block, so I want to show all even records in the left block; all odd records in the right. (Editors can choose sort-order, turn records on and off or simply display all in reverse-cron, so accuracy is important.) I've been playing around with SQL to do this as I'd rather not put the weight on PHP. (This is all working, BTW.) > Why do you need every other row? Is this data likely to change? How > often is it updated? Can you pre-compute an ENUM that you insert upon > writing the table that lets you do: > > SELECT * FROM TABLE WHERE filter = 'even'; > SELECT * FROM TABLE WHERE filter = 'odd'; See above for sorting rules, but I just want to say that a pet peeve of mine is text-entries in the db for boolean logic. Why not something like odd=0 || odd=1? The legacy site we're redesigning here actually had doNotShow='yes' || doNotShow='no' in the db. I banged my head on the desk when I saw this. It not only takes more memory to retrieve & test the results, but the logic in this case is in reverse. Every time I'd look at a record, I'd have to ask myself, "Do I not want to show the record? No, I do not want to not show it." These are now display=1 || display=0. It is far more easier to test: if($record['display']) {} Than it is: if($record['doNotShow']=='no') {} (Just had to get that off my chest..) From tedd at sperling.com Sun Feb 5 14:13:58 2006 From: tedd at sperling.com (tedd) Date: Sun, 5 Feb 2006 14:13:58 -0500 Subject: [nycphp-talk] every other record In-Reply-To: References: Message-ID: >See above for sorting rules, but I just want to say that a pet peeve of mine >is text-entries in the db for boolean logic. Why not something like odd=0 >|| odd=1? Oh, why didn't you ask? Try this: "); } ?> If you count the records, then just run that count (i.e., $i) through the above to determine odd = 1 for odd and odd = 0 for even. HTH's. tedd -- -------------------------------------------------------------------------------- http://sperling.com/ From ps at pswebcode.com Mon Feb 6 15:35:20 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Mon, 6 Feb 2006 15:35:20 -0500 Subject: [nycphp-talk] PHP Security: The Proper Choice Is to Do It Now Message-ID: <000901c62b5c$d97e8190$68e4a144@Rubicon> The content of Chris Shiflett's Essential PHP Security from O'Reilly is poised right now to be put online as a Wiki. It should accept about 90 days of moderated updates and then be openly promoted as the accepted, standardized "Using PHP Securely" guide for all PHP programmers. Then Rasmus and Zeev (and Hans) have to step up and openly support this type of essential security awareness. All PHP user groups (like NYPHP) should openly, actively promote secure programming awareness right in the membership documentation and on every home page. Php.net should have Security as a menu item in the main horizontal menu right there with Downloads and Documentation. All PHP tutorials online that are old with insecure practices should have a simple one line link right under the tutorial title: "This tutorial may contain insecure techniques. See: [standardized, industry-supported secure PHP programming article] here before you begin." Can't wait for PHP 6 and Sandbox environments. Additionally, I have promoted in this venue before that the default php.ini from php.net should be a hardened .ini with shell and fopen functions disabled by default. Open_basedir should expect a mandatory value. Save errors to a log should be the default, with the alternative option to show on the screen. Error_log should expect mandatory value. Until further refinement safe_mode=on. We have to start somewhere. We have to start now. We can't wait for some incredible overarching solution or framework that is just going to appear because that is not the way most progress happens. Most progress, even in technology, occurs when a person adds another tweak, another enhancement, another update. PHP security needs to be further demystified. Security has to be a basic building block comparable to learning datatypes. Chris's guide is quite sufficient to help engender a positive change in the nature of how we all program PHP. Someday I really, really want to have a safe online, PHP-driven, Google-like personal searchable database that catalogs my entire financial/personal/health/educational/job history and automatically pulls in the XML-based attributes of all my belongings so that I can reference/manage/schedule/transfer/purchase/send anything from anywhere in the world on my biometrically protected cellular/pda/player. Only intense trusted security is going to make that possible. Start now yourself. Employ and propagate essential PHP security everywhere. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com From mikko.rantalainen at peda.net Tue Feb 7 05:20:56 2006 From: mikko.rantalainen at peda.net (Mikko Rantalainen) Date: Tue, 07 Feb 2006 12:20:56 +0200 Subject: [nycphp-talk] every other record In-Reply-To: References: Message-ID: <43E87488.4010802@peda.net> Rahmin Pavlovic wrote: > On 2/1/06 5:36 PM, "Adam Maccabee Trachtenberg" > wrote: > >>I see many people have provided a number good of answers, so let me >>step back and ask: "What problem are you trying to solve?" > [...] > The redesign is an all-CSS layout. For the section landing page, we're > showing the 5 most recent records, followed by a two-column layout > displaying the next 30 or so. > > Each 'column' is essentially a

block, so I want to show all even > records in the left block; all odd records in the right. I'll rephrase the above so we can be sure that we're on the same page. Logically you have a result set of records 1-35 sorted by whatever sorting algorithm the editor has selected. And you now aim for following structure (ASCII presentation, use fixed width font to view): +------------------------------+ | DIV 1 | | 2 | | 3 | | 4 | | 5 | +------------------------------+ +-------------+ +--------------+ |DIV 6 | |DIV 7 | | 8 | | 9 | | 10 | | 11 | | 12 | | 13 | | ... | | ... | | 34 | | 35 | +-------------+ +--------------+ So the source order is

1 2 3 4 5

6 8 10 ... 34

7 9 11 ... 35

?? If this is the case, I'd suggest you to use table layout instead. In my opinion, the biggest reason to use pure CSS layout is to *correctly* markup the semantics of the document. If the ordering of the records is meaningful, then the *source* order is the *most* important thing. The source *must* contain report 7 between reports 6 and 8, unlike above. Using a table and putting each report to its own cell will accomplish this. However, if you think the collection of reports you're displaying isn't really a piece of tabular data (which I think it isn't), then you shouldn't (semantically) use to display it. On the other hand, using

and correct source order is less wrong than using no

but incorrect source order. Saying that, I'm aware that it's *really* hard to achieve the correct table-like rendering in MSIE with the correct source order. All I'm saying is that if the table-like rendering in MSIE is more important than correct source order, then I think you should *NOT* change to true CSS layout. It's not worth it! Only use true CSS layout if using it *allows* you to use correct source order. -- Mikko From mitch.pirtle at gmail.com Tue Feb 7 16:52:33 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Tue, 7 Feb 2006 16:52:33 -0500 Subject: [nycphp-talk] Drupal junkie needed Message-ID: <330532b60602071352u6bd3ad60yaffa45ed9638881@mail.gmail.com> The New York City Homeschool Education Alliance (NYCHEA.org) is looking for a volunteer Drupal developer to help them with an application that may be migrated to their website (address management for mailings etc). Is there anyone that would be interested in picking this up? I'd do it, but it ain't Joomla ;-) -- Mitch Pirtle Joomla! Core Developer Open Source Matters From mike.johnson at wagner.edu Tue Feb 7 16:59:40 2006 From: mike.johnson at wagner.edu (Michael Johnson) Date: Tue, 07 Feb 2006 16:59:40 -0500 Subject: [nycphp-talk] Drupal junkie needed In-Reply-To: <330532b60602071352u6bd3ad60yaffa45ed9638881@mail.gmail.com> References: <330532b60602071352u6bd3ad60yaffa45ed9638881@mail.gmail.com> Message-ID: <43E9184C.1090601@wagner.edu> Mitch, Let me know some more of the details.... I just migrated www.wagner.edu to be 100% drupal (from a coldfusion/IIS server to two LAMPs!) Took quite a while. But if they need some integration help, maybe I could be of service. No promises, but I'll help if I can. -- Michael Johnson Web: Systems Administrator/Programmer Wagner College mike.johnson at wagner.edu 718-420-4425 Mitch Pirtle wrote: >The New York City Homeschool Education Alliance (NYCHEA.org) is >looking for a volunteer Drupal developer to help them with an >application that may be migrated to their website (address management >for mailings etc). > >Is there anyone that would be interested in picking this up? I'd do >it, but it ain't Joomla ;-) > >-- >Mitch Pirtle >Joomla! Core Developer >Open Source Matters >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > From aaron at aarond.com Wed Feb 8 16:58:02 2006 From: aaron at aarond.com (aaron) Date: Wed, 08 Feb 2006 16:58:02 -0500 Subject: [nycphp-talk] upload error Message-ID: <43EA696A.3090900@aarond.com> I'm having some trouble running an upload form on Mac OS X, IE 5.2 My servers are windows IIS, running php 4.3. The form works fine for Mac Safari, and IE/Mozilla on windows 2000, so I'm not sure what the difference is. I just check for the ',jpg' extension, and _FILE error code =0 then use move_uploaded_file. On the Mac/Safari test, it doesn't return an error, but shows 0 for file size. (I used the same image for Mac/PC tests so I know it goes through on the pc) Any ideas? thanks, Aaron D. From edwardpotter at gmail.com Wed Feb 8 17:01:09 2006 From: edwardpotter at gmail.com (edward potter) Date: Wed, 8 Feb 2006 17:01:09 -0500 Subject: [nycphp-talk] upload error In-Reply-To: <43EA696A.3090900@aarond.com> References: <43EA696A.3090900@aarond.com> Message-ID: hmmm, have not used IE on a Mac for ages, however what I usually do is to check the log files on the server, usually something helpful there.. -ed :-) On 2/8/06, aaron wrote: > I'm having some trouble running an upload form on Mac OS X, IE 5.2 > > My servers are windows IIS, running php 4.3. The form works fine for > Mac Safari, and IE/Mozilla on windows 2000, so I'm not sure what the > difference is. I just check for the ',jpg' extension, and _FILE error > code =0 then use move_uploaded_file. On the Mac/Safari test, it > doesn't return an error, but shows 0 for file size. > > (I used the same image for Mac/PC tests so I know it goes through on the pc) > > Any ideas? > > thanks, > Aaron D. > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From aaron at aarond.com Wed Feb 8 17:13:56 2006 From: aaron at aarond.com (aaron) Date: Wed, 08 Feb 2006 17:13:56 -0500 Subject: [nycphp-talk] upload error In-Reply-To: References: <43EA696A.3090900@aarond.com> Message-ID: <43EA6D24.30608@aarond.com> I just noticed that some jpg files will get uploaded, but others won't. Strange. I'm not sure what the difference is yet. edward potter wrote: >hmmm, have not used IE on a Mac for ages, however what I usually do is >to check the log files on the server, usually something helpful >there.. > >-ed :-) > > >On 2/8/06, aaron wrote: > > >>I'm having some trouble running an upload form on Mac OS X, IE 5.2 >> >>My servers are windows IIS, running php 4.3. The form works fine for >>Mac Safari, and IE/Mozilla on windows 2000, so I'm not sure what the >>difference is. I just check for the ',jpg' extension, and _FILE error >>code =0 then use move_uploaded_file. On the Mac/Safari test, it >>doesn't return an error, but shows 0 for file size. >> >>(I used the same image for Mac/PC tests so I know it goes through on the pc) >> >>Any ideas? >> >>thanks, >>Aaron D. >>_______________________________________________ >>New York PHP Community Talk Mailing List >>http://lists.nyphp.org/mailman/listinfo/talk >>New York PHP Conference and Expo 2006 >>http://www.nyphpcon.com >>Show Your Participation in New York PHP >>http://www.nyphp.org/show_participation.php >> >> >> >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From craig at juxtadigital.com Wed Feb 8 17:19:19 2006 From: craig at juxtadigital.com (Craig Thomas) Date: Wed, 08 Feb 2006 17:19:19 -0500 Subject: [nycphp-talk] upload error In-Reply-To: <43EA6D24.30608@aarond.com> References: <43EA696A.3090900@aarond.com> <43EA6D24.30608@aarond.com> Message-ID: <43EA6E67.8020700@juxtadigital.com> aaron wrote: > I just noticed that some jpg files will get uploaded, but others won't. > Strange. > I'm not sure what the difference is yet. Post the code. $_FILES['upload']['type'] doesn't _always_ return the same thing with different browsers...so, if you are relying on that...don't. From the docs: http://us3.php.net/features.file-upload "The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted." -- Craig From tedd at sperling.com Wed Feb 8 17:56:17 2006 From: tedd at sperling.com (tedd) Date: Wed, 8 Feb 2006 17:56:17 -0500 Subject: [nycphp-talk] upload error In-Reply-To: <43EA6D24.30608@aarond.com> References: <43EA696A.3090900@aarond.com> <43EA6D24.30608@aarond.com> Message-ID: >I just noticed that some jpg files will get uploaded, but others >won't. Strange. >I'm not sure what the difference is yet. Could be a couple of things: a) size -- check the size. I've had jpg's load only a portion because of size limits; 2) some jpgs have jpeg suffix -- check suffix and the defaults with your server. HTH's tedd -- -------------------------------------------------------------------------------- http://sperling.com/ From mitch.pirtle at gmail.com Wed Feb 8 20:39:28 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Wed, 8 Feb 2006 20:39:28 -0500 Subject: [nycphp-talk] Drupal junkie needed In-Reply-To: <43E9184C.1090601@wagner.edu> References: <330532b60602071352u6bd3ad60yaffa45ed9638881@mail.gmail.com> <43E9184C.1090601@wagner.edu> Message-ID: <330532b60602081739p169983a3ie77b747398bc376d@mail.gmail.com> On 2/7/06, Michael Johnson wrote: > Mitch, > > Let me know some more of the details.... I just migrated www.wagner.edu > to be 100% drupal (from a coldfusion/IIS server to two LAMPs!) Took > quite a while. But if they need some integration help, maybe I could be > of service. No promises, but I'll help if I can. Looks like it isn't a weblication, but more of a client application problem. Ultimately they keep a database of mailing addresses and need to find a way of centralizing that data, and also allowing for a "Mail Merge"-like feature to integrate with Word. Maybe there is something for Drupal that could manage the address book, and then provide a handy export to a Word-compatible format? -- Mitch Pirtle Joomla! Core Developer Open Source Matters From aaron at aarond.com Thu Feb 9 11:15:36 2006 From: aaron at aarond.com (aaron) Date: Thu, 09 Feb 2006 11:15:36 -0500 Subject: [nycphp-talk] upload error In-Reply-To: References: <43EA696A.3090900@aarond.com> <43EA6D24.30608@aarond.com> Message-ID: <43EB6AA8.8090603@aarond.com> Here is an example *My simple code* Image File For test images I just google image searched 'birds' and picked the swan image (2nd one) http://lynx.uio.no/jon/gif/animals/birds/swans.jpg This works on Mac safari, PC IE/Mozilla/Firefox but not Mac IE. When I try to open the file on my pc it says 'Can't determine type' Any thoughts? Is this sample image faulty? tedd wrote: >>I just noticed that some jpg files will get uploaded, but others >>won't. Strange. >>I'm not sure what the difference is yet. >> >> > > >Could be a couple of things: a) size -- check the size. I've had >jpg's load only a portion because of size limits; 2) some jpgs have >jpeg suffix -- check suffix and the defaults with your server. > >HTH's > >tedd > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From prusak at gmail.com Thu Feb 9 16:05:53 2006 From: prusak at gmail.com (Ophir Prusak) Date: Thu, 9 Feb 2006 16:05:53 -0500 Subject: [nycphp-talk] =?windows-1252?q?Are_you_promoting_someone_else=92s_?= =?windows-1252?q?site_without_even_knowing_it=3F?= Message-ID: hi all, If you're running a search engine friendly URL mod for your bulletin board system, you should read this. If you're using FURL with IPB, you MUST read this. Basically, I just found out that the URL mod I've been running on our company forums is google spamming. Here's the whole blog entry, but you might want to see it with pictures at http://www.prusak.com ----------------------------------------------------------------------- Are you promoting someone else's site without even knowing it? My tale of being victim to a below-the-belt SEO tactic. Recently, we added user forums to our company web site, in order to give our customers and potential customers a place to voice their questions and opinions. We settled on using Invision Power Board (IPB) which runs using PHP and MySQL. A couple of weeks ago I installed a modification to our forums which makes the URL of the pages appear to be static html pages and it also inserts the topic title into the URL. The modification package (also called a "mod") is called FURL, which is short for "Friendly URL". Friendly meaning the URLs are more search engine friendly. After installing the FURL modification, instead of using this URL: http://forum.resperate.com/index.php?showtopic=19 it uses this URL: http://forum.resperate.com/My-doctor-said-pills-for-the-rest-of-your-life-t19.html Both of the above URLs take you to the same page, but the second one both looks nicer, and is supposed to improve search engine placement. Last night, I wanted to check if Google was picking up the URLs with the static or dynamic URLs, so I searched for a pretty unique phrase from one of the pages: "It sounds like RESPeRATE is working well for you" and surely enough, the page had been picked up, but the URL it was showing was the dynamic one, not the static one. I was curious to see how Google was seeing the page so I clicked on the cached button: That's when my jaw dropped There was some additional stuff I had never seen before at the top of the page which looked like this: Instead of the normal forum section header which looks like this: The modification I installed didn't just modify the URLs. It also added, unknowingly to me, some extra text at the top of the page as well as some links to other pages - but the added text was only being shown to the Google spider, and was not visible to a normal human viewing the site. This alone can get you banned from Google. The fact that FURL adds this content is not mentioned anywhere in the documentation or installation instructions. It really saddens me that the author of FURL added a very underhanded tactic improve their search engine rankings. If they would have added a small footer to the bottom the page that was shown to everyone, I would have been perfectly OK with that and would have left it. It seems that quite a few sites have FURL installed and are affected by this SEO hack. If you do a search for "SEO Powered by FURL" in Google, it says over 2 million results. * sigh * From matt at jiffycomp.com Thu Feb 9 18:00:24 2006 From: matt at jiffycomp.com (Matt Morgan) Date: Thu, 09 Feb 2006 18:00:24 -0500 Subject: [nycphp-talk] Drupal junkie needed In-Reply-To: <330532b60602081739p169983a3ie77b747398bc376d@mail.gmail.com> References: <330532b60602071352u6bd3ad60yaffa45ed9638881@mail.gmail.com> <43E9184C.1090601@wagner.edu> <330532b60602081739p169983a3ie77b747398bc376d@mail.gmail.com> Message-ID: <43EBC988.6080905@jiffycomp.com> Mitch Pirtle wrote: >On 2/7/06, Michael Johnson wrote: > > >>Mitch, >> >>Let me know some more of the details.... I just migrated www.wagner.edu >>to be 100% drupal (from a coldfusion/IIS server to two LAMPs!) Took >>quite a while. But if they need some integration help, maybe I could be >>of service. No promises, but I'll help if I can. >> >> > >Looks like it isn't a weblication, but more of a client application >problem. Ultimately they keep a database of mailing addresses and need >to find a way of centralizing that data, and also allowing for a "Mail >Merge"-like feature to integrate with Word. > >Maybe there is something for Drupal that could manage the address >book, and then provide a handy export to a Word-compatible format? > > > What about CiviCRM, which is meant for non-profits & runs on Drupal (and Joomla!). See http://openngo.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hendler at simmons.edu Thu Feb 9 18:11:19 2006 From: hendler at simmons.edu (Jonathan Hendler) Date: Thu, 09 Feb 2006 18:11:19 -0500 Subject: [nycphp-talk] Drupal junkie needed In-Reply-To: <43EBC988.6080905@jiffycomp.com> References: <330532b60602071352u6bd3ad60yaffa45ed9638881@mail.gmail.com> <43E9184C.1090601@wagner.edu> <330532b60602081739p169983a3ie77b747398bc376d@mail.gmail.com> <43EBC988.6080905@jiffycomp.com> Message-ID: <43EBCC17.80907@simmons.edu> I'm with Matt on civicCRM. Maybe this will inspire Drupal and Joomla to merge. :) Matt Morgan wrote: > Mitch Pirtle wrote: > >>On 2/7/06, Michael Johnson wrote: >> >> >>>Mitch, >>> >>>Let me know some more of the details.... I just migrated www.wagner.edu >>>to be 100% drupal (from a coldfusion/IIS server to two LAMPs!) Took >>>quite a while. But if they need some integration help, maybe I could be >>>of service. No promises, but I'll help if I can. >>> >>> >> >>Looks like it isn't a weblication, but more of a client application >>problem. Ultimately they keep a database of mailing addresses and need >>to find a way of centralizing that data, and also allowing for a "Mail >>Merge"-like feature to integrate with Word. >> >>Maybe there is something for Drupal that could manage the address >>book, and then provide a handy export to a Word-compatible format? >> >> >> > What about CiviCRM, which is meant for non-profits & runs on Drupal > (and Joomla!). See http://openngo.org. > >------------------------------------------------------------------------ > > > From rajlist at rajshekhar.net Fri Feb 10 00:18:14 2006 From: rajlist at rajshekhar.net (Raj shekhar) Date: Fri, 10 Feb 2006 10:48:14 +0530 Subject: =?windows-1252?Q?Re=3A_=5Bnyphp-talk=5D_Are_you_promotin?= =?windows-1252?Q?g_someone_else=92s_site_without_even_knowin?= =?windows-1252?Q?g_it=3F?= In-Reply-To: References: Message-ID: <43EC2216.50009@rajshekhar.net> in infinite wisdom Ophir Prusak spoke thus on 02/10/06 02:35: > hi all, > > If you're running a search engine friendly URL mod for your bulletin > board system, you should read this. > > If you're using FURL with IPB, you MUST read this. > > Basically, I just found out that the URL mod I've been running on our > company forums is google spamming. > > Here's the whole blog entry, but you might want to see it with > pictures at http://www.prusak.com If FURL is free software (free as in free speech), take the source and create a fork of it which does not add the junk that you mentioned. If it is not free, create your own and change the world for good :-) PS: I don't use any bulletin board systems, so I have never come across the problem you mentioned. -- _.-, raj shekhar .--' '-._ http://rajshekhar.net _/`- _ '. http://rajshekhar.net/blog '----'._`.----. \ ` \; WE APOLOGIZE FOR THE INCONVENIENCE ;_\ -- God's Last Message to his Creation From george at omniti.com Fri Feb 10 10:49:19 2006 From: george at omniti.com (George Schlossnagle) Date: Fri, 10 Feb 2006 10:49:19 -0500 Subject: [nycphp-talk] OSCON Submission Deadline Reminder Message-ID: <43ECB5FF.2000504@omniti.com> Just as a reminder to all interested parties: the submission deadline for 2006 O'Reilly Open Source Convention is coming to a close. All submissions must be in by Monday, February 13th 23:59 PST to be considered. Proposals can be submitted online at http://conferences.oreillynet.com/cs/os2006/create/e_sess/ OSCON is probably my favorite conference of the year; gathering together innovators not only from the PHP community, but all the other major open-source languages as well. This cross-pollination is really exciting and helps advance the state of the art for all projects. If anyone has any questions or problems with the submission process, please feel free to contact me offline. Best, George From codebowl at gmail.com Fri Feb 10 13:16:43 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Fri, 10 Feb 2006 13:16:43 -0500 Subject: [nycphp-talk] A Bit of Array Trouble Message-ID: <8d9a42800602101016j445d346o85f9d6b07472407a@mail.gmail.com> Hey Guys, I would appreciate any help i can get with this problem. Based on a customers zip code when they come to the site we generate a list of vendors and vendor locations and they are loaded into an array like this www,codebowl.com/array.txt what i need to do is loop over the vendor locations and sort them based on the distance. Currently it looks sorted but that is only because 2 records are showing. so in this case it is correct. the end goal is to get the 2 closest locations then get the closest based on total street miles. is there current code out there that could do this? Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From cahoyos at us.ibm.com Fri Feb 10 13:30:08 2006 From: cahoyos at us.ibm.com (Carlos A Hoyos) Date: Fri, 10 Feb 2006 13:30:08 -0500 Subject: [nycphp-talk] A Bit of Array Trouble In-Reply-To: <8d9a42800602101016j445d346o85f9d6b07472407a@mail.gmail.com> Message-ID: > what i need to do is loop over the vendor locations and sort them > based on the distance. Currently it looks sorted but that is only > because 2 records are showing. You can use usort with a function that compares the distance key. See example 2: http://us2.php.net/manual/en/function.usort.php Carlos From cliff at pinestream.com Fri Feb 10 14:49:52 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 10 Feb 2006 14:49:52 -0500 Subject: [nycphp-talk] type casting function arguments Message-ID: <000201c62e7b$28de7300$0aa8a8c0@cliff> Is there any way to typecast a function argument like: public function Partytime(int $argument) // this actually expects an object of class int or public function Partytime( (int)$argument) // this barfs sure would be nice when my next line is: if ($argument ===... which I really like over == for some stange reason -- keeps me honest. You get the idea. Cliff -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Fri Feb 10 15:00:49 2006 From: tedd at sperling.com (tedd) Date: Fri, 10 Feb 2006 15:00:49 -0500 Subject: [nycphp-talk] A Bit of Array Trouble In-Reply-To: <8d9a42800602101016j445d346o85f9d6b07472407a@mail.gmail.com> References: <8d9a42800602101016j445d346o85f9d6b07472407a@mail.gmail.com> Message-ID: >Hey Guys, > >I would appreciate any help i can get with this problem. > >Based on a customers zip code when they come to the site we generate >a list of vendors and vendor locations and they are loaded into an >array like this > >www,codebowl.com/array.txt > >what i need to do is loop over the vendor locations and sort them >based on the distance. Currently it looks sorted but that is only >because 2 records are showing. > >so in this case it is correct. the end goal is to get the 2 closest >locations then get the closest based on total street miles. > >is there current code out there that could do this? > >Thanks, >-- >Joseph Crawford Jr. >Zend Certified Engineer >Codebowl Solutions, Inc. >1-802-671-2021 I haven't done this, but you might use Google's map services. tedd -- -------------------------------------------------------------------------------- http://sperling.com/ From scott at crisscott.com Fri Feb 10 15:02:48 2006 From: scott at crisscott.com (Scott Mattocks) Date: Fri, 10 Feb 2006 15:02:48 -0500 Subject: [nycphp-talk] type casting function arguments In-Reply-To: <000201c62e7b$28de7300$0aa8a8c0@cliff> References: <000201c62e7b$28de7300$0aa8a8c0@cliff> Message-ID: <43ECF168.2080009@crisscott.com> Cliff Hirsch wrote: > Is there any way to typecast a function argument like: > > public function Partytime(int $argument) // this actually > expects an object of class int > > or > > public function Partytime( (int)$argument) // this barfs Nope. Type hints (your first version) don't work on primitives and you can't execute commands (your second version) in a function/method signature (except setting defaults). -- Scott Mattocks http://www.crisscott.com From andrew at plexpod.com Fri Feb 10 15:03:12 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Fri, 10 Feb 2006 15:03:12 -0500 Subject: [nycphp-talk] type casting function arguments In-Reply-To: <000201c62e7b$28de7300$0aa8a8c0@cliff> References: <000201c62e7b$28de7300$0aa8a8c0@cliff> Message-ID: <20060210200308.GE31026@desario.homelinux.net> On Fri, Feb 10, 2006 at 02:49:52PM -0500, Cliff Hirsch wrote: > Is there any way to typecast a function argument like: > > public function Partytime(int $argument) // this actually > expects an object of class int > > or > > public function Partytime( (int)$argument) // this barfs No. What you're trying to do is type hinting, which only works for the compound types: classes (as of 5) and arrays (as of 5.1). See: http://us3.php.net/manual/en/language.oop5.typehinting.php Maybe someday the other (scalar) primitives will make it in there. Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From cliff at pinestream.com Fri Feb 10 15:09:06 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 10 Feb 2006 15:09:06 -0500 Subject: [nycphp-talk] type casting function arguments In-Reply-To: <20060210200308.GE31026@desario.homelinux.net> Message-ID: <000c01c62e7d$d8a883f0$0aa8a8c0@cliff> So is it best to abandon ifs with === and !==? I think they are great for validation and flag checking (like setting a variable to a result set or Boolean false). But I might have gotten ahead of myself using them too liberally, which is now a bit worrisome and creating a few problems...and overtime. --- No. What you're trying to do is type hinting, which only works for the compound types: classes (as of 5) and arrays (as of 5.1). See: http://us3.php.net/manual/en/language.oop5.typehinting.php From michael.southwell at nyphp.org Fri Feb 10 15:25:18 2006 From: michael.southwell at nyphp.org (Michael Southwell) Date: Fri, 10 Feb 2006 15:25:18 -0500 Subject: [nycphp-talk] type casting function arguments In-Reply-To: <000c01c62e7d$d8a883f0$0aa8a8c0@cliff> References: <20060210200308.GE31026@desario.homelinux.net> <000c01c62e7d$d8a883f0$0aa8a8c0@cliff> Message-ID: <6.2.3.4.2.20060210152422.02517e80@mail.optonline.net> At 03:09 PM 2/10/2006, you wrote: >So is it best to abandon ifs with === and !==? No, this is in many/most cases the best way; see http://www.nyphp.org/phundamentals/variableevaluation.php Michael Southwell, Vice President for Education New York PHP http://www.nyphp.com/training - In-depth PHP Training Courses From evdo.hsdpa at gmail.com Sat Feb 11 09:58:56 2006 From: evdo.hsdpa at gmail.com (Robert Kim Wireless Internet Advisor) Date: Sat, 11 Feb 2006 06:58:56 -0800 Subject: [nycphp-talk] Modifying Forum PHPBB Template Message-ID: <1ec620e90602110658u490fd41bg12e2d315f0338898@mail.gmail.com> Guys... i dont know the first thing about php. Good.. got that outta the way :o) how do i add a HTML LINK to the home page of http://hacks.wirelessinternetcoverage.com ? bob http://hsdpa-coverage.com From Consult at CovenantEDesign.com Sat Feb 11 10:38:05 2006 From: Consult at CovenantEDesign.com (CED) Date: Sat, 11 Feb 2006 10:38:05 -0500 Subject: [nycphp-talk] Modifying Forum PHPBB Template References: <1ec620e90602110658u490fd41bg12e2d315f0338898@mail.gmail.com> Message-ID: <004701c62f21$27215540$6601a8c0@ced> hey bob, You need to locate your current Themes index_body.tpl. Usually located under Templates -> "Name of your current Theme" -> index_body.tpl In there you'll see familiar HTML. Somewhere between the end of the U_Search Table code block and the beginning of the next Table (the category layout table) insert another UNCLOSED table and utilize it to place your link in. Example: {L_SEARCH_UNANSWERED}

<-- end of table --> <-- beginning of my new 'link table' -->

Home
Doctrine
About
Contact

<--Notice The link table is not closed, do that at the bottom of the page --> Result: http://www.AlbanyCRPC.org/phpBB2/ HTH. Edward J Prevost II Senior Applications Specialist SIS Project, Data Migration Lead Albany Medical College Albany Medical Center Edward.Prevost at amc.edu desk | 518.262.2743 cell | 518.331.5061 ----- Original Message ----- From: "Robert Kim Wireless Internet Advisor" To: "NYPHP Talk" Sent: Saturday, February 11, 2006 9:58 AM Subject: [nycphp-talk] Modifying Forum PHPBB Template Guys... i dont know the first thing about php. Good.. got that outta the way :o) how do i add a HTML LINK to the home page of http://hacks.wirelessinternetcoverage.com ? bob http://hsdpa-coverage.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From Consult at CovenantEDesign.com Sat Feb 11 10:45:41 2006 From: Consult at CovenantEDesign.com (CED) Date: Sat, 11 Feb 2006 10:45:41 -0500 Subject: [nycphp-talk] Modifying Forum PHPBB Template References: <1ec620e90602110658u490fd41bg12e2d315f0338898@mail.gmail.com> Message-ID: <007f01c62f22$36632aa0$6601a8c0@ced> P.S. Bob, By the looks of your mmemberlist, I';d turn on the visual image anti-spam option in the administrator panel. ----- Original Message ----- From: "Robert Kim Wireless Internet Advisor" To: "NYPHP Talk" Sent: Saturday, February 11, 2006 9:58 AM Subject: [nycphp-talk] Modifying Forum PHPBB Template Guys... i dont know the first thing about php. Good.. got that outta the way :o) how do i add a HTML LINK to the home page of http://hacks.wirelessinternetcoverage.com ? bob http://hsdpa-coverage.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From evdo.hsdpa at gmail.com Sat Feb 11 11:20:28 2006 From: evdo.hsdpa at gmail.com (Robert Kim Wireless Internet Advisor) Date: Sat, 11 Feb 2006 08:20:28 -0800 Subject: [nycphp-talk] Modifying Forum PHPBB Template In-Reply-To: <004701c62f21$27215540$6601a8c0@ced> References: <1ec620e90602110658u490fd41bg12e2d315f0338898@mail.gmail.com> <004701c62f21$27215540$6601a8c0@ced> Message-ID: <1ec620e90602110820j63faab14ledc25613b77a6bee@mail.gmail.com> CED- HTH, Thank You Verrrry Much!... yes.. i'm just starting the forum so it's got some work that needs to be done. On 2/11/06, CED wrote: > hey bob, > > You need to locate your current Themes index_body.tpl. > Usually located under Templates -> "Name of your current Theme" -> > index_body.tpl > > In there you'll see familiar HTML. Somewhere between the end of the U_Search > Table code block and the beginning of the next Table (the category layout > table) insert another UNCLOSED table and utilize it to place your link in. > > Example: > > class="gensmall">{L_SEARCH_UNANSWERED} > >

> > <-- end of table --> > <-- beginning of my new 'link table' --> > > >

valign="top"> > size="-4">Home
> target="_self">Doctrine
> size="-4">About
> size="-4">Contact
>

> > <--Notice The link table is not closed, do that at the bottom of the page > --> > > class="forumline"> > > Result: > > http://www.AlbanyCRPC.org/phpBB2/ > > > HTH. > > Edward J Prevost II > Senior Applications Specialist > SIS Project, Data Migration Lead > Albany Medical College > Albany Medical Center > Edward.Prevost at amc.edu > desk | 518.262.2743 > cell | 518.331.5061 > > > > > > ----- Original Message ----- > From: "Robert Kim Wireless Internet Advisor" > To: "NYPHP Talk" > Sent: Saturday, February 11, 2006 9:58 AM > Subject: [nycphp-talk] Modifying Forum PHPBB Template > > Guys... i dont know the first thing about php. > Good.. got that outta the way :o) > > how do i add a HTML LINK to the home page of > http://hacks.wirelessinternetcoverage.com > ? > > bob > http://hsdpa-coverage.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- Robert Q Kim, Wireless Internet Advisor http://hsdpa-coverage.com http://www.antennacoverage.com/cell-repeater.html https://www.antennacoverage.com/cell-phone-antenna-booster.html 2611 S. Pacific Coast Highway 101 Suite 102 Cardiff by the Sea, CA 92007 206 984 0880 From shiflett at php.net Sat Feb 11 11:49:53 2006 From: shiflett at php.net (Chris Shiflett) Date: Sat, 11 Feb 2006 11:49:53 -0500 Subject: [nycphp-talk] PHP Security: The Proper Choice Is to Do It Now In-Reply-To: <000901c62b5c$d97e8190$68e4a144@Rubicon> References: <000901c62b5c$d97e8190$68e4a144@Rubicon> Message-ID: <43EE15B1.10404@php.net> Hi Peter, > The content of Chris Shiflett's Essential PHP Security from > O'Reilly is poised right now to be put online as a Wiki. Can you elaborate? There are no plans to do this, although I've considered enhancing the PHP Security Guide to be a condensed version of the book. This would require some negotiation with O'Reilly. :-) There are a few free resources available online, including two free chapters and most of the code: http://phpsecurity.org/ > It should accept about 90 days of moderated updates and then be > openly promoted as the accepted, standardized "Using PHP > Securely" guide for all PHP programmers. Web application security is a young and evolving discipline, so any useful documentation should evolve as well. > All PHP tutorials online that are old with insecure practices > should have a simple one line link right under the tutorial > title: "This tutorial may contain insecure techniques. See: > [standardized, industry-supported secure PHP programming article] > here before you begin." I know what you mean. Ideally, online resources that teach bad practices would be corrected, but the sheer magnitude of this problem makes any progress difficult. > Additionally, I have promoted in this venue before that the > default php.ini from php.net should be a hardened .ini with shell > and fopen functions disabled by default. I definitely agree that allow_url_fopen should be disabled by default, at least in php.ini-recommended. > PHP security needs to be further demystified. Agreed. Given the right background, it's a pretty simple topic. > Chris's guide is quite sufficient to help engender a positive > change in the nature of how we all program PHP. I sure hope so. :-) Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ From vugranam at us.ibm.com Sat Feb 11 12:43:23 2006 From: vugranam at us.ibm.com (Vugranam Sreedhar) Date: Sat, 11 Feb 2006 12:43:23 -0500 Subject: [nycphp-talk] PHP Security: The Proper Choice Is to Do It Now In-Reply-To: <43EE15B1.10404@php.net> Message-ID: BTW, are there any code analysis or static analysis tools for automatically detecting security problems that you describe in your book? Zend IDE seem to do some shallow code analysis (at least that is the impression I get when I read their IDE product description...) With regards, Sreedhar ------------------------------------------------------------------------------------------------------------------- Research Staff Member TJ Watson Research Center T/L 863-7325 Ext: 914-784-7325 Chris Shiflett To Sent by: NYPHP Talk talk-bounces at list cc s.nyphp.org Subject Re: [nycphp-talk] PHP Security: The 02/11/2006 11:49 Proper Choice Is to Do It Now AM Please respond to NYPHP Talk Hi Peter, > The content of Chris Shiflett's Essential PHP Security from > O'Reilly is poised right now to be put online as a Wiki. Can you elaborate? There are no plans to do this, although I've considered enhancing the PHP Security Guide to be a condensed version of the book. This would require some negotiation with O'Reilly. :-) There are a few free resources available online, including two free chapters and most of the code: http://phpsecurity.org/ > It should accept about 90 days of moderated updates and then be > openly promoted as the accepted, standardized "Using PHP > Securely" guide for all PHP programmers. Web application security is a young and evolving discipline, so any useful documentation should evolve as well. > All PHP tutorials online that are old with insecure practices > should have a simple one line link right under the tutorial > title: "This tutorial may contain insecure techniques. See: > [standardized, industry-supported secure PHP programming article] > here before you begin." I know what you mean. Ideally, online resources that teach bad practices would be corrected, but the sheer magnitude of this problem makes any progress difficult. > Additionally, I have promoted in this venue before that the > default php.ini from php.net should be a hardened .ini with shell > and fopen functions disabled by default. I definitely agree that allow_url_fopen should be disabled by default, at least in php.ini-recommended. > PHP security needs to be further demystified. Agreed. Given the right background, it's a pretty simple topic. > Chris's guide is quite sufficient to help engender a positive > change in the nature of how we all program PHP. I sure hope so. :-) Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From shiflett at php.net Sat Feb 11 13:07:02 2006 From: shiflett at php.net (Chris Shiflett) Date: Sat, 11 Feb 2006 13:07:02 -0500 Subject: [nycphp-talk] PHP Security: The Proper Choice Is to Do It Now In-Reply-To: References: Message-ID: <43EE27C6.3090403@php.net> Vugranam Sreedhar wrote: > BTW, are there any code analysis or static analysis tools for > automatically detecting security problems that you describe in > your book? There are penetration testing tools, and these are pretty easy to write yourself. Analyzing code is more challenging than it sounds, because your task winds up being a substantial subset of what a code parser does - you have to be able to reliably interpret code and what it does, tracking data the entire time, and making educated guesses about potential safeguards. There are some recent PHP extensions written by Sara Golemon that can help, but it's still a very non-trivial task. I do a fair number of PHP security audits, and most of my process still revolves around a manual inspection of the code. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ From vugranam at us.ibm.com Sat Feb 11 13:16:14 2006 From: vugranam at us.ibm.com (Vugranam Sreedhar) Date: Sat, 11 Feb 2006 13:16:14 -0500 Subject: [nycphp-talk] PHP Security: The Proper Choice Is to Do It Now In-Reply-To: <43EE27C6.3090403@php.net> Message-ID: Interesting... I am also just starting to look at the possibility of annotating PHP code to improve analyzability of PHP code...Do you have pointers to Sara's extentions? With regards, Sreedhar ------------------------------------------------------------------------------------------------------------------- Research Staff Member TJ Watson Research Center T/L 863-7325 Ext: 914-784-7325 Chris Shiflett To Sent by: NYPHP Talk talk-bounces at list cc s.nyphp.org Subject Re: [nycphp-talk] PHP Security: The 02/11/2006 01:07 Proper Choice Is to Do It Now PM Please respond to NYPHP Talk Vugranam Sreedhar wrote: > BTW, are there any code analysis or static analysis tools for > automatically detecting security problems that you describe in > your book? There are penetration testing tools, and these are pretty easy to write yourself. Analyzing code is more challenging than it sounds, because your task winds up being a substantial subset of what a code parser does - you have to be able to reliably interpret code and what it does, tracking data the entire time, and making educated guesses about potential safeguards. There are some recent PHP extensions written by Sara Golemon that can help, but it's still a very non-trivial task. I do a fair number of PHP security audits, and most of my process still revolves around a manual inspection of the code. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From shiflett at php.net Sat Feb 11 13:21:13 2006 From: shiflett at php.net (Chris Shiflett) Date: Sat, 11 Feb 2006 13:21:13 -0500 Subject: [nycphp-talk] PHP Security: The Proper Choice Is to Do It Now In-Reply-To: References: Message-ID: <43EE2B19.7020808@php.net> Vugranam Sreedhar wrote: > Do you have pointers to Sara's extentions? In order of relevance to this particular task: http://php.net/parsekit http://php.net/runkit Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ From glenn310b at mac.com Sat Feb 11 16:51:03 2006 From: glenn310b at mac.com (Glenn) Date: Sat, 11 Feb 2006 16:51:03 -0500 Subject: [nycphp-talk] OT ? Insurance Question Message-ID: <61ed8cf29791d562cc5969c7a2174213@mac.com> Hi all, I'm in the NYC, USA area. I have a potential contracting job and I'm thinking that I need to have some good errors and omissions insurance, and other insurance as well. This would be programming work in a mission-critical environment, and in an industry with high liability. I'm hoping some of the folks on this list can recommend insurance companies that have a positive reputation. Any other comments on the subject are also most welcome. Best Regards, Glenn From mitch.pirtle at gmail.com Sat Feb 11 18:57:32 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sat, 11 Feb 2006 18:57:32 -0500 Subject: [nycphp-talk] Drupal junkie needed In-Reply-To: <43EBCC17.80907@simmons.edu> References: <330532b60602071352u6bd3ad60yaffa45ed9638881@mail.gmail.com> <43E9184C.1090601@wagner.edu> <330532b60602081739p169983a3ie77b747398bc376d@mail.gmail.com> <43EBC988.6080905@jiffycomp.com> <43EBCC17.80907@simmons.edu> Message-ID: <330532b60602111557m213da9e0u872cfa5bc7d80076@mail.gmail.com> On 2/9/06, Jonathan Hendler wrote: > I'm with Matt on civicCRM. > Maybe this will inspire Drupal and Joomla to merge. :) Ok, so we did swap t-shirts in London, but this is getting out of hand ;-) -- Mitch Pirtle Joomla! Core Developer Open Source Matters From jonbaer at jonbaer.com Sat Feb 11 20:26:23 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Sat, 11 Feb 2006 20:26:23 -0500 Subject: [nycphp-talk] OT ? Insurance Question In-Reply-To: <61ed8cf29791d562cc5969c7a2174213@mac.com> References: <61ed8cf29791d562cc5969c7a2174213@mac.com> Message-ID: <13AD1143-55A9-44DE-B279-5D1F9557AFC9@jonbaer.com> It worries me that this even needs to be thought about these days ... Im interested in why the company that hires you for this would not provide such insurance ... I have read at least a dozen items this year alone which shows developers getting *sued* for just bad mouthing or giving a good opinion on why not to buy a product in their blogs. While its not the same as a mission-critical situation I find it troublesome that you would need "online insurance" these days if you are programming via contract work :-\ - Jon On Feb 11, 2006, at 4:51 PM, Glenn wrote: > Hi all, > > I'm in the NYC, USA area. > > I have a potential contracting job and I'm thinking > that I need to have some good errors and omissions > insurance, and other insurance as well. > > This would be programming work in a mission-critical environment, and > in an industry with high liability. > > I'm hoping some of the folks on this list can recommend > insurance companies that have a positive reputation. > > Any other comments on the subject are also most welcome. > > Best Regards, > > Glenn > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From george at omniti.com Sat Feb 11 22:24:33 2006 From: george at omniti.com (George Schlossnagle) Date: Sat, 11 Feb 2006 22:24:33 -0500 Subject: [nycphp-talk] OT ? Insurance Question In-Reply-To: <13AD1143-55A9-44DE-B279-5D1F9557AFC9@jonbaer.com> References: <61ed8cf29791d562cc5969c7a2174213@mac.com> <13AD1143-55A9-44DE-B279-5D1F9557AFC9@jonbaer.com> Message-ID: <43EEAA71.4090307@omniti.com> Jon Baer wrote: >It worries me that this even needs to be thought about these days ... >Im interested in why the company that hires you for this would not >provide such insurance ... I have read at least a dozen items this >year alone which shows developers getting *sued* for just bad >mouthing or giving a good opinion on why not to buy a product in >their blogs. While its not the same as a mission-critical situation >I find it troublesome that you would need "online insurance" these >days if you are programming via contract work :-\ > All contracters should have errors and ommissions coverage. It's been that way for as long as I've been contracting. George From adam at ecamp.net Sun Feb 12 19:16:52 2006 From: adam at ecamp.net (Adam Helfgott) Date: Sun, 12 Feb 2006 19:16:52 -0500 Subject: [nycphp-talk] Need a Full Time PHP Person In-Reply-To: <43EEAA71.4090307@omniti.com> References: <61ed8cf29791d562cc5969c7a2174213@mac.com> <13AD1143-55A9-44DE-B279-5D1F9557AFC9@jonbaer.com> <43EEAA71.4090307@omniti.com> Message-ID: <43EFCFF4.4090802@ecamp.net> However, the job is in Seattle. Anyone know anyone that is looking for a good long term job? PHP/MySQL etc.. Great salary, full benefits, great company, great product. Thanks, Adam From lists at zaunere.com Sun Feb 12 19:27:25 2006 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 12 Feb 2006 19:27:25 -0500 Subject: [nycphp-talk] Need a Full Time PHP Person In-Reply-To: <43EFCFF4.4090802@ecamp.net> Message-ID: <007d01c63034$478b9340$6401a8c0@MZ> Adam Helfgott wrote on Sunday, February 12, 2006 7:17 PM: > However, the job is in Seattle. Anyone know anyone that is looking for > a good long term job? PHP/MySQL etc.. > Great salary, full benefits, great company, great product. Hi Adam, Please post job related messages to the NYPHP-Jobs list, http://www.nyphp.org/lists Regards, --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From cliff at pinestream.com Sun Feb 12 21:12:31 2006 From: cliff at pinestream.com (cliff) Date: Sun, 12 Feb 2006 21:12:31 -0500 Subject: [nycphp-talk] PHP Security: The Proper Choice Is to Do It Now In-Reply-To: References: <43EE27C6.3090403@php.net> Message-ID: <20060213021231.M76410@pinestream.com> Not for PHP, but see: http://www.ouncelabs.com/ On Sat, 11 Feb 2006 13:16:14 -0500, Vugranam Sreedhar wrote > Interesting... I am also just starting to look at the possibility of > annotating PHP code to improve analyzability of PHP code...Do you > have pointers to Sara's extentions? > > There are penetration testing tools, and these are pretty easy to write > yourself. From 1j0lkq002 at sneakemail.com Mon Feb 13 03:12:55 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Mon, 13 Feb 2006 00:12:55 -0800 Subject: =?windows-1252?Q?Re=3A_=5Bnyphp-talk=5D_Are_you_promotin?= =?windows-1252?Q?g_someone_else=92s_site_without_even_knowin?= =?windows-1252?Q?g_it=3F?= In-Reply-To: References: Message-ID: <20021-72584@sneakemail.com> Ophir Prusak prusak-at-gmail.com |nyphp dev/internal group use| wrote: >hi all, > >If you're running a search engine friendly URL mod for your bulletin >board system, you should read this. > >If you're using FURL with IPB, you MUST read this. > >Basically, I just found out that the URL mod I've been running on our >company forums is google spamming. > This is a more serious matter than Ohpir initially suggested, and I dug a bit deeper into it and wrote about it on ThreadWatch.org. The code was distributed as a free mod for the forum software, and was advertised/promoted as a means of making a site more "search engine friendly". In actuality, not only did it spam google by embedding backlinks onto your website, but it did so by cloaking the site by user-agent, so that search engine spiders were fed a different version of your website than regular visitors. Since cloaking is a blatant violation of the Google terms of service, this mod that was advertised as a way to make your site more search engine friendly could actually get your site banned. *** I repeat: it inserted cloaking by user-agent, which would get your site banned by Google if discovered. Of course code that ads/modifies mod-rewrite rules is never trivial code, so it is likely that many PHP coders would accept the rewrite rules and associated code without line-by-line review. Had they looked very closey at the code, they would have found not only the backlinks and the cloaking by user-agent, but a disclosure statement from the author in the comments. He appended this code to the top of your pages (note the randomization of the anchor text.. nice touch!): foreach( explode( "\n", $this->ipsclass->vars['search_engine_bots'] ) as $bot ) { list($ua, $n) = explode( "=", $bot ); if ( $ua and $n ){ $this->bot_map[ strtolower($ua) ] = $n; $this->bot_safe[] = preg_quote( $ua, "/" ); } } if ( preg_match( '/('.implode( '|', $this->bot_safe ) .')/i', $_SERVER['HTTP_USER_AGENT'], $match ) ) { print "SEO Powered By FURL 3.1 By KiM (Alternative Manchester)

"; $url1 = array("http://www.authors-website.tld","http://www.authors-website.tld"); $keywords1 = array("","Alternative Manchester","Manchester","Events","Local","Punk Rock","Music","Punk"...); for($x;$x<=2;$x++){ $randurl = rand(0,1); $rand1 = rand(0, 30); $rand2 = rand(0, 30); $rand3 = rand(0, 30); $rand4 = rand(0, 30); $url = "{$keywords1[$rand1]}-{$keywords1[$rand2]}-{$keywords1[$rand3]}-se.html"; $this->ipsclass->skin['_wrapper'].= " - {$keywords1[$rand4]} - {$keywords1[$rand1]} {$keywords1[$rand2]} {$keywords1[$rand3]}"; } } This is a very good reminder of the dangers of adopting scripts. My original article on this is at http://www.threadwatch.org/node/5589 -=john andrews http://www.seo-fun.com From fields at hedge.net Mon Feb 13 10:33:20 2006 From: fields at hedge.net (Adam Fields) Date: Mon, 13 Feb 2006 10:33:20 -0500 Subject: [nycphp-talk] Are you promoting someone else?s site without even knowing it? In-Reply-To: <20021-72584@sneakemail.com> References: <20021-72584@sneakemail.com> Message-ID: <20060213153320.GE20391@lola.aquick.org> On Mon, Feb 13, 2006 at 12:12:55AM -0800, inforequest wrote: [...] > This is a very good reminder of the dangers of adopting scripts. My > original article on this is at http://www.threadwatch.org/node/5589 Interesting that the last comment is Kim claiming that this was an accident and he's removed the offending code from the latest version. -- - Adam ** Expert Technical Project and Business Management **** System Performance Analysis and Architecture ****** [ http://www.everylastounce.com ] [ http://www.aquick.org/blog ] ............ Blog [ http://www.adamfields.com/resume.html ].. Experience [ http://www.flickr.com/photos/fields ] ... Photos [ http://www.aquicki.com/wiki ].............Wiki [ http://del.icio.us/fields ] ............. Links From aaron at aarond.com Mon Feb 13 12:59:46 2006 From: aaron at aarond.com (aaron) Date: Mon, 13 Feb 2006 12:59:46 -0500 Subject: [nycphp-talk] date variables Message-ID: <43F0C912.2010509@aarond.com> I'm working on an accounting text file parser, and they have a date variable that represents the number of days since 01/01/1968 I have to take that number and convert it mm/dd/yyyy *Example* Date variable:..: 3919 Summary...........: UniData's Internal Date & Time Description.......: Date: 4/4/2005 Any suggestions on what php functions to use? I know some don't go further back than 1970. thanks, Aaron D. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron at aarond.com Mon Feb 13 13:30:10 2006 From: aaron at aarond.com (aaron) Date: Mon, 13 Feb 2006 13:30:10 -0500 Subject: [nycphp-talk] date variables In-Reply-To: <43F0C912.2010509@aarond.com> References: <43F0C912.2010509@aarond.com> Message-ID: <43F0D032.70205@aarond.com> Ok I figured it out. They had a constant I had to change. aaron wrote: > I'm working on an accounting text file parser, and they have a date > variable that represents the number of days since 01/01/1968 > > I have to take that number and convert it mm/dd/yyyy > > *Example* > Date variable:..: 3919 > Summary...........: UniData's Internal Date & Time > Description.......: Date: 4/4/2005 > > Any suggestions on what php functions to use? I know some don't go > further back than 1970. > > thanks, > Aaron D. > >------------------------------------------------------------------------ > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From reto.kiefer at gmail.com Mon Feb 13 14:46:14 2006 From: reto.kiefer at gmail.com (Reto M. Kiefer) Date: Mon, 13 Feb 2006 20:46:14 +0100 Subject: [nycphp-talk] UTF8 Windows vs. Linux differences with PHP Message-ID: <41c21c5d0602131146i4bc14566l@mail.gmail.com> Dear all, I have a question regarding the utf8 function in php. We have an application that gets some UTF encoded data and stores it in a UTF encoded Oracle 9 database. We are managing the encoding with utf8-encode and utf8-decode. But depending on wihcih platform we are running the application we have different results. PHP under Windows and Oracle under Windows everything works like a charm. We can read and write from Oracle and receive from and send to UTF Frontend (Macromedia Flex btw.) But on the staging system nothing works any more. PHP runs there under Linux and Oracle under Solaris. I am pretty sure it is not an Oracle problem but I do not know for what to search in the php configuration in order to provide utf encoding and decoding functionality under Linux... Any suggestions are highly appreciated... Thanks in advance and best regards Reto From 1j0lkq002 at sneakemail.com Mon Feb 13 16:05:08 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Mon, 13 Feb 2006 13:05:08 -0800 Subject: [nycphp-talk] Are you promoting someone else?s site without even knowing it? In-Reply-To: <20060213153320.GE20391@lola.aquick.org> References: <20021-72584@sneakemail.com> <20060213153320.GE20391@lola.aquick.org> Message-ID: <12584-05334@sneakemail.com> Adam Fields fields-at-hedge.net |nyphp dev/internal group use| wrote: >On Mon, Feb 13, 2006 at 12:12:55AM -0800, inforequest wrote: >[...] > > >>This is a very good reminder of the dangers of adopting scripts. My >>original article on this is at http://www.threadwatch.org/node/5589 >> >> > >Interesting that the last comment is Kim claiming that this was an >accident and he's removed the offending code from the latest version. > > I don't know of any reason to suspect it was intentional. The backlinks are commonly understood to be valuable, hence the insertion in exchange for the free mod. And everybody knows that if you plastered 13 backlinks at the top of people's sites they would not like that... and probably not use the mod. Since IPB already maintains a bot class definition (for stats and the like) and Kim was already re-writing (internally redirecting) the site at the header level....it might have made sense at the time to only serve the ugly links to search engine bots. As much as "SEO" has become a household word for coders and script kiddies in the past year, it should really be left to the professionals. By its very nature, competitive webmastering seeks to define an existing practice standard (through observation) and then exploit loopholes left by the standard practice ("exploit market inefficiencies"). In other words, once everybody is talking about how backlinks help you rank, professional SEOs are on to the next thing and it isn't long before backlinks are penalized by the SEs as a means of eliminating spam (as happened in the fall of 2005). I agree a problem is the tremendous amount of bad advice out there, but from what I can see it is also true for PHP coding, security, etc. Caveat emptor and all that. -=john andrews http://www.seo-fun.com From 1j0lkq002 at sneakemail.com Mon Feb 13 16:29:22 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Mon, 13 Feb 2006 13:29:22 -0800 Subject: [nycphp-talk] Are you promoting someone else?s site without even knowing it? In-Reply-To: <12584-05334@sneakemail.com> References: <20021-72584@sneakemail.com> <20060213153320.GE20391@lola.aquick.org> <12584-05334@sneakemail.com> Message-ID: <27579-74926@sneakemail.com> By the way, the mod author has responded on ThreadWatch that he was unaware of the risks of the cloaking tactic deployed, and has removed it from the latest version available for download. I took a look and the backlinks are gone, the cloaking is gone, and any mention of them is gone. I don't use IPB so I can't say it works or works well, but it appears to have been cleaned up. http://www.threadwatch.org/node/5589 Of course any mod that inserts code into the view controller and/or server level redirecting (re-writing) has to be watched very carefully. Lesson learned? -=john andrews http://www.seo-fun.com From cahoyos at us.ibm.com Mon Feb 13 20:31:44 2006 From: cahoyos at us.ibm.com (Carlos A Hoyos) Date: Mon, 13 Feb 2006 20:31:44 -0500 Subject: [nycphp-talk] UTF8 Windows vs. Linux differences with PHP In-Reply-To: <41c21c5d0602131146i4bc14566l@mail.gmail.com> Message-ID: > > PHP under Windows and Oracle under Windows everything works like a > charm. We can read and write from Oracle and receive from and send to > UTF Frontend (Macromedia Flex btw.) > > But on the staging system nothing works any more. PHP runs there under > Linux and Oracle under Solaris. > Check the "default_charset" variable in php.ini (you can see it through phpinfo()). If you're not setting the encoding type, the server might be passing the default one in the header. Carlos From reto.kiefer at gmail.com Tue Feb 14 04:11:19 2006 From: reto.kiefer at gmail.com (Reto M. Kiefer) Date: Tue, 14 Feb 2006 10:11:19 +0100 Subject: [nycphp-talk] UTF8 Windows vs. Linux differences with PHP In-Reply-To: References: <41c21c5d0602131146i4bc14566l@mail.gmail.com> Message-ID: <41c21c5d0602140111w20c6813u@mail.gmail.com> Hello Carlos, thank you for your answer, but it didn't solve the problem. I still have a wrong behaviour in UTF8 Encoding and Decoding with PHP under LInux and Windows. Another suggestions are highly appreciated... Thanks in advance Reto 2006/2/14, Carlos A Hoyos : > > > > > PHP under Windows and Oracle under Windows everything works like a > > charm. We can read and write from Oracle and receive from and send to > > UTF Frontend (Macromedia Flex btw.) > > > > But on the staging system nothing works any more. PHP runs there under > > Linux and Oracle under Solaris. > > > > Check the "default_charset" variable in php.ini (you can see it through > phpinfo()). If you're not setting the encoding type, the server might be > passing the default one in the header. > > Carlos > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From artzi at avaya.com Tue Feb 14 04:46:12 2006 From: artzi at avaya.com (Artzi, Yoav (Yoav)) Date: Tue, 14 Feb 2006 11:46:12 +0200 Subject: [nycphp-talk] PhP5.1.1 Multi threaded cross platform compilation issues Message-ID: I have a problem that the PHP configure seems to automatically disable pthreads when I compile on cross platfrom. Host: i686-pentium-linux Target: ppc-powerquicc-linux More details about the target machine: PowerQuicc II MPC8248 My configure file is as follows: './configure' \ '--cache-file=config.cache' \ '--disable-debug' \ '--enable-memory-limit' \ '--enable-pic' \ '--enable-safe-mode' \ '--enable-sockets' \ '--enable-track-vars' \ '--enable-trans-sid' \ '--enable-wddx' \ '--sysconfdir=/home/yoav/export/etc/appWeb' \ '--with-exec-dir=/home/yoav/export/etc/appWeb/exec' \ '--with-regex=system' \ '--with-pear' \ '--with-xml' \ '--with-xmlrpc' \ '--enable-bcmath' \ '--enable-calendar' \ '--enable-force-cgi-redirect' \ '--enable-ftp' \ '--enable-inline-optimization' \ '--enable-magic-quotes' \ '--disable-rpath' \ '--with-zlib' \ '--with-db' \ '--enable-embed=shared' \ '--with-gnu-ld' \ '--prefix=/home/yoav/export/etc/php5' \ '--target=ppc-powerquicc-linux' \ '--enable-maintainer-zts' \ '--with-tsrm-pthreads' Using ZTS as an application I would like to use (AppWeb) required it and I must have a multi threaded version of PHP. Looking at the configure file it seems that PHP automatically chooses to disable pthreads once it detects it's a cross platform compilation. Thanks, Yoav. -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrew at plexpod.com Tue Feb 14 10:09:52 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Tue, 14 Feb 2006 10:09:52 -0500 Subject: [nycphp-talk] PhP5.1.1 Multi threaded cross platform compilation issues In-Reply-To: References: Message-ID: <20060214150951.GZ3536@desario.homelinux.net> On Tue, Feb 14, 2006 at 11:46:12AM +0200, Artzi, Yoav (Yoav) wrote: > I have a problem that the PHP configure seems to automatically disable > pthreads when I compile on cross platfrom. > > Looking at the configure file it seems that PHP automatically chooses to > disable pthreads once it detects it's a cross platform compilation. Thats curious. I see the code in the configure script that you describe. It also makes an exception for netware. I'd suggest asking the core developers as they'd know why pthreads is handled that way in the case of cross compiling. Any reason you *must* cross compile? No chance of building on the target? HTH, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From artzi at avaya.com Tue Feb 14 10:14:02 2006 From: artzi at avaya.com (Artzi, Yoav (Yoav)) Date: Tue, 14 Feb 2006 17:14:02 +0200 Subject: [nycphp-talk] PhP5.1.1 Multi threaded cross platform compilationissues Message-ID: The target is this really weak box, an embedded system. I contacted Zand, and they were a bit baffled, but they will look into it more and we will see. I am not very optimistic right now, but there must be a solution. Yoav. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Andrew Yochum Sent: Tuesday, February 14, 2006 5:10 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PhP5.1.1 Multi threaded cross platform compilationissues On Tue, Feb 14, 2006 at 11:46:12AM +0200, Artzi, Yoav (Yoav) wrote: > I have a problem that the PHP configure seems to automatically disable > pthreads when I compile on cross platfrom. > > Looking at the configure file it seems that PHP automatically chooses > to disable pthreads once it detects it's a cross platform compilation. Thats curious. I see the code in the configure script that you describe. It also makes an exception for netware. I'd suggest asking the core developers as they'd know why pthreads is handled that way in the case of cross compiling. Any reason you *must* cross compile? No chance of building on the target? HTH, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From andrew at plexpod.com Tue Feb 14 10:22:20 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Tue, 14 Feb 2006 10:22:20 -0500 Subject: [nycphp-talk] PhP5.1.1 Multi threaded cross platform compilationissues In-Reply-To: References: Message-ID: <20060214152219.GA3536@desario.homelinux.net> On Tue, Feb 14, 2006 at 05:14:02PM +0200, Artzi, Yoav (Yoav) wrote: > The target is this really weak box, an embedded system. Thats a good reason. > I contacted Zand, and they were a bit baffled, but they will look into > it more and we will see. I am not very optimistic right now, but there > must be a solution. Have you tried modifying the configure script to add an exception for your case and seeing what happens? Its probably best to understand *why* it does what it does, but its worth a shot. You might try asking about this on the php internals list. Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From artzi at avaya.com Tue Feb 14 10:24:16 2006 From: artzi at avaya.com (Artzi, Yoav (Yoav)) Date: Tue, 14 Feb 2006 17:24:16 +0200 Subject: [nycphp-talk] PhP5.1.1 Multi threaded cross platformcompilationissues Message-ID: Tried that, the compliation doesn't pass, as expected. Where can I find the internals list? Thanks. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Andrew Yochum Sent: Tuesday, February 14, 2006 5:22 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PhP5.1.1 Multi threaded cross platformcompilationissues On Tue, Feb 14, 2006 at 05:14:02PM +0200, Artzi, Yoav (Yoav) wrote: > The target is this really weak box, an embedded system. Thats a good reason. > I contacted Zand, and they were a bit baffled, but they will look into > it more and we will see. I am not very optimistic right now, but there > must be a solution. Have you tried modifying the configure script to add an exception for your case and seeing what happens? Its probably best to understand *why* it does what it does, but its worth a shot. You might try asking about this on the php internals list. Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From andrew at plexpod.com Tue Feb 14 10:26:05 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Tue, 14 Feb 2006 10:26:05 -0500 Subject: [nycphp-talk] PhP5.1.1 Multi threaded cross platformcompilationissues In-Reply-To: References: Message-ID: <20060214152605.GB3536@desario.homelinux.net> On Tue, Feb 14, 2006 at 05:24:16PM +0200, Artzi, Yoav (Yoav) wrote: > Tried that, the compliation doesn't pass, as expected. Where can I find > the internals list? http://www.php.net/mailing-lists.php#internals Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From prusak at gmail.com Tue Feb 14 14:27:26 2006 From: prusak at gmail.com (Ophir Prusak) Date: Tue, 14 Feb 2006 14:27:26 -0500 Subject: [nycphp-talk] oracle to buy zend ??? Message-ID: I'm surprised on one has mentioned this yet: http://www.informationweek.com/software/showArticle.jhtml?articleID=180200853&subSection=Open+Source or just do a google news search for oracle and zend ophir From codebowl at gmail.com Tue Feb 14 14:53:22 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Tue, 14 Feb 2006 14:53:22 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: References: Message-ID: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> why does anyone have to buy out zend, isnt the company doing well enough on it's own 2 feet? I would hate to see the prices of Zend products jump if they were bought out by oracle. What would this mean for the products, would they continue development or are they buying them out just to get the product they want to continue? I do not know much about this except that one paragraph but i would hate to see zend sold, maybe a funding partnership or something but zend has a great product line now and i see it continuously growing. Thanks, -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From ken at secdat.com Tue Feb 14 15:44:31 2006 From: ken at secdat.com (Kenneth Downs) Date: Tue, 14 Feb 2006 15:44:31 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> References: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> Message-ID: <43F2412F.90802@secdat.com> Joseph Crawford wrote: > why does anyone have to buy out zend, isnt the company doing well > enough on it's own 2 feet? > To make both parties wealthier, that is always why it is done. The owners of Zend cash out, and Oracle gets to steer the product where they will. But of course right now it is only rumor. -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 186 bytes Desc: not available URL: From cliff at pinestream.com Tue Feb 14 15:51:06 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Tue, 14 Feb 2006 15:51:06 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <43F2412F.90802@secdat.com> Message-ID: <003301c631a8$609397f0$0aa8a8c0@cliff> And VCs require a "liquidity event," whether profitable or not, to return capital to their partners. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Kenneth Downs Sent: Tuesday, February 14, 2006 3:45 PM To: NYPHP Talk Subject: Re: [nycphp-talk] oracle to buy zend ??? Joseph Crawford wrote: > why does anyone have to buy out zend, isnt the company doing well > enough on it's own 2 feet? > To make both parties wealthier, that is always why it is done. The owners of Zend cash out, and Oracle gets to steer the product where they will. But of course right now it is only rumor. From chsnyder at gmail.com Tue Feb 14 15:57:06 2006 From: chsnyder at gmail.com (csnyder) Date: Tue, 14 Feb 2006 15:57:06 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> References: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> Message-ID: On 2/14/06, Joseph Crawford wrote: > why does anyone have to buy out zend, isnt the company doing well enough on > it's own 2 feet? > > I would hate to see the prices of Zend products jump if they were bought > out by oracle. What would this mean for the products, would they continue > development or are they buying them out just to get the product they want to > continue? I do not know much about this except that one paragraph but i > would hate to see zend sold, maybe a funding partnership or something but > zend has a great product line now and i see it continuously growing. > From the article: > Andi Gutmans, CTO and a founder of Zend, said his firm "works well with > Oracle and lots of other companies. We want to keep it that way. We see > a whole lot of potential ahead of us" as an independent firm. But let's say Oracle wants to buy Zend... does IBM put in their own bid? Does Yahoo? And who is the publicist that started these "rumors" anyway... ? -- Chris Snyder http://chxo.com/ From scott at crisscott.com Tue Feb 14 16:00:20 2006 From: scott at crisscott.com (Scott Mattocks) Date: Tue, 14 Feb 2006 16:00:20 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> References: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> Message-ID: <43F244E4.7070605@crisscott.com> Joseph Crawford wrote: > why does anyone have to buy out zend, isnt the company doing well enough on > it's own 2 feet? It isn't about saving Zend from financial ruin. Its about grabbing a hold of their market share and profits. If they buy Zend, they own all of the Zend products. Then they get the money from selling them and they can control the development. They can make Zend products really easy to integrate with Oracle. That means people will be more likely to buy Oracle products. -- Scott Mattocks http://www.crisscott.com From matt at jiffycomp.com Tue Feb 14 17:13:04 2006 From: matt at jiffycomp.com (Matt Morgan) Date: Tue, 14 Feb 2006 17:13:04 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <43F244E4.7070605@crisscott.com> References: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> <43F244E4.7070605@crisscott.com> Message-ID: <43F255F0.4000301@jiffycomp.com> Scott Mattocks wrote: >Joseph Crawford wrote: > > >>why does anyone have to buy out zend, isnt the company doing well enough on >>it's own 2 feet? >> >> > >It isn't about saving Zend from financial ruin. Its about grabbing a >hold of their market share and profits. If they buy Zend, they own all >of the Zend products. Then they get the money from selling them and they >can control the development. They can make Zend products really easy to >integrate with Oracle. That means people will be more likely to buy >Oracle products. > > Honestly, it's another big-business vote for PHP, and (hopefully) for open-source. Despite some success, Oracle's never been quite as successful as they'd have liked on the applications front (did they ever succeed in buying PeopleSoft? I can't even remember). Not that I'm saying it's a good or bad thing overall, but if you were Oracle, wouldn't you like to have zillions of PHP programmers (and a few good ones :-)) able to write useful applications quickly for your platform? I realize it's just a rumor, but Oracle sees the wind blowing away from java, toward PHP, like the rest of us. That's why it's a believable rumor. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hendler at simmons.edu Tue Feb 14 17:48:27 2006 From: hendler at simmons.edu (Jonathan Hendler) Date: Tue, 14 Feb 2006 17:48:27 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <43F255F0.4000301@jiffycomp.com> References: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> <43F244E4.7070605@crisscott.com> <43F255F0.4000301@jiffycomp.com> Message-ID: <43F25E3B.5080602@simmons.edu> I hope they do better than Macromedia with Coldfusion who made Dreamweaver so easy to integrate. (not that I ever used Coldfusion) Generally, I think it's a bad idea. I would like to see Oracle be friends with Zend, not BE Zend. Maybe it is what Zend wants. Who wouldn't want a money so the rest of your life you can do "whatever you want" with your time? Maybe even something more important than PHP.... :/ I'm ignorant of the Zend Platform for Oracle. But in principle, Oracle could save a lot of money if they just made easier-to-use tools. They might as well donate tools that simplify everyones life to an open source platform. They should do it for Ruby, Python, IDEs. etc. And they should build easy to use interfaces. Maybe they should think about buying MySQL instead. :) Matt Morgan wrote: > Scott Mattocks wrote: > >>Joseph Crawford wrote: >> >> >>>why does anyone have to buy out zend, isnt the company doing well enough on >>>it's own 2 feet? >>> >>> >> >>It isn't about saving Zend from financial ruin. Its about grabbing a >>hold of their market share and profits. If they buy Zend, they own all >>of the Zend products. Then they get the money from selling them and they >>can control the development. They can make Zend products really easy to >>integrate with Oracle. That means people will be more likely to buy >>Oracle products. >> >> > Honestly, it's another big-business vote for PHP, and (hopefully) for > open-source. Despite some success, Oracle's never been quite as > successful as they'd have liked on the applications front (did they > ever succeed in buying PeopleSoft? I can't even remember). Not that > I'm saying it's a good or bad thing overall, but if you were Oracle, > wouldn't you like to have zillions of PHP programmers (and a few good > ones :-)) able to write useful applications quickly for your platform? > > I realize it's just a rumor, but Oracle sees the wind blowing away > from java, toward PHP, like the rest of us. That's why it's a > believable rumor. > >------------------------------------------------------------------------ > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > From mike.n at zend.com Tue Feb 14 18:22:17 2006 From: mike.n at zend.com (Mike Naberezny) Date: Tue, 14 Feb 2006 15:22:17 -0800 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <43F25E3B.5080602@simmons.edu> References: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> <43F244E4.7070605@crisscott.com> <43F255F0.4000301@jiffycomp.com> <43F25E3B.5080602@simmons.edu> Message-ID: <43F26629.3070603@zend.com> Jonathan Hendler wrote: > I'm ignorant of the Zend Platform for Oracle. But in principle, Oracle > could save a lot of money if they just made easier-to-use tools. > They might as well donate tools that simplify everyones life to an open > source platform. They should do it for Ruby, Python, IDEs. etc. > And they should build easy to use interfaces. You might want to check out Zend Core for Oracle. It probably has a lot of what you'd like as far as easy installation with PHP and a web-based admin GUI. Core is separate from Zend Platform and can be downloaded for free online. There is also a paid support option via Zend Network. http://www.zend.com/core/oracle You can see the installation guide on that page to get an idea of what it's like. Also, a Windows version was just released for developers on that platform. Mike From andrew at plexpod.com Tue Feb 14 19:11:08 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Tue, 14 Feb 2006 19:11:08 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <43F26629.3070603@zend.com> References: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> <43F244E4.7070605@crisscott.com> <43F255F0.4000301@jiffycomp.com> <43F25E3B.5080602@simmons.edu> <43F26629.3070603@zend.com> Message-ID: <20060215001108.GJ25979@desario.homelinux.net> On Tue, Feb 14, 2006 at 03:22:17PM -0800, Mike Naberezny wrote: > Jonathan Hendler wrote: > > I'm ignorant of the Zend Platform for Oracle. But in principle, Oracle > > could save a lot of money if they just made easier-to-use tools. > > They might as well donate tools that simplify everyones life to an open > > source platform. They should do it for Ruby, Python, IDEs. etc. > > And they should build easy to use interfaces. > > You might want to check out Zend Core for Oracle. It probably has a lot of > what you'd like as far as easy installation with PHP and a web-based admin > GUI. Core is separate from Zend Platform and can be downloaded for free > online. There is also a paid support option via Zend Network. > > http://www.zend.com/core/oracle If I'm not mistaken, Zend Core for Oracle does not include Oracle itself, only the extension & client libs.... So, there is also Oracle 10g Express Edition ... "free to develop, deploy, and distribute ... for Developers working on PHP ...": http://www.oracle.com/technology/products/database/xe/index.html Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From krook at us.ibm.com Tue Feb 14 19:27:01 2006 From: krook at us.ibm.com (Daniel Krook) Date: Tue, 14 Feb 2006 16:27:01 -0800 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <20060215001108.GJ25979@desario.homelinux.net> Message-ID: > > You might want to check out Zend Core for Oracle. It > probably has a lot of > > what you'd like as far as easy installation with PHP and > a web-based admin > > GUI. Core is separate from Zend Platform and can be > downloaded for free > > online. There is also a paid support option via Zend Network. > > > > http://www.zend.com/core/oracle > > If I'm not mistaken, Zend Core for Oracle does not include Oracle > itself, only the extension & client libs.... I guess I should chime in here too... The Zend Core for IBM comes with the DB2 client which can be used to connect to the included Cloudscape (Derby) embedded database or any version of DB2. It can then be used with the newly released DB2 Express-C which is free (as in a free keg): http://www.ibm.com/developerworks/db2/library/techarticle/dm-0602hutchison/ Daniel Krook, Content Tools Developer Global Production Services - Tools, ibm.com http://bluepages.redirect.webahead.ibm.com/ http://blogpages.redirect.webahead.ibm.com/ http://bookmarks.redirect.webahead.ibm.com/ From mike.n at zend.com Tue Feb 14 20:23:21 2006 From: mike.n at zend.com (Mike Naberezny) Date: Tue, 14 Feb 2006 17:23:21 -0800 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <20060215001108.GJ25979@desario.homelinux.net> References: <8d9a42800602141153t73607022l2db967c83ab52fee@mail.gmail.com> <43F244E4.7070605@crisscott.com> <43F255F0.4000301@jiffycomp.com> <43F25E3B.5080602@simmons.edu> <43F26629.3070603@zend.com> <20060215001108.GJ25979@desario.homelinux.net> Message-ID: <43F28289.7060403@zend.com> Andrew Yochum wrote: > If I'm not mistaken, Zend Core for Oracle does not include Oracle > itself, only the extension & client libs.... It's important to understand that Zend Core is actually more than just libraries. Core is actually a PHP distribution from Zend, analogous to how Red Hat Enterprise Linux is a Linux distribution from Red Hat. You wouldn't download PHP from php.net and then install Core on top of it. You'd just install Zend Core and that would give you PHP with Oracle or DB2 support. You have a database, then install Core, and you end up with a complete system. The difference here is that Core follows a different release cycle than mainstream PHP. It is actually built separately by Zend and is always tested against the bundled database libraries. Similar to how the major Linux distributions work, Core doesn't contain all the bleeding-edge features of PHP 5.1.2. However, the newer features are merged in as part of the release cycle after they are QA'ed against the rest of the Core distribution. The aim of Zend Core is to provide a version of PHP for use with Oracle or DB2 that is stable and supported. Mike From danielc at analysisandsolutions.com Tue Feb 14 21:15:48 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 14 Feb 2006 21:15:48 -0500 Subject: [nycphp-talk] UTF8 Windows vs. Linux differences with PHP In-Reply-To: <41c21c5d0602131146i4bc14566l@mail.gmail.com> References: <41c21c5d0602131146i4bc14566l@mail.gmail.com> Message-ID: <20060215021547.GA1458@panix.com> On Mon, Feb 13, 2006 at 08:46:14PM +0100, Reto M. Kiefer wrote: > I am pretty sure it is not an Oracle problem but I do not know for > what to search in the php configuration in order to provide utf > encoding and decoding functionality under Linux... Need to do tests to figure out where the issue is. Is PHP messing it up before sending it to the database? Is the databse messing it up? Is PHP warping the data when it sends it to user output? You need to make tests to check each scenario. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From reto.kiefer at gmail.com Wed Feb 15 04:02:42 2006 From: reto.kiefer at gmail.com (Reto M. Kiefer) Date: Wed, 15 Feb 2006 10:02:42 +0100 Subject: [nycphp-talk] UTF8 Windows vs. Linux differences with PHP In-Reply-To: <20060215021547.GA1458@panix.com> References: <41c21c5d0602131146i4bc14566l@mail.gmail.com> <20060215021547.GA1458@panix.com> Message-ID: <41c21c5d0602150102v3c344a7dr@mail.gmail.com> Hi, thank you for your suggestions! > Need to do tests to figure out where the issue is. > > Is PHP messing it up before sending it to the database? > Is the databse messing it up? > Is PHP warping the data when it sends it to user output? I made some tests and discovered that the data is corrupted before encoding i.e. the data si coming from Oracle in a bad encoding. Further tests revealed that I am pretty sure a environment variable for Oracle is missing. So I will search in this direction or ask Oracle Support. Thanks again Reto From lists at zaunere.com Wed Feb 15 07:14:49 2006 From: lists at zaunere.com (Hans Zaunere) Date: Wed, 15 Feb 2006 07:14:49 -0500 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <43F28289.7060403@zend.com> Message-ID: <005801c63229$6cdf76b0$2603a8c0@MZ> Mike Naberezny wrote on Tuesday, February 14, 2006 8:23 PM: > Andrew Yochum wrote: > > If I'm not mistaken, Zend Core for Oracle does not include Oracle > > itself, only the extension & client libs.... > > It's important to understand that Zend Core is actually more than just > libraries. Core is actually a PHP distribution from Zend, analogous to > how Red Hat Enterprise Linux is a Linux distribution from Red Hat. > > You wouldn't download PHP from php.net and then install Core on top of it. > You'd just install Zend Core and that would give you PHP with Oracle or > DB2 support. You have a database, then install Core, and you end up with > a complete system. > > The difference here is that Core follows a different release cycle than > mainstream PHP. It is actually built separately by Zend and is always > tested against the bundled database libraries. > > Similar to how the major Linux distributions work, Core doesn't contain > all the bleeding-edge features of PHP 5.1.2. However, the newer features > are merged in as part of the release cycle after they are QA'ed against > the rest of the Core distribution. The aim of Zend Core is to provide a > version of PHP for use with Oracle or DB2 that is stable and supported. Would be nice to have a presentation on this, either at a meeting or at NYPHPCon 2006, since I don't think this is very well known. It'd be interesting to hear about the specific advantages core provides, outside of a web control panel and XYZ database libraries. --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From danielc at analysisandsolutions.com Wed Feb 15 08:18:45 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Wed, 15 Feb 2006 08:18:45 -0500 Subject: [nycphp-talk] oracle buys sleepy cat (berkeley db) In-Reply-To: References: Message-ID: <20060215131845.GA5045@panix.com> Howdy: Well, Oracle's buying spree continues, with the acquisition of SleepyCat, the folks who make Berkeley DB. BDB is also used by MySQL. As mentioned earlier, Oracle also purchased Innobase, the makers of the InnoDB engine used by MySQL. http://www.oracle.com/corporate/press/2006_feb/sleepycat.html http://www.oracle.com/innodb/index.html Wheeee!!! --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From 1j0lkq002 at sneakemail.com Wed Feb 15 13:02:09 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 15 Feb 2006 10:02:09 -0800 Subject: [nycphp-talk] oracle buys InnoDB In-Reply-To: <20060215131845.GA5045@panix.com> References: <20060215131845.GA5045@panix.com> Message-ID: <22518-02947@sneakemail.com> "InnoDB is not a standalone database product: it is distributed as a part of the MySQL database. InnoDB's contractual relationship with MySQL comes up for renewal next year. Oracle fully expects to negotiate an extension of that relationship." From fields at hedge.net Wed Feb 15 13:12:41 2006 From: fields at hedge.net (Adam Fields) Date: Wed, 15 Feb 2006 13:12:41 -0500 Subject: [nycphp-talk] oracle buys InnoDB In-Reply-To: <22518-02947@sneakemail.com> References: <20060215131845.GA5045@panix.com> <22518-02947@sneakemail.com> Message-ID: <20060215181240.GN25667@lola.aquick.org> On Wed, Feb 15, 2006 at 10:02:09AM -0800, inforequest wrote: > "InnoDB is not a standalone database product: it is distributed as a > part of the MySQL database. InnoDB's contractual relationship with MySQL > comes up for renewal next year. Oracle fully expects to negotiate an > extension of that relationship." "Nice database backend you've got here. Be a shame if anything bad happened to it." -- - Adam ** Expert Technical Project and Business Management **** System Performance Analysis and Architecture ****** [ http://www.everylastounce.com ] [ http://www.aquick.org/blog ] ............ Blog [ http://www.adamfields.com/resume.html ].. Experience [ http://www.flickr.com/photos/fields ] ... Photos [ http://www.aquicki.com/wiki ].............Wiki [ http://del.icio.us/fields ] ............. Links From mike.n at zend.com Wed Feb 15 13:29:48 2006 From: mike.n at zend.com (Mike Naberezny) Date: Wed, 15 Feb 2006 10:29:48 -0800 Subject: [nycphp-talk] oracle to buy zend ??? In-Reply-To: <005801c63229$6cdf76b0$2603a8c0@MZ> References: <005801c63229$6cdf76b0$2603a8c0@MZ> Message-ID: <43F3731C.3080607@zend.com> Hans Zaunere wrote: > Would be nice to have a presentation on this, either at a meeting or at > NYPHPCon 2006, since I don't think this is very well known. It'd be > interesting to hear about the specific advantages core provides, outside of > a web control panel and XYZ database libraries. I'll talk to some people here and we'll be sure to get back to you on it. Mike From cliff at pinestream.com Wed Feb 15 13:42:46 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Wed, 15 Feb 2006 13:42:46 -0500 Subject: [nycphp-talk] Query result state strategy Message-ID: <00a501c6325f$9cf56e50$0aa8a8c0@cliff> Lately, it seems like I need to execute queries twice -- the first time to gather data and set actions for the presentation layer. That's fine. What disturbs me is that I need to do this all over again when receiving actionable input, going along with the theory that all input from the client is evil unless proved otherwise. Thank you Chris... So now I need to run a query again, check to see if the particular action is allowed based on the data gathered and than act upon it if the action is valid. The joy of an open client-server system. Do I just accept this and get on with it? Do I maintain the query results and state info with sessions, which I have avoided to date because I believe sessions have their own scalability baggage? Comments? Cliff Hirsch -------------- next part -------------- An HTML attachment was scrubbed... URL: From shiflett at php.net Wed Feb 15 13:47:01 2006 From: shiflett at php.net (Chris Shiflett) Date: Wed, 15 Feb 2006 13:47:01 -0500 Subject: [nycphp-talk] Query result state strategy In-Reply-To: <00a501c6325f$9cf56e50$0aa8a8c0@cliff> References: <00a501c6325f$9cf56e50$0aa8a8c0@cliff> Message-ID: <43F37725.1090704@php.net> Hi Cliff, Cliff Hirsch wrote: > Lately, it seems like I need to execute queries twice -- the first > time to gather data and set actions for the presentation layer. > That's fine. > > What disturbs me is that I need to do this all over again when > receiving actionable input, going along with the theory that all > input from the client is evil unless proved otherwise. Thank you > Chris. You're welcome? :-) Can you give us a more concrete example? It seems likely that you can avoid having to query the database multiple times just to be able to maintain a healthy level of suspicion. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ From cliff at pinestream.com Wed Feb 15 14:19:14 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Wed, 15 Feb 2006 14:19:14 -0500 Subject: [nycphp-talk] Query result state strategy In-Reply-To: <43F37725.1090704@php.net> Message-ID: <00b901c63264$b51fb3f0$0aa8a8c0@cliff> Thanks for the reply Chris -- see, I've become a believer... Ok, so here's one case: I display a bunch of rows. Each row has several fields, including a few status fields (some displayed, some not). Various actions (buttons) are allowed based on combinations of the status fields. (As a side-note, this relates to the state table thread I started last week). I disable buttons that are not allowed, so only valid actions can be submitted, but it would be trivial to submit a button that has been disabled. When I receive a button submission for a particular row, I query the row from the db, and check to see if this action is allowed based upon the status fields. If it were as simple as checking for a userid, I could do a single step update on the row using something like WHERE row = submittedrowid and userid = guyloggedin. In fact, I will probably double check the logic flow to see if the validation and DB update can be compressed into a single query. Like "UPDATE SET price = price + submission WHERE fields meet conditions" Failed update == failed validation, or something like that. But the button actions are based on a complex set of status codes and launch a flurry of processes. So this scenario might not work. Stream of consciousness going here... As I think about this, it seems like I can still only compress a DB read and write to a single update -- with a lot of work. What about some sort of encrypted key stored in a hidden field on the client side? I could encrypt all the possible options and then cross check the submission against the encrypted value. I guess that's just shifting state info to the client -- is that safe if its encrypted? Thoughts? Hi Cliff, Cliff Hirsch wrote: > Lately, it seems like I need to execute queries twice -- the first > time to gather data and set actions for the presentation layer. That's > fine. > > What disturbs me is that I need to do this all over again when > receiving actionable input, going along with the theory that all input > from the client is evil unless proved otherwise. Thank you Chris. You're welcome? :-) Can you give us a more concrete example? It seems likely that you can avoid having to query the database multiple times just to be able to maintain a healthy level of suspicion. Chris From 1j0lkq002 at sneakemail.com Wed Feb 15 17:34:26 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 15 Feb 2006 14:34:26 -0800 Subject: [nycphp-talk] PHP Security or Windows Security or just Security? In-Reply-To: <6.2.3.4.2.20060204172049.02527690@mail.optonline.net> References: <20060204195618.13E1DEDAEE0@mailspool2.panix.com> <1ec620e90602041343h42c423fbp6a7ba9aa121c9ccd@mail.gmail.com> <6.2.3.4.2.20060204172049.02527690@mail.optonline.net> Message-ID: <31538-13555@sneakemail.com> Sometimes it is interesting to contrast reporting "styles" (sometimes called spin). PHP is the problem: http://news.netcraft.com/archives/2006/01/31/php_apps_a_growing_target_for_hackers.html Windows is the problem: http://news.com.com/AMD+forums+laid+low+by+Windows+exploit/2100-7349_3-6033068.html most of us know that BUDGETS and MANAGERS are the real problem ;-) but still, when a PHP app is loosly coded, or a script kiddie adopts a PHP app and fails to patch it, or a business operates non-securely such that phishing approach works really, really well, why blame "technology" ? Because it is so easy... a victimless crime :-) -=john andrews http://www.seo-fun.com From jonbaer at jonbaer.com Wed Feb 15 17:54:10 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Wed, 15 Feb 2006 17:54:10 -0500 Subject: [nycphp-talk] Todays quote of the day (MySQL) Message-ID: Direct from the dolphin's mouth ... http://www.forbes.com/home/technology/2006/02/15/oracle-yahoo-google- cz_vmb_0215Mysql.html How do Oracle?s recent open source acquisitions affect MySQL? "These acquisitions give us credibility. People are wondering why Oracle has to buy all of this technology." BTW, 5.1.6 is now available for testing/tryout ... http:// dev.mysql.com/downloads/mysql/5.1.html - Jon From cahoyos at us.ibm.com Wed Feb 15 17:58:46 2006 From: cahoyos at us.ibm.com (Carlos A Hoyos) Date: Wed, 15 Feb 2006 17:58:46 -0500 Subject: [nycphp-talk] Query result state strategy In-Reply-To: <00b901c63264$b51fb3f0$0aa8a8c0@cliff> Message-ID: > What about some sort of encrypted key stored in a hidden field on the > client side? I could encrypt all the possible options and then cross > check the submission against the encrypted value. I guess that's just > shifting state info to the client -- is that safe if its encrypted? You can pass a bunch of hidden variables and a hash of these variables with a secret key to validate if they were tampered with. And if you do it correctly, you can achieve some security with it. This, btw, is used in simple integration schemas by some merchant gateways to validate submitted information: You send your data (cc, amount, etc...) and an md5 hash of the concatenation of all these variables and a secret key. On their side, they calculate the hash again (only you and them can know the key), and if it doesn't match, parameters were tampered. Keep in mind most applications should be ok handling the query to the database. Since you already need the database connection for the update, and with a query cache, the overhead of the second query might be negligible and your code might be much simpler. Carlos From cliff at pinestream.com Wed Feb 15 18:07:50 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Wed, 15 Feb 2006 18:07:50 -0500 Subject: [nycphp-talk] Query result state strategy In-Reply-To: Message-ID: <000f01c63284$a4bfc160$0aa8a8c0@cliff> Carlos: Sounds like an interesting approach. I like it for scaling out. But you make an interesting point regarding the second query -- caching could reduce the load significantly. And regarding simplicity, I've been leaning more and more towards just getting the application finished and worrying about performance later. I hate to admit that, but planning for a hundred million users seems senseless if the application is never finished. > What about some sort of encrypted key stored in a hidden field on the > client side? I could encrypt all the possible options and then cross > check the submission against the encrypted value. I guess that's just > shifting state info to the client -- is that safe if its encrypted? You can pass a bunch of hidden variables and a hash of these variables with a secret key to validate if they were tampered with. And if you do it correctly, you can achieve some security with it. This, btw, is used in simple integration schemas by some merchant gateways to validate submitted information: You send your data (cc, amount, etc...) and an md5 hash of the concatenation of all these variables and a secret key. On their side, they calculate the hash again (only you and them can know the key), and if it doesn't match, parameters were tampered. Keep in mind most applications should be ok handling the query to the database. Since you already need the database connection for the update, and with a query cache, the overhead of the second query might be negligible and your code might be much simpler. Carlos From krook at us.ibm.com Wed Feb 15 18:09:48 2006 From: krook at us.ibm.com (Daniel Krook) Date: Wed, 15 Feb 2006 15:09:48 -0800 Subject: [nycphp-talk] Todays quote of the day (MySQL) In-Reply-To: Message-ID: > Direct from the dolphin's mouth ... > [snip] > > - Jon This earlier quote from Mickos made me smile: "MySQL freely admits that its database is totally different from the high-end offerings of IBM and Oracle. It's trying to be the Ikea of the database world: cheap, needs some assembly, but has a sleek, modern design and does the job. "If you are equipping some very fine room for your old relatives, maybe you buy antique furniture. But everyone else uses Ikea," Mickos says." http://www.businessweek.com/technology/content/feb2006/tc20060206_918648.htm Daniel Krook, Content Tools Developer Global Production Services - Tools, ibm.com http://bluepages.redirect.webahead.ibm.com/ http://blogpages.redirect.webahead.ibm.com/ http://bookmarks.redirect.webahead.ibm.com/ From chsnyder at gmail.com Thu Feb 16 08:57:23 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 16 Feb 2006 08:57:23 -0500 Subject: [nycphp-talk] PHP Security or Windows Security or just Security? In-Reply-To: <31538-13555@sneakemail.com> References: <20060204195618.13E1DEDAEE0@mailspool2.panix.com> <1ec620e90602041343h42c423fbp6a7ba9aa121c9ccd@mail.gmail.com> <6.2.3.4.2.20060204172049.02527690@mail.optonline.net> <31538-13555@sneakemail.com> Message-ID: On 2/15/06, inforequest <1j0lkq002 at sneakemail.com> wrote: > Sometimes it is interesting to contrast reporting "styles" (sometimes > called spin). > > PHP is the problem: > http://news.netcraft.com/archives/2006/01/31/php_apps_a_growing_target_for_hackers.html > > Windows is the problem: > http://news.com.com/AMD+forums+laid+low+by+Windows+exploit/2100-7349_3-6033068.html > > most of us know that BUDGETS and MANAGERS are the real problem ;-) but > still, when a PHP app is loosly coded, or a script kiddie adopts a PHP > app and fails to patch it, or a business operates non-securely such that > phishing approach works really, really well, why blame "technology" ? > Because it is so easy... a victimless crime :-) > > -=john andrews > http://www.seo-fun.com Eh, networked computers are the problem. We would all be perfectly safe if we could just learn to get by without the internet. When was the last time your fax machine got a virus, hmmm? -- Chris Snyder http://chxo.com/ From 1j0lkq002 at sneakemail.com Thu Feb 16 12:52:50 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 16 Feb 2006 09:52:50 -0800 Subject: [nycphp-talk] PHP Security or Windows Security or just Security? In-Reply-To: References: <20060204195618.13E1DEDAEE0@mailspool2.panix.com> <1ec620e90602041343h42c423fbp6a7ba9aa121c9ccd@mail.gmail.com> <6.2.3.4.2.20060204172049.02527690@mail.optonline.net> <31538-13555@sneakemail.com> Message-ID: <24195-06971@sneakemail.com> csnyder chsnyder-at-gmail.com |nyphp dev/internal group use| wrote: >On 2/15/06, inforequest <1j0lkq002 at sneakemail.com> wrote: > > >>Sometimes it is interesting to contrast reporting "styles" (sometimes >>called spin). >> >>PHP is the problem: >>http://news.netcraft.com/archives/2006/01/31/php_apps_a_growing_target_for_hackers.html >> >>Windows is the problem: >>http://news.com.com/AMD+forums+laid+low+by+Windows+exploit/2100-7349_3-6033068.html >> >>Eh, networked computers are the problem. We would all be perfectly >>safe if we could just learn to get by without the internet. When was >>the last time your fax machine got a virus, hmmm? >> >> >>-- >>Chris Snyder >>http://chxo.com/ >> >> Fax machine? From tedd at sperling.com Thu Feb 16 13:01:18 2006 From: tedd at sperling.com (tedd) Date: Thu, 16 Feb 2006 13:01:18 -0500 Subject: [nycphp-talk] PHP Security or Windows Security or just Security? In-Reply-To: <24195-06971@sneakemail.com> References: <20060204195618.13E1DEDAEE0@mailspool2.panix.com> <1ec620e90602041343h42c423fbp6a7ba9aa121c9ccd@mail.gmail.com> <6.2.3.4.2.20060204172049.02527690@mail.optonline.net> <31538-13555@sneakemail.com> <24195-06971@sneakemail.com> Message-ID: >When was the last time your fax machine got a virus, hmmm? It coughed a couple times -- you think that was it? tedd -- -------------------------------------------------------------------------------- http://sperling.com/ From prusak at gmail.com Thu Feb 16 22:56:24 2006 From: prusak at gmail.com (Ophir Prusak) Date: Thu, 16 Feb 2006 22:56:24 -0500 Subject: [nycphp-talk] Query result state strategy In-Reply-To: <00a501c6325f$9cf56e50$0aa8a8c0@cliff> References: <00a501c6325f$9cf56e50$0aa8a8c0@cliff> Message-ID: to quote chris - "security isn't black and white - it's shades of gray" but to the point - I'd have to add, it really depends on how big of a deal is it if someone does something they're not supposed to do. If this is an ecommerce site - then obviously security is a very big deal. if it's a bulletin board on an intranet ... well, you get the point. On 2/15/06, Cliff Hirsch wrote: > > Lately, it seems like I need to execute queries twice -- the first time to > gather data and set actions for the presentation layer. That's fine. > > What disturbs me is that I need to do this all over again when receiving > actionable input, going along with the theory that all input from the client > is evil unless proved otherwise. Thank you Chris... > > So now I need to run a query again, check to see if the particular action is > allowed based on the data gathered and than act upon it if the action is > valid. The joy of an open client-server system. > > Do I just accept this and get on with it? Do I maintain the query results > and state info with sessions, which I have avoided to date because I believe > sessions have their own scalability baggage? Comments? > > Cliff Hirsch > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > From shiflett at php.net Fri Feb 17 09:21:57 2006 From: shiflett at php.net (Chris Shiflett) Date: Fri, 17 Feb 2006 09:21:57 -0500 Subject: [nycphp-talk] Query result state strategy In-Reply-To: <00b901c63264$b51fb3f0$0aa8a8c0@cliff> References: <00b901c63264$b51fb3f0$0aa8a8c0@cliff> Message-ID: <43F5DC05.2080204@php.net> Hi Cliff, > I've become a believer. Wonderful. :-) > I disable buttons that are not allowed, so only valid actions can > be submitted, but it would be trivial to submit a button that has > been disabled. > > When I receive a button submission for a particular row, I query > the row from the db, and check to see if this action is allowed > based upon the status fields. Stated differently, you're trying to be sure that the status fields you included in the form haven't been tampered with, right? Carlos's suggestion is good for helping to verify integrity. It would also be pretty easy to modify your approach to do this instead of query the database. I have no idea what your SQL query looks like (which is a good thing), but it's a good candidate for hashing, because it presumably contains all of the data you're checking, you already take the time to construct the string, and it's something you can reliably reproduce. Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ From cliff at pinestream.com Fri Feb 17 15:43:27 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 17 Feb 2006 15:43:27 -0500 Subject: [nycphp-talk] index.php ignored on new Mac Mini server setup Message-ID: <002801c63402$ce364580$0aa8a8c0@cliff> I am bringing up a MAC mini as a web server. Thought it would be an easy and interesting way to learn Unix. And a good way to piss off my kids -- "sorry kids, no garageshop or imovie, this is strictly a web server, go play with your Pentium II. Silly me, I don't know ls from cd. I'll never badmouth Bill again. Tried Xampp; got fairly far, but scrapped it. Now I just have the latest installs of MySQL and PHP5. Apache is running (the native version with OSX Tiger). MySQL 5 is running. PHP 5.x is running. PHPMyAdmin gave birth and works just fine. http://localhost/blahblah/test.php works just fine and just only phpinfo() So here's the wierd part: http://localhost/blahblah/index.php simply comes up empty even thought it is identical to test.php -- just phpinfo(). No error message, no nothing. Just blank. test, test2, idx, index2, etc. .php work just fine and output phpinfo() as expected. It is only index.php that does nothing. Ideas? Cliff -------------- next part -------------- An HTML attachment was scrubbed... URL: From cliff at pinestream.com Fri Feb 17 15:48:38 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 17 Feb 2006 15:48:38 -0500 Subject: [nycphp-talk] Query result state strategy In-Reply-To: <43F5DC05.2080204@php.net> Message-ID: <003201c63403$87421900$0aa8a8c0@cliff> Thanks to all. Hashing is giving me all kinds of ideas. It seems like a great way to store limited state info on the client side. There goes another weekend. Cliff Carlos's suggestion is good for helping to verify integrity. It would also be pretty easy to modify your approach to do this instead of query the database. I have no idea what your SQL query looks like (which is a good thing), but it's a good candidate for hashing, because it presumably contains all of the data you're checking, you already take the time to construct the string, and it's something you can reliably reproduce. Hope that helps. Chris From hendler at simmons.edu Fri Feb 17 16:04:08 2006 From: hendler at simmons.edu (Jonathan Hendler) Date: Fri, 17 Feb 2006 16:04:08 -0500 Subject: [nycphp-talk] index.php ignored on new Mac Mini server setup In-Reply-To: <002801c63402$ce364580$0aa8a8c0@cliff> References: <002801c63402$ce364580$0aa8a8c0@cliff> Message-ID: <43F63A48.8090900@simmons.edu> First guess - permissions. Next, either there is .htaccess , mod_rewrite, doing something. Lastly it could be the order of the indexes available in the httpd.conf - so if you have a index.html it will chose that first unless you access index.php directly. Cliff Hirsch wrote: > > http://localhost/blahblah/test.php works just fine and just only phpinfo() > > So here's the wierd part: > > http://localhost/blahblah/index.php simply comes up empty even thought > it is identical to test.php -- just phpinfo(). No error message, no > nothing. Just blank. > > test, test2, idx, index2, etc. .php work just fine and output > phpinfo() as expected. It is only index.php that does nothing. > > Ideas? > > Cliff > >------------------------------------------------------------------------ > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > From alex at pilgrimstudio.com Fri Feb 17 16:13:42 2006 From: alex at pilgrimstudio.com (Alexander) Date: Fri, 17 Feb 2006 14:13:42 -0700 Subject: [nycphp-talk] Redirect Message-ID: <2146.216.223.218.202.1140210822.squirrel@pilgrimstudio.com> Hello, I was wondering if anybody know how to redirect client or show him nice html-page, after download complete? Download is forced through headers: ------ header("Content-disposition: attachment; filename=$fname"); header("Content-Type: application/force-download"); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($fname)); header("Pragma: no-cache"); header("Expires: 0"); ... ------- if it matters... -- Best regards, Alexander From cliff at pinestream.com Fri Feb 17 16:16:25 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Fri, 17 Feb 2006 16:16:25 -0500 Subject: [nycphp-talk] index.php ignored on new Mac Mini server setup In-Reply-To: <43F63A48.8090900@simmons.edu> Message-ID: <003301c63407$68f48ab0$0aa8a8c0@cliff> Permissions did the trick. Many thanks. One of these days, I owe everyone on this list a beer... -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Jonathan Hendler Sent: Friday, February 17, 2006 4:04 PM To: NYPHP Talk Subject: Re: [nycphp-talk] index.php ignored on new Mac Mini server setup First guess - permissions. Next, either there is .htaccess , mod_rewrite, doing something. Lastly it could be the order of the indexes available in the httpd.conf - so if you have a index.html it will chose that first unless you access index.php directly. From 1j0lkq002 at sneakemail.com Fri Feb 17 16:31:10 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 17 Feb 2006 13:31:10 -0800 Subject: [nycphp-talk] index.php ignored on new Mac Mini server setup In-Reply-To: <003301c63407$68f48ab0$0aa8a8c0@cliff> References: <003301c63407$68f48ab0$0aa8a8c0@cliff> Message-ID: <4501-57930@sneakemail.com> Cliff Hirsch cliff-at-pinestream.com |nyphp dev/internal group use| wrote: >Permissions did the trick. Many thanks. One of these days, I owe >everyone on this list a beer... > >-----Original Message----- >From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] >On Behalf Of Jonathan Hendler >Sent: Friday, February 17, 2006 4:04 PM >To: NYPHP Talk >Subject: Re: [nycphp-talk] index.php ignored on new Mac Mini server setup > > >First guess - permissions. >Next, either there is .htaccess , mod_rewrite, doing something. Lastly >it could be the order of the indexes available in the httpd.conf >- so if you have a index.html it will chose that first unless you access > >index.php directly. > > > wow...buy stock in the brewery before he bys everyone on the list a beer. That's a lot of beer. From mitch.pirtle at gmail.com Fri Feb 17 20:01:25 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Fri, 17 Feb 2006 20:01:25 -0500 Subject: [nycphp-talk] oracle buys InnoDB In-Reply-To: <22518-02947@sneakemail.com> References: <20060215131845.GA5045@panix.com> <22518-02947@sneakemail.com> Message-ID: <330532b60602171701h24dcb172tbc8c9fd050045999@mail.gmail.com> On 2/15/06, inforequest <1j0lkq002 at sneakemail.com> wrote: > "InnoDB is not a standalone database product: it is distributed as a > part of the MySQL database. InnoDB's contractual relationship with MySQL > comes up for renewal next year. Oracle fully expects to negotiate an > extension of that relationship." And now for the latest headlines: * ORACLE CEO WETS PANTS LAUGHING OVER RECENT PURCHASE * ORACLE CEO CONTINUES TO WET PANTS LAUGHING OVER ANOTHER ONE * ORACLE CEO NOW REQUIRED TO WEAR DEPENDS TO THE OFFICE -- Mitch Pirtle Joomla! Core Developer Open Source Matters From hendler at simmons.edu Fri Feb 17 20:58:32 2006 From: hendler at simmons.edu (Jonathan Hendler) Date: Fri, 17 Feb 2006 20:58:32 -0500 Subject: [nycphp-talk] oracle buys InnoDB In-Reply-To: <330532b60602171701h24dcb172tbc8c9fd050045999@mail.gmail.com> References: <20060215131845.GA5045@panix.com> <22518-02947@sneakemail.com> <330532b60602171701h24dcb172tbc8c9fd050045999@mail.gmail.com> Message-ID: <43F67F48.4010209@simmons.edu> Does Postgresql depend on anything that Oracle can purchase? (if they haven't already) Mitch Pirtle wrote: >On 2/15/06, inforequest <1j0lkq002 at sneakemail.com> wrote: > > >>"InnoDB is not a standalone database product: it is distributed as a >>part of the MySQL database. InnoDB's contractual relationship with MySQL >>comes up for renewal next year. Oracle fully expects to negotiate an >>extension of that relationship." >> >> > >And now for the latest headlines: > >* ORACLE CEO WETS PANTS LAUGHING OVER RECENT PURCHASE >* ORACLE CEO CONTINUES TO WET PANTS LAUGHING OVER ANOTHER ONE >* ORACLE CEO NOW REQUIRED TO WEAR DEPENDS TO THE OFFICE > >-- >Mitch Pirtle >Joomla! Core Developer >Open Source Matters >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > From 1j0lkq002 at sneakemail.com Fri Feb 17 22:29:01 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Fri, 17 Feb 2006 19:29:01 -0800 Subject: [nycphp-talk] oracle buys InnoDB In-Reply-To: <43F67F48.4010209@simmons.edu> References: <20060215131845.GA5045@panix.com> <22518-02947@sneakemail.com> <330532b60602171701h24dcb172tbc8c9fd050045999@mail.gmail.com> <43F67F48.4010209@simmons.edu> Message-ID: <28589-15591@sneakemail.com> Jonathan Hendler hendler-at-simmons.edu |nyphp dev/internal group use| wrote: >Does Postgresql depend on anything that Oracle can purchase? (if they >haven't already) > > > Postgres depends on something nobody can purchase.... Postgres developers (har har har) From suzerain at suzerain.com Sat Feb 18 13:40:02 2006 From: suzerain at suzerain.com (Marc Antony Vose) Date: Sat, 18 Feb 2006 13:40:02 -0500 Subject: [nycphp-talk] variable variables in heredoc string In-Reply-To: <43EA696A.3090900@aarond.com> References: <43EA696A.3090900@aarond.com> Message-ID: hi there: this question seems so elementary, yet i can't seems to figure out the right combination of curly braces and whatnot. if i have a variable variable such as: ${$uc.'content_width'} = 170; How can I use it inside a heredoc assignment? // start the content ${$uc.'content'} = <<< ENDENDEND ENDENDEND; Thanks, -- Marc Antony Vose http://www.suzerain.com/ Life is a sexually transmitted disease with a 100% mortality rate. -- David Shaw From danielc at analysisandsolutions.com Sat Feb 18 13:49:39 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 18 Feb 2006 13:49:39 -0500 Subject: [nycphp-talk] variable variables in heredoc string In-Reply-To: References: <43EA696A.3090900@aarond.com> Message-ID: <20060218184939.GA8562@panix.com> On Sat, Feb 18, 2006 at 01:40:02PM -0500, Marc Antony Vose wrote: > this question seems so elementary, yet i can't seems to figure out > the right combination of curly braces and whatnot. > > if i have a variable variable such as: > > ${$uc.'content_width'} = 170; ... > How can I use it inside a heredoc assignment? ... > ${$uc.'content'} = <<< ENDENDEND > ENDENDEND; $uc = 'foo'; ${$uc.'content_width'} = 170; echo ${$uc.'content_width'}; ${$uc.'content'} = <<< ENDENDEND inside ${$uc.'content_width'} heredoc ENDENDEND; echo ${$uc.'content'}; --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From cliff at pinestream.com Sat Feb 18 14:28:15 2006 From: cliff at pinestream.com (Cliff Hirsch) Date: Sat, 18 Feb 2006 14:28:15 -0500 Subject: [nycphp-talk] Session problem with MAC/Unic/Apache Message-ID: The jump from Windows to OSX/Unix is giving me more problems. Now sessions aren't working -- more permission issues. Here's my sessions directory: It's at /private/var/tmp My error log has the appropriate permissions. I assume nobody is the PHP process. But what's with the session files? -rw------ isn't very useful is it? I assume www is the Apache process. How do I make it create readable session files? cliff-hirschs-mac-mini:/var/tmp root# ls -al total 48 drwxrwxrwt 10 root wheel 340 Feb 18 13:53 . drwxr-xr-x 23 root wheel 782 Feb 16 08:33 .. -rw-rw-rw- 1 root wheel 48 Feb 15 23:51 com.apple.speech.synthesis.globals drwx------ 3 cliffhir wheel 102 Feb 16 17:45 folders.501 -rw-r--r-- 1 nobody wheel 2877 Feb 18 12:14 kerbeez_errors.log drwxrwxrwt 4 root wheel 136 Feb 16 08:34 mds -rw------- 1 www wheel 30 Feb 18 10:57 sess_4BAFfxHA........ -rw------- 1 www wheel 30 Feb 17 16:07 sess_7A93rjA.......... Cliff From vugranam at us.ibm.com Sat Feb 18 16:01:18 2006 From: vugranam at us.ibm.com (Vugranam Sreedhar) Date: Sat, 18 Feb 2006 16:01:18 -0500 Subject: [nycphp-talk] Vugranam Sreedhar is out of the office. Message-ID: I will be out of the office starting 02/18/2006 and will not return until 03/06/2006. I will respond to your message when I return. Please contact my manager for all of my activities, including Summer Intern Coordination and PHP Security. For PLAS 2006 workshop, please contact Steve Zdancewic (stevez at cis.upenn.edu). From kenneth at ylayali.net Sat Feb 18 16:17:04 2006 From: kenneth at ylayali.net (Kenneth Dombrowski) Date: Sat, 18 Feb 2006 16:17:04 -0500 Subject: [nycphp-talk] Session problem with MAC/Unic/Apache In-Reply-To: References: Message-ID: <20060218211704.GA25634@ylayali.net> On 06-02-18 14:28 -0500, Cliff Hirsch wrote: > My error log has the appropriate permissions. I assume nobody is the > PHP process. > > But what's with the session files? -rw------ isn't very useful is it? > I assume www is the Apache process. How do I make it create readable > session files? > > cliff-hirschs-mac-mini:/var/tmp root# ls -al > -rw-r--r-- 1 nobody wheel 2877 Feb 18 12:14 kerbeez_errors.log > drwxrwxrwt 4 root wheel 136 Feb 16 08:34 mds > -rw------- 1 www wheel 30 Feb 18 10:57 sess_4BAFfxHA........ > -rw------- 1 www wheel 30 Feb 17 16:07 > sess_7A93rjA.......... > 0600 (-rw-------) is perfectly appropriate for session files; apache can read them & write to them, and nobody else can. I would look into why your error log is owned by nobody & your session files are owned by www, do you have two apaches running on that machine? hth, Kenneth From greg.rundlett at gmail.com Sat Feb 18 19:46:30 2006 From: greg.rundlett at gmail.com (Greg Rundlett) Date: Sat, 18 Feb 2006 19:46:30 -0500 Subject: [nycphp-talk] Session problem with MAC/Unic/Apache In-Reply-To: <20060218211704.GA25634@ylayali.net> References: <20060218211704.GA25634@ylayali.net> Message-ID: <5e2aaca40602181646r2765cae6o8e7f3b771ae11bef@mail.gmail.com> On 2/18/06, Kenneth Dombrowski wrote: > On 06-02-18 14:28 -0500, Cliff Hirsch wrote: > > My error log has the appropriate permissions. I assume nobody is the > > PHP process. > > > > But what's with the session files? -rw------ isn't very useful is it? > > I assume www is the Apache process. How do I make it create readable > > session files? > > > > cliff-hirschs-mac-mini:/var/tmp root# ls -al > > -rw-r--r-- 1 nobody wheel 2877 Feb 18 12:14 kerbeez_errors.log > > drwxrwxrwt 4 root wheel 136 Feb 16 08:34 mds > > -rw------- 1 www wheel 30 Feb 18 10:57 sess_4BAFfxHA........ > > -rw------- 1 www wheel 30 Feb 17 16:07 > > sess_7A93rjA.......... > > > > > 0600 (-rw-------) is perfectly appropriate for session files; apache can > read them & write to them, and nobody else can. > > I would look into why your error log is owned by nobody & your session > files are owned by www, do you have two apaches running on that machine? > or, if you manually chown'd the files, you mistakenly assumed that PHP and Apache run as separate users. PHP is just an extension of Apache, so whatever is configured in Apache's conf for 'user' then that is what PHP's scripts need permission for. From lamolist at cyberxdesigns.com Sun Feb 19 07:41:05 2006 From: lamolist at cyberxdesigns.com (Hans Kaspersetz) Date: Sun, 19 Feb 2006 07:41:05 -0500 Subject: [nycphp-talk] [ot] mysqldump cron problem Message-ID: <43F86761.4000304@cyberxdesigns.com> I created a bash script that is supposed to dump one of my databases. When I run the bash script from the cli it dumps no problem. When I call the script from cron, I get an empty file in the destination directory. Anyone have any ideas? FreeBSD 5.3 MySQL 4.1 -------------------------------- #!/usr/local/bin/bash path="/usr/local/backups/" date=`date +"%y%m%d-%H%M%S"` filename=$path$date"-oncellrx.sql" mysqldump --opt -Q -uUSER -pPASS DATABASE > $filename ------------------------------------ I am calling the script as myself from cron. Bash is set as my shell in passwd. Seems sorta mysterious to me. Hans From andrew at plexpod.com Sun Feb 19 08:19:58 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Sun, 19 Feb 2006 08:19:58 -0500 Subject: [nycphp-talk] [ot] mysqldump cron problem In-Reply-To: <43F86761.4000304@cyberxdesigns.com> References: <43F86761.4000304@cyberxdesigns.com> Message-ID: <43F8707E.90800@plexpod.com> Hans Kaspersetz wrote: > I created a bash script that is supposed to dump one of my databases. > When I run the bash script from the cli it dumps no problem. When I > call the script from cron, I get an empty file in the destination > directory. Anyone have any ideas? > > FreeBSD 5.3 > MySQL 4.1 > > -------------------------------- > #!/usr/local/bin/bash > path="/usr/local/backups/" > > date=`date +"%y%m%d-%H%M%S"` > filename=$path$date"-oncellrx.sql" > > mysqldump --opt -Q -uUSER -pPASS DATABASE > $filename > ------------------------------------ > > I am calling the script as myself from cron. Bash is set as my shell in > passwd. Seems sorta mysterious to me. > > Hans Have you checked your user's mail spool for any output from the cron? Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From chris at theyellowbox.com Sun Feb 19 09:00:25 2006 From: chris at theyellowbox.com (Chris Merlo) Date: Sun, 19 Feb 2006 09:00:25 -0500 Subject: [nycphp-talk] [ot] mysqldump cron problem In-Reply-To: <43F86761.4000304@cyberxdesigns.com> References: <43F86761.4000304@cyberxdesigns.com> Message-ID: <946586480602190600if892a5jd93abc5441553214@mail.gmail.com> On 2/19/06, Hans Kaspersetz wrote: > > I created a bash script that is supposed to dump one of my databases. > When I run the bash script from the cli it dumps no problem. When I > call the script from cron, I get an empty file in the destination > directory. Anyone have any ideas? Your personal user might not have the permissions to write to /usr/local/backups. Try running the cron job as root. -c -- chris at theyellowbox.com http://www.theyellowbox.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Sun Feb 19 11:12:30 2006 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 19 Feb 2006 11:12:30 -0500 Subject: [nycphp-talk] [ot] mysqldump cron problem In-Reply-To: <43F86761.4000304@cyberxdesigns.com> Message-ID: <003001c6356f$4a2fdad0$7501a8c0@MZ> Hans Kaspersetz wrote on Sunday, February 19, 2006 7:41 AM: > I created a bash script that is supposed to dump one of my databases. > When I run the bash script from the cli it dumps no problem. When I > call the script from cron, I get an empty file in the destination > directory. Anyone have any ideas? > > FreeBSD 5.3 > MySQL 4.1 > > -------------------------------- > #!/usr/local/bin/bash > path="/usr/local/backups/" > > date=`date +"%y%m%d-%H%M%S"` > filename=$path$date"-oncellrx.sql" > > mysqldump --opt -Q -uUSER -pPASS DATABASE > $filename > ------------------------------------ > > I am calling the script as myself from cron. Bash is set as my shell in > passwd. Seems sorta mysterious to me. Probably a permissions or path problem... first do: which mysqldump and then use the absolute path of mysqldump in the script. H From cweyl at alumni.drew.edu Sun Feb 19 14:49:25 2006 From: cweyl at alumni.drew.edu (Chris Weyl) Date: Sun, 19 Feb 2006 14:49:25 -0500 Subject: [nycphp-talk] [ot] mysqldump cron problem In-Reply-To: <43F86761.4000304@cyberxdesigns.com> References: <43F86761.4000304@cyberxdesigns.com> Message-ID: <7dd7ab490602191149yaad408dqa439d2bdb71c6d92@mail.gmail.com> On 2/19/06, Hans Kaspersetz wrote: > I created a bash script that is supposed to dump one of my databases. > When I run the bash script from the cli it dumps no problem. When I > call the script from cron, I get an empty file in the destination > directory. Anyone have any ideas? I did something like this myself. If I remember correctly, I also ran into this problem until I defined my $HOME dir, as scripts executed via cron do not have the full user initialization that you get when you actually log into a *nix box. -Chris From lamolist at cyberxdesigns.com Sun Feb 19 15:55:52 2006 From: lamolist at cyberxdesigns.com (Hans Kaspersetz) Date: Sun, 19 Feb 2006 15:55:52 -0500 Subject: [nycphp-talk] [ot] mysqldump cron problem In-Reply-To: <7dd7ab490602191149yaad408dqa439d2bdb71c6d92@mail.gmail.com> References: <43F86761.4000304@cyberxdesigns.com> <7dd7ab490602191149yaad408dqa439d2bdb71c6d92@mail.gmail.com> Message-ID: <43F8DB58.1060203@cyberxdesigns.com> It was a path problem. Fully qualifying the path to mysqldump worked. #!/usr/local/bin/bash path="/usr/local/backups/" date=`date +"%y%m%d-%H%M%S"` filename=$path$date"-foo.sql" /usr/local/bin/mysqldump --opt -Q -uUSERNAME -pPASSWORD DATABASE > $filename Thanks guys, Hans From mitch.pirtle at gmail.com Sun Feb 19 19:01:13 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Sun, 19 Feb 2006 19:01:13 -0500 Subject: [nycphp-talk] oracle buys InnoDB In-Reply-To: <43F67F48.4010209@simmons.edu> References: <20060215131845.GA5045@panix.com> <22518-02947@sneakemail.com> <330532b60602171701h24dcb172tbc8c9fd050045999@mail.gmail.com> <43F67F48.4010209@simmons.edu> Message-ID: <330532b60602191601m5f995438kff9e43a9a9666793@mail.gmail.com> On 2/17/06, Jonathan Hendler wrote: > Does Postgresql depend on anything that Oracle can purchase? (if they > haven't already) Nope. As well, PostgreSQL is backed by a federation of companies, so it will be terribly difficult for a competitor to 'buy' all of the different businesses behind PostgreSQL. By MySQL taking a sort of "one true company" approach behind the commercialization of their software, they made it easy for other companies to target them, leaving them very vulnerable IMHO. It is this kind of behavior that caused a project I am very familiar with to embark on a new quest, where anyone and everyone was welcome to the party... -- Mitch Pirtle Joomla! Core Developer Open Source Matters From prusak at gmail.com Mon Feb 20 14:18:21 2006 From: prusak at gmail.com (Ophir Prusak) Date: Mon, 20 Feb 2006 14:18:21 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) Message-ID: hi all. a while back I converted my personal web site into a blog (wordpress) so I can easily start expressing my self through articles that I think some people might find helpful. I'm a web developer with lots of experience in php / databases so most of the articles have been about web dev (programming / databases stuff). this morning I was looking at the stats of my site - i get about 10 visitors a day. so, I've decided that I should start writing on some other site that gets more exposure where hopefully more people can benefit from my writings. The first place that comes to mind is sitepoint which seems to have a broad coverage of topics and strong reader base. I was wondering what other sites people would suggest for writing articles about web dev stuff besides the obvious nyphp.org :) ? tia, ophir From craig at juxtadigital.com Mon Feb 20 14:25:42 2006 From: craig at juxtadigital.com (Craig Thomas) Date: Mon, 20 Feb 2006 14:25:42 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: References: Message-ID: <43FA17B6.8030208@juxtadigital.com> Ophir Prusak wrote: > hi all. > > a while back I converted my personal web site into a blog (wordpress) > so I can easily start expressing my self through articles that I think > some people might find helpful. I'm a web developer with lots of > experience in php / databases so most of the articles have been about > web dev (programming / databases stuff). > > this morning I was looking at the stats of my site - i get about 10 > visitors a day. > > so, I've decided that I should start writing on some other site that > gets more exposure where hopefully more people can benefit from my > writings. > > The first place that comes to mind is sitepoint which seems to have a > broad coverage of topics and strong reader base. > > I was wondering what other sites people would suggest for writing > articles about web dev stuff besides the obvious nyphp.org :) ? > > tia, > ophir http://www.developerdotstar.com Is not PHP specific, but very some very smart dev-bloggers. -- Craig From krook at us.ibm.com Mon Feb 20 14:28:39 2006 From: krook at us.ibm.com (Daniel Krook) Date: Mon, 20 Feb 2006 11:28:39 -0800 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: Message-ID: > I was wondering what other sites people would suggest for writing > articles about web dev stuff besides the obvious nyphp.org :) ? Ophir, The PHP section of the developerWorks open source technology section is looking to ramp up its content. They take articles or tutorials. http://www.ibm.com/developerworks/opensource/top-projects/php.html They have a "wish list" and a link to where to pitch your idea: http://www.ibm.com/developerworks/wishlist/#opens Then there's the Zend Developer Zone: http://www.zend.com/developers.php Daniel Krook, Content Tools Developer Global Production Services - Tools, ibm.com http://bluepages.redirect.webahead.ibm.com/ http://blogpages.redirect.webahead.ibm.com/ http://bookmarks.redirect.webahead.ibm.com/ From donnamarievincent at yahoo.com Mon Feb 20 14:32:39 2006 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Mon, 20 Feb 2006 11:32:39 -0800 (PST) Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: Message-ID: <20060220193239.670.qmail@web35612.mail.mud.yahoo.com> www.webdeveloper.com and http://codingforums.com/ ----- Original Message ---- From: Ophir Prusak To: NYPHP Talk Sent: Monday, February 20, 2006 2:18:21 PM Subject: [nycphp-talk] best place to post articles (other than nyphp.org) hi all. a while back I converted my personal web site into a blog (wordpress) so I can easily start expressing my self through articles that I think some people might find helpful. I'm a web developer with lots of experience in php / databases so most of the articles have been about web dev (programming / databases stuff). this morning I was looking at the stats of my site - i get about 10 visitors a day. so, I've decided that I should start writing on some other site that gets more exposure where hopefully more people can benefit from my writings. The first place that comes to mind is sitepoint which seems to have a broad coverage of topics and strong reader base. I was wondering what other sites people would suggest for writing articles about web dev stuff besides the obvious nyphp.org :) ? tia, ophir _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From 1j0lkq002 at sneakemail.com Mon Feb 20 15:02:42 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Mon, 20 Feb 2006 12:02:42 -0800 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: References: Message-ID: <12300-51049@sneakemail.com> Ophir Prusak prusak-at-gmail.com |nyphp dev/internal group use| wrote: >hi all. > >a while back I converted my personal web site into a blog (wordpress) >so I can easily start expressing my self through articles that I think >some people might find helpful. I'm a web developer with lots of >experience in php / databases so most of the articles have been about >web dev (programming / databases stuff). > >this morning I was looking at the stats of my site - i get about 10 >visitors a day. > >so, I've decided that I should start writing on some other site that >gets more exposure where hopefully more people can benefit from my >writings. > >The first place that comes to mind is sitepoint which seems to have a >broad coverage of topics and strong reader base. > >I was wondering what other sites people would suggest for writing >articles about web dev stuff besides the obvious nyphp.org :) ? > >tia, >ophir > Well, there is certainly some good that can come from publishing your work on other sites. In many ways, writing for other sites is part of a strategy to build your own reputation etc. However, if you like to write content and the only problem you are having with your own site is a lack of audience (perhaps a lack of audience motivating you to write) that can be solved. In my opinion, you have alot more to gain by writing on your own site than by writing for the majority of the sites that would publish your content today. As a developer you are well positioned to self-publish and garner an audience. In fact, after you do that you may find yourself being invited to write for some of the big sites. -=john andrews http://www.seo-fun.com From tedd at sperling.com Mon Feb 20 15:33:35 2006 From: tedd at sperling.com (tedd) Date: Mon, 20 Feb 2006 15:33:35 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: References: Message-ID: >hi all. > >a while back I converted my personal web site into a blog (wordpress) >so I can easily start expressing my self through articles that I think >some people might find helpful. I'm a web developer with lots of >experience in php / databases so most of the articles have been about >web dev (programming / databases stuff). > >this morning I was looking at the stats of my site - i get about 10 >visitors a day. ophir: You can beef-up your visits by producing "free-code". I just finished a binary-tree freeware program and pulled in over 1200 hits within this last month. But, it is good for your site (link popularity) to publish at other sites as well. You might consider: http://www.weberdev.com/ Plus, they have contest -- it makes for an interesting experience. tedd -- -------------------------------------------------------------------------------- http://sperling.com php code: http://www.weberdev.com/ From codebowl at gmail.com Mon Feb 20 16:01:11 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Mon, 20 Feb 2006 16:01:11 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: References: Message-ID: <8d9a42800602201301q57212f4fp65dc174e41cdc4d1@mail.gmail.com> i would also suggest weberdev as i contribute there when i have the time. i am surprised though that no one suggested www.devshed.com -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From 1j0lkq002 at sneakemail.com Mon Feb 20 18:31:34 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Mon, 20 Feb 2006 15:31:34 -0800 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: <8d9a42800602201301q57212f4fp65dc174e41cdc4d1@mail.gmail.com> References: <8d9a42800602201301q57212f4fp65dc174e41cdc4d1@mail.gmail.com> Message-ID: <26865-82008@sneakemail.com> Joseph Crawford codebowl-at-gmail.com |nyphp dev/internal group use| wrote: > i would also suggest weberdev as i contribute there when i have the time. > > i am surprised though that no one suggested www.devshed.com > > I guess I am tainted because I know how much money some of those sites have made of off "free" user-submitted content :-) -=john andrews http://www.seo-fun.com From arzala at gmail.com Mon Feb 20 22:49:31 2006 From: arzala at gmail.com (Anirudhsinh Zala) Date: Tue, 21 Feb 2006 09:19:31 +0530 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: References: Message-ID: Maybe, you can sum up all your experience and form them into a good e-book, so that it can be directional in 1 way and it can hit specific audience who are interested in that area. You can then link that e-book from various places like your own web-site, nyphp.org etc. Thanks Anirudh Zala On Tue, 21 Feb 2006 00:48:21 +0530, Ophir Prusak wrote: > hi all. > > a while back I converted my personal web site into a blog (wordpress) > so I can easily start expressing my self through articles that I think > some people might find helpful. I'm a web developer with lots of > experience in php / databases so most of the articles have been about > web dev (programming / databases stuff). > > this morning I was looking at the stats of my site - i get about 10 > visitors a day. > > so, I've decided that I should start writing on some other site that > gets more exposure where hopefully more people can benefit from my > writings. > > The first place that comes to mind is sitepoint which seems to have a > broad coverage of topics and strong reader base. > > I was wondering what other sites people would suggest for writing > articles about web dev stuff besides the obvious nyphp.org :) ? > > tia, > ophir > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ----------------------------------------------------- Anirudh Zala (Production Manager) ASPL, http://www.aspl.in Ph: +91 281 245 1894 arzala at gmail.com ----------------------------------------------------- From lamolist at cyberxdesigns.com Tue Feb 21 13:01:04 2006 From: lamolist at cyberxdesigns.com (Hans Kaspersetz) Date: Tue, 21 Feb 2006 13:01:04 -0500 Subject: [nycphp-talk] Debugging Remote Problem Message-ID: <43FB5560.8000008@cyberxdesigns.com> I am having trouble with users of a web site. The site is based on Joomla. When the user logs in, site uses the community builder component, he can browse a page or so, then he is redirected to the login screen. The users are in South Africa. The rest of my users, throughout Europe and US, seem to be using the site fine. I have been unable to reproduce the problem locally here in the US. How would you approach debugging this problem? I have phone access to the user. I am the administrator of the server so I can configure logging however I need to. I have set up a development site for my guinea pig and I can make what ever changes I need to the site to test things. Joomla + Community Builder RHE + Apache 1.3 Cpanel Ideas? Hans From chsnyder at gmail.com Tue Feb 21 14:08:39 2006 From: chsnyder at gmail.com (csnyder) Date: Tue, 21 Feb 2006 14:08:39 -0500 Subject: [nycphp-talk] Debugging Remote Problem In-Reply-To: <43FB5560.8000008@cyberxdesigns.com> References: <43FB5560.8000008@cyberxdesigns.com> Message-ID: On 2/21/06, Hans Kaspersetz wrote: > I am having trouble with users of a web site. The site is based on > Joomla. When the user logs in, site uses the community builder > component, he can browse a page or so, then he is redirected to the > login screen. The users are in South Africa. The rest of my users, > throughout Europe and US, seem to be using the site fine. I have been > unable to reproduce the problem locally here in the US. > > How would you approach debugging this problem? I have phone access to > the user. I am the administrator of the server so I can configure > logging however I need to. I have set up a development site for my > guinea pig and I can make what ever changes I need to the site to test > things. > > Joomla + Community Builder > RHE + Apache 1.3 > Cpanel > > Ideas? > > Hans Out of curiousity, is SSL involved? Are you able to have the user try a different browser? Have you already gone over a dump of the global vars generated by one of their requests? Their geographic location could well be a red herring. -- Chris Snyder http://chxo.com/ From lamolist at cyberxdesigns.com Tue Feb 21 14:43:56 2006 From: lamolist at cyberxdesigns.com (Hans Kaspersetz) Date: Tue, 21 Feb 2006 14:43:56 -0500 Subject: [nycphp-talk] Debugging Remote Problem In-Reply-To: References: <43FB5560.8000008@cyberxdesigns.com> Message-ID: <43FB6D7C.7050205@cyberxdesigns.com> SSL was involved. I setup the demo site to remove that from the equation. When SSL was involved the user could not even login. I would see a successful login in the logs but then an immediate redirect to the logged our state. Very weird. Taking SSL out of the equation made things better. Now the user can login and browse 1 or 2 pages. Then redirect to logged out state. The user started with IE on Win XP. I had them install Firefox, same problem. This problem seems to be with multiple users in South Africa. Has anyone else seen geographically localized problems with web applications like Joomla? How would you suggest I capture the global vars generated by one of their requests? Insert some scripting on my side to save them to db or log file? Or output to screen on their end and have them cut and paste? Or is there some better way? HCK > Out of curiousity, is SSL involved? Are you able to have the user try > a different browser? > Have you already gone over a dump of the global vars generated by one > of their requests? Their geographic location could well be a red > herring. > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > > From scott at crisscott.com Tue Feb 21 14:50:56 2006 From: scott at crisscott.com (Scott Mattocks) Date: Tue, 21 Feb 2006 14:50:56 -0500 Subject: [nycphp-talk] Debugging Remote Problem In-Reply-To: <43FB6D7C.7050205@cyberxdesigns.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> Message-ID: <43FB6F20.7030105@crisscott.com> Hans Kaspersetz wrote: > How would you suggest I capture the global vars generated by one of > their requests? Insert some scripting on my side to save them to db or > log file? Or output to screen on their end and have them cut and > paste? Or is there some better way? You can capture global var info using trigger_error and print_r: trigger_error(print_r($_REQUEST, true), E_USER_NOTICE); If your error reporting and displaying options are set up right, you should find a dump of $_REQUEST in your error log. $_REQUEST will tell you if the session id was sent. Hope that helps, -- Scott Mattocks http://www.crisscott.com From andrew at plexpod.com Tue Feb 21 15:29:25 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Tue, 21 Feb 2006 15:29:25 -0500 Subject: [nycphp-talk] Debugging Remote Problem In-Reply-To: <43FB6D7C.7050205@cyberxdesigns.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> Message-ID: <43FB7825.1050401@plexpod.com> Hans Kaspersetz wrote: > SSL was involved. I setup the demo site to remove that from the > equation. When SSL was involved the user could not even login. I would > see a successful login in the logs but then an immediate redirect to the > logged our state. Very weird. Taking SSL out of the equation made > things better. Now the user can login and browse 1 or 2 pages. Then > redirect to logged out state. Sounds a lot like cookies/sessions aren't working. Try either having them turn on cookies, or set up the php url rewriter. If they have cookies on, possibly a proxy server is getting in the way. You may be able to find that out from asking them if they know they're using a proxy or by looking up the PTR records for their source IPs and/or the user agent in your logs. HTH, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From tgales at tgaconnect.com Tue Feb 21 15:35:43 2006 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 21 Feb 2006 15:35:43 -0500 Subject: [nycphp-talk] Debugging Remote Problem In-Reply-To: <43FB7825.1050401@plexpod.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> <43FB7825.1050401@plexpod.com> Message-ID: <43FB799F.2070600@tgaconnect.com> Andrew Yochum wrote: > Hans Kaspersetz wrote: >> SSL was involved. I setup the demo site to remove that from the >> equation. When SSL was involved the user could not even login. I would >> see a successful login in the logs but then an immediate redirect to the >> logged our state. Very weird. Taking SSL out of the equation made >> things better. Now the user can login and browse 1 or 2 pages. Then >> redirect to logged out state. > > Sounds a lot like cookies/sessions aren't working. Try either having > them turn on cookies, or set up the php url rewriter. If they have > cookies on, possibly a proxy server is getting in the way. If a proxy is in the way maybe this will help http://forum.mamboserver.com/showthread.php?t=18759 -- T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From corey at domanistudios.com Tue Feb 21 15:54:47 2006 From: corey at domanistudios.com (Corey Szopinski) Date: Tue, 21 Feb 2006 15:54:47 -0500 Subject: [nycphp-talk] Debugging Remote Problem In-Reply-To: <43FB7825.1050401@plexpod.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> <43FB7825.1050401@plexpod.com> Message-ID: <2151DF20-5C07-47DE-A9E0-3438E6462F42@domanistudios.com> I once had a problem where a client had their local computer's time zone set to someplace in China (the computer was in NY). This caused sessions to timeout immediately because the client clock was 13+ hours a head of the cookie expiration. Now I keep my cookies valid for at least 24 hours, as a rough catch all. (Needless to say, that bug took a while to track down.) Not sure if that's the issue, but if it's localized to one machine it might be a helpful tip. -corey On Feb 21, 2006, at 3:29 PM, Andrew Yochum wrote: > Sounds a lot like cookies/sessions aren't working. Try either having > them turn on cookies, or set up the php url rewriter. If they have > cookies on, possibly a proxy server is getting in the way. You may be > able to find that out from asking them if they know they're using a > proxy or by looking up the PTR records for their source IPs and/or the > user agent in your logs. > > HTH, > Andrew Corey Szopinski Director of Technology DOMANI STUDIOS corey at domanistudios.com 55 Washington St. Suite 822 Brooklyn, NY 11201 718-797-4470 x116 -------------- next part -------------- An HTML attachment was scrubbed... URL: From lamolist at cyberxdesigns.com Tue Feb 21 19:27:40 2006 From: lamolist at cyberxdesigns.com (Hans Kaspersetz) Date: Tue, 21 Feb 2006 19:27:40 -0500 Subject: [nycphp-talk] Debugging Remote Problem In-Reply-To: <43FB799F.2070600@tgaconnect.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> <43FB7825.1050401@plexpod.com> <43FB799F.2070600@tgaconnect.com> Message-ID: <43FBAFFC.8010105@cyberxdesigns.com> I think it is proxy related. I read the resources Tim turned me onto and it was very helpful. I implemented one of the patches and asked the user to retry. I suspect it is the proxy issue because I can see the user switching IPs in the middle of the session. I will have more information tomorrow after the user tests. HCK Tim Gales wrote: > Andrew Yochum wrote: > >> Hans Kaspersetz wrote: >> >>> SSL was involved. I setup the demo site to remove that from the >>> equation. When SSL was involved the user could not even login. I would >>> see a successful login in the logs but then an immediate redirect to the >>> logged our state. Very weird. Taking SSL out of the equation made >>> things better. Now the user can login and browse 1 or 2 pages. Then >>> redirect to logged out state. >>> >> Sounds a lot like cookies/sessions aren't working. Try either having >> them turn on cookies, or set up the php url rewriter. If they have >> cookies on, possibly a proxy server is getting in the way. >> > > If a proxy is in the way > maybe this will help > > > http://forum.mamboserver.com/showthread.php?t=18759 > > > > From krook at us.ibm.com Tue Feb 21 19:42:57 2006 From: krook at us.ibm.com (Daniel Krook) Date: Tue, 21 Feb 2006 16:42:57 -0800 Subject: [nycphp-talk] Calling mysqli_stmt_bind_param with arbitrary number of parameters? Message-ID: Hello all, I'm trying to send parameters to a prepared statement using the mysqli extension. The manual shows that it is used like this: $stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)"); $stmt->bind_param('sssd', $code, $language, $official, $percent); Where bind_param can take any number of values like so: $stmt->bind_param('s', $foo); $stmt->bind_param('si', $foo, $bar); $stmt->bind_param('sid', $foo, $bar, $baz); Unfortunately, I can't be sure of the number of placeholders in the SQL statement I am sending, and don't know how many corresponding parameters are in an array I pass to my function. I would like to replicate this functionality that I use in the Unified ODBC extension: $stmt = odbc_prepare($db, $sql); $result = odbc_execute($stmt, $params); With bind_param it would seem I'd have to construct the bind_param call manually and then eval() it to get the same flexibility. This is what I'd like to be able to do: $stmt->bind_param($aSeriesOfLettersDependingOnParamsSize, $params); This would seem like something I'd need to do but haven't been able to figure out how to pull it off: eval(sprintf('$stmt->bind_param("sss...", %s, %s, %s, ...);') $params); Is there a solution to this that anyone has run into? Am I overlooking something really obvious (anytime eval() comes into play I get that feeling...) TIA, -Dan Daniel Krook, Content Tools Developer Global Production Services - Tools, ibm.com http://bluepages.redirect.webahead.ibm.com/ http://blogpages.redirect.webahead.ibm.com/ http://bookmarks.redirect.webahead.ibm.com/ From andrew at plexpod.com Tue Feb 21 19:57:27 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Tue, 21 Feb 2006 19:57:27 -0500 Subject: [nycphp-talk] Calling mysqli_stmt_bind_param with arbitrary number of parameters? In-Reply-To: References: Message-ID: <43FBB6F7.40209@plexpod.com> Daniel Krook wrote: > Hello all, > > I'm trying to send parameters to a prepared statement using the mysqli > extension. > > The manual shows that it is used like this: > $stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, > ?)"); > $stmt->bind_param('sssd', $code, $language, $official, $percent); > > Where bind_param can take any number of values like so: > $stmt->bind_param('s', $foo); > $stmt->bind_param('si', $foo, $bar); > $stmt->bind_param('sid', $foo, $bar, $baz); > > Unfortunately, I can't be sure of the number of placeholders in the SQL > statement I am sending, and don't know how many corresponding parameters > are in an array I pass to my function. I would like to replicate this > functionality that I use in the Unified ODBC extension: > $stmt = odbc_prepare($db, $sql); > $result = odbc_execute($stmt, $params); > > With bind_param it would seem I'd have to construct the bind_param call > manually and then eval() it to get the same flexibility. This is what I'd > like to be able to do: > $stmt->bind_param($aSeriesOfLettersDependingOnParamsSize, $params); > > This would seem like something I'd need to do but haven't been able to > figure out how to pull it off: > eval(sprintf('$stmt->bind_param("sss...", %s, %s, %s, ...);') $params); > > Is there a solution to this that anyone has run into? Am I overlooking > something really obvious (anytime eval() comes into play I get that > feeling...) I know that feeling. :) How about using call_user_func_array()? Something like: array_unshift('sql ? ? ?', $params); call_user_func_array(array($stmt, 'bind_param'), $params); HTH, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From danielc at analysisandsolutions.com Tue Feb 21 22:38:03 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 21 Feb 2006 22:38:03 -0500 Subject: [nycphp-talk] Calling mysqli_stmt_bind_param with arbitrary number of parameters? In-Reply-To: References: Message-ID: <20060222033802.GA13711@panix.com> On Tue, Feb 21, 2006 at 04:42:57PM -0800, Daniel Krook wrote: > > Unfortunately, I can't be sure of the number of placeholders in the SQL > statement I am sending, and don't know how many corresponding parameters > are in an array I pass to my function. Here's something I just did along these lines the other day for the Single Sign-On module I just contributed to Drupal. (Note that Drupal's db_query() function takes the SQL string as the first parameter and an unlimited number of parameter values as subsequent parameters.) $in = substr(str_repeat("'%s',", count($sids)), 0, -1); $sql = "UPDATE sessions SET uid = %d WHERE sid IN ($in)"; $args = array_merge(array($sql), array($user->uid), $sids); call_user_func_array('db_query', $args); --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From hendler at simmons.edu Wed Feb 22 01:15:17 2006 From: hendler at simmons.edu (Jonathan Hendler) Date: Wed, 22 Feb 2006 01:15:17 -0500 Subject: [nycphp-talk] Calling mysqli_stmt_bind_param with arbitrary number of parameters? In-Reply-To: <43FBB6F7.40209@plexpod.com> References: <43FBB6F7.40209@plexpod.com> Message-ID: <43FC0175.1050900@simmons.edu> For my two cents, I've done something like this using ADODB. But maybe you loose the speed benifits by using ADODB instead of a straight call. Does anyone know the difference of using repeated prepared statements and a systax where you could have a giant insert statement: INSERT INTO table(c1,c2) VALUES (v1.1,v2.1),..., (v1.n,v2.n) I also found this resource useful: http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements.html Andrew Yochum wrote: >Daniel Krook wrote: > > >>Hello all, >> >>I'm trying to send parameters to a prepared statement using the mysqli >>extension. >> >>The manual shows that it is used like this: >> $stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, >>?)"); >> $stmt->bind_param('sssd', $code, $language, $official, $percent); >> >>Where bind_param can take any number of values like so: >> $stmt->bind_param('s', $foo); >> $stmt->bind_param('si', $foo, $bar); >> $stmt->bind_param('sid', $foo, $bar, $baz); >> >>Unfortunately, I can't be sure of the number of placeholders in the SQL >>statement I am sending, and don't know how many corresponding parameters >>are in an array I pass to my function. I would like to replicate this >>functionality that I use in the Unified ODBC extension: >> $stmt = odbc_prepare($db, $sql); >> $result = odbc_execute($stmt, $params); >> >>With bind_param it would seem I'd have to construct the bind_param call >>manually and then eval() it to get the same flexibility. This is what I'd >>like to be able to do: >> $stmt->bind_param($aSeriesOfLettersDependingOnParamsSize, $params); >> >>This would seem like something I'd need to do but haven't been able to >>figure out how to pull it off: >> eval(sprintf('$stmt->bind_param("sss...", %s, %s, %s, ...);') $params); >> >>Is there a solution to this that anyone has run into? Am I overlooking >>something really obvious (anytime eval() comes into play I get that >>feeling...) >> >> > >I know that feeling. :) > >How about using call_user_func_array()? > >Something like: > array_unshift('sql ? ? ?', $params); > call_user_func_array(array($stmt, 'bind_param'), $params); > >HTH, >Andrew > > > From artzi at avaya.com Wed Feb 22 03:03:39 2006 From: artzi at avaya.com (Artzi, Yoav (Yoav)) Date: Wed, 22 Feb 2006 10:03:39 +0200 Subject: [nycphp-talk] =?iso-8859-1?q?=28no_subject=29?= Message-ID: I have the following system for cross compilation: a computer on which I build, on which the file system of the target computer is mounted. So, I do the compile and everything, no problem, pointing to the libraries I need (I compile with OpenSSL) by their location on the compilation computer. When I switch to the target computer, the libs are there, but of course on a different path, and PHP doesn't want to run, pointing to unable to find the libs. It doesn't help to put them in the PATH. PHP won't run unless I create for them a PATH exactly like it was on the compilation computer. Any idea? There must be a simple way to solve it that I dont't know. Oh, and, of course, I don't want to compile with static libraries as it's a waste of dear space. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lamolist at cyberxdesigns.com Wed Feb 22 10:08:14 2006 From: lamolist at cyberxdesigns.com (Hans Kaspersetz) Date: Wed, 22 Feb 2006 10:08:14 -0500 Subject: [nycphp-talk] Debugging Remote Problem - Solved In-Reply-To: <43FBAFFC.8010105@cyberxdesigns.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> <43FB7825.1050401@plexpod.com> <43FB799F.2070600@tgaconnect.com> <43FBAFFC.8010105@cyberxdesigns.com> Message-ID: <43FC7E5E.2010103@cyberxdesigns.com> The problem came down to Joomla and Mambo using the user's IP address authenticate users. When users come from a proxy farm their IP address changes mid session and they loose the data that connects them to the stored session data and the user is logged out. I would suggest reading: http://www.mambers.com/showthread.php?p=127067#post127067 From the post: ---------------- snip ------------- The problem, as another poster outlined above, is that Mambo is using the users ip address to authenticate sessions ($_SERVER['REMOTE_ADDR']), and AOL users who use the AOL browser are coming through proxy banks, and could potentially have one of up to 128 different ip addresses for every separate page request. ----------------- end snip -------- When reading this post just substitute the word proxy farm for AOL. I have implemented his suggested hack: -------- |$test = explode('.', $_SERVER['REMOTE_ADDR']); unset ($test[3]); $test = join('.', $test); ------ My users in SA seem to be using the site successfully now. One major problem with this hack is that you have to modify Mambo.php. I hate making changes to the core of an application because now I have to track this thing and apply patches into the future manually or reapply my patch after the update. Remember to apply this fix to any of your custom code that relies on session data. I hope this helps, it certainly helped me. Hans Kaspersetz Cyber X Designs http://www.cyberxdesigns.com | >> If a proxy is in the way >> maybe this will help >> >> >> http://forum.mamboserver.com/showthread.php?t=18759 >> >> >> >> >> From andrew at plexpod.com Wed Feb 22 10:17:21 2006 From: andrew at plexpod.com (Andrew Yochum) Date: Wed, 22 Feb 2006 10:17:21 -0500 Subject: [nycphp-talk] (no subject) In-Reply-To: References: Message-ID: <43FC8081.9070404@plexpod.com> Artzi, Yoav (Yoav) wrote: > I have the following system for cross compilation: a computer on which I > build, on which the file system of the target computer is mounted. So, I > do the compile and everything, no problem, pointing to the libraries I > need (I compile with OpenSSL) by their location on the compilation > computer. When I switch to the target computer, the libs are there, but > of course on a different path, and PHP doesn't want to run, pointing to > unable to find the libs. It doesn't help to put them in the PATH. PHP > won't run unless I create for them a PATH exactly like it was on the > compilation computer. > > Any idea? There must be a simple way to solve it that I dont't know. > Oh, and, of course, I don't want to compile with static libraries as > it's a waste of dear space. > > Thanks. Make sure the path to your libs is in your dynamic linker configuration, usually found in /etc/ld.so.conf and then run ldconfig. See "man 8 ldconfig" for more info. HTH, Andrew -- Andrew Yochum Plexpod andrew at plexpod.com 718-360-0879 From mitch.pirtle at gmail.com Wed Feb 22 10:52:57 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Wed, 22 Feb 2006 10:52:57 -0500 Subject: [nycphp-talk] Debugging Remote Problem - Solved In-Reply-To: <43FC7E5E.2010103@cyberxdesigns.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> <43FB7825.1050401@plexpod.com> <43FB799F.2070600@tgaconnect.com> <43FBAFFC.8010105@cyberxdesigns.com> <43FC7E5E.2010103@cyberxdesigns.com> Message-ID: <330532b60602220752y5a6e838dy1e8654c11862c05e@mail.gmail.com> On 2/22/06, Hans Kaspersetz wrote: > The problem came down to Joomla and Mambo using the user's IP address > authenticate users. When users come from a proxy farm their IP address > changes mid session and they loose the data that connects them to the > stored session data and the user is logged out. Forwarded to the Joomla core devs, and I will be following up on this one... -- Mitch Pirtle, thinking they had switched to cookies, maybe for 1.1 Joomla! Core Developer Open Source Matters From mitch.pirtle at gmail.com Wed Feb 22 11:37:13 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Wed, 22 Feb 2006 11:37:13 -0500 Subject: [nycphp-talk] Debugging Remote Problem - Solved In-Reply-To: <330532b60602220752y5a6e838dy1e8654c11862c05e@mail.gmail.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> <43FB7825.1050401@plexpod.com> <43FB799F.2070600@tgaconnect.com> <43FBAFFC.8010105@cyberxdesigns.com> <43FC7E5E.2010103@cyberxdesigns.com> <330532b60602220752y5a6e838dy1e8654c11862c05e@mail.gmail.com> Message-ID: <330532b60602220837v613b9d04l8c7a99a337ecf691@mail.gmail.com> Aha, I was right! We switched away from IP reliance in the upcoming 1.0.8 release, as well as the newer 1.1 development release, see Rey's comments below about the 1.0.x series: ++++++++++++++++++++++++++++++++++++++++++++++++++++++ It is addressed in 1.0.8, suggest you tell them to read my blog here: http://dev.joomla.org/component/option,com_jd-wp/Itemid,33/p,28/ Basically they will have an option to use session id generated from only first 3 values of IP address instead of full IP, which should alleviate such problems. However full IP address (which is more secure) is the default behaviour. Note this makes session ids slightly less secure (not checking against full IP), However the addition of mosConfig_secret and user agent info will make the generated session id more secure than 1.0.7 and below. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Cross-posting as it is relevant info for the Joomla SIG. -- Mitch On 2/22/06, Mitch Pirtle wrote: > On 2/22/06, Hans Kaspersetz wrote: > > The problem came down to Joomla and Mambo using the user's IP address > > authenticate users. When users come from a proxy farm their IP address > > changes mid session and they loose the data that connects them to the > > stored session data and the user is logged out. > > Forwarded to the Joomla core devs, and I will be following up on this one... > > -- > Mitch Pirtle, thinking they had switched to cookies, maybe for 1.1 > Joomla! Core Developer > Open Source Matters > -- -- Mitch Pirtle Joomla! Core Developer Open Source Matters From chsnyder at gmail.com Wed Feb 22 12:16:06 2006 From: chsnyder at gmail.com (csnyder) Date: Wed, 22 Feb 2006 12:16:06 -0500 Subject: [nycphp-talk] Debugging Remote Problem - Solved In-Reply-To: <330532b60602220837v613b9d04l8c7a99a337ecf691@mail.gmail.com> References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> <43FB7825.1050401@plexpod.com> <43FB799F.2070600@tgaconnect.com> <43FBAFFC.8010105@cyberxdesigns.com> <43FC7E5E.2010103@cyberxdesigns.com> <330532b60602220752y5a6e838dy1e8654c11862c05e@mail.gmail.com> <330532b60602220837v613b9d04l8c7a99a337ecf691@mail.gmail.com> Message-ID: On 2/22/06, Mitch Pirtle wrote: > Aha, I was right! We switched away from IP reliance in the upcoming > 1.0.8 release, as well as the newer 1.1 development release, see Rey's > comments below about the 1.0.x series: > Yeah, I can see where IP address checking could be considered a layer of security "onion" but it only prevents some classes of attack. Anybody in a position to sniff a session id and use it to create their own requests is probably also in a position to spoof the IP address on the packet. I'm thinking specifically of what might happen if you access your site using a compromised router, or if someone on your wifi network was doing packet sniffing. What are you preventing, then, by checking the IP address? Cross-site scripting attacks, where the attacker is on another network. That's pretty big, but you can't assume that all attacks will originate on a separate network. -- Chris Snyder http://chxo.com/ From chsnyder at gmail.com Wed Feb 22 12:34:38 2006 From: chsnyder at gmail.com (csnyder) Date: Wed, 22 Feb 2006 12:34:38 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: <26865-82008@sneakemail.com> References: <8d9a42800602201301q57212f4fp65dc174e41cdc4d1@mail.gmail.com> <26865-82008@sneakemail.com> Message-ID: On 2/20/06, inforequest <1j0lkq002 at sneakemail.com> wrote: > Joseph Crawford codebowl-at-gmail.com |nyphp dev/internal group use| wrote: > > > i would also suggest weberdev as i contribute there when i have the time. > > > > i am surprised though that no one suggested www.devshed.com > > > > > I guess I am tainted because I know how much money some of those sites > have made of off "free" user-submitted content :-) > > -=john andrews > http://www.seo-fun.com If you have written any useful code (and I'm sure you have!) that you would be willing to "support" as open source, publish it on your site and create a FreshMeat record for it. That's a little different from just posting code somewhere, because you retain control over the content. Also, don't be afraid of a little self-promotion. Where is the URL in your signature when you post to this list (and others)? Come on, man! Maybe it's time to start the member-blog-aggregation service at rss.nyphp.org... -- Chris Snyder http://chxo.com/ From mitch.pirtle at gmail.com Wed Feb 22 12:53:34 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Wed, 22 Feb 2006 12:53:34 -0500 Subject: [nycphp-talk] Debugging Remote Problem - Solved In-Reply-To: References: <43FB5560.8000008@cyberxdesigns.com> <43FB6D7C.7050205@cyberxdesigns.com> <43FB7825.1050401@plexpod.com> <43FB799F.2070600@tgaconnect.com> <43FBAFFC.8010105@cyberxdesigns.com> <43FC7E5E.2010103@cyberxdesigns.com> <330532b60602220752y5a6e838dy1e8654c11862c05e@mail.gmail.com> <330532b60602220837v613b9d04l8c7a99a337ecf691@mail.gmail.com> Message-ID: <330532b60602220953v71a65ce5o899693b69b8a5384@mail.gmail.com> On 2/22/06, csnyder wrote: > What are you preventing, then, by checking the IP address? Cross-site > scripting attacks, where the attacker is on another network. That's > pretty big, but you can't assume that all attacks will originate on a > separate network. As you stated earlier in your response, this is just one layer of the security onion. We've also incorporated quite a few enhancements to the 1.1 session class. There is no one quick fix to the problem, and that is why we decided to tackle the challenge with a variety of approaches. We just did an internal security audit of 1.0.7, and the upcoming 1.0.8 is the result of that. I've asked several times if any FOSS security aficionados wanted to participate in a security audit of Joomla code (even asked back in the Mambo years) but alas, no takers to date. (hint, hint) I'd like an external entity to take a look, as we are too familiar with our own code, and when you stare at the same thing every day you manage to stop noticing the cracks and imperfections on your own. -- Mitch Pirtle Joomla! Core Developer Open Source Matters From prusak at gmail.com Wed Feb 22 13:15:58 2006 From: prusak at gmail.com (Ophir Prusak) Date: Wed, 22 Feb 2006 13:15:58 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: References: <8d9a42800602201301q57212f4fp65dc174e41cdc4d1@mail.gmail.com> <26865-82008@sneakemail.com> Message-ID: On 2/22/06, csnyder wrote: > > If you have written any useful code (and I'm sure you have!) that you > would be willing to "support" as open source, publish it on your site > and create a FreshMeat record for it. That's a little different from > just posting code somewhere, because you retain control over the > content. > > Also, don't be afraid of a little self-promotion. Where is the URL in > your signature when you post to this list (and others)? Come on, man! > > Maybe it's time to start the member-blog-aggregation service at > rss.nyphp.org... > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ Great suggestions ;) -- Ophir Prusak http://www.prusak.com From dwclifton at gmail.com Wed Feb 22 15:33:40 2006 From: dwclifton at gmail.com (Douglas Clifton) Date: Wed, 22 Feb 2006 15:33:40 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) Message-ID: <7d6cdcb0602221233o3d8b878dob50c860c97519e3e@mail.gmail.com> Perhaps your site might get a few more visitors, for instance from members of this list, if you posted your message with a signature that includes a link to this site? I can give you some suggestions, and pointers to places that may publish your material, but it sure would be nice to check out some of your existing content first! -- Douglas Clifton dwclifton at gmail.com http://loadaveragezero.com/ http://loadaveragezero.com/app/s9y/ http://loadaveragezero.com/drx/rss/recent > From: "Ophir Prusak" > To: "NYPHP Talk" > Date: Mon, 20 Feb 2006 14:18:21 -0500 > Subject: [nycphp-talk] best place to post articles (other than nyphp.org) > hi all. > > a while back I converted my personal web site into a blog (wordpress) > so I can easily start expressing my self through articles that I think > some people might find helpful. I'm a web developer with lots of > experience in php / databases so most of the articles have been about > web dev (programming / databases stuff). > > this morning I was looking at the stats of my site - i get about 10 > visitors a day. > > so, I've decided that I should start writing on some other site that > gets more exposure where hopefully more people can benefit from my > writings. > > The first place that comes to mind is sitepoint which seems to have a > broad coverage of topics and strong reader base. > > I was wondering what other sites people would suggest for writing > articles about web dev stuff besides the obvious nyphp.org :) ? > > tia, > ophir From 1j0lkq002 at sneakemail.com Wed Feb 22 17:48:18 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 22 Feb 2006 14:48:18 -0800 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: <7d6cdcb0602221233o3d8b878dob50c860c97519e3e@mail.gmail.com> References: <7d6cdcb0602221233o3d8b878dob50c860c97519e3e@mail.gmail.com> Message-ID: <25070-39612@sneakemail.com> Douglas Clifton dwclifton-at-gmail.com |nyphp dev/internal group use| wrote: >Perhaps your site might get a few more visitors, for instance from members of this list, if you posted your message with a signature that includes a link to this >site? I can give you some suggestions, and pointers to places that may publish your material, but it sure would be nice to check out some of your existing >content first! > > Might be nice to see more people hosting the NYPHP.org member logo as well : http://www.nyphp.org/show_participation.php -=john andrews http://www.seo-fun.com From codebowl at gmail.com Wed Feb 22 17:53:45 2006 From: codebowl at gmail.com (Joseph Crawford) Date: Wed, 22 Feb 2006 17:53:45 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: <25070-39612@sneakemail.com> References: <7d6cdcb0602221233o3d8b878dob50c860c97519e3e@mail.gmail.com> <25070-39612@sneakemail.com> Message-ID: <8d9a42800602221453t63b7bc8cv108e0f57d982dcc5@mail.gmail.com> i had no idea that link existed, it will be placed on my new site as soon as it is up ;) -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ 1-802-671-2021 codebowl at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.southwell at nyphp.org Wed Feb 22 18:20:19 2006 From: michael.southwell at nyphp.org (Michael Southwell) Date: Wed, 22 Feb 2006 18:20:19 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: <8d9a42800602221453t63b7bc8cv108e0f57d982dcc5@mail.gmail.co m> References: <7d6cdcb0602221233o3d8b878dob50c860c97519e3e@mail.gmail.com> <25070-39612@sneakemail.com> <8d9a42800602221453t63b7bc8cv108e0f57d982dcc5@mail.gmail.com> Message-ID: <6.2.3.4.2.20060222181752.0250d1a8@mail.optonline.net> An HTML attachment was scrubbed... URL: From mailinglists at caseysoftware.com Wed Feb 22 18:24:50 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Wed, 22 Feb 2006 18:24:50 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: References: Message-ID: <43FCF2C2.3050703@caseysoftware.com> I run CodeSnipers ( http://codesnipers.com/ ). We're a general software development site but we have a trio of factions that share ideas, information, etc. The first and probably loudest factions is PHP led by Nola Stowe. You might have seen her articles syndicated to PHPDeveloper and some other places. I think she's planning to go to NYPHP Conf. The second and most excitable is the Rails crowd led by Caleb Tennis. He's an author with the Pragmatic Programmers and one of O'Reilly's Ruby bloggers. Finally, there's everything else... Gavin Bowman is big in the mISV crowd, we have a couple C/C++ people lurking around, there's a bit of Perl and Java hiding in there, and I regularly interview people throughout the community (Mike Ho of QCodo and Chris Shiflett were in the last couple months). According to Technorati, we're in the top 30k blogs... and we generate a fair amount of traffic. Oh, and it's all built on Drupal with some nice modules and custom extensions. By default, all content on the site is treated as "Attribution-NonCommercial-ShareAlike 2.5". If you or anyone else is interested in contributing, please feel free. Keith -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com From Consult at CovenantEDesign.com Wed Feb 22 18:25:51 2006 From: Consult at CovenantEDesign.com (CED) Date: Wed, 22 Feb 2006 18:25:51 -0500 Subject: [nycphp-talk] Big Banner Message-ID: <00cf01c63807$525ad990$1519a8c0@ced> Incase anyone is interested, feel free to use these: http://edwardprevost.info/images/banners/nyphporgmember_lg.gif http://edwardprevost.info/images/banners/nyphporgmember_lgtags.gif Hope I haven't crossed any boundaries. =D Edward J Prevost II Senior Applications Specialist SIS Project, Data Migration Lead Albany Medical College Albany Medical Center Edward.Prevost at amc.edu desk | 518.262.2743 cell | 518.331.5061 -------------- next part -------------- An HTML attachment was scrubbed... URL: From 1j0lkq002 at sneakemail.com Wed Feb 22 19:08:52 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Wed, 22 Feb 2006 16:08:52 -0800 Subject: [nycphp-talk] [OT] Re: best place to post articles (other than nyphp.org) In-Reply-To: <43FCF2C2.3050703@caseysoftware.com> References: <43FCF2C2.3050703@caseysoftware.com> Message-ID: <17529-59385@sneakemail.com> Keith Casey mailinglists-at-caseysoftware.com |nyphp dev/internal group use| wrote: >I run CodeSnipers ( http://codesnipers.com/ ). We're a general software >development site but we have a trio of factions that share ideas, >information, etc. > > > Keith, You may want to fix that Drupal installation so that you don't have PHPSESSID in the URLs. While it does appear Google is indexing some of them (it didn't used to index those at all) there are good reasons for the search engines to de-prioritze deep crawling sites with sessids because they represent an opportunity for crawl bots to get trapped. See http://www.google.com/search?q=site:codesnipers.com&hl=en&lr=&start=90&sa=N Only 997 pages indexed, and only 550 or so permited to show as results of search queries. Of those 550, only 20 or so have PHPSESSID in the URL. Like I said, I do see some indexed, but conventional wisdom is that the sessid in the url is holding you back. (the php_trans_sessid and use_cookies settings in php.ini might be helpful there). You may also want to try the pathauto module which IMHO really rocks.If you do so on 4.6.x, however, it needs a manual patch (available as a diff from the .org site). Hope that was helpful. -=john andrews http://www.seo-fun.com ================================================================================================================================================================ License: this post and it's contents are distributed under the new "EgoBoost Attribution License". By reading these words, you agree to put a backlink to the author using the anchor text "best seo" on at least 10 websites. Since you have already read these words, what are you waiting for? You are inviolation of your license! Get to work on those back links! From krook at us.ibm.com Wed Feb 22 20:20:12 2006 From: krook at us.ibm.com (Daniel Krook) Date: Wed, 22 Feb 2006 17:20:12 -0800 Subject: [nycphp-talk] Calling mysqli_stmt_bind_param with arbitrary number of parameters? In-Reply-To: <43FC0175.1050900@simmons.edu> Message-ID: Andrew, Dan and Jonathan, Thanks for the tips. I'll look into call_user_func_array and see if I can get the result I want. I'll post back a summary when I discover a solution. Thanks, -Dan Daniel Krook, Content Tools Developer Global Production Services - Tools, ibm.com http://bluepages.redirect.webahead.ibm.com/ http://blogpages.redirect.webahead.ibm.com/ http://bookmarks.redirect.webahead.ibm.com/ From jonbaer at jonbaer.com Wed Feb 22 21:40:38 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Wed, 22 Feb 2006 21:40:38 -0500 Subject: [nycphp-talk] Yahoo! Developer Network - PHP Developer Center Message-ID: Via Jeremy Zawodny ... "Woohoo! The PHP Development Center is now live on the Yahoo! Developer Network. It's full of useful code samples, advice, and HOWTO documents for plugging into our growing army of Web Services using the world's most popular server-side web scripting language: PHP." http://developer.yahoo.net/php/ Good stuff. - Jon From mitch.pirtle at gmail.com Thu Feb 23 00:30:19 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Thu, 23 Feb 2006 00:30:19 -0500 Subject: [nycphp-talk] [joomla] Joomla training Message-ID: <330532b60602222130j61d0c1bbpb551be5e5689ceaa@mail.gmail.com> Second crosspost of the week, my apologies. On 2/10/06, Dan Gisolfi wrote: > > Jeff Phelps @ Clearmark wrote: Any other info on this? Location, time, > date, etc. > > See: www.jamboworks.com and click on Education Services Which now finally has content, including an online payment/registration system, thanks to a slightly chopped and repurposed gigCalendar. JamboWorks, IBM and MicroTek partner to bring professional training to Joomla developers and content managers, with a very targeted, hands-on approach geared to get you productive as soon as possible. I'm personally quite excited about this, as it has been a long time coming and is in great need. Looking forward to growing the Joomla community in the NYC area, as well as adding more professional developers to the Joomla ecosystem! http://www.jamboworks.com/content/view/27/51/ -- Mitch Pirtle Joomla! Core Developer Open Source Matters From lists at zaunere.com Thu Feb 23 08:53:35 2006 From: lists at zaunere.com (Hans Zaunere) Date: Thu, 23 Feb 2006 08:53:35 -0500 Subject: [nycphp-talk] Big Banner In-Reply-To: <00cf01c63807$525ad990$1519a8c0@ced> Message-ID: <006501c63880$8b6f62e0$6401a8c0@MZ> CED wrote on Wednesday, February 22, 2006 6:26 PM: > Incase anyone is interested, feel free to use these: > > http://edwardprevost.info/images/banners/nyphporgmember_lg.gif > http://edwardprevost.info/images/banners/nyphporgmember_lgtags.gif > > > Hope I haven't crossed any boundaries. =D Not at all - thanks Edward for the helping hand - much appreciated. --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From SHalter at ThorntonTomasetti.com Thu Feb 23 10:02:13 2006 From: SHalter at ThorntonTomasetti.com (Halter, Shari) Date: Thu, 23 Feb 2006 10:02:13 -0500 Subject: [nycphp-talk] Preventing spam with php mail function Message-ID: I have just joined this mailing list, and hope to attend the next meeting on Tuesday. I hope this question is not too rudimentary for this group. Is there a widely-accepted solution to prevent spammers from exploiting the php mail function (as forwarded from HTML forms, for instance)? I have seen several out there, but is there any particular approach that is considered best? The less elaborate, the better --I don't really need Pentagon level security-- but right now there is nothing and the site owners are getting swamped with spam. I would appreciate any quick pointers you could offer. Shari Halter We've Moved! Our new address is 51 Madison Avenue, New York, NY 10010. Our telephone and fax numbers remain the same. Shari L. Halter Web Programmer Thornton Tomasetti 51 Madison Avenue New York, NY 10010 T 917.661.7800 F 917.661.7801 D 917.661.7970 SHalter at ThorntonTomasetti.com <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> The information in this email and any attachments may contain confidential information that is intended solely for the attention and use of the named addressee(s). This message or any part thereof must not be disclosed, copied, distributed or retained by any person without authorization from the addressee. If you are not the intended addressee, please notify the sender immediately, and delete this message. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> -------------- next part -------------- An HTML attachment was scrubbed... URL: From agfische at email.smith.edu Thu Feb 23 12:01:28 2006 From: agfische at email.smith.edu (Aaron Fischer) Date: Thu, 23 Feb 2006 12:01:28 -0500 Subject: [nycphp-talk] Testing session authentication - multiple apps Message-ID: <43FDEA68.6090700@email.smith.edu> Greetings all, apologies if this is a boringly rudimentary question... I am curious as to one aspect of how sessions work. Say a user has a few different session cookies that have been set by my site from different apps. When they visit one app and I start the session and check an identifier such as an authentication variable, how does the session mechanism know which session cookie to check? Not sure what I'm missing here. Or perhaps I'm not missing anything and I need to uniquely identify each session using session_name() or use different session authentication vars in each app (e.g. $_SESSION['postcard_auth'] = true; in one, $_SESSION['dbmanage_auth'] = true; in another, etc.). Any info would be helpful. Thanks, -Aaron From tgales at tgaconnect.com Thu Feb 23 12:47:09 2006 From: tgales at tgaconnect.com (Tim Gales) Date: Thu, 23 Feb 2006 12:47:09 -0500 Subject: [nycphp-talk] Testing session authentication - multiple apps In-Reply-To: <43FDEA68.6090700@email.smith.edu> References: <43FDEA68.6090700@email.smith.edu> Message-ID: <43FDF51D.20102@tgaconnect.com> Aaron Fischer wrote: ... > I am curious as to one aspect of how sessions work. Say a user has a > few different session cookies that have been set by my site from > different apps. When they visit one app and I start the session and > check an identifier such as an authentication variable, how does the > session mechanism know which session cookie to check? David Lane & Hugh E. Williams give some background on sessions in their book 'Web Database Applications with PHP & MySQL' http://www.oreilly.com/catalog/webdbapps/chapter/ch08.html -- T. Gales & Associates 'Helping People Connect with Technology' http://www.tgaconnect.com From jeff.loiselle at gmail.com Thu Feb 23 14:56:31 2006 From: jeff.loiselle at gmail.com (Jeff Loiselle) Date: Thu, 23 Feb 2006 14:56:31 -0500 Subject: [nycphp-talk] PHP Quebec Message-ID: <4b1887110602231156i54e19b4bw44e44209b07952c7@mail.gmail.com> Any discounts for NYPHP members this year for PHP Quebec Conference? ;-) --- Jeff Loiselle Web Developer, Musician, and Observer http://jeff.loiselles.com From chsnyder at gmail.com Thu Feb 23 15:00:16 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 23 Feb 2006 15:00:16 -0500 Subject: [nycphp-talk] Preventing spam with php mail function In-Reply-To: References: Message-ID: On 2/23/06, Halter, Shari wrote: > > > I have just joined this mailing list, and hope to attend the next meeting on > Tuesday. I hope this question is not too rudimentary for this group. > > Is there a widely-accepted solution to prevent spammers from exploiting the > php mail function (as forwarded from HTML forms, for instance)? I have seen > several out there, but is there any particular approach that is considered > best? The less elaborate, the better --I don't really need Pentagon level > security-- but right now there is nothing and the site owners are getting > swamped with spam. > > I would appreciate any quick pointers you could offer. > > Shari Halter > The best antidote for spam is, first and foremost, a good spam filter on the email server. Maybe that's not the answer you're looking for, but it is actually pretty hard to prevent scripts or dedicated humans from POSTing to a public form on a website. Aside from filtering messages on the email end, there are some things you could try to make it harder to spam the form, or not worth the effort: 1) remove the incentive. Why are people spamming your contact form? What's in it for them? Do you post the submissions somewhere? Are the owners a high-value spam target? Can a spammer craft a form submission so that it gets sent to multiple recipients? Perhaps the form can be changed to be less of a spam magnet. 2) require a valid HTTP_REFERER on form submission. This is easy for a spammer to spoof, but they might decide not to bother. Only prevents scripted abuse. 3) require the poster to decipher a captcha (words encoded as an image, like Yahoo! uses on registration) Again, there are workarounds for spammers, but would they bother? 4) Capture the IP address of the poster as part of the submission, and use php or firewall to block the abusers. This only works if they're not distributed. I think a lot of people put up HTML contact forms a few years back thinking that it would somehow protect them from spam, but it doesn't. -- Chris Snyder http://chxo.com/ From chsnyder at gmail.com Thu Feb 23 15:29:53 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 23 Feb 2006 15:29:53 -0500 Subject: [nycphp-talk] Testing session authentication - multiple apps In-Reply-To: <43FDEA68.6090700@email.smith.edu> References: <43FDEA68.6090700@email.smith.edu> Message-ID: On 2/23/06, Aaron Fischer wrote: > Or perhaps I'm not missing anything and > I need to uniquely identify each session using session_name() or use > different session authentication vars in each app (e.g. > $_SESSION['postcard_auth'] = true; in one, $_SESSION['dbmanage_auth'] = > true; in another, etc.). Bingo. session_name() called before session_start() will set the name of the cookie used by PHP to track the session. If you have different apps in the same domain name that can't share a session, then you can give them each a unique cookie name. Paranoid security note -- each app will be able to see the session ids that are in use by the other applications, and could pull an "inside job" to get the values associated with those other sessions, or send spoofed requests to the other apps. If you want zero information leakage you need to put the apps on separate domains. -- Chris Snyder http://chxo.com/ From agfische at email.smith.edu Thu Feb 23 15:44:30 2006 From: agfische at email.smith.edu (Aaron Fischer) Date: Thu, 23 Feb 2006 15:44:30 -0500 Subject: [nycphp-talk] Testing session authentication - multiple apps In-Reply-To: References: <43FDEA68.6090700@email.smith.edu> Message-ID: <43FE1EAE.4010305@email.smith.edu> Cool. Interestingly enough I'm viewing the session cookies set by one of my apps and it appears that none of my parameters are being set (e.g. session name, expire time, etc.). I know this was working previously, but I'm not sure if I've checked this out since our server upgraded from PHP4 to PHP5, perhaps there is something inherent in the versions or our admins changed some ini settings. I dunno, two steps forward, one step back it seems. Time for more investigation. Grumble. -Aaron csnyder wrote: > >Bingo. session_name() called before session_start() will set the name >of the cookie used by PHP to track the session. If you have different >apps in the same domain name that can't share a session, then you can >give them each a unique cookie name. > > > From SHalter at ThorntonTomasetti.com Thu Feb 23 15:50:00 2006 From: SHalter at ThorntonTomasetti.com (Halter, Shari) Date: Thu, 23 Feb 2006 15:50:00 -0500 Subject: [nycphp-talk] Preventing spam with php mail function Message-ID: Chris, Thanks so much for your very thorough advice. There is no good scripting method or practice, then, that is better to use, like validation or using include files instead of building the php code into the form, itself? (I've heard this could prevent some bots from sniffing out the mail details.) Shari We've Moved! Our new address is 51 Madison Avenue, New York, NY 10010. Our telephone and fax numbers remain the same. Shari L. Halter Web Programmer Thornton Tomasetti 51 Madison Avenue New York, NY 10010 T 917.661.7800 F 917.661.7801 D 917.661.7970 SHalter at ThorntonTomasetti.com -----Original Message----- From: csnyder [mailto:chsnyder at gmail.com] Sent: Thursday, February 23, 2006 3:00 PM To: NYPHP Talk Subject: Re: [nycphp-talk] Preventing spam with php mail function On 2/23/06, Halter, Shari wrote: > > > I have just joined this mailing list, and hope to attend the next > meeting on Tuesday. I hope this question is not too rudimentary for this group. > > Is there a widely-accepted solution to prevent spammers from > exploiting the php mail function (as forwarded from HTML forms, for > instance)? I have seen several out there, but is there any particular > approach that is considered best? The less elaborate, the better --I > don't really need Pentagon level > security-- but right now there is nothing and the site owners are > getting swamped with spam. > > I would appreciate any quick pointers you could offer. > > Shari Halter > The best antidote for spam is, first and foremost, a good spam filter on the email server. Maybe that's not the answer you're looking for, but it is actually pretty hard to prevent scripts or dedicated humans from POSTing to a public form on a website. Aside from filtering messages on the email end, there are some things you could try to make it harder to spam the form, or not worth the effort: 1) remove the incentive. Why are people spamming your contact form? What's in it for them? Do you post the submissions somewhere? Are the owners a high-value spam target? Can a spammer craft a form submission so that it gets sent to multiple recipients? Perhaps the form can be changed to be less of a spam magnet. 2) require a valid HTTP_REFERER on form submission. This is easy for a spammer to spoof, but they might decide not to bother. Only prevents scripted abuse. 3) require the poster to decipher a captcha (words encoded as an image, like Yahoo! uses on registration) Again, there are workarounds for spammers, but would they bother? 4) Capture the IP address of the poster as part of the submission, and use php or firewall to block the abusers. This only works if they're not distributed. I think a lot of people put up HTML contact forms a few years back thinking that it would somehow protect them from spam, but it doesn't. -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> The information in this email and any attachments may contain confidential information that is intended solely for the attention and use of the named addressee(s). This message or any part thereof must not be disclosed, copied, distributed or retained by any person without authorization from the addressee. If you are not the intended addressee, please notify the sender immediately, and delete this message. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> From ldgphp at ldgmedia.com Thu Feb 23 16:20:06 2006 From: ldgphp at ldgmedia.com (Lars Gelfan) Date: Thu, 23 Feb 2006 16:20:06 -0500 Subject: [nycphp-talk] Preventing spam with php mail function In-Reply-To: Message-ID: It's hard to know exactly what you mean by "exploiting the php mail function" but Chris made some excellent suggestions. If it's an issue of you including the email address as a hidden field (or using "mailto" links anywhere on your site), then, yes that is an easy way for bots to harvest the addresses. You should never include your email addresses in a hidden form field, especially if that makes it possible for someone to easily alter the form and use your server to send out spam. From what I can tell, however, it sounds like the main problem is your company is getting too much mail, not that someone is using your form as a relay. If you are getting flooded with fake form submissions, there are multiple strategies you can do, some of which were already mentioned, and the best plan usually involves both client-side as well as server-side solutions. One thing I might caution about using the HTTP_REFERER method is that many "privacy" software applications filter this out (as I found out the hard way on an e-commerce site once) and could prevent legit submissions. Certainly a mix of cookies, session tracking, ip logging, "captchas", etc. would prevent submission flooding. And you can use JavaScript functions to replace "mailto" links to at least slow down bot email harvesting. -Lars On 2/23/06 3:50 PM, "Halter, Shari" wrote: > Chris, > > Thanks so much for your very thorough advice. > > There is no good scripting method or practice, then, that is better to use, > like validation or using include files instead of building the php code into > the form, itself? (I've heard this could prevent some bots from sniffing > out the mail details.) > > Shari -- L A R S G E L F A N ..................... lars at ldgmedia.com o: 212.267.5012 m: 917.554.4593 From lists at zaunere.com Thu Feb 23 17:19:33 2006 From: lists at zaunere.com (Hans Zaunere) Date: Thu, 23 Feb 2006 17:19:33 -0500 Subject: [nycphp-talk] Preventing spam with php mail function In-Reply-To: Message-ID: <00e401c638c7$3a1b41b0$6401a8c0@MZ> Halter, Shari wrote on Thursday, February 23, 2006 10:02 AM: > I have just joined this mailing list, and hope to attend the next meeting > on Tuesday. I hope this question is not too rudimentary for this group. Not at all - welcome, Shari... > Is there a widely-accepted solution to prevent spammers from exploiting > the php mail function (as forwarded from HTML forms, for instance)? I > have seen several out there, but is there any particular approach that is > considered best? The less elaborate, the better --I don't really need > Pentagon level security-- but right now there is nothing and the site > owners are getting swamped with spam. > > I would appreciate any quick pointers you could offer. If I understand correctly, we have a PHundamentals article available for this: http://www.nyphp.org/phundamentals/email_header_injection.php --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From 1j0lkq002 at sneakemail.com Thu Feb 23 17:46:35 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 23 Feb 2006 14:46:35 -0800 Subject: [nycphp-talk] Preventing spam with php mail function In-Reply-To: <00e401c638c7$3a1b41b0$6401a8c0@MZ> References: <00e401c638c7$3a1b41b0$6401a8c0@MZ> Message-ID: <9442-15870@sneakemail.com> Hans Zaunere lists-at-zaunere.com |nyphp dev/internal group use| wrote: > If I understand correctly, we have a PHundamentals article available for > >this: > >http://www.nyphp.org/phundamentals/email_header_injection.php > > > Hans beat me to it. IMHO that article is one of the best on the web for addressing multi-part MIME exploits using contact forms. It is an advanced topic, though, but as with every "exploit" if the coder suffered through the advanced topics early, the learning process would be much less painful. Basically it shows how even if you build a "safer" contact form, it may be used to insert spam because Internet mail systems permit mail messages to be inserted into other mail messages. The bottom line is that you have to filter every field of the mail your form will create and send, even if you don't collect those fields on your form (default fields and the like). Most people are filtering every field their form collects (which is not enough... you have to filter/control the defaults as well). That article also highlights the need to filter out newlines that might indictate an inserted message-within-a-message. It's a good article. Chris' reply is excellent for the way it suggests you review the bigger picture of your security (not just the technology of the contact form). I completely agree, and would like to add more. Consider these ideas as a start: Can your form be used to spoof an email so that it appears to come from someone within your company even though it really originated on your website, created by an outsider? Could I use your form to send an email to the person who handles user-submitted requests, perhaps looking like an email from your web hosting company directing an update of shell account username/passwords etc? Can your "change my password" form be used to change another user's password withoit prior permission/approval? Does your contact-us form CC others in your organization prior to any adminsitrative review? You don't want obscene or harassing statements circulated within the company, or you could open up the company to civil liabilities. Similarly, if your organization is regulated (HIPAA, banking and finance, securities, etc) un-reviewed user submissions should not be circulated (copied to multiple places onclient machines etc). Hope this helps. -=johnandrews http://www.seo-fun.com From aarong at thinkcomputer.com Thu Feb 23 18:13:20 2006 From: aarong at thinkcomputer.com (Aaron Greenspan) Date: Thu, 23 Feb 2006 17:13:20 -0600 Subject: [nycphp-talk] Preventing spam with php mail function Message-ID: <43FE4190.2040105@thinkcomputer.com> Hi everyone, I'm more interested in finding out what is causing the widespread exploitation of forms. I've written a paper on it (which references the NYPHP article), though I have admittedly little information. If anyone has anything to contribute, please let me know. I've logged about 80 attempts at exploiting a form on my server today, and they're increasingly from the United States. http://www.thinkcomputer.com/corporate/news/unabombersghost.pdf Aaron Aaron Greenspan President & CEO Think Computer Corporation http://www.thinkcomputer.com From chsnyder at gmail.com Thu Feb 23 18:35:04 2006 From: chsnyder at gmail.com (csnyder) Date: Thu, 23 Feb 2006 18:35:04 -0500 Subject: [nycphp-talk] Preventing spam with php mail function In-Reply-To: <43FE4190.2040105@thinkcomputer.com> References: <43FE4190.2040105@thinkcomputer.com> Message-ID: On 2/23/06, Aaron Greenspan wrote: > Hi everyone, > > I'm more interested in finding out what is causing the widespread > exploitation of forms. I've written a paper on it (which references the > NYPHP article), though I have admittedly little information. If anyone > has anything to contribute, please let me know. I've logged about 80 > attempts at exploiting a form on my server today, and they're > increasingly from the United States. > > http://www.thinkcomputer.com/corporate/news/unabombersghost.pdf > > Aaron > Eh, viruses happen. Malware happens. Heck, you could use a cross-site scripting attack to perform this kind of spamming using Ajax requests. It doesn't really matter what's causing the attacks, because there will always be something ready to step up and exploit the scripts until they get fixed. There are plenty of people out there running old perl scripts that turn their web servers into open mail relays, at least most of the PHP contact form handlers I've seen haven't been quite that naiive. -- Chris Snyder http://chxo.com/ From 1j0lkq002 at sneakemail.com Thu Feb 23 18:53:32 2006 From: 1j0lkq002 at sneakemail.com (inforequest) Date: Thu, 23 Feb 2006 15:53:32 -0800 Subject: [nycphp-talk] Preventing spam with php mail function In-Reply-To: <43FE4190.2040105@thinkcomputer.com> References: <43FE4190.2040105@thinkcomputer.com> Message-ID: <26917-90112@sneakemail.com> As I recall, the majority of distributed denial of service (DDOS) attacks are now coming from compromised servers (check Netcraft). Consider this scenario: Programming "company" creates website offering a free script to the world. Maybe it's a PHP script. Maybe it's a forum, or a directory script, or maybe it's a mod to one of those. The site is in a less-regulated place with a TLD ending in 2 letters. The coders are identified by monikers. The "AboutUs" looks one of those corporate templates we all love so much. The forum is full of "awesome dood... I need a script like this! But I can't get it to work!" followed by admin responses like "no problem. PM me and I'll help you" and then "thanks dude! you rock! It works great!" What we didn't see was the passing of shell access from user to unknown, overseas coder. Even if that didn't happen, is the script full of cross-site or other injection opportunities? Sure they are. Free support for a free script running on a low-cost shared hosting plan = compromised server (or compromisable). Now after you see one of those blatantly exploitable free scripts gaining popularity, go file a report with Secunia or whomever. Unless you provide extensive details of the code and exploit potential, they won't publish it nor can they afford the time to look into it. -=john andrews http://www.seo-fun.com From dwclifton at gmail.com Fri Feb 24 00:42:35 2006 From: dwclifton at gmail.com (Douglas Clifton) Date: Fri, 24 Feb 2006 00:42:35 -0500 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) Message-ID: <7d6cdcb0602232142m56d68d56ld09047dbd7041e64@mail.gmail.com> > ---------- Forwarded message ---------- > From: "inforequest" <1j0lkq002 at sneakemail.com> > To: talk at lists.nyphp.org > Date: Wed, 22 Feb 2006 14:48:18 -0800 > Subject: Re: [nycphp-talk] best place to post articles (other than nyphp.org) > Might be nice to see more people hosting the NYPHP.org member logo as well : > > http://www.nyphp.org/show_participation.php One of the very first additions to my list of developer resources: http://loadaveragezero.com/app/drx/Programming/Languages/PHP#nyphp:sig -- Douglas Clifton dwclifton at gmail.com http://loadaveragezero.com/ http://loadaveragezero.com/app/s9y/ http://loadaveragezero.com/drx/rss/recent From enolists at gmail.com Fri Feb 24 00:50:06 2006 From: enolists at gmail.com (Mark Armendariz) Date: Thu, 23 Feb 2006 21:50:06 -0800 Subject: [nycphp-talk] best place to post articles (other than nyphp.org) In-Reply-To: <7d6cdcb0602232142m56d68d56ld09047dbd7041e64@mail.gmail.com> Message-ID: <055d01c63906$2ce80cf0$6500a8c0@enobrev> > > One of the very first additions to my list of developer resources: > > http://loadaveragezero.com/app/drx/Programming/Languages/PHP#nyphp:sig > > -- > Douglas Clifton I was about to complain about the 4-star rating until I realized the only 5-star was the manual. Mark From lists at zaunere.com Fri Feb 24 08:29:15 2006 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 24 Feb 2006 08:29:15 -0500 Subject: [nycphp-talk] [OT] Our Signature Message-ID: <003501c63946$4fbb3280$6401a8c0@MZ> Well, it's true that our signature is perhaps a little busy, but hey, we have a lot going on. :) > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk This is mandatory... :) > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com So I'm sure most on this list have heard already, but we've launched a significant PHP/open source/technology event, happening June 14-16, 2006. We always are pleased to have people involved, whether it be via sponsorship, speaking, or helping to spread the word. For speakers, we're reaching out to local companies to learn how they're using, integrating or even just considering PHP. To help spread the word, all you need to do is check out the Show Participation section: http://www.nyphpcon.com/show_participation.php We appreciate folks jotting a link or image on their sites, blogs, etc. and if you'd like to participate as a media sponsor, please contact me offlist. > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php And the above link, which is new, gives a way for people to show that they're involved and helping NYPHP support the open source community. Again, place a link or image anywhere that's convenient. --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From SHalter at ThorntonTomasetti.com Fri Feb 24 09:39:01 2006 From: SHalter at ThorntonTomasetti.com (Halter, Shari) Date: Fri, 24 Feb 2006 09:39:01 -0500 Subject: [nycphp-talk] Preventing spam with php mail function Message-ID: Thank you John and Hans. Looking forward to meeting up on Tuesday. Shari We've Moved! Our new address is 51 Madison Avenue, New York, NY 10010. Our telephone and fax numbers remain the same. Shari L. Halter Web Programmer Thornton Tomasetti 51 Madison Avenue New York, NY 10010 T 917.661.7800 F 917.661.7801 D 917.661.7970 SHalter at ThorntonTomasetti.com -----Original Message----- From: Hans Zaunere [mailto:lists at zaunere.com] Sent: Thursday, February 23, 2006 5:20 PM To: 'NYPHP Talk' Subject: Re: [nycphp-talk] Preventing spam with php mail function Halter, Shari wrote on Thursday, February 23, 2006 10:02 AM: > I have just joined this mailing list, and hope to attend the next > meeting on Tuesday. I hope this question is not too rudimentary for this group. Not at all - welcome, Shari... > Is there a widely-accepted solution to prevent spammers from > exploiting the php mail function (as forwarded from HTML forms, for > instance)? I have seen several out there, but is there any particular > approach that is considered best? The less elaborate, the better --I > don't really need Pentagon level security-- but right now there is nothing and the site > owners are getting swamped with spam. > > I would appreciate any quick pointers you could offer. If I understand correctly, we have a PHundamentals article available for this: http://www.nyphp.org/phundamentals/email_header_injection.php --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> The information in this email and any attachments may contain confidential information that is intended solely for the attention and use of the named addressee(s). This message or any part thereof must not be disclosed, copied, distributed or retained by any person without authorization from the addressee. If you are not the intended addressee, please notify the sender immediately, and delete this message. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> From mitch.pirtle at gmail.com Fri Feb 24 11:47:32 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Fri, 24 Feb 2006 11:47:32 -0500 Subject: [nycphp-talk] Web Traffic Analytics In-Reply-To: <3253-41807@sneakemail.com> References: <3253-41807@sneakemail.com> Message-ID: <330532b60602240847j21355f24kd1fa1d873445cb63@mail.gmail.com> On 7/23/05, inforequest <1j0lkq002 at sneakemail.com> wrote: > This is another case of convenience and perhaps customer ignorance trumping security. These are log-file analysis programs, which operate after-the-fact on server files which contain proprietary company data. Do they really need to be "live" on a public web server? I'd like to revive this thread and ask if there are any good FOSS offline analysis tools available. Say a fat-client app that can chew up logfiles on a local machine, and that generates (pretty formatted) reports. Would be nice to know if something like that exists out there, especially in the FOSS world... -- Mitch Pirtle Joomla! Core Developer Open Source Matters From chsnyder at gmail.com Fri Feb 24 12:05:33 2006 From: chsnyder at gmail.com (csnyder) Date: Fri, 24 Feb 2006 12:05:33 -0500 Subject: [nycphp-talk] Web Traffic Analytics In-Reply-To: <330532b60602240847j21355f24kd1fa1d873445cb63@mail.gmail.com> References: <3253-41807@sneakemail.com> <330532b60602240847j21355f24kd1fa1d873445cb63@mail.gmail.com> Message-ID: On 2/24/06, Mitch Pirtle wrote: > On 7/23/05, inforequest <1j0lkq002 at sneakemail.com> wrote: > > This is another case of convenience and perhaps customer ignorance trumping security. These are log-file analysis programs, which operate after-the-fact on server files which contain proprietary company data. Do they really need to be "live" on a public web server? > > I'd like to revive this thread and ask if there are any good FOSS > offline analysis tools available. Say a fat-client app that can chew > up logfiles on a local machine, and that generates (pretty formatted) > reports. > > Would be nice to know if something like that exists out there, > especially in the FOSS world... > And AWStats doesn't cut it? I rsync server logs to a separate box nightly, and then awstats.pl chews through them and generates its databases. The result is a relatively pretty, formatted report. The bonus is that the logs are backed up if the server goes belly-up. And you only have to maintain one instance of AWStats. This saves a lot of maintenance when generating stats for multiple hosts, because each host config can include a global config that has the bulk of the configuration directives. -- Chris Snyder http://chxo.com/ From greg.rundlett at gmail.com Fri Feb 24 16:11:46 2006 From: greg.rundlett at gmail.com (Greg Rundlett) Date: Fri, 24 Feb 2006 16:11:46 -0500 Subject: [nycphp-talk] Web Traffic Analytics In-Reply-To: References: <3253-41807@sneakemail.com> <330532b60602240847j21355f24kd1fa1d873445cb63@mail.gmail.com> Message-ID: <5e2aaca40602241311o4440706fha939064bb7a10af3@mail.gmail.com> On 2/24/06, csnyder wrote: > > On 2/24/06, Mitch Pirtle wrote: > > [snip] > I'd like to revive this thread and ask if there are any good FOSS > > offline analysis tools available. Say a fat-client app that can chew > > up logfiles on a local machine, and that generates (pretty formatted) > > reports. [snip] > > > Would be nice to know if something like that exists out there, > > especially in the FOSS world... > > > > And AWStats doesn't cut it? > > I rsync server logs to a separate box nightly, and then awstats.pl > chews through them and generates its databases. The result is a > relatively pretty, formatted report. > > > +1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Fri Feb 24 18:24:32 2006 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 24 Feb 2006 18:24:32 -0500 Subject: [nycphp-talk] [OT] Our Signature In-Reply-To: <003501c63946$4fbb3280$6401a8c0@MZ> Message-ID: <009901c63999$789ecb50$c405a8c0@MZ> Hans Zaunere wrote on Friday, February 24, 2006 8:29 AM: > Well, it's true that our signature is perhaps a little busy, but hey, we > have a lot going on. :) Everyone loves it when people reply to their own posts, but as I mention above, we have a lot going on. See the end of this message for some new developments... > > New York PHP Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > This is mandatory... :) > > > New York PHP Conference and Expo 2006 > > http://www.nyphpcon.com > > So I'm sure most on this list have heard already, but we've launched a > significant PHP/open source/technology event, happening June 14-16, 2006. > We always are pleased to have people involved, whether it be via > sponsorship, speaking, or helping to spread the word. > > For speakers, we're reaching out to local companies to learn how they're > using, integrating or even just considering PHP. > > To help spread the word, all you need to do is check out the Show > Participation section: > > http://www.nyphpcon.com/show_participation.php > > We appreciate folks jotting a link or image on their sites, blogs, etc. > and if you'd like to participate as a media sponsor, please contact me > offlist. > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > And the above link, which is new, gives a way for people to show that > they're involved and helping NYPHP support the open source community. > Again, place a link or image anywhere that's convenient. We're going to start sponsoring online presentations for those who can't make it to New York City. These won't be instead of the monthly meetings, but in addition to, and we encourage the community to participate. For those of you on the NYPHP-Announce list (which everyone should be!) our first online presentation featuring "Web Attacks and How They Are Stopped By dotDefender" has just been announced. There's also a calendar entry: http://www.nyphp.org/content/calendar/view_entry.php?id=90&date=20060314 We've also opened up a presentation submittal form where everyone is encouraged to submit or suggest topics. More details are available at: http://www.nyphp.org/presentations.php And no, it's probably not a good idea to add more lines to the signature. So please check the http://www.nyphp.org frontpage frequently for updates, and be sure you're subscribed to the NYPHP-Announce (http://www.nyphp.org/lists) mailing list (announcements are NOT cross-posted between lists). --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com From arzala at gmail.com Sat Feb 25 00:07:40 2006 From: arzala at gmail.com (Anirudhsinh Zala) Date: Sat, 25 Feb 2006 10:37:40 +0530 Subject: [nycphp-talk] [OT] Our Signature In-Reply-To: <009901c63999$789ecb50$c405a8c0@MZ> References: <009901c63999$789ecb50$c405a8c0@MZ> Message-ID: On Sat, 25 Feb 2006 04:54:32 +0530, Hans Zaunere wrote: > > Hans Zaunere wrote on Friday, February 24, 2006 8:29 AM: >> Well, it's true that our signature is perhaps a little busy, but hey, we >> have a lot going on. :) > > Everyone loves it when people reply to their own posts, but as I mention > above, we have a lot going on. See the end of this message for some new > developments... > >> > New York PHP Community Talk Mailing List >> > http://lists.nyphp.org/mailman/listinfo/talk >> >> This is mandatory... :) >> >> > New York PHP Conference and Expo 2006 >> > http://www.nyphpcon.com >> >> So I'm sure most on this list have heard already, but we've launched a >> significant PHP/open source/technology event, happening June 14-16, 2006. >> We always are pleased to have people involved, whether it be via >> sponsorship, speaking, or helping to spread the word. >> >> For speakers, we're reaching out to local companies to learn how they're >> using, integrating or even just considering PHP. >> >> To help spread the word, all you need to do is check out the Show >> Participation section: >> >> http://www.nyphpcon.com/show_participation.php >> >> We appreciate folks jotting a link or image on their sites, blogs, etc. >> and if you'd like to participate as a media sponsor, please contact me >> offlist. >> >> > Show Your Participation in New York PHP >> > http://www.nyphp.org/show_participation.php >> >> And the above link, which is new, gives a way for people to show that >> they're involved and helping NYPHP support the open source community. >> Again, place a link or image anywhere that's convenient. > > We're going to start sponsoring online presentations for those who can't > make it to New York City. These won't be instead of the monthly meetings, > but in addition to, and we encourage the community to participate. For > those of you on the NYPHP-Announce list (which everyone should be!) our > first online presentation featuring "Web Attacks and How They Are Stopped By > dotDefender" has just been announced. There's also a calendar entry: > > http://www.nyphp.org/content/calendar/view_entry.php?id=90&date=20060314 This is indeed helpful addition in current way of presentations, mainly for those whow are not able to join presentations over there. By this change non US members can also feel like they are there with them. I wish best luck to this new way of online presentations and looking forward to participate in this presentations. > > We've also opened up a presentation submittal form where everyone is > encouraged to submit or suggest topics. More details are available at: > > http://www.nyphp.org/presentations.php > > And no, it's probably not a good idea to add more lines to the signature. > > So please check the http://www.nyphp.org frontpage frequently for updates, > and be sure you're subscribed to the NYPHP-Announce > (http://www.nyphp.org/lists) mailing list (announcements are NOT > cross-posted between lists). > > > --- > Hans Zaunere / President / New York PHP > www.nyphp.org / www.nyphp.com > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- ----------------------------------------------------- Anirudh Zala (Production Manager) ASPL, http://www.aspl.in Ph: +91 281 245 1894 arzala at gmail.com ----------------------------------------------------- From danielc at analysisandsolutions.com Sat Feb 25 21:47:39 2006 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sat, 25 Feb 2006 21:47:39 -0500 Subject: [nycphp-talk] Preventing spam with php mail function In-Reply-To: <00e401c638c7$3a1b41b0$6401a8c0@MZ> References: <00e401c638c7$3a1b41b0$6401a8c0@MZ> Message-ID: <20060226024739.GB27283@panix.com> On Thu, Feb 23, 2006 at 05:19:33PM -0500, Hans Zaunere wrote: > > http://www.nyphp.org/phundamentals/email_header_injection.php Pardon my dissent, but that article has flaws. I've mentioned them before on several occasions. But let's cut to the chase. The quick, guaranteed way to avoid header injection is to pass all email headers through the following: $value = preg_replace("/[\r\n]+/", "\r\n ", trim($value)); There's a whole thread about this stuff, of which this is one: http://lists.nyphp.org/pipermail/talk/2005-September/016172.html --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From shiflett at php.net Sun Feb 26 15:53:22 2006 From: shiflett at php.net (Chris Shiflett) Date: Sun, 26 Feb 2006 15:53:22 -0500 Subject: [nycphp-talk] Planet NYPHP (Was: best place to post articles (other than nyphp.org)) In-Reply-To: References: <8d9a42800602201301q57212f4fp65dc174e41cdc4d1@mail.gmail.com> <26865-82008@sneakemail.com> Message-ID: <44021542.1000309@php.net> csnyder wrote: > Maybe it's time to start the member-blog-aggregation service at > rss.nyphp.org. I was going to suggest this a while ago - something like a Planet NYPHP. I have a feeling there are a bunch of NYPHP blogs I would read if I knew they existed... Chris From prusak at gmail.com Sun Feb 26 22:05:17 2006 From: prusak at gmail.com (Ophir Prusak) Date: Sun, 26 Feb 2006 22:05:17 -0500 Subject: [nycphp-talk] Web Traffic Analytics In-Reply-To: <98763d07214cd76dcb1bcece54d20b46@jobsforge.com> References: <98763d07214cd76dcb1bcece54d20b46@jobsforge.com> Message-ID: On 7/16/05, Matthew Terenzio wrote: > > > Anyone have a favorite web traffic analytics program or service? > Preferably free, but I 'd like some level of sophistication. Without knowing anything else I'd say sign up for google analytics and wait (there's a waiting list). Nothing else free comes even close. If you need something right now - I'd say http://www.statcounter.com/ hmm - just realized this is a very old thread ... oh well. > > _______________________________________________ > New York PHP Talk Mailing List > AMP Technology > Supporting Apache, MySQL and PHP > http://lists.nyphp.org/mailman/listinfo/talk > http://www.nyphp.org > -- Ophir Prusak http://www.prusak.com From ps at pswebcode.com Mon Feb 27 08:53:25 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Mon, 27 Feb 2006 08:53:25 -0500 Subject: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP Message-ID: <000101c63ba5$2e1b6df0$68e4a144@Rubicon> I see that there are ad hoc free scripts/classes/methods for sending SMS text messages from a PHP script out to a specific telephone company's gateway server... but I'm wondering if anyone on the list has had a past experience with setting up a client's website application to send and receive SMS text messages. If so, have you used a vendor with servers that send/receive on your behalf like: http://www.tm4b.com/ Has anyone used Teleflip http://www.teleflip.com/teleflip/index.jsp personally or professionally? Any previous experiences would be of interest. Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com From list at harveyk.com Mon Feb 27 09:11:06 2006 From: list at harveyk.com (harvey) Date: Mon, 27 Feb 2006 09:11:06 -0500 Subject: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP In-Reply-To: <000101c63ba5$2e1b6df0$68e4a144@Rubicon> References: <000101c63ba5$2e1b6df0$68e4a144@Rubicon> Message-ID: <7.0.1.0.2.20060227090855.0380e950@harveyk.com> I've used teleflip personally to send texts now and then and it seems to have worked fine to different carriers. But that was just very light casual use... At 08:53 AM 2/27/2006, Peter Sawczynec wrote: >I see that there are ad hoc free scripts/classes/methods for sending SMS >text messages from a PHP script out to a specific >telephone company's gateway server... > >but I'm wondering if anyone on the list has had a past experience with >setting up a client's website application to >send and receive SMS text messages. > >If so, have you used a vendor with servers that send/receive on your behalf >like: http://www.tm4b.com/ > >Has anyone used Teleflip http://www.teleflip.com/teleflip/index.jsp >personally or professionally? > >Any previous experiences would be of interest. > >Warmest regards, > >Peter Sawczynec, >Technology Director >PSWebcode >_Design & Interface >_Ecommerce >_Database Management >ps at pswebcode.com >718.796.1951 >www.pswebcode.com > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php From snirgal at optonline.net Mon Feb 27 09:58:54 2006 From: snirgal at optonline.net (snir gal) Date: Mon, 27 Feb 2006 09:58:54 -0500 Subject: [nycphp-talk] hosting? Message-ID: <001701c63bae$54691940$0337a8c0@shalomHome> hi, any good hosting company? i use johncompanies.com looking for a good hosting with unlimited plesk key for a customer. thanks and have a nice day. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ken at secdat.com Mon Feb 27 10:16:22 2006 From: ken at secdat.com (Kenneth Downs) Date: Mon, 27 Feb 2006 10:16:22 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <001701c63bae$54691940$0337a8c0@shalomHome> References: <001701c63bae$54691940$0337a8c0@shalomHome> Message-ID: <440317C6.8070604@secdat.com> snir gal wrote: > hi, > > any good hosting company? > i use johncompanies.com Top of the line is rackspace.com, they do "managed hosting", incredible cs, but of course more pricey. I have a dedicated gentoo server at sevenl.net, and another at serverpronto.com. They are cheaper than rackspace.com and for that I get occassional annoyances, miscommunications, and other stuff. Each of the networks has been down for and hour so in the past few months. Based on these experiences I am intending myself to keep all of my test stuff on one of either sevenl.net or serverpronto.com, and move the production stuff to rackspace.com. > > looking for a good hosting with unlimited plesk key > for a customer. > > thanks and have a nice day. > > >------------------------------------------------------------------------ > >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 186 bytes Desc: not available URL: From mitch.pirtle at gmail.com Mon Feb 27 10:39:28 2006 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Mon, 27 Feb 2006 10:39:28 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <001701c63bae$54691940$0337a8c0@shalomHome> References: <001701c63bae$54691940$0337a8c0@shalomHome> Message-ID: <330532b60602270739k5ebcdca7yfcec08e3642839d4@mail.gmail.com> Not sure about the unlimited plesk key requirement, but I am a happy user of ServerBeach, which is basically RackSpace wth much, much lower prices and similar support. Founded by one of the RackSpace guys, you should feel right at home if you are familiar with their service. -- Mitch On 2/27/06, snir gal wrote: > > hi, > > any good hosting company? > i use johncompanies.com > > looking for a good hosting with unlimited plesk key > for a customer. From brian at vermonster.com Mon Feb 27 10:43:07 2006 From: brian at vermonster.com (Brian Kaney) Date: Mon, 27 Feb 2006 10:43:07 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <330532b60602270739k5ebcdca7yfcec08e3642839d4@mail.gmail.com> References: <001701c63bae$54691940$0337a8c0@shalomHome> <330532b60602270739k5ebcdca7yfcec08e3642839d4@mail.gmail.com> Message-ID: <44031E0B.80102@vermonster.com> We use 1&1, which has been pretty good thus far. But I wonder if anyone knows of any good Gentoo hosting providers? -Brian Mitch Pirtle wrote: > Not sure about the unlimited plesk key requirement, but I am a happy > user of ServerBeach, which is basically RackSpace wth much, much lower > prices and similar support. Founded by one of the RackSpace guys, you > should feel right at home if you are familiar with their service. > > -- Mitch > > On 2/27/06, snir gal wrote: > >>hi, >> >>any good hosting company? >>i use johncompanies.com >> >>looking for a good hosting with unlimited plesk key >>for a customer. From ken at secdat.com Mon Feb 27 10:47:43 2006 From: ken at secdat.com (Kenneth Downs) Date: Mon, 27 Feb 2006 10:47:43 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <44031E0B.80102@vermonster.com> References: <001701c63bae$54691940$0337a8c0@shalomHome> <330532b60602270739k5ebcdca7yfcec08e3642839d4@mail.gmail.com> <44031E0B.80102@vermonster.com> Message-ID: <44031F1F.2060503@secdat.com> Brian Kaney wrote: >We use 1&1, which has been pretty good thus far. But I wonder if anyone >knows of any good Gentoo hosting providers? > > both sevenl.net and serverpront.com will create a gentoo box for you. >-Brian > > >Mitch Pirtle wrote: > > >>Not sure about the unlimited plesk key requirement, but I am a happy >>user of ServerBeach, which is basically RackSpace wth much, much lower >>prices and similar support. Founded by one of the RackSpace guys, you >>should feel right at home if you are familiar with their service. >> >>-- Mitch >> >>On 2/27/06, snir gal wrote: >> >> >> >>>hi, >>> >>>any good hosting company? >>>i use johncompanies.com >>> >>>looking for a good hosting with unlimited plesk key >>>for a customer. >>> >>> >_______________________________________________ >New York PHP Community Talk Mailing List >http://lists.nyphp.org/mailman/listinfo/talk >New York PHP Conference and Expo 2006 >http://www.nyphpcon.com >Show Your Participation in New York PHP >http://www.nyphp.org/show_participation.php > > -------------- next part -------------- A non-text attachment was scrubbed... Name: ken.vcf Type: text/x-vcard Size: 186 bytes Desc: not available URL: From ps at pswebcode.com Mon Feb 27 11:11:04 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Mon, 27 Feb 2006 11:11:04 -0500 Subject: [nycphp-talk] "Scintillating, far-reaching, insightful." Message-ID: <001601c63bb8$69067550$68e4a144@Rubicon> "Advances this from of the art." "Multi-layered, skillful, intelligent." Pro PHP Security -- Chris Snyder and Michael Southwell, Apress 2005 Warmest regards, Peter Sawczynec, Technology Director PSWebcode _Design & Interface _Ecommerce _Database Management ps at pswebcode.com 718.796.1951 www.pswebcode.com From mailinglists at caseysoftware.com Mon Feb 27 11:33:00 2006 From: mailinglists at caseysoftware.com (Keith Casey) Date: Mon, 27 Feb 2006 11:33:00 -0500 Subject: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP In-Reply-To: <000101c63ba5$2e1b6df0$68e4a144@Rubicon> References: <000101c63ba5$2e1b6df0$68e4a144@Rubicon> Message-ID: <440329BC.8040107@caseysoftware.com> Peter, My biggest customer is an SMS provider and if you're trying to send a simple SMS, you can normally do something along the lines of sending an email to {phonenumber}@{carrier}. This will normally work for all free efforts across the major carriers but is not technically an SMS. If you are looking to have true SMS capability - like where a user could respond via a shortcode - it gets quite a bit more complicated. For this, you need dedicated connections (called binds) to the various carriers along with approval from the carriers so they know where to route the shortcode. And the shortcode must be approved/purchased by the shortcode authority (like an IP). On top of that, there are certain requirements - like supporting STOP, HELP, etc - that are involved at the carrier level. If you're looking to do premium services, it gets even more fun. More than anything, it's simply data down the pipe. I'm working with production systems that do it in Java and PHP, so there are efforts out there... not sure what the licensing of the code is, but I think that's the least of the barriers. Alternatively, I've been trying to convince my customer to build an API and resell some of the services, so people like you might serve to build my case. If you have more/additional questions, feel free to drop me a note. Keith Peter Sawczynec wrote: > I see that there are ad hoc free scripts/classes/methods for sending SMS > text messages from a PHP script out to a specific > telephone company's gateway server... > > but I'm wondering if anyone on the list has had a past experience with > setting up a client's website application to > send and receive SMS text messages. > > If so, have you used a vendor with servers that send/receive on your behalf > like: http://www.tm4b.com/ > > Has anyone used Teleflip http://www.teleflip.com/teleflip/index.jsp > personally or professionally? > > Any previous experiences would be of interest. -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com From lamolist at cyberxdesigns.com Mon Feb 27 11:46:14 2006 From: lamolist at cyberxdesigns.com (Hans Kaspersetz) Date: Mon, 27 Feb 2006 11:46:14 -0500 Subject: [nycphp-talk] January Presentation Message-ID: <44032CD6.4090103@cyberxdesigns.com> We have posted January's presentation to NYPHP.org. There is a Zip of files and as always the audio. Thanks to all those that made it happen and see you tomorrow night! Hans Kaspersetz Presentation Lacky, NY PHP From ashaw at polymerdb.org Mon Feb 27 11:46:34 2006 From: ashaw at polymerdb.org (Allen Shaw) Date: Mon, 27 Feb 2006 10:46:34 -0600 Subject: [nycphp-talk] "Scintillating, far-reaching, insightful." In-Reply-To: <001601c63bb8$69067550$68e4a144@Rubicon> References: <001601c63bb8$69067550$68e4a144@Rubicon> Message-ID: <44032CEA.40902@polymerdb.org> Spam (if so, it's intriguing), or an inside joke just for locals? - Allen Peter Sawczynec wrote: > "Advances this from of the art." > "Multi-layered, skillful, intelligent." > > Pro PHP Security -- Chris Snyder and Michael Southwell, Apress 2005 > > > Warmest regards, > > Peter Sawczynec, > Technology Director > PSWebcode > _Design & Interface > _Ecommerce > _Database Management > ps at pswebcode.com > 718.796.1951 > www.pswebcode.com > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Allen Shaw Polymer (http://polymerdb.org) From ps at pswebcode.com Mon Feb 27 12:02:27 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Mon, 27 Feb 2006 12:02:27 -0500 Subject: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP In-Reply-To: <440329BC.8040107@caseysoftware.com> Message-ID: <001901c63bbf$96bed940$68e4a144@Rubicon> Thank you, Keith. Your encapsulation was good. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Keith Casey Sent: Monday, February 27, 2006 11:33 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP Peter, My biggest customer is an SMS provider and if you're trying to send a simple SMS, you can normally do something along the lines of sending an email to {phonenumber}@{carrier}. This will normally work for all free efforts across the major carriers but is not technically an SMS. If you are looking to have true SMS capability - like where a user could respond via a shortcode - it gets quite a bit more complicated. For this, you need dedicated connections (called binds) to the various carriers along with approval from the carriers so they know where to route the shortcode. And the shortcode must be approved/purchased by the shortcode authority (like an IP). On top of that, there are certain requirements - like supporting STOP, HELP, etc - that are involved at the carrier level. If you're looking to do premium services, it gets even more fun. More than anything, it's simply data down the pipe. I'm working with production systems that do it in Java and PHP, so there are efforts out there... not sure what the licensing of the code is, but I think that's the least of the barriers. Alternatively, I've been trying to convince my customer to build an API and resell some of the services, so people like you might serve to build my case. If you have more/additional questions, feel free to drop me a note. Keith Peter Sawczynec wrote: > I see that there are ad hoc free scripts/classes/methods for sending > SMS text messages from a PHP script out to a specific telephone > company's gateway server... > > but I'm wondering if anyone on the list has had a past experience with > setting up a client's website application to send and receive SMS text > messages. > > If so, have you used a vendor with servers that send/receive on your > behalf > like: http://www.tm4b.com/ > > Has anyone used Teleflip http://www.teleflip.com/teleflip/index.jsp > personally or professionally? > > Any previous experiences would be of interest. -- D. Keith Casey Jr. CEO, CaseySoftware, LLC http://CaseySoftware.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From jonbaer at jonbaer.com Mon Feb 27 17:38:43 2006 From: jonbaer at jonbaer.com (Jon Baer) Date: Mon, 27 Feb 2006 17:38:43 -0500 Subject: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP In-Reply-To: <440329BC.8040107@caseysoftware.com> References: <000101c63ba5$2e1b6df0$68e4a144@Rubicon> <440329BC.8040107@caseysoftware.com> Message-ID: <26CAC31A-A042-49D4-88F6-3ACF06B2BD90@jonbaer.com> It is currently a huge PITA to obtains shortcodes and provision them w/ all the carriers @ the moment (not to mention a monopoly on the registry) ... http://www.usshortcodes.com can get you a CSC for ~$500 per month (random) or $1000 for fixed. And it is the *only* route to go. For low cost apps, Ive personally used UA ... http://www.unwiredevents.com/main/app I normally judge a SMS third-party on their level of integration know- how + how quick they reply to emails :-) Either way easy to setup, I just wish doing it all w/ a CSC and trying your luck w/ SMS apps was a bit more straight forward ... Teleflip is also very handy. But if you get serious about it you have to study up on MO (message originating) and MT (message terminating) charges to see if its worthwhile. - Jon On Feb 27, 2006, at 11:33 AM, Keith Casey wrote: > Peter, > > My biggest customer is an SMS provider and if you're trying to send a > simple SMS, you can normally do something along the lines of > sending an > email to {phonenumber}@{carrier}. This will normally work for all > free > efforts across the major carriers but is not technically an SMS. > > If you are looking to have true SMS capability - like where a user > could > respond via a shortcode - it gets quite a bit more complicated. For > this, you need dedicated connections (called binds) to the various > carriers along with approval from the carriers so they know where to > route the shortcode. And the shortcode must be approved/purchased by > the shortcode authority (like an IP). > > On top of that, there are certain requirements - like supporting STOP, > HELP, etc - that are involved at the carrier level. If you're looking > to do premium services, it gets even more fun. > > More than anything, it's simply data down the pipe. I'm working with > production systems that do it in Java and PHP, so there are efforts > out > there... not sure what the licensing of the code is, but I think > that's > the least of the barriers. > > Alternatively, I've been trying to convince my customer to build an > API > and resell some of the services, so people like you might serve to > build > my case. > > If you have more/additional questions, feel free to drop me a note. > > Keith > > Peter Sawczynec wrote: >> I see that there are ad hoc free scripts/classes/methods for >> sending SMS >> text messages from a PHP script out to a specific >> telephone company's gateway server... >> >> but I'm wondering if anyone on the list has had a past experience >> with >> setting up a client's website application to >> send and receive SMS text messages. >> >> If so, have you used a vendor with servers that send/receive on >> your behalf >> like: http://www.tm4b.com/ >> >> Has anyone used Teleflip http://www.teleflip.com/teleflip/index.jsp >> personally or professionally? >> >> Any previous experiences would be of interest. > > -- > D. Keith Casey Jr. > CEO, CaseySoftware, LLC > http://CaseySoftware.com > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From list at harveyk.com Tue Feb 28 00:59:00 2006 From: list at harveyk.com (harvey) Date: Tue, 28 Feb 2006 00:59:00 -0500 Subject: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP In-Reply-To: <7.0.1.0.2.20060227090855.0380e950@harveyk.com> References: <000101c63ba5$2e1b6df0$68e4a144@Rubicon> <7.0.1.0.2.20060227090855.0380e950@harveyk.com> Message-ID: <7.0.1.0.2.20060228005827.06f7a958@harveyk.com> Fyi, Google has a send-to-phone extension for Firefox http://toolbar.google.com/firefox/extensions/sendtophone/ At 09:11 AM 2/27/2006, harvey wrote: >I've used teleflip personally to send texts now and then and it >seems to have worked fine to different carriers. But that was just >very light casual use... > > >At 08:53 AM 2/27/2006, Peter Sawczynec wrote: > >>I see that there are ad hoc free scripts/classes/methods for sending SMS >>text messages from a PHP script out to a specific >>telephone company's gateway server... >> >>but I'm wondering if anyone on the list has had a past experience with >>setting up a client's website application to >>send and receive SMS text messages. >> >>If so, have you used a vendor with servers that send/receive on your behalf >>like: http://www.tm4b.com/ >> >>Has anyone used Teleflip http://www.teleflip.com/teleflip/index.jsp >>personally or professionally? >> >>Any previous experiences would be of interest. >> >>Warmest regards, >> >>Peter Sawczynec, >>Technology Director >>PSWebcode >>_Design & Interface >>_Ecommerce >>_Database Management >>ps at pswebcode.com >>718.796.1951 >>www.pswebcode.com >> >>_______________________________________________ >>New York PHP Community Talk Mailing List >>http://lists.nyphp.org/mailman/listinfo/talk >>New York PHP Conference and Expo 2006 >>http://www.nyphpcon.com >>Show Your Participation in New York PHP >>http://www.nyphp.org/show_participation.php From ps at pswebcode.com Tue Feb 28 08:03:50 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 28 Feb 2006 08:03:50 -0500 Subject: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP In-Reply-To: <7.0.1.0.2.20060228005827.06f7a958@harveyk.com> Message-ID: <000701c63c67$6b450020$68e4a144@Rubicon> http://toolbar.google.com/send/sms/ Send text messages to pretty much any US carrier. Hidden form field 'client' has value: firefox_sms_but. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of harvey Sent: Tuesday, February 28, 2006 12:59 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Send/Receive SMS (Text Messaging) with PHP Fyi, Google has a send-to-phone extension for Firefox http://toolbar.google.com/firefox/extensions/sendtophone/ At 09:11 AM 2/27/2006, harvey wrote: >I've used teleflip personally to send texts now and then and it >seems to have worked fine to different carriers. But that was just >very light casual use... > > >At 08:53 AM 2/27/2006, Peter Sawczynec wrote: > >>I see that there are ad hoc free scripts/classes/methods for sending >>SMS text messages from a PHP script out to a specific telephone >>company's gateway server... >> >>but I'm wondering if anyone on the list has had a past experience with >>setting up a client's website application to send and receive SMS text >>messages. >> >>If so, have you used a vendor with servers that send/receive on your >>behalf >>like: http://www.tm4b.com/ >> >>Has anyone used Teleflip http://www.teleflip.com/teleflip/index.jsp >>personally or professionally? >> >>Any previous experiences would be of interest. >> >>Warmest regards, >> >>Peter Sawczynec, >>Technology Director >>PSWebcode >>_Design & Interface >>_Ecommerce >>_Database Management >>ps at pswebcode.com >>718.796.1951 >>www.pswebcode.com >> >>_______________________________________________ >>New York PHP Community Talk Mailing List >>http://lists.nyphp.org/mailman/listinfo/talk >>New York PHP Conference and Expo 2006 >>http://www.nyphpcon.com >>Show Your Participation in New York PHP >>http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From ps at pswebcode.com Tue Feb 28 09:05:22 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 28 Feb 2006 09:05:22 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <001701c63bae$54691940$0337a8c0@shalomHome> Message-ID: <000601c63c70$03e1c810$68e4a144@Rubicon> http://www.westhost.com/ Uses shared hosting technique called Virtual Private Server so that you can configure your own Apache and have SSH, Cron, optional PHP4.x or PHP 5.x. Very nice pricing. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of snir gal Sent: Monday, February 27, 2006 9:59 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] hosting? hi, any good hosting company? i use johncompanies.com looking for a good hosting with unlimited plesk key for a customer. thanks and have a nice day. -------------- next part -------------- An HTML attachment was scrubbed... URL: From volcimaster at gmail.com Tue Feb 28 09:15:50 2006 From: volcimaster at gmail.com (Warren Myers) Date: Tue, 28 Feb 2006 09:15:50 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <000601c63c70$03e1c810$68e4a144@Rubicon> References: <001701c63bae$54691940$0337a8c0@shalomHome> <000601c63c70$03e1c810$68e4a144@Rubicon> Message-ID: I use tektonic.net which also provides VPS hosting. For a cheaper alternative, they have unmanaged hosting options, where you're 100% responsible for the server. WMM On 2/28/06, Peter Sawczynec wrote: > > http://www.westhost.com/ > > Uses shared hosting technique called Virtual Private Server > so that you can configure your own Apache and have > SSH, Cron, optional PHP4.x or PHP 5.x. > > Very nice pricing. > > Peter > > -----Original Message----- > *From:* talk-bounces at lists.nyphp.org [mailto: talk-bounces at lists.nyphp.org] > *On Behalf Of *snir gal > *Sent:* Monday, February 27, 2006 9:59 AM > *To:* talk at lists.nyphp.org > *Subject:* [nycphp-talk] hosting? > > hi, > > any good hosting company? > i use johncompanies.com > > looking for a good hosting with unlimited plesk key > for a customer. > > thanks and have a nice day. > > > > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > New York PHP Conference and Expo 2006 > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > > > -- http://warrenmyers.com "God may not play dice with the universe, but something strange is going on with the prime numbers." --Paul Erd?s "It's not possible. We are the type of people who have everything in our favor going against us." --Ben Jarhvi, Short Circuit 2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at pswebcode.com Tue Feb 28 09:46:37 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 28 Feb 2006 09:46:37 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <000601c63c70$03e1c810$68e4a144@Rubicon> Message-ID: <001701c63c75$c755b180$68e4a144@Rubicon> Further regarding this topical item of web hosting. Here is some of my two cents. Primero. If they don't have 24/7 live tech support. Just say no, skip it, pass, move on, these aren't the droids we're looking for. Generally, I have found web hosting plans (*NIX or WIN) priced at less than $10 per month to be unacceptable, plagued with web site outages in prime time business hours and on busy shopping holidays. Email service frequently interrupted. Knowledgeable but inert tech support. Plans at $20 - $60 per month seem to offer more performance and uptime respectability. Staying our of the nearly vicious bargain basement web hosting arena really eases the selection task anyway, fewer smorgasbord options and clearer path to realistic admin controls. I have settled on: Interland I use them for myself and several clients. We never have web site down time or email interruption. General website performance: a bit off, but never unacceptable. FTP xfr rate is always good. But, admittedly, at the admin interface, response is typically a bit sluggish, especially when using phpMyAdmin for MySQL admin. Westhost I have a client using them. General website performance: nice. FTP xfr rate is excellent Admin interface response is very crisp. Verizon Business-class (A techie there told me that they actually subcontract to Interland.) I have one client using them. General website performance: nice. FTP xfr rate excellent. Admin interface is snappy. There that is my two cents. There really are no bargains and I think it works better in client meetings when one calmly suggests a little focused business-class web hosting up tweak instead of getting out the 9-panel Italian menu of diversionary options. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Peter Sawczynec Sent: Tuesday, February 28, 2006 9:05 AM To: 'NYPHP Talk' Subject: Re: [nycphp-talk] hosting? http://www.westhost.com/ Uses shared hosting technique called Virtual Private Server so that you can configure your own Apache and have SSH, Cron, optional PHP4.x or PHP 5.x. Very nice pricing. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of snir gal Sent: Monday, February 27, 2006 9:59 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] hosting? hi, any good hosting company? i use johncompanies.com looking for a good hosting with unlimited plesk key for a customer. thanks and have a nice day. From ps at pswebcode.com Tue Feb 28 10:19:16 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 28 Feb 2006 10:19:16 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <001701c63bae$54691940$0337a8c0@shalomHome> Message-ID: <001801c63c7a$56af17f0$68e4a144@Rubicon> Sorry, but one last caveat on this here web hosting. Domain Names and Web Hosting I don't let the web host provide the domain name service. I make the client actually buy it themselves, separately, from another vendor like Network Solutions. (Yes, this costs more.) But... Then later if there are any irresolvable technical issues with the web host, you can: 1) Go and buy a new web hosting plan by IP address only, 2) Set up the web site at the new host, 3) Log in to your separate domain name control panel and change the domain name pointing yourself to the new web host, 4) End of nightmare old web hosting story. This way the client is in control of their own domain name destiny and can be a discriminating consumer with playable options and can move around more at will. Giddy. Peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of snir gal Sent: Monday, February 27, 2006 9:59 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] hosting? hi, any good hosting company? i use johncompanies.com looking for a good hosting with unlimited plesk key for a customer. thanks and have a nice day. -------------- next part -------------- An HTML attachment was scrubbed... URL: From volcimaster at gmail.com Tue Feb 28 10:22:17 2006 From: volcimaster at gmail.com (Warren Myers) Date: Tue, 28 Feb 2006 10:22:17 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <001801c63c7a$56af17f0$68e4a144@Rubicon> References: <001701c63bae$54691940$0337a8c0@shalomHome> <001801c63c7a$56af17f0$68e4a144@Rubicon> Message-ID: On 2/28/06, Peter Sawczynec wrote: > > Sorry, but one last caveat on this here web hosting. > > Domain Names and Web Hosting > > I don't let the web host provide the domain name service. > I make the client actually buy it themselves, separately, from another > vendor like Network Solutions. > (Yes, this costs more.) But... > Good point. I've been doing this for a while, especially as needs change for hosting solutions. Then later if there are any irresolvable technical issues with the web host, > you can: > 1) Go and buy a new web hosting plan by IP address only, > 2) Set up the web site at the new host, > 3) Log in to your separate domain name control panel and change the domain > name pointing yourself to the new web host, > 4) End of nightmare old web hosting story. > Yeah, changing registrars later is a pain. This way the client is in control of their own domain name destiny and can > be > a discriminating consumer with playable options and can move around more > at will. > > Giddy. > -- http://warrenmyers.com "God may not play dice with the universe, but something strange is going on with the prime numbers." --Paul Erd?s "It's not possible. We are the type of people who have everything in our favor going against us." --Ben Jarhvi, Short Circuit 2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedd at sperling.com Tue Feb 28 10:23:21 2006 From: tedd at sperling.com (tedd) Date: Tue, 28 Feb 2006 10:23:21 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <001701c63c75$c755b180$68e4a144@Rubicon> References: <001701c63c75$c755b180$68e4a144@Rubicon> Message-ID: >Further regarding this topical item of web hosting. Here is some of my two >cents. Well... considering that everyone else is offering their two cents -- I'm definitely at the lower end of cost -- I can't afford the expensive stuff. As such, I get hosting for $6.95 per YEAR and it's sufficient for all my php development needs. No complaints yet. Contact me off-list if interested. tedd -- -------------------------------------------------------------------------------- http://sperling.com From tedd at sperling.com Tue Feb 28 10:31:00 2006 From: tedd at sperling.com (tedd) Date: Tue, 28 Feb 2006 10:31:00 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <001801c63c7a$56af17f0$68e4a144@Rubicon> References: <001801c63c7a$56af17f0$68e4a144@Rubicon> Message-ID: >This way the client is in control of their own domain name destiny and can be >a discriminating consumer with playable options and can move around >more at will. > >Peter Yeah, I had one client who did that and then every year like-clock-work his site would go down and then after blaming me for it, I would find that he had failed to reregister his domain. It happened four years in a row and I finally told him to go elsewhere. Now, any web sites that I manage completely, I also handle all the domain name stuff and bill for it. If the client wants to go elsewhere, it's no problem to release the name to another register. tedd -- -------------------------------------------------------------------------------- http://sperling.com From ps at pswebcode.com Tue Feb 28 10:41:02 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 28 Feb 2006 10:41:02 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: Message-ID: <002901c63c7d$61834810$68e4a144@Rubicon> These are two alternative strategies and I definitely understand and respect both models. But I don't want the domain name or web hosting responsibility. To be blunt, because I don't want the client calling me on Saturday afternoon about "why is the web site slow" or email is down. Especially, if they have selected some 20-cent web hosting with automated avatar language-sensitive FAQ-driven IM chat tech support with emoticons. Pedro -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of tedd Sent: Tuesday, February 28, 2006 10:31 AM To: NYPHP Talk Subject: Re: [nycphp-talk] hosting? >This way the client is in control of their own domain name destiny and >can be a discriminating consumer with playable options and can move >around more at will. > >Peter Yeah, I had one client who did that and then every year like-clock-work his site would go down and then after blaming me for it, I would find that he had failed to reregister his domain. It happened four years in a row and I finally told him to go elsewhere. Now, any web sites that I manage completely, I also handle all the domain name stuff and bill for it. If the client wants to go elsewhere, it's no problem to release the name to another register. tedd -- ---------------------------------------------------------------------------- ---- http://sperling.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk New York PHP Conference and Expo 2006 http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From snirgal at optonline.net Tue Feb 28 10:48:29 2006 From: snirgal at optonline.net (snir gal) Date: Tue, 28 Feb 2006 10:48:29 -0500 Subject: [nycphp-talk] hosting? References: <001701c63bae$54691940$0337a8c0@shalomHome> Message-ID: <003901c63c7e$6c5b5ab0$0337a8c0@shalomHome> hi, since there is so many issues relating choosing a hosting service and every other day another company pops it will be nice to see a list of hosting providers on NYPHP so member can give their opinion, experience and tips I know it will help me make abetter choice after looking @ someone else opinion/ideas/suggestion thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at pswebcode.com Tue Feb 28 10:59:41 2006 From: ps at pswebcode.com (Peter Sawczynec) Date: Tue, 28 Feb 2006 10:59:41 -0500 Subject: [nycphp-talk] hosting? In-Reply-To: <003901c63c7e$6c5b5ab0$0337a8c0@shalomHome> Message-ID: <002f01c63c7f$fc524100$68e4a144@Rubicon> Essentially, Samsung builds almost all flat panel television screens, regardless of whose brand name in on the box. In web hosting I believe that essentially there is a handful of really big hosts behind the scenes and many, many of the little guys are resellers for the big guys. They even get hooked to the big guys tech support through well-devised intelligent 800 number routing. I'd enjoy seeing a schematic of webhosting ownership from the big true "we physically own and control the servers" entities with connectors down to all the resellers they support. peter -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of snir gal Sent: Tuesday, February 28, 2006 10:48 AM To: NYPHP Talk Subject: Re: [nycphp-talk] hosting? hi, since there is so many issues relating choosing a hosting service and every other day another company pops it will be nice to see a list of hosting providers on NYPHP so member can give their opinion, experience and tips I know it will help me make abetter choice after looking @ someone else opinion/ideas/suggestion thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: