From paul at devonianfarm.com  Sun Apr  1 22:10:18 2007
From: paul at devonianfarm.com (Paul Houle)
Date: Sun, 01 Apr 2007 22:10:18 -0400
Subject: [nycphp-talk] Creating database tables when deploying products
In-Reply-To: <000f01c7740e$9ce3fde0$6a01a8c0@gamebox>
References: <01b001c76fb4$bef4f730$6a01a8c0@gamebox>	<460F1387.2070105@devonianfarm.com>
	<000f01c7740e$9ce3fde0$6a01a8c0@gamebox>
Message-ID: <4610660A.2070507@devonianfarm.com>

Ben Sgro (ProjectSkyline) wrote:
> I suppose I can use PEAR:DB:SQLwhatever, but I'm intimate
> what my SQL code and don't want to give it up.
    I've mostly worked with ADODB.  When I last looked,  ADODB was far 
ahead of PEAR:DB, but it looks like PEAR:DB has come a long way.

    I have a few serious complaints with ADODB,  but it sure beats 
having to switch between a few database APIs to do my work.  Things I'd 
like to see in a database API are:

(i) no use of globals to switch between numeric and associative result sets
(ii) lazy initialization of database connections ('create' the 
connection early in your app,  but don't suffer the overhead of using it 
until you need it)
(iii) a subdivision of database exceptions,  so I can write something like

try {
    $db->Execute("INSERT ...");
} catch (DuplicateKeyException $e) {
...
};

The 'spring' framework in Java does something like this.



From cliff at pinestream.com  Mon Apr  2 10:27:06 2007
From: cliff at pinestream.com (Cliff Hirsch)
Date: Mon, 2 Apr 2007 09:27:06 -0500
Subject: [nycphp-talk] DB-based sessions and destructing objects problem
Message-ID: <20070402142706.M83063@pinestream.com>

I am implementing a MySQL-based session handler and am confused by the dialog
in the PHP manual regarding this issue:

"Write and Close handlers are called after destructing objects since PHP
5.0.5. Thus destructors can use sessions but session handler can't use
objects. In prior versions, they were called in the opposite order. It is
possible to call session_write_close() from the destructor to solve this
chicken and egg problem."

The English please....

First, my app uses PEAR DB. So should I use PEAR DB for access, or use the
mysql or mysqli primitives and open a new connection? It seems like opening a
new connection would be a waste of resources. But using PEAR DB adds overhead
and brings up this object destruction problem.

I've seen register_shutdown_function('session_write_close'); as a way to get
around the destructor issue, but what is the PEAR DB class is destructed
before the session handler?

Thoroughly confused...

Thoughts?

Cliff


From ben at projectskyline.com  Mon Apr  2 11:27:54 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Mon, 2 Apr 2007 11:27:54 -0400
Subject: [nycphp-talk] PHP auction software / experiance & comments
Message-ID: <00d301c7753b$7be27f30$6a01a8c0@gamebox>

Hello Again, 

I've been researching auction software .. and since I really dont want to attempt to write this kind of stuff,
I need to find something that works well out of the box, plus includes the source (since I will be integrating
it into another site).

So far, the most promising software package I've found is: http://www.phpauction.net/index.php

I believe the source code EP version would be best for my auction needs.

Does anyone have experiance w/this company and its products?

Thanks!

- Ben

ProjectSkyLine - Defining New Horizons


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070402/e6daf3a2/attachment.html>

From ramons at gmx.net  Mon Apr  2 21:16:38 2007
From: ramons at gmx.net (David Krings)
Date: Mon, 02 Apr 2007 21:16:38 -0400
Subject: [nycphp-talk] single quote vs. double quote
Message-ID: <4611AAF6.1070306@gmx.net>

Hi!

The old topic is at it again. After some long long time I started again 
with doing some PHP. Task: internationalize my existing project. Goal: 
read strings from a text file. First step: open the file.

I used this:
$langfile = fopen('$langfileloc', 'r');
and constantly had it fail. The path and file name are OK, I 
quadruplechecked.

Now, when I do this:
$langfile = fopen("$langfileloc", "r");
It works like a charm. Which makes me wonder as some long time ago we 
had this nice discussion that ended with sth like "one needs only the 
single quote for everything in PHP".

Do I recall this incorrectly or are the exceptions (bugs?) in PHP?

Well, took me quite some time to figure out that my use of expert advise 
wasn't that great this time around.

David


From chsnyder at gmail.com  Mon Apr  2 22:05:19 2007
From: chsnyder at gmail.com (csnyder)
Date: Mon, 2 Apr 2007 22:05:19 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <4611AAF6.1070306@gmx.net>
References: <4611AAF6.1070306@gmx.net>
Message-ID: <b76252690704021905q385223dbq12a03c4f1791a2af@mail.gmail.com>

On 4/2/07, David Krings <ramons at gmx.net> wrote:
...
> $langfile = fopen('$langfileloc', 'r');
> and constantly had it fail.
...
> Which makes me wonder as some long time ago we
> had this nice discussion that ended with sth like "one needs only the
> single quote for everything in PHP".
>

Ah, no. The discussion probably went along the lines of "use single
quotes for faster program execution," because, as you learned, PHP
does not need to check for and evaluate variables inside of
single-quoted strings.

But really, all you had to do was not quote at all.
$langfile = fopen( $langfileloc, 'r' );

The difference would come into play if you wanted to, say, add a file
extension to the end of $langfileloc. In that case, fopen(
$langfileloc.'.txt', 'r' ) would be infintissimally faster than fopen(
"$langfileloc.txt", 'r' ), because concatenation is supposed to be
faster than string evaluation. Hans Z. will likely point out that
fopen("{$langfileloc}.txt", 'r') is even faster, because concatenation
is too slow for some folks.

Processor speeds being what they are, the only good reason to use
single quotes is so you don't have to use the shift key while you type
your code.

-- 
Chris Snyder
http://chxo.com/


From lists at zaunere.com  Mon Apr  2 22:09:05 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Mon, 2 Apr 2007 22:09:05 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <b76252690704021905q385223dbq12a03c4f1791a2af@mail.gmail.com>
References: <4611AAF6.1070306@gmx.net>
	<b76252690704021905q385223dbq12a03c4f1791a2af@mail.gmail.com>
Message-ID: <032501c77595$0e954930$660aa8c0@MobileZ>



csnyder wrote on Monday, April 02, 2007 10:05 PM:
> On 4/2/07, David Krings <ramons at gmx.net> wrote:
> ...
> > $langfile = fopen('$langfileloc', 'r');
> > and constantly had it fail.
> ...
> > Which makes me wonder as some long time ago we
> > had this nice discussion that ended with sth like "one needs only
> > the single quote for everything in PHP".
> > 
> 
> Ah, no. The discussion probably went along the lines of "use single
> quotes for faster program execution," because, as you learned, PHP
> does not need to check for and evaluate variables inside of
> single-quoted strings.
> 
> But really, all you had to do was not quote at all.
> $langfile = fopen( $langfileloc, 'r' );
> 
> The difference would come into play if you wanted to, say, add a file
> extension to the end of $langfileloc. In that case, fopen(
> $langfileloc.'.txt', 'r' ) would be infintissimally faster than fopen(
> "$langfileloc.txt", 'r' ), because concatenation is supposed to be
> faster than string evaluation. Hans Z. will likely point out that
> fopen("{$langfileloc}.txt", 'r') is even faster, because concatenation
> is too slow for some folks.
> 
> Processor speeds being what they are, the only good reason to use
> single quotes is so you don't have to use the shift key while you type
> your code.

True, but I still like the ability to quickly look at a string and know
wheather it should contain variables or is static :)

H



From kenrbnsn at rbnsn.com  Mon Apr  2 22:53:48 2007
From: kenrbnsn at rbnsn.com (Ken Robinson)
Date: Mon, 02 Apr 2007 22:53:48 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <032501c77595$0e954930$660aa8c0@MobileZ>
References: <4611AAF6.1070306@gmx.net>
	<b76252690704021905q385223dbq12a03c4f1791a2af@mail.gmail.com>
	<032501c77595$0e954930$660aa8c0@MobileZ>
Message-ID: <mailman.12.1363003664.25290.talk@lists.nyphp.org>

At 10:09 PM 4/2/2007, Hans Zaunere wrote:
> > Processor speeds being what they are, the only good reason to use
> > single quotes is so you don't have to use the shift key while you type
> > your code.
>
>True, but I still like the ability to quickly look at a string and know
>wheather it should contain variables or is static :)

Another good reason is to enclose strings that contain double quotes, 
eliminating the ugly (IMHO) backslash double-quote escape that so 
many people use.

Ken 



From arzala at gmail.com  Mon Apr  2 23:42:21 2007
From: arzala at gmail.com (Anirudh Zala)
Date: Tue, 3 Apr 2007 09:12:21 +0530
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <4611AAF6.1070306@gmx.net>
References: <4611AAF6.1070306@gmx.net>
Message-ID: <200704030912.21782.arzala@gmail.com>

On Tuesday 03 April 2007 06:46, David Krings wrote:
> Hi!
>
> The old topic is at it again. After some long long time I started again
> with doing some PHP. Task: internationalize my existing project. Goal:
> read strings from a text file. First step: open the file.
>
> I used this:
> $langfile = fopen('$langfileloc', 'r');
> and constantly had it fail. The path and file name are OK, I
> quadruplechecked.
>
> Now, when I do this:
> $langfile = fopen("$langfileloc", "r");
> It works like a charm. Which makes me wonder as some long time ago we
> had this nice discussion that ended with sth like "one needs only the
> single quote for everything in PHP".
>
> Do I recall this incorrectly or are the exceptions (bugs?) in PHP?
>
> Well, took me quite some time to figure out that my use of expert advise
> wasn't that great this time around.
>
> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

Please remember below rules while writing PHP expressions.

#1 There is practically NO use of "double quotes" in PHP in writing 
expressions EXCEPT expanding sequences like converting "\n" into newline, 
"\t" to tabulator (in regex etc.). Which means you should not use "double 
quotes" at any other place than above.

#2 When your data is static, use 'single quotes' to tell PHP to use it "as it 
is", if dynamic then should not be enclosed by ANY quote.

#3 If you have mixture of static+dynamic then use $dynamic.'I am static' style 
to concat dynamic and static data.

When you use "double quotes" PHP will try to EXPAND everything which is 
enclosed in "double quotes" which means variables will be expanded, static 
string will be looked for constants first and if not found then will be used 
as it is and then finally expression will be prepared.

Hope these will clear your thoughts about '' vs. "" quotes.

Anirudh Zala


From ken at secdat.com  Tue Apr  3 06:07:45 2007
From: ken at secdat.com (Kenneth Downs)
Date: Tue, 03 Apr 2007 06:07:45 -0400
Subject: [nycphp-talk] High-powered file viewer
Message-ID: <46122771.6030509@secdat.com>

Wondering if anybody can give personal experience with a linux-based 
flexible file viewer.

The file in question is a mixed binary/ascii (yes ascii, not utf-8) 
format from a DOS program.  It appears that financial data and dates are 
encoded as binaries, probably to save space, and that would mean there 
are also pointers in there.  I've got to identify about 4 important 
fields and pull them out.

I've done jobs like this plenty of times, but not since my fox days, and 
fox was pretty good with stuff like this.  I've never had to do it with 
*nix tools.

I'm aware that there are plenty of hex viewers out there, what i'm 
hoping for is that somebody has done something similar or close and can 
recommend a good viewer from personal experience.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070403/86a3d62e/attachment.html>

From ramons at gmx.net  Tue Apr  3 06:36:59 2007
From: ramons at gmx.net (David Krings)
Date: Tue, 03 Apr 2007 06:36:59 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <b76252690704021905q385223dbq12a03c4f1791a2af@mail.gmail.com>
References: <4611AAF6.1070306@gmx.net>
	<b76252690704021905q385223dbq12a03c4f1791a2af@mail.gmail.com>
Message-ID: <46122E4B.8050401@gmx.net>

csnyder wrote:
> On 4/2/07, David Krings <ramons at gmx.net> wrote:
> ...
>> $langfile = fopen('$langfileloc', 'r');
>> and constantly had it fail.
> ... 
> But really, all you had to do was not quote at all.
> $langfile = fopen( $langfileloc, 'r' );

That is indeed so! Thank you. I just wonder why the examples in the PHP 
manual on php.net do not show it like that. This is so much easier and, 
gee, more logical.

> ... 
> Processor speeds being what they are, the only good reason to use
> single quotes is so you don't have to use the shift key while you type
> your code.
> 
Yea, that would be if I'd use a US kezboard. I have a german kezboard 
and I need to shift either the 2 for the double quotes or the # for the 
single quote. I wonder how programming languages would look like if 
Germans would have invented them. I mean, all or most of them. Konrad 
Zuse did indeed invent the programming language, called 'Plankalk?l' in 
1943.

David


From ramons at gmx.net  Tue Apr  3 06:38:05 2007
From: ramons at gmx.net (David Krings)
Date: Tue, 03 Apr 2007 06:38:05 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <200704030912.21782.arzala@gmail.com>
References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com>
Message-ID: <46122E8D.2010600@gmx.net>

Anirudh Zala wrote:
> Please remember below rules while writing PHP expressions.
> 
> #1 There is practically NO use of "double quotes" in PHP in writing 
> expressions EXCEPT expanding sequences like converting "\n" into newline, 
> "\t" to tabulator (in regex etc.). Which means you should not use "double 
> quotes" at any other place than above.
> 
> #2 When your data is static, use 'single quotes' to tell PHP to use it "as it 
> is", if dynamic then should not be enclosed by ANY quote.
> 
> #3 If you have mixture of static+dynamic then use $dynamic.'I am static' style 
> to concat dynamic and static data.
> 
> When you use "double quotes" PHP will try to EXPAND everything which is 
> enclosed in "double quotes" which means variables will be expanded, static 
> string will be looked for constants first and if not found then will be used 
> as it is and then finally expression will be prepared.
> 
> Hope these will clear your thoughts about '' vs. "" quotes.

Thank you very much. I'll print it out and pin it to my forehead.

David


From anieshjoseph at gmail.com  Tue Apr  3 08:20:20 2007
From: anieshjoseph at gmail.com (Aniesh joseph)
Date: Tue, 3 Apr 2007 17:50:20 +0530
Subject: [nycphp-talk] Can somebody suggest a site to download WYSIWYG editor
	?
Message-ID: <1b3d2fde0704030520g211f5e81g70bd2dd823a4e57e@mail.gmail.com>

Hello


Can somebody suggest a site to download WYSIWYG editor ?


Regards
Aniesh Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070403/24f673f6/attachment.html>

From tedd at sperling.com  Tue Apr  3 08:43:14 2007
From: tedd at sperling.com (tedd)
Date: Tue, 3 Apr 2007 08:43:14 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <200704030912.21782.arzala@gmail.com>
References: <4611AAF6.1070306@gmx.net>
 <200704030912.21782.arzala@gmail.com>
Message-ID: <p06240801c237f8fea1d9@[192.168.1.101]>

At 9:12 AM +0530 4/3/07, Anirudh Zala wrote:
>Please remember below rules while writing PHP expressions.
>
>#1 There is practically NO use of "double quotes" in PHP in writing
>expressions EXCEPT expanding sequences like converting "\n" into newline,
>"\t" to tabulator (in regex etc.). Which means you should not use "double
>quotes" at any other place than above.

I'm not sure if what you are saying includes this, but I use double 
quotes all the time in php for producing html. For example:

[1] echo("$myResult <br/>");
[2] echo('<a href="mydomain.com/mywidget.php" >$myResult</a>');

The use of double quotes in [1] allows me to print something without 
having to use the dot operator.

The use of the single quotes in [2] allows me to use the double 
quotes in html without having to escape them.

Note in both usages, the variable $myResult was used without regard to quotes.

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From kenrbnsn at rbnsn.com  Tue Apr  3 08:51:43 2007
From: kenrbnsn at rbnsn.com (Ken Robinson)
Date: Tue, 03 Apr 2007 08:51:43 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <p06240801c237f8fea1d9@[192.168.1.101]>
References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com>
	<p06240801c237f8fea1d9@[192.168.1.101]>
Message-ID: <mailman.13.1363003665.25290.talk@lists.nyphp.org>

At 08:43 AM 4/3/2007, tedd wrote:

>I'm not sure if what you are saying includes this, but I use double 
>quotes all the time in php for producing html. For example:
>
>[1] echo("$myResult <br/>");
>[2] echo('<a href="mydomain.com/mywidget.php" >$myResult</a>');
>
>The use of double quotes in [1] allows me to print something without 
>having to use the dot operator.

How you write number [1] comes down to personal preference. I'd 
rather write it as:

echo $myResult . '<br/>';

In number [2], I hope you realize that the string '$myResult' will be 
treated as a static string and will not be evaluated.

Also, since "echo" is a language construct and not a function, the 
parenthesis are not required.

Ken 



From felix.shnir at gmail.com  Tue Apr  3 09:00:59 2007
From: felix.shnir at gmail.com (Felix Shnir)
Date: Tue, 3 Apr 2007 09:00:59 -0400
Subject: [nycphp-talk] Can somebody suggest a site to download WYSIWYG
	editor ?
In-Reply-To: <1b3d2fde0704030520g211f5e81g70bd2dd823a4e57e@mail.gmail.com>
References: <1b3d2fde0704030520g211f5e81g70bd2dd823a4e57e@mail.gmail.com>
Message-ID: <ee3adaa10704030600j30eab6cfl6a05b254b7b7e88c@mail.gmail.com>

tinymce & fckeditor. google'em

On 4/3/07, Aniesh joseph <anieshjoseph at gmail.com> wrote:
> Hello
>
>
> Can somebody suggest a site to download WYSIWYG editor ?
>
>
> Regards
> Aniesh Joseph
>


From tedd at sperling.com  Tue Apr  3 09:30:34 2007
From: tedd at sperling.com (tedd)
Date: Tue, 3 Apr 2007 09:30:34 -0400
Subject: [nycphp-talk] single quote vs. double quote
References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com>
	<p06240801c237f8fea1d9@[192.168.1.101]>
Message-ID: <p06240805c2380305fb62@[192.168.1.101]>

At 8:51 AM -0400 4/3/07, Ken Robinson wrote:
>At 08:43 AM 4/3/2007, tedd wrote:
>
>>I'm not sure if what you are saying includes this, but I use double 
>>quotes all the time in php for producing html. For example:
>>
>>[1] echo("$myResult <br/>");
>>[2] echo('<a href="mydomain.com/mywidget.php" >$myResult</a>');
>>
>>The use of double quotes in [1] allows me to print something 
>>without having to use the dot operator.
>
>How you write number [1] comes down to personal preference. I'd 
>rather write it as:
>
>echo $myResult . '<br/>';
>
>In number [2], I hope you realize that the string '$myResult' will 
>be treated as a static string and will not be evaluated.
>
>Also, since "echo" is a language construct and not a function, the 
>parenthesis are not required.

1. Yeah, you're right. In that example I have to put in those escape 
operators to get it to work correctly. But in my defense, I was 
typing code on the fly -- it was the topic and not the syntax I was 
addressing.

echo("<a href=\"mydomain.com/mywidget.php\" >$myResult</a>");

2. Yes, echo is language construct and not a function, but my 
personal preference is to use the parentheses.  It makes it easier 
for me to read and I know if I want to send it more than one 
parameter, then I can't use parentheses. But, my simplistic approach 
to problems usually finds another way.

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From jonbaer at jonbaer.com  Tue Apr  3 15:01:29 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Tue, 3 Apr 2007 15:01:29 -0400
Subject: [nycphp-talk] High-powered file viewer
In-Reply-To: <46122771.6030509@secdat.com>
References: <46122771.6030509@secdat.com>
Message-ID: <D1E15319-B14A-4DA1-903E-C1AD8D2CD1FB@jonbaer.com>

Not sure if you are looking to just parse/analyze but Ive used these  
scripting options:

xxd -ps file.bin (pipe to grep | pipe to tr | piped to xxd -r)
cut -b 10-13 | xxd -ps

There is also a great rubygem called bindata which is dead simple to  
use, just build your own struct.
http://bindata.rubyforge.org

(Or were you just talking about a GUI app?)

- Jon

On Apr 3, 2007, at 6:07 AM, Kenneth Downs wrote:

> Wondering if anybody can give personal experience with a linux- 
> based flexible file viewer.
>
> The file in question is a mixed binary/ascii (yes ascii, not utf-8)  
> format from a DOS program.  It appears that financial data and  
> dates are encoded as binaries, probably to save space, and that  
> would mean there are also pointers in there.  I've got to identify  
> about 4 important fields and pull them out.
>
> I've done jobs like this plenty of times, but not since my fox  
> days, and fox was pretty good with stuff like this.  I've never had  
> to do it with *nix tools.
>
> I'm aware that there are plenty of hex viewers out there, what i'm  
> hoping for is that somebody has done something similar or close and  
> can recommend a good viewer from personal experience.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070403/da649d28/attachment.html>

From paul at devonianfarm.com  Tue Apr  3 19:31:58 2007
From: paul at devonianfarm.com (Paul Houle)
Date: Tue, 03 Apr 2007 19:31:58 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <200704030912.21782.arzala@gmail.com>
References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com>
Message-ID: <4612E3EE.9040605@devonianfarm.com>

Anirudh Zala wrote:
> #2 When your data is static, use 'single quotes' to tell PHP to use it "as it 
> is", if dynamic then should not be enclosed by ANY quote.
>
> #3 If you have mixture of static+dynamic then use $dynamic.'I am static' style 
> to concat dynamic and static data.
>   
    If I wanted to code like that,  I'd be coding in Java.

    I did a long stint of programming in Perl,  which offers you about 
30,000 ways to quote text.

    Here are my rules for PHP.

    (1) Use ?>...some HTML...<?php as much as feasible
    (2) Avoid heredoc -- it's particularly treacherous in PHP
    (3) Use " in most situations.  Use \ to escape ", $ and \.
    (4) Make a habit of writing {$like_this}

    Convention (3) turns out to be an effective convention 
cross-language.  Double quotes work the same way in shell scripts,  perl 
scripts and other places.  It might not be the most elegant syntax, but 
it works well.


From tuon1 at netzero.net  Tue Apr  3 23:04:56 2007
From: tuon1 at netzero.net (tuon1 at netzero.net)
Date: Wed, 4 Apr 2007 03:04:56 GMT
Subject: [nycphp-talk] MySQL: Delete row
Message-ID: <20070403.200519.21820.2363580@webmail10.nyc.untd.com>

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070404/00943d46/attachment.ksh>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070404/00943d46/attachment.html>

From rick at napalmriot.com  Tue Apr  3 23:37:23 2007
From: rick at napalmriot.com (Rick Olson)
Date: Tue, 03 Apr 2007 20:37:23 -0700
Subject: [nycphp-talk] MySQL: Delete row
In-Reply-To: <20070403.200519.21820.2363580@webmail10.nyc.untd.com>
References: <20070403.200519.21820.2363580@webmail10.nyc.untd.com>
Message-ID: <46131D73.6030209@napalmriot.com>


> Scenario:
>
> Query the database table to get the result set:
>
> $Query = "SELECT * FROM $Tablename";
>
> $Result = mysql_query($Query);  //Returns the result set
>
> if (mysql_num_rows($Result) == 1)    //if row I'm looking for is found
>
{
    while ($row = mysql_fetch_array($Result, MYSQL_ASSOC)) {
        $query = "DELETE FROM $Tablename WHERE [primary_key_field[s]] = 
'{$row['primary_key_result']}'";
       mysql_query($query);
    }
}

Since I'm not sure on your database structure, I'm not really able to 
fill in the blanks there... not to mention you don't have a WHERE clause 
on that query, and you're checking to make sure there's only one row; 
unless your table has only one row in it, it's likely nothing will 
happen.  Also, if you're looking to delete them, why not just replace 
your "SELECT * FROM" to a "DELETE FROM ..."?

--
Rick


From arzala at gmail.com  Tue Apr  3 23:59:37 2007
From: arzala at gmail.com (Anirudh Zala)
Date: Wed, 4 Apr 2007 09:29:37 +0530
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <p06240805c2380305fb62@[192.168.1.101]>
References: <4611AAF6.1070306@gmx.net> <p06240801c237f8fea1d9@[192.168.1.101]>
	<p06240805c2380305fb62@[192.168.1.101]>
Message-ID: <200704040929.37378.arzala@gmail.com>

On Tuesday 03 April 2007 19:00, tedd wrote:
> At 8:51 AM -0400 4/3/07, Ken Robinson wrote:
> >At 08:43 AM 4/3/2007, tedd wrote:
> >>I'm not sure if what you are saying includes this, but I use double
> >>quotes all the time in php for producing html. For example:
> >>
> >>[1] echo("$myResult <br/>");
> >>[2] echo('<a href="mydomain.com/mywidget.php" >$myResult</a>');
> >>
> >>The use of double quotes in [1] allows me to print something
> >>without having to use the dot operator.
> >
> >How you write number [1] comes down to personal preference. I'd
> >rather write it as:
> >
> >echo $myResult . '<br/>';
> >
> >In number [2], I hope you realize that the string '$myResult' will
> >be treated as a static string and will not be evaluated.
> >
> >Also, since "echo" is a language construct and not a function, the
> >parenthesis are not required.
>
> 1. Yeah, you're right. In that example I have to put in those escape
> operators to get it to work correctly. But in my defense, I was
> typing code on the fly -- it was the topic and not the syntax I was
> addressing.
>
> echo("<a href=\"mydomain.com/mywidget.php\" >$myResult</a>");

It is matter of preference and convenience. As I said when you use double 
quotes to enclose expression, PHP will try to look for "constants" that will 
match part of static string. If constant is not found then will use string as 
it is but if found then will replace that part of string by matching 
constant's value.

In your above example, if there is defined a constant as "href" (though not 
likely to exist) then it's value will be replaced in final output. That is 
why "" should not be used there. Hence proper expression could be written 
like below:

echo '<a href="mydomain.com/mywidget.php">'.$myResult.'</a>';

Now there is no harm of expansion of static data.

>
> 2. Yes, echo is language construct and not a function, but my
> personal preference is to use the parentheses.  It makes it easier
> for me to read and I know if I want to send it more than one
> parameter, then I can't use parentheses. But, my simplistic approach
> to problems usually finds another way.
>
> Cheers,
>
> tedd

Anirudh Zala


From ramons at gmx.net  Wed Apr  4 09:57:12 2007
From: ramons at gmx.net (David Krings)
Date: Wed, 04 Apr 2007 09:57:12 -0400
Subject: [nycphp-talk] Loading array from file
Message-ID: <4613AEB8.5040801@gmx.net>

Hi!

Working on my internationalization project I am now ready to load the 
contents of a string file into an array and use the strings. Now, I have 
to ideas when to do this:
a) run this on load of every page with output
b) run it once on the start page and store the array in the session

Does anyone have any experience with doing one or the other (or both)? I 
wonder which way is the faster / more robust.

My guess is that after I'm done the string file will have several 
hundred entries.

Thanks in advance.

David


From ben at projectskyline.com  Wed Apr  4 10:01:36 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Wed, 4 Apr 2007 10:01:36 -0400
Subject: [nycphp-talk] Loading array from file
References: <4613AEB8.5040801@gmx.net>
Message-ID: <036301c776c1$c2859ad0$6a01a8c0@gamebox>

Hello,

I worked on a large PHP project, we used to have HUGH arrays (it would 
sometimes timeout the script)
I can't remember..but they were slow...but more often, a particular SQL 
statement
was even slower when we did performance related tuning..it was SQL we always 
had to fix.

What about storing the result in a temp table?

- Ben

----- Original Message ----- 
From: "David Krings" <ramons at gmx.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, April 04, 2007 9:57 AM
Subject: [nycphp-talk] Loading array from file


> Hi!
>
> Working on my internationalization project I am now ready to load the 
> contents of a string file into an array and use the strings. Now, I have 
> to ideas when to do this:
> a) run this on load of every page with output
> b) run it once on the start page and store the array in the session
>
> Does anyone have any experience with doing one or the other (or both)? I 
> wonder which way is the faster / more robust.
>
> My guess is that after I'm done the string file will have several hundred 
> entries.
>
> Thanks in advance.
>
> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php 



From ramons at gmx.net  Wed Apr  4 10:46:06 2007
From: ramons at gmx.net (David Krings)
Date: Wed, 04 Apr 2007 10:46:06 -0400
Subject: [nycphp-talk] Loading array from file
In-Reply-To: <036301c776c1$c2859ad0$6a01a8c0@gamebox>
References: <4613AEB8.5040801@gmx.net> <036301c776c1$c2859ad0$6a01a8c0@gamebox>
Message-ID: <4613BA2E.2020808@gmx.net>

Ben Sgro (ProjectSkyline) wrote:
> Hello,
> 
> 
> What about storing the result in a temp table?
> 

There is no SQL or database table involved. I don't see any good reason 
to keep static stuff like text strings in a database table. Also, since 
I do not know all languages (only two) others will find it much easier 
to translate a flat ASCII file than something that is stuck in a table.
I also don't see a point in loading the strings from file, putting them 
into a temp table, then use SQL to pull that stuff back out, stick it 
into an array, and then use it. Unless accessing a temp table is quicker 
than picking an element out of an array by key, but I doubt that is the 
case.

David


From g.hagger at gmail.com  Wed Apr  4 11:02:15 2007
From: g.hagger at gmail.com (Graham Hagger)
Date: Wed, 04 Apr 2007 11:02:15 -0400
Subject: [nycphp-talk] Loading array from file
In-Reply-To: <4613AEB8.5040801@gmx.net>
References: <4613AEB8.5040801@gmx.net>
Message-ID: <4613BDF7.3020700@gmail.com>

David,

I recently had to do some work with our companies meeting room booking
system, which was originally based on the open source PHP based MRBS
project that's out there somewhere.

For their internationalization they had used separate include files for
each language, with the correct one being included at runtime based on
the users language.

Each of the language files basically just built the same associative
array but with the correct translations for that language.  The required
language file does get read with every page load, but this seems to take
no time whatsoever.

Hope this helps... it is my first post to this list :)

Graham

David Krings wrote:
> Hi!
>
> Working on my internationalization project I am now ready to load the
> contents of a string file into an array and use the strings. Now, I
> have to ideas when to do this:
> a) run this on load of every page with output
> b) run it once on the start page and store the array in the session
>
> Does anyone have any experience with doing one or the other (or both)?
> I wonder which way is the faster / more robust.
>
> My guess is that after I'm done the string file will have several
> hundred entries.
>
> Thanks in advance.
>
> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From chsnyder at gmail.com  Wed Apr  4 11:47:54 2007
From: chsnyder at gmail.com (csnyder)
Date: Wed, 4 Apr 2007 11:47:54 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <4612E3EE.9040605@devonianfarm.com>
References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com>
	<4612E3EE.9040605@devonianfarm.com>
Message-ID: <b76252690704040847o7b1034b6oe3c88eea4c5612ac@mail.gmail.com>

On 4/3/07, Paul Houle <paul at devonianfarm.com> wrote:
>
>     Here are my rules for PHP.
>
>     (1) Use ?>...some HTML...<?php as much as feasible
>     (2) Avoid heredoc -- it's particularly treacherous in PHP
>     (3) Use " in most situations.  Use \ to escape ", $ and \.
>     (4) Make a habit of writing {$like_this}
>

Nicely put.

-- 
Chris Snyder
http://chxo.com/


From ramons at gmx.net  Wed Apr  4 13:02:30 2007
From: ramons at gmx.net (David Krings)
Date: Wed, 04 Apr 2007 13:02:30 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <4612E3EE.9040605@devonianfarm.com>
References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com>
	<4612E3EE.9040605@devonianfarm.com>
Message-ID: <4613DA26.209@gmx.net>

Paul Houle wrote:
>    (4) Make a habit of writing {$like_this}

Can you elaborate on this? Me guessing of what you mean is probably not 
a good approach. Thanks in advance.

David


From lists at zaunere.com  Wed Apr  4 13:10:25 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Wed, 4 Apr 2007 13:10:25 -0400
Subject: [nycphp-talk] FW: PHP statistics for March 2007
Message-ID: <012301c776dc$231d1660$6d0aa8c0@MobileZ>


Some interesting stats for March...

> PHP adoption statistics for March 2007 are released.
> 
>     * 5.2.1 growing fast
>     * PHP 5.2.0 leaving room for PHP 5.2.1
>     * PHP 4.4.5/6 discreet
> 
> As usual, lots of other details : PHP versions, Apache, country
> details, etc. 
> Feel free to ask any other details, stats or context about the study.
> 
> PHP stats evolution for March 2007
>  
>
http://www.nexen.net/chiffres_cles/phpversion/16814-php_stats_evolution_for_
march_2007.php
>   PHP statistics for March 2007
>
http://www.nexen.net/chiffres_cles/phpversion/16811-php_statistics_for_march
_2007.php
> 
> All nexen.net articles in English :
>   http://www.nexen.net/the_english_speaking_nexen.net.php





From hendrel at telkomsa.net  Wed Apr  4 13:27:18 2007
From: hendrel at telkomsa.net (Hendre Louw)
Date: Wed, 4 Apr 2007 19:27:18 +0200
Subject: [nycphp-talk] PHP Web Frameworks
Message-ID: <20070404172715.4DDB9221A@ctb-mesg4.saix.net>

Hi

 

What PHP web frameworks are out there? Does anybody know Symfony?

 

Hendre

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070404/b881a843/attachment.html>

From ajai at bitblit.net  Wed Apr  4 14:13:09 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Wed, 4 Apr 2007 14:13:09 -0400 (EDT)
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <20070404172715.4DDB9221A@ctb-mesg4.saix.net>
Message-ID: <Pine.LNX.4.44.0704041410260.4035-100000@bitblit.net>

On Wed, 4 Apr 2007, Hendre Louw wrote:

> What PHP web frameworks are out there? Does anybody know Symfony?

We're using Symfony for a major project. Yahoo Bookmarks is built on 
Symfony. Its pretty good (totally OOP and lots of Railsisms in it).

Do you have any specific questions?


-- 
Aj. (ajai at bitblit.net)



From kenneth at ylayali.net  Wed Apr  4 15:46:35 2007
From: kenneth at ylayali.net (Kenneth Dombrowski)
Date: Wed, 4 Apr 2007 15:46:35 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <200704040929.37378.arzala@gmail.com>
References: <4611AAF6.1070306@gmx.net> <p06240801c237f8fea1d9@[192.168.1.101]>
	<p06240805c2380305fb62@[192.168.1.101]>
	<200704040929.37378.arzala@gmail.com>
Message-ID: <20070404194635.GA27906@ylayali.net>

On 07-04-04 09:29 +0530, Anirudh Zala wrote:
> On Tuesday 03 April 2007 19:00, tedd wrote:
> > At 8:51 AM -0400 4/3/07, Ken Robinson wrote:
> > >At 08:43 AM 4/3/2007, tedd wrote:
> > >>I'm not sure if what you are saying includes this, but I use double
> > >>quotes all the time in php for producing html. For example:
> > >>
> > >>[1] echo("$myResult <br/>");
> > >>[2] echo('<a href="mydomain.com/mywidget.php" >$myResult</a>');
> > >>
> > >>The use of double quotes in [1] allows me to print something
> > >>without having to use the dot operator.
> 
> It is matter of preference and convenience. As I said when you use double 
> quotes to enclose expression, PHP will try to look for "constants" that will 
> match part of static string. If constant is not found then will use string as 
> it is but if found then will replace that part of string by matching 
> constant's value.
> 
> In your above example, if there is defined a constant as "href" (though not 
> likely to exist) then it's value will be replaced in final output. That is 
> why "" should not be used there. 

This is incorrect.  Strings are never evaluated for constants.
Double-quoted strings are evaluated for "$variableExpansion" , which
incurs a slight processing cost 

Unquoted strings are first evaluated as constants, and if not found, an
E_NOTICE is issued, and the unquoted string is treated as a string
literal (as if it were surrounded by single quotes) 

kenneth at gilgamesh:/tmp$ php -r 'define("XYZ", "hi there"); echo "XYZ\n"; echo XYZ . "\n";'
XYZ
hi there

except for that detail, I agree with Anirudh's advice to not use "" except 
for the few places you need it ("\n", etc) 

Kenneth 



From sal.perconte at verizon.net  Wed Apr  4 17:20:55 2007
From: sal.perconte at verizon.net (Sal Perconte)
Date: Wed, 04 Apr 2007 17:20:55 -0400
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <Pine.LNX.4.44.0704041410260.4035-100000@bitblit.net>
Message-ID: <0JFZ00I3GSOVPH00@vms040.mailsrvcs.net>

Try 'code igniter'

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Ajai Khattri
Sent: Wednesday, April 04, 2007 2:13 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] PHP Web Frameworks

On Wed, 4 Apr 2007, Hendre Louw wrote:

> What PHP web frameworks are out there? Does anybody know Symfony?

We're using Symfony for a major project. Yahoo Bookmarks is built on 
Symfony. Its pretty good (totally OOP and lots of Railsisms in it).

Do you have any specific questions?


-- 
Aj. (ajai at bitblit.net)

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php




From paul at devonianfarm.com  Wed Apr  4 18:41:12 2007
From: paul at devonianfarm.com (Paul Houle)
Date: Wed, 04 Apr 2007 18:41:12 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <4613DA26.209@gmx.net>
References: <4611AAF6.1070306@gmx.net>
	<200704030912.21782.arzala@gmail.com>	<4612E3EE.9040605@devonianfarm.com>
	<4613DA26.209@gmx.net>
Message-ID: <46142988.9070800@devonianfarm.com>

David Krings wrote:
> Paul Houle wrote:
>>    (4) Make a habit of writing {$like_this}
>
> Can you elaborate on this? Me guessing of what you mean is probably 
> not a good approach. Thanks in advance.
>
    There's a short form and long form of substitution in PHP.  The 
short form is

$x="$y an example of the short form";

and

$x="{$y} is an example of the short form";

    You can get in trouble with the short form because it's greedy.  
Imagine you're trying to make the name of a logfile

$logfile_name="$year_$month_$day_logfile.txt";

    PHP evaluates "$" expressions in a greedy manner,  so it will look 
up the variables

$year_
$month_
$day_logfile

rather than

$year
$month
$day

that you probably want.

$logfile_name="{$year}_{$month}_{$day}_logfile.txt";

gets the desired effect.   The long form also lets you do cool things 
with arrays and object,  like

"{$my_array[$index]}"
"{$my_array["i_can_really_use_quotes_to_have_a_string_here"]}"
"{$object->special_property}"





From ken at secdat.com  Wed Apr  4 19:22:29 2007
From: ken at secdat.com (Kenneth Downs)
Date: Wed, 04 Apr 2007 19:22:29 -0400
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <20070404172715.4DDB9221A@ctb-mesg4.saix.net>
References: <20070404172715.4DDB9221A@ctb-mesg4.saix.net>
Message-ID: <46143335.2050706@secdat.com>

Hendre Louw wrote:
>
> Hi
>
>  
>
> What PHP web frameworks are out there? Does anybody know Symfony?
>

If you do complex databases, where complete integration of security, 
constraints and automations are very important, then you may want to 
check out our Andromeda framework, www.andromeda-project.org.    I 
should let you know that it is right now a linux-only, postgres-only 
project, so if you are married to mySQL or Windows it won't help you today.


>  
>
> Hendre
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070404/17b56df4/attachment.html>

From g.hagger at gmail.com  Wed Apr  4 19:41:50 2007
From: g.hagger at gmail.com (Graham Hagger)
Date: Wed, 04 Apr 2007 19:41:50 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <46142988.9070800@devonianfarm.com>
References: <4611AAF6.1070306@gmx.net>	<200704030912.21782.arzala@gmail.com>	<4612E3EE.9040605@devonianfarm.com>	<4613DA26.209@gmx.net>
	<46142988.9070800@devonianfarm.com>
Message-ID: <461437BE.80206@gmail.com>

While I agree wholeheartedly it's important to note that....

Paul Houle wrote:
>
>
> gets the desired effect.   The long form also lets you do cool things
> with arrays and object,  like
>
> "{$my_array[$index]}"
> "{$my_array["i_can_really_use_quotes_to_have_a_string_here"]}"
> "{$object->special_property}"
...Using "{$object->method()}" does NOT work.  As in
{$object->getMemberVariableBecauseItsPrivate()}

Graham


From ramons at gmx.net  Wed Apr  4 20:22:33 2007
From: ramons at gmx.net (David Krings)
Date: Wed, 04 Apr 2007 20:22:33 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <46142988.9070800@devonianfarm.com>
References: <4611AAF6.1070306@gmx.net>	<200704030912.21782.arzala@gmail.com>	<4612E3EE.9040605@devonianfarm.com>	<4613DA26.209@gmx.net>
	<46142988.9070800@devonianfarm.com>
Message-ID: <46144149.7020208@gmx.net>

Paul Houle wrote:
> David Krings wrote:
>> Paul Houle wrote:
>>>    (4) Make a habit of writing {$like_this}
>>
>> Can you elaborate on this? Me guessing of what you mean is probably 
>> not a good approach. Thanks in advance.
>>
>    There's a short form and long form of substitution in PHP.  The short 
> form is
> 
> $x="$y an example of the short form";
> 
> and
> 
> $x="{$y} is an example of the short form";
> 
>    You can get in trouble with the short form because it's greedy.  
> Imagine you're trying to make the name of a logfile
> 
> $logfile_name="$year_$month_$day_logfile.txt";
> 
>    PHP evaluates "$" expressions in a greedy manner,  so it will look up 
> the variables
> 
> $year_
> $month_
> $day_logfile
> 
> rather than
> 
> $year
> $month
> $day

Wouldn't I rather do the following anyway?
$logfile_name=$year."_".$month."_".$day."_logfile.txt";

I would never have gotten the idea to do this the way you described. 
Concatenation of the strings is IMHO way easier to comprehend, at least 
for me and maybe even for PHP.

David


From chsnyder at gmail.com  Wed Apr  4 21:21:08 2007
From: chsnyder at gmail.com (csnyder)
Date: Wed, 4 Apr 2007 21:21:08 -0400
Subject: [nycphp-talk] Loading array from file
In-Reply-To: <4613BDF7.3020700@gmail.com>
References: <4613AEB8.5040801@gmx.net> <4613BDF7.3020700@gmail.com>
Message-ID: <b76252690704041821j7b7f1e3fud26f3c557987af65@mail.gmail.com>

On 4/4/07, Graham Hagger <g.hagger at gmail.com> wrote:

> For their internationalization they had used separate include files for
> each language, with the correct one being included at runtime based on
> the users language.
>
> Each of the language files basically just built the same associative
> array but with the correct translations for that language.  The required
> language file does get read with every page load, but this seems to take
> no time whatsoever.

Yes, this all sounds so easy. Makes me wonder why I use gettext, in fact.

If/when you use apc or some other compiler cache, you'll never notice
the include of an array with a few hundred entries. Much better than
doing database lookups, like I've seen in some applications.

-- 
Chris Snyder
http://chxo.com/


From nate at cakephp.org  Wed Apr  4 21:58:58 2007
From: nate at cakephp.org (Nate Abele)
Date: Wed, 4 Apr 2007 21:58:58 -0400
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <20070405011655.42A7710A806D@cakephp.org>
References: <20070405011655.42A7710A806D@cakephp.org>
Message-ID: <506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org>

> Date: Wed, 4 Apr 2007 14:13:09 -0400 (EDT)
> From: Ajai Khattri <ajai at bitblit.net>
> Subject: Re: [nycphp-talk] PHP Web Frameworks
> To: NYPHP Talk <talk at lists.nyphp.org>
> Message-ID: <Pine.LNX.4.44.0704041410260.4035-100000 at bitblit.net>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> On Wed, 4 Apr 2007, Hendre Louw wrote:
>
>> What PHP web frameworks are out there? Does anybody know Symfony?
>
> We're using Symfony for a major project. Yahoo Bookmarks is built on
> Symfony. Its pretty good (totally OOP and lots of Railsisms in it).
>
> Do you have any specific questions?
>
>
> --  
> Aj. (ajai at bitblit.net)
>

The Yahoo! team had to re-architect several parts of the framework to  
get it to do what they wanted.  Regardless of that, I hear they were  
having some significant scaling issues.  The Firefox Add-ons portal  
(https://addons.mozilla.org/) was built on CakePHP, and you can check  
out the source code here: http://svn.mozilla.org/addons/trunk/site/ 
app/.  To date, the site has handled the arguably higher load without  
a hitch.

- Nate


From lists at silmail.com  Wed Apr  4 22:36:36 2007
From: lists at silmail.com (Jiju Thomas Mathew)
Date: Thu, 5 Apr 2007 08:06:36 +0530
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <46144149.7020208@gmx.net>
References: <4611AAF6.1070306@gmx.net> <200704030912.21782.arzala@gmail.com>
	<4612E3EE.9040605@devonianfarm.com> <4613DA26.209@gmx.net>
	<46142988.9070800@devonianfarm.com> <46144149.7020208@gmx.net>
Message-ID: <6431a0f40704041936w45e595a8od29190e36fd4bf75@mail.gmail.com>

>
>
> Wouldn't I rather do the following anyway?
> $logfile_name=$year."_".$month."_".$day."_logfile.txt";
>
> I would never have gotten the idea to do this the way you described.
> Concatenation of the strings is IMHO way easier to comprehend, at least
> for me and maybe even for PHP.
>
>
Hi David

I would prefer the following anyway?
$logfile_name = $year . '_' . $month . '_' . $day . '_logfile.txt';

-- 
Jiju Thomas Mathew
http://www.php-trivandrum.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070405/e1c14249/attachment.html>

From arzala at gmail.com  Wed Apr  4 23:26:46 2007
From: arzala at gmail.com (Anirudh Zala)
Date: Thu, 5 Apr 2007 08:56:46 +0530
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <20070404172715.4DDB9221A@ctb-mesg4.saix.net>
References: <20070404172715.4DDB9221A@ctb-mesg4.saix.net>
Message-ID: <200704050856.46704.arzala@gmail.com>

On Wednesday 04 April 2007 22:57, Hendre Louw wrote:
> Hi
>
>
>
> What PHP web frameworks are out there? Does anybody know Symfony?
>
>
>
> Hendre

http://www.phpit.net/article/ten-different-php-frameworks/

Although I would love to use my own, but as you have asked for publically 
available frameworks then top 3 are Symfony, Zend and CakePHP (not in order 
of rankings)

Thanks,

Anirudh Zala


From arzala at gmail.com  Wed Apr  4 23:40:50 2007
From: arzala at gmail.com (Anirudh Zala)
Date: Thu, 5 Apr 2007 09:10:50 +0530
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <20070404194635.GA27906@ylayali.net>
References: <4611AAF6.1070306@gmx.net> <200704040929.37378.arzala@gmail.com>
	<20070404194635.GA27906@ylayali.net>
Message-ID: <200704050910.50721.arzala@gmail.com>

On Thursday 05 April 2007 01:16, Kenneth Dombrowski wrote:
> On 07-04-04 09:29 +0530, Anirudh Zala wrote:
> > On Tuesday 03 April 2007 19:00, tedd wrote:
> > > At 8:51 AM -0400 4/3/07, Ken Robinson wrote:
> > > >At 08:43 AM 4/3/2007, tedd wrote:
> > > >>I'm not sure if what you are saying includes this, but I use double
> > > >>quotes all the time in php for producing html. For example:
> > > >>
> > > >>[1] echo("$myResult <br/>");
> > > >>[2] echo('<a href="mydomain.com/mywidget.php" >$myResult</a>');
> > > >>
> > > >>The use of double quotes in [1] allows me to print something
> > > >>without having to use the dot operator.
> >
> > It is matter of preference and convenience. As I said when you use double
> > quotes to enclose expression, PHP will try to look for "constants" that
> > will match part of static string. If constant is not found then will use
> > string as it is but if found then will replace that part of string by
> > matching constant's value.
> >
> > In your above example, if there is defined a constant as "href" (though
> > not likely to exist) then it's value will be replaced in final output.
> > That is why "" should not be used there.
>
> This is incorrect.  Strings are never evaluated for constants.
> Double-quoted strings are evaluated for "$variableExpansion" , which
> incurs a slight processing cost
>
> Unquoted strings are first evaluated as constants, and if not found, an
> E_NOTICE is issued, and the unquoted string is treated as a string
> literal (as if it were surrounded by single quotes)
>
> kenneth at gilgamesh:/tmp$ php -r 'define("XYZ", "hi there"); echo "XYZ\n";
> echo XYZ . "\n";' XYZ
> hi there

Thanks for correcting my belief. Looks like I had misconception about this 
issue. :)

>
> except for that detail, I agree with Anirudh's advice to not use "" except
> for the few places you need it ("\n", etc)
>
> Kenneth
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

Anirudh Zala


From cliff at pinestream.com  Thu Apr  5 07:47:07 2007
From: cliff at pinestream.com (Cliff Hirsch)
Date: Thu, 05 Apr 2007 07:47:07 -0400
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org>
Message-ID: <C23A59FB.3072%cliff@pinestream.com>

On 4/4/07 9:58 PM, "Nate Abele" <nate at cakephp.org> wrote:
> The Yahoo! team had to re-architect several parts of the framework to
> get it to do what they wanted.  Regardless of that, I hear they were
> having some significant scaling issues.  The Firefox Add-ons portal
> (https://addons.mozilla.org/) was built on CakePHP, and you can check
> out the source code here: http://svn.mozilla.org/addons/trunk/site/
> app/.  To date, the site has handled the arguably higher load without
> a hitch.
> 
> - Nate

Do you have any additional insight into what "scaling issues" means?
Database overload? Session problems? Bloated "helpers? Their YAML is
compiled and caching is part of the framework, so I'm curious where the pain
points are versus say...for example...Cake.

Cliff




From support at dailytechnology.net  Thu Apr  5 09:10:05 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Thu, 05 Apr 2007 09:10:05 -0400
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <200704050856.46704.arzala@gmail.com>
References: <20070404172715.4DDB9221A@ctb-mesg4.saix.net>
	<200704050856.46704.arzala@gmail.com>
Message-ID: <4614F52D.7080809@dailytechnology.net>

I've used CakePHP for several projects at this point and I'm pretty 
happy with it. I've also had a hand in symphony, RoR, and some others 
and found CakePHP to be the best fit for my needs and coding style. YMMV.

- Brian

Anirudh Zala wrote:
> On Wednesday 04 April 2007 22:57, Hendre Louw wrote:
>> Hi
>>
>>
>>
>> What PHP web frameworks are out there? Does anybody know Symfony?
>>
>>
>>
>> Hendre
> 
> http://www.phpit.net/article/ten-different-php-frameworks/
> 
> Although I would love to use my own, but as you have asked for publically 
> available frameworks then top 3 are Symfony, Zend and CakePHP (not in order 
> of rankings)
> 
> Thanks,
> 
> Anirudh Zala
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
> 


From spangia at redcent.net  Thu Apr  5 09:21:59 2007
From: spangia at redcent.net (Sean Pangia)
Date: Thu, 05 Apr 2007 09:21:59 -0400
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <4614F52D.7080809@dailytechnology.net>
References: <20070404172715.4DDB9221A@ctb-mesg4.saix.net>	<200704050856.46704.arzala@gmail.com>
	<4614F52D.7080809@dailytechnology.net>
Message-ID: <4614F7F7.6090900@redcent.net>

cake rocks my world.



Brian Dailey wrote:

> I've used CakePHP for several projects at this point and I'm pretty 
> happy with it. I've also had a hand in symphony, RoR, and some others 
> and found CakePHP to be the best fit for my needs and coding style. YMMV.
> 
> - Brian
> 
> Anirudh Zala wrote:
> 
>> On Wednesday 04 April 2007 22:57, Hendre Louw wrote:
>>
>>> Hi
>>>
>>>
>>>
>>> What PHP web frameworks are out there? Does anybody know Symfony?
>>>
>>>
>>>
>>> Hendre
>>
>>
>> http://www.phpit.net/article/ten-different-php-frameworks/
>>
>> Although I would love to use my own, but as you have asked for 
>> publically available frameworks then top 3 are Symfony, Zend and 
>> CakePHP (not in order of rankings)
>>
>> Thanks,
>>
>> Anirudh Zala
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 

-- 

   _______________________________________
   Sean Pangia

   Red Cent
   54 West 21st Street, #607
   NYC 10010

   212.255.3800 ext. 201
   www.redcent.net


From chsnyder at gmail.com  Thu Apr  5 10:39:18 2007
From: chsnyder at gmail.com (csnyder)
Date: Thu, 5 Apr 2007 10:39:18 -0400
Subject: [nycphp-talk] Use of unneutered JSON considered harmful
Message-ID: <b76252690704050739g18415c0fu6375825201b93323@mail.gmail.com>

I've recommended (and continue to recommend) JSON as an efficient
alternative to XML for passing server-side date to client-side web
apps. But, as explained in the report linked below, an attacker can
use an everyday <script> tag to make a cross-domain request for
confidential JSON data, and access that data on execution by
overriding native methods on Object or Array.

http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf

The simple fix is to ensure that your JSON responses will not execute
when called via <script> tag, either by wrapping the JSON in a block
comment or by placing a while(1); command before the data. Your
Javascript code is responsible for removing the comment or while(1);
before eval()ing the JSON.

Again, if your web app returns JSON, make sure it cannot be executed
by placing a while(1); before the data.

It sounds like the major frameworks are being updated to deal with
this (I know Dojo and MochiKit have). If you use a framework to handle
your JSON, you should consult recent traffic on their developer's list
for the preferred means of neutering the code.

-- 
Chris Snyder
http://chxo.com/


From nate at cakephp.org  Thu Apr  5 12:22:46 2007
From: nate at cakephp.org (Nate Abele)
Date: Thu, 5 Apr 2007 12:22:46 -0400
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <20070405155530.9555A10A8070@cakephp.org>
References: <20070405155530.9555A10A8070@cakephp.org>
Message-ID: <74CFD879-FCCE-435A-B034-AF1A6ADA4FF2@cakephp.org>

> Date: Thu, 05 Apr 2007 07:47:07 -0400
> From: Cliff Hirsch <cliff at pinestream.com>
> Subject: Re: [nycphp-talk] PHP Web Frameworks
> To: NYPHP Talk <talk at lists.nyphp.org>
> Message-ID: <C23A59FB.3072%cliff at pinestream.com>
> Content-Type: text/plain;	charset="US-ASCII"
>
> On 4/4/07 9:58 PM, "Nate Abele" <nate at cakephp.org> wrote:
>> The Yahoo! team had to re-architect several parts of the framework to
>> get it to do what they wanted.  Regardless of that, I hear they were
>> having some significant scaling issues.  The Firefox Add-ons portal
>> (https://addons.mozilla.org/) was built on CakePHP, and you can check
>> out the source code here: http://svn.mozilla.org/addons/trunk/site/
>> app/.  To date, the site has handled the arguably higher load without
>> a hitch.
>>
>> - Nate
>
> Do you have any additional insight into what "scaling issues" means?
> Database overload? Session problems? Bloated "helpers? Their YAML is
> compiled and caching is part of the framework, so I'm curious where  
> the pain
> points are versus say...for example...Cake.
>
> Cliff
>

Hi Cliff,

Unfortunately, I wasn't privy to the specifics, but there are several  
other relevant bullet points from which you can draw some inferences:

(1) The developers of Symfony specifically discourage running it  
without a PHP accelerator.  In the PHP world, where limited control  
over deployment is often a reality, an accelerator is not always a  
given.   The fact that they essentially require one says something, I  
think.

(2) Several comparative benchmarks have been published, including  
this one: http://paul-m-jones.com/blog/?p=238  As with any benchmark,  
take it with a grain of salt, YMMV, and any other disclaimers or  
preemptive strikes I may have forgotten.  Read it carefully.   
Benchmarks can be affected by a million and one different things, but  
PMJ was very thorough in documenting his methodology.

Btw, the consensus on why the Zend Framework benched so fast is  
because it seems to do nothing for you. :-P

Kidding, kidding...



From ajai at bitblit.net  Thu Apr  5 15:16:57 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Thu, 5 Apr 2007 15:16:57 -0400 (EDT)
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org>
Message-ID: <Pine.LNX.4.44.0704051515450.4035-100000@bitblit.net>

On Wed, 4 Apr 2007, Nate Abele wrote:

> The Yahoo! team had to re-architect several parts of the framework to  
> get it to do what they wanted.  Regardless of that, I hear they were  
> having some significant scaling issues.

Bear in mind that they started working on that way before 1.0 even came 
out. I see that Yahoo Bookmarks is no longer beta though...


-- 
Aj. (ajai at bitblit.net)



From ajai at bitblit.net  Thu Apr  5 15:21:21 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Thu, 5 Apr 2007 15:21:21 -0400 (EDT)
Subject: [nycphp-talk] PHP Web Frameworks
In-Reply-To: <74CFD879-FCCE-435A-B034-AF1A6ADA4FF2@cakephp.org>
Message-ID: <Pine.LNX.4.44.0704051520200.4035-100000@bitblit.net>

On Thu, 5 Apr 2007, Nate Abele wrote:

> (1) The developers of Symfony specifically discourage running it  
> without a PHP accelerator.  In the PHP world, where limited control  
> over deployment is often a reality, an accelerator is not always a  
> given.   The fact that they essentially require one says something, I  
> think.

Surely, if you're getting enough hits to really need an accelerator then 
you should be running on your own server(s) where you *do* have control 
over whether an accelerator is used or not?



-- 
Aj. (ajai at bitblit.net)



From ken at secdat.com  Thu Apr  5 16:25:44 2007
From: ken at secdat.com (Kenneth Downs)
Date: Thu, 05 Apr 2007 16:25:44 -0400
Subject: [nycphp-talk] Running exec et al on a windows box
Message-ID: <46155B48.1020306@secdat.com>

I feel dumb asking this, but ole Ken ain't used windows in many a year.

When I execute exec() in a PHP script, a cmd.exe box flashes briefly on 
the windows console.  This is one of those annoyances I'd love to turn 
off if I could figure out how.

A long time ago I would have known how to turn this off with a PIF file 
or something, but I wouldn't know where to begin these days.

Any pointers?


From agfische at email.smith.edu  Fri Apr  6 09:25:24 2007
From: agfische at email.smith.edu (Aaron Fischer)
Date: Fri, 6 Apr 2007 09:25:24 -0400
Subject: [nycphp-talk] Prevent (IE) browser cache of image
Message-ID: <9CB3476D-2C4E-4D2B-85A8-7EFC00479566@email.smith.edu>

Hi there,

I have a little app that is a pseudo-day-planner.  Users can enter  
appointments via a form and then I use PHP and GD to write the  
appointment blocks onto a calendar image.

It works great in Safari on Mac and Firefox on PC.  However, it  
doesn't work with Internet Explorer on PC.  It appears that the issue  
is that IE is not loading a fresh version of the calendar image each  
time a change is made.

How can I force IE to load a fresh version of the image, either via  
PHP or HTML/HTTP code?

Thanks!

-Aaron



From jakob.buchgraber at googlemail.com  Fri Apr  6 10:10:20 2007
From: jakob.buchgraber at googlemail.com (Jakob Buchgraber)
Date: Fri, 06 Apr 2007 16:10:20 +0200
Subject: [nycphp-talk] Prevent (IE) browser cache of image
In-Reply-To: <9CB3476D-2C4E-4D2B-85A8-7EFC00479566@email.smith.edu>
References: <9CB3476D-2C4E-4D2B-85A8-7EFC00479566@email.smith.edu>
Message-ID: <461654CC.6040804@gmail.com>

Aaron Fischer wrote:
> Hi there,
>
> I have a little app that is a pseudo-day-planner.  Users can enter 
> appointments via a form and then I use PHP and GD to write the 
> appointment blocks onto a calendar image.
>
> It works great in Safari on Mac and Firefox on PC.  However, it 
> doesn't work with Internet Explorer on PC.  It appears that the issue 
> is that IE is not loading a fresh version of the calendar image each 
> time a change is made.
>
> How can I force IE to load a fresh version of the image, either via 
> PHP or HTML/HTTP code?
>
> Thanks!
>
> -Aaron
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
Just add a unique string to the URL of the image

<img src="createImg.php?<?php echo time(); ?>" />

So the URL of the string changes every time the user reloads the page

Cheers,
Jay

-- 
Join Linuxfriendlyhardware.org project on irc.freenode.org#lfh (german)
Registered Linux User #373457



From alexchan.1976 at gmail.com  Fri Apr  6 09:58:48 2007
From: alexchan.1976 at gmail.com (Alex C)
Date: Fri, 6 Apr 2007 09:58:48 -0400
Subject: [nycphp-talk] pagination of search results with ldap
Message-ID: <8f494f760704060658w7d2d68e9x64fad089621606fc@mail.gmail.com>

Hi All,

I would like to know what would be the best way to do paged search
results for LDAP. Is it even possible to do it similiar to mysql limit
offset  functionality? Or should i do it via PHP.  However, I do know
LDAP has pagedSearch control.  i don't know how or if i need to invoke
it via php.

Thanks ,

alex


From danielc at analysisandsolutions.com  Fri Apr  6 10:47:57 2007
From: danielc at analysisandsolutions.com (Daniel Convissor)
Date: Fri, 6 Apr 2007 10:47:57 -0400
Subject: [nycphp-talk] MySQL: Delete row
In-Reply-To: <20070403.200519.21820.2363580@webmail10.nyc.untd.com>
References: <20070403.200519.21820.2363580@webmail10.nyc.untd.com>
Message-ID: <20070406144757.GB22063@panix.com>

On Wed, Apr 04, 2007 at 03:04:56AM +0000, tuon1 at netzero.net wrote:

> $Query = "SELECT * FROM $Tablename";

You better be VERY careful about the value of $Tablename.  If it's set 
directly by your script, that's fine, since you control what it can be.  
But if $Tablename comes from user input, you MUST check that $Tablename is 
a legitimate name before allowing it into a query.

For more information about SQL Injection, check out
http://phpsec.org/projects/guide/3.html#3.2

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409


From tedd at sperling.com  Fri Apr  6 12:06:11 2007
From: tedd at sperling.com (tedd)
Date: Fri, 6 Apr 2007 12:06:11 -0400
Subject: [nycphp-talk] Prevent (IE) browser cache of image
In-Reply-To: <461654CC.6040804@gmail.com>
References: <9CB3476D-2C4E-4D2B-85A8-7EFC00479566@email.smith.edu>
	<461654CC.6040804@gmail.com>
Message-ID: <p0624080ac23c1f732394@[192.168.1.102]>

At 4:10 PM +0200 4/6/07, Jakob Buchgraber wrote:
>Aaron Fischer wrote:
>>Hi there,
>>
>>I have a little app that is a pseudo-day-planner.  Users can enter 
>>appointments via a form and then I use PHP and GD to write the 
>>appointment blocks onto a calendar image.
>>
>>It works great in Safari on Mac and Firefox on PC.  However, it 
>>doesn't work with Internet Explorer on PC.  It appears that the 
>>issue is that IE is not loading a fresh version of the calendar 
>>image each time a change is made.
>>
>>How can I force IE to load a fresh version of the image, either via 
>>PHP or HTML/HTTP code?
>>
>>Thanks!
>>
>>-Aaron
>>
>>_______________________________________________
>>New York PHP Community Talk Mailing List
>>http://lists.nyphp.org/mailman/listinfo/talk
>>
>>NYPHPCon 2006 Presentations Online
>>http://www.nyphpcon.com
>>
>>Show Your Participation in New York PHP
>>http://www.nyphp.org/show_participation.php
>>
>Just add a unique string to the URL of the image
>
><img src="createImg.php?<?php echo time(); ?>" />
>
>So the URL of the string changes every time the user reloads the page
>
>Cheers,
>Jay
>

I use echo rand(), but it's the same idea.

You could also use the following as an include file.:

<?php # nocache.php
// this script prevents all caching
// expires on any past date
header ("Expires: Mon, 26 Jul 1997 05:00: GMT");
// last modified at current date and time
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
// for HTTP 1.1:
header ("Cache-Control: no-store, no-cache, must-revalidate");
header ("Cache-Control: post-check=0, pre-check=0", false);
// for HTTP 1.0
header ("Pragma: no-cache");
?>

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From jhy2104 at columbia.edu  Fri Apr  6 12:09:57 2007
From: jhy2104 at columbia.edu (Dave Youn)
Date: Fri, 06 Apr 2007 12:09:57 -0400
Subject: [nycphp-talk] Re: PHP Web Frameworks
In-Reply-To: <200704061600.l36G0Xt3005184@calabash.cc.columbia.edu>
Message-ID: <C23BE915.CE03%jhy2104@columbia.edu>

I haven't used this framework, but have installed applications developed on
it:

    http://www.horde.org/about/


> From: <talk-request at lists.nyphp.org>
> Reply-To: <talk at lists.nyphp.org>
> Date: Fri, 6 Apr 2007 12:00:33 -0400 (EDT)
> To: <talk at lists.nyphp.org>
> Subject: talk Digest, Vol 6, Issue 9
> 
> Send talk mailing list submissions to
> talk at lists.nyphp.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.nyphp.org/mailman/listinfo/talk
> or, via email, send a message with subject or body 'help' to
> talk-request at lists.nyphp.org
> 
> You can reach the person managing the list at
> talk-owner at lists.nyphp.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of talk digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: PHP Web Frameworks (Nate Abele)
>    2. Re: PHP Web Frameworks (Ajai Khattri)
>    3. Re: PHP Web Frameworks (Ajai Khattri)
>    4. Running exec et al on a windows box (Kenneth Downs)
>    5. Prevent (IE) browser cache of image (Aaron Fischer)
>    6. Re: Prevent (IE) browser cache of image (Jakob Buchgraber)
>    7. pagination of search results with ldap (Alex C)
>    8. Re: MySQL: Delete row (Daniel Convissor)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 5 Apr 2007 12:22:46 -0400
> From: Nate Abele <nate at cakephp.org>
> Subject: Re: [nycphp-talk] PHP Web Frameworks
> To: talk at lists.nyphp.org
> Message-ID: <74CFD879-FCCE-435A-B034-AF1A6ADA4FF2 at cakephp.org>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
> 
>> Date: Thu, 05 Apr 2007 07:47:07 -0400
>> From: Cliff Hirsch <cliff at pinestream.com>
>> Subject: Re: [nycphp-talk] PHP Web Frameworks
>> To: NYPHP Talk <talk at lists.nyphp.org>
>> Message-ID: <C23A59FB.3072%cliff at pinestream.com>
>> Content-Type: text/plain; charset="US-ASCII"
>> 
>> On 4/4/07 9:58 PM, "Nate Abele" <nate at cakephp.org> wrote:
>>> The Yahoo! team had to re-architect several parts of the framework to
>>> get it to do what they wanted.  Regardless of that, I hear they were
>>> having some significant scaling issues.  The Firefox Add-ons portal
>>> (https://addons.mozilla.org/) was built on CakePHP, and you can check
>>> out the source code here: http://svn.mozilla.org/addons/trunk/site/
>>> app/.  To date, the site has handled the arguably higher load without
>>> a hitch.
>>> 
>>> - Nate
>> 
>> Do you have any additional insight into what "scaling issues" means?
>> Database overload? Session problems? Bloated "helpers? Their YAML is
>> compiled and caching is part of the framework, so I'm curious where
>> the pain
>> points are versus say...for example...Cake.
>> 
>> Cliff
>> 
> 
> Hi Cliff,
> 
> Unfortunately, I wasn't privy to the specifics, but there are several
> other relevant bullet points from which you can draw some inferences:
> 
> (1) The developers of Symfony specifically discourage running it
> without a PHP accelerator.  In the PHP world, where limited control
> over deployment is often a reality, an accelerator is not always a
> given.   The fact that they essentially require one says something, I
> think.
> 
> (2) Several comparative benchmarks have been published, including
> this one: http://paul-m-jones.com/blog/?p=238  As with any benchmark,
> take it with a grain of salt, YMMV, and any other disclaimers or
> preemptive strikes I may have forgotten.  Read it carefully.
> Benchmarks can be affected by a million and one different things, but
> PMJ was very thorough in documenting his methodology.
> 
> Btw, the consensus on why the Zend Framework benched so fast is
> because it seems to do nothing for you. :-P
> 
> Kidding, kidding...
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 5 Apr 2007 15:16:57 -0400 (EDT)
> From: Ajai Khattri <ajai at bitblit.net>
> Subject: Re: [nycphp-talk] PHP Web Frameworks
> To: NYPHP Talk <talk at lists.nyphp.org>
> Message-ID: <Pine.LNX.4.44.0704051515450.4035-100000 at bitblit.net>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> On Wed, 4 Apr 2007, Nate Abele wrote:
> 
>> The Yahoo! team had to re-architect several parts of the framework to
>> get it to do what they wanted.  Regardless of that, I hear they were
>> having some significant scaling issues.
> 
> Bear in mind that they started working on that way before 1.0 even came
> out. I see that Yahoo Bookmarks is no longer beta though...
> 
> 
> -- 
> Aj. (ajai at bitblit.net)
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Thu, 5 Apr 2007 15:21:21 -0400 (EDT)
> From: Ajai Khattri <ajai at bitblit.net>
> Subject: Re: [nycphp-talk] PHP Web Frameworks
> To: NYPHP Talk <talk at lists.nyphp.org>
> Message-ID: <Pine.LNX.4.44.0704051520200.4035-100000 at bitblit.net>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> On Thu, 5 Apr 2007, Nate Abele wrote:
> 
>> (1) The developers of Symfony specifically discourage running it
>> without a PHP accelerator.  In the PHP world, where limited control
>> over deployment is often a reality, an accelerator is not always a
>> given.   The fact that they essentially require one says something, I
>> think.
> 
> Surely, if you're getting enough hits to really need an accelerator then
> you should be running on your own server(s) where you *do* have control
> over whether an accelerator is used or not?
> 
> 
> 
> -- 
> Aj. (ajai at bitblit.net)
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Thu, 05 Apr 2007 16:25:44 -0400
> From: Kenneth Downs <ken at secdat.com>
> Subject: [nycphp-talk] Running exec et al on a windows box
> To: NYPHP Talk <talk at lists.nyphp.org>
> Message-ID: <46155B48.1020306 at secdat.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> I feel dumb asking this, but ole Ken ain't used windows in many a year.
> 
> When I execute exec() in a PHP script, a cmd.exe box flashes briefly on
> the windows console.  This is one of those annoyances I'd love to turn
> off if I could figure out how.
> 
> A long time ago I would have known how to turn this off with a PIF file
> or something, but I wouldn't know where to begin these days.
> 
> Any pointers?
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Fri, 6 Apr 2007 09:25:24 -0400
> From: Aaron Fischer <agfische at email.smith.edu>
> Subject: [nycphp-talk] Prevent (IE) browser cache of image
> To: NYPHP-Talk <talk at lists.nyphp.org>
> Message-ID: <9CB3476D-2C4E-4D2B-85A8-7EFC00479566 at email.smith.edu>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
> 
> Hi there,
> 
> I have a little app that is a pseudo-day-planner.  Users can enter
> appointments via a form and then I use PHP and GD to write the
> appointment blocks onto a calendar image.
> 
> It works great in Safari on Mac and Firefox on PC.  However, it
> doesn't work with Internet Explorer on PC.  It appears that the issue
> is that IE is not loading a fresh version of the calendar image each
> time a change is made.
> 
> How can I force IE to load a fresh version of the image, either via
> PHP or HTML/HTTP code?
> 
> Thanks!
> 
> -Aaron
> 
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Fri, 06 Apr 2007 16:10:20 +0200
> From: Jakob Buchgraber <jakob.buchgraber at googlemail.com>
> Subject: Re: [nycphp-talk] Prevent (IE) browser cache of image
> To: NYPHP Talk <talk at lists.nyphp.org>
> Message-ID: <461654CC.6040804 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Aaron Fischer wrote:
>> Hi there,
>> 
>> I have a little app that is a pseudo-day-planner.  Users can enter
>> appointments via a form and then I use PHP and GD to write the
>> appointment blocks onto a calendar image.
>> 
>> It works great in Safari on Mac and Firefox on PC.  However, it
>> doesn't work with Internet Explorer on PC.  It appears that the issue
>> is that IE is not loading a fresh version of the calendar image each
>> time a change is made.
>> 
>> How can I force IE to load a fresh version of the image, either via
>> PHP or HTML/HTTP code?
>> 
>> Thanks!
>> 
>> -Aaron
>> 
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>> 
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>> 
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>> 
> Just add a unique string to the URL of the image
> 
> <img src="createImg.php?<?php echo time(); ?>" />
> 
> So the URL of the string changes every time the user reloads the page
> 
> Cheers,
> Jay
> 
> -- 
> Join Linuxfriendlyhardware.org project on irc.freenode.org#lfh (german)
> Registered Linux User #373457
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Fri, 6 Apr 2007 09:58:48 -0400
> From: "Alex C" <alexchan.1976 at gmail.com>
> Subject: [nycphp-talk] pagination of search results with ldap
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Message-ID:
> <8f494f760704060658w7d2d68e9x64fad089621606fc at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Hi All,
> 
> I would like to know what would be the best way to do paged search
> results for LDAP. Is it even possible to do it similiar to mysql limit
> offset  functionality? Or should i do it via PHP.  However, I do know
> LDAP has pagedSearch control.  i don't know how or if i need to invoke
> it via php.
> 
> Thanks ,
> 
> alex
> 
> 
> ------------------------------
> 
> Message: 8
> Date: Fri, 6 Apr 2007 10:47:57 -0400
> From: Daniel Convissor <danielc at analysisandsolutions.com>
> Subject: Re: [nycphp-talk] MySQL: Delete row
> To: NYPHP Talk <talk at lists.nyphp.org>
> Message-ID: <20070406144757.GB22063 at panix.com>
> Content-Type: text/plain; charset=us-ascii
> 
> On Wed, Apr 04, 2007 at 03:04:56AM +0000, tuon1 at netzero.net wrote:
> 
>> $Query = "SELECT * FROM $Tablename";
> 
> You better be VERY careful about the value of $Tablename.  If it's set
> directly by your script, that's fine, since you control what it can be.
> But if $Tablename comes from user input, you MUST check that $Tablename is
> a legitimate name before allowing it into a query.
> 
> For more information about SQL Injection, check out
> http://phpsec.org/projects/guide/3.html#3.2
> 
> --Dan
> 
> -- 
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>             data intensive web and database programming
>                 http://www.AnalysisAndSolutions.com/
>  4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
> 
> 
> ------------------------------
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> End of talk Digest, Vol 6, Issue 9
> **********************************




From nate at cakephp.org  Fri Apr  6 12:47:38 2007
From: nate at cakephp.org (Nate Abele)
Date: Fri, 6 Apr 2007 12:47:38 -0400
Subject: [nycphp-talk] Re: talk Digest, Vol 6, Issue 9
In-Reply-To: <20070406155514.38B7D10A806D@cakephp.org>
References: <20070406155514.38B7D10A806D@cakephp.org>
Message-ID: <075C7B17-4D6C-41C1-854D-46C91405A11C@cakephp.org>

> Date: Thu, 5 Apr 2007 15:21:21 -0400 (EDT)
> From: Ajai Khattri <ajai at bitblit.net>
> Subject: Re: [nycphp-talk] PHP Web Frameworks
> To: NYPHP Talk <talk at lists.nyphp.org>
>
> On Thu, 5 Apr 2007, Nate Abele wrote:
>
>> (1) The developers of Symfony specifically discourage running it
>> without a PHP accelerator.  In the PHP world, where limited control
>> over deployment is often a reality, an accelerator is not always a
>> given.   The fact that they essentially require one says something, I
>> think.
>
> Surely, if you're getting enough hits to really need an accelerator  
> then
> you should be running on your own server(s) where you *do* have  
> control
> over whether an accelerator is used or not?
>

I don't disagree, but that's not the point.  The point is that they  
basically require an accelerator for running Symfony applications,  
period; they don't qualify that statement by traffic levels or any  
other considerations.  This, to me, seems like a tacit acknowledgment  
of inefficiency, and they seem to be okay with that.

This conclusion also (ostensibly) reflected in the benchmarks I  
linked to previously which, you'll note, are based on Symfony 1.0.   
I'm not saying that performance is the end-all-be-all of web  
frameworks (I, for one, consider my own brain processor cycles more  
valuable than those of my server), but it's certainly a priority,  
though apparently less so for some than others.

- Nate



From mba2000 at ioplex.com  Fri Apr  6 13:29:04 2007
From: mba2000 at ioplex.com (Michael B Allen)
Date: Fri, 6 Apr 2007 13:29:04 -0400
Subject: [nycphp-talk] pagination of search results with ldap
In-Reply-To: <8f494f760704060658w7d2d68e9x64fad089621606fc@mail.gmail.com>
References: <8f494f760704060658w7d2d68e9x64fad089621606fc@mail.gmail.com>
Message-ID: <20070406132904.7db96ea2.mba2000@ioplex.com>

On Fri, 6 Apr 2007 09:58:48 -0400
"Alex C" <alexchan.1976 at gmail.com> wrote:

> Hi All,
> 
> I would like to know what would be the best way to do paged search
> results for LDAP. Is it even possible to do it similiar to mysql limit
> offset  functionality? Or should i do it via PHP.  However, I do know
> LDAP has pagedSearch control.  i don't know how or if i need to invoke
> it via php.

The below code demonstrates how to use the pagedResultsControl. The PHP
LDAP API is somewhat course but it should work.

Mike

$continue = true;
while ($continue) {
    $paged_control = array(
                        array(
                            'oid' => PAGED_CONTROL_OID,
                            'iscritical' => true,
                            'value' => ldap_ber_printf ('{iO}',
                                                        PAGE_SIZE, $cookie)
                        )
                     );
    if (!ldap_set_option($l, LDAP_OPT_SERVER_CONTROLS, $paged_control)) {
        echo "Not OK: ldap_set_option (controls)\n";
        exit;
    }     

    $sr = ldap_search($l, $query, $query_filter, $query_attribs, 0, 0, 0,
                      LDAP_DEREF_NEVER);

    if ($sr === FALSE) {
        echo "Not OK: ldap_search\n";
        exit;
    } 

    if (!ldap_parse_result ($l, $sr, &$errcode, &$matcheddn, &$errmsg,
                            &$referrals, &$serverctrls)) {
        echo "Not OK: ldap_parse_result\n";
        exit;
    }

    $paged_control_found = FALSE;
    if (isset($serverctrls)) {
        foreach ($serverctrls as $i) {
            if ($i['oid'] == PAGED_CONTROL_OID) {
                ldap_ber_scanf($i['value'], '{iO}', &$pagesize, &$cookie);
                $paged_control_found = TRUE;
                break;
            }
        }
    }
    if (!$paged_control_found) {
        echo "Not OK: paged control not found in response \n";
        exit;
    }

    // process entries as usual here ...

    if ($cookie == '') {
        $continue = false;
    }
}

-- 
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/


From agfische at email.smith.edu  Fri Apr  6 14:13:06 2007
From: agfische at email.smith.edu (Aaron Fischer)
Date: Fri, 6 Apr 2007 14:13:06 -0400
Subject: [nycphp-talk] Prevent (IE) browser cache of image
In-Reply-To: <461654CC.6040804@gmail.com>
References: <9CB3476D-2C4E-4D2B-85A8-7EFC00479566@email.smith.edu>
	<461654CC.6040804@gmail.com>
Message-ID: <17242588-B751-4555-99C3-D49012382C35@email.smith.edu>

Using time() to add a unique string to the img src seems to work  
quite well, thanks!

I think I prefer this to the nocache solution which gets applied to  
all page elements.

This example will only prevent caching of the one image, so all other  
items on the page can be cached, which I don't mind.  Will help the  
page load faster, particularly beneficial for users on a slower  
connection.

Cheers,

-Aaron

> Just add a unique string to the URL of the image
>
> <img src="createImg.php?<?php echo time(); ?>" />
>
> So the URL of the string changes every time the user reloads the page
>> How can I force IE to load a fresh version of the image, either  
>> via PHP or HTML/HTTP code?
>>
>>



From jonbaer at jonbaer.com  Sat Apr  7 23:39:47 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Sat, 7 Apr 2007 23:39:47 -0400
Subject: [nycphp-talk] Upgrade Firebug 
Message-ID: <76F68BD1-625F-4B97-9948-211A4D49E5C5@jonbaer.com>

Im sure this also affects FirePHP as well but ...

Just saw this via an RSS feed, if you use Firebug make sure to  
upgrade ....

http://www.gnucitizen.org/projects/firebug-goes-evil/

- Jon


From jakob.buchgraber at googlemail.com  Sun Apr  8 05:59:05 2007
From: jakob.buchgraber at googlemail.com (Jakob Buchgraber)
Date: Sun, 08 Apr 2007 11:59:05 +0200
Subject: [nycphp-talk] Prevent (IE) browser cache of image
In-Reply-To: <17242588-B751-4555-99C3-D49012382C35@email.smith.edu>
References: <9CB3476D-2C4E-4D2B-85A8-7EFC00479566@email.smith.edu>	<461654CC.6040804@gmail.com>
	<17242588-B751-4555-99C3-D49012382C35@email.smith.edu>
Message-ID: <4618BCE9.2090003@gmail.com>

Aaron Fischer wrote:
> Using time() to add a unique string to the img src seems to work quite 
> well, thanks!
>
> I think I prefer this to the nocache solution which gets applied to 
> all page elements.
>
> This example will only prevent caching of the one image, so all other 
> items on the page can be cached, which I don't mind.  Will help the 
> page load faster, particularly beneficial for users on a slower 
> connection.
>
> Cheers,
>
> -Aaron
>
>> Just add a unique string to the URL of the image
>>
>> <img src="createImg.php?<?php echo time(); ?>" />
>>
>> So the URL of the string changes every time the user reloads the page
>>> How can I force IE to load a fresh version of the image, either via 
>>> PHP or HTML/HTTP code?
>>>
>>>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
As far as I understood the HTTP No-Cache Solution you should include 
this file in the Script that generates the image.

<?php
// createImg.php

require "nocache.php";

header ("Content-Type: image/jpeg");

imagejpeg (..);
?>

So this actually should only prevent the createImg.php from being 
cached. I am not quite sure whether this works with IE, tough. This 
browser seems to have some http caching related bugs.

Cheers,
Jay

-- 
Join Linuxfriendlyhardware.org project on irc.freenode.org#lfh (german)
Registered Linux User #373457



From rmarscher at beaffinitive.com  Sun Apr  8 20:36:14 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Sun, 8 Apr 2007 20:36:14 -0400
Subject: [nycphp-talk] Upgrade Firebug 
In-Reply-To: <76F68BD1-625F-4B97-9948-211A4D49E5C5@jonbaer.com>
References: <76F68BD1-625F-4B97-9948-211A4D49E5C5@jonbaer.com>
Message-ID: <DD04D5F5-1DEE-4263-A1B9-B37A8C4570D6@beaffinitive.com>

On Apr 7, 2007, at 11:39 PM, Jon Baer wrote:

> Im sure this also affects FirePHP as well but ...
>
> Just saw this via an RSS feed, if you use Firebug make sure to  
> upgrade ....
>
> http://www.gnucitizen.org/projects/firebug-goes-evil/
>
> - Jon

Very interesting... thanks for the heads up.  With Firebug, you can  
set it so that it's only enabled for certain sites.  I've been only  
enabling it for sites I want to debug and it seems that  
vulnerabilities like this are a reason to keep doing it that way.   
Limiting the number of sites that Firebug is enabled on also seems to  
help keep Firefox from hogging tons of memory too.

-Rob


From rmarscher at beaffinitive.com  Sun Apr  8 21:02:30 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Sun, 8 Apr 2007 21:02:30 -0400
Subject: [nycphp-talk] Scaling Web Apps WAS Re: PHP Web Frameworks
In-Reply-To: <506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org>
References: <20070405011655.42A7710A806D@cakephp.org>
	<506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org>
Message-ID: <498B5B90-CAA1-4147-9DD5-D8C98F488A12@beaffinitive.com>

On 4/4/07 9:58 PM, "Nate Abele" <nate at cakephp.org> wrote:
> The Firefox Add-ons portal (https://addons.mozilla.org/) was built  
> on CakePHP, and you can check out the source code here: http:// 
> svn.mozilla.org/addons/trunk/site/app/.  To date, the site has  
> handled the arguably higher load without a hitch.

That's cool that addons is using Cake.  I came across this article by  
Mike Morgan of addons a few months ago (actually posted about a year  
ago) about rewriting addons and using APC, LVS (linux virtual  
servers), and a memcache server: <http://morgamic.com/2006/04/14/ 
scalable-php-with-phpa-apc-memcached-and-lvs-part-2/>.  He was  
bitching about Smarty and Pear:DB as possibly causing too much  
overhead, so it's interesting that they ended up getting involved in  
Cake (not sure if he's still involved or not).

I've been very interested in scaling lately.  Most of my servers ar  
using APC and I'm currently getting by with having apps only using  
one server... but the day is rapidly approaching where I'm going to  
have to get serious about a multiple server setup.

Is anyone here using virtual servers?  It seems to have some nice  
benefits in terms of being able to easily move them between physical  
boxes and scale them up to more ram/cpu.  However, I've heard that  
you lose some performance and am trying to figure out when it's worth  
it.  I'm talking about virtual server's at the kernel level... like Xen.

Thanks!
-Rob


From paul at devonianfarm.com  Sun Apr  8 22:11:16 2007
From: paul at devonianfarm.com (Paul Houle)
Date: Sun, 08 Apr 2007 22:11:16 -0400
Subject: [nycphp-talk] Scaling Web Apps WAS Re: PHP Web Frameworks
In-Reply-To: <498B5B90-CAA1-4147-9DD5-D8C98F488A12@beaffinitive.com>
References: <20070405011655.42A7710A806D@cakephp.org>	<506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org>
	<498B5B90-CAA1-4147-9DD5-D8C98F488A12@beaffinitive.com>
Message-ID: <4619A0C4.2050002@devonianfarm.com>

Rob Marscher wrote:
>
> Is anyone here using virtual servers?  It seems to have some nice 
> benefits in terms of being able to easily move them between physical 
> boxes and scale them up to more ram/cpu.  However, I've heard that you 
> lose some performance and am trying to figure out when it's worth it.  
> I'm talking about virtual server's at the kernel level... like Xen.
>
    A great aid to scalability.

    My personal web sites are hosted on a "virtual private server" 
account where I get to have a lot of control over my Apache,  MySQL and 
PHP installation.  For a $20 a month I can host an unlimited number of 
virtual hosts.  I've got plenty of bandwidth and CPU -- but not so much 
RAM.  The system administrators have occasionally moved my virtual 
server to a different physical server.  They can do this in a few 
minutes and there's never a hitch.

    If my site gets more traffic,  I can contact Westhost and they could 
quickly move me to a better server,  with the dedicated resources I 
need.  I can quickly provision new servers to build a cluster,  a 
dedicated e-mail server,  or staging and development servers.  If my 
traffic drops,  I can move to a cheaper hosting plan.


   



From lists at silmail.com  Sun Apr  8 22:08:05 2007
From: lists at silmail.com (Jiju Thomas Mathew)
Date: Mon, 9 Apr 2007 07:38:05 +0530
Subject: [nycphp-talk] Prevent (IE) browser cache of image
In-Reply-To: <4618BCE9.2090003@gmail.com>
References: <9CB3476D-2C4E-4D2B-85A8-7EFC00479566@email.smith.edu>
	<461654CC.6040804@gmail.com>
	<17242588-B751-4555-99C3-D49012382C35@email.smith.edu>
	<4618BCE9.2090003@gmail.com>
Message-ID: <6431a0f40704081908n3a676471ydb7168097d0eb6fe@mail.gmail.com>

>
> >> <img src="createImg.php?<?php echo time(); ?>" />
> >>
> As far as I understood the HTTP No-Cache Solution you should include
> this file in the Script that generates the image.
>
> <?php
> // createImg.php
>
> require "nocache.php";
>
> header ("Content-Type: image/jpeg");
>
> imagejpeg (..);
> ?>


do you mind if it is readfile(<imagefile>) ?

-- 
Jiju Thomas Mathew
http://www.php-trivandrum.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070409/bef621ec/attachment.html>

From jonbaer at jonbaer.com  Mon Apr  9 08:22:35 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Mon, 9 Apr 2007 08:22:35 -0400
Subject: [nycphp-talk] Scaling Web Apps WAS Re: PHP Web Frameworks
In-Reply-To: <498B5B90-CAA1-4147-9DD5-D8C98F488A12@beaffinitive.com>
References: <20070405011655.42A7710A806D@cakephp.org>
	<506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org>
	<498B5B90-CAA1-4147-9DD5-D8C98F488A12@beaffinitive.com>
Message-ID: <614C61C7-0850-4AC0-B7F2-A7A9CBF9B94C@jonbaer.com>

All the cool kids are running Amazon EC2 Xen-based servers if you  
want to just give it a try :-)

I don't think you lose much performance when you "slice" it right  
(another science altogether).  I think there is a misconception that  
one can take > 8+ app/db/web servers and stack them on one box and  
have them run like they would expect if it was dedicated.

A good example of virtualized power is the MyEC2Manager written in PHP.
http://developer.amazonwebservices.com/connect/servlet/KbServlet/ 
downloadImage/442-102-14/ec2-manager.gif

When PHP apps themselves are written w/ virtualization in mind is  
when it will get very interesting.  Imagine something like:

function job($queue) {
   // can I handle all of it?  If not fire up another x instances to  
help me out //
}

On top of all that there is an identical Firefox extension I use for  
EC2 instances ...
http://developer.amazonwebservices.com/connect/entry.jspa?entryID=609

Good stuff :-)

- Jon

On Apr 8, 2007, at 9:02 PM, Rob Marscher wrote:

> Is anyone here using virtual servers?  It seems to have some nice  
> benefits in terms of being able to easily move them between  
> physical boxes and scale them up to more ram/cpu.  However, I've  
> heard that you lose some performance and am trying to figure out  
> when it's worth it.  I'm talking about virtual server's at the  
> kernel level... like Xen.



From pyurt at yahoo.com  Mon Apr  9 08:52:06 2007
From: pyurt at yahoo.com (P Yurt)
Date: Mon, 9 Apr 2007 05:52:06 -0700 (PDT)
Subject: [nycphp-talk] Scaling Web Apps WAS Re: PHP Web Frameworks
Message-ID: <184734.2562.qm@web52207.mail.re2.yahoo.com>

Do you know what hardware (and how many servers) addons.mozilla
are running?



The most accurate sites on the web 
www.mastermoz.com  
Paul Yurt, Publisher 
paul(@)2.0websites.com 

 


-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Rob Marscher
Sent: Sunday, April 08, 2007 6:03 PM
To: NYPHP Talk
Subject: [nycphp-talk] Scaling Web Apps WAS Re: PHP Web
Frameworks

On 4/4/07 9:58 PM, "Nate Abele" <nate at cakephp.org> wrote:
> The Firefox Add-ons portal (https://addons.mozilla.org/) was
built  
> on CakePHP, and you can check out the source code here:
http:// 
> svn.mozilla.org/addons/trunk/site/app/.  To date, the site has
 
> handled the arguably higher load without a hitch.

That's cool that addons is using Cake.  I came across this
article by  
Mike Morgan of addons a few months ago (actually posted about a
year  
ago) about rewriting addons and using APC, LVS (linux virtual  
servers), and a memcache server:
<http://morgamic.com/2006/04/14/ 
scalable-php-with-phpa-apc-memcached-and-lvs-part-2/>.  He was  
bitching about Smarty and Pear:DB as possibly causing too much  
overhead, so it's interesting that they ended up getting
involved in  
Cake (not sure if he's still involved or not).

I've been very interested in scaling lately.  Most of my servers
ar  
using APC and I'm currently getting by with having apps only
using  
one server... but the day is rapidly approaching where I'm going
to  
have to get serious about a multiple server setup.

Is anyone here using virtual servers?  It seems to have some
nice  
benefits in terms of being able to easily move them between
physical  
boxes and scale them up to more ram/cpu.  However, I've heard
that  
you lose some performance and am trying to figure out when it's
worth  
it.  I'm talking about virtual server's at the kernel level...
like Xen.

Thanks!
-Rob
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php



From codebowl at gmail.com  Mon Apr  9 11:19:11 2007
From: codebowl at gmail.com (Joseph Crawford)
Date: Mon, 9 Apr 2007 11:19:11 -0400
Subject: [nycphp-talk] Single Sign On Questions
Message-ID: <8d9a42800704090819o23734454n144b18d23b53a035@mail.gmail.com>

Guys,

We are going round and round with the methods for SSO.  Can something
like this be done?

EREJobs.com will include a file from ERE.net, the file on ERE.net
executes on the ere.net domain while doing so can it read the ere.net
cookie?  I know that is probably not allowed due to XSS.

We have looked into Open SSO and even the chapter from Advanced PHP
Programming on SSO however that leads to issues when using multiple
sites.  For instance you go to erejobs.com and login, it directs you
to ere.net authenticates you, sets a cookie for ere.net and back to
erejobs where a cookie is set.  However if you then go to another site
say eredirectory.com it will not see you logged in because no cookie
is set so you again have to click the login button.  You wont have to
login because the ere.net cookie exists it will just redirect you back
to eredirectory but it seems like a rats nest we will get into.

Any ideas on how else to accomplish something like this?

-- 
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com


From rmarscher at beaffinitive.com  Mon Apr  9 11:34:19 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Mon, 9 Apr 2007 11:34:19 -0400
Subject: [nycphp-talk] Single Sign On Questions
In-Reply-To: <8d9a42800704090819o23734454n144b18d23b53a035@mail.gmail.com>
References: <8d9a42800704090819o23734454n144b18d23b53a035@mail.gmail.com>
Message-ID: <28589E43-069E-411E-BC5A-ABB460904CD6@beaffinitive.com>

On Apr 9, 2007, at 11:19 AM, Joseph Crawford wrote:
> Any ideas on how else to accomplish something like this?

hehe... Jobs.ERE.net

> You wont have to login because the ere.net cookie exists it will  
> just redirect you back to eredirectory but it seems like a rats  
> nest we will get into.

That's the only way that I've done it.  :(

-Rob


From tboyden at supercoups.com  Mon Apr  9 11:36:28 2007
From: tboyden at supercoups.com (Timothy Boyden)
Date: Mon, 9 Apr 2007 11:36:28 -0400
Subject: [nycphp-talk] Single Sign On Questions
In-Reply-To: <8d9a42800704090819o23734454n144b18d23b53a035@mail.gmail.com>
References: <8d9a42800704090819o23734454n144b18d23b53a035@mail.gmail.com>
Message-ID: <C12F0900C695FF47AEE0A7C2C75760A0904C40@greenmonster.supercoups.local>

Hey Joe,

When I was at MIT we used certificates for multi-domain SSO
authentication (and authorization). I also have looked into other types
of SSO schemes and from a security and implementation stand-point
certificates look to be the best tool for the job. Here is a link to
MIT's user documentation on their certificate system:
http://web.mit.edu/ist/topics/certificates/

As far as the technical implementation goes, I found a lot of good
information by Googling. But if you contact someone in MIT's IT group
I'm sure they could provide some specifics on their implementation.

I'm not sure it could be implemented using Network Solutions type
hosting service, but something like SSO across multiple domains would
require a more extensive setup then they could provide anyways.

-Tim

---------------------------
Timothy Boyden
Network Administrator

SuperCoups(r)

350 Revolutionary Drive | E. Taunton, MA 02718
508-977-2034  | www.supercoups.com 

We Support Alex's Lemonade Stand Foundation, 
"Fighting Childhood Cancer One Cup At A Time"
Donations Accepted at: www.firstgiving.com/SuperCoups
---------------------------
Local Coupons. Super Savings.(r)

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Joseph Crawford
Sent: Monday, April 09, 2007 11:19 AM
To: NYPHP Talk
Subject: [nycphp-talk] Single Sign On Questions

Guys,

We are going round and round with the methods for SSO.  Can something
like this be done?

EREJobs.com will include a file from ERE.net, the file on ERE.net
executes on the ere.net domain while doing so can it read the ere.net
cookie?  I know that is probably not allowed due to XSS.

We have looked into Open SSO and even the chapter from Advanced PHP
Programming on SSO however that leads to issues when using multiple
sites.  For instance you go to erejobs.com and login, it directs you to
ere.net authenticates you, sets a cookie for ere.net and back to erejobs
where a cookie is set.  However if you then go to another site say
eredirectory.com it will not see you logged in because no cookie is set
so you again have to click the login button.  You wont have to login
because the ere.net cookie exists it will just redirect you back to
eredirectory but it seems like a rats nest we will get into.

Any ideas on how else to accomplish something like this?

--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php


From dorgan at optonline.net  Mon Apr  9 11:49:30 2007
From: dorgan at optonline.net (Donald J Organ IV)
Date: Mon, 09 Apr 2007 11:49:30 -0400
Subject: [nycphp-talk] Running exec et al on a windows box
In-Reply-To: <46155B48.1020306@secdat.com>
References: <46155B48.1020306@secdat.com>
Message-ID: <461A608A.5040000@optonline.net>

You may want to try other variants of the exec function such as passthru 
or system.


Kenneth Downs wrote:
> I feel dumb asking this, but ole Ken ain't used windows in many a year.
>
> When I execute exec() in a PHP script, a cmd.exe box flashes briefly 
> on the windows console.  This is one of those annoyances I'd love to 
> turn off if I could figure out how.
>
> A long time ago I would have known how to turn this off with a PIF 
> file or something, but I wouldn't know where to begin these days.
>
> Any pointers?
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From codebowl at gmail.com  Mon Apr  9 11:55:01 2007
From: codebowl at gmail.com (Joseph Crawford)
Date: Mon, 9 Apr 2007 11:55:01 -0400
Subject: [nycphp-talk] Single Sign On Questions
In-Reply-To: <C12F0900C695FF47AEE0A7C2C75760A0904C40@greenmonster.supercoups.local>
References: <8d9a42800704090819o23734454n144b18d23b53a035@mail.gmail.com>
	<C12F0900C695FF47AEE0A7C2C75760A0904C40@greenmonster.supercoups.local>
Message-ID: <8d9a42800704090855t57fda7f5xca7f96ab4f619178@mail.gmail.com>

Tim,

THanks for your response.  Implementing a certificate system like MIT
is probably out of the question.  They are looking for a good solution
that will not take long to get up and running.

They are only going to have a handful of domains, probably 6 max that
will be setup for this.  Although I am sure they would expand in the
future I am not sure a system like this will be cost effective for
them.

-- 
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com


From nyphp at n0p.net  Mon Apr  9 14:18:45 2007
From: nyphp at n0p.net (Flavio daCosta)
Date: Mon, 09 Apr 2007 14:18:45 -0400
Subject: [nycphp-talk] Single Sign On Questions
In-Reply-To: <8d9a42800704090819o23734454n144b18d23b53a035@mail.gmail.com>
References: <8d9a42800704090819o23734454n144b18d23b53a035@mail.gmail.com>
Message-ID: <461A8385.9080102@n0p.net>

Sounds to me like you are almost there just missing a step.

> ...
> However if you then go to another site
> say eredirectory.com it will not see you logged in because no cookie
> is set so you again have to click the login button.

At this point, you should be redirecting them back to your SSO server
(ere.net) (as opposed to showing a login form) and automatically logging
them in if the ere.net cookie is present.

[re]Read through the list on page 340 and 341 of Advanced PHP
Programming very carefully and study the figures 13.1 and 13.2.  It make
take a few times to click, but it really does describe the process well.

flav

P.S. if you would like a bit more explanation, I would be happy to help
via IM (send via personal mail) or irc.freenode.net ##php (n0p)


From ajai at bitblit.net  Mon Apr  9 15:16:05 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Mon, 9 Apr 2007 15:16:05 -0400 (EDT)
Subject: [nycphp-talk] Scaling Web Apps WAS Re: PHP Web Frameworks
In-Reply-To: <614C61C7-0850-4AC0-B7F2-A7A9CBF9B94C@jonbaer.com>
Message-ID: <Pine.LNX.4.44.0704091513170.7095-100000@bitblit.net>

On Mon, 9 Apr 2007, Jon Baer wrote:

> All the cool kids are running Amazon EC2 Xen-based servers if you  
> want to just give it a try :-)

Also check out using UML kernels like the Linode guys:

http://www.linode.com/products/

Ive been giving it some serious consideration.

They have their own tools for handling config and console access to 
the virtual machine. Being able to upgrade via software is pretty cool.



-- 
Aj. (ajai at bitblit.net)



From rahmin at insite-out.com  Tue Apr 10 12:03:08 2007
From: rahmin at insite-out.com (Rahmin Pavlovic)
Date: Tue, 10 Apr 2007 12:03:08 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <b76252690704021905q385223dbq12a03c4f1791a2af@mail.gmail.com>
Message-ID: <C2412D7C.3257C%rahmin@insite-out.com>

Does anyone know approximately how much longer double-quotes take to parse
in a controlled environment?

I'm about to inherit a project using double-quotes all over the place, and
due to (mis)management, I need to back up my assertions with data.  (In
other words, a link showing varying runtime's using happy colors will do :)




From pmjones88 at gmail.com  Tue Apr 10 12:05:58 2007
From: pmjones88 at gmail.com (Paul M Jones)
Date: Tue, 10 Apr 2007 11:05:58 -0500
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <C2412D7C.3257C%rahmin@insite-out.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>
Message-ID: <CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>

On Apr 10, 2007, at 11:03 AM, Rahmin Pavlovic wrote:

> Does anyone know approximately how much longer double-quotes take  
> to parse
> in a controlled environment?

My understanding is "little if any"; recent versions of PHP 4 have  
eliminated the time-difference in single/double quote parsing.



--

Paul M. Jones  <http://paul-m-jones.com>

Solar: Simple Object Library and Application Repository
for PHP5.  <http://solarphp.com>

Join the Solar community wiki!  <http://solarphp.org>

Savant: The simple, elegant, and powerful solution for
templates in PHP.  <http://phpsavant.com>




From pmjones88 at gmail.com  Tue Apr 10 12:23:27 2007
From: pmjones88 at gmail.com (Paul M Jones)
Date: Tue, 10 Apr 2007 11:23:27 -0500
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>
	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
Message-ID: <EE518082-CF14-472B-9376-A26A5802C300@gmail.com>


On Apr 10, 2007, at 11:05 AM, Paul M Jones wrote:

> On Apr 10, 2007, at 11:03 AM, Rahmin Pavlovic wrote:
>
>> Does anyone know approximately how much longer double-quotes take  
>> to parse
>> in a controlled environment?
>
> My understanding is "little if any"; recent versions of PHP 4 have  
> eliminated the time-difference in single/double quote parsing.

In fact, here's a blog entry about it from Sara Golemon:

   <http://blog.libssh2.org/index.php?/archives/28-How-long-is-a- 
piece-of-string.html>

See comments 4 and 4.1 for the specific answer:

> Definitely a very interesting article.
> It would also be nice to know whether there is a difference between  
> single and double quotes because there is always a lot of  
> discussion going on about that, too. (and i don't know how to find  
> out the opcodes and stuff ;-) )
> #4 Jan on 2006-06-19 10:19 (Reply)
...
> Short version: No. The margin between single and double quoted is  
> on the order of nanoseconds. The only thing that gives single-quote  
> any kind of edge over double-quote (assuming they're both constant/ 
> non-interpolated strings) is the fact that double quoted strings  
> are subject to more substitution rules (\r\n\t\xFF\012) and so have  
> to spend an extra clock-cycle or two on scanning.
>
> Just like so many compile-time bottlenecks though, once you  
> introduce an opcode cache, this distinction vanishes.
> #4.1 Sara Golemon on 2006-06-19 11:02 (Reply)



--

Paul M. Jones  <http://paul-m-jones.com>

Solar: Simple Object Library and Application Repository
for PHP5.  <http://solarphp.com>

Join the Solar community wiki!  <http://solarphp.org>

Savant: The simple, elegant, and powerful solution for
templates in PHP.  <http://phpsavant.com>







--

Paul M. Jones  <http://paul-m-jones.com>

Solar: Simple Object Library and Application Repository
for PHP5.  <http://solarphp.com>

Join the Solar community wiki!  <http://solarphp.org>

Savant: The simple, elegant, and powerful solution for
templates in PHP.  <http://phpsavant.com>




From rolan at omnistep.com  Tue Apr 10 12:52:23 2007
From: rolan at omnistep.com (Rolan Yang)
Date: Tue, 10 Apr 2007 12:52:23 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <EE518082-CF14-472B-9376-A26A5802C300@gmail.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
	<EE518082-CF14-472B-9376-A26A5802C300@gmail.com>
Message-ID: <461BC0C7.1070304@omnistep.com>

Hrm.. I just ran a real world test and the results were drastically 
different.

With single quotes, it took about 3.4 seconds to complete.
With double quotes, 22  seconds on average.

My setup:
# php -v
PHP 5.1.6 (cli) (built: Nov  3 2006 07:27:53)
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
AMD Athlon(tm) XP 2200+
1GB RAM

It would be interesting for you guys to share your results too.

Here is the code. Run it from the command line with: "php -f quotetest.php"
or load it in your browser.

<?php
// Test speed of double quotes vs single quotes
// Rolan Yang rolan at omnistep.com   4/10/2007

$insertthis="abcdefg";

if (isset($_SERVER['HTTP_USER_AGENT'])) {$newline="<br>\n";} else 
{$newline="\n";}
$start=microtime(TRUE);
print "Start: $start{$newline}";


for ($x=1;$x<5000000;$x++) {
        // comment out one of the two lines below when testing
        
#$test="aerg;jia;rgjia;erigja;ergja;rga;erigjae;rigjae;riogja;eriogjae;rgjae;riojga;erji{$insertthis}";
        
$test='aerg;jia;rgjia;erigja;ergja;rga;erigjae;rigjae;riogja;eriogjae;rgjae;riojga;erji'.$insertthis;
}
$end=microtime(TRUE);
print "End: $end{$newline}Total=".($end-$start).$newline;
?>


~Rolan


Paul M Jones wrote:
>
> On Apr 10, 2007, at 11:05 AM, Paul M Jones wrote:
>
>> On Apr 10, 2007, at 11:03 AM, Rahmin Pavlovic wrote:
>>
>>> Does anyone know approximately how much longer double-quotes take to 
>>> parse
>>> in a controlled environment?
>>
>> My understanding is "little if any"; recent versions of PHP 4 have 
>> eliminated the time-difference in single/double quote parsing.
>
> In fact, here's a blog entry about it from Sara Golemon:
>
>   
> <http://blog.libssh2.org/index.php?/archives/28-How-long-is-a-piece-of-string.html> 
>
>
> See comments 4 and 4.1 for the specific answer:
>
>> Definitely a very interesting article.
>> It would also be nice to know whether there is a difference between 
>> single and double quotes because there is always a lot of discussion 
>> going on about that, too. (and i don't know how to find out the 
>> opcodes and stuff ;-) )
>> #4 Jan on 2006-06-19 10:19 (Reply)
> ...
>> Short version: No. The margin between single and double quoted is on 
>> the order of nanoseconds. The only thing that gives single-quote any 
>> kind of edge over double-quote (assuming they're both 
>> constant/non-interpolated strings) is the fact that double quoted 
>> strings are subject to more substitution rules (\r\n\t\xFF\012) and 
>> so have to spend an extra clock-cycle or two on scanning.
>>
>> Just like so many compile-time bottlenecks though, once you introduce 
>> an opcode cache, this distinction vanishes.
>> #4.1 Sara Golemon on 2006-06-19 11:02 (Reply)
>
>
>
> -- 
>
> Paul M. Jones  <http://paul-m-jones.com>
>
> Solar: Simple Object Library and Application Repository
> for PHP5.  <http://solarphp.com>
>
> Join the Solar community wiki!  <http://solarphp.org>
>
> Savant: The simple, elegant, and powerful solution for
> templates in PHP.  <http://phpsavant.com>
>
>
>
>
>
>
>
> -- 
>
> Paul M. Jones  <http://paul-m-jones.com>
>
> Solar: Simple Object Library and Application Repository
> for PHP5.  <http://solarphp.com>
>
> Join the Solar community wiki!  <http://solarphp.org>
>
> Savant: The simple, elegant, and powerful solution for
> templates in PHP.  <http://phpsavant.com>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From tom at supertom.com  Tue Apr 10 13:06:44 2007
From: tom at supertom.com (Tom Melendez)
Date: Tue, 10 Apr 2007 13:06:44 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <461BC0C7.1070304@omnistep.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>
	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
	<EE518082-CF14-472B-9376-A26A5802C300@gmail.com>
	<461BC0C7.1070304@omnistep.com>
Message-ID: <117286890704101006j51875e5cre89f0c1e87a61dbd@mail.gmail.com>

On 4/10/07, Rolan Yang <rolan at omnistep.com> wrote:
> Hrm.. I just ran a real world test and the results were drastically
> different.
>
> With single quotes, it took about 3.4 seconds to complete.
> With double quotes, 22  seconds on average.
>

I wouldn't have believed it, but I got similar results.  However, it
simply just isn't the presence of the double quotes, but the actual
interpolation taking place in the string.

this:

$test="foostring".$myvar; //double quotes

was just as fast as:

$test='foostring'.$myvar; //single quotes

So, any dreams you may have had of just writing a sed script to
replace all double quotes with single quotes have been crushed. :-)

Tom
http://www.liphp.org


From chsnyder at gmail.com  Tue Apr 10 13:38:45 2007
From: chsnyder at gmail.com (csnyder)
Date: Tue, 10 Apr 2007 13:38:45 -0400
Subject: [nycphp-talk] Scaling Web Apps WAS Re: PHP Web Frameworks
In-Reply-To: <614C61C7-0850-4AC0-B7F2-A7A9CBF9B94C@jonbaer.com>
References: <20070405011655.42A7710A806D@cakephp.org>
	<506CFFED-48EF-4804-BF2C-4EFA990829EB@cakephp.org>
	<498B5B90-CAA1-4147-9DD5-D8C98F488A12@beaffinitive.com>
	<614C61C7-0850-4AC0-B7F2-A7A9CBF9B94C@jonbaer.com>
Message-ID: <b76252690704101038s7aa27276m36591110a487e454@mail.gmail.com>

On 4/9/07, Jon Baer <jonbaer at jonbaer.com> wrote:

> When PHP apps themselves are written w/ virtualization in mind is
> when it will get very interesting.  Imagine something like:
>
> function job($queue) {
>    // can I handle all of it?  If not fire up another x instances to
> help me out //
> }

Curious how writing for virtualized/clustered environment like that is
different from writing for threaded environment, which we've pretty
much decided PHP isn't capable of doing.

Is it just about finding places where you can spawn more processes
using shared memory?

Or is it about assuming that multiple local servers will be marshalled
to handle any one request to a front-end controller -- like web
services but without the nasty http lag because all the services are
on the same subnet?

Seems that's how they used to say Google Search worked, where the
request was dispatched in the background to multiple servers, each of
which was responsible for looking in its own slice of the index. All
the responses were aggregated, ordered by pagerank and rendered as a
response.

-- 
Chris Snyder
http://chxo.com/


From arzala at gmail.com  Tue Apr 10 23:34:18 2007
From: arzala at gmail.com (Anirudh Zala)
Date: Wed, 11 Apr 2007 09:04:18 +0530
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>
	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
Message-ID: <200704110904.18963.arzala@gmail.com>

On Tuesday 10 April 2007 21:35, Paul M Jones wrote:
> On Apr 10, 2007, at 11:03 AM, Rahmin Pavlovic wrote:
> > Does anyone know approximately how much longer double-quotes take
> > to parse
> > in a controlled environment?
>
> My understanding is "little if any"; recent versions of PHP 4 have
> eliminated the time-difference in single/double quote parsing.

I don't think complete elimination is possible. Because it is obvious that 
when some thing is looked first for "expansion" and then taking 'as it is', 
if it is not to be expanded, then there must be some time-difference. However 
it could be that time-difference may have been reduced. But I don't think 
complete elimination is possible. To me 2nd effect of "bad practicing" is 
more important as far as coding is concerned.

Even if there is little time-difference, this also tells that one is using 
inappropriate ways while coding. So this issue has impact from both sides. To 
me it is against good practice. To some extent it is quite fine but when 
people "double quote" paragraph of 100 lines containing static data, it would 
be called as bad practice.

Thanks

Anirudh Zala

>
> Paul M. Jones  <http://paul-m-jones.com>
>
> Solar: Simple Object Library and Application Repository
> for PHP5.  <http://solarphp.com>
>
> Join the Solar community wiki!  <http://solarphp.org>
>
> Savant: The simple, elegant, and powerful solution for
> templates in PHP.  <http://phpsavant.com>
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php


From ramons at gmx.net  Wed Apr 11 06:37:08 2007
From: ramons at gmx.net (David Krings)
Date: Wed, 11 Apr 2007 06:37:08 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <200704110904.18963.arzala@gmail.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
	<200704110904.18963.arzala@gmail.com>
Message-ID: <461CBA54.6090102@gmx.net>

Anirudh Zala wrote:
> To me 2nd effect of "bad practicing" is 
> more important as far as coding is concerned.
> 
> Even if there is little time-difference, this also tells that one is using 
> inappropriate ways while coding. So this issue has impact from both sides. To 
> me it is against good practice. To some extent it is quite fine but when 
> people "double quote" paragraph of 100 lines containing static data, it would 
> be called as bad practice.
> 

I agree, I thought for some time on how to optimize my code and I am 
pretty sure there are things that give me a bigger bang for the buck 
than changing double quotes to single quotes.
I further think that there is a balance between code performance and 
readability. I've seen code where the programmer drops out of PHP for 
even a single word instead of concatenating that into the echoed string. 
  That is plain silly and I doubt that this turns into a performance 
improvement at all compared to doing that for the before mentioned 100 
lines of static text. But even for that there is maybe an explanation. 
The first thing for PHP that I learned was this:
print("Hello World!");
It took me about a year to make the move to the much easier echo and 
much later I learned that I can drop out of PHP into plain HTML and then 
go back. Bad practices are typically coming from bad teaching, and 
especially the PHP manual on php.net makes excessive use of double 
quotes. No wonder only a few really understand what the difference is, 
what to use when and why.

David


From arzala at gmail.com  Wed Apr 11 09:01:26 2007
From: arzala at gmail.com (Anirudh Zala)
Date: Wed, 11 Apr 2007 18:31:26 +0530
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <461CBA54.6090102@gmx.net>
References: <C2412D7C.3257C%rahmin@insite-out.com>
	<200704110904.18963.arzala@gmail.com> <461CBA54.6090102@gmx.net>
Message-ID: <200704111831.26586.arzala@gmail.com>

On Wednesday 11 April 2007 16:07, David Krings wrote:
> Anirudh Zala wrote:
> > To me 2nd effect of "bad practicing" is
> > more important as far as coding is concerned.
> >
> > Even if there is little time-difference, this also tells that one is
> > using inappropriate ways while coding. So this issue has impact from both
> > sides. To me it is against good practice. To some extent it is quite fine
> > but when people "double quote" paragraph of 100 lines containing static
> > data, it would be called as bad practice.
>
> I agree, I thought for some time on how to optimize my code and I am
> pretty sure there are things that give me a bigger bang for the buck
> than changing double quotes to single quotes.
> I further think that there is a balance between code performance and
> readability. I've seen code where the programmer drops out of PHP for
> even a single word instead of concatenating that into the echoed string.
>   That is plain silly and I doubt that this turns into a performance
> improvement at all compared to doing that for the before mentioned 100
> lines of static text. But even for that there is maybe an explanation.
> The first thing for PHP that I learned was this:
> print("Hello World!");
> It took me about a year to make the move to the much easier echo and
> much later I learned that I can drop out of PHP into plain HTML and then
> go back. Bad practices are typically coming from bad teaching, and
> especially the PHP manual on php.net makes excessive use of double
> quotes. No wonder only a few really understand what the difference is,
> what to use when and why.

It is because, probably, those who knows such differences do not do 
documentation or if they don't have time to do documentation then they are 
not reviewing what has been done by documentation team and how it is written.

>
> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

-- 

Anirudh Zala


From michael.southwell at nyphp.com  Wed Apr 11 09:38:06 2007
From: michael.southwell at nyphp.com (Michael Southwell)
Date: Wed, 11 Apr 2007 09:38:06 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <461CBA54.6090102@gmx.net>
References: <C2412D7C.3257C%rahmin@insite-out.com>
	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
	<200704110904.18963.arzala@gmail.com> <461CBA54.6090102@gmx.net>
Message-ID: <6.2.3.4.2.20070411093119.0290b6c0@pop.nyphp.com>

At 06:37 AM 4/11/2007, you wrote:
I further think that there is a balance between code performance and 
readability. I've seen code where the programmer drops out of PHP for 
even a single word instead of concatenating that into the echoed 
string.  That is plain silly and I doubt that this turns into a 
performance improvement at all compared to doing that for the before 
mentioned 100 lines of static text. But even for that there is maybe 
an explanation.

There may well be.  One issue that I have not seen discussed in this 
connection is that of coding automaticity.  If you *always* write 
things in the same way, doing so becomes eventually automatic and 
nearly unconscious. This situation minimizes errors and maximizes 
speed, which is always a good combination goal. A good text editor 
can make such jumping back and forth (or any such oft-repeated 
action) extremely simple. In this case, then, what is optimized is 
not execution speed/efficiency but rather coder speed/efficiency, 
which is always (or at least almost always) more important.


Michael Southwell, Vice President for Education
New York PHP
http://www.nyphp.com/training - In-depth PHP Training Courses




From rolan at omnistep.com  Wed Apr 11 09:52:18 2007
From: rolan at omnistep.com (Rolan Yang)
Date: Wed, 11 Apr 2007 09:52:18 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <117286890704101006j51875e5cre89f0c1e87a61dbd@mail.gmail.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>	<EE518082-CF14-472B-9376-A26A5802C300@gmail.com>	<461BC0C7.1070304@omnistep.com>
	<117286890704101006j51875e5cre89f0c1e87a61dbd@mail.gmail.com>
Message-ID: <461CE812.3010008@omnistep.com>

Tom Melendez wrote:
> On 4/10/07, Rolan Yang <rolan at omnistep.com> wrote:
>> Hrm.. I just ran a real world test and the results were drastically
>> different.
>>
>> With single quotes, it took about 3.4 seconds to complete.
>> With double quotes, 22  seconds on average.
>>
>
> I wouldn't have believed it, but I got similar results.  However, it
> simply just isn't the presence of the double quotes, but the actual
> interpolation taking place in the string.
>
> this:
>
> $test="foostring".$myvar; //double quotes
>
> was just as fast as:
>
> $test='foostring'.$myvar; //single quotes
>
> So, any dreams you may have had of just writing a sed script to
> replace all double quotes with single quotes have been crushed. :-)
>
I'm thinking that such a php optimizing script would definitely be very 
useful.
It would be beneficial if someone were to write one up and share it with 
the world.


~Rolan


From ben at projectskyline.com  Wed Apr 11 09:55:19 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Wed, 11 Apr 2007 09:55:19 -0400
Subject: [nycphp-talk] [OT] Next meeting
Message-ID: <007301c77c41$0ada5df0$6a01a8c0@gamebox>

Hey all, 

I've searched the sites calendar and see nothing listed for April.
I do see an event that passed, March 29th.

I'd like to attend the next meeting, just want to know when and where.

Thanks.

- Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070411/80449944/attachment.html>

From tedd at sperling.com  Wed Apr 11 10:15:08 2007
From: tedd at sperling.com (tedd)
Date: Wed, 11 Apr 2007 10:15:08 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <6.2.3.4.2.20070411093119.0290b6c0@pop.nyphp.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>
	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>
	<200704110904.18963.arzala@gmail.com> <461CBA54.6090102@gmx.net>
	<6.2.3.4.2.20070411093119.0290b6c0@pop.nyphp.com>
Message-ID: <p06240806c2429a15525f@[192.168.1.100]>

At 9:38 AM -0400 4/11/07, Michael Southwell wrote:
>There may well be.  One issue that I have not seen discussed in this 
>connection is that of coding automaticity.  If you *always* write 
>things in the same way, doing so becomes eventually automatic and 
>nearly unconscious. This situation minimizes errors and maximizes 
>speed, which is always a good combination goal. A good text editor 
>can make such jumping back and forth (or any such oft-repeated 
>action) extremely simple. In this case, then, what is optimized is 
>not execution speed/efficiency but rather coder speed/efficiency, 
>which is always (or at least almost always) more important.

Thank you.

There are some, like myself, who come from different language 
backgrounds/customs and use that experience to program in php. 
Additionally, if you are an "all purpose" web programmer, then you 
also program in other languages as well (i.e., mysql, javascript, 
ajax, html, xml, etc.).

The "jumping-in/out" boundaries between languages becomes blurred 
when solving a problem in concert with different languages. I often 
look at web programming not as several languages, but as a single 
language with many different rules in which I have to find a common 
path. No one set of rules can be applied to all, at least not yet. 
But the trend/need, as I see it, is there.

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From support at dailytechnology.net  Wed Apr 11 10:35:26 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Wed, 11 Apr 2007 10:35:26 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <p06240806c2429a15525f@[192.168.1.100]>
References: <C2412D7C.3257C%rahmin@insite-out.com>	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>	<200704110904.18963.arzala@gmail.com>
	<461CBA54.6090102@gmx.net>	<6.2.3.4.2.20070411093119.0290b6c0@pop.nyphp.com>
	<p06240806c2429a15525f@[192.168.1.100]>
Message-ID: <461CF22E.6050805@dailytechnology.net>

I would also like to express agreement with Micheal.

Code readability is extremely important. In PHP you're often working 
with several different languages at once, and it's important to keep 
that in mind (especially if you're working with other developers who may 
be specialized in certain areas).

A few microseconds are important when speed is your *top* priority, but 
rarely does it ever become that. As developers our job is to evaluate 
the priorities that come into play and make the decisions that offer the 
best balance.


tedd wrote:
> At 9:38 AM -0400 4/11/07, Michael Southwell wrote:
>> There may well be.  One issue that I have not seen discussed in this 
>> connection is that of coding automaticity.  If you *always* write 
>> things in the same way, doing so becomes eventually automatic and 
>> nearly unconscious. This situation minimizes errors and maximizes 
>> speed, which is always a good combination goal. A good text editor can 
>> make such jumping back and forth (or any such oft-repeated action) 
>> extremely simple. In this case, then, what is optimized is not 
>> execution speed/efficiency but rather coder speed/efficiency, which is 
>> always (or at least almost always) more important.
> 
> Thank you.
> 
> There are some, like myself, who come from different language 
> backgrounds/customs and use that experience to program in php. 
> Additionally, if you are an "all purpose" web programmer, then you also 
> program in other languages as well (i.e., mysql, javascript, ajax, html, 
> xml, etc.).
> 
> The "jumping-in/out" boundaries between languages becomes blurred when 
> solving a problem in concert with different languages. I often look at 
> web programming not as several languages, but as a single language with 
> many different rules in which I have to find a common path. No one set 
> of rules can be applied to all, at least not yet. But the trend/need, as 
> I see it, is there.
> 
> Cheers,
> 
> tedd


From dcech at phpwerx.net  Wed Apr 11 10:38:21 2007
From: dcech at phpwerx.net (Dan Cech)
Date: Wed, 11 Apr 2007 10:38:21 -0400
Subject: [nycphp-talk] single quote vs. double quote
In-Reply-To: <6.2.3.4.2.20070411093119.0290b6c0@pop.nyphp.com>
References: <C2412D7C.3257C%rahmin@insite-out.com>	<CE21BD7D-4358-47B5-A0C9-815474DD4275@gmail.com>	<200704110904.18963.arzala@gmail.com>
	<461CBA54.6090102@gmx.net>
	<6.2.3.4.2.20070411093119.0290b6c0@pop.nyphp.com>
Message-ID: <461CF2DD.7050902@phpwerx.net>

Michael Southwell wrote:
> There may well be.  One issue that I have not seen discussed in this
> connection is that of coding automaticity.  If you *always* write things
> in the same way, doing so becomes eventually automatic and nearly
> unconscious. This situation minimizes errors and maximizes speed, which
> is always a good combination goal. A good text editor can make such
> jumping back and forth (or any such oft-repeated action) extremely
> simple. In this case, then, what is optimized is not execution
> speed/efficiency but rather coder speed/efficiency, which is always (or
> at least almost always) more important.

This is a very good point, and one I am a firm believer in.  If you keep
a consistent style throughout all your coding you benefit in many ways.

The biggest single advantage for me is that I can quickly scan any given
block of code and see roughly what it's doing.  Because all correct code
'looks' the same, it is also much easier to spot things that are out of
the ordinary and might be bugs.

There are advantages too, once you start doing things consistently a lot
of common sequences do become automatic, which definitely makes for
faster and more accurate coding, and fewer parse errors!

Joel Spolsky actually has a pretty good article about this kind of thing:

http://www.joelonsoftware.com/articles/Wrong.html

I don't use all the techniques he discusses in the article, but the
principle of using rules that make 'wrong code look wrong' is a good one.

Dan


From codebowl at gmail.com  Wed Apr 11 13:51:01 2007
From: codebowl at gmail.com (Joseph Crawford)
Date: Wed, 11 Apr 2007 13:51:01 -0400
Subject: [nycphp-talk] OT - mod_rewrite Assistance
Message-ID: <8d9a42800704111051y599368dbj911d6c29eb9e3918@mail.gmail.com>

Guys I know why this is acting the way it is, however I do not know
how to correct it.

## Rewrite something.domain.com/... to something.domain.com/...
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{HTTP_HOST} ^((dev\.)(.+)\.)?(ere\.net)$ [NC]
RewriteCond $1 !^(index\.php|runtime|robots\.txt|assets)
RewriteRule ^(.*)$ http://%{HTTP_HOST}/%3%{REQUEST_URI} [QSA,L]

the 3rd RewriteCond says to run this is the first /something/ does not
match the ones in that list, so if i add /index\.php/ before the %3%
in the RewriteRule it works fine, however I wish to not have the
/index.php/ in the URL, yet I cannot list out all of the sub-domains
in that RewriteCond list. I tried to use %3% in the list but it
failed. It continued to run the rule.

The rule is running properly but never stopping until the browser
stops it. if you go to http://dev.sub.domain.com/ it will redirect you
to http://dev.sub.domain.com/sub/ but it goes continuosly adding more
and more /sub/ to the url.

Also i do not wish to show the url in the address bar. All i want to
show there is http://dev.sub.domain.com/ but in the background that
should rewrite to http://dev.sub.domain.com/sub/

So if i type in http://dev.sub.domain.com/folder/ in the background it
will actually be calling http://dev.sub.domain.com/sub/folder/

I hope I have explained the issues clearly.

Any help will be appreciated.

-- 
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com


From lists at zaunere.com  Thu Apr 12 15:29:55 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Thu, 12 Apr 2007 15:29:55 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <007301c77c41$0ada5df0$6a01a8c0@gamebox>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox>
Message-ID: <039701c77d38$f34c8f70$680aa8c0@MobileZ>


April will probably be another informal meeting.  Any ideas from anyone?

June is Adobe which I'll be adding to the calendar soon.

But April and May are open for now - if anyone has any ideas, let me know -
otherwise we'll probably do another informal NYPHP-Live discussion (probably
at IBM this time though).

H


Ben Sgro (ProjectSkyline) wrote on Wednesday, April 11, 2007 9:55 AM:
> Hey all,
> 
> I've searched the sites calendar and see nothing listed for April.
> I do see an event that passed, March 29th.
> 
> I'd like to attend the next meeting, just want to know when and where.
> 
> Thanks.
> 
> - Ben



From shiflett at php.net  Thu Apr 12 15:34:53 2007
From: shiflett at php.net (Chris Shiflett)
Date: Thu, 12 Apr 2007 15:34:53 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <039701c77d38$f34c8f70$680aa8c0@MobileZ>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox>
	<039701c77d38$f34c8f70$680aa8c0@MobileZ>
Message-ID: <461E89DD.1010705@php.net>

Hans Zaunere wrote:
> April will probably be another informal meeting.
> Any ideas from anyone?

I'm happy to give a talk, if you don't get a better offer.

Am I right in thinking the date of the next meeting is 24 Apr?

Chris

-- 
Chris Shiflett
http://shiflett.org/


From lists at zaunere.com  Thu Apr 12 15:37:56 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Thu, 12 Apr 2007 15:37:56 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <461E89DD.1010705@php.net>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>
	<461E89DD.1010705@php.net>
Message-ID: <039801c77d3a$1417d5b0$680aa8c0@MobileZ>



Chris Shiflett wrote on Thursday, April 12, 2007 3:35 PM:
> Hans Zaunere wrote:
> > April will probably be another informal meeting.
> > Any ideas from anyone?
> 
> I'm happy to give a talk, if you don't get a better offer.
> 
> Am I right in thinking the date of the next meeting is 24 Apr?

That's it - if you want to, let me know and I'll get the blurb online.
Would be great to have you present.

H



From shiflett at php.net  Thu Apr 12 15:54:01 2007
From: shiflett at php.net (Chris Shiflett)
Date: Thu, 12 Apr 2007 15:54:01 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <039801c77d3a$1417d5b0$680aa8c0@MobileZ>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net>
	<039801c77d3a$1417d5b0$680aa8c0@MobileZ>
Message-ID: <461E8E59.3050106@php.net>

Hans Zaunere wrote:
> Would be great to have you present.

Anyone have any topic requests?

My favorite topics are web application security, sessions, and testing.
I can also speak about DTD strategies:

http://handdrawngames.com/DesktopTD/

Chris

-- 
Chris Shiflett
http://shiflett.org/


From ben at projectskyline.com  Thu Apr 12 16:01:14 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Thu, 12 Apr 2007 16:01:14 -0400
Subject: [nycphp-talk] [OT] Next meeting
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ>
	<461E8E59.3050106@php.net>
Message-ID: <011501c77d3d$5380de60$6a01a8c0@gamebox>

Hey all,

Some application penetration testing would be fun.

Maybe using both tools (nessus) and scripts, brute forcing, cookie altering,
sql inject.

I dont know if that's something to put together in the next week, but
I would donate time to providing a portion of what's listed.

Just some thoughts.

- Ben


----- Original Message ----- 
From: "Chris Shiflett" <shiflett at php.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Thursday, April 12, 2007 3:54 PM
Subject: Re: [nycphp-talk] [OT] Next meeting


> Hans Zaunere wrote:
>> Would be great to have you present.
>
> Anyone have any topic requests?
>
> My favorite topics are web application security, sessions, and testing.
> I can also speak about DTD strategies:
>
> http://handdrawngames.com/DesktopTD/
>
> Chris
>
> -- 
> Chris Shiflett
> http://shiflett.org/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php 



From lists at zaunere.com  Thu Apr 12 16:01:56 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Thu, 12 Apr 2007 16:01:56 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <011501c77d3d$5380de60$6a01a8c0@gamebox>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>
	<011501c77d3d$5380de60$6a01a8c0@gamebox>
Message-ID: <03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>



Ben Sgro (ProjectSkyline) wrote on Thursday, April 12, 2007 4:01 PM:
> Hey all,
> 
> Some application penetration testing would be fun.
> 
> Maybe using both tools (nessus) and scripts, brute forcing, cookie
> altering, sql inject.
> 
> I dont know if that's something to put together in the next week, but
> I would donate time to providing a portion of what's listed.

That's not a bad idea - maybe a cooperative presentation on a specific set
of topics?

H

> 
> Just some thoughts.
> 
> - Ben
> 
> 
> ----- Original Message -----
> From: "Chris Shiflett" <shiflett at php.net>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Thursday, April 12, 2007 3:54 PM
> Subject: Re: [nycphp-talk] [OT] Next meeting
> 
> 
> > Hans Zaunere wrote:
> > > Would be great to have you present.
> > 
> > Anyone have any topic requests?
> > 
> > My favorite topics are web application security, sessions, and
> > testing. I can also speak about DTD strategies:
> > 
> > http://handdrawngames.com/DesktopTD/
> > 
> > Chris
> > 
> > --
> > Chris Shiflett
> > http://shiflett.org/
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> > 
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
> > 
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
> 
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From agfische at email.smith.edu  Thu Apr 12 16:05:58 2007
From: agfische at email.smith.edu (Aaron Fischer)
Date: Thu, 12 Apr 2007 16:05:58 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <461E8E59.3050106@php.net>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net>
	<039801c77d3a$1417d5b0$680aa8c0@MobileZ> <461E8E59.3050106@php.net>
Message-ID: <63890262-AFF6-43A9-9FAC-761CB0593AE5@email.smith.edu>

Security, sessions and testing all sound great.

Specifically, I would be very interested in discussions about  
practices that can be done to write secure code/apps, and things that  
can be done to test it, attempt to find vulnerabilities, etc.

-Aaron


On Apr 12, 2007, at 3:54 PM, Chris Shiflett wrote:

> Hans Zaunere wrote:
>> Would be great to have you present.
>
> Anyone have any topic requests?
>
> My favorite topics are web application security, sessions, and  
> testing.
> I can also speak about DTD strategies:
>
> http://handdrawngames.com/DesktopTD/
>
> Chris
>
> -- 
> Chris Shiflett
> http://shiflett.org/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From ken at secdat.com  Thu Apr 12 16:08:25 2007
From: ken at secdat.com (Kenneth Downs)
Date: Thu, 12 Apr 2007 16:08:25 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>	<011501c77d3d$5380de60$6a01a8c0@gamebox>
	<03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>
Message-ID: <461E91B9.5060805@secdat.com>

Have you ever considered a database primer?  A very simple presentation 
could be built around a handful of ideas:

1) Vocabulary demystification,  column=field, tuple=row=record, 
relation=table, foreign key = reference, primary_key = "code" or unique 
value

2)  Why you can do so much with primary and foreign keys

3)  Is normalization a black art, or a simple matter of technique

4)  What do people mean by denormalization, why do some people hate it 
so much?  Why do others say it is no big deal?

5) Finally, why programmers have trouble with databases and why database 
people have trouble with code, the so-called "impedance mismatch".


I'd be happy to prepare something.


Hans Zaunere wrote:
> Ben Sgro (ProjectSkyline) wrote on Thursday, April 12, 2007 4:01 PM:
>   
>> Hey all,
>>
>> Some application penetration testing would be fun.
>>
>> Maybe using both tools (nessus) and scripts, brute forcing, cookie
>> altering, sql inject.
>>
>> I dont know if that's something to put together in the next week, but
>> I would donate time to providing a portion of what's listed.
>>     
>
> That's not a bad idea - maybe a cooperative presentation on a specific set
> of topics?
>
> H
>
>   
>> Just some thoughts.
>>
>> - Ben
>>
>>
>> ----- Original Message -----
>> From: "Chris Shiflett" <shiflett at php.net>
>> To: "NYPHP Talk" <talk at lists.nyphp.org>
>> Sent: Thursday, April 12, 2007 3:54 PM
>> Subject: Re: [nycphp-talk] [OT] Next meeting
>>
>>
>>     
>>> Hans Zaunere wrote:
>>>       
>>>> Would be great to have you present.
>>>>         
>>> Anyone have any topic requests?
>>>
>>> My favorite topics are web application security, sessions, and
>>> testing. I can also speak about DTD strategies:
>>>
>>> http://handdrawngames.com/DesktopTD/
>>>
>>> Chris
>>>
>>> --
>>> Chris Shiflett
>>> http://shiflett.org/
>>> _______________________________________________
>>> New York PHP Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>       
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>     
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>   


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070412/35ff60c6/attachment.html>

From lists at zaunere.com  Thu Apr 12 16:11:18 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Thu, 12 Apr 2007 16:11:18 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <461E91B9.5060805@secdat.com>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>	<011501c77d3d$5380de60$6a01a8c0@gamebox><03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>
	<461E91B9.5060805@secdat.com>
Message-ID: <03b801c77d3e$bb759c80$680aa8c0@MobileZ>


This is a good idea, too.  So, we went from not having any speaker, to
having too much material :)

Folks who would be willing to present (April for sure, possibly May) please
ping me directly and we can schedule things in.

H


Kenneth Downs wrote on Thursday, April 12, 2007 4:08 PM:
> Have you ever considered a database primer?  A very simple
> presentation could be built around a handful of ideas: 
> 
> 1) Vocabulary demystification,  column=field, tuple=row=record,
> relation=table, foreign key = reference, primary_key = "code" or
> unique value  
> 
> 2)  Why you can do so much with primary and foreign keys
> 
> 3)  Is normalization a black art, or a simple matter of technique
> 
> 4)  What do people mean by denormalization, why do some people hate
> it so much?  Why do others say it is no big deal? 
> 
> 5) Finally, why programmers have trouble with databases and why
> database people have trouble with code, the so-called "impedance
> mismatch".  
> 
> 
> I'd be happy to prepare something.
> 
> 
> Hans Zaunere wrote:
> 
> 
> 	Ben Sgro (ProjectSkyline) wrote on Thursday, April 12, 2007 4:01 PM:
> 
> 
> 		Hey all,
> 
> 		Some application penetration testing would be fun.
> 
> 		Maybe using both tools (nessus) and scripts, brute forcing,
cookie
> 		altering, sql inject.
> 
> 		I dont know if that's something to put together in the next
week,
> 		but I would donate time to providing a portion of what's
listed.
> 
> 
> 
> 	That's not a bad idea - maybe a cooperative presentation on a
> 	specific set of topics?
> 
> 	H
> 
> 
> 
> 		Just some thoughts.
> 
> 		- Ben
> 
> 
> 		----- Original Message -----
> 		From: "Chris Shiflett" <shiflett at php.net>
<mailto:shiflett at php.net>
> 		To: "NYPHP Talk" <talk at lists.nyphp.org>
> 		<mailto:talk at lists.nyphp.org> Sent: Thursday, April 12, 2007
3:54 PM
> 		Subject: Re: [nycphp-talk] [OT] Next meeting
> 
> 
> 
> 
> 			Hans Zaunere wrote:
> 
> 
> 				Would be great to have you present.
> 
> 
> 			Anyone have any topic requests?
> 
> 			My favorite topics are web application security,
sessions, and
> 			testing. I can also speak about DTD strategies:
> 
> 			http://handdrawngames.com/DesktopTD/
> 
> 			Chris
> 
> 			--
> 			Chris Shiflett
> 			http://shiflett.org/
> 			_______________________________________________
> 			New York PHP Community Talk Mailing List
> 			http://lists.nyphp.org/mailman/listinfo/talk
> 
> 			NYPHPCon 2006 Presentations Online
> 			http://www.nyphpcon.com
> 
> 			Show Your Participation in New York PHP
> 			http://www.nyphp.org/show_participation.php
> 
> 
> 		_______________________________________________
> 		New York PHP Community Talk Mailing List
> 		http://lists.nyphp.org/mailman/listinfo/talk
> 
> 		NYPHPCon 2006 Presentations Online
> 		http://www.nyphpcon.com
> 
> 		Show Your Participation in New York PHP
> 		http://www.nyphp.org/show_participation.php
> 
> 
> 
> 	_______________________________________________
> 	New York PHP Community Talk Mailing List
> 	http://lists.nyphp.org/mailman/listinfo/talk
> 
> 	NYPHPCon 2006 Presentations Online
> 	http://www.nyphpcon.com
> 
> 	Show Your Participation in New York PHP
> 	http://www.nyphp.org/show_participation.php
> 
> 
> 
> 
> --
> Kenneth Downs
> Secure Data Software, Inc.
> www.secdat.com    www.andromeda-project.org
> 631-379-7200   Fax: 631-689-0527



From hans at cyberxdesigns.com  Thu Apr 12 18:00:38 2007
From: hans at cyberxdesigns.com (Hans C. Kaspersetz)
Date: Thu, 12 Apr 2007 18:00:38 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <03b801c77d3e$bb759c80$680aa8c0@MobileZ>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>	<011501c77d3d$5380de60$6a01a8c0@gamebox><03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>	<461E91B9.5060805@secdat.com>
	<03b801c77d3e$bb759c80$680aa8c0@MobileZ>
Message-ID: <461EAC06.907@cyberxdesigns.com>

Both talks would be very cool....  Chris, I would prefer the testing 
discussion.  Are you talking about security testing or general testing, 
like the use of test suites to perform regression testing, ect?  I would 
prefer the later.  Seems like an issue that comes up once a year and 
deserves that attention.

Hans K



Hans Zaunere wrote:
> This is a good idea, too.  So, we went from not having any speaker, to
> having too much material :)
>
> Folks who would be willing to present (April for sure, possibly May) please
> ping me directly and we can schedule things in.
>
> H
>
>
> Kenneth Downs wrote on Thursday, April 12, 2007 4:08 PM:
>   
>> Have you ever considered a database primer?  A very simple
>> presentation could be built around a handful of ideas: 
>>
>> 1) Vocabulary demystification,  column=field, tuple=row=record,
>> relation=table, foreign key = reference, primary_key = "code" or
>> unique value  
>>
>> 2)  Why you can do so much with primary and foreign keys
>>
>> 3)  Is normalization a black art, or a simple matter of technique
>>
>> 4)  What do people mean by denormalization, why do some people hate
>> it so much?  Why do others say it is no big deal? 
>>
>> 5) Finally, why programmers have trouble with databases and why
>> database people have trouble with code, the so-called "impedance
>> mismatch".  
>>
>>
>> I'd be happy to prepare something.
>>
>>
>> Hans Zaunere wrote:
>>
>>
>> 	Ben Sgro (ProjectSkyline) wrote on Thursday, April 12, 2007 4:01 PM:
>>
>>
>> 		Hey all,
>>
>> 		Some application penetration testing would be fun.
>>
>> 		Maybe using both tools (nessus) and scripts, brute forcing,
>>     
> cookie
>   
>> 		altering, sql inject.
>>
>> 		I dont know if that's something to put together in the next
>>     
> week,
>   
>> 		but I would donate time to providing a portion of what's
>>     
> listed.
>   
>>
>> 	That's not a bad idea - maybe a cooperative presentation on a
>> 	specific set of topics?
>>
>> 	H
>>
>>
>>
>> 		Just some thoughts.
>>
>> 		- Ben
>>
>>
>> 		----- Original Message -----
>> 		From: "Chris Shiflett" <shiflett at php.net>
>>     
> <mailto:shiflett at php.net>
>   
>> 		To: "NYPHP Talk" <talk at lists.nyphp.org>
>> 		<mailto:talk at lists.nyphp.org> Sent: Thursday, April 12, 2007
>>     
> 3:54 PM
>   
>> 		Subject: Re: [nycphp-talk] [OT] Next meeting
>>
>>
>>
>>
>> 			Hans Zaunere wrote:
>>
>>
>> 				Would be great to have you present.
>>
>>
>> 			Anyone have any topic requests?
>>
>> 			My favorite topics are web application security,
>>     
> sessions, and
>   
>> 			testing. I can also speak about DTD strategies:
>>
>> 			http://handdrawngames.com/DesktopTD/
>>
>> 			Chris
>>
>> 			--
>> 			Chris Shiflett
>> 			http://shiflett.org/
>> 			_______________________________________________
>> 			New York PHP Community Talk Mailing List
>> 			http://lists.nyphp.org/mailman/listinfo/talk
>>
>> 			NYPHPCon 2006 Presentations Online
>> 			http://www.nyphpcon.com
>>
>> 			Show Your Participation in New York PHP
>> 			http://www.nyphp.org/show_participation.php
>>
>>
>> 		_______________________________________________
>> 		New York PHP Community Talk Mailing List
>> 		http://lists.nyphp.org/mailman/listinfo/talk
>>
>> 		NYPHPCon 2006 Presentations Online
>> 		http://www.nyphpcon.com
>>
>> 		Show Your Participation in New York PHP
>> 		http://www.nyphp.org/show_participation.php
>>
>>
>>
>> 	_______________________________________________
>> 	New York PHP Community Talk Mailing List
>> 	http://lists.nyphp.org/mailman/listinfo/talk
>>
>> 	NYPHPCon 2006 Presentations Online
>> 	http://www.nyphpcon.com
>>
>> 	Show Your Participation in New York PHP
>> 	http://www.nyphp.org/show_participation.php
>>
>>
>>
>>
>> --
>> Kenneth Downs
>> Secure Data Software, Inc.
>> www.secdat.com    www.andromeda-project.org
>> 631-379-7200   Fax: 631-689-0527
>>     
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
>
>   


From rmarscher at beaffinitive.com  Thu Apr 12 18:27:50 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Thu, 12 Apr 2007 18:27:50 -0400
Subject: [nycphp-talk] OT - mod_rewrite Assistance
In-Reply-To: <8d9a42800704111051y599368dbj911d6c29eb9e3918@mail.gmail.com>
References: <8d9a42800704111051y599368dbj911d6c29eb9e3918@mail.gmail.com>
Message-ID: <31C65A18-AF76-4D4F-87B3-D786C724998B@beaffinitive.com>

> On Apr 11, 2007, at 1:51 PM, Joseph Crawford wrote:
> The rule is running properly but never stopping until the browser
> stops it. if you go to http://dev.sub.domain.com/ it will redirect you
> to http://dev.sub.domain.com/sub/ but it goes continuosly adding more
> and more /sub/ to the url.I've hit that problem before... If I  
> remember right, I think it's because when it goes into http:// 
> dev.sub.domain.com/sub/ it process the same set of rewrite rules  
> and they still match so it goes and rewrites it again to http:// 
> dev.sub.domain.com/sub/sub/

Off the top of my head, I think one simple way to solve it is to put  
a .htaccess file in each of your "subdirectory" folders that simply  
has RewriteEngine On which clears out the rules for that folder so it  
won't try to process the rules of the parent folder.

Either that or you figure out how to put a conditional so that it  
doesn't match the second time around.

> Also i do not wish to show the url in the address bar. All i want to
> show there is http://dev.sub.domain.com/ but in the background that
> should rewrite to http://dev.sub.domain.com/sub/
> So if i type in http://dev.sub.domain.com/folder/ in the background it
> will actually be calling http://dev.sub.domain.com/sub/folder/

The http://%{HTTP_HOST}/ part of your last rule is causing that.

I'm actually having a bit of trouble deciphering how your rule works  
exactly.  There might be a simpler way to do it.  I guess I could  
RTFM... but if you've got a second to explain in english, what does % 
{ENV:REDIRECT_STATUS} and %3%{REQUEST_URI} do?

-Rob




From morgan at forsalebyowner.com  Fri Apr 13 11:28:21 2007
From: morgan at forsalebyowner.com (Morgan Craft)
Date: Fri, 13 Apr 2007 11:28:21 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <461EAC06.907@cyberxdesigns.com>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>	<011501c77d3d$5380de60$6a01a8c0@gamebox><03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>	<461E91B9.5060805@secdat.com>	<03b801c77d3e$bb759c80$680aa8c0@MobileZ>
	<461EAC06.907@cyberxdesigns.com>
Message-ID: <461FA195.1010406@forsalebyowner.com>

I know testing was mentioned.  Has anyone played with Selenium at all?

http://www.openqa.org/selenium-ide/

Our development team is beginning to look at integrating this platform 
into our testing.  Anyone else using this at all?

Hans C. Kaspersetz wrote:
> Both talks would be very cool....  Chris, I would prefer the testing 
> discussion.  Are you talking about security testing or general 
> testing, like the use of test suites to perform regression testing, 
> ect?  I would prefer the later.  Seems like an issue that comes up 
> once a year and deserves that attention.
>
> Hans K
>
>
>
> Hans Zaunere wrote:
>> This is a good idea, too.  So, we went from not having any speaker, to
>> having too much material :)
>>
>> Folks who would be willing to present (April for sure, possibly May) 
>> please
>> ping me directly and we can schedule things in.
>>
>> H
>>
>>
>> Kenneth Downs wrote on Thursday, April 12, 2007 4:08 PM:
>>  
>>> Have you ever considered a database primer?  A very simple
>>> presentation could be built around a handful of ideas:
>>> 1) Vocabulary demystification,  column=field, tuple=row=record,
>>> relation=table, foreign key = reference, primary_key = "code" or
>>> unique value 
>>> 2)  Why you can do so much with primary and foreign keys
>>>
>>> 3)  Is normalization a black art, or a simple matter of technique
>>>
>>> 4)  What do people mean by denormalization, why do some people hate
>>> it so much?  Why do others say it is no big deal?
>>> 5) Finally, why programmers have trouble with databases and why
>>> database people have trouble with code, the so-called "impedance
>>> mismatch". 
>>>
>>> I'd be happy to prepare something.
>>>
>>>
>>> Hans Zaunere wrote:
>>>
>>>
>>>     Ben Sgro (ProjectSkyline) wrote on Thursday, April 12, 2007 4:01 
>>> PM:
>>>
>>>
>>>         Hey all,
>>>
>>>         Some application penetration testing would be fun.
>>>
>>>         Maybe using both tools (nessus) and scripts, brute forcing,
>>>     
>> cookie
>>  
>>>         altering, sql inject.
>>>
>>>         I dont know if that's something to put together in the next
>>>     
>> week,
>>  
>>>         but I would donate time to providing a portion of what's
>>>     
>> listed.
>>  
>>>
>>>     That's not a bad idea - maybe a cooperative presentation on a
>>>     specific set of topics?
>>>
>>>     H
>>>
>>>
>>>
>>>         Just some thoughts.
>>>
>>>         - Ben
>>>
>>>
>>>         ----- Original Message -----
>>>         From: "Chris Shiflett" <shiflett at php.net>
>>>     
>> <mailto:shiflett at php.net>
>>  
>>>         To: "NYPHP Talk" <talk at lists.nyphp.org>
>>>         <mailto:talk at lists.nyphp.org> Sent: Thursday, April 12, 2007
>>>     
>> 3:54 PM
>>  
>>>         Subject: Re: [nycphp-talk] [OT] Next meeting
>>>
>>>
>>>
>>>
>>>             Hans Zaunere wrote:
>>>
>>>
>>>                 Would be great to have you present.
>>>
>>>
>>>             Anyone have any topic requests?
>>>
>>>             My favorite topics are web application security,
>>>     
>> sessions, and
>>  
>>>             testing. I can also speak about DTD strategies:
>>>
>>>             http://handdrawngames.com/DesktopTD/
>>>
>>>             Chris
>>>
>>>             --
>>>             Chris Shiflett
>>>             http://shiflett.org/
>>>             _______________________________________________
>>>             New York PHP Community Talk Mailing List
>>>             http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>>             NYPHPCon 2006 Presentations Online
>>>             http://www.nyphpcon.com
>>>
>>>             Show Your Participation in New York PHP
>>>             http://www.nyphp.org/show_participation.php
>>>
>>>
>>>         _______________________________________________
>>>         New York PHP Community Talk Mailing List
>>>         http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>>         NYPHPCon 2006 Presentations Online
>>>         http://www.nyphpcon.com
>>>
>>>         Show Your Participation in New York PHP
>>>         http://www.nyphp.org/show_participation.php
>>>
>>>
>>>
>>>     _______________________________________________
>>>     New York PHP Community Talk Mailing List
>>>     http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>>     NYPHPCon 2006 Presentations Online
>>>     http://www.nyphpcon.com
>>>
>>>     Show Your Participation in New York PHP
>>>     http://www.nyphp.org/show_participation.php
>>>
>>>
>>>
>>>
>>> -- 
>>> Kenneth Downs
>>> Secure Data Software, Inc.
>>> www.secdat.com    www.andromeda-project.org
>>> 631-379-7200   Fax: 631-689-0527
>>>     
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>
>>
>>   
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>


From support at dailytechnology.net  Fri Apr 13 12:09:46 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Fri, 13 Apr 2007 12:09:46 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <461FA195.1010406@forsalebyowner.com>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>	<011501c77d3d$5380de60$6a01a8c0@gamebox><03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>	<461E91B9.5060805@secdat.com>	<03b801c77d3e$bb759c80$680aa8c0@MobileZ>	<461EAC06.907@cyberxdesigns.com>
	<461FA195.1010406@forsalebyowner.com>
Message-ID: <461FAB4A.6070404@dailytechnology.net>

I have used this a bit in testing some of the web-apps that I've 
developed. The problem is that none of the other developers on my team 
are willing to use it, and our application changes often enough that it 
often breaks the tests and they have to be re-written.

I use SimpleTest more often (there is a plugin for Selenium that I've 
not managed to implement successfully), even though Selenium does a much 
better job of testing "the big picture" (Javascript included). The 
problem is that it's so easy to break the Selenium tests 
unintentionally, and it involves quite a bit of time to write another test.

It's a pretty powerful tool, and I highly recommend it, despite it's 
shortcomings.

- Brian

Morgan Craft wrote:
> I know testing was mentioned.  Has anyone played with Selenium at all?
> 
> http://www.openqa.org/selenium-ide/
> 
> Our development team is beginning to look at integrating this platform 
> into our testing.  Anyone else using this at all?
> 
> Hans C. Kaspersetz wrote:
>> Both talks would be very cool....  Chris, I would prefer the testing 
>> discussion.  Are you talking about security testing or general 
>> testing, like the use of test suites to perform regression testing, 
>> ect?  I would prefer the later.  Seems like an issue that comes up 
>> once a year and deserves that attention.
>>
>> Hans K
>>
>>
>>
>> Hans Zaunere wrote:
>>> This is a good idea, too.  So, we went from not having any speaker, to
>>> having too much material :)
>>>
>>> Folks who would be willing to present (April for sure, possibly May) 
>>> please
>>> ping me directly and we can schedule things in.
>>>
>>> H
>>>
>>>
>>> Kenneth Downs wrote on Thursday, April 12, 2007 4:08 PM:
>>>  
>>>> Have you ever considered a database primer?  A very simple
>>>> presentation could be built around a handful of ideas:
>>>> 1) Vocabulary demystification,  column=field, tuple=row=record,
>>>> relation=table, foreign key = reference, primary_key = "code" or
>>>> unique value 2)  Why you can do so much with primary and foreign keys
>>>>
>>>> 3)  Is normalization a black art, or a simple matter of technique
>>>>
>>>> 4)  What do people mean by denormalization, why do some people hate
>>>> it so much?  Why do others say it is no big deal?
>>>> 5) Finally, why programmers have trouble with databases and why
>>>> database people have trouble with code, the so-called "impedance
>>>> mismatch".
>>>> I'd be happy to prepare something.
>>>>
>>>>
>>>> Hans Zaunere wrote:
>>>>
>>>>
>>>>     Ben Sgro (ProjectSkyline) wrote on Thursday, April 12, 2007 4:01 
>>>> PM:
>>>>
>>>>
>>>>         Hey all,
>>>>
>>>>         Some application penetration testing would be fun.
>>>>
>>>>         Maybe using both tools (nessus) and scripts, brute forcing,
>>>>     
>>> cookie
>>>  
>>>>         altering, sql inject.
>>>>
>>>>         I dont know if that's something to put together in the next
>>>>     
>>> week,
>>>  
>>>>         but I would donate time to providing a portion of what's
>>>>     
>>> listed.
>>>  
>>>>
>>>>     That's not a bad idea - maybe a cooperative presentation on a
>>>>     specific set of topics?
>>>>
>>>>     H
>>>>
>>>>
>>>>
>>>>         Just some thoughts.
>>>>
>>>>         - Ben
>>>>
>>>>
>>>>         ----- Original Message -----
>>>>         From: "Chris Shiflett" <shiflett at php.net>
>>>>     
>>> <mailto:shiflett at php.net>
>>>  
>>>>         To: "NYPHP Talk" <talk at lists.nyphp.org>
>>>>         <mailto:talk at lists.nyphp.org> Sent: Thursday, April 12, 2007
>>>>     
>>> 3:54 PM
>>>  
>>>>         Subject: Re: [nycphp-talk] [OT] Next meeting
>>>>
>>>>
>>>>
>>>>
>>>>             Hans Zaunere wrote:
>>>>
>>>>
>>>>                 Would be great to have you present.
>>>>
>>>>
>>>>             Anyone have any topic requests?
>>>>
>>>>             My favorite topics are web application security,
>>>>     
>>> sessions, and
>>>  
>>>>             testing. I can also speak about DTD strategies:
>>>>
>>>>             http://handdrawngames.com/DesktopTD/
>>>>
>>>>             Chris
>>>>
>>>>             --
>>>>             Chris Shiflett
>>>>             http://shiflett.org/
>>>>             _______________________________________________
>>>>             New York PHP Community Talk Mailing List
>>>>             http://lists.nyphp.org/mailman/listinfo/talk
>>>>
>>>>             NYPHPCon 2006 Presentations Online
>>>>             http://www.nyphpcon.com
>>>>
>>>>             Show Your Participation in New York PHP
>>>>             http://www.nyphp.org/show_participation.php
>>>>
>>>>
>>>>         _______________________________________________
>>>>         New York PHP Community Talk Mailing List
>>>>         http://lists.nyphp.org/mailman/listinfo/talk
>>>>
>>>>         NYPHPCon 2006 Presentations Online
>>>>         http://www.nyphpcon.com
>>>>
>>>>         Show Your Participation in New York PHP
>>>>         http://www.nyphp.org/show_participation.php
>>>>
>>>>
>>>>
>>>>     _______________________________________________
>>>>     New York PHP Community Talk Mailing List
>>>>     http://lists.nyphp.org/mailman/listinfo/talk
>>>>
>>>>     NYPHPCon 2006 Presentations Online
>>>>     http://www.nyphpcon.com
>>>>
>>>>     Show Your Participation in New York PHP
>>>>     http://www.nyphp.org/show_participation.php
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> Kenneth Downs
>>>> Secure Data Software, Inc.
>>>> www.secdat.com    www.andromeda-project.org
>>>> 631-379-7200   Fax: 631-689-0527
>>>>     
>>>
>>> _______________________________________________
>>> New York PHP Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>>
>>>
>>>   
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
> 


From acrossley at dealerspan.com  Fri Apr 13 13:00:35 2007
From: acrossley at dealerspan.com (Alton Crossley)
Date: Fri, 13 Apr 2007 11:00:35 -0600
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <461FAB4A.6070404@dailytechnology.net>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>
	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>
	<011501c77d3d$5380de60$6a01a8c0@gamebox><03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>
	<461E91B9.5060805@secdat.com>
	<03b801c77d3e$bb759c80$680aa8c0@MobileZ>
	<461EAC06.907@cyberxdesigns.com>
	<461FA195.1010406@forsalebyowner.com>
	<461FAB4A.6070404@dailytechnology.net>
Message-ID: <735270797.20070413110035@dealerspan.com>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070413/00107005/attachment.html>

From ken at secdat.com  Fri Apr 13 17:13:23 2007
From: ken at secdat.com (Kenneth Downs)
Date: Fri, 13 Apr 2007 17:13:23 -0400
Subject: [nycphp-talk] Anybody using JSON parser?
Message-ID: <461FF273.3000409@secdat.com>

Andromeda uses its own syntax for data files, which I would love to get 
rid of.

JSON strikes me as a worthy candidate.  Is anybody using it on the 
server-side with enough confidence to answer this question:  Can I type 
a file of JSON stuff by hand and convert it easily into a nested 
associative array?

The example from andromeda would be:

table table_name {
   module: demo;
   description: My Table Name;

  column example { primary_key: Y; }
}

which we convert into an associative array:

$tables['table_name'] = array(
   'module'=>'demo'
   ,'description'=>'My Table Name'
   ,'column'=>array(
      'example'=>array('primary_key'=>'Y')
  )
);

The only real need I have is a syntax that can easily specify 
property-value pairs and nested elements which have their own 
property-value pairs and their own nested elements and so on.

-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070413/8f1affb7/attachment.html>

From ashaw at polymerdb.org  Fri Apr 13 17:28:01 2007
From: ashaw at polymerdb.org (Allen Shaw)
Date: Fri, 13 Apr 2007 16:28:01 -0500
Subject: [nycphp-talk] Anybody using JSON parser?
In-Reply-To: <461FF273.3000409@secdat.com>
References: <461FF273.3000409@secdat.com>
Message-ID: <461FF5E1.5010806@polymerdb.org>

Kenneth Downs wrote:
> Andromeda uses its own syntax for data files, which I would love to get 
> rid of.
> 
> JSON strikes me as a worthy candidate.  Is anybody using it on the 
> server-side with enough confidence to answer this question:  Can I type 
> a file of JSON stuff by hand and convert it easily into a nested 
> associative array?

I use JSON in slidePresenter for transferring nested arrays between PHP 
and JavaScript.  It works so well I pretty much just forget about it.

The parser I'm using is this file: 
http://mike.teczno.com/JSON/JSON.phps, which is a part of the PEAR 
proposal for JSON 
(<http://pear.php.net/pepr/pepr-proposal-show.php?id=198>).

For converting PHP associative arrays into JSON format this has been 
very good, and I've not seen any limit to the levels to which the arrays 
can be nested.

See around line 94 in the source file for a quick howto.

- Allen

-- 
Allen Shaw
Polymer (http://polymerdb.org)
slidePresenter (http://slides.sourceforge.net)


From lists at enobrev.com  Fri Apr 13 18:01:05 2007
From: lists at enobrev.com (Mark Armendariz)
Date: Fri, 13 Apr 2007 18:01:05 -0400
Subject: [nycphp-talk] Anybody using JSON parser?
In-Reply-To: <461FF5E1.5010806@polymerdb.org>
References: <461FF273.3000409@secdat.com> <461FF5E1.5010806@polymerdb.org>
Message-ID: <000601c77e17$3c672a10$6400a8c0@enobrev>

> Kenneth Downs wrote:
> > JSON strikes me as a worthy candidate.  Is anybody using it on the 
> > server-side with enough confidence to answer this question:  Can I 
> > type a file of JSON stuff by hand and convert it easily 
> into a nested 
> > associative array?

I don't see why not.  JSON is just a standard javascript object, so
hand-typing is pretty simple and decoding into an array with the json
extension is as simple as
$aPhpData = json_decode($sJsonData);

> 
> The parser I'm using is this file: 
> http://mike.teczno.com/JSON/JSON.phps, which is a part of the 
> PEAR proposal for JSON 
> (<http://pear.php.net/pepr/pepr-proposal-show.php?id=198>).
>
> - Allen

I highly recommend using the json extension if you can (comes standard with
php5.2).  The speed difference over using a script is astounding.  I use it
on all my projects (ajaxified cms) without issue.

If you're pre-php5.2...

Linux: http://pecl.php.net/package/json
Win32: http://pecl4win.php.net/ext.php/php_json.dll

Mark



From ashaw at polymerdb.org  Fri Apr 13 18:10:48 2007
From: ashaw at polymerdb.org (Allen Shaw)
Date: Fri, 13 Apr 2007 17:10:48 -0500
Subject: [nycphp-talk] Anybody using JSON parser?
In-Reply-To: <000601c77e17$3c672a10$6400a8c0@enobrev>
References: <461FF273.3000409@secdat.com> <461FF5E1.5010806@polymerdb.org>
	<000601c77e17$3c672a10$6400a8c0@enobrev>
Message-ID: <461FFFE8.2030202@polymerdb.org>

Mark Armendariz wrote:
> I highly recommend using the json extension if you can (comes standard with
> php5.2).  The speed difference over using a script is astounding.

Thanks for the tip.  Will have to check it out when we start porting up 
to php5.

- A.

-- 
Allen Shaw
Polymer (http://polymerdb.org)
slidePresenter (http://slides.sourceforge.net)


From lists at enobrev.com  Fri Apr 13 18:19:06 2007
From: lists at enobrev.com (Mark Armendariz)
Date: Fri, 13 Apr 2007 18:19:06 -0400
Subject: [nycphp-talk] Anybody using JSON parser?
In-Reply-To: <461FFFE8.2030202@polymerdb.org>
References: <461FF273.3000409@secdat.com>
	<461FF5E1.5010806@polymerdb.org><000601c77e17$3c672a10$6400a8c0@enobrev>
	<461FFFE8.2030202@polymerdb.org>
Message-ID: <000701c77e19$c0952330$6400a8c0@enobrev>

 > > I highly recommend using the json extension if you can 
> (comes standard 
> > with php5.2).  The speed difference over using a script is 
> astounding.
> 
> Thanks for the tip.  Will have to check it out when we start 
> porting up to php5.
> 
> - A.

It's available for php4 as well, which is where I started using it.  Only
upgraded my code base to 5 recently (February) and have been using the
extension for nearly a year.

Mark



From nyphp at ericdavid.cc  Fri Apr 13 18:27:28 2007
From: nyphp at ericdavid.cc (Eric David)
Date: Fri, 13 Apr 2007 18:27:28 -0400
Subject: [nycphp-talk] Anybody using JSON parser?
Message-ID: <009f01c77e1a$fc919fc0$0401a8c0@e6300>

For those who read PHP Architect magazine, you can expect to see quite a mention of the PHP JSON functionality in my upcoming article scheduled for the May, 2007 issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070413/f39829a0/attachment.html>

From jonbaer at jonbaer.com  Fri Apr 13 20:53:22 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Fri, 13 Apr 2007 20:53:22 -0400
Subject: [nycphp-talk] Anybody using JSON parser?
In-Reply-To: <461FF273.3000409@secdat.com>
References: <461FF273.3000409@secdat.com>
Message-ID: <837448B6-FCB5-4B79-BA49-DA8B5F5B7083@jonbaer.com>

It's all about the YAML :-) ...

http://spyc.sourceforge.net

On Apr 13, 2007, at 5:13 PM, Kenneth Downs wrote:

> Andromeda uses its own syntax for data files, which I would love to  
> get rid of.
>
> JSON strikes me as a worthy candidate.  Is anybody using it on the  
> server-side with enough confidence to answer this question:  Can I  
> type a file of JSON stuff by hand and convert it easily into a  
> nested associative array?
>
> The example from andromeda would be:
>
> table table_name {
>    module: demo;
>    description: My Table Name;
>
>   column example { primary_key: Y; }
> }
>
> which we convert into an associative array:
>
> $tables['table_name'] = array(
>    'module'=>'demo'
>    ,'description'=>'My Table Name'
>    ,'column'=>array(
>       'example'=>array('primary_key'=>'Y')
>   )
> );
>
> The only real need I have is a syntax that can easily specify  
> property-value pairs and nested elements which have their own  
> property-value pairs and their own nested elements and so on.
>
> -- 
> Kenneth Downs
> Secure Data Software, Inc.
> www.secdat.com    www.andromeda-project.org
> 631-379-7200   Fax: 631-689-0527
>
>
> -- Kenneth Downs Secure Data Software, Inc. www.secdat.com  
> www.andromeda-project.org 631-379-7200 Fax: 631-689-0527
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From lists at enobrev.com  Fri Apr 13 21:10:23 2007
From: lists at enobrev.com (Mark Armendariz)
Date: Fri, 13 Apr 2007 21:10:23 -0400
Subject: [nycphp-talk] Anybody using JSON parser?
In-Reply-To: <837448B6-FCB5-4B79-BA49-DA8B5F5B7083@jonbaer.com>
References: <461FF273.3000409@secdat.com>
	<837448B6-FCB5-4B79-BA49-DA8B5F5B7083@jonbaer.com>
Message-ID: <000e01c77e31$aee59fd0$6400a8c0@enobrev>

> ... On Behalf Of Jon Baer
> It's all about the YAML :-) ...
> 
> http://spyc.sourceforge.net

I'd heard/read the term a few times, but after this post I finally took a
look.  Very interesting.  Thanks John!

(more about yaml: http://www.yaml.org/)

Mark



From codebowl at gmail.com  Fri Apr 13 23:12:23 2007
From: codebowl at gmail.com (Joseph Crawford)
Date: Fri, 13 Apr 2007 23:12:23 -0400
Subject: [nycphp-talk] OT - mod_rewrite Assistance
In-Reply-To: <31C65A18-AF76-4D4F-87B3-D786C724998B@beaffinitive.com>
References: <8d9a42800704111051y599368dbj911d6c29eb9e3918@mail.gmail.com>
	<31C65A18-AF76-4D4F-87B3-D786C724998B@beaffinitive.com>
Message-ID: <8d9a42800704132012l7b5b9decsdb98875c257e24eb@mail.gmail.com>

Rob i ended up getting it working :D

I am not sure about the REDIRECT_STATUS but here is what i do know
about the code

RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{HTTP_HOST} ^dev\.((.+)\.)ere\.net$ [NC,OR]
RewriteCond %{HTTP_HOST} ^((.+)\.)?ere\.net$ [NC]
RewriteCond $1 !^(index\.php|images|robots\.txt|ZendPlatform|assets|zxcv)(/.*)?$
[NC]
RewriteRule ^(.*)$ /index.php/%2%{REQUEST_URI} [QSA,L]

The second line says that the HTTP HOST must match the pattern
following it, it must start with dev.*.ere.net.

The third condition says that it must start with *.ere.net

The fourth line says ONLY run this rule if the following are not found
in the url.

The last line re-writes the urls so that they all go through /index.php/*/

meaning if i called the following url

http://dev.auth.ere.net/this/is/a/test/
it would be re-written to
http://dev.auth.ere.net/index.php/auth/this/is/a/test/

that would match the second condition.

The issue i was running into is when i was trying to match the following

http://dev.ere.net/this/is/a/test/

it wouldnt see anything since dev. was required and matched so it
would do something like this

http://dev.ere.net//this/is/a/test/

However it is all solved now and will work on our dev domains and
production domains.  Since we are using dynamic sub-domains we needed
a way to route them all to the same index.php file.

Thanks for the response.

On 4/12/07, Rob Marscher <rmarscher at beaffinitive.com> wrote:
> > On Apr 11, 2007, at 1:51 PM, Joseph Crawford wrote:
> > The rule is running properly but never stopping until the browser
> > stops it. if you go to http://dev.sub.domain.com/ it will redirect you
> > to http://dev.sub.domain.com/sub/ but it goes continuosly adding more
> > and more /sub/ to the url.I've hit that problem before... If I
> > remember right, I think it's because when it goes into http://
> > dev.sub.domain.com/sub/ it process the same set of rewrite rules
> > and they still match so it goes and rewrites it again to http://
> > dev.sub.domain.com/sub/sub/
>
> Off the top of my head, I think one simple way to solve it is to put
> a .htaccess file in each of your "subdirectory" folders that simply
> has RewriteEngine On which clears out the rules for that folder so it
> won't try to process the rules of the parent folder.
>
> Either that or you figure out how to put a conditional so that it
> doesn't match the second time around.
>
> > Also i do not wish to show the url in the address bar. All i want to
> > show there is http://dev.sub.domain.com/ but in the background that
> > should rewrite to http://dev.sub.domain.com/sub/
> > So if i type in http://dev.sub.domain.com/folder/ in the background it
> > will actually be calling http://dev.sub.domain.com/sub/folder/
>
> The http://%{HTTP_HOST}/ part of your last rule is causing that.
>
> I'm actually having a bit of trouble deciphering how your rule works
> exactly.  There might be a simpler way to do it.  I guess I could
> RTFM... but if you've got a second to explain in english, what does %
> {ENV:REDIRECT_STATUS} and %3%{REQUEST_URI} do?
>
> -Rob
>
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


-- 
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com


From lists at zaunere.com  Sat Apr 14 00:08:50 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Sat, 14 Apr 2007 00:08:50 -0400
Subject: [nycphp-talk] Anybody using JSON parser?
In-Reply-To: <461FF273.3000409@secdat.com>
References: <461FF273.3000409@secdat.com>
Message-ID: <05d501c77e4a$9b736860$680aa8c0@MobileZ>



Kenneth Downs wrote on Friday, April 13, 2007 5:13 PM:
> Andromeda uses its own syntax for data files, which I would love to
> get rid of. 
> 
> JSON strikes me as a worthy candidate.  Is anybody using it on the
> server-side with enough confidence to answer this question:  Can I
> type a file of JSON stuff by hand and convert it easily into a nested
> associative array?

I can't answer that question specifically, but I can say that we've been
using the JSON functionality in 5.2 quite heavily for some social networking
applications and it's been solid.

Whether someone wants to write config files in it is another matter :)
Personally, I'd recommend XML for that.

---
Hans Zaunere / President / New York PHP
    www.nyphp.org  /  www.nyphp.com





From lists at zaunere.com  Sat Apr 14 00:30:37 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Sat, 14 Apr 2007 00:30:37 -0400
Subject: [nycphp-talk] [OT] Next meeting
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>	<011501c77d3d$5380de60$6a01a8c0@gamebox><03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>
	<461E91B9.5060805@secdat.com> 
Message-ID: <05d601c77e4d$a65f1820$680aa8c0@MobileZ>


All, whoever can do a presentation in April, please send me a blurb so that
we can get the calendar updated.  If someone wants to present after April,
please contact me offlist and we'll schedule something.

Thanks,

H


Hans Zaunere wrote on Thursday, April 12, 2007 4:11 PM:
> This is a good idea, too.  So, we went from not having any speaker,
> to having too much material :) 
> 
> Folks who would be willing to present (April for sure, possibly May)
> please ping me directly and we can schedule things in. 
> 
> H
> 
> 
> Kenneth Downs wrote on Thursday, April 12, 2007 4:08 PM:
> > Have you ever considered a database primer?  A very simple
> > presentation could be built around a handful of ideas:
> > 
> > 1) Vocabulary demystification,  column=field, tuple=row=record,
> > relation=table, foreign key = reference, primary_key = "code" or
> > unique value 
> > 
> > 2)  Why you can do so much with primary and foreign keys
> > 
> > 3)  Is normalization a black art, or a simple matter of technique
> > 
> > 4)  What do people mean by denormalization, why do some people hate
> > it so much?  Why do others say it is no big deal?
> > 
> > 5) Finally, why programmers have trouble with databases and why
> > database people have trouble with code, the so-called "impedance
> > mismatch". 
> > 
> > 
> > I'd be happy to prepare something.
> > 
> > 
> > Hans Zaunere wrote:
> > 
> > 
> > 	Ben Sgro (ProjectSkyline) wrote on Thursday, April 12, 2007 4:01
> > PM: 
> > 
> > 
> > 		Hey all,
> > 
> > 		Some application penetration testing would be fun.
> > 
> > 		Maybe using both tools (nessus) and scripts, brute forcing,
> > cookie 		altering, sql inject. 
> > 
> > 		I dont know if that's something to put together in the next
week,
> > 		but I would donate time to providing a portion of what's
listed.
> > 
> > 
> > 
> > 	That's not a bad idea - maybe a cooperative presentation on a
> > specific set of topics? 
> > 
> > 	H
> > 
> > 
> > 
> > 		Just some thoughts.
> > 
> > 		- Ben
> > 
> > 
> > 		----- Original Message -----
> > 		From: "Chris Shiflett" <shiflett at php.net>
> > 		<mailto:shiflett at php.net> To: "NYPHP Talk"
<talk at lists.nyphp.org>
> > 		<mailto:talk at lists.nyphp.org> Sent: Thursday, April 12, 2007
3:54
> > 		PM Subject: Re: [nycphp-talk] [OT] Next meeting
> > 
> > 
> > 
> > 
> > 			Hans Zaunere wrote:
> > 
> > 
> > 				Would be great to have you present.
> > 
> > 
> > 			Anyone have any topic requests?
> > 
> > 			My favorite topics are web application security,
sessions, and
> > 			testing. I can also speak about DTD strategies:
> > 
> > 			http://handdrawngames.com/DesktopTD/
> > 
> > 			Chris
> > 
> > 			--
> > 			Chris Shiflett
> > 			http://shiflett.org/
> > 			_______________________________________________
> > 			New York PHP Community Talk Mailing List
> > 			http://lists.nyphp.org/mailman/listinfo/talk
> > 
> > 			NYPHPCon 2006 Presentations Online
> > 			http://www.nyphpcon.com
> > 
> > 			Show Your Participation in New York PHP
> > 			http://www.nyphp.org/show_participation.php
> > 
> > 
> > 		_______________________________________________
> > 		New York PHP Community Talk Mailing List
> > 		http://lists.nyphp.org/mailman/listinfo/talk
> > 
> > 		NYPHPCon 2006 Presentations Online
> > 		http://www.nyphpcon.com
> > 
> > 		Show Your Participation in New York PHP
> > 		http://www.nyphp.org/show_participation.php
> > 
> > 
> > 
> > 	_______________________________________________
> > 	New York PHP Community Talk Mailing List
> > 	http://lists.nyphp.org/mailman/listinfo/talk
> > 
> > 	NYPHPCon 2006 Presentations Online
> > 	http://www.nyphpcon.com
> > 
> > 	Show Your Participation in New York PHP
> > 	http://www.nyphp.org/show_participation.php
> > 
> > 
> > 
> > 
> > --
> > Kenneth Downs
> > Secure Data Software, Inc.
> > www.secdat.com    www.andromeda-project.org
> > 631-379-7200   Fax: 631-689-0527



From ben at projectskyline.com  Sat Apr 14 10:18:49 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Sat, 14 Apr 2007 10:18:49 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
Message-ID: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox>

Hello Again,

I'd like to know if anyone can recommend a book or whitepapers on SQL for full text searching and storing.
I'm working on an application that will essentially store a fixed number of web pages cached ahead of time
and allowing searching of those records.

I've worked with large (million) record tables before, but not ones that store large amounts of text.

I'm curious what field types, indexes are best for this type of application.

I'm also curious about benchmarks. Google can return a huge number of records in a fraction of a second.
Is this a forked process, each doing small amounts of work, or one large beefy server doing the transaction?

My DB experiance is mostly mySQL and I would prefer to build using this.

Thanks

- Ben


Ben Sgro, Chief Engineer
ProjectSkyLine - Defining New Horizons
+1 718.487.9368 (N.Y. Office)

Our company: www.projectskyline.com
Our products: www.project-contact.com

This e-mail is confidential information intended only for the use of the individual to whom it is addressed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070414/af3ca2ef/attachment.html>

From tedd at sperling.com  Sat Apr 14 10:49:01 2007
From: tedd at sperling.com (tedd)
Date: Sat, 14 Apr 2007 10:49:01 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
In-Reply-To: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox>
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox>
Message-ID: <p06240805c2469a33f2e6@[192.168.1.101]>

At 10:18 AM -0400 4/14/07, Ben Sgro \(ProjectSkyline\) wrote:
>Hello Again,
>
>I'd like to know if anyone can recommend a book or whitepapers on 
>SQL for full text searching and storing.


Try:

http://www.phpfreaks.com/tutorials/129/0.php

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From tom at supertom.com  Sat Apr 14 12:31:04 2007
From: tom at supertom.com (Tom Melendez)
Date: Sat, 14 Apr 2007 12:31:04 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
In-Reply-To: <p06240805c2469a33f2e6@192.168.1.101>
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox>
	<p06240805c2469a33f2e6@192.168.1.101>
Message-ID: <117286890704140931r3c2e7f99ve578555b3c27fdaa@mail.gmail.com>

> >
> >I'd like to know if anyone can recommend a book or whitepapers on
> >SQL for full text searching and storing.
>

Have you considered search engine software, such as mnogosearch?
You'll get all of the fancy heuristics (plurals, stopwords, page
element weight), URL indexing, query tracking, status code resolving
(what if the page is no longer available?), etc..

I realize that this isn't what you asked for and you probably aren't
building a search engine "proper", but you might want to check out a
search engine product anyway as it may resolve some of your
application issues for you.

Plus, mnogosearch has a PHP extension so you can talk to it directly,
get your results and display/use them as you like.

Good Luck,

Tom
http://www.liphp.org


From lists at enobrev.com  Sat Apr 14 17:36:27 2007
From: lists at enobrev.com (Mark Armendariz)
Date: Sat, 14 Apr 2007 17:36:27 -0400
Subject: [nycphp-talk] PCRE, utf8, Exceptions and you
Message-ID: <002d01c77edc$f5e6ff90$6400a8c0@enobrev>

Afternoon all,

What I'm trying to do...
------------------------
The validation classes in my library use PCRE's utf8 modifier.
http://us2.php.net/manual/en/reference.pcre.pattern.modifiers.php (look for
PCRE_UTF8)

This allows me to do something like this:
echo preg_replace('/[^\p{L}\p{Nd}\p{Zs}]/u', '', 'abc123@#$'); // outputs
abc123

Which for ASCII is the equivalent of:
echo preg_replace('/[^\d\w\s]/', '', 'abc123@#$'); // outputs abc123 - or
echo preg_replace('/[^a-zA-Z0-9 ]/', '', 'abc123@#$'); // outputs abc123

Or rather, replaces anything that's not a letter, number or space, but with
the added benefit of supporting Unicode characters.
 

The Problem
-----------
Unfortunately, some (definitely not all) of my clients' on managed hosting
servers don't have PCRE's Unicode support configured.  I'm dealing with
their support staff to resolve the issue when possible, but would like to
look for these issues in my library as well to degrade and handle them
gracefully.

It seems php does not allow you to catch the PCRE warning given by the
server if PCRE isn't compiled to support Unicode.  I've seen this in the
past with named captures ('/(?P<numbers>[\d]+)/'), and resorted to just
taking out the named parts instead of working around the error.


Proposed Solution
-----------------
In this case, I would like to be able to fall back to ASCII checks if the
support isn't built in, like this:
try {
	echo preg_replace('/[^\p{L}\p{Nd}\p{Zs}]/u', '', $sVar);
}
catch (Exception $e) {
      echo preg_replace('/[^\d\w\s]/', '', $sVar);
}

And then probably output to a log warning me (and not my beloved visitors)
that the server needs to be reconfigured)


The Error
---------
Unfortunately this doesn't throw the exception.  It just outputs:

"Warning: preg_replace() [function.preg-replace]: Compilation failed: PCRE
does not support \L, \l, \N, \P, \p, \U, \u, or \X at offset 3 in
/home/whatever/pcretest.php on line 3"

I suppose I could capture the error with an error handler and try to figure
out if it was the error I'm looking for, but that seems so messy and
potentially unreliable.  Aren't we supposed to be able to use exceptions for
this sort of thing in php5+?


The Question
------------
Does anyone have experience with catching PCRE errors or just preg function
errors in general and dealing with them accordingly?


Thank You
---------
Mark Armendariz



From paul at devonianfarm.com  Sun Apr 15 00:24:18 2007
From: paul at devonianfarm.com (Paul Houle)
Date: Sun, 15 Apr 2007 00:24:18 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
In-Reply-To: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox>
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox>
Message-ID: <4621A8F2.8060402@devonianfarm.com>

Ben Sgro (ProjectSkyline) wrote:
>  
> I'm curious what field types, indexes are best for this type of 
> application.
>  
> I'm also curious about benchmarks. Google can return a huge number of 
> records in a fraction of a second.
> Is this a forked process, each doing small amounts of work, or one 
> large beefy server doing the transaction?
>  
> My DB experiance is mostly mySQL and I would prefer to build using this.
>  
    Most popular relational databases have a full text search 
extension.  This includes MySQL,  Oracle,  MS SQL and Postgres -- 
unfortunately,  these implementations do not correspond to any 
standard,  so the details are different for different databases.  MySQL 
has a full-text index that works quite well,  with that caveat that it 
only works for MyISAM at the moment:

    http://dev.mysql.com/doc/refman/5.0/en/fulltext-search.html

this means you can have full-text indexes or transactions,  not both.  
Assuming you have a MyISAM table,  implementing fulltext search is as 
simple as creating a FULLTEXT index and running queries with the MATCH 
operator.  You could be benchmarking MySQL with your own data in less 
than half an hour (unless it takes more than that to rebuild your 
index!)  The fulltext index will be updated automatically when you 
modify the table,  so it's a real "set-it-and-forget-it" proposition.

    Postgresql implements FT search with the "tsearch2" extension which 
involves a shared library and stored procedures.  It feels a lot like 
somebodies science project -- you'll need to write your own code to 
maintain the index,  and dump/restores of your database may be an 
adventure,  but tsearch2 is flexible and lets you do really neat things.

    Years ago I spent a weekend writing some perl scripts that create an 
inverted index in mysql tables.  It's an inefficient way to do full text 
searching,  but it lets you do things that other search engines don't 
do,  such as similarity searches.  I loaded about 200,000 short 
documents into it on a cheap PC and found I could get interactive 
responses (<10 seconds) doing some pretty fancy things.  I've used this 
to support a few little research projcts.

    There are plenty of other specialized full-text engines,  such as 
Lucene and Xerces,  that do a great job,  but would require you to do 
work to maintain the index.

    So far as Google,  here's what I can tell you:

* Google almost certainly is based on a distributed main-memory 
database.   Google keeps it's index in the RAM of a large number of 
computers...  It's too big to fit in the RAM of one machine,  so queries 
get split between several machines.

* Google's most critical 'secret' isn't pagerank,  but the use of 
implicit phrase searching.  Older methods of text retrieval don't 
consider the ordering of words when scoring -- if you want to get 
results like Google,  you really do need to score words higher when they 
are in proximity to each other,  and you need an algorithm that blends 
this well with other sources of information.

* Google's other 'secret' is that it's a got a huge amount of text to 
worth with.  The real intelligence is in the data it searches,  ~not~ in 
it's algorithms -- Google's algorithms just bring that intelligence 
out.  You have different problems when you do text retrieval at 
different scales:  if you've got 100 documents and expect 2 to be 
relevant for a query,  it's probably not acceptable to have a recall of 
50%...  For small numbers of documents,  you have to work hard to 
eliminate false negatives.  If you've got 10 billion documents,  and 1 
million are relevant to a particular topic,  you don't really care if 
you lose 90% of them -- but you do care that a few really excellent 
documents float to the top.

Academic researchers who tried applying algorithms like PageRank to 
small data sets (1 million documents) couldn't produce evidence that 
PageRank works -- because it doesn't for small data sets.


From ben at projectskyline.com  Mon Apr 16 09:21:42 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Mon, 16 Apr 2007 09:21:42 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox><p06240805c2469a33f2e6@192.168.1.101>
	<117286890704140931r3c2e7f99ve578555b3c27fdaa@mail.gmail.com>
Message-ID: <002d01c7802a$2cbfaf50$6a01a8c0@gamebox>


Hello Again, 

Tom: I looked into the software mentioned, but my project
is an application I'm developing on my spare time, so my budget
is small. It does look very good, but a bit too much money at this point.

Ted: The paper you supplied is great, I read it over and understood it
well enough. A good start.

Paul: The information you provided was helpful as well. I printed out
the mySQL full text search page and read it over. mySQL seems to have
everything I need for searching.

Since I'm doing a search of "title" and "body", I believe mySQL can
take me pretty far.  

One question I still have is about building/rebuilding the indexes.
Is this done when new fields are added to the database?
Or a routine that needs to be done more often?

Thanks for you help everyone.

- Ben



----- Original Message ----- 
From: "Tom Melendez" <tom at supertom.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Saturday, April 14, 2007 12:31 PM
Subject: Re: [nycphp-talk] SQL Full text searcing and storing


>> >
>> >I'd like to know if anyone can recommend a book or whitepapers on
>> >SQL for full text searching and storing.
>>
> 
> Have you considered search engine software, such as mnogosearch?
> You'll get all of the fancy heuristics (plurals, stopwords, page
> element weight), URL indexing, query tracking, status code resolving
> (what if the page is no longer available?), etc..
> 
> I realize that this isn't what you asked for and you probably aren't
> building a search engine "proper", but you might want to check out a
> search engine product anyway as it may resolve some of your
> application issues for you.
> 
> Plus, mnogosearch has a PHP extension so you can talk to it directly,
> get your results and display/use them as you like.
> 
> Good Luck,
> 
> Tom
> http://www.liphp.org
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php


From tom at supertom.com  Mon Apr 16 10:07:07 2007
From: tom at supertom.com (Tom Melendez)
Date: Mon, 16 Apr 2007 10:07:07 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
In-Reply-To: <002d01c7802a$2cbfaf50$6a01a8c0@gamebox>
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox>
	<p06240805c2469a33f2e6@192.168.1.101>
	<117286890704140931r3c2e7f99ve578555b3c27fdaa@mail.gmail.com>
	<002d01c7802a$2cbfaf50$6a01a8c0@gamebox>
Message-ID: <117286890704160707h694ea4e2mac7ae22961e4e250@mail.gmail.com>

> Tom: I looked into the software mentioned, but my project
> is an application I'm developing on my spare time, so my budget
> is small. It does look very good, but a bit too much money at this point.
Ben, mnogosearch (and there are others) is free software with a GPL
license.  You can pay for premium support (which is very good, BTW),
but it is not required.

If you are distributing your application and don't want to release
your code (or are developing on Windows) I guess you would then need a
license.

Tom
http://www.liphp.org


From paul at devonianfarm.com  Mon Apr 16 10:17:56 2007
From: paul at devonianfarm.com (Paul Houle)
Date: Mon, 16 Apr 2007 10:17:56 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
In-Reply-To: <002d01c7802a$2cbfaf50$6a01a8c0@gamebox>
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox><p06240805c2469a33f2e6@192.168.1.101>	<117286890704140931r3c2e7f99ve578555b3c27fdaa@mail.gmail.com>
	<002d01c7802a$2cbfaf50$6a01a8c0@gamebox>
Message-ID: <46238594.208@devonianfarm.com>

Ben Sgro (ProjectSkyline) wrote:
> Since I'm doing a search of "title" and "body", I believe mySQL can
> take me pretty far. 
> One question I still have is about building/rebuilding the indexes.
> Is this done when new fields are added to the database?
> Or a routine that needs to be done more often?
    That's the beauty of it -- a mySQL fulltext index is maintained 
automatically.  Once it is created,  it is automatically updated when 
you insert,  update and delete rows,  just like any other index.



From tedd at sperling.com  Mon Apr 16 10:16:41 2007
From: tedd at sperling.com (tedd)
Date: Mon, 16 Apr 2007 10:16:41 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
In-Reply-To: <002d01c7802a$2cbfaf50$6a01a8c0@gamebox>
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox><p06240805c2469a33f2e6@192.168.1.1
	01>	<117286890704140931r3c2e7f99ve578555b3c27fdaa@mail.gmail.com>
	<002d01c7802a$2cbfaf50$6a01a8c0@gamebox>
Message-ID: <p06240805c24932cfbc1d@[192.168.1.104]>

At 9:21 AM -0400 4/16/07, Ben Sgro \(ProjectSkyline\) wrote:
>
>One question I still have is about building/rebuilding the indexes.
>Is this done when new fields are added to the database?
>Or a routine that needs to be done more often?

My understanding (I could be wrong) is that every time you add more 
data, you have to rebuild the index to be able to use FULL TEXT. 
However, that doesn't need to be done until the next search.

So, what I'm thinking is to set a dirty flag that will be true if 
data has been added and false if the index is up to date and then 
have the indexing triggered by a search request. However, I'm still 
working on it, so there may be better ways to do this.

Anyone care to comment?

Cheers,

tedd

-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From ben at projectskyline.com  Mon Apr 16 11:59:10 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Mon, 16 Apr 2007 11:59:10 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox><p06240805c2469a33f2e6@192.168.1.1
	01>	<117286890704140931r3c2e7f99ve578555b3c27fdaa@mail.gmail.com>
	<002d01c7802a$2cbfaf50$6a01a8c0@gamebox>
	<p06240805c24932cfbc1d@[192.168.1.104]>
Message-ID: <017701c78040$2bcb8950$6a01a8c0@gamebox>

Hello Again,


"    That's the beauty of it -- a mySQL fulltext index is maintained
automatically.  Once it is created,  it is automatically updated when
you insert,  update and delete rows,  just like any other index."

- or -

> My understanding (I could be wrong) is that every time you add more data, 
> you have to rebuild the index to be able to use FULL TEXT. However, that 
> doesn't need to be done until the next search.

Which is it? If its the first one, that's great, but what if I'm doing a ton 
of inserts
throughout the day...Will the database be locked while its rebuilding the 
index?
How long will this take? I should have around 1 million records, but since 
the data
goes stale after about 5 days, I can prune the database. So, I should never 
have
much over or under 1million records.

My data is being populated by a cron job and could insert 100's of new rows 
every day, throughout the entire day..
is this going to be a problem?


> So, what I'm thinking is to set a dirty flag that will be true if data has 
> been added and false if the index is up to date and then have the indexing 
> triggered by a search request. However, I'm still working on it, so there 
> may be better ways to do this.

That sounds good, but I dont want a single user to wait 20m while
the index file is rebuilt....

- Ben

----- Original Message ----- 
From: "tedd" <tedd at sperling.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Cc: "Ben Sgro (ProjectSkyline)" <ben at projectskyline.com>
Sent: Monday, April 16, 2007 10:16 AM
Subject: Re: [nycphp-talk] SQL Full text searcing and storing


> At 9:21 AM -0400 4/16/07, Ben Sgro \(ProjectSkyline\) wrote:
>>
>>One question I still have is about building/rebuilding the indexes.
>>Is this done when new fields are added to the database?
>>Or a routine that needs to be done more often?
>
> My understanding (I could be wrong) is that every time you add more data, 
> you have to rebuild the index to be able to use FULL TEXT. However, that 
> doesn't need to be done until the next search.
>
> So, what I'm thinking is to set a dirty flag that will be true if data has 
> been added and false if the index is up to date and then have the indexing 
> triggered by a search request. However, I'm still working on it, so there 
> may be better ways to do this.
>
> Anyone care to comment?
>
> Cheers,
>
> tedd
>
> -- 
> -------
> http://sperling.com  http://ancientstones.com  http://earthstones.com 



From tedd at sperling.com  Mon Apr 16 12:17:27 2007
From: tedd at sperling.com (tedd)
Date: Mon, 16 Apr 2007 12:17:27 -0400
Subject: [nycphp-talk] SQL Full text searcing and storing
In-Reply-To: <017701c78040$2bcb8950$6a01a8c0@gamebox>
References: <001a01c77e9f$d2979dc0$6a01a8c0@gamebox><p06240805c2469a33f2e6@192.168.1.1
	01>	<117286890704140931r3c2e7f99ve578555b3c27fdaa@mail.gmail.com>
	<002d01c7802a$2cbfaf50$6a01a8c0@gamebox>
	<p06240805c24932cfbc1d@[192.168.1.104]>
	<017701c78040$2bcb8950$6a01a8c0@gamebox>
Message-ID: <p0624080dc2495172ea53@[192.168.1.104]>

At 11:59 AM -0400 4/16/07, Ben Sgro \(ProjectSkyline\) wrote:
>Hello Again,
>
>
>"    That's the beauty of it -- a mySQL fulltext index is maintained
>automatically.  Once it is created,  it is automatically updated when
>you insert,  update and delete rows,  just like any other index."
>
>- or -
>
>>My understanding (I could be wrong) is that every time you add more 
>>data, you have to rebuild the index to be able to use FULL TEXT. 
>>However, that doesn't need to be done until the next search.
>
>Which is it?

Like I said, I could be wrong -- I would go with the other advice OR 
ask the MySQL list.

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From chsnyder at gmail.com  Mon Apr 16 12:49:21 2007
From: chsnyder at gmail.com (csnyder)
Date: Mon, 16 Apr 2007 12:49:21 -0400
Subject: [nycphp-talk] PCRE, utf8, Exceptions and you
In-Reply-To: <002d01c77edc$f5e6ff90$6400a8c0@enobrev>
References: <002d01c77edc$f5e6ff90$6400a8c0@enobrev>
Message-ID: <b76252690704160949j791c8ddy5ea8f302111e3bb7@mail.gmail.com>

On 4/14/07, Mark Armendariz <lists at enobrev.com> wrote:

> I suppose I could capture the error with an error handler and try to figure
> out if it was the error I'm looking for, but that seems so messy and
> potentially unreliable.  Aren't we supposed to be able to use exceptions for
> this sort of thing in php5+?

5.2 introduced recoverable errors, I believe those can be caught...
doc is spotty on this though.

A warning is just a warning, so can't be caught, though it can be supressed.

If you haven't already solved this problem, I would suggest a test
where you try compiling a very simple preg_match using the unicode
codes, suppress any warnings with @, and see if you get the expected
result. If you do, proceed with unicode, if not log and fall back to
ascii.

-- 
Chris Snyder
http://chxo.com/


From lists at enobrev.com  Mon Apr 16 13:35:34 2007
From: lists at enobrev.com (Mark Armendariz)
Date: Mon, 16 Apr 2007 13:35:34 -0400
Subject: [nycphp-talk] PCRE, utf8, Exceptions and you
In-Reply-To: <b76252690704160949j791c8ddy5ea8f302111e3bb7@mail.gmail.com>
References: <002d01c77edc$f5e6ff90$6400a8c0@enobrev>
	<b76252690704160949j791c8ddy5ea8f302111e3bb7@mail.gmail.com>
Message-ID: <001501c7804d$a43d0cd0$0202fea9@enobrev>

> On 4/14/07, Mark Armendariz <lists at enobrev.com> wrote:
> 
> > I suppose I could capture the error with an error handler 
> and try to 
> > figure out if it was the error I'm looking for, but that seems so 
> > messy and potentially unreliable.  Aren't we supposed to be able to 
> > use exceptions for this sort of thing in php5+?
> 
> 5.2 introduced recoverable errors, I believe those can be caught...
> doc is spotty on this though.
> 

I'd just noticed it right after I made the post.  I plan on mixing it in and
I'm glad to see them, though the client server I'm currently working with is
on 5.16 at the moment, so I still have to work around it for now.

> A warning is just a warning, so can't be caught, though it 
> can be supressed.

No doubt.  I try to catch every little error, warning and notice I get and
handle or report it accordingly when possible so I can have a production
server running E_STRICT without a bead of sweat.  Anal to be sure, but it
leaves me warm and fuzzy and makes for happy portability.

> 
> If you haven't already solved this problem, I would suggest a 
> test where you try compiling a very simple preg_match using 
> the unicode codes, suppress any warnings with @, and see if 
> you get the expected result. If you do, proceed with unicode, 
> if not log and fall back to ascii.
> 

No doubt a good suggestion.  I ended up trapping the error with my error
handler class doing a strpos for 'preg_', which is doing the job well.
Here's a couple excerpts (slightly modified so they'll make sense here):
    
class PregException extends Exception {
    public function __construct($sMessage, $iCode = 0, $sFile, $iLine,
$aContext = null) {
        parent::__construct($sMessage, $iCode);

        $this->file     = $sFile;
	  $this->line     = $iLine;
	  $this->context  = $aContext;
    }
}

class Error {
    function __construct() {
        set_error_handler(array(&$this, 'eh'));
    }

    function eh($iErrorNumber, $sError, $sFile, $iLine, $aContext) {
        if (strpos($sError, 'preg_') !== false) {
            throw new PregException($sError, $iErrorNumber, $sFile, $iLine,
$aContext);
        } else {
            $this->add($iErrorNumber, $sError, $sFile, $iLine, $aContext);
        }
        return true;
    }

    // other error handler code
}

// part of my validation class
function checkRegex($mValue) {
    // Unicode Letters, Digits and Spaces
    try {
        $bBadData = preg_match('/[^\p{L}\p{Nd}\p{Zs}]/u', $mValue);
    }
    catch (PregException $e) {
        $bBadData = preg_match('/[^\w\s]/', $mValue);
    }
    
    if ($bBadData) {
        return false;
    }

    return true;
}

Thanks for the suggestions!

Mark



From ben at projectskyline.com  Tue Apr 17 10:28:36 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Tue, 17 Apr 2007 10:28:36 -0400
Subject: [nycphp-talk] [OT] MySQL Queue
Message-ID: <003701c780fc$afd75ff0$6a01a8c0@gamebox>

Hello Again, 

I have questions about implementing a queue w/mySQL.

I was thinking the simplest way to build it would be as such:

job_queue table:
First[job_id, time][job_id+1, time+n]Last

1) Every x min, select the oldest time from the queue (LIMIT 1)
2) DELETE that row from the queue
3) Execute the job

A record is inserted into the que whever a user completes the job application wizard.
That new row contains (job_id, time( )).

Seems like a pretty simple way to build the queue. I think when I run jobs, they'll be forked off
so I can run multiple jobs. However, I have not considered how the parent process that forks
these children will watch over the jobs.

What if a job takes to long, I should prolly kill it, and reinsert it into the queue, plus keep track
of failures. We dont want to keep running a job that fails.

Any ideas?

- Ben


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070417/082ce6eb/attachment.html>

From chsnyder at gmail.com  Tue Apr 17 10:38:21 2007
From: chsnyder at gmail.com (csnyder)
Date: Tue, 17 Apr 2007 10:38:21 -0400
Subject: [nycphp-talk] [OT] MySQL Queue
In-Reply-To: <003701c780fc$afd75ff0$6a01a8c0@gamebox>
References: <003701c780fc$afd75ff0$6a01a8c0@gamebox>
Message-ID: <b76252690704170738o4258dde8ndc0fa6d8789f8a7c@mail.gmail.com>

On 4/17/07, Ben Sgro (ProjectSkyline) <ben at projectskyline.com> wrote:

> 1) Every x min, select the oldest time from the queue (LIMIT 1)
> 2) DELETE that row from the queue
> 3) Execute the job

Simple improvement would be to mark the job as "active" along with the
pid of the process that is working on it, rather than deleting the
record. That way if something goes wrong, you don't have to reinsert.
Also, you can tell how many active jobs you have and decline to start
new ones past a certain threshold.

Think about what information you need for error recovery, too. After
all, you probably only want to retry a "problem" job a certain number
of times before giving up, notifying an admin, etc.

-- 
Chris Snyder
http://chxo.com/


From ben at projectskyline.com  Tue Apr 17 12:25:28 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Tue, 17 Apr 2007 12:25:28 -0400
Subject: [nycphp-talk] [OT] MySQL Queue
References: <003701c780fc$afd75ff0$6a01a8c0@gamebox>
	<b76252690704170738o4258dde8ndc0fa6d8789f8a7c@mail.gmail.com>
Message-ID: <008301c7810d$03245860$6a01a8c0@gamebox>

Hello, 

Good points.

So once the child finishes, it returns the status (failure || success)
to the parent. Then the parent can mark the job as completed
and remove it from the queue?

If it returns failure, we could do various error_log/debug.
We could also, increment the attempted_run counter (+1)
and if it reaches, two failed runs, we remove it from the queue
as well.

Has anyone done forking on PHP5 or have sample code?


- Ben


----- Original Message ----- 
From: "csnyder" <chsnyder at gmail.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, April 17, 2007 10:38 AM
Subject: Re: [nycphp-talk] [OT] MySQL Queue


> On 4/17/07, Ben Sgro (ProjectSkyline) <ben at projectskyline.com> wrote:
> 
>> 1) Every x min, select the oldest time from the queue (LIMIT 1)
>> 2) DELETE that row from the queue
>> 3) Execute the job
> 
> Simple improvement would be to mark the job as "active" along with the
> pid of the process that is working on it, rather than deleting the
> record. That way if something goes wrong, you don't have to reinsert.
> Also, you can tell how many active jobs you have and decline to start
> new ones past a certain threshold.
> 
> Think about what information you need for error recovery, too. After
> all, you probably only want to retry a "problem" job a certain number
> of times before giving up, notifying an admin, etc.
> 
> -- 
> Chris Snyder
> http://chxo.com/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php


From support at dailytechnology.net  Tue Apr 17 12:48:41 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Tue, 17 Apr 2007 12:48:41 -0400
Subject: [nycphp-talk] [OT] Next meeting
In-Reply-To: <05d601c77e4d$a65f1820$680aa8c0@MobileZ>
References: <007301c77c41$0ada5df0$6a01a8c0@gamebox><039701c77d38$f34c8f70$680aa8c0@MobileZ>	<461E89DD.1010705@php.net><039801c77d3a$1417d5b0$680aa8c0@MobileZ><461E8E59.3050106@php.net>	<011501c77d3d$5380de60$6a01a8c0@gamebox><03ae01c77d3d$6c8bd950$680aa8c0@MobileZ>	<461E91B9.5060805@secdat.com>
	<05d601c77e4d$a65f1820$680aa8c0@MobileZ>
Message-ID: <4624FA69.30306@dailytechnology.net>

Any word yet on what we may be doing this month?

- Brian

Hans Zaunere wrote:
> All, whoever can do a presentation in April, please send me a blurb so that
> we can get the calendar updated.  If someone wants to present after April,
> please contact me offlist and we'll schedule something.
> 
> Thanks,
> 
> H
> 
> 
> Hans Zaunere wrote on Thursday, April 12, 2007 4:11 PM:
>> This is a good idea, too.  So, we went from not having any speaker,
>> to having too much material :) 
>>
>> Folks who would be willing to present (April for sure, possibly May)
>> please ping me directly and we can schedule things in. 
>>
>> H
>>
>>
>> Kenneth Downs wrote on Thursday, April 12, 2007 4:08 PM:
>>> Have you ever considered a database primer?  A very simple
>>> presentation could be built around a handful of ideas:
>>>
>>> 1) Vocabulary demystification,  column=field, tuple=row=record,
>>> relation=table, foreign key = reference, primary_key = "code" or
>>> unique value 
>>>
>>> 2)  Why you can do so much with primary and foreign keys
>>>
>>> 3)  Is normalization a black art, or a simple matter of technique
>>>
>>> 4)  What do people mean by denormalization, why do some people hate
>>> it so much?  Why do others say it is no big deal?
>>>
>>> 5) Finally, why programmers have trouble with databases and why
>>> database people have trouble with code, the so-called "impedance
>>> mismatch". 
>>>
>>>
>>> I'd be happy to prepare something.
>>>
>>>
>>> Hans Zaunere wrote:
>>>
>>>
>>> 	Ben Sgro (ProjectSkyline) wrote on Thursday, April 12, 2007 4:01
>>> PM: 
>>>
>>>
>>> 		Hey all,
>>>
>>> 		Some application penetration testing would be fun.
>>>
>>> 		Maybe using both tools (nessus) and scripts, brute forcing,
>>> cookie 		altering, sql inject. 
>>>
>>> 		I dont know if that's something to put together in the next
> week,
>>> 		but I would donate time to providing a portion of what's
> listed.
>>>
>>>
>>> 	That's not a bad idea - maybe a cooperative presentation on a
>>> specific set of topics? 
>>>
>>> 	H
>>>
>>>
>>>
>>> 		Just some thoughts.
>>>
>>> 		- Ben
>>>
>>>
>>> 		----- Original Message -----
>>> 		From: "Chris Shiflett" <shiflett at php.net>
>>> 		<mailto:shiflett at php.net> To: "NYPHP Talk"
> <talk at lists.nyphp.org>
>>> 		<mailto:talk at lists.nyphp.org> Sent: Thursday, April 12, 2007
> 3:54
>>> 		PM Subject: Re: [nycphp-talk] [OT] Next meeting
>>>
>>>
>>>
>>>
>>> 			Hans Zaunere wrote:
>>>
>>>
>>> 				Would be great to have you present.
>>>
>>>
>>> 			Anyone have any topic requests?
>>>
>>> 			My favorite topics are web application security,
> sessions, and
>>> 			testing. I can also speak about DTD strategies:
>>>
>>> 			http://handdrawngames.com/DesktopTD/
>>>
>>> 			Chris
>>>
>>> 			--
>>> 			Chris Shiflett
>>> 			http://shiflett.org/
>>> 			_______________________________________________
>>> 			New York PHP Community Talk Mailing List
>>> 			http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> 			NYPHPCon 2006 Presentations Online
>>> 			http://www.nyphpcon.com
>>>
>>> 			Show Your Participation in New York PHP
>>> 			http://www.nyphp.org/show_participation.php
>>>
>>>
>>> 		_______________________________________________
>>> 		New York PHP Community Talk Mailing List
>>> 		http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> 		NYPHPCon 2006 Presentations Online
>>> 		http://www.nyphpcon.com
>>>
>>> 		Show Your Participation in New York PHP
>>> 		http://www.nyphp.org/show_participation.php
>>>
>>>
>>>
>>> 	_______________________________________________
>>> 	New York PHP Community Talk Mailing List
>>> 	http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> 	NYPHPCon 2006 Presentations Online
>>> 	http://www.nyphpcon.com
>>>
>>> 	Show Your Participation in New York PHP
>>> 	http://www.nyphp.org/show_participation.php
>>>
>>>
>>>
>>>
>>> --
>>> Kenneth Downs
>>> Secure Data Software, Inc.
>>> www.secdat.com    www.andromeda-project.org
>>> 631-379-7200   Fax: 631-689-0527
> 
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
> 

-- 

Thanks!
- Brian Dailey
Software Developer
New York, NY
www.dailytechnology.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: support.vcf
Type: text/x-vcard
Size: 250 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070417/875ed2e6/attachment.vcf>

From rmarscher at beaffinitive.com  Tue Apr 17 14:48:29 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Tue, 17 Apr 2007 14:48:29 -0400
Subject: [nycphp-talk] [OT] MySQL Queue
In-Reply-To: <008301c7810d$03245860$6a01a8c0@gamebox>
References: <003701c780fc$afd75ff0$6a01a8c0@gamebox>
	<b76252690704170738o4258dde8ndc0fa6d8789f8a7c@mail.gmail.com>
	<008301c7810d$03245860$6a01a8c0@gamebox>
Message-ID: <62A03DAB-2431-432C-8E61-8355F0558C0B@beaffinitive.com>

On 4/17/07, Ben Sgro (ProjectSkyline) <ben at projectskyline.com> wrote:
> 1) Every x min, select the oldest time from the queue (LIMIT 1)
> 2) DELETE that row from the queue

I assume that just one parent process would be performing this and  
then forking a process to handle the job afterwards, right?   
Otherwise, you'd have the chance that two processes would read the  
queue at the same time and process the same job -- in that case, a  
read lock could work.

I've only done forking in C.  I saw this in the php manual: "Process  
Control support in PHP is not enabled by default. You have to compile  
the CGI or CLI version of PHP with --enable-pcntl configuration  
option when compiling PHP to enable Process Control support."  The  
examples in the manual seem like a good starting point:  http:// 
us2.php.net/manual/en/ref.pcntl.php

-Rob


From ben at projectskyline.com  Tue Apr 17 14:55:45 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Tue, 17 Apr 2007 14:55:45 -0400
Subject: [nycphp-talk] [OT] MySQL Queue
References: <003701c780fc$afd75ff0$6a01a8c0@gamebox><b76252690704170738o4258dde8ndc0fa6d8789f8a7c@mail.gmail.com><008301c7810d$03245860$6a01a8c0@gamebox>
	<62A03DAB-2431-432C-8E61-8355F0558C0B@beaffinitive.com>
Message-ID: <01a101c78122$02e742d0$6a01a8c0@gamebox>

Hello, 

Yes, the parent process would handle the fork, 
the reaping of the children, etc...

I've looked into pcntl in the past, never got to
far w/it. I've read a lot about forking in C/Perl, 
but never really had to code it myself.

Thanks, I'll go back and read the php.net stuff.

- Ben
----- Original Message ----- 
From: "Rob Marscher" <rmarscher at beaffinitive.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Tuesday, April 17, 2007 2:48 PM
Subject: Re: [nycphp-talk] [OT] MySQL Queue


> On 4/17/07, Ben Sgro (ProjectSkyline) <ben at projectskyline.com> wrote:
>> 1) Every x min, select the oldest time from the queue (LIMIT 1)
>> 2) DELETE that row from the queue
> 
> I assume that just one parent process would be performing this and  
> then forking a process to handle the job afterwards, right?   
> Otherwise, you'd have the chance that two processes would read the  
> queue at the same time and process the same job -- in that case, a  
> read lock could work.
> 
> I've only done forking in C.  I saw this in the php manual: "Process  
> Control support in PHP is not enabled by default. You have to compile  
> the CGI or CLI version of PHP with --enable-pcntl configuration  
> option when compiling PHP to enable Process Control support."  The  
> examples in the manual seem like a good starting point:  http:// 
> us2.php.net/manual/en/ref.pcntl.php
> 
> -Rob
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php


From ben at projectskyline.com  Wed Apr 18 09:53:13 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Wed, 18 Apr 2007 09:53:13 -0400
Subject: [nycphp-talk] OOP Question: Calling a classes function from another
	class
Message-ID: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>

Hello Again, 

I've been porting my PHP4 libs to PHP5 OO, and I thus I have no formal OOP training.
This is my crash course.

So, I've created an error logging class, 

class Error

and I want to call it from another class.
Is it necessary to create another instance of the class?

I tried to use the Error:Log("error", log_level) (Calling form the Class Utility)
way of calling the function, but the Log( ) function
using $this->someOtherFunction and this is being mistaken for the parent Class (Utility->someOtherFunction) not the Error class.

So, do I have to create a new instane of the object?

Is there any way to create the object in the constructor of the other class,
and then pass it around and call it when I need it via $this->OBJECT->function?

Thanks!

- Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070418/3a7f2a1a/attachment.html>

From dorgan at optonline.net  Wed Apr 18 09:59:06 2007
From: dorgan at optonline.net (Donald J Organ IV)
Date: Wed, 18 Apr 2007 09:59:06 -0400
Subject: [nycphp-talk] OOP Question: Calling a classes function from another
	class
In-Reply-To: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
References: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
Message-ID: <4626242A.1090307@optonline.net>

An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070418/b0b84db6/attachment.html>

From support at dailytechnology.net  Wed Apr 18 10:03:45 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Wed, 18 Apr 2007 10:03:45 -0400
Subject: [nycphp-talk] OOP Question: Calling a classes function from another
	class
In-Reply-To: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
References: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
Message-ID: <46262541.8070308@dailytechnology.net>

If you're just starting out in the PHP5 OOP world, I highly recommend 
Zandstra's "PHP 5 Objects, Patterns, and Practice." I promise you it's 
worth the $20.

If you need it in the entire class, you could create a new instance of 
the object in the __construct function ($this->Error = new Error) and 
then use it later. Either that or you could make it static and call it 
throughout the program (assuming that fits your needs).

- Brian

Ben Sgro (ProjectSkyline) wrote:
> Hello Again,
>  
> I've been porting my PHP4 libs to PHP5 OO, and I thus I have no formal 
> OOP training.
> This is my crash course.
>  
> So, I've created an error logging class,
>  
> class Error
> and I want to call it from another class.
> Is it necessary to create another instance of the class?
>  
> I tried to use the Error:Log("error", log_level) (Calling form the Class 
> Utility)
> way of calling the function, but the Log( ) function
> using $this->someOtherFunction and this is being mistaken for the parent 
> Class (Utility->someOtherFunction) not the Error class.
>  
> So, do I have to create a new instane of the object?
>  
> Is there any way to create the object in the constructor of the other class,
> and then pass it around and call it when I need it via 
> $this->OBJECT->function?
>  
> Thanks!
>  
> - Ben
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

-- 

Thanks!
- Brian Dailey
Software Developer
New York, NY
www.dailytechnology.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: support.vcf
Type: text/x-vcard
Size: 250 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070418/f47d9554/attachment.vcf>

From dirn at dirnonline.com  Wed Apr 18 10:05:13 2007
From: dirn at dirnonline.com (Andy Dirnberger)
Date: Wed, 18 Apr 2007 10:05:13 -0400
Subject: [nycphp-talk] OOP Question: Calling a classes function from
	another	class
In-Reply-To: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
References: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
Message-ID: <000a01c781c2$96136340$c23a29c0$@com>

Something along these lines might work for you:

class Error {
  public static function Log (param1, param2, 
) {
    

  }
}




Error::Log (value1, value2, 
);

> Hello Again, 
>?
> I've been porting my PHP4 libs to PHP5 OO, and I thus I have no formal OOP
training.
> This is my crash course.
>
> So, I've created an error logging class, 
>?
> class Error
> and I want to call it from another class.
> Is it necessary to create another instance of the class?
>?
> I tried to use the Error:Log("error", log_level) (Calling form the Class
Utility)
> way of calling the function, but the Log( ) function
> using $this->someOtherFunction and this is being mistaken for the parent
Class (Utility->someOtherFunction) not the Error class.
>?
> So, do I have to create a new instane of the object?
>?
> Is there any way to create the object in the constructor of the other
class,
> and then pass it around and call it when I need it via
$this->OBJECT->function?
>?
> Thanks!
>?
> - Ben
?



From ben at projectskyline.com  Wed Apr 18 11:37:41 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Wed, 18 Apr 2007 11:37:41 -0400
Subject: [nycphp-talk] OOP Question: Calling a classes function from
	anotherclass
References: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
	<46262541.8070308@dailytechnology.net>
Message-ID: <008701c781cf$80880640$6a01a8c0@gamebox>

Hello Brian,

Thanks, that's what I did.

$this->Error->function( ... );

Works great.

Thanks to everyone.

I just went to order the book on bookpool.com, but its out of stock.
I'll wait a bit and get it soon. Thanks.

- Ben

----- Original Message ----- 
From: "Brian Dailey" <support at dailytechnology.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, April 18, 2007 10:03 AM
Subject: Re: [nycphp-talk] OOP Question: Calling a classes function from 
anotherclass


> If you're just starting out in the PHP5 OOP world, I highly recommend
> Zandstra's "PHP 5 Objects, Patterns, and Practice." I promise you it's
> worth the $20.
>
> If you need it in the entire class, you could create a new instance of
> the object in the __construct function ($this->Error = new Error) and
> then use it later. Either that or you could make it static and call it
> throughout the program (assuming that fits your needs).
>
> - Brian
>
> Ben Sgro (ProjectSkyline) wrote:
>> Hello Again,
>>
>> I've been porting my PHP4 libs to PHP5 OO, and I thus I have no formal
>> OOP training.
>> This is my crash course.
>>
>> So, I've created an error logging class,
>>
>> class Error
>> and I want to call it from another class.
>> Is it necessary to create another instance of the class?
>>
>> I tried to use the Error:Log("error", log_level) (Calling form the Class
>> Utility)
>> way of calling the function, but the Log( ) function
>> using $this->someOtherFunction and this is being mistaken for the parent
>> Class (Utility->someOtherFunction) not the Error class.
>>
>> So, do I have to create a new instane of the object?
>>
>> Is there any way to create the object in the constructor of the other 
>> class,
>> and then pass it around and call it when I need it via
>> $this->OBJECT->function?
>>
>> Thanks!
>>
>> - Ben
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>
> -- 
>
> Thanks!
> - Brian Dailey
> Software Developer
> New York, NY
> www.dailytechnology.net
>


--------------------------------------------------------------------------------


> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php 



From mailinglists at caseysoftware.com  Wed Apr 18 12:18:18 2007
From: mailinglists at caseysoftware.com (Keith Casey)
Date: Wed, 18 Apr 2007 12:18:18 -0400
Subject: [nycphp-talk] OOP Question: Calling a classes function from
	anotherclass
In-Reply-To: <008701c781cf$80880640$6a01a8c0@gamebox>
References: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
	<46262541.8070308@dailytechnology.net>
	<008701c781cf$80880640$6a01a8c0@gamebox>
Message-ID: <fd219f0f0704180918u66cd7d3g2e2f18505566ac0c@mail.gmail.com>

On 4/18/07, Ben Sgro (ProjectSkyline) <ben at projectskyline.com> wrote:
> I just went to order the book on bookpool.com, but its out of stock.
> I'll wait a bit and get it soon. Thanks.

I prefer Bookpool.com too, but Amazon has it in stock.

kc

-- 
D. Keith Casey Jr.
CEO, CaseySoftware, LLC
http://CaseySoftware.com


From rmarscher at beaffinitive.com  Wed Apr 18 18:24:00 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Wed, 18 Apr 2007 18:24:00 -0400
Subject: [nycphp-talk] OOP Question: Calling a classes function from
	anotherclass
In-Reply-To: <008701c781cf$80880640$6a01a8c0@gamebox>
References: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>
	<46262541.8070308@dailytechnology.net>
	<008701c781cf$80880640$6a01a8c0@gamebox>
Message-ID: <C236F346-64AD-40C4-8BFF-C53054525931@beaffinitive.com>

> I just went to order the book on bookpool.com, but its out of stock.
> I'll wait a bit and get it soon. Thanks.
>
> - Ben

When you get the book (or sooner if you look online), you should  
check out the Singleton pattern.

If your class method can't be static (because it needs access to  
$this - which isn't available for static methods), then a Singleton  
is a good option to use if you only  need one instance of the object  
in your app.

It works basically like this:

class Error
{
   private static $_instance = null;

   public static function singleton()
   {
     if (self::$_instance === null) {
       self::$_instance = new Error();
     }

     return self::$_instance;
   }
}

Then, wherever you need to get your Error object, just call

$error = Error::singleton();


-Rob



From ramons at gmx.net  Wed Apr 18 19:27:31 2007
From: ramons at gmx.net (David Krings)
Date: Wed, 18 Apr 2007 19:27:31 -0400
Subject: [nycphp-talk] OOP Question: Calling a classes function
	from	anotherclass
In-Reply-To: <C236F346-64AD-40C4-8BFF-C53054525931@beaffinitive.com>
References: <001d01c781c0$e85f6ba0$6a01a8c0@gamebox>	<46262541.8070308@dailytechnology.net>	<008701c781cf$80880640$6a01a8c0@gamebox>
	<C236F346-64AD-40C4-8BFF-C53054525931@beaffinitive.com>
Message-ID: <4626A963.9080501@gmx.net>

Somewhat unrelated to all of this, can someone point me to a good and 
concise primer of the benefits of OOP? So far I cannot think of 
something where I said, gee, I really think that would be awesome to 
have, and it turned out to be an object. Why would I want to use objects?

Thanks for wisening up an ignorant.

David


From anieshjoseph at gmail.com  Thu Apr 19 01:50:25 2007
From: anieshjoseph at gmail.com (Aniesh joseph)
Date: Thu, 19 Apr 2007 11:20:25 +0530
Subject: [nycphp-talk] Block pop up window from program
Message-ID: <1b3d2fde0704182250y7ec05c81k7b5137ff98746b9@mail.gmail.com>

Hello

How can we block a pop up window ? I need to block it using the code . Can
someonehelp me ?

Regards,
Aniesh Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070419/da6957bc/attachment.html>

From ben at projectskyline.com  Thu Apr 19 10:54:44 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Thu, 19 Apr 2007 10:54:44 -0400
Subject: [nycphp-talk] IPC Problems
Message-ID: <008201c78292$ab365810$6a01a8c0@gamebox>

Hi All, 

I'm trying to write a script, that forks children to each run a job, provided by
the parent in the form of a job_id, passed by IPC msg_send( ).

Now, when I run the job, I get some problems w/the DB loosing the connection.
I also have problems w/the job_id that's get passed ..sometimes, somehow, its the
PID...I dont get it.

It seems like the IPC is all over the place ... I've included the output from the script,
the database tables, and the source of the script.

Any help is greatly appreaciated. I've read the php.net pcntl_and msg- (IPC) stuff over and over.


What the goal is:
1) Parent, selects the next job to run.
2) Marks job as active =1, stores the PID
3) Forks off a child to run this (job_id passed to child via msg_send( ))
4) Child runs, finishes job and marks as active = 0, incremenents run count, tells parent to kill them
5) Rinse lather repeat

- Ben

[sk at projectskyline clposer]$ php run_job.php
Connected to database clposer
Using database clposer
CHILD
PARENT
Look up job_id to run
SQL Execution Time(0.00062417984008789)
SELECT job_id FROM job_queue WHERE time < now( ) AND active = 0 ORDER BY time
SQL Execution Time(0.00042200088500977)
UPDATE job_queue SET active = 1, run_count = (run_count + 1), pid = 31306 WHERE job_id = 1
CHILD
PARENT
Look up job_id to run
Parent gave me 1 ID to run
SQL Execution Time(0.00090312957763672)
SELECT job_id FROM job_queue WHERE time < now( ) AND active = 0 ORDER BY time
SQL Execution Time(0.0003819465637207)
UPDATE job_queue SET active = 1, run_count = (run_count + 1), pid = 31441 WHERE job_id = 3
Could not successfully run query (UPDATE job_queue SET active = 0, time = now( ) WHERE job_id = 1) from DB: Lost connection to MySQL server during query[sk at projectskyline clposer]$ Parent gave me 3 ID to run
Could not successfully run query (UPDATE job_queue SET active = 0, time = now( ) WHERE job_id = 3) from DB: MySQL server has gone away


mysql> desc job_queue;
+-----------+------------+------+-----+---------------------+----------------+
| Field     | Type       | Null | Key | Default             | Extra          |
+-----------+------------+------+-----+---------------------+----------------+
| job_id    | int(11)    | NO   | PRI | NULL                | auto_increment |
| active    | tinyint(1) | YES  |     | 0                   |                |
| failed    | tinyint(1) | YES  |     | 0                   |                |
| run_count | int(11)    | YES  |     | 0                   |                |
| time      | datetime   | YES  |     | 0000-00-00 00:00:00 |                |
| pid       | int(11)    | YES  |     | 0                   |                |
+-----------+------------+------+-----+---------------------+----------------+



#!/usr/bin/php -q
<?php
    /* *** WHEN PUSHING LIVE ****
    
        Has to be manually changed
    */
    $REMOTE = 0;
    $OOP_INC_PATH     = ( $REMOTE == 0 )? '../OOPLIB/' : 'OOPLIB/';

    /* Keep include files this order. */
    include($OOP_INC_PATH . 'CONS.php');
    include($OOP_INC_PATH . 'DBAS.php');
    include($OOP_INC_PATH . 'ERRO.php');
    include($OOP_INC_PATH . 'UTIL.php');
    include('constants.php');

    $dbObject = new Database(LOG_LEVEL_NORMAL, $dbSet);   
    
    $MSG_QUEUE = msg_get_queue(ftok("tmp/php_msg_queue.stat", 'R'), 0666);
    
    for ( $count = 0; $count < MAX_CHILD_PROCS; $count++ )
    {
        $pId = pcntl_fork( );
        if ( $pId == -1 )
        {
            printf("Could not fork process");    
            exit;
        }
        elseif ( $pId ) /* We are the parent. */
        {
            echo "PARENT\n";
            //printf("I am the parent %d\n", $count);
                
     
            
            /* Select the next job to run. */

            echo "Look up job_id to run\n";
            $dbObject->DatabaseQuery('SELECT job_id FROM ' . DB_TABLE_JOB_QUEUE
                                    . ' WHERE time < now( )'
                                    . ' AND active = 0'
                                    . ' ORDER BY time',
                                    constReturnOne, LOG_LEVEL_NORMAL);
            $jobIdToRun = $dbObject->result;
            $jobIdToRun = $jobIdToRun['job_id'];
            
            $currentQueue = msg_stat_queue($MSG_QUEUE);   
            
            /* Mark this job_id as active and increment the run_count. */
            $dbObject->DatabaseQuery('UPDATE ' . DB_TABLE_JOB_QUEUE
                                    . ' SET active = 1,'
                                    . ' run_count = (run_count + 1),'
                                    . ' pid = ' . $currentQueue['msg_lrpid']
                                    . " WHERE job_id = $jobIdToRun",
                                    constReturnNone, LOG_LEVEL_NORMAL);    
                 
            /* Tell the child what job_id to run. */
            msg_send($MSG_QUEUE, 1, $jobIdToRun, true, true, $errmsg);


            $killCount = $currentQueue['msg_qnum'];
            if ( $killCount > 0 )
            {
                for ($i = 0; $i < $killCount; $i++ )
                {
                    if ( !msg_receive($MSG_QUEUE, 1, $msg_type, 16384, $msg, true, 0, $errmsg))
                    {
                        printf("Error:%s", $errmsg);
                    }
                    else
                    {
                        pcntl_waitpid($msg, $tmpStat, 0);
                    }
                }
            }
        }
        else /* We are the child. */
        {
            echo "CHILD\n";
            if ( !posix_setsid( ) )
            {
                printf("Could not detch");
                exit;
            }
            
            //printf("I am child %d\n", $count);
            
            if ( msg_receive($MSG_QUEUE, 1, $msg_type, 16384, $jobIdToRun, true, 0, $msg_error ) )
            {
                /* Parent has sent us our job_id */
                if ( $jobIdToRun != '' )
                {
                    //$dbObject = new Database(LOG_LEVEL_NORMAL, $dbSet);   
                    echo "Parent gave me $jobIdToRun ID to run\n";
                    
                    /*
                    
                        Lets say we ran the job here
                                   
                    */
                    
                    $dbObject->DatabaseQuery('UPDATE ' . DB_TABLE_JOB_QUEUE
                                            . ' SET active = 0,'
                                            . ' time = now( )'
                                            . " WHERE job_id = $jobIdToRun", constReturnNone,
                                            LOG_LEVEL_NORMAL);
                    
                }
                //$jobIdToRun = 0;
            
                /* Tell parent to kill this child. */
                if ( !msg_send($MSG_QUEUE, 1, posix_getpid( ), true, true, $errmsg) )
                {
                    printf("msg_send( ) %s", $errmsg);
                }
                exit(0);
            }
        }
    }

?>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070419/6a0cc9d9/attachment.html>

From robynover at gmail.com  Thu Apr 19 11:00:33 2007
From: robynover at gmail.com (Robyn Overstreet)
Date: Thu, 19 Apr 2007 11:00:33 -0400
Subject: [nycphp-talk] PEAR Mail_Queue database strangeness
Message-ID: <dc1507df0704190800m252faf95w7f3d5f9645a9694c@mail.gmail.com>

Wondering if anyone has any thoughts on a strange problem I'm having
with Mail_Queue. I have an application that's been using it and
working great, but now it is recording two records in the mail_queue
database table for every email it sends. So it sends double the mail
it is supposed to send.

This does not appear to be a problem of lag time between the send
command and marking the records as sent in the database -- instead, it
is actually writing extra rows in the database and sending them
accordingly.

Any thoughts?

Thanks-
Robyn


From tboyden at supercoups.com  Thu Apr 19 11:04:31 2007
From: tboyden at supercoups.com (Timothy Boyden)
Date: Thu, 19 Apr 2007 11:04:31 -0400
Subject: [nycphp-talk] UPS XML Shipping Rates Calculator?
Message-ID: <C12F0900C695FF47AEE0A7C2C75760A0904FF5@greenmonster.supercoups.local>

Hi All,
 
Anyone have a code sample or link to an example for getting UPS shipping
rates via UPS's XML Online Tools?
 
I downloaded their documentation but the only examples they provide are
in ASP or Java.
 
Thanks for any help you can provide.
 
-Tim
---------------------------

Timothy Boyden


Network Administrator

tboyden at supercoups.com

SuperCoups(r)

 

350 Revolutionary Drive | E. Taunton, MA 02718

508-977-2034  | www.supercoups.com <http://www.supercoups.com/>  

 

We Support Alex's Lemonade Stand Foundation, 

"Fighting Childhood Cancer One Cup At A Time"

Donations Accepted at: www.firstgiving.com/SuperCoups

---------------------------

Local Coupons. Super Savings.(r)

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070419/bd29f568/attachment.html>

From chsnyder at gmail.com  Thu Apr 19 13:38:51 2007
From: chsnyder at gmail.com (csnyder)
Date: Thu, 19 Apr 2007 13:38:51 -0400
Subject: [nycphp-talk] IPC Problems
In-Reply-To: <008201c78292$ab365810$6a01a8c0@gamebox>
References: <008201c78292$ab365810$6a01a8c0@gamebox>
Message-ID: <b76252690704191038m54626cc0mb13ec57c50eca715@mail.gmail.com>

Hi Ben,

It's been a couple years since I had to deal with forking processes
and such, so I'm not up to debugging your code. But one thing that
might help you simplify is to remember that, at the time of the fork,
the child's environment is the same as the parent's.

If the parent loads the job record from the database into an array or
object named $job, and then forks, the child will have its own copy of
$job and can just go to work on it.

IIRC the database connection is a special case because it's a resource
-- same goes for file pointers. Nevertheless, the child should have
access to the username and password (in $dbSet?) to be able to make
it's own connection to the db.

-- 
Chris Snyder
http://chxo.com/


From ben at projectskyline.com  Thu Apr 19 13:46:48 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Thu, 19 Apr 2007 13:46:48 -0400
Subject: [nycphp-talk] IPC Problems
References: <008201c78292$ab365810$6a01a8c0@gamebox>
	<b76252690704191038m54626cc0mb13ec57c50eca715@mail.gmail.com>
Message-ID: <00c201c782aa$b4890bc0$6a01a8c0@gamebox>

Hello Chris, 

Ok, makes sense.

I tried having the child create its own DB connection (object)
which seems to work all right, until it executes the query,
at which point it says the DB is gone.

I'm trying something a bit different now, using two files, parent
and child and then using the queue to send messages back in forth,
such as, the childs PID (so the parent could kill it if it runs to long)
and the return value of the child (success of failure).

This way eliminates the fork and the reaping, as the child's just exit(0)
when they are done, or worse (haven't coded this yet), the parent can 
kill them (since it tracks the pids and job_ids).

Truthfully, I dont know what the easiest way to do this is, nor 
can I find any good documentation on IPC and php.

- Ben

----- Original Message ----- 
From: "csnyder" <chsnyder at gmail.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Thursday, April 19, 2007 1:38 PM
Subject: Re: [nycphp-talk] IPC Problems


> Hi Ben,
> 
> It's been a couple years since I had to deal with forking processes
> and such, so I'm not up to debugging your code. But one thing that
> might help you simplify is to remember that, at the time of the fork,
> the child's environment is the same as the parent's.
> 
> If the parent loads the job record from the database into an array or
> object named $job, and then forks, the child will have its own copy of
> $job and can just go to work on it.
> 
> IIRC the database connection is a special case because it's a resource
> -- same goes for file pointers. Nevertheless, the child should have
> access to the username and password (in $dbSet?) to be able to make
> it's own connection to the db.
> 
> -- 
> Chris Snyder
> http://chxo.com/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php


From ben at projectskyline.com  Thu Apr 19 15:26:18 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Thu, 19 Apr 2007 15:26:18 -0400
Subject: [nycphp-talk] IPC Problems
References: <008201c78292$ab365810$6a01a8c0@gamebox>
	<b76252690704191038m54626cc0mb13ec57c50eca715@mail.gmail.com>
Message-ID: <010b01c782b8$9b1c1250$6a01a8c0@gamebox>

I've tried to accomplish with two scripts.

Execept I didn't think ahead of enough and now
I'm having the problem of calling exec( )
and the parent script waiting until it returns.

I can't seem to call exec(script &) <-- & to force to background
but the parent still waits...

Any way to get around this?

- Ben

..............FROM PARENT.................
    /* Run the child_job to execute this job_id. */
    exec("env -i /usr/bin/php child_job.php -i $jobIdToRun");

    /* IT WAITS HERE UNTIL child_job.php IS DONE RUNNING */

    /* Child needs to report back its PID. */
    msg_receive($MSG_QUEUE, 1, $real_type, 16384, $childPID, 1, 0, $err);
    error_log("childPID($childPID)");




From support at dailytechnology.net  Thu Apr 19 15:40:25 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Thu, 19 Apr 2007 15:40:25 -0400
Subject: [nycphp-talk] PHP and SFTP
Message-ID: <4627C5A9.3070300@dailytechnology.net>

Have any of you guys had any experience doing sftp transfers with PHP? I 
need something fairly robust that allows me to confirm that the file did 
indeed arrive intact.

I've looked into libssh2 (using ssh2.sftp:// wrapper) but I've had 
little luck with that. The next best thing I've found is being able to 
use a key to use ssh without entering a password (something I've done 
before, but not with PHP).

I'm not asking for code or anything, just wondering if anyone else on 
the list has ever done this and perhaps if you could point me to any 
resources that were helpful when you were setting it up.

-- 

Thanks!
- Brian Dailey
New York, NY
www.dailytechnology.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: support.vcf
Type: text/x-vcard
Size: 250 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070419/52b3e230/attachment.vcf>

From dcech at phpwerx.net  Thu Apr 19 15:50:34 2007
From: dcech at phpwerx.net (Dan Cech)
Date: Thu, 19 Apr 2007 15:50:34 -0400
Subject: [nycphp-talk] IPC Problems
In-Reply-To: <008201c78292$ab365810$6a01a8c0@gamebox>
References: <008201c78292$ab365810$6a01a8c0@gamebox>
Message-ID: <4627C80A.90904@phpwerx.net>

Ben Sgro (ProjectSkyline) wrote:
> Hi All, 
> 
> I'm trying to write a script, that forks children to each run a job, provided by
> the parent in the form of a job_id, passed by IPC msg_send( ).
> 
> Now, when I run the job, I get some problems w/the DB loosing the connection.
> I also have problems w/the job_id that's get passed ..sometimes, somehow, its the
> PID...I dont get it.
> 
> It seems like the IPC is all over the place ... I've included the output from the script,
> the database tables, and the source of the script.
> 
> Any help is greatly appreaciated. I've read the php.net pcntl_and msg- (IPC) stuff over and over.

It sounds like you might be making this more complicated than it needs
to be.

> What the goal is:
> 1) Parent, selects the next job to run.
> 2) Marks job as active =1, stores the PID
> 3) Forks off a child to run this (job_id passed to child via msg_send( ))

The child can read the job_id from a variable set in the parent before
the fork, why not just do this?

> 4) Child runs, finishes job and marks as active = 0, incremenents run count, tells parent to kill them

Why does the child need the parent to kill them?  A call to exit() at
the end of the child section should do the trick just fine.

> 5) Rinse lather repeat

Hope this helps,

Dan


From jonbaer at jonbaer.com  Thu Apr 19 15:55:36 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Thu, 19 Apr 2007 15:55:36 -0400
Subject: [nycphp-talk] PHP and SFTP
In-Reply-To: <4627C5A9.3070300@dailytechnology.net>
References: <4627C5A9.3070300@dailytechnology.net>
Message-ID: <64DA67EF-A244-4040-A6BA-2F3823E1FE63@jonbaer.com>

A good (maybe better) alternative is to use FUSE ssh bindings,  
basically you mount your SSH as something like /mnt/ssh/server1/ and  
read it as a normal file.  fopen() or md5() check.

On some systems it's already there.

On Mac ... http://code.google.com/p/macfuse/

- Jon

On Apr 19, 2007, at 3:40 PM, Brian Dailey wrote:

> Have any of you guys had any experience doing sftp transfers with  
> PHP? I need something fairly robust that allows me to confirm that  
> the file did indeed arrive intact.
>
> I've looked into libssh2 (using ssh2.sftp:// wrapper) but I've had  
> little luck with that. The next best thing I've found is being able  
> to use a key to use ssh without entering a password (something I've  
> done before, but not with PHP).
>
> I'm not asking for code or anything, just wondering if anyone else  
> on the list has ever done this and perhaps if you could point me to  
> any resources that were helpful when you were setting it up.
>
> -- 
>
> Thanks!
> - Brian Dailey
> New York, NY
> www.dailytechnology.net
> <support.vcf>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From rolan at omnistep.com  Thu Apr 19 16:02:24 2007
From: rolan at omnistep.com (Rolan Yang)
Date: Thu, 19 Apr 2007 16:02:24 -0400
Subject: [nycphp-talk] PHP and SFTP
In-Reply-To: <4627C5A9.3070300@dailytechnology.net>
References: <4627C5A9.3070300@dailytechnology.net>
Message-ID: <4627CAD0.2080700@omnistep.com>

Have you thought of using CURL to upload the file over SSL? The 
receiving script could respond with a confirmation, or even better, 
return an md5 hash.

~Rolan

Brian Dailey wrote:
> Have any of you guys had any experience doing sftp transfers with PHP? 
> I need something fairly robust that allows me to confirm that the file 
> did indeed arrive intact.
>
> I've looked into libssh2 (using ssh2.sftp:// wrapper) but I've had 
> little luck with that. The next best thing I've found is being able to 
> use a key to use ssh without entering a password (something I've done 
> before, but not with PHP).
>
> I'm not asking for code or anything, just wondering if anyone else on 
> the list has ever done this and perhaps if you could point me to any 
> resources that were helpful when you were setting it up.
>


From support at dailytechnology.net  Thu Apr 19 16:12:29 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Thu, 19 Apr 2007 16:12:29 -0400
Subject: [nycphp-talk] PHP and SFTP
In-Reply-To: <4627CAD0.2080700@omnistep.com>
References: <4627C5A9.3070300@dailytechnology.net>
	<4627CAD0.2080700@omnistep.com>
Message-ID: <4627CD2D.3060000@dailytechnology.net>

The problem is that I have no control over the receiving script (another 
company is involved). The receiving end isn't even a Linux server, it's 
some sort of Windows/ASP server running an SSH implementation. So I'm 
required to send the file via some sort of SSH tunnel.

I am mulling the idea of using scp, but I'm not sure at this point how I 
would confirm the file arrived intact.

Rolan Yang wrote:
> Have you thought of using CURL to upload the file over SSL? The 
> receiving script could respond with a confirmation, or even better, 
> return an md5 hash.
> 
> ~Rolan
> 
> Brian Dailey wrote:
>> Have any of you guys had any experience doing sftp transfers with PHP? 
>> I need something fairly robust that allows me to confirm that the file 
>> did indeed arrive intact.
>>
>> I've looked into libssh2 (using ssh2.sftp:// wrapper) but I've had 
>> little luck with that. The next best thing I've found is being able to 
>> use a key to use ssh without entering a password (something I've done 
>> before, but not with PHP).
>>
>> I'm not asking for code or anything, just wondering if anyone else on 
>> the list has ever done this and perhaps if you could point me to any 
>> resources that were helpful when you were setting it up.
>>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
> 

-- 

Thanks!
- Brian Dailey
Software Developer
New York, NY
www.dailytechnology.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: support.vcf
Type: text/x-vcard
Size: 250 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070419/2c69d7f7/attachment.vcf>

From ajai at bitblit.net  Thu Apr 19 16:17:20 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Thu, 19 Apr 2007 16:17:20 -0400 (EDT)
Subject: [nycphp-talk] PHP and SFTP
In-Reply-To: <4627CD2D.3060000@dailytechnology.net>
Message-ID: <Pine.LNX.4.44.0704191616510.19665-100000@bitblit.net>

On Thu, 19 Apr 2007, Brian Dailey wrote:

> I am mulling the idea of using scp, but I'm not sure at this point how I 
> would confirm the file arrived intact.

Wouldn't scp generate an error if there was a problem?


-- 
Aj.



From mba2000 at ioplex.com  Thu Apr 19 17:36:27 2007
From: mba2000 at ioplex.com (Michael B Allen)
Date: Thu, 19 Apr 2007 17:36:27 -0400
Subject: [nycphp-talk] PHP and SFTP
In-Reply-To: <4627C5A9.3070300@dailytechnology.net>
References: <4627C5A9.3070300@dailytechnology.net>
Message-ID: <20070419173627.7f45201c.mba2000@ioplex.com>

On Thu, 19 Apr 2007 15:40:25 -0400
Brian Dailey <support at dailytechnology.net> wrote:

> Have any of you guys had any experience doing sftp transfers with PHP? I 
> need something fairly robust that allows me to confirm that the file did 
> indeed arrive intact.
> 
> I've looked into libssh2 (using ssh2.sftp:// wrapper) but I've had 
> little luck with that. The next best thing I've found is being able to 
> use a key to use ssh without entering a password (something I've done 
> before, but not with PHP).

I don't know anything about the libssh2 extension but you could simply
use popen to call scp. To validate the file was transferred successfully
you could then follow up with a call to popen and a command like:

 ssh host.foo.net "ls -l file.txt"

and then parse the size from the output and compare it to the local
file size.

Mike

-- 
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/


From ben at projectskyline.com  Thu Apr 19 19:29:23 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Thu, 19 Apr 2007 19:29:23 -0400
Subject: [nycphp-talk] IPC Problems
References: <008201c78292$ab365810$6a01a8c0@gamebox>
	<4627C80A.90904@phpwerx.net>
Message-ID: <016e01c782da$904c4f30$6a01a8c0@gamebox>

Hey again,

Good point.

I've simplified this all into two small scripts.

If anyone is interested in the solution, contact me off
list and I'll send the source.

I will have an additional sanity/mantience script that ensures no
job runs longer than a given threshold.

Thanks for the help.

- Ben


----- Original Message ----- 
From: "Dan Cech" <dcech at phpwerx.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Thursday, April 19, 2007 3:50 PM
Subject: Re: [nycphp-talk] IPC Problems


> Ben Sgro (ProjectSkyline) wrote:
>> Hi All,
>>
>> I'm trying to write a script, that forks children to each run a job, 
>> provided by
>> the parent in the form of a job_id, passed by IPC msg_send( ).
>>
>> Now, when I run the job, I get some problems w/the DB loosing the 
>> connection.
>> I also have problems w/the job_id that's get passed ..sometimes, somehow, 
>> its the
>> PID...I dont get it.
>>
>> It seems like the IPC is all over the place ... I've included the output 
>> from the script,
>> the database tables, and the source of the script.
>>
>> Any help is greatly appreaciated. I've read the php.net pcntl_and msg- 
>> (IPC) stuff over and over.
>
> It sounds like you might be making this more complicated than it needs
> to be.
>
>> What the goal is:
>> 1) Parent, selects the next job to run.
>> 2) Marks job as active =1, stores the PID
>> 3) Forks off a child to run this (job_id passed to child via msg_send( ))
>
> The child can read the job_id from a variable set in the parent before
> the fork, why not just do this?
>
>> 4) Child runs, finishes job and marks as active = 0, incremenents run 
>> count, tells parent to kill them
>
> Why does the child need the parent to kill them?  A call to exit() at
> the end of the child section should do the trick just fine.
>
>> 5) Rinse lather repeat
>
> Hope this helps,
>
> Dan
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php 



From nyphp at dynamicink.com  Thu Apr 19 22:34:36 2007
From: nyphp at dynamicink.com (Dynamic Ink)
Date: Thu, 19 Apr 2007 22:34:36 -0400
Subject: [nycphp-talk] UPS XML Shipping Rates Calculator?
References: <C12F0900C695FF47AEE0A7C2C75760A0904FF5@greenmonster.supercoups.local>
Message-ID: <004c01c782f4$72a5fb60$0401a8c0@e6300>

There is a detailed example along with a full explanation in an article that I wrote for PHP Architect:

The Ultimate PHP 5 Shopping Cart, spanning Aug. and Sept. 2004

  ----- Original Message ----- 
  From: Timothy Boyden 
  To: talk at lists.nyphp.org 
  Sent: Thursday, April 19, 2007 11:04 AM
  Subject: [nycphp-talk] UPS XML Shipping Rates Calculator?


  Hi All,

  Anyone have a code sample or link to an example for getting UPS shipping rates via UPS's XML Online Tools?

  I downloaded their documentation but the only examples they provide are in ASP or Java.

  Thanks for any help you can provide.

  -Tim
  ---------------------------
  Timothy Boyden
  Network Administrator

  tboyden at supercoups.com


  SuperCoups?

   

  350 Revolutionary Drive | E. Taunton, MA 02718

  508-977-2034  | www.supercoups.com 

   

  We Support Alex's Lemonade Stand Foundation, 

  "Fighting Childhood Cancer One Cup At A Time"

  Donations Accepted at: www.firstgiving.com/SuperCoups

  ---------------------------

  Local Coupons. Super Savings.?




------------------------------------------------------------------------------


  _______________________________________________
  New York PHP Community Talk Mailing List
  http://lists.nyphp.org/mailman/listinfo/talk

  NYPHPCon 2006 Presentations Online
  http://www.nyphpcon.com

  Show Your Participation in New York PHP
  http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070419/434fccdb/attachment.html>

From ramons at gmx.net  Fri Apr 20 06:42:04 2007
From: ramons at gmx.net (David Krings)
Date: Fri, 20 Apr 2007 06:42:04 -0400
Subject: [nycphp-talk] Checking active sessions
Message-ID: <462898FC.3020606@gmx.net>

Hi!

Is there any way I can check which sessions are currently active and 
which aren't? I like to add some housekeeping code, but taking away 
things from active sessions would be just mean.

David


From tboyden at supercoups.com  Fri Apr 20 15:57:54 2007
From: tboyden at supercoups.com (Timothy Boyden)
Date: Fri, 20 Apr 2007 15:57:54 -0400
Subject: [nycphp-talk] UPS XML Shipping Rates Calculator?
In-Reply-To: <004c01c782f4$72a5fb60$0401a8c0@e6300>
References: <C12F0900C695FF47AEE0A7C2C75760A0904FF5@greenmonster.supercoups.local>
	<004c01c782f4$72a5fb60$0401a8c0@e6300>
Message-ID: <C12F0900C695FF47AEE0A7C2C75760A090508E@greenmonster.supercoups.local>

Eric,
 
I purchased the two PHP Architect editions you mentioned and was able to
use the code for my purposes. The code produces the correct result (the
rate price) however the shipping class throws a warning as follows:
 

Warning: fgets() [function.fgets
<http://10.100.54.10/bitweaver/themes/styles/supercoups/function.fgets>
]: SSL: fatal protocol error in
C:\Inetpub\wwwroot\bitweaver\themes\styles\supercoups\ups_shipping.class
.php on line 64
 
Line 64 reads as follows:
 
while(!feof($fp)) $upsresponse[]=fgets($fp, 4096);
 
Any idea why this happens or should I just ignore the warning? I have
display_errors turned on temporarily for debugging purposes otherwise
this wouldn't show up.
 
Thanks,
 
Tim Boyden
 
---------------------------


Timothy Boyden


Network Administrator

tboyden at supercoups.com

SuperCoups(r)

 

350 Revolutionary Drive | E. Taunton, MA 02718

508-977-2034  | www.supercoups.com <http://www.supercoups.com/>  

 

We Support Alex's Lemonade Stand Foundation, 

"Fighting Childhood Cancer One Cup At A Time"

Donations Accepted at: www.firstgiving.com/SuperCoups

---------------------------

Local Coupons. Super Savings.(r)


________________________________

From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Dynamic Ink
Sent: Thursday, April 19, 2007 10:35 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] UPS XML Shipping Rates Calculator?


There is a detailed example along with a full explanation in an article
that I wrote for PHP Architect:
 
The Ultimate PHP 5 Shopping Cart, spanning Aug. and Sept. 2004
 

	----- Original Message ----- 
	From: Timothy Boyden <mailto:tboyden at supercoups.com>  
	To: talk at lists.nyphp.org 
	Sent: Thursday, April 19, 2007 11:04 AM
	Subject: [nycphp-talk] UPS XML Shipping Rates Calculator?

	Hi All,
	 
	Anyone have a code sample or link to an example for getting UPS
shipping rates via UPS's XML Online Tools?
	 
	I downloaded their documentation but the only examples they
provide are in ASP or Java.
	 
	Thanks for any help you can provide.
	 
	-Tim
	---------------------------

	Timothy Boyden


	Network Administrator

	tboyden at supercoups.com

	

	SuperCoups(r)

	 

	350 Revolutionary Drive | E. Taunton, MA 02718

	508-977-2034  | www.supercoups.com <http://www.supercoups.com/>


	 

	We Support Alex's Lemonade Stand Foundation, 

	"Fighting Childhood Cancer One Cup At A Time"

	Donations Accepted at: www.firstgiving.com/SuperCoups

	---------------------------

	Local Coupons. Super Savings.(r)

	 

	
________________________________


	

	_______________________________________________
	New York PHP Community Talk Mailing List
	http://lists.nyphp.org/mailman/listinfo/talk
	
	NYPHPCon 2006 Presentations Online
	http://www.nyphpcon.com
	
	Show Your Participation in New York PHP
	http://www.nyphp.org/show_participation.php

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070420/ae87b20a/attachment.html>

From nyphp at dynamicink.com  Fri Apr 20 16:00:43 2007
From: nyphp at dynamicink.com (Dynamic Ink)
Date: Fri, 20 Apr 2007 16:00:43 -0400
Subject: [nycphp-talk] UPS XML Shipping Rates Calculator?
References: <C12F0900C695FF47AEE0A7C2C75760A0904FF5@greenmonster.supercoups.local><004c01c782f4$72a5fb60$0401a8c0@e6300>
	<C12F0900C695FF47AEE0A7C2C75760A090508E@greenmonster.supercoups.local>
Message-ID: <002301c78386$a32f7080$0401a8c0@e6300>

It is possible that the UPS server is now running under IIS in which case it will have the same issue as the AuthorizeNet server mentioned on page 44 in part 2 (php|architect Sept. 2004) where SSL connections do not get cleanly closed. If this is the case and the code works perfectly otherwise then you can preced fgets with an @ and it will surpress the error.

  ----- Original Message ----- 
  From: Timothy Boyden 
  To: NYPHP Talk 
  Sent: Friday, April 20, 2007 3:57 PM
  Subject: RE: [nycphp-talk] UPS XML Shipping Rates Calculator?


  Eric,

  I purchased the two PHP Architect editions you mentioned and was able to use the code for my purposes. The code produces the correct result (the rate price) however the shipping class throws a warning as follows:


  Warning: fgets() [function.fgets]: SSL: fatal protocol error in C:\Inetpub\wwwroot\bitweaver\themes\styles\supercoups\ups_shipping.class.php on line 64

  Line 64 reads as follows:

  while(!feof($fp)) $upsresponse[]=fgets($fp, 4096);

  Any idea why this happens or should I just ignore the warning? I have display_errors turned on temporarily for debugging purposes otherwise this wouldn't show up.

  Thanks,

  Tim Boyden

  ---------------------------

  Timothy Boyden
  Network Administrator

  tboyden at supercoups.com


  SuperCoups?

   

  350 Revolutionary Drive | E. Taunton, MA 02718

  508-977-2034  | www.supercoups.com 

   

  We Support Alex's Lemonade Stand Foundation, 

  "Fighting Childhood Cancer One Cup At A Time"

  Donations Accepted at: www.firstgiving.com/SuperCoups

  ---------------------------

  Local Coupons. Super Savings.?




------------------------------------------------------------------------------
  From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Dynamic Ink
  Sent: Thursday, April 19, 2007 10:35 PM
  To: NYPHP Talk
  Subject: Re: [nycphp-talk] UPS XML Shipping Rates Calculator?


  There is a detailed example along with a full explanation in an article that I wrote for PHP Architect:

  The Ultimate PHP 5 Shopping Cart, spanning Aug. and Sept. 2004

    ----- Original Message ----- 
    From: Timothy Boyden 
    To: talk at lists.nyphp.org 
    Sent: Thursday, April 19, 2007 11:04 AM
    Subject: [nycphp-talk] UPS XML Shipping Rates Calculator?


    Hi All,

    Anyone have a code sample or link to an example for getting UPS shipping rates via UPS's XML Online Tools?

    I downloaded their documentation but the only examples they provide are in ASP or Java.

    Thanks for any help you can provide.

    -Tim
    ---------------------------
    Timothy Boyden
    Network Administrator

    tboyden at supercoups.com


    SuperCoups?

     

    350 Revolutionary Drive | E. Taunton, MA 02718

    508-977-2034  | www.supercoups.com 

     

    We Support Alex's Lemonade Stand Foundation, 

    "Fighting Childhood Cancer One Cup At A Time"

    Donations Accepted at: www.firstgiving.com/SuperCoups

    ---------------------------

    Local Coupons. Super Savings.?




----------------------------------------------------------------------------


    _______________________________________________
    New York PHP Community Talk Mailing List
    http://lists.nyphp.org/mailman/listinfo/talk

    NYPHPCon 2006 Presentations Online
    http://www.nyphpcon.com

    Show Your Participation in New York PHP
    http://www.nyphp.org/show_participation.php


------------------------------------------------------------------------------


  _______________________________________________
  New York PHP Community Talk Mailing List
  http://lists.nyphp.org/mailman/listinfo/talk

  NYPHPCon 2006 Presentations Online
  http://www.nyphpcon.com

  Show Your Participation in New York PHP
  http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070420/b5fc979f/attachment.html>

From shiflett at php.net  Mon Apr 23 15:42:29 2007
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 23 Apr 2007 15:42:29 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
Message-ID: <462D0C25.9050603@php.net>

As just announced today, I'm giving tomorrow's talk, and the topic is
Security 2.0. Yeah, I'm poking fun at Web 2.0 with the title, but there
are some interesting things that have been happening in web application
security partly due to Web 2.0, and I think this will be a fun /
interesting talk.

I worked on the my slides over the weekend, but if anyone has any
specific curiosities or questions that fit within the "emerging web
application security trends" topic, please let me know, and I'll do my
best to accommodate.

As a bribe, I'll be bringing a copy or two of Essential PHP Security to
give away:

http://phpsecurity.org/

Hope to see you there. :-)

Chris

-- 
Chris Shiflett
http://shiflett.org/


From agfische at email.smith.edu  Mon Apr 23 15:46:48 2007
From: agfische at email.smith.edu (Aaron Fischer)
Date: Mon, 23 Apr 2007 15:46:48 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <462D0C25.9050603@php.net>
References: <462D0C25.9050603@php.net>
Message-ID: <745C32D3-BFF5-4583-8447-E957661F3F40@email.smith.edu>

Oh darn, I'm not going to be able to make it.  (I would be driving  
from a bit of a distance).

However, I'm very interested in the presentation.  I hope it will be  
recorded?

-Aaron


On Apr 23, 2007, at 3:42 PM, Chris Shiflett wrote:

> As just announced today, I'm giving tomorrow's talk, and the topic is
> Security 2.0. Yeah, I'm poking fun at Web 2.0 with the title, but  
> there
> are some interesting things that have been happening in web  
> application
> security partly due to Web 2.0, and I think this will be a fun /
> interesting talk.
>
> I worked on the my slides over the weekend, but if anyone has any
> specific curiosities or questions that fit within the "emerging web
> application security trends" topic, please let me know, and I'll do my
> best to accommodate.
>
> As a bribe, I'll be bringing a copy or two of Essential PHP  
> Security to
> give away:
>
> http://phpsecurity.org/
>
> Hope to see you there. :-)
>
> Chris
>
> -- 
> Chris Shiflett
> http://shiflett.org/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From ajai at bitblit.net  Mon Apr 23 15:53:19 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Mon, 23 Apr 2007 15:53:19 -0400 (EDT)
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <745C32D3-BFF5-4583-8447-E957661F3F40@email.smith.edu>
Message-ID: <Pine.LNX.4.44.0704231552390.2053-100000@bitblit.net>

On Mon, 23 Apr 2007, Aaron Fischer wrote:

> However, I'm very interested in the presentation.  I hope it will be  
> recorded?

Its a shame the NYPHP meetings happen on the same day as the nyc-ruby 
meetings :-(


-- 
Aj.



From adlermedrado at gmail.com  Mon Apr 23 16:00:35 2007
From: adlermedrado at gmail.com (Adler Medrado)
Date: Mon, 23 Apr 2007 17:00:35 -0300
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <Pine.LNX.4.44.0704231552390.2053-100000@bitblit.net>
References: <745C32D3-BFF5-4583-8447-E957661F3F40@email.smith.edu>
	<Pine.LNX.4.44.0704231552390.2053-100000@bitblit.net>
Message-ID: <f8a4e8e10704231300y7a66a70exf5878d55fd1e0cd2@mail.gmail.com>

no... shame is the nyc-ruby happen on the same day as the nyphp meetings ;-)

2007/4/23, Ajai Khattri <ajai at bitblit.net>:
>
> On Mon, 23 Apr 2007, Aaron Fischer wrote:
>
> > However, I'm very interested in the presentation.  I hope it will be
> > recorded?
>
> Its a shame the NYPHP meetings happen on the same day as the nyc-ruby
> meetings :-(
>
>
> --
> Aj.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>



-- 
adler medrado

Consultor
http://www.neshertech.net/adler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070423/f3440128/attachment.html>

From ajai at bitblit.net  Mon Apr 23 16:33:06 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Mon, 23 Apr 2007 16:33:06 -0400 (EDT)
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <f8a4e8e10704231300y7a66a70exf5878d55fd1e0cd2@mail.gmail.com>
Message-ID: <Pine.LNX.4.44.0704231631541.2053-100000@bitblit.net>

On Mon, 23 Apr 2007, Adler Medrado wrote:

> no... shame is the nyc-ruby happen on the same day as the nyphp meetings ;-)

But its Ruby Tuesday you see... ;-)


-- 
Aj.



From shiflett at php.net  Mon Apr 23 16:45:06 2007
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 23 Apr 2007 16:45:06 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <Pine.LNX.4.44.0704231631541.2053-100000@bitblit.net>
References: <Pine.LNX.4.44.0704231631541.2053-100000@bitblit.net>
Message-ID: <462D1AD2.6070903@php.net>

Ajai Khattri wrote:
> But its Ruby Tuesday you see... ;-)

Goodbye, Ruby Tuesday. :-)

http://en.wikipedia.org/wiki/Ruby_Tuesday

Chris

-- 
Chris Shiflett
http://shiflett.org/


From susan_shemin at yahoo.com  Mon Apr 23 16:42:21 2007
From: susan_shemin at yahoo.com (Susan Shemin)
Date: Mon, 23 Apr 2007 13:42:21 -0700 (PDT)
Subject: [nycphp-talk] April Meeting - Security 2.0
Message-ID: <570149.9508.qm@web50209.mail.re2.yahoo.com>

ah, it's too late to register -- hope you put a summary here!

Susan


----- Original Message ----
From: Aaron Fischer <agfische at email.smith.edu>
To: NYPHP Talk <talk at lists.nyphp.org>
Sent: Monday, April 23, 2007 3:46:48 PM
Subject: Re: [nycphp-talk] April Meeting - Security 2.0


Oh darn, I'm not going to be able to make it.  (I would be driving  
from a bit of a distance).

However, I'm very interested in the presentation.  I hope it will be  
recorded?

-Aaron


On Apr 23, 2007, at 3:42 PM, Chris Shiflett wrote:

> As just announced today, I'm giving tomorrow's talk, and the topic is
> Security 2.0. Yeah, I'm poking fun at Web 2.0 with the title, but  
> there
> are some interesting things that have been happening in web  
> application
> security partly due to Web 2.0, and I think this will be a fun /
> interesting talk.
>
> I worked on the my slides over the weekend, but if anyone has any
> specific curiosities or questions that fit within the "emerging web
> application security trends" topic, please let me know, and I'll do my
> best to accommodate.
>
> As a bribe, I'll be bringing a copy or two of Essential PHP  
> Security to
> give away:
>
> http://phpsecurity.org/
>
> Hope to see you there. :-)
>
> Chris
>
> -- 
> Chris Shiflett
> http://shiflett.org/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070423/5e1ab618/attachment.html>

From shiflett at php.net  Mon Apr 23 16:48:38 2007
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 23 Apr 2007 16:48:38 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <570149.9508.qm@web50209.mail.re2.yahoo.com>
References: <570149.9508.qm@web50209.mail.re2.yahoo.com>
Message-ID: <462D1BA6.908@php.net>

Susan Shemin wrote:
> ah, it's too late to register

I think you have until 3:00 PM tomorrow to RSVP:

http://nyphp.org/rsvp.php

Chris

-- 
Chris Shiflett
http://shiflett.org/


From shiflett at php.net  Mon Apr 23 16:50:37 2007
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 23 Apr 2007 16:50:37 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <462D1BA6.908@php.net>
References: <570149.9508.qm@web50209.mail.re2.yahoo.com> <462D1BA6.908@php.net>
Message-ID: <462D1C1D.4000503@php.net>

> I think you have until 3:00 PM tomorrow to RSVP:
> 
> http://nyphp.org/rsvp.php

My mistake. Today is the 23rd. :-)

Regardless, I bet you can still RSVP. Can anyone confirm?

Chris

-- 
Chris Shiflett
http://shiflett.org/


From krook at us.ibm.com  Mon Apr 23 16:57:08 2007
From: krook at us.ibm.com (Daniel Krook)
Date: Mon, 23 Apr 2007 16:57:08 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <462D1C1D.4000503@php.net>
Message-ID: <OF9F7569FA.C1B8E2B1-ON852572C6.007300A7-852572C6.007318F3@us.ibm.com>

> > I think you have until 3:00 PM tomorrow to RSVP:
> > 
> > http://nyphp.org/rsvp.php
> 
> My mistake. Today is the 23rd. :-)
> 
> Regardless, I bet you can still RSVP. Can anyone confirm?
> 
> Chris


RSVP is open till midnight tonight.  Don't forget your picture IDs 
tomorrow!



Daniel Krook
Content Tools Developer - SCSA, SCJP, SCWCD, ZCE
Global Production Services - Tools, ibm.com




From lists at zaunere.com  Mon Apr 23 17:15:34 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Mon, 23 Apr 2007 17:15:34 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <462D1BA6.908@php.net>
References: <570149.9508.qm@web50209.mail.re2.yahoo.com> <462D1BA6.908@php.net>
Message-ID: <016f01c785ec$88039260$650aa8c0@MobileZ>


Chris Shiflett wrote on Monday, April 23, 2007 4:49 PM:
> Susan Shemin wrote:
> > ah, it's too late to register
> 
> I think you have until 3:00 PM tomorrow to RSVP:

Yes, and feel free to RSVP - we still have time.

H



From ajai at bitblit.net  Mon Apr 23 17:21:57 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Mon, 23 Apr 2007 17:21:57 -0400 (EDT)
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <462D1AD2.6070903@php.net>
Message-ID: <Pine.LNX.4.44.0704231721450.2053-100000@bitblit.net>

On Mon, 23 Apr 2007, Chris Shiflett wrote:

> Goodbye, Ruby Tuesday. :-)
> 
> http://en.wikipedia.org/wiki/Ruby_Tuesday

You mean: http://en.wikipedia.org/wiki/Ruby_Tuesday_%28restaurant%29


-- 
Aj.



From shiflett at php.net  Mon Apr 23 17:53:14 2007
From: shiflett at php.net (Chris Shiflett)
Date: Mon, 23 Apr 2007 17:53:14 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <Pine.LNX.4.44.0704231721450.2053-100000@bitblit.net>
References: <Pine.LNX.4.44.0704231721450.2053-100000@bitblit.net>
Message-ID: <462D2ACA.2060308@php.net>

Ajai Khattri wrote:
> > Goodbye, Ruby Tuesday. :-)
> >
> > http://en.wikipedia.org/wiki/Ruby_Tuesday
> 
> You mean: http://en.wikipedia.org/wiki/Ruby_Tuesday_%28restaurant%29

Nope, that's too much of a reach - no one would get it. (A restaurant
named after a song that contains the lyrics mentioned above.) The
original link is to the song.

Chris

-- 
Chris Shiflett
http://shiflett.org/


From jonbaer at jonbaer.com  Mon Apr 23 18:17:38 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Mon, 23 Apr 2007 18:17:38 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <Pine.LNX.4.44.0704231552390.2053-100000@bitblit.net>
References: <Pine.LNX.4.44.0704231552390.2053-100000@bitblit.net>
Message-ID: <37D0EA6F-ECF7-48B5-8743-A12858FA0F9D@jonbaer.com>

Man ... you just had GoRuCo, how much Ruby can you take?  ;-) j/k

Im sure some of the Security 2.0 details apply to the world of Rails  
as well.  I agree a dodgeball match is the works as Id like to attend  
both meetups as well ...

- Jon

On Apr 23, 2007, at 3:53 PM, Ajai Khattri wrote:

> On Mon, 23 Apr 2007, Aaron Fischer wrote:
>
>> However, I'm very interested in the presentation.  I hope it will be
>> recorded?
>
> Its a shame the NYPHP meetings happen on the same day as the nyc-ruby
> meetings :-(
>
>
> -- 
> Aj.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From ramons at gmx.net  Mon Apr 23 20:20:04 2007
From: ramons at gmx.net (David Krings)
Date: Mon, 23 Apr 2007 20:20:04 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <462898FC.3020606@gmx.net>
References: <462898FC.3020606@gmx.net>
Message-ID: <462D4D34.5050104@gmx.net>

David Krings wrote:
> Hi!
> 
> Is there any way I can check which sessions are currently active and 
> which aren't? I like to add some housekeeping code, but taking away 
> things from active sessions would be just mean.
> 

OK! Apparently my question was so stupid that nobody could produce an 
answer that low to reach my level. So I do it myself. ;)
My plan is to create a session, authenticate the user, then generate a 
new session ID for the session )I read that this improves security and 
is easy enough to do), write that to a table with a time stamp and upon 
login (who bothers to log out correctly??) check the timestamps against 
now and make a decision if the session is stale and can have its temp 
folder ditched. That way I keep track of 'my' sessions rather than 
trying to figure out which ones are mine from all the sessions the 
server may have.

Sounds reasonable? Standard practice? OK, maybe, but I'm doing this for 
the first time and try to write and understand the code myself. Copying 
is cheating, reinventing the wheel is so much more fun....for a hobbyist 
like me.

Thanks for not answering and making me think about this a few days. No 
really, that was much better than getting an answer in five minutes.


David


From jonbaer at jonbaer.com  Mon Apr 23 21:10:11 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Mon, 23 Apr 2007 21:10:11 -0400
Subject: [nycphp-talk] SwiftMailer (alternative to PHPMailer)
Message-ID: <983600F2-E14D-48AC-AD03-20315A177177@jonbaer.com>

Hadn't seen this on the list before (sorry if report) but recently  
needed a mailer with Gmail TLS support to interact with Google Apps  
and came across this nice library as an alternative to PHPMailer:

http://www.swiftmailer.org

-snip-
The current list of features includes:

     * Send uses one single connection to the SMTP server or MTA
     * Doesn't rely on mail()
     * Custom Headers
     * Multiple encoding options
     * Unlimited redundant connections (can use mixed types too)
     * Connection rotating/load balancing
     * TLS Support - for Gmail servers
     * Embedded Images or other file types
     * Builds and sends Multipart messages
     * Sends single-part emails as usual
     * Extremely flexible message customization when sending to a  
list (via plugin)
     * Fast Cc and Bcc handling
     * Unicode UTF-8 support, with auto-detection
     * Handles denied recipients in batch mailing whilst still  
delivering to the others
     * Smart runtime caching (in small, self-maintained packets)
     * Send attachments of ANY size even with PHP's 8MB Memory Limit
     * Optional auto-detection of SMTP or Sendmail settings
     * Batch emailing with multiple To's or without
     * Send to hundreds of thousands of addresses without cron
     * Support for multiple attachments
     * Protection against header injection
     * Set message priority
     * Request Read Receipts
     * Sendmail (or other binary) support
     * Pluggable SMTP Authentication (LOGIN, PLAIN, MD5-CRAM, POP  
Before SMTP)
     * Anti-Flooding support (reconnect every X emails) via plugin
     * Throttling support to limit bandwidth/resources used
     * Bandwidth tracking and monitoring via plugin
     * Secure Socket Layer connections (SSL)
     * Loadable plugin support with event handling features

- Jon


From ajai at bitblit.net  Tue Apr 24 02:27:07 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Tue, 24 Apr 2007 02:27:07 -0400 (EDT)
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <37D0EA6F-ECF7-48B5-8743-A12858FA0F9D@jonbaer.com>
Message-ID: <Pine.LNX.4.44.0704240223480.2053-100000@bitblit.net>

On Mon, 23 Apr 2007, Jon Baer wrote:

> Man ... you just had GoRuCo, how much Ruby can you take?  ;-) j/k

Well seeing how its my responsibility to lock up Bway's office after 
the NYC Ruby meetings I dont have much choice!

> Im sure some of the Security 2.0 details apply to the world of Rails  
> as well.  I agree a dodgeball match is the works as Id like to attend  
> both meetups as well ...

Alas, ideally Id attend both if I could...


-- 
Aj.



From ken at secdat.com  Tue Apr 24 08:00:39 2007
From: ken at secdat.com (Kenneth Downs)
Date: Tue, 24 Apr 2007 08:00:39 -0400
Subject: [nycphp-talk] [Announce] Andromeda on Windows
Message-ID: <462DF167.9050802@secdat.com>

Andromeda is an application framework written in PHP.

We have been working lately to have it running on Windows.  With 
feedback from users we have identified and removed the largest glitches 
and now are able to use Andromeda on Windows for regular Andromeda 
development.

The features that we have tabled for now involve source and version 
control, so a person using Andromeda on Windows today would have to 
manually copy files from a dev machine to a production machine.

Andromeda makes use of Postgres (not mySQL), but you don't have to know 
much about Postgres, the install of Postgres runs pretty smooth in our 
experience, and it is not known to interfere with mySQL (any feedback on 
that would be welcome).

We have a special page just for installing on Windows:

http://www.andromeda-project.org/pages/cms/Running+On+Windows

-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527



From tedd at sperling.com  Tue Apr 24 09:13:39 2007
From: tedd at sperling.com (tedd)
Date: Tue, 24 Apr 2007 09:13:39 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <462D0C25.9050603@php.net>
References: <462D0C25.9050603@php.net>
Message-ID: <p06240805c253b1c850ef@[192.168.1.102]>

At 3:42 PM -0400 4/23/07, Chris Shiflett wrote:
>  if anyone has any
>specific curiosities or questions that fit within the "emerging web
>application security trends" topic, please let me know, and I'll do my
>best to accommodate.

Chris:

How about recording this talk as a podcast and putting that on your 
site for everyone who can't attend.

Cheers,

tedd
-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From shiflett at php.net  Tue Apr 24 09:29:42 2007
From: shiflett at php.net (Chris Shiflett)
Date: Tue, 24 Apr 2007 09:29:42 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <p06240805c253b1c850ef@[192.168.1.102]>
References: <462D0C25.9050603@php.net> <p06240805c253b1c850ef@[192.168.1.102]>
Message-ID: <462E0646.9020709@php.net>

Hi Tedd,

> How about recording this talk as a podcast and putting that on your
> site for everyone who can't attend.

I'd love to, but my MP3 recorder is with my colleagues at the MySQL
conference. Anyone else have one?

Chris

-- 
Chris Shiflett
http://shiflett.org/


From support at dailytechnology.net  Tue Apr 24 09:36:32 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Tue, 24 Apr 2007 09:36:32 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <462E0646.9020709@php.net>
References: <462D0C25.9050603@php.net> <p06240805c253b1c850ef@[192.168.1.102]>
	<462E0646.9020709@php.net>
Message-ID: <462E07E0.7080201@dailytechnology.net>

I have a Zen that does a pretty decent job of recording. I'll try to 
remember to bring it tonight.

- Brian

Chris Shiflett wrote:
> Hi Tedd,
> 
>> How about recording this talk as a podcast and putting that on your
>> site for everyone who can't attend.
> 
> I'd love to, but my MP3 recorder is with my colleagues at the MySQL
> conference. Anyone else have one?
> 
> Chris
> 

-- 

Thanks!
- Brian Dailey
Software Developer
New York, NY
www.dailytechnology.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: support.vcf
Type: text/x-vcard
Size: 250 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070424/fa1f6dcd/attachment.vcf>

From agfische at email.smith.edu  Tue Apr 24 09:53:41 2007
From: agfische at email.smith.edu (Aaron Fischer)
Date: Tue, 24 Apr 2007 09:53:41 -0400
Subject: [nycphp-talk] RSVP for tonight
Message-ID: <0BE7FF91-7C43-4039-A86A-03BE61416453@email.smith.edu>

Hmmm, I RSVP'd last night just after midnight.  Am I on the list or  
was that too late?

Just want to make sure as I would be driving from a distance.

Thanks,

-Aaron



From lists at zaunere.com  Tue Apr 24 10:04:03 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Tue, 24 Apr 2007 10:04:03 -0400
Subject: [nycphp-talk] RSVP for tonight
In-Reply-To: <0BE7FF91-7C43-4039-A86A-03BE61416453@email.smith.edu>
References: <0BE7FF91-7C43-4039-A86A-03BE61416453@email.smith.edu>
Message-ID: <00ad01c78679$6a5b1f70$650aa8c0@MobileZ>


Aaron Fischer wrote on Tuesday, April 24, 2007 9:54 AM:
> Hmmm, I RSVP'd last night just after midnight.  Am I on the list or
> was that too late?

You're on the list and set...

H




From agfische at email.smith.edu  Tue Apr 24 11:25:29 2007
From: agfische at email.smith.edu (Aaron Fischer)
Date: Tue, 24 Apr 2007 11:25:29 -0400
Subject: [nycphp-talk] NYC spot where I can work today?
Message-ID: <B5032AAC-4FC7-451A-B66B-AA46EA4D0F2E@email.smith.edu>

Hi all,

Looks like I'll be driving in to the city for the meeting tonight.   
I'm planning on coming in early and am looking for a place where I  
can sit down and get some work done with my laptop.

Any suggestions, like an internet cafe or something?
Necessary - being able to plug in to a power outlet
Optional, but definitely helpful - internet access (preferably free)

Thanks!

-Aaron



From support at dailytechnology.net  Tue Apr 24 11:31:12 2007
From: support at dailytechnology.net (Brian Dailey)
Date: Tue, 24 Apr 2007 11:31:12 -0400
Subject: [nycphp-talk] NYC spot where I can work today?
In-Reply-To: <B5032AAC-4FC7-451A-B66B-AA46EA4D0F2E@email.smith.edu>
References: <B5032AAC-4FC7-451A-B66B-AA46EA4D0F2E@email.smith.edu>
Message-ID: <462E22C0.4020309@dailytechnology.net>

Aaron,

There's a cool little place just west of Washington Square park (just 
north of W 3rd Street, two blocks west of the square, I think) called 
"Tea Spot" that has free wifi and decent drinks. It can occasionally be 
pretty busy, but there are ample power-hookups (there's a basement 
downstairs where you can work in addition to the entrance).

- Brian

Aaron Fischer wrote:
> Hi all,
> 
> Looks like I'll be driving in to the city for the meeting tonight.  I'm 
> planning on coming in early and am looking for a place where I can sit 
> down and get some work done with my laptop.
> 
> Any suggestions, like an internet cafe or something?
> Necessary - being able to plug in to a power outlet
> Optional, but definitely helpful - internet access (preferably free)
> 
> Thanks!
> 
> -Aaron
> 
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
> 

-- 

Thanks!
- Brian Dailey
Software Developer
New York, NY
www.dailytechnology.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: support.vcf
Type: text/x-vcard
Size: 250 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070424/40746724/attachment.vcf>

From lists at zaunere.com  Tue Apr 24 11:31:59 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Tue, 24 Apr 2007 11:31:59 -0400
Subject: [nycphp-talk] NYC spot where I can work today?
In-Reply-To: <B5032AAC-4FC7-451A-B66B-AA46EA4D0F2E@email.smith.edu>
References: <B5032AAC-4FC7-451A-B66B-AA46EA4D0F2E@email.smith.edu>
Message-ID: <000901c78685$b3297740$720aa8c0@MobileZ>


> Looks like I'll be driving in to the city for the meeting tonight.
> I'm planning on coming in early and am looking for a place where I
> can sit down and get some work done with my laptop.
> 
> Any suggestions, like an internet cafe or something?
> Necessary - being able to plug in to a power outlet
> Optional, but definitely helpful - internet access (preferably free)

We have all of that... but we charge per amp of power usage (kidding)

You're welcome to come down to our offices - 55 Broad street.  Give me an
offline email and I'll get you my cell.


---
Hans Zaunere / President / New York PHP
    www.nyphp.org  /  www.nyphp.com




From susan_shemin at yahoo.com  Tue Apr 24 11:43:07 2007
From: susan_shemin at yahoo.com (Susan Shemin)
Date: Tue, 24 Apr 2007 08:43:07 -0700 (PDT)
Subject: [nycphp-talk] NYC spot where I can work today?
Message-ID: <248472.69965.qm@web50204.mail.re2.yahoo.com>

There's an open area in the building between 55 and 56 right off Madison.  Wonderful place to work -- I'll probably also use it for a while.

Susan


----- Original Message ----
From: Aaron Fischer <agfische at email.smith.edu>
To: NYPHP-Talk <talk at lists.nyphp.org>
Sent: Tuesday, April 24, 2007 11:25:29 AM
Subject: [nycphp-talk] NYC spot where I can work today?


Hi all,

Looks like I'll be driving in to the city for the meeting tonight.   
I'm planning on coming in early and am looking for a place where I  
can sit down and get some work done with my laptop.

Any suggestions, like an internet cafe or something?
Necessary - being able to plug in to a power outlet
Optional, but definitely helpful - internet access (preferably free)

Thanks!

-Aaron

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070424/9644e22d/attachment.html>

From ajai at bitblit.net  Tue Apr 24 11:59:33 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Tue, 24 Apr 2007 11:59:33 -0400 (EDT)
Subject: [nycphp-talk] NYC spot where I can work today?
In-Reply-To: <B5032AAC-4FC7-451A-B66B-AA46EA4D0F2E@email.smith.edu>
Message-ID: <Pine.LNX.4.44.0704241157530.2053-100000@bitblit.net>

On Tue, 24 Apr 2007, Aaron Fischer wrote:

> Looks like I'll be driving in to the city for the meeting tonight.   
> I'm planning on coming in early and am looking for a place where I  
> can sit down and get some work done with my laptop.
> 
> Any suggestions, like an internet cafe or something?
> Necessary - being able to plug in to a power outlet
> Optional, but definitely helpful - internet access (preferably free)

Since its warm outside, you might prefer to sit in a park. Most of the 
parks in the city have had free WiFi for a few years now...

See nycwireless.net for info and node maps.


-- 
Aj.



From pyurt at yahoo.com  Tue Apr 24 12:39:21 2007
From: pyurt at yahoo.com (P Yurt)
Date: Tue, 24 Apr 2007 09:39:21 -0700 (PDT)
Subject: [nycphp-talk] NYC spot where I can work today?
Message-ID: <917605.33964.qm@web52210.mail.re2.yahoo.com>

NY Public Library is Great on 42nd & 5th Ave 

Paul Yurt
The more credible, accurate & honest Web: www.mastermoz.com 

-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Aaron Fischer
Sent: Tuesday, April 24, 2007 8:25 AM
To: NYPHP-Talk
Subject: [nycphp-talk] NYC spot where I can work today?

Hi all,

Looks like I'll be driving in to the city for the meeting
tonight.   
I'm planning on coming in early and am looking for a place where
I  
can sit down and get some work done with my laptop.

Any suggestions, like an internet cafe or something?
Necessary - being able to plug in to a power outlet
Optional, but definitely helpful - internet access (preferably
free)

Thanks!

-Aaron

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php



From agfische at email.smith.edu  Tue Apr 24 13:30:24 2007
From: agfische at email.smith.edu (Aaron Fischer)
Date: Tue, 24 Apr 2007 13:30:24 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <462D0C25.9050603@php.net>
References: <462D0C25.9050603@php.net>
Message-ID: <6F627A68-BAE9-4A3D-B46F-A7CEFE403493@email.smith.edu>

I already have a copy of Essential PHP Security.  So I guess my bribe  
is that you have to sign it.  =)

-Aaron

On Apr 23, 2007, at 3:42 PM, Chris Shiflett wrote:

> As just announced today, I'm giving tomorrow's talk, and the topic is
> Security 2.0. Yeah, I'm poking fun at Web 2.0 with the title, but  
> there
> are some interesting things that have been happening in web  
> application
> security partly due to Web 2.0, and I think this will be a fun /
> interesting talk.
>
> I worked on the my slides over the weekend, but if anyone has any
> specific curiosities or questions that fit within the "emerging web
> application security trends" topic, please let me know, and I'll do my
> best to accommodate.
>
> As a bribe, I'll be bringing a copy or two of Essential PHP  
> Security to
> give away:
>
> http://phpsecurity.org/
>
> Hope to see you there. :-)
>
> Chris
>
> -- 
> Chris Shiflett
> http://shiflett.org/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From tedd at sperling.com  Tue Apr 24 15:00:49 2007
From: tedd at sperling.com (tedd)
Date: Tue, 24 Apr 2007 15:00:49 -0400
Subject: [nycphp-talk] April Meeting - Security 2.0
In-Reply-To: <6F627A68-BAE9-4A3D-B46F-A7CEFE403493@email.smith.edu>
References: <462D0C25.9050603@php.net>
	<6F627A68-BAE9-4A3D-B46F-A7CEFE403493@email.smith.edu>
Message-ID: <p0624080fc2540406539b@[192.168.1.102]>

At 1:30 PM -0400 4/24/07, Aaron Fischer wrote:
>I already have a copy of Essential PHP Security.  So I guess my 
>bribe is that you have to sign it.  =)
>
>-Aaron


Hey, I would like to have mine signed as well -- but can't attend.

Chris, can you sign a check for me and send it instead?

Cheers,

tedd


-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com


From anieshjoseph at gmail.com  Wed Apr 25 01:10:43 2007
From: anieshjoseph at gmail.com (Aniesh joseph)
Date: Wed, 25 Apr 2007 10:40:43 +0530
Subject: [nycphp-talk] Update a table using AJAX
Message-ID: <1b3d2fde0704242210x606ad162u7b2d9eee10a0f3b7@mail.gmail.com>

Hello

I have a html form with action to paypal's site. When submitting the page, I
need to update the table with the form values( USING AJAX) .

To do this I write the following code.

<script>

/* Call this function on the onClick of the submit button */

function check_form_values()
{
    /* Inside this function I check wether the USER enters the details */

    ajaxFunction();

    /*  IT WORKS PERFECTLY IF WE UNCOMMENT THIS ALERT PAGE  */
}



function ajaxFunction()
{

append_url =
'contact_info.php?contact_id='+document.form1.user_id.value+'&contact_name='+document.form1.contact_name.value+'&position='+document.form1.position.value+'&email='+document.form1.email.value+'&telephone='+document.form1.telephone.value+'&mobile='+document.form1.mobile.value+'&company='+document.form1.company.value+'&address='+document.form1.address.value;

  var xmlHttp;
  try
    {
    // Firefox, Opera 8.0+, Safari
    xmlHttp=new XMLHttpRequest();
    }
  catch (e)
    {
    // Internet Explorer
    try
      {
      xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
      }
    catch (e)
      {
      try
        {
        xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
        }
      catch (e)
        {
        alert("Your browser does not support AJAX!");
        return false;
        }
      }
    }
    xmlHttp.onreadystatechange=function()
    {
          if(xmlHttp.readyState==4)
           {
        //response_txt         =    xmlHttp.responseText;

       }
    }
    xmlHttp.open("GET",append_url,true);
    xmlHttp.send(null);

  }

</script>

I am trying to update the table using the contact_id field, I did not return
any values from AJAX action page.

But this code did not work properly.


If I uncomment the alert inside the function "check_form_values()", then
updation will work perfectly.


Can someone help me to fix this problem ?


Regards
Aniesh Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070425/6f7d15d5/attachment.html>

From anieshjoseph at gmail.com  Thu Apr 26 04:31:10 2007
From: anieshjoseph at gmail.com (Aniesh joseph)
Date: Thu, 26 Apr 2007 14:01:10 +0530
Subject: [nycphp-talk] Send HTML mail with Javascript function
Message-ID: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com>

Hello All,

I am trying to send one mail with HTML content. To do this, I have added HML
header to mail function.

Inside the content, I added a Javascript function that calls a Ajax Page( to
send one mail to my mail address).

I called this Javascript function on the onload of body of html like

<html>

<head>

/* Javscript function and make call to AJAX action page */

</head>

<body onload="return functionname();">

 /*matter*/

</body>
</html>


But it did not work . Can we able to call JavaScript when loading the
content inside the mail ?

Can somebody help me?

Regards,
Aniesh Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070426/92f518a1/attachment.html>

From ramons at gmx.net  Thu Apr 26 06:29:42 2007
From: ramons at gmx.net (David Krings)
Date: Thu, 26 Apr 2007 06:29:42 -0400
Subject: [nycphp-talk] Send HTML mail with Javascript function
In-Reply-To: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com>
References: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com>
Message-ID: <46307F16.9080202@gmx.net>

Aniesh joseph wrote:
> 
> Hello All,
> 
> I am trying to send one mail with HTML content. To do this, I have added 
> HML header to mail function.
> 

I really wonder why? HTML is for port 80, not 21. HTML in emails is IMHO 
the biggest waste ever. Nobody likes it, but almost everybody sends it.
If it is about adding graphics or other non-text content that is 
necessary, create an attachment.
Sorry to sound so harsh, but in fact, not doing HTML emails will likely 
solve your problem.

David


From rmarscher at beaffinitive.com  Thu Apr 26 11:39:17 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Thu, 26 Apr 2007 11:39:17 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <462D4D34.5050104@gmx.net>
References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net>
Message-ID: <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>

>> Is there any way I can check which sessions are currently active  
>> and which aren't? I like to add some housekeeping code, but taking  
>> away things from active sessions would be just mean.

Check out the documentation for session_set_save_handler -- http:// 
us.php.net/manual/en/function.session-set-save-handler.php  This is  
how you can override the way php handles sessions by default and put  
in your own code.  The "gc" function (stands for garbage collection)  
is where the "housekeeping" code goes.  Note that the default php  
session handlers should be cleaning up the expired session temp files  
for you automatically.  The location for these temp files is  
specified by the session.save_path php.ini setting.

> My plan is to create a session, authenticate the user, then  
> generate a new session ID for the session )I read that this  
> improves security and is easy enough to do)

As far as regenerating the session id after login, it *is* simple --  
http://us.php.net/manual/en/function.session-regenerate-id.php -- but  
if you're overwriting the default session handler to store sessions  
in a database table, you need to make sure that it's getting updated  
the way you expect.

------------------
Rob Marscher
Software Engineer
rmarscher at beaffinitive.com
212.684.9100x17




From lists at enobrev.com  Thu Apr 26 14:34:31 2007
From: lists at enobrev.com (Mark Armendariz)
Date: Thu, 26 Apr 2007 14:34:31 -0400
Subject: [nycphp-talk] Send HTML mail with Javascript function
In-Reply-To: <46307F16.9080202@gmx.net>
References: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com>
	<46307F16.9080202@gmx.net>
Message-ID: <01b001c78831$886a2060$6400a8c0@enobrev>

 
> Aniesh joseph wrote:
> > 
> > Hello All,
> > 
> > I am trying to send one mail with HTML content. To do this, I have 
> > added HML header to mail function.
> > 
> 
> I really wonder why? HTML is for port 80, not 21. HTML in 
> emails is IMHO the biggest waste ever. 

I'm not sure I can agree, David.  HTML is merely a markup language meant for
improving how information looks and definitely has a place in our most used
means of commication.  We have things such as bold, italics, listings, etc
in all printing apps because how they help us communicate.  Sure, some can
be mocked in plain text but what's so wrong with someone selecting text and
hitting ctrl-b to bold the text and having a standard any email client /
browser will understand.

As for images within, it can easily be misused, but so can ascii art and
bananas in tail pipes.  Just because it's handled poorly and poorly utilized
doesn't mean it should be done away with.

As for Javascript in emails, I'm not sure that email clients will run it,
and if they do, I expect they would block XHR for security risks.  I really
really hope they would.  XHR in emails worries me.  If you're trying to
track emails, consider adding an image and tracking that image's load -
allowing the user the option to turn on their images in most modern clients.
Or even better, give them a link to click and let them choose to be tracked
(if that's what you're using it for).

Mark



From susan_shemin at yahoo.com  Thu Apr 26 15:24:22 2007
From: susan_shemin at yahoo.com (Susan Shemin)
Date: Thu, 26 Apr 2007 12:24:22 -0700 (PDT)
Subject: [nycphp-talk] wonderful presentation on Tuesday
Message-ID: <895514.65811.qm@web50206.mail.re2.yahoo.com>

Chris did an excellent job with the introduction on how to make PHP code more secure.  Love that he used an Ajax example.

I do have a question since I wasn't able to go to the question time at TGIFriday's.

How ever can someone inject their code/script onto my webpage?  The code is on my server so they don't have access to it.  Am I missing something here?

Susan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070426/5b000869/attachment.html>

From rmarscher at beaffinitive.com  Thu Apr 26 16:43:48 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Thu, 26 Apr 2007 16:43:48 -0400
Subject: [nycphp-talk] wonderful presentation on Tuesday
In-Reply-To: <895514.65811.qm@web50206.mail.re2.yahoo.com>
References: <895514.65811.qm@web50206.mail.re2.yahoo.com>
Message-ID: <7250C145-3D49-45E5-A588-D23E543797A8@beaffinitive.com>

> How ever can someone inject their code/script onto my webpage?  The  
> code is on my server so they don't have access to it.  Am I missing  
> something here?

If you allow the user to submit anything that is then displayed our  
your site, they can inject javascript code unless you do a very good  
job "sanitizing" the user input.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070426/b5e32d3d/attachment.html>

From chsnyder at gmail.com  Thu Apr 26 17:08:36 2007
From: chsnyder at gmail.com (csnyder)
Date: Thu, 26 Apr 2007 17:08:36 -0400
Subject: [nycphp-talk] wonderful presentation on Tuesday
In-Reply-To: <7250C145-3D49-45E5-A588-D23E543797A8@beaffinitive.com>
References: <895514.65811.qm@web50206.mail.re2.yahoo.com>
	<7250C145-3D49-45E5-A588-D23E543797A8@beaffinitive.com>
Message-ID: <b76252690704261408t5afd0d4cjd415d1ac9cf3470d@mail.gmail.com>

On 4/26/07, Rob Marscher <rmarscher at beaffinitive.com> wrote:
>
> How ever can someone inject their code/script onto my webpage?  The code is
> on my server so they don't have access to it.  Am I missing something here?
>
> If you allow the user to submit anything that is then displayed our your
> site, they can inject javascript code unless you do a very good job
> "sanitizing" the user input.

And the submission may not just be limited to $_GET and $_POST... many
of the $_SERVER vars can be problematic as well.

The example Chris gave about Google's old 404 page, where it echoed
the requested URI without escaping it first, could have been exploited
by sending the following link to someone. I don't remember the
mechanism exactly, but perhaps something like:

<a href="http://www.google.com/something/not/found/%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E">hey
victim, click here</a>

Given that link, if Google were to echo the value of
$_SERVER['SCRIPT_URL'] without escaping, it would inject
<script>alert('XSS');</script> into the page.

-- 
Chris Snyder
http://chxo.com/


From susan_shemin at yahoo.com  Thu Apr 26 17:19:17 2007
From: susan_shemin at yahoo.com (Susan Shemin)
Date: Thu, 26 Apr 2007 14:19:17 -0700 (PDT)
Subject: [nycphp-talk] wonderful presentation on Tuesday
Message-ID: <730099.7462.qm@web50202.mail.re2.yahoo.com>

That makes sense with database data, but how about "hijacking" the submit button by putting their script on the button/image that sends the login info to a different domain site?

I'm not really looking for a specific how it's done (of course), but more for how ever is it possible if the webpage code is in a secure place?


----- Original Message ----
From: Rob Marscher <rmarscher at beaffinitive.com>
To: NYPHP Talk <talk at lists.nyphp.org>
Sent: Thursday, April 26, 2007 4:43:48 PM
Subject: Re: [nycphp-talk] wonderful presentation on Tuesday


How ever can someone inject their code/script onto my webpage?  The code is on my server so they don't have access to it.  Am I missing something here?


If you allow the user to submit anything that is then displayed our your site, they can inject javascript code unless you do a very good job "sanitizing" the user input.


_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070426/aa3172f8/attachment.html>

From ramons at gmx.net  Thu Apr 26 19:07:29 2007
From: ramons at gmx.net (David Krings)
Date: Thu, 26 Apr 2007 19:07:29 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>
References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net>
	<08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>
Message-ID: <463130B1.6040303@gmx.net>

Rob Marscher wrote:
>>> Is there any way I can check which sessions are currently active and 
>>> which aren't? I like to add some housekeeping code, but taking away 
>>> things from active sessions would be just mean.
> 
> Check out the documentation for session_set_save_handler -- 
> http://us.php.net/manual/en/function.session-set-save-handler.php  This 
> is how you can override the way php handles sessions by default and put 
> in your own code.  The "gc" function (stands for garbage collection) is 
> where the "housekeeping" code goes.  Note that the default php session 
> handlers should be cleaning up the expired session temp files for you 
> automatically.  The location for these temp files is specified by the 
> session.save_path php.ini setting.

Thanks for the pointer. I misused the term "temp file". What I do is 
create a folder that has to be unique and therefore is identical with 
the session id. That is not the temp folder that the web server / PHP 
creates when starting a session. I called it temp folder because I dump 
upload files and other stuff in there in order to do all kinds of things 
with it, once done the files are moved to the final resting spot. Since 
all this real client server and stateless stuff doesn't let me know when 
a client just went away, I have to come up with some way of cleaning up 
a bit at some point. When the client goes away right after an upload and 
before initiating the final submission, files may be left in there. 
While some stale folders and files are OK (although not nice), having 
them pile up over time will become a problem. So I need to keep track of 
  the sessions that were generated through my script in order to ditch 
that folder with contents (annoyingly, there seems to be no PHP code 
word that does exactly that) when the session is most likely to be 
expired (24 hours later for example).


>> My plan is to create a session, authenticate the user, then generate a 
>> new session ID for the session )I read that this improves security and 
>> is easy enough to do)
> 
> As far as regenerating the session id after login, it *is* simple -- 
> http://us.php.net/manual/en/function.session-regenerate-id.php -- but if 
> you're overwriting the default session handler to store sessions in a 
> database table, you need to make sure that it's getting updated the way 
> you expect.

Well, my idea is to start the session, do the login and authentication, 
when the user is accepted, regenerate the session id, and then write it 
to the table with a timestamp. I don't see any reason to write the first 
session id to the table, because I throw that one away soon after. I 
really only want to keep the ids because I want to clean up the folders 
that I created.

Sounds like a workable and reliable approach to me...if I'd just had the 
time to finally do it. Working with ZIP files at the moment, which go to 
that session id folder as well. Still haven't really understood how the 
unpacking works and what this new and -> stuff is about, anyhow (OK, I 
read too much Bob Pease).

Thanks for the help,

David


From ramons at gmx.net  Thu Apr 26 19:18:52 2007
From: ramons at gmx.net (David Krings)
Date: Thu, 26 Apr 2007 19:18:52 -0400
Subject: [nycphp-talk] Send HTML mail with Javascript function
In-Reply-To: <01b001c78831$886a2060$6400a8c0@enobrev>
References: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com>	<46307F16.9080202@gmx.net>
	<01b001c78831$886a2060$6400a8c0@enobrev>
Message-ID: <4631335C.1000908@gmx.net>

Mark Armendariz wrote:
>  
>> Aniesh joseph wrote:
>>> Hello All,
>>>
>>> I am trying to send one mail with HTML content. To do this, I have 
>>> added HML header to mail function.
>>>
>> I really wonder why? HTML is for port 80, not 21. HTML in 
>> emails is IMHO the biggest waste ever. 
> 
> I'm not sure I can agree, David.  HTML is merely a markup language meant for
> improving how information looks and definitely has a place in our most used
> means of commication.  We have things such as bold, italics, listings, etc
> in all printing apps because how they help us communicate.  Sure, some can
> be mocked in plain text but what's so wrong with someone selecting text and
> hitting ctrl-b to bold the text and having a standard any email client /
> browser will understand.
> 

Those font attributes are in printing apps because they are printing 
apps. Email is and always was intended and therefore designed to handle 
flat ASCII.
The main reason why I recommend against HTML in emails is that most 
popular email clients apparently have problems with either displaying or 
securely handling it (bad handling: Eudora, security problems see e.g. 
here http://tinyurl.com/267we7 [second page, middle]).

You also refer to very basic font styling, which makes me think if there 
is a need to an email specific markup that does only that, but not all 
the stuff that HTML and ECMAScript can do. Let's say, there would be 
such an ESML (email styling markup language), email clients could simply 
ignore anything else but this.

I had frequent problems with HTML emails and finally got convinced that 
turning all this eye candy crap off is the way to go. Since then I never 
came across a single occasion where I thought, gee, some bold or colour 
is really needed here.

In regards to the original post, when HTML in the email isn't direly 
necessary (which I think it isn't) then the problem goes away, because 
it never occurs. Avoidance is a valid approach to problem handling.

David



From billy.reisinger at gmail.com  Thu Apr 26 22:17:07 2007
From: billy.reisinger at gmail.com (Billy Reisinger)
Date: Thu, 26 Apr 2007 21:17:07 -0500
Subject: [nycphp-talk] Send HTML mail with Javascript function
In-Reply-To: <46307F16.9080202@gmx.net>
References: <1b3d2fde0704260131n742802c1n8665b3acc02f85f1@mail.gmail.com>
	<46307F16.9080202@gmx.net>
Message-ID: <D5A71BD3-0561-4D9F-A332-320353BE0EEF@gmail.com>

I think you meant that HTTP is for port 80.  HTML is a markup  
language, not a protocol.  Anyway, you can use HTTP on any port.   
Port 80 is what is webservers conventionally listen to.

HTML in email is difficult mostly because there are so many email  
clients with different ideas of how to implement the HTML DOM.  Think  
about it: not even the two major browsers on the market today can  
agree on this (Firefox, IE).

I agree that it's a waste of time, but sometimes you don't have  
control over whether you have to do something like this or not.

Billy

On Apr 26, 2007, at 5:29 AM, David Krings wrote:

> Aniesh joseph wrote:
>> Hello All,
>> I am trying to send one mail with HTML content. To do this, I have  
>> added HML header to mail function.
>
> I really wonder why? HTML is for port 80, not 21. HTML in emails is  
> IMHO the biggest waste ever. Nobody likes it, but almost everybody  
> sends it.
> If it is about adding graphics or other non-text content that is  
> necessary, create an attachment.
> Sorry to sound so harsh, but in fact, not doing HTML emails will  
> likely solve your problem.
>
> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From pyurt at yahoo.com  Fri Apr 27 06:36:20 2007
From: pyurt at yahoo.com (P Yurt)
Date: Fri, 27 Apr 2007 03:36:20 -0700 (PDT)
Subject: [nycphp-talk] Send HTML mail with Javascript function
Message-ID: <573855.46031.qm@web52204.mail.re2.yahoo.com>

I get newsletters and flyers which have a picture based layouts.
If I turn
off HTML I cannot get a quick look at the page a know anything. 

To me this is a case where HTML mail is desirable and
beneficial. I am not
so sure I want my mail client doing AJAX round trips. There is
way too much
spam already, let alone spam which has dynamic content
updates...that
worries me. 

Paul Yurt
The more credible, accurate & honest Web: www.mastermoz.com 

-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org] On
Behalf Of David Krings
Sent: Thursday, April 26, 2007 4:19 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Send HTML mail with Javascript
function

Mark Armendariz wrote:
>  
>> Aniesh joseph wrote:
>>> Hello All,
>>>
>>> I am trying to send one mail with HTML content. To do this,
I have 
>>> added HML header to mail function.
>>>
>> I really wonder why? HTML is for port 80, not 21. HTML in 
>> emails is IMHO the biggest waste ever. 
> 
> I'm not sure I can agree, David.  HTML is merely a markup
language meant
for
> improving how information looks and definitely has a place in
our most
used
> means of commication.  We have things such as bold, italics,
listings, etc
> in all printing apps because how they help us communicate. 
Sure, some can
> be mocked in plain text but what's so wrong with someone
selecting text
and
> hitting ctrl-b to bold the text and having a standard any
email client /
> browser will understand.
> 

Those font attributes are in printing apps because they are
printing 
apps. Email is and always was intended and therefore designed to
handle 
flat ASCII.
The main reason why I recommend against HTML in emails is that
most 
popular email clients apparently have problems with either
displaying or 
securely handling it (bad handling: Eudora, security problems
see e.g. 
here http://tinyurl.com/267we7 [second page, middle]).

You also refer to very basic font styling, which makes me think
if there 
is a need to an email specific markup that does only that, but
not all 
the stuff that HTML and ECMAScript can do. Let's say, there
would be 
such an ESML (email styling markup language), email clients
could simply 
ignore anything else but this.

I had frequent problems with HTML emails and finally got
convinced that 
turning all this eye candy crap off is the way to go. Since then
I never 
came across a single occasion where I thought, gee, some bold or
colour 
is really needed here.

In regards to the original post, when HTML in the email isn't
direly 
necessary (which I think it isn't) then the problem goes away,
because 
it never occurs. Avoidance is a valid approach to problem
handling.

David

_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php



From anoland at indigente.net  Fri Apr 27 09:12:26 2007
From: anoland at indigente.net (Adrian Noland)
Date: Fri, 27 Apr 2007 09:12:26 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <463130B1.6040303@gmx.net>
References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net>
	<08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>
	<463130B1.6040303@gmx.net>
Message-ID: <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com>

I think you need to think about your temp folder idea some more. You
say that you are going to keep temp uploads and other things there
that get destroyed after the user logs out. But if you are
regenerating the user's session ID multiple times you will need to
keep the temp folder in sync with that.

I always think about the way online banks do it when I approach this
problem. They put a META refresh or perhaps a setTimeout() on the page
and force a page reload. If the request came from the refresh, then
you know the user isn't paying attention anymore and can dump the
session.

On 4/26/07, David Krings <ramons at gmx.net> wrote:
> Rob Marscher wrote:
> >>> Is there any way I can check which sessions are currently active and
> >>> which aren't? I like to add some housekeeping code, but taking away
> >>> things from active sessions would be just mean.
> >
> > Check out the documentation for session_set_save_handler --
> > http://us.php.net/manual/en/function.session-set-save-handler.php  This
> > is how you can override the way php handles sessions by default and put
> > in your own code.  The "gc" function (stands for garbage collection) is
> > where the "housekeeping" code goes.  Note that the default php session
> > handlers should be cleaning up the expired session temp files for you
> > automatically.  The location for these temp files is specified by the
> > session.save_path php.ini setting.
>
> Thanks for the pointer. I misused the term "temp file". What I do is
> create a folder that has to be unique and therefore is identical with
> the session id. That is not the temp folder that the web server / PHP
> creates when starting a session. I called it temp folder because I dump
> upload files and other stuff in there in order to do all kinds of things
> with it, once done the files are moved to the final resting spot. Since
> all this real client server and stateless stuff doesn't let me know when
> a client just went away, I have to come up with some way of cleaning up
> a bit at some point. When the client goes away right after an upload and
> before initiating the final submission, files may be left in there.
> While some stale folders and files are OK (although not nice), having
> them pile up over time will become a problem. So I need to keep track of
>   the sessions that were generated through my script in order to ditch
> that folder with contents (annoyingly, there seems to be no PHP code
> word that does exactly that) when the session is most likely to be
> expired (24 hours later for example).
>
>
> >> My plan is to create a session, authenticate the user, then generate a
> >> new session ID for the session )I read that this improves security and
> >> is easy enough to do)
> >
> > As far as regenerating the session id after login, it *is* simple --
> > http://us.php.net/manual/en/function.session-regenerate-id.php -- but if
> > you're overwriting the default session handler to store sessions in a
> > database table, you need to make sure that it's getting updated the way
> > you expect.
>
> Well, my idea is to start the session, do the login and authentication,
> when the user is accepted, regenerate the session id, and then write it
> to the table with a timestamp. I don't see any reason to write the first
> session id to the table, because I throw that one away soon after. I
> really only want to keep the ids because I want to clean up the folders
> that I created.
>
> Sounds like a workable and reliable approach to me...if I'd just had the
> time to finally do it. Working with ZIP files at the moment, which go to
> that session id folder as well. Still haven't really understood how the
> unpacking works and what this new and -> stuff is about, anyhow (OK, I
> read too much Bob Pease).
>
> Thanks for the help,
>
> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>


From ajai at bitblit.net  Fri Apr 27 11:15:56 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Fri, 27 Apr 2007 11:15:56 -0400 (EDT)
Subject: [nycphp-talk] wonderful presentation on Tuesday
In-Reply-To: <730099.7462.qm@web50202.mail.re2.yahoo.com>
Message-ID: <Pine.LNX.4.44.0704271113360.28090-100000@bitblit.net>

On Thu, 26 Apr 2007, Susan Shemin wrote:

> I'm not really looking for a specific how it's done (of course), but 
> more for how ever is it possible if the webpage code is in a secure place?

I think you're missing the point - if you dont sanitize user input and 
then use it (maybe you re-display a form with an error message), then they 
could put JavaScript code into your page.

This has nothing to do with how secure your server is because your code is 
NOT changed...


-- 
Aj.



From Consult at CovenantEDesign.com  Fri Apr 27 11:27:19 2007
From: Consult at CovenantEDesign.com (CED)
Date: Fri, 27 Apr 2007 11:27:19 -0400
Subject: [nycphp-talk] wonderful presentation on Tuesday
References: <Pine.LNX.4.44.0704271113360.28090-100000@bitblit.net>
Message-ID: <000601c788e0$8c51ee60$07d6f4a7@ced>

Thank you AJ. I have been holding my breath. =D

----- Original Message -----
From: "Ajai Khattri" <ajai at bitblit.net>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Friday, April 27, 2007 11:15 AM
Subject: Re: [nycphp-talk] wonderful presentation on Tuesday


> On Thu, 26 Apr 2007, Susan Shemin wrote:
>
> > I'm not really looking for a specific how it's done (of course), but
> > more for how ever is it possible if the webpage code is in a secure
place?
>
> I think you're missing the point - if you dont sanitize user input and
> then use it (maybe you re-display a form with an error message), then they
> could put JavaScript code into your page.
>
> This has nothing to do with how secure your server is because your code is
> NOT changed...
>
>
> --
> Aj.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>




From shiflett at php.net  Fri Apr 27 11:31:23 2007
From: shiflett at php.net (Chris Shiflett)
Date: Fri, 27 Apr 2007 11:31:23 -0400
Subject: [nycphp-talk] wonderful presentation on Tuesday
In-Reply-To: <895514.65811.qm@web50206.mail.re2.yahoo.com>
References: <895514.65811.qm@web50206.mail.re2.yahoo.com>
Message-ID: <4632174B.1060303@php.net>

Thanks for the kind feedback, Susan. I appreciate it.

> How ever can someone inject their code/script onto my webpage?
> The code is on my server so they don't have access to it.

This is possibly a topic that I need to give more attention in the talk,
and I appreciate the constructive criticism.

I don't spend much time demonstrating what mistakes you might make to
allow such things to happen, but in most cases, not doing what I suggest
for remediation is all that's required. In other words, doing nothing is
usually enough of a mistake.

For example, here's a simple example that's likely vulnerable to XSS:

<?php

$html = array();
$html['user'] = htmlentities($_GET['user']);

echo "<p>Welcome back, {$html['user']}.</p>";

?>

If the Content-Type header does not indicate ISO-8859-1 as the character
encoding (which htmlentities() uses by default), an attacker can provide
a UTF-7 encoded payload as the value of $_GET['user'].

Of course, a more obvious mistake is this:

<?php

echo "<p>Welcome back, {$_GET['user']}.</p>";

?>

Hope that helps.

Chris

-- 
Chris Shiflett
http://shiflett.org/


From shiflett at php.net  Fri Apr 27 11:35:18 2007
From: shiflett at php.net (Chris Shiflett)
Date: Fri, 27 Apr 2007 11:35:18 -0400
Subject: [nycphp-talk] wonderful presentation on Tuesday
In-Reply-To: <b76252690704261408t5afd0d4cjd415d1ac9cf3470d@mail.gmail.com>
References: <895514.65811.qm@web50206.mail.re2.yahoo.com>	<7250C145-3D49-45E5-A588-D23E543797A8@beaffinitive.com>
	<b76252690704261408t5afd0d4cjd415d1ac9cf3470d@mail.gmail.com>
Message-ID: <46321836.4060108@php.net>

Chris Snyder wrote:
> The example Chris gave about Google's old 404 page, where it
> echoed the requested URI without escaping it first, could
> have been exploited by sending the following link to someone.

For clarification, Google's mistake wasn't that they forgot to escape
the value. (Sorry if I seemed to be making that assertion.)

Rather, they didn't indicate the character encoding in the Content-Type
header, and they escaped the value assuming UTF-8.

Now they send this:

Content-Type: text/html; charset=UTF-8

Chris

-- 
Chris Shiflett
http://shiflett.org/


From ramons at gmx.net  Fri Apr 27 21:02:14 2007
From: ramons at gmx.net (David Krings)
Date: Fri, 27 Apr 2007 21:02:14 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com>
References: <462898FC.3020606@gmx.net>
	<462D4D34.5050104@gmx.net>	<08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>	<463130B1.6040303@gmx.net>
	<1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com>
Message-ID: <46329D16.6080407@gmx.net>

Adrian Noland wrote:
> I think you need to think about your temp folder idea some more. You
> say that you are going to keep temp uploads and other things there
> that get destroyed after the user logs out. But if you are
> regenerating the user's session ID multiple times you will need to
> keep the temp folder in sync with that.
> 
> I always think about the way online banks do it when I approach this
> problem. They put a META refresh or perhaps a setTimeout() on the page
> and force a page reload. If the request came from the refresh, then
> you know the user isn't paying attention anymore and can dump the
> session.
> 

Note: This is a longer response. I do not write concisely and probably 
will never do. If you are short of time, go on to the next message. 
Also, please keep in mind that I'm a hobbyist who learned PHP from a few 
books, trying things out, and lurking on this list. I never learned 
programming and in fact, I really hate it - with the exception of PHP. 
Stuff is so much easier and more logical in PHP than with Java or C. PHP 
is more like Commodore Basic V2 on the C64, something that is simple 
enough so that I can comprehend it.


Adrian, thank you for your comments. I think I need to explain better 
what I do and I really regret using the term "temp folder" in my 
original post. That folder that I am talking about is not the folder 
that the server creates somewhere for storing the session data. I am 
working on an app that allows me to upload pictures (and later flash 
video) straight from my digital camera into a database supported system. 
The database keeps track of where the picture is stored, the date and 
time it was recorded, the name and description (one for each supported 
language), and ten categories and the location where the picture was 
taken (call it meta tags if you want) per picture and supported 
language. I also store if the picture needs to be rotated on the fly, 
who added it, when it was added, which user level is allowed to view it, 
how often the picture was viewed, when and who viewed it last, and some 
other stuff. Data such as date and time of the shot come from the exif 
header.
I provide a simple browse box for individual uploads. Since I cannot 
control what gets uploaded, I have to accept the upload, then check if 
it is a jpeg or gif. I try to do this by figuring out what the file 
really is rather than to rely simply on the file extension. Once I 
deemed an upload to be a picture file in a supported format, I display 
it in a preview and allow for the entry of the name, description, 
categories, location. For all this checking and previewing I copy the 
file from the location where $_FILE put it into a folder. And THAT 
folder is the one that I create using the session id so that I can 
handle multiple uploads at the same time and not have them cross their 
paths. Once a picture is named and categorized it is written to the 
final storage location, which is a set of folders based on year and 
month. I don't want to rename picture files ever, but it can be that the 
PDRM0692.JPG from 2004 is not the same as the PDRM0692.JPG from 2007. If 
I throw it all into one big folder I will get collision at some point, 
latest after making 10.000 shots with my camera, likely earlier. Also, 
it is much easier to locate pictures in that setting without using the 
system.
While holding the file in the session id named folder and before final 
submission several things can happen. The client can just go away, the 
user can decide not to add the picture (hence the preview from a 
momentary storage location before adding it to the final set of files), 
or other things that leave that session id named folder with content on 
the system. I also allow now uploading of zip archives either directly 
or from an ftp/http accessible location. That way I can stuff several 
dozen (hundred?) files in one go into the system and tag them with some 
bogus name and location (I decided to use ~~~~~~~~), filter the table on 
that, and worry about the correct name and description later. I also 
need this session id named folder for that purpose and things may happen 
(power loss of the server for example, this is the US after all) that 
leave now a considerable amount of gunk behind.
Now I get back to the original question, how can I degunk these folders? 
I need to know which sessions are still likely to be active and which 
ones are not. That all has nothing to do with the temp folder that the 
web server creates somewhere for holding the session data. I have no 
idea where that temp folder is and if I'd now what happens when I just 
dump some files in it (such as the extracted files from the zip 
archive). I really like to know where the files and folders are and thus 
create/copy/move them on my own.

OK, I could use the user ID as well for my folders, but then I'd need to 
guess when the user logged out. Of course, I have a logout function and 
I track last login date and time (maybe even logout, don't remember), 
but I can't expect anyone to use the logout function religiously. People 
just don't do that, they simply kill the browser. With a session id 
based folder for whatever I need to do before final commission I can be 
very sure that after the maximum lifetime of the session and a generous 
grace period that folder with contents is stale and can go. But how to 
know when that session was started?
My first idea was to ask the server which sessions are currently active 
and then ditch all the folders that have session ids as name from 
sessions that are not active. But there seems to be no way for asking 
the server which sessions are currently active. I then decided to simply 
write the session id and a time stamp to a table. And while I am working 
on session tracking, I might as well throw in that extra line to 
generate a new session ID after authentication and before writing it to 
my session tracking table, assuming that this increases security a bit.

I have no idea what banks do and I hope they do a better job than I. I 
do not claim to have designed the most reliable, secure, and optimized 
system. But I can follow its flow and explain what happens where and why 
(and I still can after not working on this project for almost six 
months). And above all, it just works. I am especially amazed how easy 
it was to get the zip stuff working. That is the real power of PHP. You 
want to do gnurf then there is probably a PHP command gnurf() for it. I 
love it! So many people are so much smarter than I am, but I can still 
make use of their ingenuity and unzip uploaded files, read out exif 
headers, and rotate an image on the fly, write a whole bunch of stuff to 
some database, and much more. Uh, and I love PHP's session handling, it 
is so nice to drop stuff into the session and have it available anywhere 
I go rather than to use tons of hidden inputs and post it all over the 
place.

OK, back to work. :)

David


From ramons at gmx.net  Sat Apr 28 07:32:17 2007
From: ramons at gmx.net (David Krings)
Date: Sat, 28 Apr 2007 07:32:17 -0400
Subject: [nycphp-talk] Copying file from HTTP/FTP using copy()
Message-ID: <463330C1.3020404@gmx.net>

Hi!

Here is what I like to do:
Get a user entry (text string) that is either an HTTP or FTP url to a 
file, for example
http://my.server.gov/download this.zip
or
ftp://username:password at your.server.gov/download that.zip
and then use the copy() function to download it and store it locally on 
my server.

This is the piece of my code that is supposed to do the copying:

if ($nourl == FALSE) {
   // Make local zip file path and name
   $localzipfile = sessiondir.DIRECTORY_SEPARATOR.$sessionid.".zip";
   // urlencode url
   $urlupload = urlencode($urlupload);
   // Copy file
   if(!copy($urlupload, $localzipfile)) $nourl = TRUE;
}
   // Check if error occured
   if($nourl == TRUE) {
   errmessage("OUCH - Downloading the file from ".$urlupload.
              " to temporary storage failed! Try again!");
}

$nourl is an error flag, $localzipfile is the path and name of the local 
file (directory exists, I created it earlier), $urlupload is the 
submission from the user (file on my own web server, if I put the url in 
a browser, the download works), errmessage is a function that displays a 
nice  error message and some buttons to go back.
The PHP manual claims that copy() handles the same wrappers that fopen 
supports. Unfortunately, the response from copy() is either 'worked' or 
'did not work', not much to go by.

The questions of the day:
Why does copy($urlupload, $localzipfile) fail?
Is copy() even the right command to use?

I found a piece of code here
http://sandalian.com/11/php/copy-remote-file-into-local-directory.htm
but I wonder if that works for binary files as well.

As usual, any help is greatly appreciated.

David


From jonbaer at jonbaer.com  Sat Apr 28 08:55:54 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Sat, 28 Apr 2007 08:55:54 -0400
Subject: [nycphp-talk] Copying file from HTTP/FTP using copy()
In-Reply-To: <463330C1.3020404@gmx.net>
References: <463330C1.3020404@gmx.net>
Message-ID: <B8873EB2-8BB1-4BD7-8BF7-4B8270B18319@jonbaer.com>

You would probably be better off using the libcurl commands ...

http://us.php.net/curl

As getinfo is one of the better options to get stats on the transfer  
in question ...

http://us.php.net/manual/en/function.curl-getinfo.php

- Jon

On Apr 28, 2007, at 7:32 AM, David Krings wrote:

> Hi!
>
> Here is what I like to do:
> Get a user entry (text string) that is either an HTTP or FTP url to  
> a file, for example
> http://my.server.gov/download this.zip
> or
> ftp://username:password at your.server.gov/download that.zip
> and then use the copy() function to download it and store it  
> locally on my server.
>
> This is the piece of my code that is supposed to do the copying:
>
> if ($nourl == FALSE) {
>   // Make local zip file path and name
>   $localzipfile = sessiondir.DIRECTORY_SEPARATOR.$sessionid.".zip";
>   // urlencode url
>   $urlupload = urlencode($urlupload);
>   // Copy file
>   if(!copy($urlupload, $localzipfile)) $nourl = TRUE;
> }
>   // Check if error occured
>   if($nourl == TRUE) {
>   errmessage("OUCH - Downloading the file from ".$urlupload.
>              " to temporary storage failed! Try again!");
> }
>
> $nourl is an error flag, $localzipfile is the path and name of the  
> local file (directory exists, I created it earlier), $urlupload is  
> the submission from the user (file on my own web server, if I put  
> the url in a browser, the download works), errmessage is a function  
> that displays a nice  error message and some buttons to go back.
> The PHP manual claims that copy() handles the same wrappers that  
> fopen supports. Unfortunately, the response from copy() is either  
> 'worked' or 'did not work', not much to go by.
>
> The questions of the day:
> Why does copy($urlupload, $localzipfile) fail?
> Is copy() even the right command to use?
>
> I found a piece of code here
> http://sandalian.com/11/php/copy-remote-file-into-local-directory.htm
> but I wonder if that works for binary files as well.
>
> As usual, any help is greatly appreciated.
>
> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From ramons at gmx.net  Sat Apr 28 15:51:35 2007
From: ramons at gmx.net (David Krings)
Date: Sat, 28 Apr 2007 15:51:35 -0400
Subject: [nycphp-talk] Copying file from HTTP/FTP using copy()
In-Reply-To: <B8873EB2-8BB1-4BD7-8BF7-4B8270B18319@jonbaer.com>
References: <463330C1.3020404@gmx.net>
	<B8873EB2-8BB1-4BD7-8BF7-4B8270B18319@jonbaer.com>
Message-ID: <4633A5C7.8030200@gmx.net>

Jon Baer wrote:
> You would probably be better off using the libcurl commands ...
> 
> http://us.php.net/curl
> 
> As getinfo is one of the better options to get stats on the transfer in 
> question ...
> 
> http://us.php.net/manual/en/function.curl-getinfo.php
> 
> - Jon

Thank you for this hint. I really is the far better way for downloading 
files via HTTP/FTP. I had some problems first with setting the right 
options, but managed to get this straightened out for allowing redirects 
and binary downloads.
And once again I'm sitting here in front of a few lines of PHP code and 
can't believe how awesome this is! Now that I got the download portion 
done, I will go on for getting the stats.

This is so kewl!

Thanks again,


David


From jakob.buchgraber at googlemail.com  Sun Apr 29 09:26:30 2007
From: jakob.buchgraber at googlemail.com (Jakob Buchgraber)
Date: Sun, 29 Apr 2007 15:26:30 +0200
Subject: [nycphp-talk] Casting string "false" to boolean
Message-ID: <46349D06.7020807@gmail.com>

Hey!

I'd like to cast a string "false" to a boolean.
So I tried the following:

<?php
$var = (bool)"false";
var_dump ($var);
?>
Here var_dump gives me:
bool(true)

I also tried using settype:

<?php
$var = "false";
settype ($var, "bool");
var_dump ($var);
?>

The same result here:
bool(true);

So is there a way to cast such a string to a boolean (without using 
conditions)?

Cheers,
Jay


From dell at sala.ca  Sun Apr 29 09:58:59 2007
From: dell at sala.ca (Dell Sala)
Date: Sun, 29 Apr 2007 09:58:59 -0400
Subject: [nycphp-talk] Casting string "false" to boolean
In-Reply-To: <46349D06.7020807@gmail.com>
References: <46349D06.7020807@gmail.com>
Message-ID: <97E58DBF-E900-4084-AB69-55EC723348D7@sala.ca>

On Apr 29, 2007, at 9:26 AM, Jakob Buchgraber wrote:

> I'd like to cast a string "false" to a boolean.
> So is there a way to cast such a string to a boolean (without using  
> conditions)?

The string "false" will evaluate to true, any way you slice it. The  
only strings that evaluate to false are "" and "0".

http://www.php.net/manual/en/language.types.boolean.php

I suppose you could eval the string... But you should think hard  
before doing this. I can't image a justification for it. If you're  
getting input for a false value as "false" you should really use some  
kind of conditional statement.

-- Dell



From anoland at indigente.net  Mon Apr 30 09:13:35 2007
From: anoland at indigente.net (Adrian Noland)
Date: Mon, 30 Apr 2007 09:13:35 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <46329D16.6080407@gmx.net>
References: <462898FC.3020606@gmx.net> <462D4D34.5050104@gmx.net>
	<08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>
	<463130B1.6040303@gmx.net>
	<1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com>
	<46329D16.6080407@gmx.net>
Message-ID: <1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com>

> Now I get back to the original question, how can I degunk these folders?
> I need to know which sessions are still likely to be active and which
> ones are not. That all has nothing to do with the temp folder that the
> web server creates somewhere for holding the session data. I have no
> idea where that temp folder is and if I'd now what happens when I just
> dump some files in it (such as the extracted files from the zip
> archive). I really like to know where the files and folders are and thus
> create/copy/move them on my own.

Wow.
No offense, but this sounds like a case of "All I have is a hammer, and
everything looks like a nail".

In a page taken from the ADODB manual: (
http://phplens.com/lens/adodb/docs-adodb.htm#cacheflush)

If you want to flush all cached recordsets manually, execute the following
> PHP code (works only under Unix):
>   system("rm -f `find ".$ADODB_CACHE_DIR." -name adodb_*.cache`");
>
> For general cleanup of all expired files, you should use crontab on Unix,
> or at.exe on Windows, and a shell script similar to the following:
> #------------------------------------------------------
> # This particular example deletes files in the TMPPATH
> # directory with the string ".cache" in their name that
> # are more than 7 days old.
> #------------------------------------------------------
> AGED=7
> find ${TMPPATH} -mtime +$AGED | grep "\.cache" | xargs rm -f
>

I use a slightly different line in my crontab:
@daily find /path/to/tmp/files -mtime +1 -exec rm -rf {} \;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070430/ac5f1d90/attachment.html>

From ben at projectskyline.com  Mon Apr 30 10:11:44 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Mon, 30 Apr 2007 10:11:44 -0400
Subject: [nycphp-talk] Subscription Billing and Querying account status
Message-ID: <00c701c78b31$7b872020$0200a8c0@gamebox>

Hello, 

I'm using paypal to take CC payments from clients.

One of our products, is subscription based, and I need to be able to 
check if the client has paid for the month. And if not, I'd like to suspend
access.

Can this be done w/paypal.

If not, what type of E-Commerce or Merchant account allows that?

Currently, I just have a link directly to paypal, and once they pay, I create the account.

I'd like to automate this process, be able to query the account status, and even
send out reoccuring billing/invoices.

Any ideas/experiances?

Thanks!

- Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070430/019a7079/attachment.html>

From ken at secdat.com  Mon Apr 30 10:14:56 2007
From: ken at secdat.com (Kenneth Downs)
Date: Mon, 30 Apr 2007 10:14:56 -0400
Subject: [nycphp-talk] Subscription Billing and Querying account status
In-Reply-To: <00c701c78b31$7b872020$0200a8c0@gamebox>
References: <00c701c78b31$7b872020$0200a8c0@gamebox>
Message-ID: <4635F9E0.8060607@secdat.com>

Are you talking about automatic monthly renewals, or cases where a 
person might subscribe for the year and you just want to know at any 
given moment if they've subscribed?


Ben Sgro (ProjectSkyline) wrote:
> Hello,
>  
> I'm using paypal to take CC payments from clients.
>  
> One of our products, is subscription based, and I need to be able to
> check if the client has paid for the month. And if not, I'd like to 
> suspend
> access.
>  
> Can this be done w/paypal.
>  
> If not, what type of E-Commerce or Merchant account allows that?
>  
> Currently, I just have a link directly to paypal, and once they pay, I 
> create the account.
>  
> I'd like to automate this process, be able to query the account 
> status, and even
> send out reoccuring billing/invoices.
>  
> Any ideas/experiances?
>  
> Thanks!
>  
> - Ben
> ------------------------------------------------------------------------
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070430/848da10a/attachment.html>

From ben at projectskyline.com  Mon Apr 30 10:20:42 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Mon, 30 Apr 2007 10:20:42 -0400
Subject: [nycphp-talk] Subscription Billing and Querying account status
References: <00c701c78b31$7b872020$0200a8c0@gamebox>
	<4635F9E0.8060607@secdat.com>
Message-ID: <00e701c78b32$bc384b20$0200a8c0@gamebox>

Hello Kenneth, 

The first, but most likely both situations.

- Ben
  ----- Original Message ----- 
  From: Kenneth Downs 
  To: NYPHP Talk 
  Sent: Monday, April 30, 2007 10:14 AM
  Subject: Re: [nycphp-talk] Subscription Billing and Querying account status


  Are you talking about automatic monthly renewals, or cases where a person might subscribe for the year and you just want to know at any given moment if they've subscribed?


  Ben Sgro (ProjectSkyline) wrote: 
    Hello, 

    I'm using paypal to take CC payments from clients. 

    One of our products, is subscription based, and I need to be able to 
    check if the client has paid for the month. And if not, I'd like to suspend 
    access. 

    Can this be done w/paypal. 

    If not, what type of E-Commerce or Merchant account allows that? 

    Currently, I just have a link directly to paypal, and once they pay, I create the account. 

    I'd like to automate this process, be able to query the account status, and even 
    send out reoccuring billing/invoices. 

    Any ideas/experiances? 

    Thanks! 

    - Ben 
----------------------------------------------------------------------------
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527


------------------------------------------------------------------------------


  _______________________________________________
  New York PHP Community Talk Mailing List
  http://lists.nyphp.org/mailman/listinfo/talk

  NYPHPCon 2006 Presentations Online
  http://www.nyphpcon.com

  Show Your Participation in New York PHP
  http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070430/0aab9de1/attachment.html>

From ken at secdat.com  Mon Apr 30 10:25:40 2007
From: ken at secdat.com (Kenneth Downs)
Date: Mon, 30 Apr 2007 10:25:40 -0400
Subject: [nycphp-talk] Subscription Billing and Querying account status
In-Reply-To: <00e701c78b32$bc384b20$0200a8c0@gamebox>
References: <00c701c78b31$7b872020$0200a8c0@gamebox>	<4635F9E0.8060607@secdat.com>
	<00e701c78b32$bc384b20$0200a8c0@gamebox>
Message-ID: <4635FC64.1010208@secdat.com>

Ben Sgro (ProjectSkyline) wrote:
> Hello Kenneth,
>  
> The first, but most likely both situations.

I haven't done the first, but I have done the second.  We do it the 
other way around from what you are describing.  When a person 
subscribes, we send them to paypal for payment.  When the paypal success 
call comes through, we mark them subscribed to whatever issues they have 
paid for.  From there we don't have to ask paypal, we just query our own 
database on each resource access attempt. 
>  
> - Ben
>
>     ----- Original Message -----
>     *From:* Kenneth Downs <mailto:ken at secdat.com>
>     *To:* NYPHP Talk <mailto:talk at lists.nyphp.org>
>     *Sent:* Monday, April 30, 2007 10:14 AM
>     *Subject:* Re: [nycphp-talk] Subscription Billing and Querying
>     account status
>
>     Are you talking about automatic monthly renewals, or cases where a
>     person might subscribe for the year and you just want to know at
>     any given moment if they've subscribed?
>
>
>     Ben Sgro (ProjectSkyline) wrote:
>>     Hello,
>>      
>>     I'm using paypal to take CC payments from clients.
>>      
>>     One of our products, is subscription based, and I need to be able to
>>     check if the client has paid for the month. And if not, I'd like
>>     to suspend
>>     access.
>>      
>>     Can this be done w/paypal.
>>      
>>     If not, what type of E-Commerce or Merchant account allows that?
>>      
>>     Currently, I just have a link directly to paypal, and once they
>>     pay, I create the account.
>>      
>>     I'd like to automate this process, be able to query the account
>>     status, and even
>>     send out reoccuring billing/invoices.
>>      
>>     Any ideas/experiances?
>>      
>>     Thanks!
>>      
>>     - Ben
>>      
>>     _______________________________________________
>>     New York PHP Community Talk Mailing List
>>     http://lists.nyphp.org/mailman/listinfo/talk
>>
>>     NYPHPCon 2006 Presentations Online
>>     http://www.nyphpcon.com
>>
>>     Show Your Participation in New York PHP
>>     http://www.nyphp.org/show_participation.php
>
>
>     -- 
>     Kenneth Downs
>     Secure Data Software, Inc.
>     www.secdat.com <http://www.secdat.com>    www.andromeda-project.org <http://www.andromeda-project.org>
>     631-379-7200   Fax: 631-689-0527
>         
>
>     _______________________________________________
>     New York PHP Community Talk Mailing List
>     http://lists.nyphp.org/mailman/listinfo/talk
>
>     NYPHPCon 2006 Presentations Online
>     http://www.nyphpcon.com
>
>     Show Your Participation in New York PHP
>     http://www.nyphp.org/show_participation.php
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070430/8c68e6d4/attachment.html>

From ben at projectskyline.com  Mon Apr 30 10:30:13 2007
From: ben at projectskyline.com (Ben Sgro (ProjectSkyline))
Date: Mon, 30 Apr 2007 10:30:13 -0400
Subject: [nycphp-talk] Subscription Billing and Querying account status
References: <00c701c78b31$7b872020$0200a8c0@gamebox>	<4635F9E0.8060607@secdat.com><00e701c78b32$bc384b20$0200a8c0@gamebox>
	<4635FC64.1010208@secdat.com>
Message-ID: <010301c78b34$1104b570$0200a8c0@gamebox>

Hello Kenneth,

What is "the paypal success call comes"? - A confirmation email?

- Ben
  ----- Original Message ----- 
  From: Kenneth Downs 
  To: NYPHP Talk 
  Sent: Monday, April 30, 2007 10:25 AM
  Subject: Re: [nycphp-talk] Subscription Billing and Querying account status


  Ben Sgro (ProjectSkyline) wrote: 
    Hello Kenneth, 

    The first, but most likely both situations.

  I haven't done the first, but I have done the second.  We do it the other way around from what you are describing.  When a person subscribes, we send them to paypal for payment.  When the paypal success call comes through, we mark them subscribed to whatever issues they have paid for.  From there we don't have to ask paypal, we just query our own database on each resource access attempt.  


    - Ben 
      ----- Original Message ----- 
      From: Kenneth Downs 
      To: NYPHP Talk 
      Sent: Monday, April 30, 2007 10:14 AM
      Subject: Re: [nycphp-talk] Subscription Billing and Querying account status


      Are you talking about automatic monthly renewals, or cases where a person might subscribe for the year and you just want to know at any given moment if they've subscribed?


      Ben Sgro (ProjectSkyline) wrote: 
        Hello, 

        I'm using paypal to take CC payments from clients. 

        One of our products, is subscription based, and I need to be able to 
        check if the client has paid for the month. And if not, I'd like to suspend 
        access. 

        Can this be done w/paypal. 

        If not, what type of E-Commerce or Merchant account allows that? 

        Currently, I just have a link directly to paypal, and once they pay, I create the account. 

        I'd like to automate this process, be able to query the account status, and even 
        send out reoccuring billing/invoices. 

        Any ideas/experiances? 

        Thanks! 

        - Ben 
 
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527
    
      _______________________________________________
      New York PHP Community Talk Mailing List
      http://lists.nyphp.org/mailman/listinfo/talk

      NYPHPCon 2006 Presentations Online
      http://www.nyphpcon.com

      Show Your Participation in New York PHP
      http://www.nyphp.org/show_participation.php
----------------------------------------------------------------------------
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527


------------------------------------------------------------------------------


  _______________________________________________
  New York PHP Community Talk Mailing List
  http://lists.nyphp.org/mailman/listinfo/talk

  NYPHPCon 2006 Presentations Online
  http://www.nyphpcon.com

  Show Your Participation in New York PHP
  http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070430/aa72c1c7/attachment.html>

From jonbaer at jonbaer.com  Mon Apr 30 10:32:19 2007
From: jonbaer at jonbaer.com (Jon Baer)
Date: Mon, 30 Apr 2007 10:32:19 -0400
Subject: [nycphp-talk] Subscription Billing and Querying account status
In-Reply-To: <010301c78b34$1104b570$0200a8c0@gamebox>
References: <00c701c78b31$7b872020$0200a8c0@gamebox>	<4635F9E0.8060607@secdat.com><00e701c78b32$bc384b20$0200a8c0@gamebox>
	<4635FC64.1010208@secdat.com>
	<010301c78b34$1104b570$0200a8c0@gamebox>
Message-ID: <DB98B88B-A370-478D-9392-CE924E0DA75A@jonbaer.com>

Sign up @ developer.paypal.com and do a search for IPN or Instant  
Payment Notification

Essentially from what I remember anytime payment is made (via normal  
purchase or subscription) your server is pinged.  The idea is then to  
calculate on your own if $user has made a payment for $month/$year, etc.

- Jon

On Apr 30, 2007, at 10:30 AM, Ben Sgro ((ProjectSkyline)) wrote:

> Hello Kenneth,
>
> What is "the paypal success call comes"? - A confirmation email?
>
> - Ben
>   ----- Original Message -----
>   From: Kenneth Downs
>   To: NYPHP Talk
>   Sent: Monday, April 30, 2007 10:25 AM
>   Subject: Re: [nycphp-talk] Subscription Billing and Querying  
> account status
>
>
>   Ben Sgro (ProjectSkyline) wrote:
>     Hello Kenneth,
>
>     The first, but most likely both situations.
>
>   I haven't done the first, but I have done the second.  We do it  
> the other way around from what you are describing.  When a person  
> subscribes, we send them to paypal for payment.  When the paypal  
> success call comes through, we mark them subscribed to whatever  
> issues they have paid for.  From there we don't have to ask paypal,  
> we just query our own database on each resource access attempt.
>
>
>     - Ben
>       ----- Original Message -----
>       From: Kenneth Downs
>       To: NYPHP Talk
>       Sent: Monday, April 30, 2007 10:14 AM
>       Subject: Re: [nycphp-talk] Subscription Billing and Querying  
> account status
>
>
>       Are you talking about automatic monthly renewals, or cases  
> where a person might subscribe for the year and you just want to  
> know at any given moment if they've subscribed?
>
>
>       Ben Sgro (ProjectSkyline) wrote:
>         Hello,
>
>         I'm using paypal to take CC payments from clients.
>
>         One of our products, is subscription based, and I need to  
> be able to
>         check if the client has paid for the month. And if not, I'd  
> like to suspend
>         access.
>
>         Can this be done w/paypal.
>
>         If not, what type of E-Commerce or Merchant account allows  
> that?
>
>         Currently, I just have a link directly to paypal, and once  
> they pay, I create the account.
>
>         I'd like to automate this process, be able to query the  
> account status, and even
>         send out reoccuring billing/invoices.
>
>         Any ideas/experiances?
>
>         Thanks!
>
>         - Ben
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
> -- 
> Kenneth Downs
> Secure Data Software, Inc.
> www.secdat.com    www.andromeda-project.org
> 631-379-7200   Fax: 631-689-0527
>
>       _______________________________________________
>       New York PHP Community Talk Mailing List
>       http://lists.nyphp.org/mailman/listinfo/talk
>
>       NYPHPCon 2006 Presentations Online
>       http://www.nyphpcon.com
>
>       Show Your Participation in New York PHP
>       http://www.nyphp.org/show_participation.php
> ---------------------------------------------------------------------- 
> ------
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
> -- 
> Kenneth Downs
> Secure Data Software, Inc.
> www.secdat.com    www.andromeda-project.org
> 631-379-7200   Fax: 631-689-0527
>
>
> ---------------------------------------------------------------------- 
> --------
>
>
>   _______________________________________________
>   New York PHP Community Talk Mailing List
>   http://lists.nyphp.org/mailman/listinfo/talk
>
>   NYPHPCon 2006 Presentations Online
>   http://www.nyphpcon.com
>
>   Show Your Participation in New York PHP
>   http://www.nyphp.org/ 
> show_participation.php_______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php



From ken at secdat.com  Mon Apr 30 10:40:27 2007
From: ken at secdat.com (Kenneth Downs)
Date: Mon, 30 Apr 2007 10:40:27 -0400
Subject: [nycphp-talk] Subscription Billing and Querying account status
In-Reply-To: <010301c78b34$1104b570$0200a8c0@gamebox>
References: <00c701c78b31$7b872020$0200a8c0@gamebox>	<4635F9E0.8060607@secdat.com><00e701c78b32$bc384b20$0200a8c0@gamebox>	<4635FC64.1010208@secdat.com>
	<010301c78b34$1104b570$0200a8c0@gamebox>
Message-ID: <4635FFDB.4000803@secdat.com>

That's the whole Payapl IPN system.  Download their demo code and dig 
through it and ask questions here. 

In a nutshell, when you send somebody to paypal, you populate this array 
and call some code the provide to you, which redirects the user to Paypal.

Once the user pays, Paypal makes a POST to your server that contains all 
of the  information on the payment.  You have to be able to process this 
unseen, as the user doesn't know its happening, and you can't watch it.  
My code logs these events with lots of detail at each step so I can 
always see what happened on every payment.

Then, when the user is done, they are sent back to your site, and you 
need a page for that too, the "Thanks for ordering, we're all done" page.

Ben Sgro (ProjectSkyline) wrote:
> Hello Kenneth,
>  
> What is "the paypal success call comes"? - A confirmation email?
>  
> - Ben
>
>     ----- Original Message -----
>     *From:* Kenneth Downs <mailto:ken at secdat.com>
>     *To:* NYPHP Talk <mailto:talk at lists.nyphp.org>
>     *Sent:* Monday, April 30, 2007 10:25 AM
>     *Subject:* Re: [nycphp-talk] Subscription Billing and Querying
>     account status
>
>     Ben Sgro (ProjectSkyline) wrote:
>>     Hello Kenneth,
>>      
>>     The first, but most likely both situations.
>
>     I haven't done the first, but I have done the second.  We do it
>     the other way around from what you are describing.  When a person
>     subscribes, we send them to paypal for payment.  When the paypal
>     success call comes through, we mark them subscribed to whatever
>     issues they have paid for.  From there we don't have to ask
>     paypal, we just query our own database on each resource access
>     attempt. 
>>      
>>     - Ben
>>
>>         ----- Original Message -----
>>         *From:* Kenneth Downs <mailto:ken at secdat.com>
>>         *To:* NYPHP Talk <mailto:talk at lists.nyphp.org>
>>         *Sent:* Monday, April 30, 2007 10:14 AM
>>         *Subject:* Re: [nycphp-talk] Subscription Billing and Querying
>>         account status
>>
>>         Are you talking about automatic monthly renewals, or cases
>>         where a person might subscribe for the year and you just want
>>         to know at any given moment if they've subscribed?
>>
>>
>>         Ben Sgro (ProjectSkyline) wrote:
>>>         Hello,
>>>          
>>>         I'm using paypal to take CC payments from clients.
>>>          
>>>         One of our products, is subscription based, and I need to be
>>>         able to
>>>         check if the client has paid for the month. And if not, I'd
>>>         like to suspend
>>>         access.
>>>          
>>>         Can this be done w/paypal.
>>>          
>>>         If not, what type of E-Commerce or Merchant account allows
>>>         that?
>>>          
>>>         Currently, I just have a link directly to paypal, and once
>>>         they pay, I create the account.
>>>          
>>>         I'd like to automate this process, be able to query the
>>>         account status, and even
>>>         send out reoccuring billing/invoices.
>>>          
>>>         Any ideas/experiances?
>>>          
>>>         Thanks!
>>>          
>>>         - Ben
>>>          
>>>         _______________________________________________
>>>         New York PHP Community Talk Mailing List
>>>         http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>>         NYPHPCon 2006 Presentations Online
>>>         http://www.nyphpcon.com
>>>
>>>         Show Your Participation in New York PHP
>>>         http://www.nyphp.org/show_participation.php
>>
>>
>>         -- 
>>         Kenneth Downs
>>         Secure Data Software, Inc.
>>         www.secdat.com <http://www.secdat.com>    www.andromeda-project.org <http://www.andromeda-project.org>
>>         631-379-7200   Fax: 631-689-0527
>>             
>>
>>         _______________________________________________
>>         New York PHP Community Talk Mailing List
>>         http://lists.nyphp.org/mailman/listinfo/talk
>>
>>         NYPHPCon 2006 Presentations Online
>>         http://www.nyphpcon.com
>>
>>         Show Your Participation in New York PHP
>>         http://www.nyphp.org/show_participation.php
>>
>>      
>>     _______________________________________________
>>     New York PHP Community Talk Mailing List
>>     http://lists.nyphp.org/mailman/listinfo/talk
>>
>>     NYPHPCon 2006 Presentations Online
>>     http://www.nyphpcon.com
>>
>>     Show Your Participation in New York PHP
>>     http://www.nyphp.org/show_participation.php
>
>
>     -- 
>     Kenneth Downs
>     Secure Data Software, Inc.
>     www.secdat.com <http://www.secdat.com>    www.andromeda-project.org <http://www.andromeda-project.org>
>     631-379-7200   Fax: 631-689-0527
>         
>
>     _______________________________________________
>     New York PHP Community Talk Mailing List
>     http://lists.nyphp.org/mailman/listinfo/talk
>
>     NYPHPCon 2006 Presentations Online
>     http://www.nyphpcon.com
>
>     Show Your Participation in New York PHP
>     http://www.nyphp.org/show_participation.php
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-379-7200   Fax: 631-689-0527

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070430/94d8dd29/attachment.html>

From rolan at omnistep.com  Mon Apr 30 11:53:08 2007
From: rolan at omnistep.com (Rolan Yang)
Date: Mon, 30 Apr 2007 11:53:08 -0400
Subject: [nycphp-talk] Subscription Billing and Querying account status
In-Reply-To: <00c701c78b31$7b872020$0200a8c0@gamebox>
References: <00c701c78b31$7b872020$0200a8c0@gamebox>
Message-ID: <463610E4.10105@omnistep.com>

Ben Sgro (ProjectSkyline) wrote:
> Hello,
>  
> I'm using paypal to take CC payments from clients.
>  
> One of our products, is subscription based, and I need to be able to
> check if the client has paid for the month. And if not, I'd like to 
> suspend
> access.
>  
> Can this be done w/paypal.
>  
> If not, what type of E-Commerce or Merchant account allows that?
>  
Paypal recurring payments/subscriptions combined with IPN works well,
( https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/subscr-intro-outside )
The only downside to using the paypal subscriptions is when you need to 
modify the amount to be charged (upgrades? downgrades?) It is a real 
pain. To do that, most people just cancel their existing subscription 
and sign up with the new plan.

You could also obtain a regular merchant account and use a processor 
like authorize.net
The break even point between authorize.net and Paypal is somewhere 
around 150 transactions at an average of $20/transaction per month. 
Above that, paypal becomes more expensive.

~Rolan


From lists at zaunere.com  Mon Apr 30 13:00:43 2007
From: lists at zaunere.com (Hans Zaunere)
Date: Mon, 30 Apr 2007 13:00:43 -0400
Subject: [nycphp-talk] April Audio Recording
Message-ID: <00bf01c78b49$16a82420$6a0aa8c0@MobileZ>


Hi all,

Rumor has it that someone recorded the presentation last week.  If someone
did, please let us know and we can put the audio online.

Slides, etc. will be coming soon too.

Thanks,

---
Hans Zaunere / President / New York PHP
    www.nyphp.org  /  www.nyphp.com




From ramons at gmx.net  Mon Apr 30 13:34:07 2007
From: ramons at gmx.net (David Krings)
Date: Mon, 30 Apr 2007 13:34:07 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com>
References: <462898FC.3020606@gmx.net>
	<462D4D34.5050104@gmx.net>	<08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>	<463130B1.6040303@gmx.net>	<1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com>	<46329D16.6080407@gmx.net>
	<1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com>
Message-ID: <4636288F.7090206@gmx.net>

Adrian Noland wrote:
>  > Now I get back to the original question, how can I degunk these folders?
>  > I need to know which sessions are still likely to be active and which
>  > ones are not. That all has nothing to do with the temp folder that the
>  > web server creates somewhere for holding the session data. I have no
>  > idea where that temp folder is and if I'd now what happens when I just
>  > dump some files in it (such as the extracted files from the zip
>  > archive). I really like to know where the files and folders are and thus
>  > create/copy/move them on my own.
> 
> Wow.
> No offense, but this sounds like a case of "All I have is a hammer, and 
> everything looks like a nail".

That's a good one! Yes, I think that my approaches are often not what 
one would call "smart", "effective", or "to the book" - but in the end 
they work reliably. I have no professional training as a developer, I 
tried VB, C, Java, Pascal, and several other programming languages and 
IMHO they are all way to complicated for me. OK, I can make something 
happen in VB6, but that's old. PHP is different, maybe because I learned 
it on my own and nobody told me from the start what I have to do to 
prevent going to hell. Some things just have to bite me in the behind a 
few times before I understand what someone would have told me all along 
(comments in source code, initialization of variables, proper naming 
conventions, RTFM, etc.). Still, I'm a hobbyist and do this for fun, a 
few hours per week.

> 
> In a page taken from the ADODB manual: 
> (http://phplens.com/lens/adodb/docs-adodb.htm#cacheflush)
> 
>     If you want to flush all cached recordsets manually, execute the

I'm not flushing any recordsets.

> I use a slightly different line in my crontab:
> @daily find /path/to/tmp/files -mtime +1 -exec rm -rf {} \;

Ah, now I see. Well, that would be one option, but one that wouldn't be 
part of my script and thus not portable that easily. It for sure would 
be faster and not burden the clients. I rather have me remove the mess I 
make than rely on some 3rd party to do the cleanup. I plan on adding 
configurable system settings at some point and may make this optional. 
Someone who doesn't like this can turn it off and do it on their own.

Thanks for the tip.

David




From rmarscher at beaffinitive.com  Mon Apr 30 13:45:11 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Mon, 30 Apr 2007 13:45:11 -0400
Subject: [nycphp-talk] Casting string "false" to boolean
In-Reply-To: <97E58DBF-E900-4084-AB69-55EC723348D7@sala.ca>
References: <46349D06.7020807@gmail.com>
	<97E58DBF-E900-4084-AB69-55EC723348D7@sala.ca>
Message-ID: <345845F9-44ED-4676-9B78-70720E883AE2@beaffinitive.com>

>  If you're getting input for a false value as "false" you should  
> really use some kind of conditional statement.

Yeah... like this:

$string = 'false';
$bool = ($string != 'false');
var_dump($bool);


-Rob



From rmarscher at beaffinitive.com  Mon Apr 30 19:00:50 2007
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Mon, 30 Apr 2007 19:00:50 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <4636288F.7090206@gmx.net>
References: <462898FC.3020606@gmx.net>
	<462D4D34.5050104@gmx.net>	<08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>	<463130B1.6040303@gmx.net>	<1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com>	<46329D16.6080407@gmx.net>
	<1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com>
	<4636288F.7090206@gmx.net>
Message-ID: <54E48EA6-E333-4B0F-B445-373C235EDFAC@beaffinitive.com>

On Apr 30, 2007, at 1:34 PM, David Krings wrote:
> Ah, now I see. Well, that would be one option, but one that  
> wouldn't be part of my script and thus not portable that easily. It  
> for sure would be faster and not burden the clients. I rather have  
> me remove the mess I make than rely on some 3rd party to do the  
> cleanup. I plan on adding configurable system settings at some  
> point and may make this optional. Someone who doesn't like this can  
> turn it off and do it on their own.

I believe Adrian was showing how ADODB uses a Unix command to clean  
up it's files and saying that you could also use a Unix command.  I'm  
not sure I would call it "3rd party" if you're always using a unix- 
based server.  Of course, it wouldn't be portable to Windows.

At any rate, you can use PHP's filesystem functions to go through  
your directories and figure out the last time they were changed via  
filemtime(): http://us.php.net/manual/en/function.filemtime.php

On a side note, if you use custom session save_handlers like I  
mentioned before, then you can know which sessions are active.  I use  
custom save_handlers to store all of my sessions in a database rather  
than in temp files.  Then I can just query the database to find  
active sessions.  The only downside is I'm not sure what libraries/ 
classes there are for storing sessions in a database that are easy to  
use and up to date.  As I'm sure Chris' recent presentation showed  
(unfortunately I had to miss it... audio recording?), there are many  
ways for sessions to be compromised.

Anyone know of a good, up-to-date, database session library?  I  
originally used DB_eSession, but it hasn't been updated since 2004  
and my version has been very customized and patched over the years.   
I think I'm happy with it, but would like to review some other code  
if there are other options out there.

Thanks,
Rob



From ramons at gmx.net  Mon Apr 30 22:06:56 2007
From: ramons at gmx.net (David Krings)
Date: Mon, 30 Apr 2007 22:06:56 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <54E48EA6-E333-4B0F-B445-373C235EDFAC@beaffinitive.com>
References: <462898FC.3020606@gmx.net>	<462D4D34.5050104@gmx.net>	<08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>	<463130B1.6040303@gmx.net>	<1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com>	<46329D16.6080407@gmx.net>	<1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com>	<4636288F.7090206@gmx.net>
	<54E48EA6-E333-4B0F-B445-373C235EDFAC@beaffinitive.com>
Message-ID: <4636A0C0.1030300@gmx.net>

Rob Marscher wrote:
> I believe Adrian was showing how ADODB uses a Unix command to clean up 
> it's files and saying that you could also use a Unix command.  I'm not 
> sure I would call it "3rd party" if you're always using a unix-based 
> server.  Of course, it wouldn't be portable to Windows.
Not only that, anyone using my script would need to make sure that the 
cleanup task is present. Not everyone runs their own web server at home, 
although with Apachefriend's XAMPP and DynDNS I can't think of any 
reason why not...OK, I can, but the point is that many may want to run 
this on their web space that the ISP gives them.

> At any rate, you can use PHP's filesystem functions to go through your 
> directories and figure out the last time they were changed via 
> filemtime(): http://us.php.net/manual/en/function.filemtime.php
All I need to know is the age of the folder with all the files in it. 
The manual doesn't explicitly state if filemtime works on directories as 
well. I then could get all directories and check for their timestamp 
rather than hitting the database a few times for this. And it will save 
me from making yet another table. I will try this out.

> On a side note, if you use custom session save_handlers like I mentioned 
> before, then you can know which sessions are active.  I use custom 
> save_handlers to store all of my sessions in a database rather than in 
> temp files.  Then I can just query the database to find active 
> sessions.  
I first planned on writing the session id and a timestamp to a db table 
and use that, but what I need to do hasn't anything to do with the 
session per s?. So, if filemtime works for dirs as well (and works on 
Windope) then I am much closer to something smarter. I then have a 
screwdriver and a hammer. ;)

Great, this discussion really helps me a lot. I went from no clue over 
complicated and bloated to something that is potentially done in half a 
dozen of lines without the need of tables and queries and such.

It's funny, half of my scripts come from NYPHP and the other half is 
just commentary. Nah, have to give myself some credit, I figured the zip 
stuff out on my own. That is quite an accomplishment for someone who 
still thinks that arrays are just wicked awesome. And it is still like 
magic that this stuff really works.

Thanks to everyone who pushed my nose in a better direction.


David


From ramons at gmx.net  Mon Apr 30 22:12:59 2007
From: ramons at gmx.net (David Krings)
Date: Mon, 30 Apr 2007 22:12:59 -0400
Subject: [nycphp-talk] Checking active sessions
In-Reply-To: <4636A0C0.1030300@gmx.net>
References: <462898FC.3020606@gmx.net>	<462D4D34.5050104@gmx.net>	<08F8BFFF-596E-45D9-9B3F-5ADE9E871B88@beaffinitive.com>	<463130B1.6040303@gmx.net>	<1d8a0e930704270612t46e29d70odb773d77a1202bee@mail.gmail.com>	<46329D16.6080407@gmx.net>	<1d8a0e930704300613n711a4fa8x302af56b289ebfb0@mail.gmail.com>	<4636288F.7090206@gmx.net>	<54E48EA6-E333-4B0F-B445-373C235EDFAC@beaffinitive.com>
	<4636A0C0.1030300@gmx.net>
Message-ID: <4636A22B.60801@gmx.net>

David Krings wrote:
> The manual doesn't explicitly state if filemtime works on directories as 
> well. I then could get all directories and check for their timestamp 
> rather than hitting the database a few times for this. And it will save 
> me from making yet another table. I will try this out.
> 
Someone else already did:
To get the last modification time of a directory, you can use this:
$getLastModDir = filemtime("/path/to/directory/.");
Take note on the last dot which is needed to see the directory as a file 
and to actually get a last modification date of it.
This comes in handy when you want just one 'last updated' message on the 
frontpage of your website and still taking all files of your website 
into account.
Regards,
Frank Keijzers

from http://terra.di.fct.unl.pt/docs/php/function.filemtime.php.htm


Looks as if I'm all set. :)

David