given topic, as well
as the ratio of its discussion versus all messages to the list.
Several people have asked if/when it would be coming back online, so
I'm contemplating bringing it back beginning with the first week of
January (next week).  Does anyone have any thoughts on that, or any
ideas for other interesting metrics they'd like to see?  I'm
particularly interested in the opinions of folks who recall the old
system, but any opinions and ideas are more than welcome.

If you'd rather send it to me directly instead of on the list, feel free.

Happy early New Year, all.

-- 

Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Hot Topics

[Jason Pruim]

Weren't you playing with the possibility of including the amount of actual code 
written as well? 

Always thought that would be pretty cool :) 

And as someone who is married as well I agree with what you said. Sometimes 
it's easier to just say you're sorry then fighting even when you know you're 
right. 

Jason Pruim

On Dec 29, 2010, at 9:22 PM, Daniel Brown  wrote:

>First, I have to admit that what I did was wrong.  I had assumed
> (ASS-umed) that the other party in a discussion under a different
> thread would understand and appreciate the irony of my email in reply
> to his inappropriate message.  Those of you who were barraged with the
> fallout know what I mean.  Unfortunately, it was not well-received by
> the other person, which led to even further flaming and trolling.
> While I had tried both on- and off-list to urge the other party to
> move the discussion from the public forum to a private, one-on-one
> conversation, it was ignored and actually seemed to exacerbate the
> situation.  For my part in that, I just wanted to send my general
> apologies to those bombarded with an unnecessary and somewhat
> illogical series of emails.  If being married has taught me anything,
> it's that it's better to just apologize and move on, regardless of
> who's right or wrong.  And if being married has taught me anything
> else, it's that, at least in this house, I'm always wrong.  So
> sorry for the unnecessary banter.
> 
>Moving on, those of you who have been on the list for several
> years may recall when I was running the ListWatch and PostTrack
> system, which would send a weekly summary of the list's activities at
> the time.  Before stopping it (it was on a server that burned out, and
> I just never put it back online), I had added a topic tracker as well,
> which would give the percentage of activity for a given topic, as well
> as the ratio of its discussion versus all messages to the list.
> Several people have asked if/when it would be coming back online, so
> I'm contemplating bringing it back beginning with the first week of
> January (next week).  Does anyone have any thoughts on that, or any
> ideas for other interesting metrics they'd like to see?  I'm
> particularly interested in the opinions of folks who recall the old
> system, but any opinions and ideas are more than welcome.
> 
>If you'd rather send it to me directly instead of on the list, feel free.
> 
>Happy early New Year, all.
> 
> -- 
> 
> Network Infrastructure Manager
> Documentation, Webmaster Teams
> http://www.php.net/
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Hot Topics

[Daniel Brown]

On Dec 29, 2010 11:48 PM, "Jason Pruim"  wrote:
>
> Weren't you playing with the possibility of including the amount of actual
code written as well?

Yeah, that was in for a few weeks, but I believe it was Robert Cummings
who went out of his way to show its imperfections. Maybe we should
incorporate a syntax checker to show parse errors for the week, too.  ;-P

> Always thought that would be pretty cool :)
>
> And as someone who is married as well I agree with what you said.
Sometimes it's easier to just say you're sorry then fighting even when you
know you're right.

Or when you top-post.  Prune, Prune, Prune /me shakes head.

[PHP] issues with 'stream_socket_client()' and/or 'pfsockopen()'

[Hong Yu]

Hello,

I am involved in a project, which has a C++ server side, and a web PHP 
client side.  We wish to develop consistent php socket connection with the 
C++ server side.  Therefore we have been trying to use either 
'stream_socket_client()' or 'pfsockopen()' in our PHP code.


However, we have hit obstacles in using either 'stream_socket_client()' or 
'pfsockopen()', as described in the following:


For example, by using the php calls 'socket_create()', 'socket_connect()', 
'socket_write()', and 'socket_read()', our php program is able to send a 
particular client enquiry, and then get back server data of 4196 bytes 
through socket connection.


However, if instead, we use the php calls 'stream_context_create()', 
'stream_socket_client()', 'fwrite()', and 'fread()', we will almost always 
get back incomplete server response data, say 2500 bytes, through the socket 
connection.


And the similar problems if we use the php calls 'pfsockopen()', 'fwrite()', 
and 'fread()'.


Such problems are first found on windows, and then on Linux.

We would very much appreciate it if any suggestions on using 
'stream_socket_client()' or 'pfsockopen()' correctly and successfully, and 
further on implementing persistent php client socket successfully.  Thanks a 
lot!


Regards,

Hong Yu



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Hot Topics

[Robert Cummings]

On 10-12-30 12:36 AM, Daniel Brown wrote:

On Dec 29, 2010 11:48 PM, "Jason Pruim"  wrote:


Weren't you playing with the possibility of including the amount of actual

code written as well?

 Yeah, that was in for a few weeks, but I believe it was Robert Cummings
who went out of his way to show its imperfections. Maybe we should
incorporate a syntax checker to show parse errors for the week, too.  ;-P


Hmmmpf... I never go out of my way >:)

Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php