Re: [PHP] Are IP addresses reliable?

2007-06-16 Thread william(at)elan.net 


On Sat, 16 Jun 2007, PHP Developer wrote:

I wanna know that is there a way to forge someone's IP address? for 
example, I have a client with an static ip address, and she is a 
superuser. Can i rely on her IP address? or somebody else can forge her 
IP? I don't want her to enter a username and a password..


For purposes of above question only (and assuming application is PHP and 
thus running on HTTP which is TCP-based protocol) the answer is that you 
can rely on the ip address. For general purposes the answer is you can 
forge ip address and can not rely on them (due to NAT and other issues) 
but its very very not easy and a lot depends on protocol in question.


--
William Leibzon
Elan Networks
[EMAIL PROTECTED]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: get domain component from email

2007-08-07 Thread william(at)elan.net 


way to do so by using dns records.  It's like 5 lines, here's the site 
http://www.sitepoint.com/article/users-email-address-php


The requirement for email delivery is not MX, just having an A address
is enough. Also executing external utility program from php is not
optimal from system point of view (extra process that you block for),
its better to just directly use PHP Net/DNS library. This article is
good for beginners:
 http://articles.techrepublic.com.com/5100-22-5234651.html


http://www.cmsws.com/examples/php/domain_verification/example2.php


You end up with hard-coded list where as ICANN may add new TLDs, while
it works fine for developer users start doing this and forget about
having to update it. I recommend getting IANA list and caching it locally:
 http://data.iana.org/TLD/tlds-alpha-by-domain.txt


And yours is fatally flawed. Not all ccTLDs are sub-divided.


More specifically some TLDs do delegation from 3rd level domains
(.co.uk), some from 2nd level (.com) some are mix of 2 or 3 or more
(.kids.us, .us,  k12.ca.us). And not only that but some TLDs may even 
allow direct delivery to TLD - do "dig ws"will not work (such [EMAIL PROTECTED] 
address is while valid the email would not work because RFC2821

considers it invalid address and because most local mailers would
get confused thinking is partial address where it needs to add local 
domain part). There is really no specific limit min or max for number 
deligation levels which together forms valid domain.


--
William Leibzon
Elan Networks
[EMAIL PROTECTED]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Please tell me I dont know regex

2006-09-15 Thread william(at)elan.net 


Please try below page/program on your system entering "ab-cd" and
please tell me I dont know regex - because the way I see it the
results of those tests should have been the same...

---


Please enter something with a dash here: 
name='regex_test' />



";
 print "Testing ".$_REQUEST['regex_test'].' with regex 
/^[A-Za-z0-9\.\-_]{3,63}$/ ... :';

  if (ereg("^[A-Za-z0-9\.\-_]{3,63}$",$_REQUEST['regex_test'])) print " Ok";
  else print " Nak";
}
print "Current PHP Version is: ".phpversion();
?>



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php