From mmwaldman at nyc.rr.com Sun Feb 1 07:27:57 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Sun, 1 Feb 2009 07:27:57 -0500 Subject: [nycphp-talk] Opera Message-ID: <20090201122753.OCCW8920.hrndva-omta01.mail.rr.com@DeJaVu> Opera lets you edit cookies! -------------- next part -------------- An HTML attachment was scrubbed... URL: From greg at freephile.com Sun Feb 1 09:54:17 2009 From: greg at freephile.com (Greg Rundlett) Date: Sun, 1 Feb 2009 09:54:17 -0500 Subject: [nycphp-talk] Opera In-Reply-To: <20090201122753.OCCW8920.hrndva-omta01.mail.rr.com@DeJaVu> References: <20090201122753.OCCW8920.hrndva-omta01.mail.rr.com@DeJaVu> Message-ID: <5e2aaca40902010654h73b72297kb76e4df08d80d11c@mail.gmail.com> On Sun, Feb 1, 2009 at 7:27 AM, Michele Waldman wrote: > Opera lets you edit cookies! > This post [1] mentions ~15 Firefox extensions for managing cookies -- but doesn't mention Web Developer [2] (which I think is a must-have firefox extension). Web Developer lets you create/read/update/delete cookies. Just posting this in case somebody out there is looking to edit cookies in Firefox. [1] http://mashable.com/2008/11/11/firefox-extensions-for-managing-cookies/ [2] https://addons.mozilla.org/en-US/firefox/addon/60 The Firefox extensions that I have found useful: Fast Video Download FEBE Firebug Foxmarks Gmail Space Greasemonkey Live HTTP headers Locator Minimap Addon NoScript Password Exporter Poster Tab Mix Plus Tails Export Tamper Data Torbutton Ubuntu Firefox Modifications Web Developer YSlow -- Greg Rundlett Web Developer - Initiative in Innovative Computing http://iic.harvard.edu camb 617-384-5872 nbpt 978-225-8302 m. 978-764-4424 -skype/aim/irc/twitter freephile http://profiles.aim.com/freephile From mmwaldman at nyc.rr.com Sun Feb 1 12:15:25 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Sun, 1 Feb 2009 12:15:25 -0500 Subject: [nycphp-talk] Another stupid thing Message-ID: <20090201171521.FTXZ6616.hrndva-omta05.mail.rr.com@DeJaVu> I'm sorry for all these stupid posts. I'm in the middle of a learning process. It's always darkest before the dawn. I see cookies are viewable and editable. Does anyone know if any browsers allow the user to view and edit the request Authorization? If I hack the mod_auth_digest file to include mysql, which I haven't verified is totally possible, yet, am I wasting my time. Basic authorization isn't flexible enough. What I want is to use AuthType in a secure fashion. Does it work like that? Is that stupid, too? I'm not going to be using real Digest on my server, why does mod_auth_mysql have to be Basic? Margaret -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Sun Feb 1 12:57:43 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 1 Feb 2009 12:57:43 -0500 Subject: [nycphp-talk] Another stupid thing In-Reply-To: <20090201171521.FTXZ6616.hrndva-omta05.mail.rr.com@DeJaVu> References: <20090201171521.FTXZ6616.hrndva-omta05.mail.rr.com@DeJaVu> Message-ID: <20090201175743.GA18987@panix.com> Michelle: > I see cookies are viewable and editable. > > Does anyone know if any browsers allow the user to view and edit the request > Authorization? Absolutely _everything_ sent to the server can be edited in one way or another. This includes things such as, but not limited to, user agents, cookies, auth information, form submissions, request URIs. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From mmwaldman at nyc.rr.com Sun Feb 1 16:44:47 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Sun, 1 Feb 2009 16:44:47 -0500 Subject: [nycphp-talk] Final Question Message-ID: <20090201214447.GSZQ4789.hrndva-omta02.mail.rr.com@DeJaVu> I was looking a phpinfo(). It lists the header info. I'm reading an article that the browser typically stores the realm. Why can I not see this in phpinfo()? Is it in the request authorization or not? When the browser popups up the authentication window it lists the realm. Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From fgabrieli at gmail.com Mon Feb 2 08:47:55 2009 From: fgabrieli at gmail.com (Fernando Gabrieli) Date: Mon, 2 Feb 2009 10:47:55 -0300 Subject: [nycphp-talk] Opera In-Reply-To: <5e2aaca40902010654h73b72297kb76e4df08d80d11c@mail.gmail.com> References: <20090201122753.OCCW8920.hrndva-omta01.mail.rr.com@DeJaVu> <5e2aaca40902010654h73b72297kb76e4df08d80d11c@mail.gmail.com> Message-ID: i use 'Cookie Editor', it lets you list the cookies and edit them, works very good fernando On Sun, Feb 1, 2009 at 11:54 AM, Greg Rundlett wrote: > On Sun, Feb 1, 2009 at 7:27 AM, Michele Waldman > wrote: > > Opera lets you edit cookies! > > > > This post [1] mentions ~15 Firefox extensions for managing cookies -- > but doesn't mention Web Developer [2] (which I think is a must-have > firefox extension). Web Developer lets you create/read/update/delete > cookies. Just posting this in case somebody out there is looking to > edit cookies in Firefox. > > [1] > http://mashable.com/2008/11/11/firefox-extensions-for-managing-cookies/ > [2] https://addons.mozilla.org/en-US/firefox/addon/60 > > The Firefox extensions that I have found useful: > Fast Video Download > FEBE > Firebug > Foxmarks > Gmail Space > Greasemonkey > Live HTTP headers > Locator > Minimap Addon > NoScript > Password Exporter > Poster > Tab Mix Plus > Tails Export > Tamper Data > Torbutton > Ubuntu Firefox Modifications > Web Developer > YSlow > > -- > Greg Rundlett > Web Developer - Initiative in Innovative Computing > http://iic.harvard.edu > camb 617-384-5872 > nbpt 978-225-8302 > m. 978-764-4424 > -skype/aim/irc/twitter freephile > http://profiles.aim.com/freephile > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fgabrieli at gmail.com Mon Feb 2 08:48:28 2009 From: fgabrieli at gmail.com (Fernando Gabrieli) Date: Mon, 2 Feb 2009 10:48:28 -0300 Subject: [nycphp-talk] Opera In-Reply-To: References: <20090201122753.OCCW8920.hrndva-omta01.mail.rr.com@DeJaVu> <5e2aaca40902010654h73b72297kb76e4df08d80d11c@mail.gmail.com> Message-ID: AnEC Cookie Editor v0.2.1.3 <-- thats the complete name On Mon, Feb 2, 2009 at 10:47 AM, Fernando Gabrieli wrote: > i use 'Cookie Editor', it lets you list the cookies and edit them, works > very good > > fernando > > > > On Sun, Feb 1, 2009 at 11:54 AM, Greg Rundlett wrote: > >> On Sun, Feb 1, 2009 at 7:27 AM, Michele Waldman >> wrote: >> > Opera lets you edit cookies! >> > >> >> This post [1] mentions ~15 Firefox extensions for managing cookies -- >> but doesn't mention Web Developer [2] (which I think is a must-have >> firefox extension). Web Developer lets you create/read/update/delete >> cookies. Just posting this in case somebody out there is looking to >> edit cookies in Firefox. >> >> [1] >> http://mashable.com/2008/11/11/firefox-extensions-for-managing-cookies/ >> [2] https://addons.mozilla.org/en-US/firefox/addon/60 >> >> The Firefox extensions that I have found useful: >> Fast Video Download >> FEBE >> Firebug >> Foxmarks >> Gmail Space >> Greasemonkey >> Live HTTP headers >> Locator >> Minimap Addon >> NoScript >> Password Exporter >> Poster >> Tab Mix Plus >> Tails Export >> Tamper Data >> Torbutton >> Ubuntu Firefox Modifications >> Web Developer >> YSlow >> >> -- >> Greg Rundlett >> Web Developer - Initiative in Innovative Computing >> http://iic.harvard.edu >> camb 617-384-5872 >> nbpt 978-225-8302 >> m. 978-764-4424 >> -skype/aim/irc/twitter freephile >> http://profiles.aim.com/freephile >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show_participation.php >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fgabrieli at gmail.com Mon Feb 2 08:52:05 2009 From: fgabrieli at gmail.com (Fernando Gabrieli) Date: Mon, 2 Feb 2009 10:52:05 -0300 Subject: [nycphp-talk] Another stupid thing In-Reply-To: <20090201171521.FTXZ6616.hrndva-omta05.mail.rr.com@DeJaVu> References: <20090201171521.FTXZ6616.hrndva-omta05.mail.rr.com@DeJaVu> Message-ID: you could use HTTPS and a simple form for authentication...that would be transparent to PHP and could implement a secure solution for logging users in, i am not sure if this is what you need fernando On Sun, Feb 1, 2009 at 2:15 PM, Michele Waldman wrote: > I'm sorry for all these stupid posts. I'm in the middle of a learning > process. It's always darkest before the dawn. > > > > I see cookies are viewable and editable. > > > > Does anyone know if any browsers allow the user to view and edit the > request Authorization? > > > > If I hack the mod_auth_digest file to include mysql, which I haven't > verified is totally possible, yet, am I wasting my time. > > > > Basic authorization isn't flexible enough. > > > > What I want is to use AuthType in a secure fashion. > > > > Does it work like that? > > > > Is that stupid, too? > > > > I'm not going to be using real Digest on my server, why does mod_auth_mysql > have to be Basic? > > > > Margaret > > > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ioplex at gmail.com Mon Feb 2 11:44:11 2009 From: ioplex at gmail.com (Michael B Allen) Date: Mon, 2 Feb 2009 11:44:11 -0500 Subject: [nycphp-talk] Another stupid thing In-Reply-To: <20090201171521.FTXZ6616.hrndva-omta05.mail.rr.com@DeJaVu> References: <20090201171521.FTXZ6616.hrndva-omta05.mail.rr.com@DeJaVu> Message-ID: <78c6bd860902020844r75871ab9w9c9bef8f84e64e40@mail.gmail.com> On Sun, Feb 1, 2009 at 12:15 PM, Michele Waldman wrote: > I'm sorry for all these stupid posts. I'm in the middle of a learning > process. It's always darkest before the dawn. > > > > I see cookies are viewable and editable. > > > > Does anyone know if any browsers allow the user to view and edit the request > Authorization? You have to assume that everything being transmitted by the browser can be modified. For example, there is a tool called "Burp Proxy" that allows you to intercept regular browser communication, modify it in some way such as by adding or removing a header like a cookie and then sending the modified request to the real target. This is the sort of thing that hackers use to find holes in web applications. > If I hack the mod_auth_digest file to include mysql, which I haven't > verified is totally possible, yet, am I wasting my time. > > > > Basic authorization isn't flexible enough. > > > > What I want is to use AuthType in a secure fashion. > > > > Does it work like that? > > > > Is that stupid, too? > > > > I'm not going to be using real Digest on my server, why does mod_auth_mysql > have to be Basic? I'm not really sure what you're trying to do but usually authentication is built into the application where possible because then you have control over how passwords are stored, managed and you have script level access to user information and associated groups and preferences. If you use mod_auth_something, you're just putting a gate in front of a directory and you have limited your account management options. Those modules are for throwing up protection in front of existing applications that cannot easily be modified. If you're writing something new in PHP that is quite the opposite case. IMO everyone storing passwords in a database should associate them with accounts and use a standard hashing method. For example, a very common method is a base 64 salted SHA which is computed in PHP as follows: $salt = substr(md5(mt_rand(), true), 0, 4); $ctx = hash_init('sha1'); hash_update($ctx, $password); hash_update($ctx, $salt); $hash = hash_final($ctx, true); return '{SSHA}' . base64_encode($hash . $salt); This will give you an ASCII based string like: {SSHA}7d819b5bab847634b091211de1ee6c587634 Put this whole string in the DB (including the {SSHA}). To validate a password you need to retrieve the above hash string, base64 decode it, extract the salt from the end, compute the hash and compare that to the begging of the hahs. This method is strong because it's salted and uses SHA and uses a standard hashing method which allows you to transfer the passwords to other storages that are more likely to understand them such that you don't need to have users change their passwords after the transfer. Another developer can take one look at the hash string and know exactly how to compute it. This is how I would do it anyway. Most people actually invent their own password storage method reasoning that the obscurity of it adds a level of protection. That logic is incorrect. Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ From paul at devonianfarm.com Mon Feb 2 13:05:51 2009 From: paul at devonianfarm.com (Paul A Houle) Date: Mon, 02 Feb 2009 13:05:51 -0500 Subject: [nycphp-talk] Another stupid thing In-Reply-To: <78c6bd860902020844r75871ab9w9c9bef8f84e64e40@mail.gmail.com> References: <20090201171521.FTXZ6616.hrndva-omta05.mail.rr.com@DeJaVu> <78c6bd860902020844r75871ab9w9c9bef8f84e64e40@mail.gmail.com> Message-ID: <498735FF.6030402@devonianfarm.com> Digest authentication doesn't really work because the different browser and server vendors never achieved interoperability. If you're worried about transmissions being intercepted, use SSL. Both Apache 2 and IIS have SSL built in, so it's straightforward to implement. You can spend as much as you like on an SSL certificate, but you can get them cheap from godaddy or sign them yourself for internal products with no budget. Note that sites like yahoo, google, amazon, twitter, ebay, and digg don't use Basic Auth, Digest Auth or any of the Auth systems built into the http standard. They use the unofficial standard that's described in the following paper: http://pdos.csail.mit.edu/papers/webauth:sec10.pdf From mmwaldman at nyc.rr.com Mon Feb 2 13:44:14 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Mon, 2 Feb 2009 13:44:14 -0500 Subject: [nycphp-talk] Httpd Message-ID: <20090202184414.CXNI4789.hrndva-omta02.mail.rr.com@DeJaVu> Can someone direct me to a apache forum other than http://httpd.apache.org/lists.html. I gotten no response. I modified mod_auth_digest to use mysql and crypt, but the crypt symbol is undefined when I try to restart apache. I configured httpd with ./configure --enable-modules=all --enable-mods-shared=all --enable-so --with-included-apr I modified config_var.mk MOD_AUTH_DIGEST_LDADD with -lm -lz -luuid -lrt -lcrypt Still crypt is undefined. I can seem to properly link in crypt. I include #include and /usr/lib/mysql is in the ld.so.conf whereas /usr/lib is not. Randomly adding it in doesn't seem to work. I've set the LD_LIBRARY_PATH and LD_RUN_PATH environment variable to /usr/lib. I'm at my wits end. This is the apxs -i -a -L/usr/lib/mysql -lmysqlclient -L/usr/lib -luuid -lrt -lcrypt -lz -lm -c mod_auth_digest.c output. I also tried generating it as part of a httpd compile. /usr/local/apache2/bin/httpd/usr/local/src/httpd-2.2.8/srclib/apr/libtool --mode=compile gcc -prefer-pic -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -O2 -pthread -I/usr/local/apache2/include -I/usr/local/src/http d-2.2.8/srclib/apr/include -I/usr/local/src/httpd-2.2.8/srclib/apr-util/include -I/usr/local/src/httpd-2.2.8/srclib /apr-util/xml/expat/lib -I/usr/local/src/httpd-2.2.8/os/unix -c -o mod_auth_digest.lo mod_auth_digest.c && touch mod _auth_digest.slo gcc -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -O2 -pthread -I/usr/local/apache2/include -I/usr/l ocal/src/httpd-2.2.8/srclib/apr/include -I/usr/local/src/httpd-2.2.8/srclib/apr-util/include -I/usr/local/src/httpd-2 .2.8/srclib/apr-util/xml/expat/lib -I/usr/local/src/httpd-2.2.8/os/unix -c mod_auth_digest.c -fPIC -DPIC -o .libs/mo d_auth_digest.o gcc -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -O2 -pthread -I/usr/local/apache2/include -I/usr/l ocal/src/httpd-2.2.8/srclib/apr/include -I/usr/local/src/httpd-2.2.8/srclib/apr-util/include -I/usr/local/src/httpd-2 .2.8/srclib/apr-util/xml/expat/lib -I/usr/local/src/httpd-2.2.8/os/unix -c mod_auth_digest.c -fPIC -DPIC -o mod_auth _digest.o >/dev/null 2>&1 /usr/local/src/httpd-2.2.8/srclib/apr/libtool --mode=link gcc -o mod_auth_digest.la -L/usr/lib/mysql -L/usr/lib -lm ysqlclient -luuid -lrt -lcrypt -lz -lm -rpath /usr/local/apache2/modules -module -avoid-version mod_auth_digest.lo rm -fr .libs/mod_auth_digest.a .libs/mod_auth_digest.la .libs/mod_auth_digest.lai .libs/mod_auth_digest.so gcc -shared .libs/mod_auth_digest.o -L/usr/lib/mysql -L/usr/lib -lmysqlclient -luuid -lrt -lcrypt -lz -lm -Wl,-son ame -Wl,mod_auth_digest.so -o .libs/mod_auth_digest.so ar cru .libs/mod_auth_digest.a mod_auth_digest.o ranlib .libs/mod_auth_digest.a creating mod_auth_digest.la (cd .libs && rm -f mod_auth_digest.la && ln -s ../mod_auth_digest.la mod_auth_digest.la) /usr/local/src/httpd-2.2.8/build/instdso.sh SH_LIBTOOL='/usr/local/src/httpd-2.2.8/srclib/apr/libtool' mod_auth_diges t.la /usr/local/apache2/modules /usr/local/src/httpd-2.2.8/srclib/apr/libtool --mode=install cp mod_auth_digest.la /usr/local/apache2/modules/ cp .libs/mod_auth_digest.so /usr/local/apache2/modules/mod_auth_digest.so cp .libs/mod_auth_digest.lai /usr/local/apache2/modules/mod_auth_digest.la cp .libs/mod_auth_digest.a /usr/local/apache2/modules/mod_auth_digest.a chmod 644 /usr/local/apache2/modules/mod_auth_digest.a ranlib /usr/local/apache2/modules/mod_auth_digest.a PATH="$PATH:/sbin" ldconfig -n /usr/local/apache2/modules ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/apache2/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- chmod 755 /usr/local/apache2/modules/mod_auth_digest.so Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From ioplex at gmail.com Mon Feb 2 14:11:17 2009 From: ioplex at gmail.com (Michael B Allen) Date: Mon, 2 Feb 2009 14:11:17 -0500 Subject: [nycphp-talk] cookie authenticators Message-ID: <78c6bd860902021111h5ba133bdy8f247b2de845b47b@mail.gmail.com> On Mon, Feb 2, 2009 at 1:05 PM, Paul A Houle wrote: > Note that sites like yahoo, google, amazon, twitter, ebay, and digg > don't use Basic Auth, Digest Auth or any of the Auth systems built into the > http standard. They use the unofficial standard that's described in the > following paper: > > http://pdos.csail.mit.edu/papers/webauth:sec10.pdf This looks like a fun paper (the WSJ.com hack is forehead smacking funny). But from looking at it briefly, I'm a little confused. It's all about using cookie authenticators but it doesn't explain why one would use cookie authenticators. My understanding is that cookie authenticators are mostly only useful for allowing the authentication state to persist across visits. Otherwise, you wouldn't need to use cookies at all - you could just store the authenticator in the HTTP session on the server. From a security perspective, cookies can be sniffed just like session ids so there's not a great benefit there. But the paper also has a section that says "do not use persistent cookies" since another user on the system could copy the cookie and gain access to your account but that would completely defeat the purpose of using cookie authenticators as it would be easier to simply use a server side authenticator. It seems to me, if you want persistent authentication, cookie authenticators must persist. And the only real benefit they provider in terms of security is that session ids can be leaked in URLs whereas cookies cannot (minus browser bugs that allow stealing cookies). Are client side cookie authenticators really more *secure* than server side session authenticators? Or do cookie authenticators actually reduce security but are used anyway because persistent authentication is a required user experience feature? Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ From lists at zaunere.com Mon Feb 2 14:24:54 2009 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 2 Feb 2009 14:24:54 -0500 Subject: [nycphp-talk] Httpd In-Reply-To: <20090202184414.CXNI4789.hrndva-omta02.mail.rr.com@DeJaVu> References: <20090202184414.CXNI4789.hrndva-omta02.mail.rr.com@DeJaVu> Message-ID: <017f01c9856b$edb55a50$c9200ef0$@com> > Can someone direct me to a apache forum other than > http://httpd.apache.org/lists.html. I gotten no response. > > I modified mod_auth_digest to use mysql and crypt, but the crypt symbol > is undefined when I try to restart apache. What are you actually trying to do? I doubt you need to hack Apache modules to accomplish whatever it is. There are modules to authenticate against a MySQL database. Check out the module listings for Apache. But, seeing as this is a PHP list, you probably should use PHP/MySQL together, which can do the authentication for you... like it does for millions of other web sites. H From mmwaldman at nyc.rr.com Mon Feb 2 14:48:27 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Mon, 2 Feb 2009 14:48:27 -0500 Subject: [nycphp-talk] Httpd In-Reply-To: <017f01c9856b$edb55a50$c9200ef0$@com> Message-ID: <20090202194826.FFDH4789.hrndva-omta02.mail.rr.com@DeJaVu> I want to check the Authorization header for the realm. Can't do that with Basic Authentication, because realm is not defined in that case. There is one that authenticates against mysql. It's called mod_auth_mysql. But, it uses Basic authentication, which is insufficient. Hacking the mod_auth_digest module was a simple process. I simply switch the actual user and password verification from the file to the database. Who knows. Maybe, it will be a new trend. :-) I left all of the nce stuff in place. But I can not get it to link to the standard library crypt for some reason. This is the biggest compilation problem I've ever had. I've tried everything I could think of, except apr_password_validate(sent_pw, real_pw) instead of crypt. Duh. That should work. I do use PHP_AUTH_USER for some stuff, just not this. The site is a combo of php, mysql, javascript, html, css and htaccess. Plus, I'm dying to see if my modifications will fly. If it works, it will be pretty nifty. I'm going to try that function now. Michele -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Hans Zaunere Sent: Monday, February 02, 2009 2:25 PM To: 'NYPHP Talk' Subject: Re: [nycphp-talk] Httpd > Can someone direct me to a apache forum other than > http://httpd.apache.org/lists.html. I gotten no response. > > I modified mod_auth_digest to use mysql and crypt, but the crypt symbol > is undefined when I try to restart apache. What are you actually trying to do? I doubt you need to hack Apache modules to accomplish whatever it is. There are modules to authenticate against a MySQL database. Check out the module listings for Apache. But, seeing as this is a PHP list, you probably should use PHP/MySQL together, which can do the authentication for you... like it does for millions of other web sites. H _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From paul at devonianfarm.com Mon Feb 2 15:03:21 2009 From: paul at devonianfarm.com (Paul A Houle) Date: Mon, 02 Feb 2009 15:03:21 -0500 Subject: [nycphp-talk] cookie authenticators In-Reply-To: <78c6bd860902021111h5ba133bdy8f247b2de845b47b@mail.gmail.com> References: <78c6bd860902021111h5ba133bdy8f247b2de845b47b@mail.gmail.com> Message-ID: <49875189.1070809@devonianfarm.com> Michael B Allen wrote: > Otherwise, you wouldn't need to use > cookies at all - you could just store the authenticator in the HTTP > session on the server. From a security perspective, cookies can be > sniffed just like session ids so there's not a great benefit there. > But the paper also has a section that says "do not use persistent > cookies" since another user on the system could copy the cookie and > gain access to your account but that would completely defeat the > purpose of using cookie authenticators as it would be easier to simply > use a server side authenticator. > > Four things. (1) The server has to give the browser something to connect the browser to a particular server side session. This either going to be a cookie or it's going to be a token in the URL or maybe it's going to be private data in a flash or silverlight app. (2) Server-side sessions have all sorts of problems. The details depend on your language, but there's always a devil in them. For instance, there's a global lock on PHP sessions that hurts the scalability of PHP apps that use sessions. ASP.NET, on the other hand, dumps the session jar on the floor whenever the server has a glitch or when the .NET assemblies from the sites are reloaded. This is why imeem.com logs me out two to three times a day: it's fair to say that I think about joining another music site every time that that happens. (3) Server-side session mechanisms are also bound to a particular environment: in the real world, organizations often need to work with multiple languages: it's quite possible to use signed cookies to authenticate against applications in PHP, Java, Perl, Ruby, Cold Fusion and ASP.NET. (I've done it) A decent implementation is about 100 lines of code. (4) Signed cookies scale, since you don't need to look at a database to validate them. > It seems to me, if you want persistent authentication, cookie > authenticators must persist. And the only real benefit they provider > in terms of security is that session ids can be leaked in URLs whereas > cookies cannot (minus browser bugs that allow stealing cookies). > > Are client side cookie authenticators really more *secure* than server > side session authenticators? Or do cookie authenticators actually > reduce security but are used anyway because persistent authentication > is a required user experience feature? > You have to look at the details. The signed cookie system described in that paper can be analyzed on it's own. A security analysis of a system based on say PHP or ASP.NET sessions requires an analysis of the session mechanism. A one-line code change in the session system in a future version of your platform could break the security of the system without you even noticing it. Systems that put a token in the URL can be manipulated: http://en.wikipedia.org/wiki/Session_fixation Since mainstream server-based sessions are passing some token in the clear, sessions can be stolen by packet sniffing. You can certainly use some cryptography powered by Javascript or Silverlight or something to defeat certain packet sniffing attacks, but public key methods need some kind of trusted authority to defend against man-in-the-middle attacks. That's what SSL certificates should provide -- and you should be using SSL if this is a concern. ------------ Another issue that you're talking about is the "remember me" option that we see on a lot of public facing sites. Amazon.com is a good example, because they support different kinds of activities: (i) community and (ii) commerce. Community sites really need "remember me" to be viable. If I had to log into facebook every time I got an e-mail saying that a friend tagged a photo of me, I wouldn't do it. Amazon lets you use the low-security functions of the site with a remembered token, but forces you to type your password to do anything that's security sensitive. "Remember me" is generally done by generating a random token in the database, putting it in a cookie, and checking the cookie against a database -- if there is a match, you create a cryptographically signed session. The database lookup is required because you need the ability to revoke a token when a user wants to "log out". From mitch.pirtle at gmail.com Mon Feb 2 15:46:24 2009 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Mon, 2 Feb 2009 15:46:24 -0500 Subject: [nycphp-talk] Link to article about nested sets Message-ID: <330532b60902021246k14c00209u658ebbb38a7be954@mail.gmail.com> Apologies for the cross-post, I can't remember if this was a request from NYPHP or the NYCJUG. *blush* Somebody at the last meet was asking about nested sets, and I promised to get them the URL: http://dev.mysql.com/tech-resources/articles/hierarchical-data.html -- Mitch From michael.southwell at nyphp.com Mon Feb 2 16:07:34 2009 From: michael.southwell at nyphp.com (Michael Southwell) Date: Mon, 02 Feb 2009 16:07:34 -0500 Subject: [nycphp-talk] large file uploads with cgi php Message-ID: <49876096.9060902@nyphp.com> I have a site on a shared host where PHP is running as a CGI. I need to allow file uploads larger than the default 7M. The host tells me that I can create a local php.ini with the appropriate settings and a wrapper that execs the system php5.cgi, and then in .htaccess add php5-cgi as a php handler, with a pointer to the wrapper. I did all this but the effect is that no pre-processing at all is going on. Does anybody have ideas about (1) what I might do as an alternative (short of changing hosts), or (2) what might be wrong with the way I'm trying to do this (I am admittedly flying near-blind here)? -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From dcech at phpwerx.net Mon Feb 2 16:14:40 2009 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 02 Feb 2009 16:14:40 -0500 Subject: [nycphp-talk] Link to article about nested sets In-Reply-To: <330532b60902021246k14c00209u658ebbb38a7be954@mail.gmail.com> References: <330532b60902021246k14c00209u658ebbb38a7be954@mail.gmail.com> Message-ID: <49876240.7050409@phpwerx.net> Mitch Pirtle wrote: > Apologies for the cross-post, I can't remember if this was a request > from NYPHP or the NYCJUG. *blush* > > Somebody at the last meet was asking about nested sets, and I promised > to get them the URL: > > http://dev.mysql.com/tech-resources/articles/hierarchical-data.html Ahh yes, good old nested sets. I still prefer the hybrid approach I took with phpGACL (http://phpgacl.sf.net) and my old clew demo that stores both both adjacency and nsm data. For a very small storage overhead you get the benefits of both approaches (try pulling immediate children from an nsm tree) and the ability to rebuild the nsm data from scratch if it gets especially messed up (not that there would ever be bugs...). I've been meaning to sit down and try to figure out a variation using intervals between the lft and rgt values so that inserts are cheaper, just haven't had a project that needed it enough to motivate me yet! If anyone wants to pick apart my old implementations feel free to check out http://clew.phpwerx.net/, the source code is linked at the bottom. Dan From michael.southwell at nyphp.com Mon Feb 2 16:36:58 2009 From: michael.southwell at nyphp.com (Michael Southwell) Date: Mon, 02 Feb 2009 16:36:58 -0500 Subject: [nycphp-talk] large file uploads - clarification Message-ID: <4987677A.9020606@nyphp.com> actually, upon more investigation, I find that the replacement php.ini is indeed being read, and some pre-processing is actually taking place. But is not getting parsed, and is instead getting inserted into the output stream. Short_open-tag is set to off but that's something different. Any ideas about what might be going on here? (This also seems to break JavaScript, by the way.) -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From dcech at phpwerx.net Mon Feb 2 16:41:08 2009 From: dcech at phpwerx.net (Dan Cech) Date: Mon, 02 Feb 2009 16:41:08 -0500 Subject: [nycphp-talk] large file uploads - clarification In-Reply-To: <4987677A.9020606@nyphp.com> References: <4987677A.9020606@nyphp.com> Message-ID: <49876874.50105@phpwerx.net> Michael Southwell wrote: > actually, upon more investigation, I find that the replacement php.ini > is indeed being read, and some pre-processing is actually taking place. > But is not getting parsed, and is instead getting > inserted into the output stream. Short_open-tag is set to off but that's > something different. Any ideas about what might be going on here? (This > also seems to break JavaScript, by the way.) Are you sure about that? AFAIK short_open_tag off will prevent using that syntax. You can turn it on in your custom php.ini. Dan From michael.southwell at nyphp.com Mon Feb 2 16:57:48 2009 From: michael.southwell at nyphp.com (Michael Southwell) Date: Mon, 02 Feb 2009 16:57:48 -0500 Subject: [nycphp-talk] large file uploads - clarification In-Reply-To: <49876874.50105@phpwerx.net> References: <4987677A.9020606@nyphp.com> <49876874.50105@phpwerx.net> Message-ID: <49876C5C.60901@nyphp.com> Dan Cech wrote: > > Are you sure about that? AFAIK short_open_tag off will prevent using > that syntax. Well, I'll be..... you learn something new every day, and unfortunately a lot of the time it's something you should have known before. Problem solved. Thanks, Dan! -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From tmpvar at gmail.com Mon Feb 2 17:16:13 2009 From: tmpvar at gmail.com (Elijah Insua) Date: Mon, 2 Feb 2009 17:16:13 -0500 Subject: [nycphp-talk] Link to article about nested sets In-Reply-To: <49876240.7050409@phpwerx.net> References: <330532b60902021246k14c00209u658ebbb38a7be954@mail.gmail.com> <49876240.7050409@phpwerx.net> Message-ID: <2b4feca10902021416u600d96cdu556077566c588804@mail.gmail.com> demo appears to be broken On Mon, Feb 2, 2009 at 4:14 PM, Dan Cech wrote: > Mitch Pirtle wrote: > > Apologies for the cross-post, I can't remember if this was a request > > from NYPHP or the NYCJUG. *blush* > > > > Somebody at the last meet was asking about nested sets, and I promised > > to get them the URL: > > > > http://dev.mysql.com/tech-resources/articles/hierarchical-data.html > > Ahh yes, good old nested sets. I still prefer the hybrid approach I > took with phpGACL (http://phpgacl.sf.net) and my old clew demo that > stores both both adjacency and nsm data. > > For a very small storage overhead you get the benefits of both > approaches (try pulling immediate children from an nsm tree) and the > ability to rebuild the nsm data from scratch if it gets especially > messed up (not that there would ever be bugs...). > > I've been meaning to sit down and try to figure out a variation using > intervals between the lft and rgt values so that inserts are cheaper, > just haven't had a project that needed it enough to motivate me yet! > > If anyone wants to pick apart my old implementations feel free to check > out http://clew.phpwerx.net/, the source code is linked at the bottom. > > Dan > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Mon Feb 2 18:02:18 2009 From: chsnyder at gmail.com (csnyder) Date: Mon, 2 Feb 2009 18:02:18 -0500 Subject: [nycphp-talk] Link to article about nested sets In-Reply-To: <49876240.7050409@phpwerx.net> References: <330532b60902021246k14c00209u658ebbb38a7be954@mail.gmail.com> <49876240.7050409@phpwerx.net> Message-ID: On Mon, Feb 2, 2009 at 4:14 PM, Dan Cech wrote: > Ahh yes, good old nested sets. I still prefer the hybrid approach I > took with phpGACL (http://phpgacl.sf.net) and my old clew demo that > stores both both adjacency and nsm data. > > For a very small storage overhead you get the benefits of both > approaches (try pulling immediate children from an nsm tree) and the > ability to rebuild the nsm data from scratch if it gets especially > messed up (not that there would ever be bugs...). > > I've been meaning to sit down and try to figure out a variation using > intervals between the lft and rgt values so that inserts are cheaper, > just haven't had a project that needed it enough to motivate me yet! We use left+right+parentId, so that immediate children are easy to find. It works pretty well to bulk-insert a bunch of empty nodes and then use them up as you go (to cut down on insert time). That's not going to be a good solution if your inserts are really spread out all over the tree, but in the apps I've built so far the majority of inserts happen at just a few nodes. Cron can be used to keep a ready supply of fresh nodes in those locations, and you take nearly the same performance hit whether you insert one or 50. If you use NSM, definitely write a test script that bulks up the tree so you can see what performance is like with 50k nodes vs. 500k nodes. You're going to notice, and you need to be prepared for it. Some kind of interval-based partitioning will probably be necessary if you need to run on a standard server with > 100k nodes, or if you are going to try to catch a lot of inserts at the same time. From ps at blu-studio.com Mon Feb 2 19:43:46 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Mon, 2 Feb 2009 19:43:46 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web Message-ID: <000001c98598$79862f10$6c928d30$@com> If you still know additional high-profile corp. or non-profit PHP users that can be added to this list below, please reply with your additions. Yahoo www.yahoo.com Facebook www.facebook.com Amazon www.amazon.com Flickr www.flickr.com Wikipedia www.wikipedia.com Greenpeace www.greenpeace.org UNICEF www.unicef.org UNESCO www.unesco.org Audubon Society www.audubon.org CancerCare www.cancercare.org Autism Speaks www.autismspeaks.org Betty Ford Center www.bettyfordcenter.org NAACP www.naacp.org The Fund for Peace www.fundforpeace.org Peaceforce www.nonviolentpeaceforce.org Lilly Endowment www.lillyendowment.org International Herald Tribune www.iht.com NYC Parks Department www.nycgovparks.org NY Botanical Garden www.nybg.org NY Times www.nytimes.com MTV www.mtv.com United Nations www.un.org Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From ps at blu-studio.com Mon Feb 2 23:31:52 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Mon, 2 Feb 2009 23:31:52 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web In-Reply-To: <000001c98598$79862f10$6c928d30$@com> References: <000001c98598$79862f10$6c928d30$@com> Message-ID: <003701c985b8$56e8e4f0$04baaed0$@com> Well, I added a few more myself... Yahoo www.yahoo.com Facebook www.facebook.com Amazon www.amazon.com Flickr www.flickr.com Wikipedia www.wikipedia.com Second Life www.secondlife.com Harvard University www.harvard.edu Amherst College www.amherst.edu Tufts University www.tufts.edu Nobel Prize Foundation www.nobelprize.org Hearst Foundation www.hearstfdn.org Lilly Endowment www.lillyendowment.org Greenpeace www.greenpeace.org Audubon Society www.audubon.org UNICEF www.unicef.org UNESCO www.unesco.org CancerCare www.cancercare.org Autism Speaks www.autismspeaks.org Betty Ford Center www.bettyfordcenter.org Magic Johnson Foundation www.magicjohnson.com NAACP www.naacp.org Peaceforce www.nonviolentpeaceforce.org United Nations www.un.org Museum of Contemporary Art Los Angeles www.moca.org Art Institute of Chicago www.artic.edu Museum of Modern Art (NYC) www.moma.org American Museum of Natural History (NYC) www.amnh.org Brooklyn Museum www.brooklynmuseum.org NY Times www.nytimes.com International Herald Tribune www.iht.com MTV www.mtv.com Port Authority of NY & NJ www.panynj.gov NYC Parks Department www.nycgovparks.org NY Botanical Garden www.nybg.org Central Park (NYC) www.centralpark.com Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Peter Sawczynec Sent: Monday, February 02, 2009 7:44 PM To: 'Org, Talk at Nyphp.' Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web If you still know additional high-profile corp. or non-profit PHP users that can be added to this list below, please reply with your additions. Yahoo www.yahoo.com Facebook www.facebook.com Amazon www.amazon.com Flickr www.flickr.com Wikipedia www.wikipedia.com Greenpeace www.greenpeace.org UNICEF www.unicef.org UNESCO www.unesco.org Audubon Society www.audubon.org CancerCare www.cancercare.org Autism Speaks www.autismspeaks.org Betty Ford Center www.bettyfordcenter.org NAACP www.naacp.org The Fund for Peace www.fundforpeace.org Peaceforce www.nonviolentpeaceforce.org Lilly Endowment www.lillyendowment.org International Herald Tribune www.iht.com NYC Parks Department www.nycgovparks.org NY Botanical Garden www.nybg.org NY Times www.nytimes.com MTV www.mtv.com United Nations www.un.org Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From jcampbell1 at gmail.com Mon Feb 2 23:52:42 2009 From: jcampbell1 at gmail.com (John Campbell) Date: Mon, 2 Feb 2009 23:52:42 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web In-Reply-To: <003701c985b8$56e8e4f0$04baaed0$@com> References: <000001c98598$79862f10$6c928d30$@com> <003701c985b8$56e8e4f0$04baaed0$@com> Message-ID: <8f0676b40902022052r2b8a3b6axec1754baa3b931c3@mail.gmail.com> Thanks for compiling the list. Thought it was a little silly at first, but now that you have responded with the compiled list, I am glad you asked. Cheers, John Campbell 2009/2/2 Peter Sawczynec : > Well, I added a few more myself... > > Yahoo www.yahoo.com > Facebook www.facebook.com > Amazon www.amazon.com > Flickr www.flickr.com > Wikipedia www.wikipedia.com > Second Life www.secondlife.com > > Harvard University www.harvard.edu > Amherst College www.amherst.edu > Tufts University www.tufts.edu > > Nobel Prize Foundation www.nobelprize.org > Hearst Foundation www.hearstfdn.org > Lilly Endowment www.lillyendowment.org > > Greenpeace www.greenpeace.org > Audubon Society www.audubon.org > UNICEF www.unicef.org > UNESCO www.unesco.org > CancerCare www.cancercare.org > Autism Speaks www.autismspeaks.org > Betty Ford Center www.bettyfordcenter.org > Magic Johnson Foundation www.magicjohnson.com > NAACP www.naacp.org > Peaceforce www.nonviolentpeaceforce.org > United Nations www.un.org > > Museum of Contemporary Art Los Angeles www.moca.org > Art Institute of Chicago www.artic.edu > Museum of Modern Art (NYC) www.moma.org > American Museum of Natural History (NYC) www.amnh.org > Brooklyn Museum www.brooklynmuseum.org > > NY Times www.nytimes.com > International Herald Tribune www.iht.com > MTV www.mtv.com > > Port Authority of NY & NJ www.panynj.gov > NYC Parks Department www.nycgovparks.org > NY Botanical Garden www.nybg.org > Central Park (NYC) www.centralpark.com > > Warmest regards, > > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On Behalf Of Peter Sawczynec > Sent: Monday, February 02, 2009 7:44 PM > To: 'Org, Talk at Nyphp.' > Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > > If you still know additional high-profile corp. or > non-profit PHP users that can be added to this list > below, please reply with your additions. > > Yahoo www.yahoo.com > Facebook www.facebook.com > Amazon www.amazon.com > Flickr www.flickr.com > Wikipedia www.wikipedia.com > Greenpeace www.greenpeace.org > UNICEF www.unicef.org > UNESCO www.unesco.org > Audubon Society www.audubon.org > CancerCare www.cancercare.org > Autism Speaks www.autismspeaks.org > Betty Ford Center www.bettyfordcenter.org > NAACP www.naacp.org > The Fund for Peace www.fundforpeace.org > Peaceforce www.nonviolentpeaceforce.org > Lilly Endowment www.lillyendowment.org > International Herald Tribune www.iht.com > NYC Parks Department www.nycgovparks.org > NY Botanical Garden www.nybg.org > NY Times www.nytimes.com > MTV www.mtv.com > United Nations www.un.org > > Warmest regards, > > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From ramons at gmx.net Tue Feb 3 07:14:09 2009 From: ramons at gmx.net (David Krings) Date: Tue, 03 Feb 2009 07:14:09 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web In-Reply-To: <000001c98598$79862f10$6c928d30$@com> References: <000001c98598$79862f10$6c928d30$@com> Message-ID: <49883511.8090202@gmx.net> Peter Sawczynec wrote: > If you still know additional high-profile corp. or > non-profit PHP users that can be added to this list > below, please reply with your additions. Hi! Found by accident that our local museum and planetarium uses PHP as well: http://www.schenectadymuseum.org/ Best to see when one clicks on the planetarium link. Or another museum on the other side of the Mohawk: http://www.esam.org/ And how could I forget the support page I made years ago for Ingersoll-Rand / Schlage. My replacements made some changes to it, but it uses PHP for the search: http://irsupport.net/ HTH, David From greg.rundlett at gmail.com Tue Feb 3 08:41:08 2009 From: greg.rundlett at gmail.com (Greg Rundlett) Date: Tue, 3 Feb 2009 08:41:08 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web In-Reply-To: <49883511.8090202@gmx.net> References: <000001c98598$79862f10$6c928d30$@com> <49883511.8090202@gmx.net> Message-ID: <5e2aaca40902030541s209945b5qc7904d8d61b152ff@mail.gmail.com> I too am glad to see a nice list. The compiled list (plus link to Whitepaper) is at http://freephile.com/wiki/index.php/Who_uses_php Cite or re-use freely From smanes at magpie.com Tue Feb 3 09:30:43 2009 From: smanes at magpie.com (Steve Manes) Date: Tue, 03 Feb 2009 09:30:43 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web In-Reply-To: <000001c98598$79862f10$6c928d30$@com> References: <000001c98598$79862f10$6c928d30$@com> Message-ID: <49885513.8090604@magpie.com> Peter Sawczynec wrote: > If you still know additional high-profile corp. or > non-profit PHP users that can be added to this list > below, please reply with your additions. The Childrens Health Fund http://childrenshealthfund.org/ From smanes at magpie.com Tue Feb 3 09:36:05 2009 From: smanes at magpie.com (Steve Manes) Date: Tue, 03 Feb 2009 09:36:05 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web In-Reply-To: <49885513.8090604@magpie.com> References: <000001c98598$79862f10$6c928d30$@com> <49885513.8090604@magpie.com> Message-ID: <49885655.1080106@magpie.com> Steve Manes wrote: > Peter Sawczynec wrote: >> If you still know additional high-profile corp. or non-profit PHP >> users that can be added to this list below, please reply with your >> additions. > > The Childrens Health Fund http://childrenshealthfund.org/ I don't know if you're just looking just for public web sites but the Transportation and Referral Management Systems (TRMS) I built for them is rolling out to all 17 CHF programs around the country. It's PHP5 + PostgreSQL. I'm about to start a new one for childhood diabetes. From ramons at gmx.net Tue Feb 3 10:16:03 2009 From: ramons at gmx.net (David Krings) Date: Tue, 03 Feb 2009 10:16:03 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web In-Reply-To: <000001c98598$79862f10$6c928d30$@com> References: <000001c98598$79862f10$6c928d30$@com> Message-ID: <49885FB3.3080801@gmx.net> Peter Sawczynec wrote: > If you still know additional high-profile corp. or > non-profit PHP users that can be added to this list > below, please reply with your additions. Hi! I 'found' another one, this time a for-profit corporation and a Microsoft DotNet Showcase Company. MadCap Software uses PHP to run their support forum (which is phpBB) at http://forums.madcapsoftware.com One of these cases where I look at it every day and just don't register that it is PHP. As a disclaimer (no clue if it is needed), I am a MadCap MVP and MAD certified (not certified mad!). David From mmwaldman at nyc.rr.com Tue Feb 3 13:48:19 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Tue, 3 Feb 2009 13:48:19 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! Message-ID: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> Guys, It totally works! Am I the first to write mod_auth_digest/mysql? If anyone ever wants to use it, be my guest. There will be one condition though. You have to know c and return the module slightly more graceful. I really don't have time to piddle around with this anymore. It's not my most beautiful work, but it's sound. I haven't programmed in c since 12/00. I was to add Opaque to the implementation, but I'm not sure it's in use by the browsers. Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From zippy1981 at gmail.com Tue Feb 3 15:18:21 2009 From: zippy1981 at gmail.com (Justin Dearing) Date: Tue, 3 Feb 2009 15:18:21 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> References: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> Message-ID: <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> Michelle, I don't have the time or inclination to go refactoring C code that works, but I'll gladly make a sourceforge project and see if I can improve the docs or build process. I do know enough C to avoid it in favor of a language with a garbage collector, so if you have some specific improvement I could make without too much effort I'll give those a go. Say the word pick a license and I'll make a sourceforge project. Regards, Justin Dearing On Tue, Feb 3, 2009 at 1:48 PM, Michele Waldman wrote: > Guys, > > > > It totally works! > > Am I the first to write mod_auth_digest/mysql? > > If anyone ever wants to use it, be my guest. There will be one condition > > though. You have to know c and return the module slightly more graceful. > > I really don't have time to piddle around with this anymore. > > It's not my most beautiful work, but it's sound. > > I haven't programmed in c since 12/00. > > I was to add Opaque to the implementation, but I'm not sure it's in use by > the browsers. > > > > Michele > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ioplex at gmail.com Tue Feb 3 15:29:09 2009 From: ioplex at gmail.com (Michael B Allen) Date: Tue, 3 Feb 2009 15:29:09 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> References: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> Message-ID: <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> On Tue, Feb 3, 2009 at 3:18 PM, Justin Dearing wrote: > I do know enough C to avoid it in favor of a language with a garbage > collector Here are few facts that make your statement somewhat ironic: 1. PHP is basically just a wrapper around C and C libraries 2. PHP is written in C 3. PHP does not have garbage collection Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ From dorgan at donaldorgan.com Tue Feb 3 15:34:36 2009 From: dorgan at donaldorgan.com (Donald J. Organ IV) Date: Tue, 3 Feb 2009 15:34:36 -0500 (EST) Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> Message-ID: <16634203.941233693276246.JavaMail.root@twoguyshosting.com.> I think he meant compiled languages... ----- Original Message ----- From: "Michael B Allen" To: "NYPHP Talk" Sent: Tuesday, February 3, 2009 3:29:09 PM GMT -05:00 US/Canada Eastern Subject: Re: [nycphp-talk] Mod_auth_digest/mysql works! On Tue, Feb 3, 2009 at 3:18 PM, Justin Dearing wrote: > I do know enough C to avoid it in favor of a language with a garbage > collector Here are few facts that make your statement somewhat ironic: 1. PHP is basically just a wrapper around C and C libraries 2. PHP is written in C 3. PHP does not have garbage collection Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From zippy1981 at gmail.com Tue Feb 3 16:08:06 2009 From: zippy1981 at gmail.com (Justin Dearing) Date: Tue, 3 Feb 2009 16:08:06 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <16634203.941233693276246.JavaMail.root@twoguyshosting.com.> References: <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> <16634203.941233693276246.JavaMail.root@twoguyshosting.com.> Message-ID: <5458db3c0902031308g75e13b80v93ef2bf9d54fc625@mail.gmail.com> I like the syntax of C. I don't like having to malloc memory. PHP may not have a garbage collector, but I don't have to manually deallocate memory for the most part. Of course I still have to connect and disconnect from the database manually, and scrub sql parameters, but its easier to avoid mistakes in those two situations then you do with malloc and free. On Tue, Feb 3, 2009 at 3:34 PM, Donald J. Organ IV wrote: > I think he meant compiled languages... > > > ----- Original Message ----- > From: "Michael B Allen" > To: "NYPHP Talk" > Sent: Tuesday, February 3, 2009 3:29:09 PM GMT -05:00 US/Canada Eastern > Subject: Re: [nycphp-talk] Mod_auth_digest/mysql works! > > On Tue, Feb 3, 2009 at 3:18 PM, Justin Dearing > wrote: > > I do know enough C to avoid it in favor of a language with a garbage > > collector > > Here are few facts that make your statement somewhat ironic: > > 1. PHP is basically just a wrapper around C and C libraries > > 2. PHP is written in C > > 3. PHP does not have garbage collection > > Mike > > -- > Michael B Allen > Java Active Directory Integration > http://www.ioplex.com/ > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Tue Feb 3 17:21:52 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 3 Feb 2009 17:21:52 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> References: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> Message-ID: <20090203222152.GA26602@panix.com> Hi Mike: On Tue, Feb 03, 2009 at 03:29:09PM -0500, Michael B Allen wrote: > > 3. PHP does not have garbage collection Yes it does. That's what the various gc_* php.ini settings are for: http://php.net/session.configuration --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Tue Feb 3 17:26:08 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 3 Feb 2009 17:26:08 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <20090203222152.GA26602@panix.com> References: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> <20090203222152.GA26602@panix.com> Message-ID: <20090203222608.GA10188@panix.com> Hey Again Mike: On Tue, Feb 03, 2009 at 05:21:52PM -0500, Daniel Convissor wrote: > > On Tue, Feb 03, 2009 at 03:29:09PM -0500, Michael B Allen wrote: > > > > 3. PHP does not have garbage collection > > Yes it does. That's what the various gc_* php.ini settings are for: > http://php.net/session.configuration Doh! Those are for session garbage collection. None the less, PHP does have garbage collection. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From jcampbell1 at gmail.com Tue Feb 3 18:26:15 2009 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 3 Feb 2009 18:26:15 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <20090203222608.GA10188@panix.com> References: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> <20090203222152.GA26602@panix.com> <20090203222608.GA10188@panix.com> Message-ID: <8f0676b40902031526n33376930q18a0fc186998ce12@mail.gmail.com> > > None the less, PHP does > have garbage collection. Php uses simple reference counts, and the counters are updated continuously. I take garbage collection to mean there is a periodic process where unreachable objects are found and deleted. There is no periodic garbage collection in php. Memory is freed as soon as the reference count goes to zero. Regards, John Campbell From ioplex at gmail.com Tue Feb 3 18:35:15 2009 From: ioplex at gmail.com (Michael B Allen) Date: Tue, 3 Feb 2009 18:35:15 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <20090203222608.GA10188@panix.com> References: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> <20090203222152.GA26602@panix.com> <20090203222608.GA10188@panix.com> Message-ID: <78c6bd860902031535k1dbccc12ha26b5dd992493cb@mail.gmail.com> On Tue, Feb 3, 2009 at 5:26 PM, Daniel Convissor wrote: > Hey Again Mike: > > On Tue, Feb 03, 2009 at 05:21:52PM -0500, Daniel Convissor wrote: >> >> On Tue, Feb 03, 2009 at 03:29:09PM -0500, Michael B Allen wrote: >> > >> > 3. PHP does not have garbage collection >> >> Yes it does. That's what the various gc_* php.ini settings are for: >> http://php.net/session.configuration > > Doh! Those are for session garbage collection. None the less, PHP does > have garbage collection. Not really. But it wouldn't be hard to split some hairs in this conversation. My understanding is that true "garbage collection" doesn't immediately free objects when they fall out of scope or when they're set to nil but rather maintains table references that can be used to periodically figure out how to efficiently free things later. Usually there's a background process that does this in a way that allows programs to "run wild" but then free things when the CPU becomes idle or if free memory runs low. I'm not an expert on this stuff so my description is probably oversimplified but PHP does not do the above. It just frees everything as soon as it's unset. Or maybe it waits to some degree but I don't think there's a sophisticated algorithm behind it, it doesn't maintain a separate table of allocations (the zvals and resources *are* the allocation table) and it doesn't use a separate process to do any of this. GC has never been a really high priority since PHP scripts are usually fairly short lived. An important implication of this is that I would imagine if you tried to write a long-lived PHP script that did a lot of work like a CLI script run from cron, you'd find the script would behave poorly after a while and may even just run out of memory entirely if you didn't aggressively unset() things. With proper GC that would not happen. I have written PHP extensions and to do that you need to know how things are allocated internally. There are two types of memory objects - zvals and resources. The zvals are used to represent arrays, objects, variable length data (strings), integers and doubles. Since you can completely traverse a zval and all descendants, PHP can automatically delete the entire tree when the root zval is unset(). Resources are managed by extensions and have deconstructors that are responsible for freeing all memory associated with them. These are used for things like file handles, database connections, drawing contexts and so on. If you unset a resource it fires the deconstructor which must explicitily go through and free any memory that has been allocated by the resource. My instinct is that PHP probably does delay deallocation of things that are unset for a short time reasoning that the script will probably complete by the time it needs to actually free things. But that's pure speculation on my part. It just seems like a smart thing to do. Then again, if you unset() something and then look at memory_get_usage it shows the memory has been deallocated (although it could just be lying or call the "collection" routine first). Again, I'm not an expert on this so I've probably trampled some truth in a message this size. But I know for sure that it is not accurate to say that "PHP uses garbage collection". Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ From mmwaldman at nyc.rr.com Tue Feb 3 19:30:58 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Tue, 3 Feb 2009 19:30:58 -0500 Subject: [nycphp-talk] Definitely A Digest Request bug in IE Message-ID: <20090204003057.WSVP8681.hrndva-omta05.mail.rr.com@DeJaVu> This can't possibly be the way a request should work. Don't try this at home. If this is misinformation, my apologies in advanced, but I've tested it out like 30 times using the originally install http on my server. When I was just testing my variation of mod_auth_digest, I found IE 7 may have a bug or odd behavior. The first time it requests login.php in one realm, it's fine. The first times requests logoff.php in another realm, it's fine. The second time it requests login.php, it uses the user name and realm from logoff.php in the request instead of the user name for login.php which is in the dialog box by default. Typing it in doesn't make a difference. When the authorization fails and the user re-enters his/her info, it sends another request with the correct user name and realm, but this time it doesn't recognize the response from http. It prompts a third time for good measure. You can go back to the logoff.php page without authorization. I'm going round and round with this. I tested out the original mod_auth_digest file in IE, changing from realm to realm with that module produced the same problem as I was seeing in my variation. I was using: AuthType Digest AuthName "login" AuthUserFile /path/.htpasswd AuthDigestDomain https://domain/account/ require valid-user AuthType Digest AuthName "logoff" AuthUserFile /path/.htpasswd AuthDigestDomain https://domain/account/ require valid-user The contents of login.php and logoff.php are .htpassword contains two users of the appropriate realm created with .htdigest. In ie, I request login.php I request logoff.php I request login.php, boom, two 3 dialog boxes and fails authorization. I request logoff.php, it displays. I'm going to try to find a work around for this. Anyone interested is welcome to try this little test out or explain to me this is how digest works. I know what's in the actual request values because I printed them out from mod_auth_digest. In Firefox, this is not the behavior. Each previously logged into page can't be viewed. I would prefer re-authenication every time the realm is changed for the same AuthDigestDomain. It sets the first realm for the domain. When you log into another page in a different realm in the same domain, it doesn't change the realm. Other subsequent page requests are made with the initial realm plus you have to get the user name from $_SERVER["PHP_AUTH_DIGEST"] because $_SERVER[AUTH_USER_NAME] isn't set. Arrggghh! My stinking changes to make mod_auth_digest work with mysql worked. Unfortunately, mod_auth_digest seems to not be implemented correctly on the browsers. Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Tue Feb 3 19:52:00 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Tue, 3 Feb 2009 19:52:00 -0500 Subject: [nycphp-talk] IE Bug, con't Message-ID: <20090204005159.BAVP9335.hrndva-omta03.mail.rr.com@DeJaVu> Safari doesn't even set the digest realm for subsequent page calls in the domain. Opera doesn't appear to have implemented digest. This would be such a clean, simple security implementation. It would be sweet if they get the bugs out and all implement it the same way. Shouldn't it be one protocol for communicating with the server? Or is it just me? If I have any input when there are two realms defined for the same domain it would switch to the new realm after log in. This is a key point. Seriously, this design is simple and easy to implement for account security. Only problem is is that the browsers don't work or work the same. If anyone has any influence on this matter, please, tell them they need to fix digest. I don't know how I'm going to handle this or what I'm going to tell my client. "It's not my program. It's the browsers"? Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Tue Feb 3 20:45:54 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Tue, 3 Feb 2009 20:45:54 -0500 Subject: [nycphp-talk] One small redemption Message-ID: <20090204014553.ZADF8681.hrndva-omta05.mail.rr.com@DeJaVu> One small redeeming factor is firefox completely logs you out of digest with an incorrect password. I hope it flys in ajax. I can use clearauthenticationcache in IE and not worry about the bug. That leave safari which is supposed to log you out but doesn't seem to. Opera that doesn't seem to implement it. There's still a bug in IE. Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From bonsaime at gmail.com Tue Feb 3 22:25:14 2009 From: bonsaime at gmail.com (Jesse Callaway) Date: Tue, 3 Feb 2009 22:25:14 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <78c6bd860902031535k1dbccc12ha26b5dd992493cb@mail.gmail.com> References: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> <20090203222152.GA26602@panix.com> <20090203222608.GA10188@panix.com> <78c6bd860902031535k1dbccc12ha26b5dd992493cb@mail.gmail.com> Message-ID: On Tue, Feb 3, 2009 at 6:35 PM, Michael B Allen wrote: > On Tue, Feb 3, 2009 at 5:26 PM, Daniel Convissor > wrote: >> Hey Again Mike: >> >> On Tue, Feb 03, 2009 at 05:21:52PM -0500, Daniel Convissor wrote: >>> >>> On Tue, Feb 03, 2009 at 03:29:09PM -0500, Michael B Allen wrote: >>> > >>> > 3. PHP does not have garbage collection >>> >>> Yes it does. That's what the various gc_* php.ini settings are for: >>> http://php.net/session.configuration >> >> Doh! Those are for session garbage collection. None the less, PHP does >> have garbage collection. > > Not really. But it wouldn't be hard to split some hairs in this conversation. > > My understanding is that true "garbage collection" doesn't immediately > free objects when they fall out of scope or when they're set to nil > but rather maintains table references that can be used to periodically > figure out how to efficiently free things later. Usually there's a > background process that does this in a way that allows programs to > "run wild" but then free things when the CPU becomes idle or if free > memory runs low. > > I'm not an expert on this stuff so my description is probably > oversimplified but PHP does not do the above. It just frees everything > as soon as it's unset. Or maybe it waits to some degree but I don't > think there's a sophisticated algorithm behind it, it doesn't maintain > a separate table of allocations (the zvals and resources *are* the > allocation table) and it doesn't use a separate process to do any of > this. GC has never been a really high priority since PHP scripts are > usually fairly short lived. > > An important implication of this is that I would imagine if you tried > to write a long-lived PHP script that did a lot of work like a CLI > script run from cron, you'd find the script would behave poorly after > a while and may even just run out of memory entirely if you didn't > aggressively unset() things. With proper GC that would not happen. > > I have written PHP extensions and to do that you need to know how > things are allocated internally. There are two types of memory objects > - zvals and resources. The zvals are used to represent arrays, > objects, variable length data (strings), integers and doubles. Since > you can completely traverse a zval and all descendants, PHP can > automatically delete the entire tree when the root zval is unset(). > Resources are managed by extensions and have deconstructors that are > responsible for freeing all memory associated with them. These are > used for things like file handles, database connections, drawing > contexts and so on. If you unset a resource it fires the deconstructor > which must explicitily go through and free any memory that has been > allocated by the resource. > > My instinct is that PHP probably does delay deallocation of things > that are unset for a short time reasoning that the script will > probably complete by the time it needs to actually free things. But > that's pure speculation on my part. It just seems like a smart thing > to do. Then again, if you unset() something and then look at > memory_get_usage it shows the memory has been deallocated (although it > could just be lying or call the "collection" routine first). > > Again, I'm not an expert on this so I've probably trampled some truth > in a message this size. But I know for sure that it is not accurate to > say that "PHP uses garbage collection". > > Mike > > -- > Michael B Allen > Java Active Directory Integration > http://www.ioplex.com/ > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > Um did the baby get thrown out with the bathwater? I think a lot of people want to see this module go mainstream. -jesse From tgales at tgaconnect.com Tue Feb 3 22:53:48 2009 From: tgales at tgaconnect.com (Tim Gales) Date: Tue, 03 Feb 2009 22:53:48 -0500 Subject: [nycphp-talk] Mod_auth_digest/mysql works! In-Reply-To: <78c6bd860902031535k1dbccc12ha26b5dd992493cb@mail.gmail.com> References: <20090203184818.KFEP8681.hrndva-omta05.mail.rr.com@DeJaVu> <5458db3c0902031218we331fb1mfa838718101a08d7@mail.gmail.com> <78c6bd860902031229h12fd8680sf5d8e626f7c9bc29@mail.gmail.com> <20090203222152.GA26602@panix.com> <20090203222608.GA10188@panix.com> <78c6bd860902031535k1dbccc12ha26b5dd992493cb@mail.gmail.com> Message-ID: <4989114C.4050801@tgaconnect.com> Michael B Allen wrote: > On Tue, Feb 3, 2009 at 5:26 PM, Daniel Convissor > wrote: > >> Hey Again Mike: >> >> On Tue, Feb 03, 2009 at 05:21:52PM -0500, Daniel Convissor wrote: >> >>> On Tue, Feb 03, 2009 at 03:29:09PM -0500, Michael B Allen wrote: >>> >>>> 3. PHP does not have garbage collection >>>> >>> Yes it does. That's what the various gc_* php.ini settings are for: >>> http://php.net/session.configuration >>> >> Doh! Those are for session garbage collection. None the less, PHP does >> have garbage collection. >> > > Not really. But it wouldn't be hard to split some hairs in this conversation. > > My understanding is that true "garbage collection" doesn't immediately > free objects when they fall out of scope or when they're set to nil > but rather maintains table references that can be used to periodically > figure out how to efficiently free things later. Usually there's a > background process that does this in a way that allows programs to > "run wild" but then free things when the CPU becomes idle or if free > memory runs low. > > I'm not an expert on this stuff so my description is probably > oversimplified but PHP does not do the above. It just frees everything > as soon as it's unset. Or maybe it waits to some degree but I don't > think there's a sophisticated algorithm behind it, it doesn't maintain > a separate table of allocations (the zvals and resources *are* the > allocation table) and it doesn't use a separate process to do any of > this. GC has never been a really high priority since PHP scripts are > usually fairly short lived. > Here is an interesting article on memory management: http://www.webreference.com/programming/php_mem/index.html (it is excerpted from Sara Goleman's book 'Extending and Embedding PHP' ) Also zend_gc.h and zend_gc.c are of interest From ps at blu-studio.com Thu Feb 5 13:42:24 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Thu, 5 Feb 2009 13:42:24 -0500 Subject: [nycphp-talk] PHP Compared to Cold Fusion Message-ID: <006901c987c1$8085cca0$819165e0$@com> Good Day All: Can anyone in their long experience of coding in numerous languages enumerate some of the pros and cons of Cold Fusion (CF, CFML) especially when compared to PHP. My basic thoughts are that CF: 1) is more expensive to program ($$ per hr. pd. to programmer) 2) not as simply and totally extensible as PHP 3) expensive special server side software to invest in 4) CF hosting more expensive per mo. 5) almost no heavy usage sites use CF (i.e. CNN, Facebook, BBC) 6) more expensive to maintain, update or add on to code Anybody got other techie reasons why CF would pale compared to PHP say in raw speed, etc. Thanks in advance. Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From guilhermeblanco at gmail.com Thu Feb 5 13:52:26 2009 From: guilhermeblanco at gmail.com (Guilherme Blanco) Date: Thu, 5 Feb 2009 16:52:26 -0200 Subject: [nycphp-talk] PHP Compared to Cold Fusion In-Reply-To: <006901c987c1$8085cca0$819165e0$@com> References: <006901c987c1$8085cca0$819165e0$@com> Message-ID: I'm curious... Do anyone still code in CF? Like... company just starting... new application.... etc... I doubt that guy still exists on earth... =) Cheers, 2009/2/5 Peter Sawczynec : > Good Day All: > > Can anyone in their long experience of coding in numerous languages > enumerate some of the pros and cons of Cold Fusion (CF, CFML) especially > when compared to PHP. > > My basic thoughts are that CF: > 1) is more expensive to program ($$ per hr. pd. to programmer) > 2) not as simply and totally extensible as PHP > 3) expensive special server side software to invest in > 4) CF hosting more expensive per mo. > 5) almost no heavy usage sites use CF (i.e. CNN, Facebook, BBC) > 6) more expensive to maintain, update or add on to code > > Anybody got other techie reasons why CF would pale compared to PHP say > in raw speed, etc. > > Thanks in advance. > > Warmest regards, > > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php -- Guilherme Blanco - Web Developer CBC - Certified Bindows Consultant Cell Phone: +55 (16) 9215-8480 MSN: guilhermeblanco at hotmail.com URL: http://blog.bisna.com S?o Paulo - SP/Brazil From chsnyder at gmail.com Thu Feb 5 13:53:19 2009 From: chsnyder at gmail.com (csnyder) Date: Thu, 5 Feb 2009 13:53:19 -0500 Subject: [nycphp-talk] PHP Compared to Cold Fusion In-Reply-To: <006901c987c1$8085cca0$819165e0$@com> References: <006901c987c1$8085cca0$819165e0$@com> Message-ID: 2009/2/5 Peter Sawczynec : > Anybody got other techie reasons why CF would pale compared to PHP say > in raw speed, etc. > Raw speed, heh. The list of extensions, both integrated and pecl, puts PHP way out in front of CF in terms of versatility and functionality. From ben at projectskyline.com Thu Feb 5 14:01:33 2009 From: ben at projectskyline.com (Ben Sgro) Date: Thu, 05 Feb 2009 14:01:33 -0500 Subject: [nycphp-talk] PHP Compared to Cold Fusion In-Reply-To: References: <006901c987c1$8085cca0$819165e0$@com> Message-ID: <498B378D.4000402@projectskyline.com> Hey, We are moving away from CF. Finding talent is difficult, and what can be done in CF can be done CLEANER in a different languages. I'm speaking to the 2009/2/5 Peter Sawczynec : > > >> Anybody got other techie reasons why CF would pale compared to PHP say >> in raw speed, etc. >> >> > > Raw speed, heh. > > The list of extensions, both integrated and pecl, puts PHP way out in > front of CF in terms of versatility and functionality. > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > > From ps at blu-studio.com Thu Feb 5 14:14:11 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Thu, 5 Feb 2009 14:14:11 -0500 Subject: [nycphp-talk] PHP Compared to Cold Fusion In-Reply-To: <498B378D.4000402@projectskyline.com> References: <006901c987c1$8085cca0$819165e0$@com> <498B378D.4000402@projectskyline.com> Message-ID: <007901c987c5$edd02cc0$c9708640$@com> My first toe in of a sales pitch is already over. In this SW Florida area where I am there is a surprising amount of CFM in dynamic web sites. And, then a surprising amount of .NET. I have to tell you, the area is very uninformed about opensource. In my initial discussions with people regarding opensource (PHP) vs. CF and .NET they are even seemingly disbelieving that there could be anything as good and value intensive as opensource. That is why I am looking for quality corp. name users of PHP to put some indirect big third party endorsement behind my pitch. I don?t mind informing people about opensource, but I really did not want to appear some new fangled St. John preaching the near miraculous. But any further info on the downsides of CFM would still help me in the long run. Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Ben Sgro Sent: Thursday, February 05, 2009 2:02 PM To: NYPHP Talk Subject: Re: [nycphp-talk] PHP Compared to Cold Fusion Hey, We are moving away from CF. Finding talent is difficult, and what can be done in CF can be done CLEANER in a different languages. I'm speaking to the 2009/2/5 Peter Sawczynec : > > >> Anybody got other techie reasons why CF would pale compared to PHP say >> in raw speed, etc. >> >> > > Raw speed, heh. > > The list of extensions, both integrated and pecl, puts PHP way out in > front of CF in terms of versatility and functionality. > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > > _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From Ricky at nylontechnology.com Thu Feb 5 14:16:11 2009 From: Ricky at nylontechnology.com (Ricky Robinett) Date: Thu, 5 Feb 2009 14:16:11 -0500 Subject: [nycphp-talk] PHP Compared to Cold Fusion In-Reply-To: <006901c987c1$8085cca0$819165e0$@com> References: <006901c987c1$8085cca0$819165e0$@com> Message-ID: <86F397D96FD09B4792600C76E082F5B6A53DAD@RODIMUS.nylontechnology.local> Hey Peter, I'm prefacing this by saying I love PHP and it is my language of choice, but I also have extensive experience with ColdFusion and I don't feel like all your statements about it are completely accurate (also playing devil's advocate a bit :) ). 1) From my experience, ColdFusion development is typically faster than PHP development, so even though it costs more per hour it can end up being less hours of development time. In a similar way, someone who hires the cheapest PHP developer could end up spending more than hiring a more expensive PHP developer due to the speed and quality of work. 2) A lot of the selling point of CF is that you aren't meant to extend it. It should inherently have what you need already. Although this is not the case 100% of the time I think they do a pretty good job of offering a lot of things that you have to extend PHP for (CAPTCHA and PDF creation/manipulation are a couple that come to mind immediately). 3) Although ColdFusion costs to be on a server, it offers a lot of monitoring information. With ColdFusion Enterprise you can also restart separate server instances (thus not having to take all your sites down for server reboot). 4) True 5) A few high traffic sites (www.senate.gov, http://www.dsireusa.org/i, http://www.energystar.gov, http://www.economist.com, http://www.mayoclinic.com/). Also, MySpace was on CF for a while. 6) This is completely dependent on what your app does, I can think of many instances where CF updates and maintenance on a site are quicker and much less expensive. I can think of situations where PHP is quicker and less expensive. PHP definitely handles the huge loads better than ColdFusion, and it's something to consider when building an app but I also think it's important to give all languages a fair look. Thanks! Ricky ..................................... Ricky Robinett Developer Zend Certified Engineer, PHP5 Adobe Certified Expert, ColdFusion 8 Nylon Technology 350 7th Avenue, 10th Floor New York, NY 10001 ? 212.691.1134 x25?direct 212.691.3477 fax ricky at nylontechnology.com www.nylontechnology.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Peter Sawczynec Sent: Thursday, February 05, 2009 1:42 PM To: 'Org, Talk at Nyphp.' Subject: [nycphp-talk] PHP Compared to Cold Fusion Good Day All: Can anyone in their long experience of coding in numerous languages enumerate some of the pros and cons of Cold Fusion (CF, CFML) especially when compared to PHP. My basic thoughts are that CF: 1) is more expensive to program ($$ per hr. pd. to programmer) 2) not as simply and totally extensible as PHP 3) expensive special server side software to invest in 4) CF hosting more expensive per mo. 5) almost no heavy usage sites use CF (i.e. CNN, Facebook, BBC) 6) more expensive to maintain, update or add on to code Anybody got other techie reasons why CF would pale compared to PHP say in raw speed, etc. Thanks in advance. Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From ps at blu-studio.com Thu Feb 5 14:22:29 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Thu, 5 Feb 2009 14:22:29 -0500 Subject: [nycphp-talk] CFM Downsides from Wikipedia CFM Article Message-ID: <007a01c987c7$176386d0$462a9470$@com> Technical commentary IT commentators have offered various critiques of ColdFusion, discussing both the potential advantages and disadvantages of this technology relative to other alternatives. * Bootstrapping: ColdFusion is not a general purpose programming language. It cannot be used to create certain kinds of programs or software. For example, ColdFusion was written in Java and it would be impossible to write ColdFusion in ColdFusion itself (a technique known as Bootstrapping). Extending ColdFusion therefore frequently relies on also using other general purpose programming languages. * Cost: Adobe ColdFusion is expensive compared to some of its competitors, which are almost always free. Even Microsoft-based solutions such as ASP.NET are technically free if you own a PC or server running some version of Windows. For developers who do not wish to host their own site (and personally purchase ColdFusion Server), shared hosting accounts are readily available at comparable prices to PHP or ASP.NET hosting. Note, ColdFusion is free for Academic use. * Extensions: ColdFusion libraries and extensions are not always free, although there are sites dedicated to open-source ColdFusion code and several open-source frameworks have emerged in recent years in active development. ColdFusion can call Java libraries which alleviates this issue. * OOP: ColdFusion lacks advanced object-oriented features [6] such as providing little distinction between instance and class (virtual and static) properties and methods. ColdFusion doesn't offer constructor syntax per se, but rather forces an object factory pattern to return object instances. A common idiom is to use init to indicate a method which is the constructor for each component. Methods are implicitly virtual if they reference the THIS scope. There are several techniques available to provide mixin functionality. * Open Source: Some competing scripting languages such as PHP, Ruby, Perl and Python are open-source. Although the language of CFML itself is documented, Adobe ColdFusion's server code is not viewable or modifiable. However, SmithProject and the J2EE version of BlueDragon (OpenBD) are open-source CFML parsing engines. * Shared hosting: Certain features of ColdFusion such as event gateways, creation of datasources, caching settings and classpath additions are not readily configurable for usage in a shared hosting environment.[7] ColdFusion 7 introduced the Admin API which allows hosting providers to automate things such as datasource creation for their customers. * Scripting: CFScript is similar to but incompatible with the ECMAScript specification. ColdFusion does include some server-side Actionscript functionality, however ColdFusion's server-side Actionscript has significantly fewer features than CFML. Note: The release of CF 8 brought CFscript closer to ECMA by introducing == for equals, < for less than, and ++ etc. * Syntax: CFML syntax is very different from traditional programming languages, which use a C-style syntax, although this is a key reason for its success. Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From zippy1981 at gmail.com Thu Feb 5 14:33:00 2009 From: zippy1981 at gmail.com (Justin Dearing) Date: Thu, 5 Feb 2009 14:33:00 -0500 Subject: [nycphp-talk] PHP Compared to Cold Fusion In-Reply-To: <007901c987c5$edd02cc0$c9708640$@com> References: <006901c987c1$8085cca0$819165e0$@com> <498B378D.4000402@projectskyline.com> <007901c987c5$edd02cc0$c9708640$@com> Message-ID: <5458db3c0902051133j44aea133v6012a19660b2084c@mail.gmail.com> 2009/2/5 Peter Sawczynec > My first toe in of a sales pitch is already over. > > In this SW Florida area where I am there is a surprising amount of CFM > in dynamic web sites. And, then a surprising amount of .NET. Well I am working at my second primarily.NET shop that was originally a coldfusion shop. One went through a classic asp phase first though. So its not a surprising combinations of technologies to know as it seems to have been a standard progression. > I have to tell you, the area is very uninformed about opensource. In my > initial discussions with people regarding opensource (PHP) vs. CF and > .NET they are even seemingly disbelieving that there could be anything > as good and value intensive as opensource. Well how informed are you about .NET or even mono? Most people know a handful of technologies. I've done PHP, .NET, vb6 and dabbled in a few other languages. I've made minor edits to CF pages and I assume I'm grossly uninformed about it. I know a former foxpro programmer that could convince you it was one of the greatest development environments ever. Had I not known him I would never believe foxpro was a "real" programming tool. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Thu Feb 5 14:35:04 2009 From: lists at zaunere.com (Hans Zaunere) Date: Thu, 5 Feb 2009 14:35:04 -0500 Subject: [nycphp-talk] TestFest and PHP QA at NYPHP Message-ID: <034a01c987c8$d84fd7d0$88ef8770$@com> All, We're considering working with the PHP QA group and supporting a Test Fest event, both in the virtual world, and the real-world of NYC. Here are overviews: http://qa.php.net/testfest.php - the What http://wiki.php.net/qa/testfest - the How Getting involved with this would greatly benefit PHP itself, as well as hone your own skills working in a QA testing environment (it's great for a resume). At this point, I'm interested in: -- hearing general thoughts on this type of thing and how it could come together in NYC -- how many people would be interested in doing the testing? -- how many people would be interested in helping to organize? Let's discuss on this list to get public feedback, or feel free to contact me off-list if you'd like to chat directly. Best, --- Hans Zaunere / Managing Member / New York PHP www.nyphp.org / www.nyphp.com From brian at realm3.com Thu Feb 5 15:26:04 2009 From: brian at realm3.com (Brian Dailey) Date: Thu, 05 Feb 2009 15:26:04 -0500 Subject: [nycphp-talk] PHP Compared to Cold Fusion In-Reply-To: References: <006901c987c1$8085cca0$819165e0$@com> Message-ID: <498B4B5C.9040805@realm3.com> I know a guy that's managing a company running on CF and he very much wishes that he had gone with PHP or even Python. The availability of developers to work with CF is much more limited. -b. csnyder wrote: > 2009/2/5 Peter Sawczynec : > >> Anybody got other techie reasons why CF would pale compared to PHP say >> in raw speed, etc. >> > > Raw speed, heh. > > The list of extensions, both integrated and pecl, puts PHP way out in > front of CF in terms of versatility and functionality. > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php -- realm3 web applications [realm3.com] Information architecture, application development. phone: (917) 512-3594 fax: (440) 744-3559 From mmwaldman at nyc.rr.com Thu Feb 5 17:39:25 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Thu, 5 Feb 2009 17:39:25 -0500 Subject: [nycphp-talk] mod_auth_digest/mysql Message-ID: <20090205223923.YEMO9192.hrndva-smta02.mail.rr.com@DeJaVu> Guys, The site's going live around 8p.m. using the variation of mod_auth_digest authenticating against mysql, that I wrote/modified, today. Pretty exciting. I didn't disturb its general behavior. It still behaves like mod_auth_digest. And the browsers, well, they still behave like they do too. I'm only using IE and FF for account access. You can still view the public pages on the other browsers. I sent an email to Opera and I'm sending one to Safari. Opera doesn't log in with ajax and Safari doesn't log out. Anyway, no one ever answered my question. Am I the first to write mod_auth_mysql/digest? In a couple of weeks after my vacation, I'm going to play around with it some more. Getting the password from httpd.conf was an issue. I wanted it working, so I temporarily cut my loses. I have one pressing htaccess issue. I'm thinking about joining webmasterworld.com. Anyone have a subscription? Should I pay to use the forum? I'm thinking about hacking httpd again. They have rewritemod -f, is file, -d is directory, but not -n, variable does not exist. I'm thinking about adding it. It looks like a variable not existing always evaluates to true, so using REMOTE_USER is a problem to test if the user is logged in. Unfortunately, even after logout the authorization contain the realm on backpage. I couldn't find away for REMOTE_USER to be always defined even if no one is logged in. I think it would be nice like Apache addition. Shouldn't be too hard to implement. Check for the flag, see if the variable exists, return true or false. It will work nicely with mod_auth_digest. Keep those pesky login dialogs from popping up on backpage, hopefully. I want to implement this little tidbit: RewriteEngine On RewriteCond %{REMOTE_USER} -n RewriteRule ^.*$ http://domain/path/logged_out.html [R] This doesn't work when remote_user is not defined. It seems to always evaluate to true: RewriteEngine On RewriteCond %{REMOTE_USER} !="" RewriteRule ^.*$ - [S=1] RewriteRule ^.*$ http:// domain/path/logged_out.html [R] You put the actual logging authtype stuff below this segment. Once I get it tight and the browsers get on board. Some folks doing smaller sized websites may want to check it out. Ajax is not necessary. One guy said it isn't good for login in case if craps out, but it's over a ssl, so I'm not that worried. Should I be? Plus, I put too much freaking work into the ajax implementation to turn back now. The reason I went mod_auth_digest was cause totally hinging on cookies for account security was freaking me out and I was doing that with mod_auth_basic. I use php for security mostly outside the account, but very little inside. I know more misinformation and a whole lot of vagueness. I'm going to turn my websites into Fort Knox, if it kills me. Michele -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Thu Feb 5 17:46:45 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Thu, 5 Feb 2009 17:46:45 -0500 Subject: [nycphp-talk] In hind sight Message-ID: <20090205224643.VRTZ4991.hrndva-smta01.mail.rr.com@DeJaVu> In hind sight, I could have used mod_auth_mysql just as well as mod_auth_digest/mysql using htaccess the way I do now. Duh! But, it's considered more secure. So, no loss. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at blu-studio.com Thu Feb 5 18:13:24 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Thu, 5 Feb 2009 18:13:24 -0500 Subject: [nycphp-talk] In hind sight In-Reply-To: <20090205224643.VRTZ4991.hrndva-smta01.mail.rr.com@DeJaVu> References: <20090205224643.VRTZ4991.hrndva-smta01.mail.rr.com@DeJaVu> Message-ID: <009301c987e7$58caf160$0a60d420$@com> Sigh. Warmest regards, Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michele Waldman Sent: Thursday, February 05, 2009 5:47 PM To: 'NYPHP Talk' Subject: [nycphp-talk] In hind sight In hind sight, I could have used mod_auth_mysql just as well as mod_auth_digest/mysql using htaccess the way I do now. Duh! But, it?s considered more secure. So, no loss. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmpvar at gmail.com Fri Feb 6 00:12:58 2009 From: tmpvar at gmail.com (Elijah Insua) Date: Fri, 6 Feb 2009 00:12:58 -0500 Subject: [nycphp-talk] In hind sight In-Reply-To: <009301c987e7$58caf160$0a60d420$@com> References: <20090205224643.VRTZ4991.hrndva-smta01.mail.rr.com@DeJaVu> <009301c987e7$58caf160$0a60d420$@com> Message-ID: <2b4feca10902052112m5e5355d0g71065526025fb7c7@mail.gmail.com> Michele, just as a suggestion for the future.. could you keep all of these in the same thread? Thanks, -- Elijah 2009/2/5 Peter Sawczynec > Sigh. > > > > Warmest regards, > > > > Peter Sawczynec > > Technology Dir. > > bl?studio > > 941.893.0396 > > ps at blu-studio.com > > www.blu-studio.com > > > > > > *From:* talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > *On Behalf Of *Michele Waldman > *Sent:* Thursday, February 05, 2009 5:47 PM > *To:* 'NYPHP Talk' > *Subject:* [nycphp-talk] In hind sight > > > > In hind sight, I could have used mod_auth_mysql just as well as > mod_auth_digest/mysql using htaccess the way I do now. > > > > Duh! But, it's considered more secure. So, no loss. > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Fri Feb 6 08:42:14 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Fri, 6 Feb 2009 08:42:14 -0500 Subject: [nycphp-talk] In hind sight In-Reply-To: <2b4feca10902052112m5e5355d0g71065526025fb7c7@mail.gmail.com> Message-ID: <20090206134212.BNDK9192.hrndva-smta02.mail.rr.com@DeJaVu> Sure thing. My hind sight was wrong. I definitely needed this implementation. I can?t log out in ajax with basic. I always second guess myself. Keeps me in check. Good news for you guys. I?m taking vacation to recuperate from the 15-18 hour days I?ve been working on and off over the last 2 ? months. I should be posting for at least a month. _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Elijah Insua Sent: Friday, February 06, 2009 12:13 AM To: NYPHP Talk Subject: Re: [nycphp-talk] In hind sight Michele, just as a suggestion for the future.. could you keep all of these in the same thread? Thanks, -- Elijah 2009/2/5 Peter Sawczynec Sigh. Warmest regards, Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michele Waldman Sent: Thursday, February 05, 2009 5:47 PM To: 'NYPHP Talk' Subject: [nycphp-talk] In hind sight In hind sight, I could have used mod_auth_mysql just as well as mod_auth_digest/mysql using htaccess the way I do now. Duh! But, it's considered more secure. So, no loss. _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From ashaw at polymerdb.org Fri Feb 6 18:53:52 2009 From: ashaw at polymerdb.org (Allen Shaw) Date: Fri, 06 Feb 2009 17:53:52 -0600 Subject: [nycphp-talk] [OT] blacklist monitor recommendations? Message-ID: <498CCD90.1040406@polymerdb.org> We're seriously considering bringing our mass email communications in-house for various reasons and want to stay on top of any spam reports against us. Can anyone recommend an email blacklist monitoring service you've had good results with? Thanks, Allen -- Allen Shaw slidePresenter (http://slides.sourceforge.net) From mmwaldman at nyc.rr.com Fri Feb 6 19:21:24 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Fri, 6 Feb 2009 19:21:24 -0500 Subject: [nycphp-talk] In hind sight In-Reply-To: <20090206134212.BNDK9192.hrndva-smta02.mail.rr.com@DeJaVu> Message-ID: <20090207002120.GWXD9192.hrndva-smta02.mail.rr.com@DeJaVu> BTW: Guys, I?m drinking now. Final post before taking vacation. Yeahhhhhh! My first major website. I did a Zencart before, but never homespun like this. I, typically, modify E. Indian made websites. My implementation is a spin on: http://www.berenddeboer.net/rest/authentication.html There?s a Opera and Safari kink to iron out. So, they are not working. Because I can?t use this implementation without validating the account before login in with ajax, I use php session variables for security outside the account. It validates the user has correctly answered captchas and security question and validates the security question id is correct before responding the login information is valid. I use this on all pages trying to login or send email to reduce the chances of robots getting anywhere. However, once inside I only use that approach when modifying the user?s info. The rest depends entirely on mod_auth_digest/mysql, my version. That means I don?t have to modify every single php file with authentication checks. I hooked up with a guy on the apache mailing list that gave me the final piece of the puzzle to prevent login dialog popups. I know I followed a lot of wrong tangents at points and people may think I?m lost, but it?s tight now. If you don?t have one million hits a day, once opera and safari get on board, I welcome you to check it out. Yeaaaaaaaaahhhhhhhhhhhhhhhh! I?m done!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Going live!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Michele _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michele Waldman Sent: Friday, February 06, 2009 8:42 AM To: 'NYPHP Talk' Subject: Re: [nycphp-talk] In hind sight Sure thing. My hind sight was wrong. I definitely needed this implementation. I can?t log out in ajax with basic. I always second guess myself. Keeps me in check. Good news for you guys. I?m taking vacation to recuperate from the 15-18 hour days I?ve been working on and off over the last 2 ? months. I should be posting for at least a month. _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Elijah Insua Sent: Friday, February 06, 2009 12:13 AM To: NYPHP Talk Subject: Re: [nycphp-talk] In hind sight Michele, just as a suggestion for the future.. could you keep all of these in the same thread? Thanks, -- Elijah 2009/2/5 Peter Sawczynec Sigh. Warmest regards, Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michele Waldman Sent: Thursday, February 05, 2009 5:47 PM To: 'NYPHP Talk' Subject: [nycphp-talk] In hind sight In hind sight, I could have used mod_auth_mysql just as well as mod_auth_digest/mysql using htaccess the way I do now. Duh! But, it's considered more secure. So, no loss. _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmwaldman at nyc.rr.com Fri Feb 6 19:24:11 2009 From: mmwaldman at nyc.rr.com (Michele Waldman) Date: Fri, 6 Feb 2009 19:24:11 -0500 Subject: [nycphp-talk] In hind sight In-Reply-To: <20090206134212.BNDK9192.hrndva-smta02.mail.rr.com@DeJaVu> Message-ID: <20090207002407.GXHR9192.hrndva-smta02.mail.rr.com@DeJaVu> Bring on McAfee. Michele _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michele Waldman Sent: Friday, February 06, 2009 8:42 AM To: 'NYPHP Talk' Subject: Re: [nycphp-talk] In hind sight Sure thing. My hind sight was wrong. I definitely needed this implementation. I can?t log out in ajax with basic. I always second guess myself. Keeps me in check. Good news for you guys. I?m taking vacation to recuperate from the 15-18 hour days I?ve been working on and off over the last 2 ? months. I should be posting for at least a month. _____ From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Elijah Insua Sent: Friday, February 06, 2009 12:13 AM To: NYPHP Talk Subject: Re: [nycphp-talk] In hind sight Michele, just as a suggestion for the future.. could you keep all of these in the same thread? Thanks, -- Elijah 2009/2/5 Peter Sawczynec Sigh. Warmest regards, Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michele Waldman Sent: Thursday, February 05, 2009 5:47 PM To: 'NYPHP Talk' Subject: [nycphp-talk] In hind sight In hind sight, I could have used mod_auth_mysql just as well as mod_auth_digest/mysql using htaccess the way I do now. Duh! But, it's considered more secure. So, no loss. _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolan at omnistep.com Fri Feb 6 19:29:58 2009 From: rolan at omnistep.com (Rolan Yang) Date: Fri, 06 Feb 2009 19:29:58 -0500 Subject: [nycphp-talk] [OT] blacklist monitor recommendations? In-Reply-To: <498CCD90.1040406@polymerdb.org> References: <498CCD90.1040406@polymerdb.org> Message-ID: <498CD606.7000102@omnistep.com> Allen Shaw wrote: > We're seriously considering bringing our mass email communications > in-house for various reasons and want to stay on top of any spam > reports against us. > Can anyone recommend an email blacklist monitoring service you've had > good results with? > > Thanks, > Allen > Search for "rbl lookup". There are a number of web utilities to check your ip's. They're all pretty good. If you are running your own mail servers, you will know pretty quickly if you are blacklisted by monitoring the queue and seeing the emails back up. To prevent that, I would recommend pro actively submitting whitelist requests for your ip range(s) to the big hosts like aol, yahoo, etc. Unfortunately, some providers (ahem.. COMCAST).. are less responsive to your requests and there isn't much that can be done about it. If you are serious about reliable mass email, then you'll want to set up mail relays at a number of different hosts around the internet so that if and when your server does get blacklisted, you can route the rest of your mail through a clean relay. From ka at kacomputerconsulting.com Fri Feb 6 20:43:11 2009 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Fri, 6 Feb 2009 17:43:11 -0800 Subject: [nycphp-talk] In hind sight Message-ID: <1233970991.28092@coral.he.net> Michele, Congrats!!! Enjoy the party:-). You earned it. Kristina > This is a multi-part message in MIME format. > > > BTW: > > > > Guys, > > > > I?m drinking now. Final post before taking vacation. Yeahhhhhh! My first > major website. I did a Zencart before, but never homespun like this. I, > typically, modify E. Indian made websites. > > > > My implementation is a spin on: > > http://www.berenddeboer.net/rest/authentication.html > > > > There?s a Opera and Safari kink to iron out. So, they are not working. > > > > Because I can?t use this implementation without validating the account > before login in with ajax, I use php session variables for security outside > the account. It validates the user has correctly answered captchas and > security question and validates the security question id is correct before > responding the login information is valid. I use this on all pages trying > to login or send email to reduce the chances of robots getting anywhere. > > > > However, once inside I only use that approach when modifying the user?s > info. The rest depends entirely on mod_auth_digest/mysql, my version. That > means I don?t have to modify every single php file with authentication > checks. > > > > I hooked up with a guy on the apache mailing list that gave me the final > piece of the puzzle to prevent login dialog popups. > > > > I know I followed a lot of wrong tangents at points and people may think I?m > lost, but it?s tight now. > > > > If you don?t have one million hits a day, once opera and safari get on > board, I welcome you to check it out. > > > > Yeaaaaaaaaahhhhhhhhhhhhhhhh! I?m done!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Going > live!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > > > > Michele > > > > > > _____ > > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Michele Waldman > Sent: Friday, February 06, 2009 8:42 AM > To: 'NYPHP Talk' > Subject: Re: [nycphp-talk] In hind sight > > > > Sure thing. My hind sight was wrong. I definitely needed this > implementation. I can?t log out in ajax with basic. I always second guess > myself. Keeps me in check. > > > > Good news for you guys. I?m taking vacation to recuperate from the 15-18 > hour days I?ve been working on and off over the last 2 ? months. I should > be posting for at least a month. > > > > _____ > > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Elijah Insua > Sent: Friday, February 06, 2009 12:13 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] In hind sight > > > > Michele, > > just as a suggestion for the future.. could you keep all of these in the > same thread? > > Thanks, > > -- Elijah > > 2009/2/5 Peter Sawczynec > > Sigh. > > > > Warmest regards, > > > > Peter Sawczynec > > Technology Dir. > > bl?studio > > 941.893.0396 > > ps at blu-studio.com > > www.blu-studio.com > > > > > > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Michele Waldman > Sent: Thursday, February 05, 2009 5:47 PM > To: 'NYPHP Talk' > Subject: [nycphp-talk] In hind sight > > > > In hind sight, I could have used mod_auth_mysql just as well as > mod_auth_digest/mysql using htaccess the way I do now. > > > > Duh! But, it's considered more secure. So, no loss. > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > > > > > ------------------- Kristina D. H. Anderson PHP Application Developer "Building a Better Tomorrow, One Line of Code at a Time" 347 254 2810 From ka at kacomputerconsulting.com Fri Feb 6 20:43:11 2009 From: ka at kacomputerconsulting.com (Kristina Anderson) Date: Fri, 6 Feb 2009 17:43:11 -0800 Subject: [nycphp-talk] In hind sight Message-ID: <1233970991.28092@coral.he.net> Michele, Congrats!!! Enjoy the party:-). You earned it. Kristina > This is a multi-part message in MIME format. > > > BTW: > > > > Guys, > > > > I?m drinking now. Final post before taking vacation. Yeahhhhhh! My first > major website. I did a Zencart before, but never homespun like this. I, > typically, modify E. Indian made websites. > > > > My implementation is a spin on: > > http://www.berenddeboer.net/rest/authentication.html > > > > There?s a Opera and Safari kink to iron out. So, they are not working. > > > > Because I can?t use this implementation without validating the account > before login in with ajax, I use php session variables for security outside > the account. It validates the user has correctly answered captchas and > security question and validates the security question id is correct before > responding the login information is valid. I use this on all pages trying > to login or send email to reduce the chances of robots getting anywhere. > > > > However, once inside I only use that approach when modifying the user?s > info. The rest depends entirely on mod_auth_digest/mysql, my version. That > means I don?t have to modify every single php file with authentication > checks. > > > > I hooked up with a guy on the apache mailing list that gave me the final > piece of the puzzle to prevent login dialog popups. > > > > I know I followed a lot of wrong tangents at points and people may think I?m > lost, but it?s tight now. > > > > If you don?t have one million hits a day, once opera and safari get on > board, I welcome you to check it out. > > > > Yeaaaaaaaaahhhhhhhhhhhhhhhh! I?m done!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Going > live!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > > > > Michele > > > > > > _____ > > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Michele Waldman > Sent: Friday, February 06, 2009 8:42 AM > To: 'NYPHP Talk' > Subject: Re: [nycphp-talk] In hind sight > > > > Sure thing. My hind sight was wrong. I definitely needed this > implementation. I can?t log out in ajax with basic. I always second guess > myself. Keeps me in check. > > > > Good news for you guys. I?m taking vacation to recuperate from the 15-18 > hour days I?ve been working on and off over the last 2 ? months. I should > be posting for at least a month. > > > > _____ > > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Elijah Insua > Sent: Friday, February 06, 2009 12:13 AM > To: NYPHP Talk > Subject: Re: [nycphp-talk] In hind sight > > > > Michele, > > just as a suggestion for the future.. could you keep all of these in the > same thread? > > Thanks, > > -- Elijah > > 2009/2/5 Peter Sawczynec > > Sigh. > > > > Warmest regards, > > > > Peter Sawczynec > > Technology Dir. > > bl?studio > > 941.893.0396 > > ps at blu-studio.com > > www.blu-studio.com > > > > > > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On > Behalf Of Michele Waldman > Sent: Thursday, February 05, 2009 5:47 PM > To: 'NYPHP Talk' > Subject: [nycphp-talk] In hind sight > > > > In hind sight, I could have used mod_auth_mysql just as well as > mod_auth_digest/mysql using htaccess the way I do now. > > > > Duh! But, it's considered more secure. So, no loss. > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > > > > > ------------------- Kristina D. H. Anderson PHP Application Developer "Building a Better Tomorrow, One Line of Code at a Time" 347 254 2810 From ajai at bitblit.net Fri Feb 6 22:43:18 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Fri, 6 Feb 2009 22:43:18 -0500 (EST) Subject: [nycphp-talk] PHP Compared to Cold Fusion In-Reply-To: <86F397D96FD09B4792600C76E082F5B6A53DAD@RODIMUS.nylontechnology.local> Message-ID: On Thu, 5 Feb 2009, Ricky Robinett wrote: > 1) From my experience, ColdFusion development is typically faster than > PHP development, so even though it costs more per hour it can end up > being less hours of development time. In a similar way, someone who > hires the cheapest PHP developer could end up spending more than hiring > a more expensive PHP developer due to the speed and quality of work. That's probably true of many programming languages. However, I think you'd have a bigger pool to select good PHP programmers from than the pool for CF. > 2) A lot of the selling point of CF is that you aren't meant to extend > it. It should inherently have what you need already. Although this is > not the case 100% of the time I think they do a pretty good job of > offering a lot of things that you have to extend PHP for (CAPTCHA and > PDF creation/manipulation are a couple that come to mind immediately). To be fair, I see CF as similar to a framework. After all, its written in Java right? > 5) A few high traffic sites (www.senate.gov, http://www.dsireusa.org/i, > http://www.energystar.gov, http://www.economist.com, > http://www.mayoclinic.com/). Also, MySpace was on CF for a while. The fact that MySpace moved away from CF speaks volumes. > PHP definitely handles the huge loads better than ColdFusion, and it's > something to consider when building an app but I also think it's > important to give all languages a fair look. -- Aj. From ramons at gmx.net Sat Feb 7 22:23:54 2009 From: ramons at gmx.net (David Krings) Date: Sat, 07 Feb 2009 22:23:54 -0500 Subject: [nycphp-talk] Link to PHP article in InformationWeek Message-ID: <498E504A.8080500@gmx.net> Hi! Came across this article in InformationWeek. It is about IBM and Zend porting PHP to IBM's System i hardware aimed at small business and Fortune 500 (which means mom & pop shops and huge corporations?? Doesn't make sense to me, but maybe I misunderstand). Seems as if PHP will give Java some competition. Interesting read...and apologies if this is old news to you. http://www.informationweek.com/news/software/soa/showArticle.jhtml?articleID=213201961&cid=nl_IWK_daily_H David From brianw1975 at gmail.com Sat Feb 7 22:40:33 2009 From: brianw1975 at gmail.com (Brian Williams) Date: Sat, 7 Feb 2009 22:40:33 -0500 Subject: [nycphp-talk] Link to PHP article in InformationWeek In-Reply-To: <498E504A.8080500@gmx.net> References: <498E504A.8080500@gmx.net> Message-ID: I don't know if you've ever worked with an AS/400 (I did in some college classes back in 98 - 00 with COBOL and RPG) it's very powerful and in use by a LOT of government/industrial companies -- as the article states. The Series i replaces the AS/400 (side-note:Zend has offered Series i downloads for a while now, at least for its IDE) and at the risk of sounding like a little fanboy... this is fantastic news for PHP and PHP programmers over all. People with COBOL/RPG and PHP experience will be able to pull in a *nice*paycheck converting programs or building web-based front-ends to interface with those programs. better start exercising program logic muscles again... On Sat, Feb 7, 2009 at 10:23 PM, David Krings wrote: > Hi! > > Came across this article in InformationWeek. It is about IBM and Zend > porting PHP to IBM's System i hardware aimed at small business and Fortune > 500 (which means mom & pop shops and huge corporations?? Doesn't make sense > to me, but maybe I misunderstand). Seems as if PHP will give Java some > competition. Interesting read...and apologies if this is old news to you. > > > http://www.informationweek.com/news/software/soa/showArticle.jhtml?articleID=213201961&cid=nl_IWK_daily_H > > > David > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From corey at gelform.com Sun Feb 8 07:53:58 2009 From: corey at gelform.com (Corey H Maass - gelform.com) Date: Sun, 08 Feb 2009 07:53:58 -0500 Subject: [nycphp-talk] Zend expert needed Message-ID: <1234097638.17479.1299168597@webmail.messagingengine.com> Hey, folks. I've build a web app in Zend but it could use an expert's eye, especially when it comes to optimization. Please contact me off list if yre a Zend expert and interested in a fun project (nights and weekends is fine). Please include rates and availability. Thanks, Corey // Corey H Maass Gelform Design Brooklyn, NY Web design and development for art and business em corey at gelform.com ww http://www.gelform.com ph 646/228.5048 fx 866/502.4861 IM gelform From lists at zaunere.com Sun Feb 8 11:50:45 2009 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 8 Feb 2009 11:50:45 -0500 Subject: [nycphp-talk] TestFest and PHP QA at NYPHP In-Reply-To: <034a01c987c8$d84fd7d0$88ef8770$@com> References: <034a01c987c8$d84fd7d0$88ef8770$@com> Message-ID: <006101c98a0d$633c1660$29b44320$@com> Hi - no takers on this, folks? H > Subject: [nycphp-talk] TestFest and PHP QA at NYPHP > > All, > > We're considering working with the PHP QA group and supporting a Test > Fest > event, both in the virtual world, and the real-world of NYC. > > Here are overviews: > > http://qa.php.net/testfest.php - the What > http://wiki.php.net/qa/testfest - the How > > Getting involved with this would greatly benefit PHP itself, as well as > hone > your own skills working in a QA testing environment (it's great for a > resume). > > At this point, I'm interested in: > > -- hearing general thoughts on this type of thing and how it could come > together in NYC > > -- how many people would be interested in doing the testing? > > -- how many people would be interested in helping to organize? > > Let's discuss on this list to get public feedback, or feel free to > contact > me off-list if you'd like to chat directly. > > Best, > > --- > Hans Zaunere / Managing Member / New York PHP > www.nyphp.org / www.nyphp.com > > > > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From ramons at gmx.net Sun Feb 8 12:23:39 2009 From: ramons at gmx.net (David Krings) Date: Sun, 08 Feb 2009 12:23:39 -0500 Subject: [nycphp-talk] TestFest and PHP QA at NYPHP In-Reply-To: <006101c98a0d$633c1660$29b44320$@com> References: <034a01c987c8$d84fd7d0$88ef8770$@com> <006101c98a0d$633c1660$29b44320$@com> Message-ID: <498F151B.5070601@gmx.net> Hans Zaunere wrote: > Hi - no takers on this, folks? Hi! Since I am a QA professional I am interested in it, but being in Sc'dy and the event taking place in NYC distance comes in the way. Besides that, we are short before a release at work and I currently are over my head in system tests while spending my sparse amounts of time at home on a book translation that was planned to be done by the end of last December. So time comes in the way as well at least for assisting in organizing it. Attending is a different issue, but that is influenced by date and time of the event as well as personal funding (NYC isn't a half hour drive and if it is in Manhattan, Brooklyn, or Queens I won't drive my car there). In my case it is the same reasons why I only appear on this mailing list and don't attend the UG meetings, but in neither case it is because of desinterest. David From danielc at analysisandsolutions.com Sun Feb 8 19:18:29 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Sun, 8 Feb 2009 19:18:29 -0500 Subject: [nycphp-talk] TestFest and PHP QA at NYPHP In-Reply-To: <034a01c987c8$d84fd7d0$88ef8770$@com> References: <034a01c987c8$d84fd7d0$88ef8770$@com> Message-ID: <20090209001829.GA24651@panix.com> Hi Hans: This could be a fun event. $community = $people + $food + $beer; $better_php = $tests = $computers + $community; I saw the posting on internals and was interested in helping organize a local event. Glad others are thinking similarly. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From christinak at wll.com Mon Feb 9 19:32:46 2009 From: christinak at wll.com (Christina Karlhoff) Date: Mon, 9 Feb 2009 19:32:46 -0500 Subject: [nycphp-talk] lost sessions on redirect Message-ID: About a year ago NYPHP created a captcha form for our website. The html has undergone quite a few changes. Unfortunately in that process we've lost some function...when a user submits the form, forgetting a required field, the session is lost; on the redirect the data that was input by the user is gone. Needing some guidance as to how to fix this. Help please? thanks! Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.southwell at nyphp.com Mon Feb 9 20:02:05 2009 From: michael.southwell at nyphp.com (Michael Southwell) Date: Mon, 09 Feb 2009 20:02:05 -0500 Subject: [nycphp-talk] lost sessions on redirect In-Reply-To: References: Message-ID: <4990D20D.7010405@nyphp.com> Christina Karlhoff wrote: > About a year ago NYPHP created a captcha form for our website. The html > has undergone quite a few changes. Unfortunately in that process we've > lost some function...when a user submits the form, forgetting a required > field, the session is lost; on the redirect the data that was input by > the user is gone. Needing some guidance as to how to fix this. Help > please? Carry the session id along as a get variable in the redirect, something like this: header( 'Location: somewhere.php?PHPSESSID=' . session_id() ); -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From danielc at analysisandsolutions.com Mon Feb 9 20:16:24 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 9 Feb 2009 20:16:24 -0500 Subject: [nycphp-talk] lost sessions on redirect In-Reply-To: References: Message-ID: <20090210011624.GA2237@panix.com> Hi Chris: On Mon, Feb 09, 2009 at 07:32:46PM -0500, Christina Karlhoff wrote: > when a user submits the form, forgetting a required > field, the session is lost; on the redirect the data that was input by > the user is gone. You are talking about two potential situations. 1) The session isn't being maintained between pages. 2) The posted data isn't passed along on the redirect. The first issue can be due to one or more scripts missing the session_start() call at the top. Or there is other output before the session_start() call so the session cookie isn't being set properly (you may be not seeing the error message because you have display_errors off, so look at your error_log. The second issue is expected. The HTTP POST goes to the initial page. When you're redirecting to another page, that's a whole new GET request unrelated to the initial POST request. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From shiflett at php.net Mon Feb 9 20:43:17 2009 From: shiflett at php.net (Chris Shiflett) Date: Mon, 9 Feb 2009 20:43:17 -0500 Subject: [nycphp-talk] lost sessions on redirect In-Reply-To: <4990D20D.7010405@nyphp.com> References: <4990D20D.7010405@nyphp.com> Message-ID: <60B906BB-15CC-41DA-A363-2EFE952A4214@php.net> On Feb 9, 2009, at 20:02, Michael Southwell wrote: > Christina Karlhoff wrote: >> About a year ago NYPHP created a captcha form for our website. The >> html has undergone quite a few changes. Unfortunately in that >> process we've lost some function...when a user submits the form, >> forgetting a required field, the session is lost; on the redirect >> the data that was input by the user is gone. Needing some guidance >> as to how to fix this. Help please? > > Carry the session id along as a get variable in the redirect, > something like this: > header( 'Location: somewhere.php?PHPSESSID=' . session_id() ); Probably best to determine the problem first. The Location header requires an absolute URL, and the way you've just used it results in a lost session on some older versions of IE. (IE correctly determines the host for the request, but it fails to include cookies for that host.) So, passing along the session identifier in the URL can correct this problem, but it's a poor solution. Christina, do you have LiveHTTPHeaders for Firefox or something like it? If we could see the HTTP transaction in question, I'm sure the problem will reveal itself. Chris -- Chris Shiflett http://shiflett.org/ From christinak at wll.com Mon Feb 9 21:31:43 2009 From: christinak at wll.com (Christina Karlhoff) Date: Mon, 9 Feb 2009 21:31:43 -0500 Subject: [nycphp-talk] lost sessions on redirect Message-ID: Hi Chris, used livehttpheader and captured the following http headers: http://www.wll.com/quote.php POST /quote.php HTTP/1.1 Host: www.wll.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.wll.com/quote.php Cookie: PHPSESSID=5257a97a577ea059bb286491a368c8d8 Content-Type: application/x-www-form-urlencoded Content-Length: 565 print_blank_fields=1&Salutation=None&Contact_Name=&CompanyName=&AddressL ine1=&AddressLine2=&City=&State=&Zip+Code=&Country=&Phone=&CellPhone=&Fa x=&CustomerEmail=&CompanyWebsite=&HowManySamplesAvailable=&AnyExistingCe rtification=&NameOfDevice=&VariationsInTheProduct=&HowManyIOCables=&Dime nsionsSizeAndSetup=test&TransmitterReceiver%5B%5D=Transmitter&WhoIsTheUs erOfEquipment=test&FCCICApproval=yes&MILSTDApproval=yes&ApprovalTypes=&T argetCountries%5B%5D=USA&CommentsDescription=test&__ec_i=ec.1234232363.d a9330995e5da194592cd2b63ff86d92&__ec_s=cl8xx&SUBMIT=Send+Form HTTP/1.x 302 Found Date: Tue, 10 Feb 2009 02:22:19 GMT Server: Apache/2.0.52 (CentOS) X-Powered-By: PHP/4.3.9 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: form=a%3A31%3A%7Bs%3A18%3A%22print_blank_fields%22%3Bs%3A1%3A%221%22%3Bs %3A10%3A%22Salutation%22%3Bs%3A4%3A%22None%22%3Bs%3A12%3A%22Contact_Name %22%3Bs%3A0%3A%22%22%3Bs%3A11%3A%22CompanyName%22%3Bs%3A0%3A%22%22%3Bs%3 A12%3A%22AddressLine1%22%3Bs%3A0%3A%22%22%3Bs%3A12%3A%22AddressLine2%22% 3Bs%3A0%3A%22%22%3Bs%3A4%3A%22City%22%3Bs%3A0%3A%22%22%3Bs%3A5%3A%22Stat e%22%3Bs%3A0%3A%22%22%3Bs%3A8%3A%22Zip_Code%22%3Bs%3A0%3A%22%22%3Bs%3A7% 3A%22Country%22%3Bs%3A0%3A%22%22%3Bs%3A5%3A%22Phone%22%3Bs%3A0%3A%22%22% 3Bs%3A9%3A%22CellPhone%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22Fax%22%3Bs%3A0%3 A%22%22%3Bs%3A13%3A%22CustomerEmail%22%3Bs%3A0%3A%22%22%3Bs%3A14%3A%22Co mpanyWebsite%22%3Bs%3A0%3A%22%22%3Bs%3A23%3A%22HowManySamplesAvailable%2 2%3Bs%3A0%3A%22%22%3Bs%3A24%3A%22AnyExistingCertification%22%3Bs%3A0%3A% 22%22%3Bs%3A12%3A%22NameOfDevice%22%3Bs%3A0%3A%22%22%3Bs%3A22%3A%22Varia tionsInTheProduct%22%3Bs%3A0%3A%22%22%3Bs%3A15%3A%22HowManyIOCables%22%3 Bs%3A0%3A%22%22%3Bs%3A22%3A%22DimensionsSizeAndSetup%22%3Bs%3A4%3A%22tes t%22%3Bs%3A19%3A%22TransmitterReceiver%22%3Ba%3A1%3A%7Bi%3A0%3Bs%3A11%3A %22Transmitter%22%3B%7Ds%3A23%3A%22WhoIsTheUserOfEquipment%22%3Bs%3A4%3A %22test%22%3Bs%3A13%3A%22FCCICApproval%22%3Bs%3A3%3A%22yes%22%3Bs%3A14%3 A%22MILSTDApproval%22%3Bs%3A3%3A%22yes%22%3Bs%3A13%3A%22ApprovalTypes%22 %3Bs%3A0%3A%22%22%3Bs%3A15%3A%22TargetCountries%22%3Ba%3A1%3A%7Bi%3A0%3B s%3A3%3A%22USA%22%3B%7Ds%3A19%3A%22CommentsDescription%22%3Bs%3A4%3A%22t est%22%3Bs%3A6%3A%22__ec_i%22%3Bs%3A46%3A%22ec.1234232363.da9330995e5da1 94592cd2b63ff86d92%22%3Bs%3A6%3A%22__ec_s%22%3Bs%3A5%3A%22cl8xx%22%3Bs%3 A6%3A%22SUBMIT%22%3Bs%3A9%3A%22Send+Form%22%3B%7D; expires=Tue, 10-Feb-2009 02:27:19 GMT Location: http://www.wll.com/quote.php Content-Length: 0 Connection: close Content-Type: text/html ---------------------------------------------------------- http://www.wll.com/quote.php GET /quote.php HTTP/1.1 Host: www.wll.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.wll.com/quote.php Cookie: PHPSESSID=5257a97a577ea059bb286491a368c8d8; form=a%3A31%3A%7Bs%3A18%3A%22print_blank_fields%22%3Bs%3A1%3A%221%22%3Bs %3A10%3A%22Salutation%22%3Bs%3A4%3A%22None%22%3Bs%3A12%3A%22Contact_Name %22%3Bs%3A0%3A%22%22%3Bs%3A11%3A%22CompanyName%22%3Bs%3A0%3A%22%22%3Bs%3 A12%3A%22AddressLine1%22%3Bs%3A0%3A%22%22%3Bs%3A12%3A%22AddressLine2%22% 3Bs%3A0%3A%22%22%3Bs%3A4%3A%22City%22%3Bs%3A0%3A%22%22%3Bs%3A5%3A%22Stat e%22%3Bs%3A0%3A%22%22%3Bs%3A8%3A%22Zip_Code%22%3Bs%3A0%3A%22%22%3Bs%3A7% 3A%22Country%22%3Bs%3A0%3A%22%22%3Bs%3A5%3A%22Phone%22%3Bs%3A0%3A%22%22% 3Bs%3A9%3A%22CellPhone%22%3Bs%3A0%3A%22%22%3Bs%3A3%3A%22Fax%22%3Bs%3A0%3 A%22%22%3Bs%3A13%3A%22CustomerEmail%22%3Bs%3A0%3A%22%22%3Bs%3A14%3A%22Co mpanyWebsite%22%3Bs%3A0%3A%22%22%3Bs%3A23%3A%22HowManySamplesAvailable%2 2%3Bs%3A0%3A%22%22%3Bs%3A24%3A%22AnyExistingCertification%22%3Bs%3A0%3A% 22%22%3Bs%3A12%3A%22NameOfDevice%22%3Bs%3A0%3A%22%22%3Bs%3A22%3A%22Varia tionsInTheProduct%22%3Bs%3A0%3A%22%22%3Bs%3A15%3A%22HowManyIOCables%22%3 Bs%3A0%3A%22%22%3Bs%3A22%3A%22DimensionsSizeAndSetup%22%3Bs%3A4%3A%22tes t%22%3Bs%3A19%3A%22TransmitterReceiver%22%3Ba%3A1%3A%7Bi%3A0%3Bs%3A11%3A %22Transmitter%22%3B%7Ds%3A23%3A%22WhoIsTheUserOfEquipment%22%3Bs%3A4%3A %22test%22%3Bs%3A13%3A%22FCCICApproval%22%3Bs%3A3%3A%22yes%22%3Bs%3A14%3 A%22MILSTDApproval%22%3Bs%3A3%3A%22yes%22%3Bs%3A13%3A%22ApprovalTypes%22 %3Bs%3A0%3A%22%22%3Bs%3A15%3A%22TargetCountries%22%3Ba%3A1%3A%7Bi%3A0%3B s%3A3%3A%22USA%22%3B%7Ds%3A19%3A%22CommentsDescription%22%3Bs%3A4%3A%22t est%22%3Bs%3A6%3A%22__ec_i%22%3Bs%3A46%3A%22ec.1234232363.da9330995e5da1 94592cd2b63ff86d92%22%3Bs%3A6%3A%22__ec_s%22%3Bs%3A5%3A%22cl8xx%22%3Bs%3 A6%3A%22SUBMIT%22%3Bs%3A9%3A%22Send+Form%22%3B%7D HTTP/1.x 200 OK Date: Tue, 10 Feb 2009 02:22:20 GMT Server: Apache/2.0.52 (CentOS) X-Powered-By: PHP/4.3.9 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: form=deleted; expires=Mon, 11-Feb-2008 02:22:19 GMT Connection: close Transfer-Encoding: chunked Content-Type: text/html ---------------------------------------------------------- http://www.wll.com//captcha/captcha.php?__ec_i=ec.1234232540.05ead51af64 ae99216682f155c9f4ceb& GET //captcha/captcha.php?__ec_i=ec.1234232540.05ead51af64ae99216682f155c9f4 ceb& HTTP/1.1 Host: www.wll.com:80 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.wll.com/quote.php Cookie: PHPSESSID=5257a97a577ea059bb286491a368c8d8 HTTP/1.x 200 OK Date: Tue, 10 Feb 2009 02:22:20 GMT Server: Apache/2.0.52 (CentOS) X-Powered-By: PHP/4.3.9 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate, private Expires: Tue, 10 Feb 2009 02:22:20 +0000 Content-Length: 5849 Connection: close Content-Type: image/jpeg ---------------------------------------------------------- http://downloads.thespringbox.com/web/wrapper.php?file=68671.sbw GET /web/wrapper.php?file=68671.sbw HTTP/1.1 Host: downloads.thespringbox.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.wll.com/quote.php HTTP/1.x 200 OK Server: Apache/2.2.8 (Unix) PHP/5.2.5 with Suhosin-Patch X-Powered-By: PHP/5.2.5 Content-Length: 49750 Content-Type: application/x-shockwave-flash Expires: Tue, 10 Feb 2009 02:22:20 GMT Cache-Control: max-age=0, no-cache Pragma: no-cache Date: Tue, 10 Feb 2009 02:22:20 GMT Connection: keep-alive ---------------------------------------------------------- http://data.fimlabs.net/amfToRest.php?host=downloads%2Ethespringbox%2Eco m&page=&widget%5Fname=68671&rf=loadVars&method=checkPermissions&service= TheSpringBox GET /amfToRest.php?host=downloads%2Ethespringbox%2Ecom&page=&widget%5Fname=6 8671&rf=loadVars&method=checkPermissions&service=TheSpringBox HTTP/1.1 Host: data.fimlabs.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK Server: Apache/2.2.8 (Unix) PHP/5.2.5 with Suhosin-Patch X-Powered-By: PHP/5.2.5 Content-Length: 277 Content-Type: text/html Date: Tue, 10 Feb 2009 02:22:21 GMT Connection: keep-alive ---------------------------------------------------------- http://cdn.thespringbox.com/analytics/uid.php?user%5Fid=%2D1 GET /analytics/uid.php?user%5Fid=%2D1 HTTP/1.1 Host: cdn.thespringbox.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: uid=e0891c95ad969d6633244de473cf2377; NSC_gjnmbc-qspe=440f89bb3660 HTTP/1.x 200 OK Date: Tue, 10 Feb 2009 02:22:21 GMT Server: Apache/2.2.8 (Unix) PHP/5.2.5 with Suhosin-Patch X-Powered-By: PHP/5.2.5 Content-Length: 36 Keep-Alive: timeout=390, max=9069 Connection: Keep-Alive Content-Type: text/html Set-Cookie: NSC_gjnmbc-qspe=440f89bb3660;expires=Tue, 10-Feb-09 02:27:21 GMT;path=/ ---------------------------------------------------------- http://downloads.thespringbox.com/widgets/download.php?file=RSS%20Reader .sbw GET /widgets/download.php?file=RSS%20Reader.sbw HTTP/1.1 Host: downloads.thespringbox.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK Server: Apache/2.2.8 (Unix) PHP/5.2.5 with Suhosin-Patch X-Powered-By: PHP/5.2.5 Content-Length: 75238 Content-Type: application/sbw Date: Tue, 10 Feb 2009 02:22:21 GMT Connection: keep-alive ---------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Mon Feb 9 22:00:42 2009 From: ramons at gmx.net (David Krings) Date: Mon, 09 Feb 2009 22:00:42 -0500 Subject: [nycphp-talk] lost sessions on redirect In-Reply-To: <4990D20D.7010405@nyphp.com> References: <4990D20D.7010405@nyphp.com> Message-ID: <4990EDDA.9000908@gmx.net> Michael Southwell wrote: > Christina Karlhoff wrote: >> About a year ago NYPHP created a captcha form for our website. The >> html has undergone quite a few changes. Unfortunately in that process >> we've lost some function...when a user submits the form, forgetting a >> required field, the session is lost; on the redirect the data that was >> input by the user is gone. Needing some guidance as to how to fix >> this. Help please? > > Carry the session id along as a get variable in the redirect, something > like this: > header( 'Location: somewhere.php?PHPSESSID=' . session_id() ); Also, upon calling a script that is dependent on the session make sure that the session is picked up again before doing anything else. I use redirects frequently (back when I had time to code) and typically did this: Script A session_write_close redirect to Script B Script B Session_start I found that the session_write_close wasn't always necessary, but a few tests turned up that variables were still written to the file while the redirect already completed. The session_start is then always the first line of code to get executed, even before initializing variables, including files, or doing anything else. My approach relies in cookies being set for passing the session_id along. I guess the more solid approach is to go with what Michael proposed. I am sure that when you use both approaches session data will be preserved and will remain available. Alternatively, anything that is stored in a session can also be stored temporarily on the server. You can create your own random IDs and start stuffing data into database tables or flat files. That may have other disadvantages. I find session handling in PHP to be very convenient, almost too convenient as one is tempted to load all kinds of crap into the session and piggyback it through all scripts. HTH David From christinak at wll.com Mon Feb 9 22:08:30 2009 From: christinak at wll.com (Christina Karlhoff) Date: Mon, 9 Feb 2009 22:08:30 -0500 Subject: [nycphp-talk] lost sessions on redirect Message-ID: Hi Michael, on the processing page after the form array is verified and email address is validated, the code goes like this: if ($_POST) { // save post into a cookie to retrieve later - careful with captcha fields, do not restore those in interface setcookie("form", serialize($_POST), time()+300); if (captcha::check()) { if (verify_form($required, $_POST)) { //follow the same structure as verify form. So now, if the form is verified, we continue. Otherwise we will error out with redirect if ( (validate_email($email)) ) { // redirect to this url on full success and email form header('Location: http://www.wll.com/thankyou.shtml'); $_POST['RemoteIP'] = $_SERVER['REMOTE_ADDR']; mail_form(SENDER, RECIPIENT, SUBJECT, $_POST); } else { // If not validate email; header('Location: ' . $_SERVER['HTTP_REFERER']); } } else { // If verify form failed header('Location: ' . $_SERVER['HTTP_REFERER']); } exit; } else { // if not capture $_SESSION["error"] = 'Verification word does not match'; header('Location: ' . $_SERVER['HTTP_REFERER']); } exit; } else { // if no $_POST variable if ($HTTP_COOKIE_VARS['form']) { //$form array can be used to set form field values // this server sucks, need to remove added slashes $form = unserialize(stripslashes($HTTP_COOKIE_VARS['form'])); // destroy cookie on client side setcookie('form', ''); } // echo $captcha puts captcha anywhere in the interface $captcha = captcha::form("→ "); } Back on the page containing the form, a block of code linking session "error" to the data array if ($_SESSION["error"]) { echo '' . $_SESSION["error"] . ''; unset($_SESSION["error"]); } and reference to the required form data is tucked away:

So i understand that session error shows which required field was not entered by the user... but, what happens to the session vars with the form data? -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at analysisandsolutions.com Mon Feb 9 22:37:41 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 9 Feb 2009 22:37:41 -0500 Subject: [nycphp-talk] lost sessions on redirect In-Reply-To: References: Message-ID: <20090210033741.GA13991@panix.com> Hi Christina: Before I get into specific code feedback, you REALLY need to get some coding standards in place. Your nesting is a total mess. Read and follow http://pear.php.net/manual/en/standards.php. On Mon, Feb 09, 2009 at 10:08:30PM -0500, Christina Karlhoff wrote: > > setcookie("form", serialize($_POST), time()+300); No. Put that stuff in the session, not the cookie. > header('Location: > http://www.wll.com/thankyou.shtml'); > $_POST['RemoteIP'] = $_SERVER['REMOTE_ADDR']; ... snip ... > header('Location: ' . $_SERVER['HTTP_REFERER']); ... snip ... Ouch. Security vulnerability. You can not trust user input. Unescaped user input must not be put directly into databases, HTML, shell execution commands or header calls (among other things). Read http://phpsec.org/projects/guide/. > if ($HTTP_COOKIE_VARS['form']) { When you want to access cookies, use $_COOKIE. That may be the reason you're loosing data. But as mentioned before, you should put this in the session. > So i understand that session error shows which required field was not > entered by the user... but, what happens to the session vars with the > form data? It's not in the session. It's in a cookie. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From lists at zaunere.com Tue Feb 10 09:11:11 2009 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 10 Feb 2009 09:11:11 -0500 Subject: [nycphp-talk] TestFest and PHP QA at NYPHP In-Reply-To: <006101c98a0d$633c1660$29b44320$@com> References: <034a01c987c8$d84fd7d0$88ef8770$@com> <006101c98a0d$633c1660$29b44320$@com> Message-ID: <00ec01c98b89$6cf13fa0$46d3bee0$@com> So as a follow-up, thanks to everyone for their interest. I'm going to follow-up with the QA folks and will announce next steps. For those interested in participating, please make sure you're on the Org list as discussion will continue there: http://lists.nyphp.org/mailman/listinfo/org H > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] On Behalf Of Hans Zaunere > Sent: Sunday, February 08, 2009 11:51 AM > To: 'NYPHP Talk' > Subject: Re: [nycphp-talk] TestFest and PHP QA at NYPHP > > Hi - no takers on this, folks? > > H > > > > Subject: [nycphp-talk] TestFest and PHP QA at NYPHP > > > > All, > > > > We're considering working with the PHP QA group and supporting a Test > > Fest > > event, both in the virtual world, and the real-world of NYC. > > > > Here are overviews: > > > > http://qa.php.net/testfest.php - the What > > http://wiki.php.net/qa/testfest - the How > > > > Getting involved with this would greatly benefit PHP itself, as well > as > > hone > > your own skills working in a QA testing environment (it's great for a > > resume). > > > > At this point, I'm interested in: > > > > -- hearing general thoughts on this type of thing and how it could > come > > together in NYC > > > > -- how many people would be interested in doing the testing? > > > > -- how many people would be interested in helping to organize? > > > > Let's discuss on this list to get public feedback, or feel free to > > contact > > me off-list if you'd like to chat directly. > > > > Best, > > > > --- > > Hans Zaunere / Managing Member / New York PHP > > www.nyphp.org / www.nyphp.com > > > > From christinak at wll.com Wed Feb 11 08:29:23 2009 From: christinak at wll.com (Christina Karlhoff) Date: Wed, 11 Feb 2009 08:29:23 -0500 Subject: [nycphp-talk] lost sessions on redirect - Found Message-ID: Hi all, Well, as it turns out the problem was syntax - field values had one too many " marks...and the values weren't being carried into the session. There was ""> instead of "> Now field values are being retained on redirect. [Thank you Hans!!!] Onto another question: in testing the form redirect, i find textbox-type and textarea-type form field values are retained, but not checkbox values. How would i include checkbox values in the $form array? I'd appreciate some tips. Thanks!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From rolan at omnistep.com Wed Feb 11 10:40:19 2009 From: rolan at omnistep.com (Rolan Yang) Date: Wed, 11 Feb 2009 10:40:19 -0500 Subject: [nycphp-talk] Zend Puts PHP on IBM System i Message-ID: <4992F163.10504@omnistep.com> Might be old news? Just saw it on my eweek feed this morning. http://www.eweek.com/c/a/Application-Development/Zend-Puts-PHP-on-IBM-System-i/?kc=NANANANANAFAKETRACKINGIDHIFROMNYPHP or http://tinyurl.com/bdu3gb ~Rolan* * From alan at alanseiden.com Wed Feb 11 12:26:39 2009 From: alan at alanseiden.com (Alan Seiden) Date: Wed, 11 Feb 2009 12:26:39 -0500 Subject: [nycphp-talk] Link to PHP article in InformationWeek In-Reply-To: References: Message-ID: <49930A4F.5030404@alanseiden.com> PHP has been officially supported on IBM i since 2006, when Zend/IBM began providing IBM i's users with a no-charge package consisting of Zend Core, Studio, support, and special extensions. (IBM i is the newest name for a system formerly called AS/400, iSeries, i5, and System i.) So what's the news about? Till now, Zend Core was only available as a download. Now, IBM is making a big statement by including Zend Core on IBM i's operating system CDs. Because many IBM i customers take their lead from IBM, customers will see this as a strong signal that it's OK to use PHP. These days, I specialize in implementing PHP on IBM i. I've even done gigs to mentor teams in implementing Zend Framework on their "i", with its special version of db2 and all. I agree with Brian that there's opportunity for PHP developers interested in converting or front-ending text-based "i" applications. Alan -- Alan Seiden Senior Developer/Technical Lead Zend Framework Certified Engineer PHP i5 Solutions, Strategic Business Systems, Inc. alan at alanseiden.com | 201-327-8746 x144 blog: alanseiden.com > Date: Sat, 7 Feb 2009 22:40:33 -0500 > From: Brian Williams > Subject: Re: [nycphp-talk] Link to PHP article in InformationWeek > To: NYPHP Talk > Message-ID: > > Content-Type: text/plain; charset="iso-8859-1" > > I don't know if you've ever worked with an AS/400 (I did in some college > classes back in 98 - 00 with COBOL and RPG) it's very powerful and in use by > a LOT of government/industrial companies -- as the article states. The > Series i replaces the AS/400 (side-note:Zend has offered Series i downloads > for a while now, at least for its IDE) and at the risk of sounding like a > little fanboy... this is fantastic news for PHP and PHP programmers over > all. > > People with COBOL/RPG and PHP experience will be able to pull in a > *nice*paycheck converting programs or building web-based front-ends to > interface > with those programs. > > better start exercising program logic muscles again... > > > > On Sat, Feb 7, 2009 at 10:23 PM, David Krings wrote: > > >> Hi! >> >> Came across this article in InformationWeek. It is about IBM and Zend >> porting PHP to IBM's System i hardware aimed at small business and Fortune >> 500 (which means mom & pop shops and huge corporations?? Doesn't make sense >> to me, but maybe I misunderstand). Seems as if PHP will give Java some >> competition. Interesting read...and apologies if this is old news to you. >> >> >> http://www.informationweek.com/news/software/soa/showArticle.jhtml?articleID=213201961&cid=nl_IWK_daily_H >> >> >> David >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From fgabrieli at gmail.com Wed Feb 11 18:36:53 2009 From: fgabrieli at gmail.com (Fernando Gabrieli) Date: Wed, 11 Feb 2009 20:36:53 -0300 Subject: [nycphp-talk] Zend Puts PHP on IBM System i In-Reply-To: <4992F163.10504@omnistep.com> References: <4992F163.10504@omnistep.com> Message-ID: very interesting! and it started as "Personal Home Page" right? :) fernando On Wed, Feb 11, 2009 at 12:40 PM, Rolan Yang wrote: > Might be old news? Just saw it on my eweek feed this morning. > > > http://www.eweek.com/c/a/Application-Development/Zend-Puts-PHP-on-IBM-System-i/?kc=NANANANANAFAKETRACKINGIDHIFROMNYPHP > or > http://tinyurl.com/bdu3gb > > ~Rolan* > * > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ken at secdat.com Thu Feb 12 21:23:28 2009 From: ken at secdat.com (Kenneth Downs) Date: Thu, 12 Feb 2009 21:23:28 -0500 Subject: [nycphp-talk] [ANNOUNCE] Significant Andromeda Documentation Updates Message-ID: <4994D9A0.1000009@secdat.com> Andromeda today received significant documentation updates. Our current push is to finish off the docs, then we attack the bugs and proceed to Release 1. 1) The entire Database Programming section is finished - Andromeda's most important feature. 2) A complete section on Database Access has been added. 3) A complete section on modifying the "free" admin screens has been added. 4) Upgrade scripts have been documented. 5) A new section on using x6 plugins has been started and about 1/2 completed. 6) Styles have been added for notices and alerts. In terms of bug fixes and site improvements we have: 1) The search box was fixed. 2) Search now matches lots of relevant terms to pages, so searching for "range_from" gets you to the page on ranged primary keys. 3) The image links are now working. -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 From guilhermeblanco at gmail.com Thu Feb 12 22:20:48 2009 From: guilhermeblanco at gmail.com (Guilherme Blanco) Date: Fri, 13 Feb 2009 01:20:48 -0200 Subject: [nycphp-talk] [ANNOUNCE] Significant Andromeda Documentation Updates In-Reply-To: <4994D9A0.1000009@secdat.com> References: <4994D9A0.1000009@secdat.com> Message-ID: Demo is not running. Parse error: syntax error, unexpected T_STRING, expecting ')' in /var/www/finance_demo/dynamic/table_configinst.php on line 20 Cheers, On Fri, Feb 13, 2009 at 12:23 AM, Kenneth Downs wrote: > Andromeda today received significant documentation updates. Our current > push is to finish off the docs, then we attack the bugs and proceed to > Release 1. > > 1) The entire Database Programming section is finished - Andromeda's most > important feature. > > 2) A complete section on Database Access has been added. > > 3) A complete section on modifying the "free" admin screens has been added. > > 4) Upgrade scripts have been documented. > > 5) A new section on using x6 plugins has been started and about 1/2 > completed. > > 6) Styles have been added for notices and alerts. > > In terms of bug fixes and site improvements we have: > > 1) The search box was fixed. > > 2) Search now matches lots of relevant terms to pages, so searching for > "range_from" gets you to the page on ranged primary keys. > > 3) The image links are now working. > > > -- > Kenneth Downs > Secure Data Software, Inc. > www.secdat.com www.andromeda-project.org > 631-689-7200 Fax: 631-689-0527 > cell: 631-379-0010 > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -- Guilherme Blanco - Web Developer CBC - Certified Bindows Consultant Cell Phone: +55 (16) 9215-8480 MSN: guilhermeblanco at hotmail.com URL: http://blog.bisna.com S?o Paulo - SP/Brazil From marybeth at nyc.rr.com Fri Feb 13 12:48:09 2009 From: marybeth at nyc.rr.com (Mary Beth Kooper) Date: Fri, 13 Feb 2009 12:48:09 -0500 Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web In-Reply-To: References: Message-ID: <5C08C4F2-BE65-427E-935B-72C4356EE501@nyc.rr.com> > > The Jewish Museum: http://www.thejewishmuseum.org Saving Antiquities for Everyone (SAFE): http://www.savingantiquities.org > Message: 1 > Date: Mon, 2 Feb 2009 19:43:46 -0500 > From: "Peter Sawczynec" > Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > To: "'Org, Talk at Nyphp.'" > Message-ID: <000001c98598$79862f10$6c928d30$@com> > Content-Type: text/plain; charset="windows-1257" > > If you still know additional high-profile corp. or > non-profit PHP users that can be added to this list > below, please reply with your additions. > > Yahoo www.yahoo.com > Facebook www.facebook.com > Amazon www.amazon.com > Flickr www.flickr.com > Wikipedia www.wikipedia.com > Greenpeace www.greenpeace.org > UNICEF www.unicef.org > UNESCO www.unesco.org > Audubon Society www.audubon.org > CancerCare www.cancercare.org > Autism Speaks www.autismspeaks.org > Betty Ford Center www.bettyfordcenter.org > NAACP www.naacp.org > The Fund for Peace www.fundforpeace.org > Peaceforce www.nonviolentpeaceforce.org > Lilly Endowment www.lillyendowment.org > International Herald Tribune www.iht.com > NYC Parks Department www.nycgovparks.org > NY Botanical Garden www.nybg.org > NY Times www.nytimes.com > MTV www.mtv.com > United Nations www.un.org > > Warmest regards, > ? > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > > > ------------------------------ > > Message: 2 > Date: Mon, 2 Feb 2009 23:31:52 -0500 > From: "Peter Sawczynec" > Subject: Re: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > To: "'NYPHP Talk'" > Message-ID: <003701c985b8$56e8e4f0$04baaed0$@com> > Content-Type: text/plain; charset="windows-1257" > > Well, I added a few more myself... > > Yahoo www.yahoo.com > Facebook www.facebook.com > Amazon www.amazon.com > Flickr www.flickr.com > Wikipedia www.wikipedia.com > Second Life www.secondlife.com > > Harvard University www.harvard.edu > Amherst College www.amherst.edu > Tufts University www.tufts.edu > > Nobel Prize Foundation www.nobelprize.org > Hearst Foundation www.hearstfdn.org > Lilly Endowment www.lillyendowment.org > > Greenpeace www.greenpeace.org > Audubon Society www.audubon.org > UNICEF www.unicef.org > UNESCO www.unesco.org > CancerCare www.cancercare.org > Autism Speaks www.autismspeaks.org > Betty Ford Center www.bettyfordcenter.org > Magic Johnson Foundation www.magicjohnson.com > NAACP www.naacp.org > Peaceforce www.nonviolentpeaceforce.org > United Nations www.un.org > > Museum of Contemporary Art Los Angeles www.moca.org > Art Institute of Chicago www.artic.edu > Museum of Modern Art (NYC) www.moma.org > American Museum of Natural History (NYC) www.amnh.org > Brooklyn Museum www.brooklynmuseum.org > > NY Times www.nytimes.com > International Herald Tribune www.iht.com > MTV www.mtv.com > > Port Authority of NY & NJ www.panynj.gov > NYC Parks Department www.nycgovparks.org > NY Botanical Garden www.nybg.org > Central Park (NYC) www.centralpark.com > > Warmest regards, > ? > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org > ] > On Behalf Of Peter Sawczynec > Sent: Monday, February 02, 2009 7:44 PM > To: 'Org, Talk at Nyphp.' > Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > > If you still know additional high-profile corp. or > non-profit PHP users that can be added to this list > below, please reply with your additions. > > Yahoo www.yahoo.com > Facebook www.facebook.com > Amazon www.amazon.com > Flickr www.flickr.com > Wikipedia www.wikipedia.com > Greenpeace www.greenpeace.org > UNICEF www.unicef.org > UNESCO www.unesco.org > Audubon Society www.audubon.org > CancerCare www.cancercare.org > Autism Speaks www.autismspeaks.org > Betty Ford Center www.bettyfordcenter.org > NAACP www.naacp.org > The Fund for Peace www.fundforpeace.org > Peaceforce www.nonviolentpeaceforce.org > Lilly Endowment www.lillyendowment.org > International Herald Tribune www.iht.com > NYC Parks Department www.nycgovparks.org > NY Botanical Garden www.nybg.org > NY Times www.nytimes.com > MTV www.mtv.com > United Nations www.un.org > > Warmest regards, > ? > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > > > > ------------------------------ > > Message: 3 > Date: Mon, 2 Feb 2009 23:52:42 -0500 > From: John Campbell > Subject: Re: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > To: NYPHP Talk > Message-ID: > <8f0676b40902022052r2b8a3b6axec1754baa3b931c3 at mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-13 > > Thanks for compiling the list. > > Thought it was a little silly at first, but now that you have > responded with the compiled list, I am glad you asked. > > Cheers, > John Campbell > > 2009/2/2 Peter Sawczynec : >> Well, I added a few more myself... >> >> Yahoo www.yahoo.com >> Facebook www.facebook.com >> Amazon www.amazon.com >> Flickr www.flickr.com >> Wikipedia www.wikipedia.com >> Second Life www.secondlife.com >> >> Harvard University www.harvard.edu >> Amherst College www.amherst.edu >> Tufts University www.tufts.edu >> >> Nobel Prize Foundation www.nobelprize.org >> Hearst Foundation www.hearstfdn.org >> Lilly Endowment www.lillyendowment.org >> >> Greenpeace www.greenpeace.org >> Audubon Society www.audubon.org >> UNICEF www.unicef.org >> UNESCO www.unesco.org >> CancerCare www.cancercare.org >> Autism Speaks www.autismspeaks.org >> Betty Ford Center www.bettyfordcenter.org >> Magic Johnson Foundation www.magicjohnson.com >> NAACP www.naacp.org >> Peaceforce www.nonviolentpeaceforce.org >> United Nations www.un.org >> >> Museum of Contemporary Art Los Angeles www.moca.org >> Art Institute of Chicago www.artic.edu >> Museum of Modern Art (NYC) www.moma.org >> American Museum of Natural History (NYC) www.amnh.org >> Brooklyn Museum www.brooklynmuseum.org >> >> NY Times www.nytimes.com >> International Herald Tribune www.iht.com >> MTV www.mtv.com >> >> Port Authority of NY & NJ www.panynj.gov >> NYC Parks Department www.nycgovparks.org >> NY Botanical Garden www.nybg.org >> Central Park (NYC) www.centralpark.com >> >> Warmest regards, >> >> Peter Sawczynec >> Technology Dir. >> bl?studio >> 941.893.0396 >> ps at blu-studio.com >> www.blu-studio.com >> >> >> >> -----Original Message----- >> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org >> ] >> On Behalf Of Peter Sawczynec >> Sent: Monday, February 02, 2009 7:44 PM >> To: 'Org, Talk at Nyphp.' >> Subject: [nycphp-talk] Corp. and Non-Profit PHP Users for Web >> >> If you still know additional high-profile corp. or >> non-profit PHP users that can be added to this list >> below, please reply with your additions. >> >> Yahoo www.yahoo.com >> Facebook www.facebook.com >> Amazon www.amazon.com >> Flickr www.flickr.com >> Wikipedia www.wikipedia.com >> Greenpeace www.greenpeace.org >> UNICEF www.unicef.org >> UNESCO www.unesco.org >> Audubon Society www.audubon.org >> CancerCare www.cancercare.org >> Autism Speaks www.autismspeaks.org >> Betty Ford Center www.bettyfordcenter.org >> NAACP www.naacp.org >> The Fund for Peace www.fundforpeace.org >> Peaceforce www.nonviolentpeaceforce.org >> Lilly Endowment www.lillyendowment.org >> International Herald Tribune www.iht.com >> NYC Parks Department www.nycgovparks.org >> NY Botanical Garden www.nybg.org >> NY Times www.nytimes.com >> MTV www.mtv.com >> United Nations www.un.org >> >> Warmest regards, >> >> Peter Sawczynec >> Technology Dir. >> bl?studio >> 941.893.0396 >> ps at blu-studio.com >> www.blu-studio.com >> >> >> >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show_participation.php >> >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show_participation.php > > > ------------------------------ > > Message: 4 > Date: Tue, 03 Feb 2009 07:14:09 -0500 > From: David Krings > Subject: Re: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > To: NYPHP Talk > Message-ID: <49883511.8090202 at gmx.net> > Content-Type: text/plain; charset=windows-1257; format=flowed > > Peter Sawczynec wrote: >> If you still know additional high-profile corp. or >> non-profit PHP users that can be added to this list >> below, please reply with your additions. > > Hi! > > Found by accident that our local museum and planetarium uses PHP as > well: > http://www.schenectadymuseum.org/ > Best to see when one clicks on the planetarium link. > > Or another museum on the other side of the Mohawk: > http://www.esam.org/ > > And how could I forget the support page I made years ago for > Ingersoll-Rand / > Schlage. My replacements made some changes to it, but it uses PHP > for the search: > http://irsupport.net/ > > > HTH, > > David > > > ------------------------------ > > Message: 5 > Date: Tue, 3 Feb 2009 08:41:08 -0500 > From: Greg Rundlett > Subject: Re: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > To: NYPHP Talk > Message-ID: > <5e2aaca40902030541s209945b5qc7904d8d61b152ff at mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > I too am glad to see a nice list. The compiled list (plus link to > Whitepaper) is at http://freephile.com/wiki/index.php/Who_uses_php > > Cite or re-use freely > > > ------------------------------ > > Message: 6 > Date: Tue, 03 Feb 2009 09:30:43 -0500 > From: Steve Manes > Subject: Re: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > To: NYPHP Talk > Message-ID: <49885513.8090604 at magpie.com> > Content-Type: text/plain; charset=windows-1257; format=flowed > > Peter Sawczynec wrote: >> If you still know additional high-profile corp. or >> non-profit PHP users that can be added to this list >> below, please reply with your additions. > > The Childrens Health Fund http://childrenshealthfund.org/ > > > > ------------------------------ > > Message: 7 > Date: Tue, 03 Feb 2009 09:36:05 -0500 > From: Steve Manes > Subject: Re: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > To: NYPHP Talk > Message-ID: <49885655.1080106 at magpie.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Steve Manes wrote: >> Peter Sawczynec wrote: >>> If you still know additional high-profile corp. or non-profit PHP >>> users that can be added to this list below, please reply with your >>> additions. >> >> The Childrens Health Fund http://childrenshealthfund.org/ > > I don't know if you're just looking just for public web sites but the > Transportation and Referral Management Systems (TRMS) I built for them > is rolling out to all 17 CHF programs around the country. It's PHP5 + > PostgreSQL. I'm about to start a new one for childhood diabetes. > > > ------------------------------ > > Message: 8 > Date: Tue, 03 Feb 2009 10:16:03 -0500 > From: David Krings > Subject: Re: [nycphp-talk] Corp. and Non-Profit PHP Users for Web > To: NYPHP Talk > Message-ID: <49885FB3.3080801 at gmx.net> > Content-Type: text/plain; charset=windows-1257; format=flowed > > Peter Sawczynec wrote: >> If you still know additional high-profile corp. or >> non-profit PHP users that can be added to this list >> below, please reply with your additions. > > > Hi! > > I 'found' another one, this time a for-profit corporation and a > Microsoft > DotNet Showcase Company. MadCap Software uses PHP to run their > support forum > (which is phpBB) at http://forums.madcapsoftware.com > > One of these cases where I look at it every day and just don't > register that > it is PHP. As a disclaimer (no clue if it is needed), I am a MadCap > MVP and > MAD certified (not certified mad!). > > David > > > ------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > End of talk Digest, Vol 28, Issue 6 > *********************************** From nhart at partsauthority.com Fri Feb 13 15:31:58 2009 From: nhart at partsauthority.com (Nicholas Hart) Date: Fri, 13 Feb 2009 15:31:58 -0500 Subject: [nycphp-talk] slow php Message-ID: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> I have a php 'cron job' script which is inserting some records. It uses arrays to store 12 field records along with several nested loops in which it tests various currency values from a separate 4 field table and sorts them to get the lowest one for insert into a new 4 field table record. It has about 640,000 Product records per 4 Customers or apporx. 2.4 million records to insert. It takes several hours+ to complete and I am hoping there is a way to speed it up. So far, I've tried updating instead of inserting records and changing a few functions but nothing seems to make much difference. Am I being unreasonable for the size of the files here? I'm considering using a Derived Table in mySQL and will also consider another language such as python. Please let me know if you have any suggestions. Thanks. Nicholas Hart -------------- next part -------------- An HTML attachment was scrubbed... URL: From bonsaime at gmail.com Fri Feb 13 15:37:06 2009 From: bonsaime at gmail.com (Jesse Callaway) Date: Fri, 13 Feb 2009 15:37:06 -0500 Subject: [nycphp-talk] slow php In-Reply-To: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> Message-ID: On Fri, Feb 13, 2009 at 3:31 PM, Nicholas Hart wrote: > I have a php 'cron job' script which is inserting some records. It uses > arrays to store 12 field records along with several nested loops in which it > tests various currency values from a separate 4 field table and sorts them > to get the lowest one for insert into a new 4 field table record. It has > about 640,000 Product records per 4 Customers or apporx. 2.4 million records > to insert. It takes several hours+ to complete and I am hoping there is a > way to speed it up. > > So far, I've tried updating instead of inserting records and changing a few > functions but nothing seems to make much difference. Am I being > unreasonable for the size of the files here? I'm considering using a > Derived Table in mySQL and will also consider another language such as > python. Please let me know if you have any suggestions. Thanks. > > Nicholas Hart > > > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > Do your inserts in chunks. If you have the RAM, do one big insert. Otherwise you have to hit the disk for each record which can be slow especially if you have table locks going on elsewhere. -jesse From ken at secdat.com Fri Feb 13 15:39:50 2009 From: ken at secdat.com (Kenneth Downs) Date: Fri, 13 Feb 2009 15:39:50 -0500 Subject: [nycphp-talk] slow php (slow database) In-Reply-To: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> Message-ID: <4995DA96.5050405@secdat.com> This ain't PHP,and Python won't help. Inserting 2.4 million rows into a database will take hours if you go line by line. You are paying a big overhead of a round trip to the server for each row. The best way to speed it up is to use what they call "bulk copy" on MS SQL Server and "copy" on PostgreSQL. I'd have to assume mySQL has something by the same name. Also, it may be that mySQL supports multiple inserts per line, in which case you can do 10 inserts per round trip. This will speed it up w/o requiring you to do to a different command for the bulk copy. Nicholas Hart wrote: > I have a php 'cron job' script which is inserting some records. It > uses arrays to store 12 field records along with several nested loops > in which it tests various currency values from a separate 4 field > table and sorts them to get the lowest one for insert into a new 4 > field table record. It has about 640,000 Product records per 4 > Customers or apporx. 2.4 million records to insert. It takes several > hours+ to complete and I am hoping there is a way to speed it up. > > So far, I've tried updating instead of inserting records and changing > a few functions but nothing seems to make much difference. Am I being > unreasonable for the size of the files here? I'm considering using a > Derived Table in mySQL and will also consider another language such as > python. Please let me know if you have any suggestions. Thanks. > > Nicholas Hart > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php -- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 -------------- next part -------------- An HTML attachment was scrubbed... URL: From anthony at thrillist.com Fri Feb 13 15:39:52 2009 From: anthony at thrillist.com (Anthony Wlodarski) Date: Fri, 13 Feb 2009 12:39:52 -0800 Subject: [nycphp-talk] slow php In-Reply-To: Message-ID: I would have to agree. The disk I/O is going to be large for a such a data set. I think in this instance it is better to ask a few hundred bigger questions of the database then a few million smaller questions. -Anthony -- Anthony Wlodarski www.thrillist.com Web Applications Developer 568 Broadway Ste. 605 New York, NY, 10012 (o) 646.786.1944 ________________________________ From: Jesse Callaway Reply-To: NYPHP Talk Date: Fri, 13 Feb 2009 12:37:06 -0800 To: NYPHP Talk Subject: Re: [nycphp-talk] slow php On Fri, Feb 13, 2009 at 3:31 PM, Nicholas Hart wrote: > I have a php 'cron job' script which is inserting some records. It uses > arrays to store 12 field records along with several nested loops in which it > tests various currency values from a separate 4 field table and sorts them > to get the lowest one for insert into a new 4 field table record. It has > about 640,000 Product records per 4 Customers or apporx. 2.4 million records > to insert. It takes several hours+ to complete and I am hoping there is a > way to speed it up. > > So far, I've tried updating instead of inserting records and changing a few > functions but nothing seems to make much difference. Am I being > unreasonable for the size of the files here? I'm considering using a > Derived Table in mySQL and will also consider another language such as > python. Please let me know if you have any suggestions. Thanks. > > Nicholas Hart > > > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > Do your inserts in chunks. If you have the RAM, do one big insert. Otherwise you have to hit the disk for each record which can be slow especially if you have table locks going on elsewhere. -jesse _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Fri Feb 13 15:46:10 2009 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 13 Feb 2009 15:46:10 -0500 Subject: [nycphp-talk] slow php In-Reply-To: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> Message-ID: <01ed01c98e1c$1a14a980$4e3dfc80$@com> > I have a php 'cron job' script which is inserting some records. It > uses arrays to store 12 field records along with several nested loops > in which it tests various currency values from a separate 4 field table > and sorts them to get the lowest one for insert into a new 4 field > table record. It has about 640,000 Product records per 4 Customers or > apporx. 2.4 million records to insert. It takes several hours+ to > complete and I am hoping there is a way to speed it up. > > So far, I've tried updating instead of inserting records and changing a > few functions but nothing seems to make much difference. Am I being > unreasonable for the size of the files here? I'm considering using a > Derived Table in mySQL and will also consider another language such as > python. Please let me know if you have any suggestions. Thanks. Why would this be considered a result of PHP being slow? You're doing many millions of database queries (both INSERT and SELECT from what you describe), which is the real culprit. Some things to consider: -- minimize lookup queries by caching, or loading your lookup tables into PHP arrays, thus avoiding database queries -- make sure that any lookup queries you do perform are against a well indexed table - similarly, consider key buffer sizes, buffer pool sizes, and all that good stuff -- attempt to batch inserts (see http://dev.mysql.com/insert for various techniques) -- look at dev.mysql.com and google for mysql bulk insert and mysql bulk insert configuration - there are a lot of tunables pertaining to these types of operations, including temp. turning off indexes, etc. The only PHP specific item I'd consider at this point is to explicitly free memory and resources to keep the memory footprint as small as possible. PHP's garbage collection cannot always be, well, perfect, for long running processes. H From rolan at omnistep.com Fri Feb 13 16:16:50 2009 From: rolan at omnistep.com (Rolan Yang) Date: Fri, 13 Feb 2009 16:16:50 -0500 Subject: [nycphp-talk] slow php In-Reply-To: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> Message-ID: <4995E342.2040208@omnistep.com> Nicholas Hart wrote: > I have a php 'cron job' script which is inserting some records. It > uses arrays to store 12 field records along with several nested loops > in which it tests various currency values from a separate 4 field > table and sorts them to get the lowest one for insert into a new 4 > field table record. It has about 640,000 Product records per 4 > Customers or apporx. 2.4 million records to insert. It takes several > hours+ to complete and I am hoping there is a way to speed it up. > If you can get away with it, you might try dumping the data to a csv file and using a "load data infile" within mysql to import the whole batch of data at once. Another thing that might be slowing down your inserts are mysql indexes. If you can disable your indexes, import the data, then re-index afterwards, that should speed up the import. ~Rolan From chsnyder at gmail.com Fri Feb 13 16:28:37 2009 From: chsnyder at gmail.com (csnyder) Date: Fri, 13 Feb 2009 16:28:37 -0500 Subject: [nycphp-talk] slow php (slow database) In-Reply-To: <4995DA96.5050405@secdat.com> References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> <4995DA96.5050405@secdat.com> Message-ID: On Fri, Feb 13, 2009 at 3:39 PM, Kenneth Downs wrote: > This ain't PHP,and Python won't help. Inserting 2.4 million rows into a > database will take hours if you go line by line. You are paying a big > overhead of a round trip to the server for each row. > > The best way to speed it up is to use what they call "bulk copy" on MS SQL > Server and "copy" on PostgreSQL. I'd have to assume mySQL has something by > the same name. > > Also, it may be that mySQL supports multiple inserts per line, in which case > you can do 10 inserts per round trip. This will speed it up w/o requiring > you to do to a different command for the bulk copy. > To the best of my knowledge, you can't send more than one statement at a time through the php interface, unless there's something in the mysqli extension that allows it. Perhaps you could generate the SQL insert statements and append them to a file as you go. When all the loops are done, pipe the file into MySQL using the command line interface: mysql -u username -ppassword databasename < file.sql If some inserts depend on previous inserts (for related row ids or something) it might take a little more logic to work that all out, but it should still be possible. From lists at zaunere.com Fri Feb 13 16:36:32 2009 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 13 Feb 2009 16:36:32 -0500 Subject: [nycphp-talk] slow php (slow database) In-Reply-To: References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> <4995DA96.5050405@secdat.com> Message-ID: <020d01c98e23$232ea9b0$698bfd10$@com> > > Also, it may be that mySQL supports multiple inserts per line, in which case > > you can do 10 inserts per round trip. This will speed it up w/o requiring > > you to do to a different command for the bulk copy. > > To the best of my knowledge, you can't send more than one statement at > a time through the php interface, unless there's something in the > mysqli extension that allows it. There is http://us2.php.net/manual/en/mysqli.multi-query.php ...but this is really about this... http://dev.mysql.com/doc/refman/5.0/en/insert.html "INSERT statements that use VALUES syntax can insert multiple rows..." H From paul at devonianfarm.com Fri Feb 13 16:43:44 2009 From: paul at devonianfarm.com (Paul A Houle) Date: Fri, 13 Feb 2009 16:43:44 -0500 Subject: [nycphp-talk] slow php (slow database) In-Reply-To: References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> <4995DA96.5050405@secdat.com> Message-ID: <4995E990.6010504@devonianfarm.com> The fastest way to get data into mysql is like this: http://dev.mysql.com/doc/refman/5.1/en/load-data.html I needed to load 2.5M RDF triples into mysql to look up some identifiers. My RDF store balked at the turtle file, so I hacked away the header and treated it like a space-separated file. LOAD DATA INFILE was scary fast... It loaded the data in 3 seconds! Once you've loaded raw data into mysql you can do all kinds of tricks like INSERT INTO ... SELECT to process the information into the desired form. If you can do this processing w/ clever mysql coding, you can probably do it in 1/10 the LOC and more than 10 times the speed that it would take you in a procedural language. The main thing is that you'll need to be comfortable with joins, subselects and writing extreme queries. From danielc at analysisandsolutions.com Fri Feb 13 17:11:33 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Fri, 13 Feb 2009 17:11:33 -0500 Subject: [nycphp-talk] slow php In-Reply-To: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> Message-ID: <20090213221133.GA22107@panix.com> Hi Nicholas: Here are two additional options to consider, both revolving around the concept of getting the database to do the work. First, many people write scripts to read, modify and then write the data back to the database because they are unfamilliar with the INSERT SELECT and UPDATE SELECT syntaxes. These syntaxes are very powerful. Second, if you have very complex, interdependent operations to do that can't be done via queries, turn it into a stored procedure inside MySQL. Oh, and a third possiblity is to combine the two. Write some functions that you can then use in the queries. All that aside, you could be having issues with transaction buffers getting huge or slow query logging bogging things down. Are you using transactions at all? --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From shiflett at php.net Fri Feb 13 17:37:48 2009 From: shiflett at php.net (Chris Shiflett) Date: Fri, 13 Feb 2009 17:37:48 -0500 Subject: [nycphp-talk] Party Like It's 1234567890 Message-ID: <41BDD58C-89D0-43C5-9E4A-83AC88A21379@php.net> It's a little late, but if anyone is interested in dropping by our office to christen our new kegerator and celebrate Unix time 1234567890, let me know. Address and map here: http://omniti.com/is/here The New York office, of course. :-) Chris From ps at blu-studio.com Sat Feb 14 20:45:08 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Sat, 14 Feb 2009 20:45:08 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs Message-ID: <000001c98f0f$0991c7c0$1cb55740$@com> Good Day All: I'm looking for the names of some great PHP/MySQL blogging application(s) that allow multiple blogs and allow the developer to have plenty of CSS interface customization. I'd really appreciate hearing the ones you suggest. Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From edwardpotter at gmail.com Sat Feb 14 20:55:52 2009 From: edwardpotter at gmail.com (Edward Potter) Date: Sat, 14 Feb 2009 20:55:52 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: <000001c98f0f$0991c7c0$1cb55740$@com> References: <000001c98f0f$0991c7c0$1cb55740$@com> Message-ID: <97B58372-52E7-432E-B09F-24876B0F10C0@gmail.com> I think wordpress pretty much owns the blogging space at the moment. On Feb 14, 2009, at 8:45 PM, "Peter Sawczynec" wrote: > Good Day All: > > I'm looking for the names of some great PHP/MySQL blogging > application(s) that allow multiple blogs and allow the developer to > have > plenty of CSS interface customization. > > I'd really appreciate hearing the ones you suggest. > > Warmest regards, > > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From dirn at dirnonline.com Sat Feb 14 21:02:16 2009 From: dirn at dirnonline.com (Andy Dirnberger) Date: Sat, 14 Feb 2009 21:02:16 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: <000001c98f0f$0991c7c0$1cb55740$@com> References: <000001c98f0f$0991c7c0$1cb55740$@com> Message-ID: <000001c98f11$6df4de30$49de9a90$@com> The two with which I have experience are WordPress MU (http://mu.wordpress.org/) and ExpressionEngine (http://expressionengine.com/). WordPress MU is, well, WordPress. If you haven't worked with WordPress before, customization is a pretty simple. ExpressionEngine, on the other hand, I threw out as quickly as I possibly could. -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Peter Sawczynec Sent: Saturday, February 14, 2009 8:45 PM To: 'Org, Talk at Nyphp.' Subject: [nycphp-talk] PHP Blogs, Multiple Blogs Good Day All: I'm looking for the names of some great PHP/MySQL blogging application(s) that allow multiple blogs and allow the developer to have plenty of CSS interface customization. I'd really appreciate hearing the ones you suggest. Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From greg at freephile.com Sat Feb 14 21:07:09 2009 From: greg at freephile.com (Greg Rundlett (freephile)) Date: Sat, 14 Feb 2009 21:07:09 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: <000001c98f0f$0991c7c0$1cb55740$@com> References: <000001c98f0f$0991c7c0$1cb55740$@com> Message-ID: <5e2aaca40902141807w5839f63dm5caf8a27d65b1aa2@mail.gmail.com> 2009/2/14 Peter Sawczynec : > Good Day All: > > I'm looking for the names of some great PHP/MySQL blogging > application(s) that allow multiple blogs and allow the developer to have > plenty of CSS interface customization. > > I'd really appreciate hearing the ones you suggest. I've used Serendipity http://www.s9y.org and Drupal http://drupal.org I'd say that Serendipity is pretty good, but that I've moved to Drupal because of the flexibility to do so much more with it besides blogging. Both can run multiple blogs. I'm not sure about (multiple) customizations on S9y, but I know drupal can have the UI customized in a very extensible way ~ Greg-- Greg Rundlett Web Developer - Initiative in Innovative Computing http://iic.harvard.edu camb 617-384-5872 nbpt 978-225-8302 m. 978-764-4424 -skype/aim/irc/twitter freephile http://profiles.aim.com/freephile From ajai at bitblit.net Sat Feb 14 21:55:40 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Sat, 14 Feb 2009 21:55:40 -0500 (EST) Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: <000001c98f0f$0991c7c0$1cb55740$@com> Message-ID: On Sat, 14 Feb 2009, Peter Sawczynec wrote: I'm looking for the names of some great PHP/MySQL blogging application(s) that allow multiple blogs and allow the developer to have plenty of CSS interface customization. For multiple blogs look at b2evolution. For something super simple, look at textpattern. Wordpress is not the only game in town. -- Aj. From brianw1975 at gmail.com Sat Feb 14 22:01:17 2009 From: brianw1975 at gmail.com (Brian Williams) Date: Sat, 14 Feb 2009 22:01:17 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: References: <000001c98f0f$0991c7c0$1cb55740$@com> Message-ID: > Wordpress is not the only game in town. > > > -- > Aj. > and it's an utter pain in the you-know-what if you try to install it on a windows server.... -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Sat Feb 14 22:05:30 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Sat, 14 Feb 2009 22:05:30 -0500 (EST) Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: Message-ID: On Sat, 14 Feb 2009, Brian Williams wrote: > and it's an utter pain in the you-know-what if you try to install it on a > windows server.... Frankly, most things are a pain to install on Windoze... :-) -- Aj. From ramons at gmx.net Sun Feb 15 08:27:33 2009 From: ramons at gmx.net (David Krings) Date: Sun, 15 Feb 2009 08:27:33 -0500 Subject: [nycphp-talk] Recycling of ini files Message-ID: <49981845.8090301@gmx.net> Hello! Yesterday I applied patches and upgrades to my servers (Apache, MySQL, PHP) and while that worked out nicely except that I yet again have to recreate all the MySQL user accounts (in my case it is only a few, so I will survive) I wondered about the following: Can I recycle the ini/conf files for Apache and PHP going from version to version? I use Apache 2.x and PHP 5.x and the updates I put in were just dot releases, but since I spent endless hours tweaking especially the php.ini I wonder if it is OK to just keep using it. Any opinions? David From zippy1981 at gmail.com Sun Feb 15 11:20:16 2009 From: zippy1981 at gmail.com (Justin Dearing) Date: Sun, 15 Feb 2009 11:20:16 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <49981845.8090301@gmx.net> References: <49981845.8090301@gmx.net> Message-ID: <5458db3c0902150820s12fa4c6bm10e880ff11166838@mail.gmail.com> Well try to reuse the php.ini files and check the log too see what breaks,etc. Also, if your ini files are similar to the stock ones in terms of layout use diff. Better yet find a gui merge tool. I use winmerge on windows. I'm sure java or x11 ones exist. On 2/15/09, David Krings wrote: > Hello! > > Yesterday I applied patches and upgrades to my servers (Apache, MySQL, PHP) > and while that worked out nicely except that I yet again have to recreate > all > the MySQL user accounts (in my case it is only a few, so I will survive) I > wondered about the following: > Can I recycle the ini/conf files for Apache and PHP going from version to > version? I use Apache 2.x and PHP 5.x and the updates I put in were just dot > releases, but since I spent endless hours tweaking especially the php.ini I > wonder if it is OK to just keep using it. Any opinions? > > David > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -- Sent from my mobile device From tim_lists at o2group.com Sun Feb 15 19:59:20 2009 From: tim_lists at o2group.com (Tim Lieberman) Date: Sun, 15 Feb 2009 19:59:20 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <5458db3c0902150820s12fa4c6bm10e880ff11166838@mail.gmail.com> References: <49981845.8090301@gmx.net> <5458db3c0902150820s12fa4c6bm10e880ff11166838@mail.gmail.com> Message-ID: <12E6FCCD-1AF3-4F10-8B01-86DD0F94DF09@o2group.com> On Feb 15, 2009, at 11:20 AM, Justin Dearing wrote: > Well try to reuse the php.ini files and check the log too see what > breaks,etc. Also, if your ini files are similar to the stock ones in > terms of layout use diff. Better yet find a gui merge tool. I use > winmerge on windows. I'm sure java or x11 ones exist. In my experience, it's pretty safe at least for minor releases. For PHP, you're probably pretty safe until PHP6. Of course, you should thoroughly test and watch any system after an upgrade. Another config/ini file hint: stick them all in subversion (or your VCS of choice). It's nice to be able to look back and see how configurations change over time. From arzala at gmail.com Sun Feb 15 22:40:25 2009 From: arzala at gmail.com (Anirudh Zala) Date: Mon, 16 Feb 2009 09:10:25 +0530 Subject: [nycphp-talk] slow php In-Reply-To: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> Message-ID: <200902160910.25693.arzala@gmail.com> On Saturday 14 Feb 2009 2:01:58 am Nicholas Hart wrote: > I have a php 'cron job' script which is inserting some records. It uses > arrays to store 12 field records along with several nested loops in which > it tests various currency values from a separate 4 field table and sorts > them to get the lowest one for insert into a new 4 field table record. It > has about 640,000 Product records per 4 Customers or apporx. 2.4 million > records to insert. It takes several hours+ to complete and I am hoping > there is a way to speed it up. > > So far, I've tried updating instead of inserting records and changing a few > functions but nothing seems to make much difference. Am I being > unreasonable for the size of the files here? I'm considering using a > Derived Table in mySQL and will also consider another language such as > python. Please let me know if you have any suggestions. Thanks. > > Nicholas Hart Besides all of these good suggestions, always use "timers" to measure time spent behind execution of certain portion of your script to identify what part is taking so long. Thanks Anirudh Zala From JoeyD473 at nyc.rr.com Mon Feb 16 00:51:39 2009 From: JoeyD473 at nyc.rr.com (Joey Derrico) Date: Mon, 16 Feb 2009 00:51:39 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: References: <000001c98f0f$0991c7c0$1cb55740$@com> Message-ID: <4998FEEB.1020900@nyc.rr.com> I have never had an issue with installing WP on a windows server. I still prefer it on a linux server, but never had a problem on a WIndows server Joey Derrico Brian Williams wrote: > > Wordpress is not the only game in town. > > > -- > Aj. > > > > and it's an utter pain in the you-know-what if you try to install it > on a windows server.... > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Mon Feb 16 07:02:51 2009 From: ramons at gmx.net (David Krings) Date: Mon, 16 Feb 2009 07:02:51 -0500 Subject: [nycphp-talk] slow php In-Reply-To: <200902160910.25693.arzala@gmail.com> References: <3719ecad0902131231y538628d0l56754c7c27dbd62c@mail.gmail.com> <200902160910.25693.arzala@gmail.com> Message-ID: <499955EB.3090507@gmx.net> Anirudh Zala wrote: > Besides all of these good suggestions, always use "timers" to measure time > spent behind execution of certain portion of your script to identify what > part is taking so long. Or usa an IDE that includes a profiler, because those are designed for that purpose (at least during development). David From danielc at analysisandsolutions.com Mon Feb 16 09:14:47 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 16 Feb 2009 09:14:47 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <49981845.8090301@gmx.net> References: <49981845.8090301@gmx.net> Message-ID: <20090216141447.GA15425@panix.com> Hi David: > Yesterday I applied patches and upgrades to my servers (Apache, MySQL, > PHP) and while that worked out nicely except that I yet again have to > recreate all the MySQL user accounts Uh, "have" is the wrong word there. :) You don't need to drop a database before upgrading. You leave your old tables in place and MySQL provides upgrade scripts that implement changes between server versions. > Can I recycle the ini/conf files for Apache and PHP going from version to > version? Of course. To simplify tracking and maintenance, in major systems I've worked on, the configuration files only contained a few lines. Those lines adjusted the settings that we didn't like the default values built in to PHP, MySQL or Apache. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ps at blu-studio.com Mon Feb 16 09:26:26 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Mon, 16 Feb 2009 09:26:26 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <20090216141447.GA15425@panix.com> References: <49981845.8090301@gmx.net> <20090216141447.GA15425@panix.com> Message-ID: <002e01c99042$8dd2bf10$a9783d30$@com> Additionally, I've seen and made conf and ini files with all the line spacing and comments stripped out and that also makes for a nice short and pithy file. (You can keep a copy of a default ini laying around in case you need a reference.) > To simplify tracking and maintenance, in major systems I've worked on, > the configuration files only contained a few lines. Those lines adjusted > the settings that we didn't like the default values built in to PHP, > MySQL or Apache. But, I just want to clarify here, Dan. So you are saying you can delete every entry in the Apache conf and MySQL, PHP ini and the products will work correctly on their own using all default settings that are actually pre-programmed into the product and get applied with or without the config files. And you are saying you need only keep your changed settings in the conf and ini files? Do I get that correctly? Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Daniel Convissor Sent: Monday, February 16, 2009 9:15 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Recycling of ini files Hi David: > Yesterday I applied patches and upgrades to my servers (Apache, MySQL, > PHP) and while that worked out nicely except that I yet again have to > recreate all the MySQL user accounts Uh, "have" is the wrong word there. :) You don't need to drop a database before upgrading. You leave your old tables in place and MySQL provides upgrade scripts that implement changes between server versions. > Can I recycle the ini/conf files for Apache and PHP going from version to > version? Of course. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From danielc at analysisandsolutions.com Mon Feb 16 09:55:20 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 16 Feb 2009 09:55:20 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <002e01c99042$8dd2bf10$a9783d30$@com> References: <49981845.8090301@gmx.net> <20090216141447.GA15425@panix.com> <002e01c99042$8dd2bf10$a9783d30$@com> Message-ID: <20090216145520.GA16877@panix.com> Hi Peter: On Mon, Feb 16, 2009 at 09:26:26AM -0500, Peter Sawczynec wrote: > > So you are saying you can delete > every entry in the Apache conf and MySQL, PHP ini and the products will > work correctly on their own using all default settings that are actually > pre-programmed into the product and get applied with or without the > config files. > > And you are saying you need only keep your changed settings in the conf > and ini files? Yep. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ramons at gmx.net Mon Feb 16 09:56:27 2009 From: ramons at gmx.net (David Krings) Date: Mon, 16 Feb 2009 09:56:27 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <20090216141447.GA15425@panix.com> References: <49981845.8090301@gmx.net> <20090216141447.GA15425@panix.com> Message-ID: <49997E9B.3030807@gmx.net> Daniel Convissor wrote: > Hi David: > >> Yesterday I applied patches and upgrades to my servers (Apache, MySQL, >> PHP) and while that worked out nicely except that I yet again have to >> recreate all the MySQL user accounts > > Uh, "have" is the wrong word there. :) You don't need to drop a database > before upgrading. You leave your old tables in place and MySQL provides > upgrade scripts that implement changes between server versions. > > So you are saying I could drop in the old system tables as well and run the update application? I read several tutorials and they all stated explicitly that one should not do that, but only apply that update mechanism to the own tables. Maybe I should read better tutorials? David From danielc at analysisandsolutions.com Mon Feb 16 10:04:17 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 16 Feb 2009 10:04:17 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <49997E9B.3030807@gmx.net> References: <49981845.8090301@gmx.net> <20090216141447.GA15425@panix.com> <49997E9B.3030807@gmx.net> Message-ID: <20090216150417.GC16877@panix.com> Hi David: On Mon, Feb 16, 2009 at 09:56:27AM -0500, David Krings wrote: > Daniel Convissor wrote: >> >> Uh, "have" is the wrong word there. :) You don't need to drop a >> database before upgrading. You leave your old tables in place and >> MySQL provides upgrade scripts that implement changes between server >> versions. > > So you are saying I could drop in the old system tables as well and run > the update application? Huh? > I read several tutorials and they all stated > explicitly that one should not do that, but only apply that update > mechanism to the own tables. Huh? --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From ramons at gmx.net Mon Feb 16 10:53:58 2009 From: ramons at gmx.net (David Krings) Date: Mon, 16 Feb 2009 10:53:58 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <20090216150417.GC16877@panix.com> References: <49981845.8090301@gmx.net> <20090216141447.GA15425@panix.com> <49997E9B.3030807@gmx.net> <20090216150417.GC16877@panix.com> Message-ID: <49998C16.9080808@gmx.net> Daniel Convissor wrote: > Hi David: > > On Mon, Feb 16, 2009 at 09:56:27AM -0500, David Krings wrote: >> Daniel Convissor wrote: >>> Uh, "have" is the wrong word there. :) You don't need to drop a >>> database before upgrading. You leave your old tables in place and >>> MySQL provides upgrade scripts that implement changes between server >>> versions. >> So you are saying I could drop in the old system tables as well and run >> the update application? > > Huh? Uhm, MySQL stores thing like user accounts and privileges in schemas (what some also call databases or just tables or data sets). When you do a brand new install of MySQL those system tables contain for example the user account "root" with no password and privileges for everything. A better approach is to obviously first set a root password, and create new user accounts with restricted priveleges for use for example by PHP apps. From what I read these system tables changed from the old to the new version. Also, changes are necessary for any other tables (the ones created by users). What I did is a brand new install (I did backup the old, working installation first), dropped my custom tables in and ran mysql-update, which updated my tables without problems. So my question is can I do the same procedure for the system tables as well? Will mysql-update make it so that the system tables from my old install will work with the new version? I ask because.... > > >> I read several tutorials and they all stated >> explicitly that one should not do that, but only apply that update >> mechanism to the own tables. > > Huh? ... some tutorials I read about upgrading explicitly state to not keep the system tables, but only drop-in the custom tables and run mysql-update. My conclusion from that was that mysql-update will not update system tables or it is not recommended to do so. I did find that to be weird even when I installed the new version, because many others most likely deal with more than just half a dozen user accounts as it is the case for my install. Since it is not much work, but some annoyance to recreate the user accounts and set the privileges I didn't bother with digging for more info as I am done doing it the manual route by the time I might find something. Your comments make me believe that this whole "don't upgrade system tables" stuff is plain bologna and that there is no difference between custom tables and system tables and that they all can be updated using the mysql-update tool. I hope that this is now less huh. ;) David From danielc at analysisandsolutions.com Mon Feb 16 12:10:44 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 16 Feb 2009 12:10:44 -0500 Subject: [nycphp-talk] Recycling of ini files In-Reply-To: <49998C16.9080808@gmx.net> References: <49981845.8090301@gmx.net> <20090216141447.GA15425@panix.com> <49997E9B.3030807@gmx.net> <20090216150417.GC16877@panix.com> <49998C16.9080808@gmx.net> Message-ID: <20090216171043.GA12679@panix.com> Hi David: On Mon, Feb 16, 2009 at 10:53:58AM -0500, David Krings wrote: > Daniel Convissor wrote: >> Hi David: >> >> On Mon, Feb 16, 2009 at 09:56:27AM -0500, David Krings wrote: >>> Daniel Convissor wrote: >>>> Uh, "have" is the wrong word there. :) You don't need to drop a >>>> database before upgrading. You leave your old tables in place and >>>> MySQL provides upgrade scripts that implement changes between >>>> server versions. >>> >>> So you are saying I could drop in the old system tables as well and >>> run the update application? >> >> Huh? > > Uhm, MySQL stores thing like user accounts and privileges in schemas... Looking back at the exchange again I think I misunderstood your reply and you may have misunderstood what I was going for. When I said "leave your old tables in place" I meant you should leave them there. You don't need to move them. When you install/upgrade MySQL, I assume it doesn't overwrite your existing tables. My assumption may be influenced by the fact that I put the data directory in a particular location that is not where MySQL puts it by default. When you said "drop in the old system tables" I missed the "in" so read it as "drop the old system tables." Sorry. > From what I read these system tables changed from the old to the new > version. Yes, there have been many changes over the years. In the directory you install MySQL to there's a sub-directory called "scripts." In there is a script called "mysql_fix_privilege_tables." That script runs various ALTER/CREATE TABLE statements that bring you up to date. > Also, changes are necessary for any other tables (the ones > created by users). The data tables (almost) never need changing. The only case that's needed changing was when ISAM format was dropped in favor of MyISAM. For that, there's the "mysql_convert_table_format" script. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From anthony at thrillist.com Mon Feb 16 12:27:30 2009 From: anthony at thrillist.com (Anthony Wlodarski) Date: Mon, 16 Feb 2009 09:27:30 -0800 Subject: [nycphp-talk] When does an application become to large for just a single page. Message-ID: When building a web application that is usually a single page load, what are the criteria that you may use to decide that this feature should be a separate application or this feature be part of another tool? I always found it interesting how many features are expected to be packed into a form on a web page. -Anthony -- Anthony Wlodarski www.thrillist.com Web Applications Developer 568 Broadway Ste. 605 New York, NY, 10012 (o) 646.786.1944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From zippy1981 at gmail.com Mon Feb 16 12:35:18 2009 From: zippy1981 at gmail.com (Justin Dearing) Date: Mon, 16 Feb 2009 12:35:18 -0500 Subject: [nycphp-talk] When does an application become to large for just a single page. In-Reply-To: References: Message-ID: <5458db3c0902160935q675a9f05u59707792b1ec90e4@mail.gmail.com> On Mon, Feb 16, 2009 at 12:27 PM, Anthony Wlodarski wrote: > When building a web application that is usually a single page load, what > are the criteria that you may use to decide that this feature should be a > separate application or this feature be part of another tool? > Uh depends. Generally speaking each php script deals with one function. It might "add, edit or view" the same data via something like smarty templates. A page may of course have small utility forms like login and search, but I dont thik you refer to these. Some functions like profile display and editing might show a lot of information. You might want to break that down unto multiple screens. How big is too big in that case? When it seems like too much to type. Hope that helps, Justin -------------- next part -------------- An HTML attachment was scrubbed... URL: From compustretch at gmail.com Mon Feb 16 17:35:20 2009 From: compustretch at gmail.com (Compustretch) Date: Mon, 16 Feb 2009 17:35:20 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: References: <000001c98f0f$0991c7c0$1cb55740$@com> Message-ID: I would be remiss if I did not mention Drupal for multiple blogs. It rocks "out of the box" and is set up for multiple blogs/installs I should also mention Joomla! for single blogs, it's far more advanced than b2evolution (actually it has a b2evolution plugin) and it skins faster than a cat. (Faster than Drupal, some would say) and hosts a bevy of extensions. And in truth you can set it up for multiple blogs as easily as Drupal, although they use completely different approaches. -Forest Mars -- "In theory, theory and practice are exactly the same. In practice, they're completely different." ------------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. (Diffie-Helman/DSS-only version) iQA/AwUBRkjTLDbz7LySoccvEQJDcQCguZZj4M4kOVOlOX4CtbgR0rppsdovAjra 3RRXIlkdzuYI0YJz4WyvKlTn =MLhk -----END PGP SIGNATURE----- On Sat, Feb 14, 2009 at 9:55 PM, Ajai Khattri wrote: > On Sat, 14 Feb 2009, Peter Sawczynec wrote: > > I'm looking for the names of some great PHP/MySQL blogging > application(s) that allow multiple blogs and allow the developer to have > plenty of CSS interface customization. > > For multiple blogs look at b2evolution. > > For something super simple, look at textpattern. > > Wordpress is not the only game in town. > > > -- > Aj. > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nhart at partsauthority.com Mon Feb 16 17:41:10 2009 From: nhart at partsauthority.com (Nicholas Hart) Date: Mon, 16 Feb 2009 17:41:10 -0500 Subject: [nycphp-talk] talk Digest, Vol 28, Issue 23 In-Reply-To: References: Message-ID: <3719ecad0902161441q6aac0895n83df47578c620d3f@mail.gmail.com> Many thanks for the considerable response! I have changed the code to reduce a large number of SELECTs by saving a query to an array. My problem now is that although this array is appox. 3,000 records, I need a way to pass this to a function. Note: the array contains all discount data while the function pulls out several sub-queries per user and product codes. Since there are 5 sub queries, it is probably easier to pass the main one. Any idea how to pass this array, a pointer to it or make this a global array? Making a global array appears to be depricated or discouraged. I have tried passing this array which is called $discount but it doesn't appear to be working when I do. I also run out of memory which at 128MB is kind of odd. Any help is much appreciated.. Best, Nick On Sat, Feb 14, 2009 at 12:00 PM, wrote: > Send talk mailing list submissions to > talk at lists.nyphp.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.nyphp.org/mailman/listinfo/talk > or, via email, send a message with subject or body 'help' to > talk-request at lists.nyphp.org > > You can reach the person managing the list at > talk-owner at lists.nyphp.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of talk digest..." > > > Today's Topics: > > 1. Re: slow php (Hans Zaunere) > 2. Re: slow php (Rolan Yang) > 3. Re: slow php (slow database) (csnyder) > 4. Re: slow php (slow database) (Hans Zaunere) > 5. Re: slow php (slow database) (Paul A Houle) > 6. Re: slow php (Daniel Convissor) > 7. Party Like It's 1234567890 (Chris Shiflett) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 13 Feb 2009 15:46:10 -0500 > From: "Hans Zaunere" > Subject: Re: [nycphp-talk] slow php > To: "'NYPHP Talk'" > Message-ID: <01ed01c98e1c$1a14a980$4e3dfc80$@com> > Content-Type: text/plain; charset="us-ascii" > > > I have a php 'cron job' script which is inserting some records. It > > uses arrays to store 12 field records along with several nested loops > > in which it tests various currency values from a separate 4 field table > > and sorts them to get the lowest one for insert into a new 4 field > > table record. It has about 640,000 Product records per 4 Customers or > > apporx. 2.4 million records to insert. It takes several hours+ to > > complete and I am hoping there is a way to speed it up. > > > > So far, I've tried updating instead of inserting records and changing a > > few functions but nothing seems to make much difference. Am I being > > unreasonable for the size of the files here? I'm considering using a > > Derived Table in mySQL and will also consider another language such as > > python. Please let me know if you have any suggestions. Thanks. > > Why would this be considered a result of PHP being slow? You're doing many > millions of database queries (both INSERT and SELECT from what you > describe), which is the real culprit. > > Some things to consider: > > -- minimize lookup queries by caching, or loading your lookup tables into > PHP arrays, thus avoiding database queries > > -- make sure that any lookup queries you do perform are against a well > indexed table - similarly, consider key buffer sizes, buffer pool sizes, > and > all that good stuff > > -- attempt to batch inserts (see http://dev.mysql.com/insert for various > techniques) > > -- look at dev.mysql.com and google for mysql bulk insert and mysql bulk > insert configuration - there are a lot of tunables pertaining to these > types > of operations, including temp. turning off indexes, etc. > > The only PHP specific item I'd consider at this point is to explicitly free > memory and resources to keep the memory footprint as small as possible. > PHP's garbage collection cannot always be, well, perfect, for long running > processes. > > H > > > > > ------------------------------ > > Message: 2 > Date: Fri, 13 Feb 2009 16:16:50 -0500 > From: Rolan Yang > Subject: Re: [nycphp-talk] slow php > To: NYPHP Talk > Message-ID: <4995E342.2040208 at omnistep.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Nicholas Hart wrote: > > I have a php 'cron job' script which is inserting some records. It > > uses arrays to store 12 field records along with several nested loops > > in which it tests various currency values from a separate 4 field > > table and sorts them to get the lowest one for insert into a new 4 > > field table record. It has about 640,000 Product records per 4 > > Customers or apporx. 2.4 million records to insert. It takes several > > hours+ to complete and I am hoping there is a way to speed it up. > > > > If you can get away with it, you might try dumping the data to a csv > file and using a "load data infile" within mysql to import the whole > batch of data at once. Another thing that might be slowing down your > inserts are mysql indexes. If you can disable your indexes, import the > data, then re-index afterwards, that should speed up the import. > > ~Rolan > > > ------------------------------ > > Message: 3 > Date: Fri, 13 Feb 2009 16:28:37 -0500 > From: csnyder > Subject: Re: [nycphp-talk] slow php (slow database) > To: NYPHP Talk > Message-ID: > > Content-Type: text/plain; charset=UTF-8 > > On Fri, Feb 13, 2009 at 3:39 PM, Kenneth Downs wrote: > > This ain't PHP,and Python won't help. Inserting 2.4 million rows into a > > database will take hours if you go line by line. You are paying a big > > overhead of a round trip to the server for each row. > > > > The best way to speed it up is to use what they call "bulk copy" on MS > SQL > > Server and "copy" on PostgreSQL. I'd have to assume mySQL has something > by > > the same name. > > > > Also, it may be that mySQL supports multiple inserts per line, in which > case > > you can do 10 inserts per round trip. This will speed it up w/o > requiring > > you to do to a different command for the bulk copy. > > > > To the best of my knowledge, you can't send more than one statement at > a time through the php interface, unless there's something in the > mysqli extension that allows it. > > Perhaps you could generate the SQL insert statements and append them > to a file as you go. When all the loops are done, pipe the file into > MySQL using the command line interface: > > mysql -u username -ppassword databasename < file.sql > > If some inserts depend on previous inserts (for related row ids or > something) it might take a little more logic to work that all out, but > it should still be possible. > > > ------------------------------ > > Message: 4 > Date: Fri, 13 Feb 2009 16:36:32 -0500 > From: "Hans Zaunere" > Subject: Re: [nycphp-talk] slow php (slow database) > To: "'NYPHP Talk'" > Message-ID: <020d01c98e23$232ea9b0$698bfd10$@com> > Content-Type: text/plain; charset="us-ascii" > > > > Also, it may be that mySQL supports multiple inserts per line, in which > case > > > you can do 10 inserts per round trip. This will speed it up w/o > requiring > > > you to do to a different command for the bulk copy. > > > > To the best of my knowledge, you can't send more than one statement at > > a time through the php interface, unless there's something in the > > mysqli extension that allows it. > > There is http://us2.php.net/manual/en/mysqli.multi-query.php > > > ...but this is really about this... > > http://dev.mysql.com/doc/refman/5.0/en/insert.html > > "INSERT statements that use VALUES syntax can insert multiple rows..." > > H > > > > > ------------------------------ > > Message: 5 > Date: Fri, 13 Feb 2009 16:43:44 -0500 > From: Paul A Houle > Subject: Re: [nycphp-talk] slow php (slow database) > To: NYPHP Talk > Message-ID: <4995E990.6010504 at devonianfarm.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > The fastest way to get data into mysql is like this: > > http://dev.mysql.com/doc/refman/5.1/en/load-data.html > > I needed to load 2.5M RDF triples into mysql to look up some > identifiers. My RDF store balked at the turtle file, so I hacked away > the header and treated it like a space-separated file. LOAD DATA INFILE > was scary fast... It loaded the data in 3 seconds! > > Once you've loaded raw data into mysql you can do all kinds of tricks like > > INSERT INTO ... SELECT > > to process the information into the desired form. If you can do this > processing w/ clever mysql coding, you can probably do it in 1/10 the > LOC and more than 10 times the speed that it would take you in a > procedural language. The main thing is that you'll need to be > comfortable with joins, subselects and writing extreme queries. > > > ------------------------------ > > Message: 6 > Date: Fri, 13 Feb 2009 17:11:33 -0500 > From: Daniel Convissor > Subject: Re: [nycphp-talk] slow php > To: NYPHP Talk > Message-ID: <20090213221133.GA22107 at panix.com> > Content-Type: text/plain; charset=us-ascii > > Hi Nicholas: > > Here are two additional options to consider, both revolving around the > concept of getting the database to do the work. > > First, many people write scripts to read, modify and then write the data > back to the database because they are unfamilliar with the INSERT SELECT > and UPDATE SELECT syntaxes. These syntaxes are very powerful. > > Second, if you have very complex, interdependent operations to do that > can't be done via queries, turn it into a stored procedure inside MySQL. > > Oh, and a third possiblity is to combine the two. Write some functions > that you can then use in the queries. > > All that aside, you could be having issues with transaction buffers > getting huge or slow query logging bogging things down. Are you using > transactions at all? > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > > ------------------------------ > > Message: 7 > Date: Fri, 13 Feb 2009 17:37:48 -0500 > From: Chris Shiflett > Subject: [nycphp-talk] Party Like It's 1234567890 > To: NYPHP Talk > Message-ID: <41BDD58C-89D0-43C5-9E4A-83AC88A21379 at php.net> > Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes > > It's a little late, but if anyone is interested in dropping by our > office to christen our new kegerator and celebrate Unix time > 1234567890, let me know. Address and map here: > > http://omniti.com/is/here > > The New York office, of course. :-) > > Chris > > > ------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > End of talk Digest, Vol 28, Issue 23 > ************************************ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tim_lists at o2group.com Mon Feb 16 18:05:31 2009 From: tim_lists at o2group.com (Tim Lieberman) Date: Mon, 16 Feb 2009 18:05:31 -0500 Subject: [nycphp-talk] slow php In-Reply-To: <3719ecad0902161441q6aac0895n83df47578c620d3f@mail.gmail.com> References: <3719ecad0902161441q6aac0895n83df47578c620d3f@mail.gmail.com> Message-ID: <8802EE3C-6231-4002-93B6-517A082F0F3F@o2group.com> On Feb 16, 2009, at 5:41 PM, Nicholas Hart wrote: > Many thanks for the considerable response! I have changed the code > to reduce a large number of SELECTs by saving a query to an array. > My problem now is that although this array is appox. 3,000 records, > I need a way to pass this to a function. Note: the array contains > all discount data while the function pulls out several sub-queries > per user and product codes. Since there are 5 sub queries, it is > probably easier to pass the main one. > Any idea how to pass this array, a pointer to it or make this a > global array? I'm not 100% sure (but someone will correct me if I'm wrong), PHP should be pretty smart about this. If you're just calling a function with a big array as a param, PHP will pass in a reference (a pointer). Now, if you actually change data in the array inside your function, PHP will then (probably?) clone it. Too busy today to find out for sure. You can always force the reference by defining your function like: function myFunc(&$my_array) {...} That should ensure that the array is passed by reference. Think carefully about how that array is structured, and how much you loop on it. It may be that you can speed things up a lot by preprocessing the discount data in such a way that you can avoid scanning through it all every time. > Making a global array appears to be depricated or discouraged. I > have tried passing this array which is called $discount but it > doesn't appear to be working when I do. I also run out of memory > which at 128MB is kind of odd. Leaning on globals is usually somewhat frowned upon, but if this is a little self-contained process, there's nothing wrong with storing it globally and then referencing the global inside your function. As for memory limit issues -- you're probably not cleaning up after yourself. Try to unset or otherwise destroy stuff at the end of each loop iteration. > > > Any help is much appreciated.. > > Best, > Nick > > > > > > On Sat, Feb 14, 2009 at 12:00 PM, > wrote: > Send talk mailing list submissions to > talk at lists.nyphp.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.nyphp.org/mailman/listinfo/talk > or, via email, send a message with subject or body 'help' to > talk-request at lists.nyphp.org > > You can reach the person managing the list at > talk-owner at lists.nyphp.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of talk digest..." > > > Today's Topics: > > 1. Re: slow php (Hans Zaunere) > 2. Re: slow php (Rolan Yang) > 3. Re: slow php (slow database) (csnyder) > 4. Re: slow php (slow database) (Hans Zaunere) > 5. Re: slow php (slow database) (Paul A Houle) > 6. Re: slow php (Daniel Convissor) > 7. Party Like It's 1234567890 (Chris Shiflett) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 13 Feb 2009 15:46:10 -0500 > From: "Hans Zaunere" > Subject: Re: [nycphp-talk] slow php > To: "'NYPHP Talk'" > Message-ID: <01ed01c98e1c$1a14a980$4e3dfc80$@com> > Content-Type: text/plain; charset="us-ascii" > > > I have a php 'cron job' script which is inserting some records. It > > uses arrays to store 12 field records along with several nested > loops > > in which it tests various currency values from a separate 4 field > table > > and sorts them to get the lowest one for insert into a new 4 field > > table record. It has about 640,000 Product records per 4 > Customers or > > apporx. 2.4 million records to insert. It takes several hours+ to > > complete and I am hoping there is a way to speed it up. > > > > So far, I've tried updating instead of inserting records and > changing a > > few functions but nothing seems to make much difference. Am I being > > unreasonable for the size of the files here? I'm considering > using a > > Derived Table in mySQL and will also consider another language > such as > > python. Please let me know if you have any suggestions. Thanks. > > Why would this be considered a result of PHP being slow? You're > doing many > millions of database queries (both INSERT and SELECT from what you > describe), which is the real culprit. > > Some things to consider: > > -- minimize lookup queries by caching, or loading your lookup tables > into > PHP arrays, thus avoiding database queries > > -- make sure that any lookup queries you do perform are against a well > indexed table - similarly, consider key buffer sizes, buffer pool > sizes, and > all that good stuff > > -- attempt to batch inserts (see http://dev.mysql.com/insert for > various > techniques) > > -- look at dev.mysql.com and google for mysql bulk insert and mysql > bulk > insert configuration - there are a lot of tunables pertaining to > these types > of operations, including temp. turning off indexes, etc. > > The only PHP specific item I'd consider at this point is to > explicitly free > memory and resources to keep the memory footprint as small as > possible. > PHP's garbage collection cannot always be, well, perfect, for long > running > processes. > > H > > > > > ------------------------------ > > Message: 2 > Date: Fri, 13 Feb 2009 16:16:50 -0500 > From: Rolan Yang > Subject: Re: [nycphp-talk] slow php > To: NYPHP Talk > Message-ID: <4995E342.2040208 at omnistep.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Nicholas Hart wrote: > > I have a php 'cron job' script which is inserting some records. It > > uses arrays to store 12 field records along with several nested > loops > > in which it tests various currency values from a separate 4 field > > table and sorts them to get the lowest one for insert into a new 4 > > field table record. It has about 640,000 Product records per 4 > > Customers or apporx. 2.4 million records to insert. It takes > several > > hours+ to complete and I am hoping there is a way to speed it up. > > > > If you can get away with it, you might try dumping the data to a csv > file and using a "load data infile" within mysql to import the whole > batch of data at once. Another thing that might be slowing down your > inserts are mysql indexes. If you can disable your indexes, import the > data, then re-index afterwards, that should speed up the import. > > ~Rolan > > > ------------------------------ > > Message: 3 > Date: Fri, 13 Feb 2009 16:28:37 -0500 > From: csnyder > Subject: Re: [nycphp-talk] slow php (slow database) > To: NYPHP Talk > Message-ID: > > Content-Type: text/plain; charset=UTF-8 > > On Fri, Feb 13, 2009 at 3:39 PM, Kenneth Downs wrote: > > This ain't PHP,and Python won't help. Inserting 2.4 million rows > into a > > database will take hours if you go line by line. You are paying a > big > > overhead of a round trip to the server for each row. > > > > The best way to speed it up is to use what they call "bulk copy" > on MS SQL > > Server and "copy" on PostgreSQL. I'd have to assume mySQL has > something by > > the same name. > > > > Also, it may be that mySQL supports multiple inserts per line, in > which case > > you can do 10 inserts per round trip. This will speed it up w/o > requiring > > you to do to a different command for the bulk copy. > > > > To the best of my knowledge, you can't send more than one statement at > a time through the php interface, unless there's something in the > mysqli extension that allows it. > > Perhaps you could generate the SQL insert statements and append them > to a file as you go. When all the loops are done, pipe the file into > MySQL using the command line interface: > > mysql -u username -ppassword databasename < file.sql > > If some inserts depend on previous inserts (for related row ids or > something) it might take a little more logic to work that all out, but > it should still be possible. > > > ------------------------------ > > Message: 4 > Date: Fri, 13 Feb 2009 16:36:32 -0500 > From: "Hans Zaunere" > Subject: Re: [nycphp-talk] slow php (slow database) > To: "'NYPHP Talk'" > Message-ID: <020d01c98e23$232ea9b0$698bfd10$@com> > Content-Type: text/plain; charset="us-ascii" > > > > Also, it may be that mySQL supports multiple inserts per line, > in which > case > > > you can do 10 inserts per round trip. This will speed it up w/o > requiring > > > you to do to a different command for the bulk copy. > > > > To the best of my knowledge, you can't send more than one > statement at > > a time through the php interface, unless there's something in the > > mysqli extension that allows it. > > There is http://us2.php.net/manual/en/mysqli.multi-query.php > > > ...but this is really about this... > > http://dev.mysql.com/doc/refman/5.0/en/insert.html > > "INSERT statements that use VALUES syntax can insert multiple rows..." > > H > > > > > ------------------------------ > > Message: 5 > Date: Fri, 13 Feb 2009 16:43:44 -0500 > From: Paul A Houle > Subject: Re: [nycphp-talk] slow php (slow database) > To: NYPHP Talk > Message-ID: <4995E990.6010504 at devonianfarm.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > The fastest way to get data into mysql is like this: > > http://dev.mysql.com/doc/refman/5.1/en/load-data.html > > I needed to load 2.5M RDF triples into mysql to look up some > identifiers. My RDF store balked at the turtle file, so I hacked > away > the header and treated it like a space-separated file. LOAD DATA > INFILE > was scary fast... It loaded the data in 3 seconds! > > Once you've loaded raw data into mysql you can do all kinds of > tricks like > > INSERT INTO ... SELECT > > to process the information into the desired form. If you can do this > processing w/ clever mysql coding, you can probably do it in 1/10 the > LOC and more than 10 times the speed that it would take you in a > procedural language. The main thing is that you'll need to be > comfortable with joins, subselects and writing extreme queries. > > > ------------------------------ > > Message: 6 > Date: Fri, 13 Feb 2009 17:11:33 -0500 > From: Daniel Convissor > Subject: Re: [nycphp-talk] slow php > To: NYPHP Talk > Message-ID: <20090213221133.GA22107 at panix.com> > Content-Type: text/plain; charset=us-ascii > > Hi Nicholas: > > Here are two additional options to consider, both revolving around the > concept of getting the database to do the work. > > First, many people write scripts to read, modify and then write the > data > back to the database because they are unfamilliar with the INSERT > SELECT > and UPDATE SELECT syntaxes. These syntaxes are very powerful. > > Second, if you have very complex, interdependent operations to do that > can't be done via queries, turn it into a stored procedure inside > MySQL. > > Oh, and a third possiblity is to combine the two. Write some > functions > that you can then use in the queries. > > All that aside, you could be having issues with transaction buffers > getting huge or slow query logging bogging things down. Are you using > transactions at all? > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > > ------------------------------ > > Message: 7 > Date: Fri, 13 Feb 2009 17:37:48 -0500 > From: Chris Shiflett > Subject: [nycphp-talk] Party Like It's 1234567890 > To: NYPHP Talk > Message-ID: <41BDD58C-89D0-43C5-9E4A-83AC88A21379 at php.net> > Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes > > It's a little late, but if anyone is interested in dropping by our > office to christen our new kegerator and celebrate Unix time > 1234567890, let me know. Address and map here: > > http://omniti.com/is/here > > The New York office, of course. :-) > > Chris > > > ------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > End of talk Digest, Vol 28, Issue 23 > ************************************ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From ramons at gmx.net Mon Feb 16 19:44:32 2009 From: ramons at gmx.net (David Krings) Date: Mon, 16 Feb 2009 19:44:32 -0500 Subject: [nycphp-talk] slow php In-Reply-To: <3719ecad0902161441q6aac0895n83df47578c620d3f@mail.gmail.com> References: <3719ecad0902161441q6aac0895n83df47578c620d3f@mail.gmail.com> Message-ID: <499A0870.3020701@gmx.net> Nicholas Hart wrote: > Many thanks for the considerable response! I have changed the code to > reduce a large number of SELECTs by saving a query to an array. My > problem now is that although this array is appox. 3,000 records, I need > a way to pass this to a function. Note: the array contains all discount > data while the function pulls out several sub-queries per user and > product codes. Since there are 5 sub queries, it is probably easier to > pass the main one. > > Any idea how to pass this array, a pointer to it or make this a global > array? Making a global array appears to be depricated or discouraged. > I have tried passing this array which is called $discount but it doesn't > appear to be working when I do. I also run out of memory which at 128MB > is kind of odd. > > Any help is much appreciated.. One note, please add at least the subject of the thread in when replying to a section of a digest email and puleaze trim messages. 90% of your email had nothing to do with what you were asking. I won't even get into the top posting issue.... Now, by default PHP passes function arguments by value. That means it makes a copy of what you specified as argument and works with that copy. That means if you pass an array and change an element from within the function the array is changed only within the scope of the function. In order to have the original be changed as well you can either return the changed array and then assign it to the original. The more convenient way is to pass the array by reference, because then the function will not make a copy and apply changes to the original. You find it nicely explained with examples in the PHP manual, especially this portion: http://www.php.net/manual/en/functions.arguments.php I must say that the PHO manual is one of the best manuals ever written and the web version is even better with all the comments added...although with those it happens that some are plain wrong and others are just so old that they no longer apply. Way back when PHP made everything global, which was easier to some extent, but really made for sloppy and often incompatible programming. Also, the "&" is easily overlooked, so I recommend to mention in the function desciption commentary that this array is passed in by reference and what will happen to the array passed when using this function. Crafting very wordy responses is also frowned upon, I take the blame for that one. David From smanes at magpie.com Mon Feb 16 21:54:40 2009 From: smanes at magpie.com (Steve Manes) Date: Mon, 16 Feb 2009 21:54:40 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: <000001c98f0f$0991c7c0$1cb55740$@com> References: <000001c98f0f$0991c7c0$1cb55740$@com> Message-ID: <499A26F0.8020303@magpie.com> Peter Sawczynec wrote: > I'm looking for the names of some great PHP/MySQL blogging > application(s) that allow multiple blogs and allow the developer to have > plenty of CSS interface customization. > > I'd really appreciate hearing the ones you suggest. My preference is Drupal. Not only can you run multiple blogs on a site, you can run multiple sites within the same software (albeit with different databases). These are three sites running on one Drupal6 instance: www.brooklynrowhouse.com www.homeownerslike.us www.100senatorstreet.com From lists at zaunere.com Mon Feb 16 22:37:30 2009 From: lists at zaunere.com (Hans Zaunere) Date: Mon, 16 Feb 2009 22:37:30 -0500 Subject: [nycphp-talk] slow php In-Reply-To: <499A0870.3020701@gmx.net> References: <3719ecad0902161441q6aac0895n83df47578c620d3f@mail.gmail.com> <499A0870.3020701@gmx.net> Message-ID: <006801c990b1$102c9c60$3085d520$@com> > One note, please add at least the subject of the thread in when replying to a > section of a digest email and puleaze trim messages. 90% of your email had > nothing to do with what you were asking. I won't even get into the top posting > issue.... Thanks David, this is something I've been meaning to mention. For those on digest, or just in general, please trim your posts correctly and if needed, set the subject line correctly. Where possible, please avoid HTML email as well. > Now, by default PHP passes function arguments by value. That means it makes a > copy of what you specified as argument and works with that copy. That means if > you pass an array and change an element from within the function the array is > changed only within the scope of the function. In order to have the original > be changed as well you can either return the changed array and then assign it > to the original. The more convenient way is to pass the array by reference, > because then the function will not make a copy and apply changes to the > original. Just to reiterate some things already mentioned... If you don't pass by reference (not using the & in the function prototype) the original value will not be changed. However, if the function doesn't change the passed-in variable in any way, PHP shouldn't copy the data it contains, and thus you won't be using extra memory. If you do change the variable within the function, PHP institutes copy-on-write, and thus it'll copy the contents of the variable before making the modification, and you'll use extra memory. The original value will be unchanged. If you use the ampersand (&) in the function prototype, then you're passing a reference that refers to the original value. This means that if the function modifies the value, the original value that's passed into the function is also modified. This doesn't involve a copy of the original value. It should be noted that passing by reference (using the ampersand) is slightly more expensive than passing variables directly - assuming you don't change the variable in a different scope. Thus, if you know it won't be change within the function, you shouldn't use the ampersand in the function's definition. This does not apply to objects, which are always passed by reference. That is, an object passed into a function, and then modified within the function, will always modify the original object (you need to clone it otherwise). Please note that this all applies to PHP 5 only. PHP 4 is anyone's guess (and hopefully a long forgotten guess :) And frankly, this is all last-understood stuff - any updates to current behavior, or better yet PHP 6 expected behavior, would be welcomed. Perhaps it's time for another presentation on this topic? H From mitch.pirtle at gmail.com Tue Feb 17 08:20:20 2009 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Tue, 17 Feb 2009 08:20:20 -0500 Subject: [nycphp-talk] PHP Blogs, Multiple Blogs In-Reply-To: <499A26F0.8020303@magpie.com> References: <000001c98f0f$0991c7c0$1cb55740$@com> <499A26F0.8020303@magpie.com> Message-ID: <330532b60902170520g443b683dm9e12bfa00ad6ba87@mail.gmail.com> Don't forget the new kid on the block, Habari: http://habariproject.org/ Dead simple to use, supports multisites as well. -- Mitch On Mon, Feb 16, 2009 at 9:54 PM, Steve Manes wrote: > Peter Sawczynec wrote: >> >> I'm looking for the names of some great PHP/MySQL blogging >> application(s) that allow multiple blogs and allow the developer to have >> plenty of CSS interface customization. >> I'd really appreciate hearing the ones you suggest. > > My preference is Drupal. Not only can you run multiple blogs on a site, you > can run multiple sites within the same software (albeit with different > databases). These are three sites running on one Drupal6 instance: > > www.brooklynrowhouse.com > www.homeownerslike.us > www.100senatorstreet.com > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From lorband at optonline.net Tue Feb 17 10:05:51 2009 From: lorband at optonline.net (lorband at optonline.net) Date: Tue, 17 Feb 2009 15:05:51 +0000 (GMT) Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? Message-ID: I am using AJAX to submit a PHP request. If a PHP Fatal error occurs when running the php program, the http response code is 200 and it appears the program ran successfully. Is there a way for php to return a 500 http response code when a fatal error occurs so myjava_script that is processing the response can alert the user that an error has occurred? Try/catch won't capture fatal errors for me to set the header. Thank you, Lori -------------- next part -------------- An HTML attachment was scrubbed... URL: From dan.horning at planetnoc.com Tue Feb 17 10:09:25 2009 From: dan.horning at planetnoc.com (Daniel Horning) Date: Tue, 17 Feb 2009 10:09:25 -0500 Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? In-Reply-To: References: Message-ID: <001201c99111$b91718e0$2b454aa0$@horning@planetnoc.com> Wouldn't you just need to do this at the apache level? Something as simple as an "ErrorDocument 200 /path/to/other.notify.script" in htaccess or in apache conf should allow you to reach this goal -- Dan Horning American Digital Services - Where you are only limited by imagination. dan.horning at planetnoc.com :: http://www.americandigitalservices.com 1-518-444-0213 x502 . toll free 1-800-863-3854 . fax 1-888-474-6133 15 Third Street, PO Box 746, Troy, NY 12180 (by appointment only) From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of lorband at optonline.net Sent: Tuesday, February 17, 2009 10:06 AM To: talk at lists.nyphp.org Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? I am using AJAX to submit a PHP request. If a PHP Fatal error occurs when running the php program, the http response code is 200 and it appears the program ran successfully. Is there a way for php to return a 500 http response code when a fatal error occurs so myjava_script that is processing the response can alert the user that an error has occurred? Try/catch won't capture fatal errors for me to set the header. Thank you, Lori -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian at realm3.com Tue Feb 17 10:30:52 2009 From: brian at realm3.com (Brian Dailey) Date: Tue, 17 Feb 2009 10:30:52 -0500 Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? In-Reply-To: <001201c99111$b91718e0$2b454aa0$@horning@planetnoc.com> References: <001201c99111$b91718e0$2b454aa0$@horning@planetnoc.com> Message-ID: <499AD82C.6070100@realm3.com> Also check out set_error_handler. There are even some notes on the page on handling fatal errors. http://us2.php.net/manual/en/function.set-error-handler.php#88401 The apache method is probably better, if you have the ability to change conf files. -b. Daniel Horning wrote: > Wouldn?t you just need to do this at the apache level? > > > > Something as simple as an ?ErrorDocument 200 > /path/to/other.notify.script? in htaccess or in apache conf should allow > you to reach this goal > > > > -- > > *Dan Horning* > > > > *American Digital Services* - /Where you are only limited by imagination/. > > _dan.horning at planetnoc.com_ :: _http://www.americandigitalservices.com_ > > 1-518-444-0213 x502 . /toll free/ 1-800-863-3854 . /fax/ 1-888-474-6133 > > /15 Third Street, PO Box 746, Troy, NY 12180 (by appointment only)/ > > > > *From:* talk-bounces at lists.nyphp.org > [mailto:talk-bounces at lists.nyphp.org] *On Behalf Of *lorband at optonline.net > *Sent:* Tuesday, February 17, 2009 10:06 AM > *To:* talk at lists.nyphp.org > *Subject:* [nycphp-talk] Can I set the response code if a PHP Fatal error > occurs? > > > > I am using AJAX to submit a PHP request. If a PHP Fatal error occurs > when running the php program, the http response code is 200 and it > appears the program ran successfully. Is there a way for php to return a > 500 http response code when a fatal error occurs so myjava_script that > is processing the response can alert the user that an error has > occurred? Try/catch won't capture fatal errors for me to set the header. > > Thank you, > > Lori > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php -- realm3 web applications [realm3.com] Information architecture, application development. phone: (917) 512-3594 fax: (440) 744-3559 From jellicle at gmail.com Tue Feb 17 10:52:20 2009 From: jellicle at gmail.com (Michael Sims) Date: Tue, 17 Feb 2009 10:52:20 -0500 Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? In-Reply-To: References: Message-ID: <200902171052.21092.jellicle@gmail.com> On Tuesday 17 February 2009, lorband at optonline.net wrote: > I am using AJAX to submit a PHP request. If a PHP Fatal error occurs > when running the php program, the http response code is 200 and it > appears the program ran successfully. Is there a way for php to return a > 500 http response code when a fatal error occurs so myjava_script that is > processing the response can alert the user that an error has occurred? > Try/catch won't capture fatal errors for me to set the header. Thank you, > Lori Your Javascript code should look like this: a) did I get the right data back from the server? If so, report success. b) Otherwise, report failure to the user. It doesn't matter what went wrong on the server side, if you're just reporting to the user. MAke your PHP script return something (the word "good" for example), have your javascript look for that word, if it didn't get that word, report to the user "Something seems to be wrong". Behind the scenes it might matter to you what went wrong with the PHP script, but it doesn't matter to the user at all. You shouldn't be testing the http status code as a way to figure out if things were successful - test some data output by the PHP script, where that data is only sent if everything went correctly. Michael Sims -------------- next part -------------- An HTML attachment was scrubbed... URL: From lorband at optonline.net Tue Feb 17 11:51:04 2009 From: lorband at optonline.net (lorband at optonline.net) Date: Tue, 17 Feb 2009 16:51:04 +0000 (GMT) Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? In-Reply-To: <200902171052.21092.jellicle@gmail.com> References: <200902171052.21092.jellicle@gmail.com> Message-ID: Your reply is perfectly logical but I am trying not to redesign alot of code. The PHP code is currently designed to return a string or nothing depending on the action taken. If a fatal error occurs, nothing is returned which unfortunately is also a valid response. P.S. set_error_handler will not handle fatal errors (E_ERROR). "The following error types cannot be handled with a user defined function: E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, E_COMPILE_WARNING, and most of E_STRICT raised in the file where set_error_handler() is called." Thank everyone for the help, Lori ----- Original Message ----- From: Michael Sims Date: Tuesday, February 17, 2009 10:54 am Subject: Re: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? To: NYPHP Talk > On Tuesday 17 February 2009, lorband at optonline.net wrote: > > I am using AJAX to submit a PHP request. If a PHP Fatal error > occurs> when running the php program, the http response code is > 200 and it > > appears the program ran successfully. Is there a way for php > to return a > > 500 http response code when a fatal error occurs so > myjava_script that is > > processing the response can alert the user that an error has > occurred?> Try/catch won't capture fatal errors for me to set > the header. Thank you, > > Lori > > Your Javascript code should look like this: > > a) did I get the right data back from the server? If so, report > success.b) Otherwise, report failure to the user. > > It doesn't matter what went wrong on the server side, if you're > just > reporting to the user. MAke your PHP script return something > (the word > "good" for example), have your javascript look for that word, if > it didn't > get that word, report to the user "Something seems to be wrong". > > Behind the scenes it might matter to you what went wrong with > the PHP > script, but it doesn't matter to the user at all. You shouldn't > be testing > the http status code as a way to figure out if things were > successful - test > some data output by the PHP script, where that data is only sent > if > everything went correctly. > > Michael Sims > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ramons at gmx.net Tue Feb 17 11:55:57 2009 From: ramons at gmx.net (David Krings) Date: Tue, 17 Feb 2009 11:55:57 -0500 Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? In-Reply-To: <200902171052.21092.jellicle@gmail.com> References: <200902171052.21092.jellicle@gmail.com> Message-ID: <499AEC1D.3080900@gmx.net> Michael Sims wrote: > Your Javascript code should look like this: > > a) did I get the right data back from the server? If so, report success. > > b) Otherwise, report failure to the user. > > It doesn't matter what went wrong on the server side, if you're just > reporting to the user. MAke your PHP script return something (the word > "good" for example), have your javascript look for that word, if it > didn't get that word, report to the user "Something seems to be wrong". > > Behind the scenes it might matter to you what went wrong with the PHP > script, but it doesn't matter to the user at all. You shouldn't be > testing the http status code as a way to figure out if things were > successful - test some data output by the PHP script, where that data is > only sent if everything went correctly. Working now in QA and having had years of experience with support you do want to report exactly what went wrong and what the user can do about it (if possible). Implementing useless error messages is just bad advice and makes for bad software. Make your PHP script determine what went wrong and show a useful error message. At a minimum an error message must include: - type of error - reason for error - what was received (if applicable) - what was expected (if applicable) - measures to prevent or workaround error or instructions to obtain additional help (such as "Read the applicable error description in the help here: " or "Contact support at blahblah at blah.blah"). Ideally, provide a solution right then and there. Optionally report this: - the name of the module / script in which the error occured - additional information such as server and PHP version or custom error codes Error messages must fulfill three tasks: - appear when otherwise the application would not continue to work correctly or data loss can occur (for example, showing an error message is better than just blue screen) - provide information about what went wrong, why it went wrong, and what one can do about it - provide information that really helps the developer to fix the bug (if there is one) Messages like "Something seems to be wrong" are as useful as any other random array of words. The user already noticed that something went wrong as the outcome is not the one expected. I know that proper error handling and reporting is a thankless, tedious task that adds zero functionality to an application. It is boring work and every developer hates it. It is also never complete. But it for sure helps everyone who makes or uses the application. Not implementing proper error handling and reporting is not an option. David From ajai at bitblit.net Tue Feb 17 12:31:52 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Tue, 17 Feb 2009 12:31:52 -0500 (EST) Subject: [nycphp-talk] Times Open Message-ID: Any NYPHP list members going to Times Open this Friday? Im going and it might be good to meet the faces behind the names :-) -- Aj. From shiflett at php.net Tue Feb 17 12:41:17 2009 From: shiflett at php.net (Chris Shiflett) Date: Tue, 17 Feb 2009 12:41:17 -0500 Subject: [nycphp-talk] Times Open In-Reply-To: References: Message-ID: <81C6319F-3E13-4B7D-BBBA-AEEC8FB564CE@php.net> If we never received an email, should we assume we did not register in time? Seems like they could be bothered to email everyone one way or the other, since it's so unclear... Chris On Feb 17, 2009, at 12:31, Ajai Khattri wrote: > Any NYPHP list members going to Times Open this Friday? Im going and > it > might be good to meet the faces behind the names :-) -- Chris Shiflett http://shiflett.org/ From chsnyder at gmail.com Tue Feb 17 12:44:29 2009 From: chsnyder at gmail.com (csnyder) Date: Tue, 17 Feb 2009 12:44:29 -0500 Subject: [nycphp-talk] Times Open In-Reply-To: References: Message-ID: On Tue, Feb 17, 2009 at 12:31 PM, Ajai Khattri wrote: > > Any NYPHP list members going to Times Open this Friday? Im going and it > might be good to meet the faces behind the names :-) > I planning to go, at least for long enough to see what it's all about. Chris Snyder http://chxor.chxo.com/ From jellicle at gmail.com Tue Feb 17 12:46:44 2009 From: jellicle at gmail.com (Michael Sims) Date: Tue, 17 Feb 2009 12:46:44 -0500 Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? In-Reply-To: <499AEC1D.3080900@gmx.net> References: <200902171052.21092.jellicle@gmail.com> <499AEC1D.3080900@gmx.net> Message-ID: <200902171246.44838.jellicle@gmail.com> On Tuesday 17 February 2009, David Krings wrote: > Working now in QA and having had years of experience with support you do > want to report exactly what went wrong and what the user can do about it > (if possible). Implementing useless error messages is just bad advice > and makes for bad software. Make your PHP script determine what went > wrong and show a useful error message. At a minimum an error message must > include: - type of error > - reason for error > - what was received (if applicable) > - what was expected (if applicable) > - measures to prevent or workaround error or instructions to obtain > additional help (such as "Read the applicable error description in the > help here: " or "Contact support at > blahblah at blah.blah"). Ideally, provide a solution right then and there. > > Optionally report this: > - the name of the module / script in which the error occured > - additional information such as server and PHP version or custom error > codes You should read my prior message again, as you haven't understood it. The user can't work around a PHP fatal error in an Ajax call. Knowing the module that broke is nothing but confusing for the user. No major website implements the procedures you describe. Here's Gmail's errors: http://mail.google.com/support/bin/static.py?page=error_msg.cs Note that all of the serious errors - something actually broken - are things like "Oops" and "Temporary Error 502" and "We're experiencing technical difficulties that may prevent your chats from being sent". There's absolutely nothing in there about a crash in module someRandomGmailModule on line 972. If the error is truly due to something under the user's control ("cookies not enabled"), there's a good case for telling the user that. But there's nothing the user can do with a PHP script that throws a fatal error. The words "Something seems to be wrong" are my shorthand for a short error message to the user indicating a problem. In general, it is totally useless and massively counterproductive and often presents security problems to give the user internal details of the error. Probably the number 1 source of XSS vulnerabilities is echoing user-submitted data back in error pages. Certainly the PHP script which blew a gasket ought to log something to the system log files, trying its best to tell the maintainers what went wrong and how. But exposing those messages to the users is terrible practice. Nor is it even possible, since the Javascript call *by definition* won't get much useful from a PHP page where a fatal error occurred - whatever useful information there is must be logged by the PHP script itself. Michael Sims -------------- next part -------------- An HTML attachment was scrubbed... URL: From brian at realm3.com Tue Feb 17 12:50:32 2009 From: brian at realm3.com (Brian Dailey) Date: Tue, 17 Feb 2009 12:50:32 -0500 Subject: [nycphp-talk] Times Open In-Reply-To: <81C6319F-3E13-4B7D-BBBA-AEEC8FB564CE@php.net> References: <81C6319F-3E13-4B7D-BBBA-AEEC8FB564CE@php.net> Message-ID: <499AF8E8.8040209@realm3.com> I got the email that says it was booked up on January 30. "Unfortunately, because of space limitations, we cannot extend a registration confirmation at this time. You have automatically been moved to the wait list and if a seat becomes available, we'll let you know." - Brian Chris Shiflett wrote: > If we never received an email, should we assume we did not register in > time? Seems like they could be bothered to email everyone one way or the > other, since it's so unclear... > > Chris > > On Feb 17, 2009, at 12:31, Ajai Khattri wrote: > >> Any NYPHP list members going to Times Open this Friday? Im going and it >> might be good to meet the faces behind the names :-) > > -- > Chris Shiflett > http://shiflett.org/ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php -- realm3 web applications [realm3.com] Information architecture, application development. phone: (917) 512-3594 fax: (440) 744-3559 From jellicle at gmail.com Tue Feb 17 12:54:53 2009 From: jellicle at gmail.com (Michael Sims) Date: Tue, 17 Feb 2009 12:54:53 -0500 Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? In-Reply-To: References: <200902171052.21092.jellicle@gmail.com> Message-ID: <200902171254.54062.jellicle@gmail.com> On Tuesday 17 February 2009, lorband at optonline.net wrote: > Your reply is perfectly logical but I am trying not to redesign alot of > code. The PHP code is currently designed to return a string or nothing > depending on the action taken. If a fatal error occurs, nothing is > returned which unfortunately is also a valid response. Exactly. You've identified the problem precisely: your Javascript currently can't distinguish between success and failure. I described how to do that: on success, send something specific (I used the word "good"), and have the Javascript look for it. You don't have to echo it to the screen or anything, just look for it and be happy if it comes. In ANY case when you don't get that specific response, some error has occurred and the Javascript should therefore be unhappy and tell the user that something is not right. There's no other way to do it. You can't have nothing be a valid response because as you've seen, it's possible to get nothing as an error response too. Michael Sims -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Tue Feb 17 12:58:59 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Tue, 17 Feb 2009 12:58:59 -0500 (EST) Subject: [nycphp-talk] Times Open In-Reply-To: <81C6319F-3E13-4B7D-BBBA-AEEC8FB564CE@php.net> Message-ID: On Tue, 17 Feb 2009, Chris Shiflett wrote: > If we never received an email, should we assume we did not register in > time? Seems like they could be bothered to email everyone one way or > the other, since it's so unclear... I registered back in Jan and got a confirmation for that. Then another saying I had a seat reserved. Then another asking me to rsvp. Did you get those? The RSVP has to go to code at nytimes.com -- Aj. From ajai at bitblit.net Tue Feb 17 13:07:26 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Tue, 17 Feb 2009 13:07:26 -0500 (EST) Subject: [nycphp-talk] Times Open In-Reply-To: <499AF8E8.8040209@realm3.com> Message-ID: On Tue, 17 Feb 2009, Brian Dailey wrote: > I got the email that says it was booked up on January 30. > > "Unfortunately, because of space limitations, we cannot extend a > registration confirmation at this time. You have automatically been > moved to the wait list and if a seat becomes available, we'll let you know." I registered on 1/30 and my email said: 'Thank you for your interest in attending Times Open. We're pleased to inform you that a seat at the conference has been reserved in your name. Because attendance is limited and there is a waiting list, please RSVP to code at nytimes.com before Feb. 6 to confirm your space.' Ironically, I forgot to rsvp but they sent me a reminder last week which I completed. -- From shiflett at php.net Tue Feb 17 13:24:26 2009 From: shiflett at php.net (Chris Shiflett) Date: Tue, 17 Feb 2009 13:24:26 -0500 Subject: [nycphp-talk] Times Open In-Reply-To: References: Message-ID: On Feb 17, 2009, at 13:07, Ajai Khattri wrote: > On Tue, 17 Feb 2009, Brian Dailey wrote: > >> I got the email that says it was booked up on January 30. >> >> "Unfortunately, because of space limitations, we cannot extend a >> registration confirmation at this time. You have automatically been >> moved to the wait list and if a seat becomes available, we'll let >> you know." > > I registered on 1/30 and my email said: > > 'Thank you for your interest in attending Times Open. We're pleased to > inform you that a seat at the conference has been reserved in > your name. > > Because attendance is limited and there is a waiting list, please > RSVP to > code at nytimes.com before Feb. 6 to confirm your space.' > > Ironically, I forgot to rsvp but they sent me a reminder last week > which I > completed. Thanks. I'll send them an email and see what happens. I definitely registered before January 30. -- Chris Shiflett http://shiflett.org/ From paul at devonianfarm.com Tue Feb 17 13:57:48 2009 From: paul at devonianfarm.com (Paul A Houle) Date: Tue, 17 Feb 2009 13:57:48 -0500 Subject: [nycphp-talk] Times Open In-Reply-To: References: Message-ID: <499B08AC.6070603@devonianfarm.com> Ajai Khattri wrote: > Any NYPHP list members going to Times Open this Friday? Im going and it > might be good to meet the faces behind the names :-) > I'll be there. From lists at zaunere.com Tue Feb 17 14:05:13 2009 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 17 Feb 2009 14:05:13 -0500 Subject: [nycphp-talk] Social Networks and the Technology They Love Message-ID: <00ef01c99132$a98444e0$fc8ccea0$@com> Hello, An interesting report was created by pingdom.com about the uptime of the major social networks. http://www.datacenterknowledge.com/archives/2009/02/17/facebook-myspace-lead -in-social-uptime/ The PDF is interesting, although they fail to include the technologies in use. So, with some snooping around and netcraft, I came up with the list below. In some cases, there's an apparent mix right off the bat. There may be other mixes of technology, but I didn't go much deeper than the homepage of each site. Those marked with ??? were hard to pin down exactly what they were using. Any thoughts/feedback would be welcomed. facebook.com PHP/Apache myspace.com ASP/IIS linkedin.com Java/Sun-One ??? twitter.com RoR/Apache friendster.com PHP/Apache livejournal.com ??? orkut.com ASP/Python/GFE bebo.com JSP/Resin hi5.com Apache/Java ??? live.com ASP/IIS last.fm: Java/Apache ??? classmates.com: JSP/Resin reunion.com: JSP/Apache ??? xanga.com: ASP/IIS ??? imeem.com: ASP/IIS ??? - netcraft says lighttpd --- Hans Zaunere / Managing Member / New York PHP www.nyphp.org / www.nyphp.com From danielc at analysisandsolutions.com Tue Feb 17 14:48:29 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 17 Feb 2009 14:48:29 -0500 Subject: [nycphp-talk] Times Open In-Reply-To: References: <81C6319F-3E13-4B7D-BBBA-AEEC8FB564CE@php.net> Message-ID: <20090217194829.GA18063@panix.com> On Tue, Feb 17, 2009 at 12:58:59PM -0500, Ajai Khattri wrote: > > I registered back in Jan and got a confirmation for that. Then another > saying I had a seat reserved. Then another asking me to rsvp. Did you get > those? The RSVP has to go to code at nytimes.com Seems the NY Times and/or their partner Cvent botched the User Experience design here. The process has way too many steps and at least the initial email was confusing. I initially registered, on January 19. They sent an email saying the following: Please note, this is not a ticket to the event. We will let you know by January 30 that you are confirmed for the Times Open session. Thank you. ... snip ... To view your online registration reservation, click the link below. You will be asked to enter the confirmation number shown above. ... snip link ... I read that to mean I was on the list and would receive a confirmation. I didn't look at that link page and enter the registration code. The other day, as others have mentioned, I got the email saying "because of space limitations, we cannot extend a registration confirmation." Looking back on all this, considering what others have said, it seems that they expected us to follow up on that web page in order to receive a confirmation. Lame. Oh well, --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From nyphporg at dynamicink.com Tue Feb 17 14:56:34 2009 From: nyphporg at dynamicink.com (NYPHP) Date: Tue, 17 Feb 2009 14:56:34 -0500 Subject: [nycphp-talk] Call-for-papers: IT MANAGEMENT CONFERENCE (New York City) Message-ID: <3973BDE5DA1D47439EB410F6B02989E4@e6300> The IT Management Conference will bring together the most prestigious IT leaders for 3-jampacked-days where you will improve your IT management knowledge and skills, do lots of power-networking and have great fun while learning to be a better leader. www.ManageIT.me -------------- next part -------------- An HTML attachment was scrubbed... URL: From anthony at thrillist.com Tue Feb 17 16:06:13 2009 From: anthony at thrillist.com (Anthony Wlodarski) Date: Tue, 17 Feb 2009 13:06:13 -0800 Subject: [nycphp-talk] Social Networks and the Technology They Love In-Reply-To: <00ef01c99132$a98444e0$fc8ccea0$@com> Message-ID: One look at the LiveJournal source code and I discovered all the *.php files they link to. This would mean they do at least use PHP. What platforms they use it on is still debatable. -Anthony -- Anthony Wlodarski www.thrillist.com Web Applications Developer 568 Broadway Ste. 605 New York, NY, 10012 (o) 646.786.1944 ________________________________ From: Hans Zaunere Reply-To: NYPHP Talk Date: Tue, 17 Feb 2009 11:05:13 -0800 To: NYPHP Talk Subject: [nycphp-talk] Social Networks and the Technology They Love Hello, An interesting report was created by pingdom.com about the uptime of the major social networks. http://www.datacenterknowledge.com/archives/2009/02/17/facebook-myspace-lead -in-social-uptime/ The PDF is interesting, although they fail to include the technologies in use. So, with some snooping around and netcraft, I came up with the list below. In some cases, there's an apparent mix right off the bat. There may be other mixes of technology, but I didn't go much deeper than the homepage of each site. Those marked with ??? were hard to pin down exactly what they were using. Any thoughts/feedback would be welcomed. facebook.com PHP/Apache myspace.com ASP/IIS linkedin.com Java/Sun-One ??? twitter.com RoR/Apache friendster.com PHP/Apache livejournal.com ??? orkut.com ASP/Python/GFE bebo.com JSP/Resin hi5.com Apache/Java ??? live.com ASP/IIS last.fm: Java/Apache ??? classmates.com: JSP/Resin reunion.com: JSP/Apache ??? xanga.com: ASP/IIS ??? imeem.com: ASP/IIS ??? - netcraft says lighttpd --- Hans Zaunere / Managing Member / New York PHP www.nyphp.org / www.nyphp.com _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Tue Feb 17 16:09:00 2009 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 17 Feb 2009 16:09:00 -0500 Subject: [nycphp-talk] Call-for-papers: IT MANAGEMENT CONFERENCE (New York City) In-Reply-To: <3973BDE5DA1D47439EB410F6B02989E4@e6300> References: <3973BDE5DA1D47439EB410F6B02989E4@e6300> Message-ID: <015301c99143$f4b2e190$de18a4b0$@com> These posts are not appropriate. And your name is not NYPHP. H > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk- > bounces at lists.nyphp.org] On Behalf Of NYPHP > Sent: Tuesday, February 17, 2009 2:57 PM > To: talk at lists.nyphp.org > Subject: [nycphp-talk] Call-for-papers: IT MANAGEMENT CONFERENCE (New > York City) > > The IT Management Conference will bring together the most prestigious > IT leaders for 3-jampacked-days where you will improve your IT > management knowledge and skills, do lots of power-networking and have > great fun while learning to be a better leader. > > www.ManageIT.me From nyphporg at dynamicink.com Tue Feb 17 16:19:50 2009 From: nyphporg at dynamicink.com (ITMC) Date: Tue, 17 Feb 2009 16:19:50 -0500 Subject: [nycphp-talk] Call-for-papers: IT MANAGEMENT CONFERENCE (New York City) References: <3973BDE5DA1D47439EB410F6B02989E4@e6300> <015301c99143$f4b2e190$de18a4b0$@com> Message-ID: <25BAC9139F5B4CA2BAD1896305253214@e6300> Sorry about the name, I use a seperate email account for the NYPHP list and apparently typed the account name into the name field. As for it not being appropriate for NYPHP, why not? There is a PHP-related topic in the call-for-papers and the conference is in NY. ----- Original Message ----- From: "Hans Zaunere" To: "'NYPHP'" Cc: "'NYPHP Talk'" Sent: Tuesday, February 17, 2009 4:09 PM Subject: RE: [nycphp-talk] Call-for-papers: IT MANAGEMENT CONFERENCE (New York City) > These posts are not appropriate. > > And your name is not NYPHP. > > H > > >> -----Original Message----- >> From: talk-bounces at lists.nyphp.org [mailto:talk- >> bounces at lists.nyphp.org] On Behalf Of NYPHP >> Sent: Tuesday, February 17, 2009 2:57 PM >> To: talk at lists.nyphp.org >> Subject: [nycphp-talk] Call-for-papers: IT MANAGEMENT CONFERENCE (New >> York City) >> >> The IT Management Conference will bring together the most prestigious >> IT leaders for 3-jampacked-days where you will improve your IT >> management knowledge and skills, do lots of power-networking and have >> great fun while learning to be a better leader. >> >> www.ManageIT.me > From lists at zaunere.com Tue Feb 17 16:28:54 2009 From: lists at zaunere.com (Hans Zaunere) Date: Tue, 17 Feb 2009 16:28:54 -0500 Subject: [nycphp-talk] Call-for-papers: IT MANAGEMENT CONFERENCE (New York City) In-Reply-To: <25BAC9139F5B4CA2BAD1896305253214@e6300> References: <3973BDE5DA1D47439EB410F6B02989E4@e6300> <015301c99143$f4b2e190$de18a4b0$@com> <25BAC9139F5B4CA2BAD1896305253214@e6300> Message-ID: <016801c99146$bc1b1700$34514500$@com> > As for it not being appropriate for NYPHP, why not? There is a PHP-related > topic in the call-for-papers and the conference is in NY. We need to keep random announcements to an absolute minimum on this list, as traffic is high as it is. This also is not an "IT MANAGEMENT" group and the vast majority of the topics aren't relevant to the group. Furthermore, the message looked a lot like spam. In the future, please check with us first before doing these types of posts. Thanks, H From artur at marnik.net Tue Feb 17 17:21:54 2009 From: artur at marnik.net (Artur Marnik) Date: Tue, 17 Feb 2009 17:21:54 -0500 Subject: [nycphp-talk] PHP and Flex In-Reply-To: <200902171052.21092.jellicle@gmail.com> References: <200902171052.21092.jellicle@gmail.com> Message-ID: <499B3882.4040104@marnik.net> Hi all Recently I've started creating some project using PHP on the back-end and Flex on the front-end and so far I was using XML files for data transfer Recently I started testing with zend framework and zend_amf do you think that for project that is using just flex on the user side I should use zend framework and their MVC structure? or it is just to much of a hassle with little benefit? From what I read I can use just zend_amf without the framework - does anyone has any experience with it? Thanks, Artur From ben at projectskyline.com Tue Feb 17 17:40:07 2009 From: ben at projectskyline.com (Ben Sgro) Date: Tue, 17 Feb 2009 17:40:07 -0500 Subject: [nycphp-talk] PHP and Flex In-Reply-To: <499B3882.4040104@marnik.net> References: <200902171052.21092.jellicle@gmail.com> <499B3882.4040104@marnik.net> Message-ID: <499B3CC7.8080202@projectskyline.com> Hi, At my company we use Zend (no AMF though) with flex front ends. We talk to Flex via XML. It works great. What Zend lacked was a truly RESTful router, so we extended Zend and created one. Zend is nice because it doesn't force you to solve problems in a particular way - it gives you the tools. But if your not utilizing Zend (db, caching, etc) maybe you don't need it. - Ben Artur Marnik wrote: > Hi all > > Recently I've started creating some project using PHP on the back-end > and Flex on the front-end and so far I was using XML files for data > transfer > > Recently I started testing with zend framework and zend_amf > do you think that for project that is using just flex on the user side > I should use zend framework and their MVC structure? or it is just to > much of a hassle with little benefit? > > From what I read I can use just zend_amf without the framework - does > anyone has any experience with it? > > Thanks, > Artur > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From Ricky at nylontechnology.com Tue Feb 17 17:49:10 2009 From: Ricky at nylontechnology.com (Ricky Robinett) Date: Tue, 17 Feb 2009 17:49:10 -0500 Subject: [nycphp-talk] PHP and Flex In-Reply-To: <499B3882.4040104@marnik.net> References: <200902171052.21092.jellicle@gmail.com> <499B3882.4040104@marnik.net> Message-ID: <86F397D96FD09B4792600C76E082F5B6A542C9@RODIMUS.nylontechnology.local> Hey Artur, I have some experience creating Flex/AIR applications that communicate with PHP using Zend_Amf. My preference is to use the zend amf without the MVC structure. Especially if the front end is entirely Flex. If you have any questions about the setup feel free to drop me a line. Wade Arnold's blog is a really great resource: http://wadearnold.com/blog/ As well, there are a couple articles in the newest issue of php|architect about Flex/AIR and PHP (disclaimer: I wrote one of them). Thanks! Ricky ..................................... Ricky Robinett Developer Zend Certified Engineer, PHP5 Adobe Certified Expert, ColdFusion 8 Nylon Technology 350 7th Avenue, 10th Floor New York, NY 10001 ? 212.691.1134 x25?direct 212.691.3477 fax ricky at nylontechnology.com www.nylontechnology.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Artur Marnik Sent: Tuesday, February 17, 2009 5:22 PM To: NYPHP Talk Subject: [nycphp-talk] PHP and Flex Hi all Recently I've started creating some project using PHP on the back-end and Flex on the front-end and so far I was using XML files for data transfer Recently I started testing with zend framework and zend_amf do you think that for project that is using just flex on the user side I should use zend framework and their MVC structure? or it is just to much of a hassle with little benefit? From what I read I can use just zend_amf without the framework - does anyone has any experience with it? Thanks, Artur _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From jcampbell1 at gmail.com Tue Feb 17 18:05:05 2009 From: jcampbell1 at gmail.com (John Campbell) Date: Tue, 17 Feb 2009 18:05:05 -0500 Subject: [nycphp-talk] PHP and Flex In-Reply-To: <499B3882.4040104@marnik.net> References: <200902171052.21092.jellicle@gmail.com> <499B3882.4040104@marnik.net> Message-ID: <8f0676b40902171505i3179d47bq85b248934bf05c08@mail.gmail.com> On Tue, Feb 17, 2009 at 5:21 PM, Artur Marnik wrote: > Hi all > > > From what I read I can use just zend_amf without the framework - does anyone > has any experience with it? > I have experience with amfphp, and it works as promised (no experience with Zend_AMF). However, if I could do it over again, I would probably just use json / json-rpc. AMF is a really tight serialization format, but it makes debugging a pain in the neck because it is not human readable. AMF has some performance advantages if you are sending loads of binary data, and it has features for dynamic record sets. I avoid XML where possible for communicating with the client. With XML you have to write custom code to serialize and deserialize, or bundle a massive soap library on the client side. -John Campbell From danielc at analysisandsolutions.com Tue Feb 17 18:18:44 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Tue, 17 Feb 2009 18:18:44 -0500 Subject: [nycphp-talk] Can I set the response code if a PHP Fatal error occurs? In-Reply-To: <001201c99111$b91718e0$2b454aa0$@horning@planetnoc.com> References: <001201c99111$b91718e0$2b454aa0$@horning@planetnoc.com> Message-ID: <20090217231844.GA699@panix.com> On Tue, Feb 17, 2009 at 10:09:25AM -0500, Daniel Horning wrote: > > Something as simple as an "ErrorDocument 200 /path/to/other.notify.script" > in htaccess or in apache conf should allow you to reach this goal An application I work on uses JSON to communicate. I've adjusted our .htaccess file to print out a JSON string. Note: pick only ONE, depending on which version of Apache is in play. Note: remove line wrap. In Apache 1.3: ErrorDocument 500 "var response = {"code":500,"message":"Apache server error"}; In Apache >= 2.0: ErrorDocument 500 "var response = {\"code\":500,\"message\":\"Apache server error\"};" --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From artur at marnik.net Wed Feb 18 01:56:55 2009 From: artur at marnik.net (Artur Marnik) Date: Wed, 18 Feb 2009 01:56:55 -0500 Subject: [nycphp-talk] PHP and Flex In-Reply-To: <86F397D96FD09B4792600C76E082F5B6A542C9@RODIMUS.nylontechnology.local> References: <200902171052.21092.jellicle@gmail.com> <499B3882.4040104@marnik.net> <86F397D96FD09B4792600C76E082F5B6A542C9@RODIMUS.nylontechnology.local> Message-ID: <499BB137.5060906@marnik.net> Thanks for the link Ricky and I will get php|architect as well Artur Ricky Robinett wrote: > Hey Artur, > > I have some experience creating Flex/AIR applications that communicate with PHP using Zend_Amf. My preference is to use the zend amf without the MVC structure. Especially if the front end is entirely Flex. > > If you have any questions about the setup feel free to drop me a line. > > Wade Arnold's blog is a really great resource: > http://wadearnold.com/blog/ > > As well, there are a couple articles in the newest issue of php|architect about Flex/AIR and PHP (disclaimer: I wrote one of them). > > Thanks! > Ricky > > > ..................................... > Ricky Robinett > Developer > Zend Certified Engineer, PHP5 > Adobe Certified Expert, ColdFusion 8 > > Nylon Technology > 350 7th Avenue, 10th Floor > New York, NY 10001 > > 212.691.1134 x25 direct > 212.691.3477 fax > ricky at nylontechnology.com > www.nylontechnology.com > > -----Original Message----- > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Artur Marnik > Sent: Tuesday, February 17, 2009 5:22 PM > To: NYPHP Talk > Subject: [nycphp-talk] PHP and Flex > > Hi all > > Recently I've started creating some project using PHP on the back-end > and Flex on the front-end and so far I was using XML files for data transfer > > Recently I started testing with zend framework and zend_amf > do you think that for project that is using just flex on the user side I > should use zend framework and their MVC structure? or it is just to much > of a hassle with little benefit? > > From what I read I can use just zend_amf without the framework - does > anyone has any experience with it? > > Thanks, > Artur > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From ps at blu-studio.com Wed Feb 18 08:32:24 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Wed, 18 Feb 2009 08:32:24 -0500 Subject: [nycphp-talk] A Footnote on IBM Message-ID: <004001c991cd$567c9c20$0375d460$@com> Being as NYPHP has an informal working rapport w/ IBM, I thought this article might be worth a note to the list: http://www.itexaminer.com/ibm-pulls-out-of-us.aspx Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From artur at marnik.net Wed Feb 18 09:33:54 2009 From: artur at marnik.net (Artur Marnik) Date: Wed, 18 Feb 2009 09:33:54 -0500 Subject: [nycphp-talk] PHP and Flex In-Reply-To: <8f0676b40902171505i3179d47bq85b248934bf05c08@mail.gmail.com> References: <200902171052.21092.jellicle@gmail.com> <499B3882.4040104@marnik.net> <8f0676b40902171505i3179d47bq85b248934bf05c08@mail.gmail.com> Message-ID: <499C1C52.506@marnik.net> Thanks a lot I need to transfer a lot of binary data and in addition I need it to be as much dynamic as possible so I will try to use zend_amf then but without MVC structure - I think it is too much for small one-man project Artur John Campbell wrote: > On Tue, Feb 17, 2009 at 5:21 PM, Artur Marnik wrote: >> Hi all >> >> >> From what I read I can use just zend_amf without the framework - does anyone >> has any experience with it? >> > > I have experience with amfphp, and it works as promised (no > experience with Zend_AMF). However, if I could do it over again, I > would probably just use json / json-rpc. AMF is a really tight > serialization format, but it makes debugging a pain in the neck > because it is not human readable. AMF has some performance advantages > if you are sending loads of binary data, and it has features for > dynamic record sets. > > I avoid XML where possible for communicating with the client. With > XML you have to write custom code to serialize and deserialize, or > bundle a massive soap library on the client side. > > -John Campbell > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From danielmax at gmail.com Wed Feb 18 12:39:53 2009 From: danielmax at gmail.com (Daniel Max Kestin) Date: Wed, 18 Feb 2009 12:39:53 -0500 Subject: [nycphp-talk] PHP and Flex Message-ID: I've had success using the amfphp system. Have not tried Zend's. Either way, you can definitely use just amf communication - without using the rest of a huge mvc package. Check out http://amfphp.org/ These websites were very helpful to me in figuring out the configuration: http://www.howtoforge.com/amfphp_adobe_flex2_sdk http://viconflex.blogspot.com/2007/04/mapping-vos-from-flex-to-php-using.html The main reason I'm sticking with amfphp is because of their amf service browser - which makes debugging VERY easy. Unlike one of the other posters, I've had no trouble debugging amf objects at all. I never had reason to try and look at the binary content... I put break-points in the flex builder to see what objects look like in the debugger when they come over from PHP - and I put error_log()-type statements in the php code to see what data looks like coming over from Flex. All in all, I've found amf to be very easy to work with. Good luck! --Daniel > On Tue, Feb 17, 2009 at 5:21 PM, Artur Marnik wrote: > > Hi all > > > > > > From what I read I can use just zend_amf without the framework - does > anyone > > has any experience with it? > > > > I have experience with amfphp, and it works as promised (no > experience with Zend_AMF). However, if I could do it over again, I > would probably just use json / json-rpc. AMF is a really tight > serialization format, but it makes debugging a pain in the neck > because it is not human readable. AMF has some performance advantages > if you are sending loads of binary data, and it has features for > dynamic record sets. > > I avoid XML where possible for communicating with the client. With > XML you have to write custom code to serialize and deserialize, or > bundle a massive soap library on the client side. > > -John Campbell > > > ------------------------------ > > Message: 6 > Date: Tue, 17 Feb 2009 18:18:44 -0500 > From: Daniel Convissor > Subject: Re: [nycphp-talk] Can I set the response code if a PHP Fatal > error occurs? > To: NYPHP Talk > Message-ID: <20090217231844.GA699 at panix.com> > Content-Type: text/plain; charset=us-ascii > > On Tue, Feb 17, 2009 at 10:09:25AM -0500, Daniel Horning wrote: > > > > Something as simple as an "ErrorDocument 200 > /path/to/other.notify.script" > > in htaccess or in apache conf should allow you to reach this goal > > An application I work on uses JSON to communicate. I've adjusted our > .htaccess file to print out a JSON string. Note: pick only ONE, > depending on which version of Apache is in play. Note: remove line wrap. > > In Apache 1.3: > > ErrorDocument 500 "var response = {"code":500,"message":"Apache > server error"}; > > In Apache >= 2.0: > > ErrorDocument 500 "var response = {\"code\":500,\"message\":\"Apache > server error\"};" > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > > ------------------------------ > > Message: 7 > Date: Wed, 18 Feb 2009 01:56:55 -0500 > From: Artur Marnik > Subject: Re: [nycphp-talk] PHP and Flex > To: NYPHP Talk > Message-ID: <499BB137.5060906 at marnik.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Thanks for the link Ricky > and I will get php|architect as well > > Artur > > Ricky Robinett wrote: > > Hey Artur, > > > > I have some experience creating Flex/AIR applications that communicate > with PHP using Zend_Amf. My preference is to use the zend amf without the > MVC structure. Especially if the front end is entirely Flex. > > > > If you have any questions about the setup feel free to drop me a line. > > > > Wade Arnold's blog is a really great resource: > > http://wadearnold.com/blog/ > > > > As well, there are a couple articles in the newest issue of php|architect > about Flex/AIR and PHP (disclaimer: I wrote one of them). > > > > Thanks! > > Ricky > > > > > > ..................................... > > Ricky Robinett > > Developer > > Zend Certified Engineer, PHP5 > > Adobe Certified Expert, ColdFusion 8 > > > > Nylon Technology > > 350 7th Avenue, 10th Floor > > New York, NY 10001 > > > > 212.691.1134 x25 direct > > 212.691.3477 fax > > ricky at nylontechnology.com > > www.nylontechnology.com > > > > -----Original Message----- > > From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] > On Behalf Of Artur Marnik > > Sent: Tuesday, February 17, 2009 5:22 PM > > To: NYPHP Talk > > Subject: [nycphp-talk] PHP and Flex > > > > Hi all > > > > Recently I've started creating some project using PHP on the back-end > > and Flex on the front-end and so far I was using XML files for data > transfer > > > > Recently I started testing with zend framework and zend_amf > > do you think that for project that is using just flex on the user side I > > should use zend framework and their MVC structure? or it is just to much > > of a hassle with little benefit? > > > > From what I read I can use just zend_amf without the framework - does > > anyone has any experience with it? > > > > Thanks, > > Artur > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > > > > ------------------------------ > > Message: 8 > Date: Wed, 18 Feb 2009 08:32:24 -0500 > From: "Peter Sawczynec" > Subject: [nycphp-talk] A Footnote on IBM > To: "'Org, Talk at Nyphp.'" > Message-ID: <004001c991cd$567c9c20$0375d460$@com> > Content-Type: text/plain; charset="windows-1257" > > Being as NYPHP has an informal working rapport w/ IBM, I thought this > article might be worth a note to the list: > http://www.itexaminer.com/ibm-pulls-out-of-us.aspx > > > Warmest regards, > ? > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > > > ------------------------------ > > Message: 9 > Date: Wed, 18 Feb 2009 09:33:54 -0500 > From: Artur Marnik > Subject: Re: [nycphp-talk] PHP and Flex > To: NYPHP Talk > Message-ID: <499C1C52.506 at marnik.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Thanks a lot > > I need to transfer a lot of binary data and in addition I need it to be > as much dynamic as possible so I will try to use zend_amf then but > without MVC structure - I think it is too much for small one-man project > > Artur > > > > John Campbell wrote: > > On Tue, Feb 17, 2009 at 5:21 PM, Artur Marnik wrote: > >> Hi all > >> > >> > >> From what I read I can use just zend_amf without the framework - does > anyone > >> has any experience with it? > >> > > > > I have experience with amfphp, and it works as promised (no > > experience with Zend_AMF). However, if I could do it over again, I > > would probably just use json / json-rpc. AMF is a really tight > > serialization format, but it makes debugging a pain in the neck > > because it is not human readable. AMF has some performance advantages > > if you are sending loads of binary data, and it has features for > > dynamic record sets. > > > > I avoid XML where possible for communicating with the client. With > > XML you have to write custom code to serialize and deserialize, or > > bundle a massive soap library on the client side. > > > > -John Campbell > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > ------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > End of talk Digest, Vol 28, Issue 31 > ************************************ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From artur at marnik.net Wed Feb 18 12:52:16 2009 From: artur at marnik.net (Artur Marnik) Date: Wed, 18 Feb 2009 12:52:16 -0500 Subject: [nycphp-talk] PHP and Flex In-Reply-To: References: Message-ID: <499C4AD0.3040605@marnik.net> now I just have to choose amfphp or zend_amf :) I will take a closer look on both and see what are the pros and cons thanks Artur Daniel Max Kestin wrote: > I've had success using the amfphp system. Have not tried Zend's. > Either way, you can definitely use just amf communication - without > using the rest of a huge mvc package. > > Check out http://amfphp.org/ > > These websites were very helpful to me in figuring out the configuration: > http://www.howtoforge.com/amfphp_adobe_flex2_sdk > http://viconflex.blogspot.com/2007/04/mapping-vos-from-flex-to-php-using.html > > The main reason I'm sticking with amfphp is because of their amf service > browser - which makes debugging VERY easy. > > Unlike one of the other posters, I've had no trouble debugging amf > objects at all. I never had reason to try and look at the binary > content... I put break-points in the flex builder to see what objects > look like in the debugger when they come over from PHP - and I put > error_log()-type statements in the php code to see what data looks like > coming over from Flex. > > All in all, I've found amf to be very easy to work with. > Good luck! > > --Daniel > > > > On Tue, Feb 17, 2009 at 5:21 PM, Artur Marnik > wrote: > > Hi all > > > > > > From what I read I can use just zend_amf without the framework - > does anyone > > has any experience with it? > > > > I have experience with amfphp, and it works as promised (no > experience with Zend_AMF). However, if I could do it over again, I > would probably just use json / json-rpc. AMF is a really tight > serialization format, but it makes debugging a pain in the neck > because it is not human readable. AMF has some performance advantages > if you are sending loads of binary data, and it has features for > dynamic record sets. > > I avoid XML where possible for communicating with the client. With > XML you have to write custom code to serialize and deserialize, or > bundle a massive soap library on the client side. > > -John Campbell > > > ------------------------------ > > Message: 6 > Date: Tue, 17 Feb 2009 18:18:44 -0500 > From: Daniel Convissor > > Subject: Re: [nycphp-talk] Can I set the response code if a PHP Fatal > error occurs? > To: NYPHP Talk > > Message-ID: <20090217231844.GA699 at panix.com > > > Content-Type: text/plain; charset=us-ascii > > On Tue, Feb 17, 2009 at 10:09:25AM -0500, Daniel Horning wrote: > > > > Something as simple as an "ErrorDocument 200 > /path/to/other.notify.script" > > in htaccess or in apache conf should allow you to reach this goal > > An application I work on uses JSON to communicate. I've adjusted our > .htaccess file to print out a JSON string. Note: pick only ONE, > depending on which version of Apache is in play. Note: remove line > wrap. > > In Apache 1.3: > > ErrorDocument 500 "var response = {"code":500,"message":"Apache > server error"}; > > In Apache >= 2.0: > > ErrorDocument 500 "var response = {\"code\":500,\"message\":\"Apache > server error\"};" > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > > ------------------------------ > > Message: 7 > Date: Wed, 18 Feb 2009 01:56:55 -0500 > From: Artur Marnik > > Subject: Re: [nycphp-talk] PHP and Flex > To: NYPHP Talk > > Message-ID: <499BB137.5060906 at marnik.net > > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Thanks for the link Ricky > and I will get php|architect as well > > Artur > > Ricky Robinett wrote: > > Hey Artur, > > > > I have some experience creating Flex/AIR applications that > communicate with PHP using Zend_Amf. My preference is to use the > zend amf without the MVC structure. Especially if the front end is > entirely Flex. > > > > If you have any questions about the setup feel free to drop me a > line. > > > > Wade Arnold's blog is a really great resource: > > http://wadearnold.com/blog/ > > > > As well, there are a couple articles in the newest issue of > php|architect about Flex/AIR and PHP (disclaimer: I wrote one of them). > > > > Thanks! > > Ricky > > > > > > ..................................... > > Ricky Robinett > > Developer > > Zend Certified Engineer, PHP5 > > Adobe Certified Expert, ColdFusion 8 > > > > Nylon Technology > > 350 7th Avenue, 10th Floor > > New York, NY 10001 > > > > 212.691.1134 x25 direct > > 212.691.3477 fax > > ricky at nylontechnology.com > > www.nylontechnology.com > > > > -----Original Message----- > > From: talk-bounces at lists.nyphp.org > > [mailto:talk-bounces at lists.nyphp.org > ] On Behalf Of Artur Marnik > > Sent: Tuesday, February 17, 2009 5:22 PM > > To: NYPHP Talk > > Subject: [nycphp-talk] PHP and Flex > > > > Hi all > > > > Recently I've started creating some project using PHP on the back-end > > and Flex on the front-end and so far I was using XML files for > data transfer > > > > Recently I started testing with zend framework and zend_amf > > do you think that for project that is using just flex on the user > side I > > should use zend framework and their MVC structure? or it is just > to much > > of a hassle with little benefit? > > > > From what I read I can use just zend_amf without the framework - > does > > anyone has any experience with it? > > > > Thanks, > > Artur > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > > > > ------------------------------ > > Message: 8 > Date: Wed, 18 Feb 2009 08:32:24 -0500 > From: "Peter Sawczynec" > > Subject: [nycphp-talk] A Footnote on IBM > To: "'Org, Talk at Nyphp.'" > > Message-ID: <004001c991cd$567c9c20$0375d460$@com> > Content-Type: text/plain; charset="windows-1257" > > Being as NYPHP has an informal working rapport w/ IBM, I thought this > article might be worth a note to the list: > http://www.itexaminer.com/ibm-pulls-out-of-us.aspx > > > Warmest regards, > ? > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > > > ------------------------------ > > Message: 9 > Date: Wed, 18 Feb 2009 09:33:54 -0500 > From: Artur Marnik > > Subject: Re: [nycphp-talk] PHP and Flex > To: NYPHP Talk > > Message-ID: <499C1C52.506 at marnik.net > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Thanks a lot > > I need to transfer a lot of binary data and in addition I need it to be > as much dynamic as possible so I will try to use zend_amf then but > without MVC structure - I think it is too much for small one-man project > > Artur > > > > John Campbell wrote: > > On Tue, Feb 17, 2009 at 5:21 PM, Artur Marnik > wrote: > >> Hi all > >> > >> > >> From what I read I can use just zend_amf without the framework - > does anyone > >> has any experience with it? > >> > > > > I have experience with amfphp, and it works as promised (no > > experience with Zend_AMF). However, if I could do it over again, I > > would probably just use json / json-rpc. AMF is a really tight > > serialization format, but it makes debugging a pain in the neck > > because it is not human readable. AMF has some performance > advantages > > if you are sending loads of binary data, and it has features for > > dynamic record sets. > > > > I avoid XML where possible for communicating with the client. With > > XML you have to write custom code to serialize and deserialize, or > > bundle a massive soap library on the client side. > > > > -John Campbell > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > ------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > End of talk Digest, Vol 28, Issue 31 > ************************************ > > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From danielmax at gmail.com Fri Feb 20 00:20:43 2009 From: danielmax at gmail.com (Daniel Max Kestin) Date: Fri, 20 Feb 2009 00:20:43 -0500 Subject: [nycphp-talk] PHP and Flex Message-ID: Two other bits of information on this topic... 1) I forgot to mention that there are two really helpful videos on Lee Brimelow's website that helped me learn the basics of amfphp early on: http://gotoandlearn.com/play?id=78 http://gotoandlearn.com/play?id=79 (he also has this video I have not watched about ZendAMF: http://gotoandlearn.com/play?id=90) 2) My team just today successfully migrated the server-side portion of our flex & php application from a home-grown framework to cakephp. With minimal tinkering, we were able to make amfphp work with cake (that after discovering that it was kind of a pain in the butt to make cake's native amf system work). So yah, one more happy story about amfphp. --Daniel On Wed, Feb 18, 2009 at 12:52 PM, wrote: > ------------------------------ > > Message: 2 > Date: Wed, 18 Feb 2009 12:52:16 -0500 > From: Artur Marnik > Subject: Re: [nycphp-talk] PHP and Flex > To: NYPHP Talk > Message-ID: <499C4AD0.3040605 at marnik.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > now I just have to choose amfphp or zend_amf :) > I will take a closer look on both and see what are the pros and cons > > thanks > Artur > > > Daniel Max Kestin wrote: > > I've had success using the amfphp system. Have not tried Zend's. > > Either way, you can definitely use just amf communication - without > > using the rest of a huge mvc package. > > > > Check out http://amfphp.org/ > > > > These websites were very helpful to me in figuring out the configuration: > > http://www.howtoforge.com/amfphp_adobe_flex2_sdk > > > http://viconflex.blogspot.com/2007/04/mapping-vos-from-flex-to-php-using.html > > > > The main reason I'm sticking with amfphp is because of their amf service > > browser - which makes debugging VERY easy. > > > > Unlike one of the other posters, I've had no trouble debugging amf > > objects at all. I never had reason to try and look at the binary > > content... I put break-points in the flex builder to see what objects > > look like in the debugger when they come over from PHP - and I put > > error_log()-type statements in the php code to see what data looks like > > coming over from Flex. > > > > All in all, I've found amf to be very easy to work with. > > Good luck! > > > > --Daniel > > > > > > > > On Tue, Feb 17, 2009 at 5:21 PM, Artur Marnik > > wrote: > > > Hi all > > > > > > > > > From what I read I can use just zend_amf without the framework - > > does anyone > > > has any experience with it? > > > > > > > I have experience with amfphp, and it works as promised (no > > experience with Zend_AMF). However, if I could do it over again, I > > would probably just use json / json-rpc. AMF is a really tight > > serialization format, but it makes debugging a pain in the neck > > because it is not human readable. AMF has some performance > advantages > > if you are sending loads of binary data, and it has features for > > dynamic record sets. > > > > I avoid XML where possible for communicating with the client. With > > XML you have to write custom code to serialize and deserialize, or > > bundle a massive soap library on the client side. > > > > -John Campbell > > > > > > ------------------------------ > > > > Message: 6 > > Date: Tue, 17 Feb 2009 18:18:44 -0500 > > From: Daniel Convissor > > > > Subject: Re: [nycphp-talk] Can I set the response code if a PHP Fatal > > error occurs? > > To: NYPHP Talk > > > Message-ID: <20090217231844.GA699 at panix.com > > > > > Content-Type: text/plain; charset=us-ascii > > > > On Tue, Feb 17, 2009 at 10:09:25AM -0500, Daniel Horning wrote: > > > > > > Something as simple as an "ErrorDocument 200 > > /path/to/other.notify.script" > > > in htaccess or in apache conf should allow you to reach this goal > > > > An application I work on uses JSON to communicate. I've adjusted our > > .htaccess file to print out a JSON string. Note: pick only ONE, > > depending on which version of Apache is in play. Note: remove line > > wrap. > > > > In Apache 1.3: > > > > ErrorDocument 500 "var response = {"code":500,"message":"Apache > > server error"}; > > > > In Apache >= 2.0: > > > > ErrorDocument 500 "var response = > {\"code\":500,\"message\":\"Apache > > server error\"};" > > > > --Dan > > > > -- > > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > > data intensive web and database programming > > http://www.AnalysisAndSolutions.com/ > > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > > > > > ------------------------------ > > > > Message: 7 > > Date: Wed, 18 Feb 2009 01:56:55 -0500 > > From: Artur Marnik > > > Subject: Re: [nycphp-talk] PHP and Flex > > To: NYPHP Talk > > > Message-ID: <499BB137.5060906 at marnik.net > > > > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > Thanks for the link Ricky > > and I will get php|architect as well > > > > Artur > > > > Ricky Robinett wrote: > > > Hey Artur, > > > > > > I have some experience creating Flex/AIR applications that > > communicate with PHP using Zend_Amf. My preference is to use the > > zend amf without the MVC structure. Especially if the front end is > > entirely Flex. > > > > > > If you have any questions about the setup feel free to drop me a > > line. > > > > > > Wade Arnold's blog is a really great resource: > > > http://wadearnold.com/blog/ > > > > > > As well, there are a couple articles in the newest issue of > > php|architect about Flex/AIR and PHP (disclaimer: I wrote one of > them). > > > > > > Thanks! > > > Ricky > > > > > > > > > ..................................... > > > Ricky Robinett > > > Developer > > > Zend Certified Engineer, PHP5 > > > Adobe Certified Expert, ColdFusion 8 > > > > > > Nylon Technology > > > 350 7th Avenue, 10th Floor > > > New York, NY 10001 > > > > > > 212.691.1134 x25 direct > > > 212.691.3477 fax > > > ricky at nylontechnology.com > > > www.nylontechnology.com > > > > > > -----Original Message----- > > > From: talk-bounces at lists.nyphp.org > > > > [mailto:talk-bounces at lists.nyphp.org > > ] On Behalf Of Artur Marnik > > > Sent: Tuesday, February 17, 2009 5:22 PM > > > To: NYPHP Talk > > > Subject: [nycphp-talk] PHP and Flex > > > > > > Hi all > > > > > > Recently I've started creating some project using PHP on the > back-end > > > and Flex on the front-end and so far I was using XML files for > > data transfer > > > > > > Recently I started testing with zend framework and zend_amf > > > do you think that for project that is using just flex on the user > > side I > > > should use zend framework and their MVC structure? or it is just > > to much > > > of a hassle with little benefit? > > > > > > From what I read I can use just zend_amf without the framework - > > does > > > anyone has any experience with it? > > > > > > Thanks, > > > Artur > > > _______________________________________________ > > > New York PHP User Group Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > > > New York PHP User Group Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > http://www.nyphp.org/show_participation.php > > > > > > > > > > > ------------------------------ > > > > Message: 8 > > Date: Wed, 18 Feb 2009 08:32:24 -0500 > > From: "Peter Sawczynec" >> > > Subject: [nycphp-talk] A Footnote on IBM > > To: "'Org, Talk at Nyphp.'" > > > > Message-ID: <004001c991cd$567c9c20$0375d460$@com> > > Content-Type: text/plain; charset="windows-1257" > > > > Being as NYPHP has an informal working rapport w/ IBM, I thought this > > article might be worth a note to the list: > > http://www.itexaminer.com/ibm-pulls-out-of-us.aspx > > > > > > Warmest regards, > > ? > > Peter Sawczynec > > Technology Dir. > > bl?studio > > 941.893.0396 > > ps at blu-studio.com > > www.blu-studio.com > > > > > > > > > > > > ------------------------------ > > > > Message: 9 > > Date: Wed, 18 Feb 2009 09:33:54 -0500 > > From: Artur Marnik > > > Subject: Re: [nycphp-talk] PHP and Flex > > To: NYPHP Talk > > > Message-ID: <499C1C52.506 at marnik.net >> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > Thanks a lot > > > > I need to transfer a lot of binary data and in addition I need it to > be > > as much dynamic as possible so I will try to use zend_amf then but > > without MVC structure - I think it is too much for small one-man > project > > > > Artur > > > > > > > > John Campbell wrote: > > > On Tue, Feb 17, 2009 at 5:21 PM, Artur Marnik > > wrote: > > >> Hi all > > >> > > >> > > >> From what I read I can use just zend_amf without the framework - > > does anyone > > >> has any experience with it? > > >> > > > > > > I have experience with amfphp, and it works as promised (no > > > experience with Zend_AMF). However, if I could do it over again, > I > > > would probably just use json / json-rpc. AMF is a really tight > > > serialization format, but it makes debugging a pain in the neck > > > because it is not human readable. AMF has some performance > > advantages > > > if you are sending loads of binary data, and it has features for > > > dynamic record sets. > > > > > > I avoid XML where possible for communicating with the client. > With > > > XML you have to write custom code to serialize and deserialize, or > > > bundle a massive soap library on the client side. > > > > > > -John Campbell > > > _______________________________________________ > > > New York PHP User Group Community Talk Mailing List > > > http://lists.nyphp.org/mailman/listinfo/talk > > > > > > http://www.nyphp.org/show_participation.php > > > > > > ------------------------------ > > > > _______________________________________________ > > talk mailing list > > talk at lists.nyphp.org > > http://lists.nyphp.org/mailman/listinfo/talk > > > > End of talk Digest, Vol 28, Issue 31 > > ************************************ > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > New York PHP User Group Community Talk Mailing List > > http://lists.nyphp.org/mailman/listinfo/talk > > > > http://www.nyphp.org/show_participation.php > > > ------------------------------ > > _______________________________________________ > talk mailing list > talk at lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/talk > > End of talk Digest, Vol 28, Issue 32 > ************************************ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ps at blu-studio.com Fri Feb 20 16:34:37 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Fri, 20 Feb 2009 16:34:37 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP Message-ID: <006e01c993a3$08838880$198a9980$@com> I want to get my *. htm and *.html files to be parsed as PHP files. With shared hosting I don't have access to Apache conf, but I can put .htaccess files in my dirs. So I am planning to add this line: AddHandler application/x-httpd-php .html .htm ? in the .htaccess file. Anyone have any comment on this strategy pro or con? Has anyone done this and was satisfied with the results? Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com From artur at marnik.net Fri Feb 20 16:48:41 2009 From: artur at marnik.net (Artur Marnik) Date: Fri, 20 Feb 2009 16:48:41 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: <006e01c993a3$08838880$198a9980$@com> References: <006e01c993a3$08838880$198a9980$@com> Message-ID: <499F2539.8030207@marnik.net> Hi Peter, This is exactly what I did on my server about 10 years ago when I started my journey with PHP. I don't remember why but I wanted to keep all my extensions as .html so I used it for few years There is only one con - all your files will be parsed by PHP. So if you want to use some caching, static content etc it will still use PHP engine for display - I would say not recommended for very high traffic. For small website It should be ok Artur Peter Sawczynec wrote: > I want to get my *. htm and *.html files to be parsed as PHP files. > With shared hosting I don't have access to Apache conf, but I can put > .htaccess files > in my dirs. So I am planning to add this line: > > AddHandler application/x-httpd-php .html .htm > > ? in the .htaccess file. > > Anyone have any comment on this strategy pro or con? > Has anyone done this and was satisfied with the results? > > Warmest regards, > > Peter Sawczynec > Technology Dir. > bl?studio > 941.893.0396 > ps at blu-studio.com > www.blu-studio.com > > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php From tedd at sperling.com Sat Feb 21 10:37:41 2009 From: tedd at sperling.com (tedd) Date: Sat, 21 Feb 2009 10:37:41 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: <006e01c993a3$08838880$198a9980$@com> References: <006e01c993a3$08838880$198a9980$@com> Message-ID: At 4:34 PM -0500 2/20/09, Peter Sawczynec wrote: >I want to get my *. htm and *.html files to be parsed as PHP files. >With shared hosting I don't have access to Apache conf, but I can put >.htaccess files >in my dirs. So I am planning to add this line: > >AddHandler application/x-httpd-php .html .htm > >? in the .htaccess file. > >Anyone have any comment on this strategy pro or con? >Has anyone done this and was satisfied with the results? > >Warmest regards, > >Peter Sawczynec Peter: I don't know how to judge if it's a good idea, or not -- but I do it. My .htaccess file is a bit different from yours, namely: # handler for phpsuexec. -- this makes these prefixes considered for php SetHandler application/x-httpd-php Note that I also have css in there so I can embed php code in css -- that's neat. The only problem I have run into that some browsers, like FireFox require this -- -- to be the first line in my non-php files. But that hasn't been a big problem for me. HTH's tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From ajai at bitblit.net Sat Feb 21 23:15:26 2009 From: ajai at bitblit.net (Ajai Khattri) Date: Sat, 21 Feb 2009 23:15:26 -0500 (EST) Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: <006e01c993a3$08838880$198a9980$@com> Message-ID: On Fri, 20 Feb 2009, Peter Sawczynec wrote: > Anyone have any comment on this strategy pro or con? Not good for performance or scalability. A PHP framework with routing should allow you use URLs with .html at the end without resorting to changing Apache's behavior. -- Aj. From tedd at sperling.com Sun Feb 22 08:44:03 2009 From: tedd at sperling.com (tedd) Date: Sun, 22 Feb 2009 08:44:03 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: References: Message-ID: At 11:15 PM -0500 2/21/09, Ajai Khattri wrote: >On Fri, 20 Feb 2009, Peter Sawczynec wrote: > >> Anyone have any comment on this strategy pro or con? > >Not good for performance or scalability. A PHP framework with routing >should allow you use URLs with .html at the end without resorting to >changing Apache's behavior. >-- >Aj. Now that I think about it, Apache's behavior at default is to consider embedded php -- so I'm not sure why one would want to add a directive to parse html files as php. Furthermore, if you don't wrap your html code in a heredoc wrapper, the html code will cause the script to crash. So maybe we need to investigate this a bit further -- why do you want to do this Peter? Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From arzala at gmail.com Sun Feb 22 08:59:11 2009 From: arzala at gmail.com (Anirudh Zala) Date: Sun, 22 Feb 2009 19:29:11 +0530 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: References: Message-ID: <200902221929.11910.arzala@gmail.com> On Sunday 22 Feb 2009 9:45:26 am Ajai Khattri wrote: > On Fri, 20 Feb 2009, Peter Sawczynec wrote: > > Anyone have any comment on this strategy pro or con? > > Not good for performance or scalability. A PHP framework with routing > should allow you use URLs with .html at the end without resorting to > changing Apache's behavior. +1 to this solution. Thanks Anirudh Zala From ps at blu-studio.com Sun Feb 22 13:20:20 2009 From: ps at blu-studio.com (Peter Sawczynec) Date: Sun, 22 Feb 2009 13:20:20 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: References: Message-ID: <000701c9951a$39044800$ab0cd800$@com> Okay, well thank you to all for the insightful responses so far. So this probably is an SEO issue. In that I am looking at a niche all HTML site that has been up for awhile and has gained decent google relevancy in search results. I am concerned that changing all the page names from "topic_specific_file_name.html" to "topic_specific_file_name.php" might make all the pages appear as all new pages to google and re-set the search results standing for the entire site. So I was considering the *.html parsed thru PHP technique to get PHP into all the pages. And in a dark personal corner I did like a little the modicum of security through obscurity that this technique might gain. So now if anyone with some SEO/search background can weigh in on the page name change issue that would be great. Warmest regards, ? Peter Sawczynec Technology Dir. bl?studio 941.893.0396 ps at blu-studio.com www.blu-studio.com -----Original Message----- From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of tedd Sent: Sunday, February 22, 2009 8:44 AM To: NYPHP Talk Subject: Re: [nycphp-talk] Parse HTML Files as PHP At 11:15 PM -0500 2/21/09, Ajai Khattri wrote: >On Fri, 20 Feb 2009, Peter Sawczynec wrote: > >> Anyone have any comment on this strategy pro or con? > >Not good for performance or scalability. A PHP framework with routing >should allow you use URLs with .html at the end without resorting to >changing Apache's behavior. >-- >Aj. Now that I think about it, Apache's behavior at default is to consider embedded php -- so I'm not sure why one would want to add a directive to parse html files as php. Furthermore, if you don't wrap your html code in a heredoc wrapper, the html code will cause the script to crash. So maybe we need to investigate this a bit further -- why do you want to do this Peter? Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php From tedd at sperling.com Sun Feb 22 13:51:22 2009 From: tedd at sperling.com (tedd) Date: Sun, 22 Feb 2009 13:51:22 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: <000701c9951a$39044800$ab0cd800$@com> References: <000701c9951a$39044800$ab0cd800$@com> Message-ID: At 1:20 PM -0500 2/22/09, Peter Sawczynec wrote: >Okay, well thank you to all for the insightful responses so far. > >So this probably is an SEO issue. In that I am looking at a niche all >HTML site >that has been up for awhile and has gained decent google relevancy in >search results. > >I am concerned that changing all the page names from >"topic_specific_file_name.html" to >"topic_specific_file_name.php" might make all the pages appear as all >new pages to >google and re-set the search results standing for the entire site. > >So I was considering the *.html parsed thru PHP technique to get PHP >into all the pages. > >And in a dark personal corner I did like a little the modicum of >security through obscurity that >this technique might gain. > >So now if anyone with some SEO/search background can weigh in on the >page name change issue >that would be great. > >Warmest regards, > >Peter Sawczynec >Technology Dir. Peter: I don't know how Google or other search engines may view changes like that, but I can't imagine the change would be significant -- both suffixes work. It's my understanding that SE's look at content rather than the suffix, but I could be wrong. It you belong to scrubtheweb.com, you might ask them -- they would know. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From tim_lists at o2group.com Sun Feb 22 14:54:13 2009 From: tim_lists at o2group.com (Tim Lieberman) Date: Sun, 22 Feb 2009 14:54:13 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: <000701c9951a$39044800$ab0cd800$@com> References: <000701c9951a$39044800$ab0cd800$@com> Message-ID: <06405E3C-B6AE-4CF8-8476-C6A0BD236C22@o2group.com> On Feb 22, 2009, at 1:20 PM, Peter Sawczynec wrote: > Okay, well thank you to all for the insightful responses so far. > > So this probably is an SEO issue. In that I am looking at a niche all > HTML site > that has been up for awhile and has gained decent google relevancy in > search results. > > I am concerned that changing all the page names from > "topic_specific_file_name.html" to > "topic_specific_file_name.php" might make all the pages appear as all > new pages to > google and re-set the search results standing for the entire site. > I'm not an SEO pro, but if there aren't a ton of pages, I'd suggest creating new page with the .php suffix, and then redirect the old urls to the new ones with 301 status from apache. This is the proper, official way to move a resource. And google approves of it: -Tim From greg_rundlett at harvard.edu Sun Feb 22 15:04:55 2009 From: greg_rundlett at harvard.edu (Greg Rundlett) Date: Sun, 22 Feb 2009 15:04:55 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: References: <006e01c993a3$08838880$198a9980$@com> Message-ID: <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> On Sat, Feb 21, 2009 at 11:15 PM, Ajai Khattri wrote: > On Fri, 20 Feb 2009, Peter Sawczynec wrote: > >> Anyone have any comment on this strategy pro or con? > > Not good for performance or scalability. Why exactly? mod_php is both performant and scalable. > A PHP framework with routing > should allow you use URLs with .html at the end without resorting to > changing Apache's behavior. You're saying that complex framework is a better solution than a configuration one-liner. Why? I've used this technique successfully before when converting a series of websites with tens of thousands of flat html files into my own custom CMS under the covers. -- Greg Rundlett Web Developer - Initiative in Innovative Computing http://iic.harvard.edu camb 617-384-5872 nbpt 978-225-8302 m. 978-764-4424 -skype/aim/irc/twitter freephile http://profiles.aim.com/freephile From greg at freephile.com Sun Feb 22 15:10:56 2009 From: greg at freephile.com (Greg Rundlett (freephile)) Date: Sun, 22 Feb 2009 15:10:56 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: References: Message-ID: <5e2aaca40902221210i3c4ddc12v23006a5896c263c@mail.gmail.com> On Sun, Feb 22, 2009 at 8:44 AM, tedd wrote: > At 11:15 PM -0500 2/21/09, Ajai Khattri wrote: >> >> On Fri, 20 Feb 2009, Peter Sawczynec wrote: >> >>> Anyone have any comment on this strategy pro or con? >> >> Not good for performance or scalability. A PHP framework with routing >> should allow you use URLs with .html at the end without resorting to >> changing Apache's behavior. >> -- >> Aj. > > Now that I think about it, Apache's behavior at default is to consider > embedded php -- so I'm not sure why one would want to add a directive to > parse html files as php. Apache's default for .html is text/html > Furthermore, if you don't wrap your html code in a heredoc wrapper, the html > code will cause the script to crash. That's not correct. If .html files are parsed through Mod_php, the default behavior of the PHP module is to output the contents just like text/html, which is why you have to add PHP processing instructions (aka "tags") to your PHP files to turn ON php i.e. I'm saying that turning on PHP processing of regular HTML files will output HTML just like if you didn't pass the file through mod_php. -- Greg Rundlett Web Developer - Initiative in Innovative Computing http://iic.harvard.edu camb 617-384-5872 nbpt 978-225-8302 m. 978-764-4424 -skype/aim/irc/twitter freephile http://profiles.aim.com/freephile From greg at freephile.com Sun Feb 22 15:13:08 2009 From: greg at freephile.com (Greg Rundlett (freephile)) Date: Sun, 22 Feb 2009 15:13:08 -0500 Subject: [nycphp-talk] Fwd: Parse HTML Files as PHP In-Reply-To: <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> References: <006e01c993a3$08838880$198a9980$@com> <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> Message-ID: <5e2aaca40902221213r43032a8o49a0d8462c759702@mail.gmail.com> (sorry if this is a duplicate - I posted earlier with the incorrect sender address) ---------- Forwarded message ---------- From: Greg Rundlett Date: Sun, Feb 22, 2009 at 3:04 PM Subject: Re: [nycphp-talk] Parse HTML Files as PHP To: NYPHP Talk On Sat, Feb 21, 2009 at 11:15 PM, Ajai Khattri wrote: > On Fri, 20 Feb 2009, Peter Sawczynec wrote: > >> Anyone have any comment on this strategy pro or con? > > Not good for performance or scalability. Why exactly? mod_php is both performant and scalable. > A PHP framework with routing > should allow you use URLs with .html at the end without resorting to > changing Apache's behavior. You're saying that complex framework is a better solution than a configuration one-liner. Why? I've used this technique successfully before when converting a series of websites with tens of thousands of flat html files into my own custom CMS under the covers. -- Greg Rundlett Web Developer - Initiative in Innovative Computing http://iic.harvard.edu camb 617-384-5872 nbpt 978-225-8302 m. 978-764-4424 -skype/aim/irc/twitter freephile http://profiles.aim.com/freephile From tim_lists at o2group.com Sun Feb 22 15:31:14 2009 From: tim_lists at o2group.com (Tim Lieberman) Date: Sun, 22 Feb 2009 15:31:14 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> References: <006e01c993a3$08838880$198a9980$@com> <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> Message-ID: On Feb 22, 2009, at 3:04 PM, Greg Rundlett wrote: > On Sat, Feb 21, 2009 at 11:15 PM, Ajai Khattri > wrote: >> On Fri, 20 Feb 2009, Peter Sawczynec wrote: >> >>> Anyone have any comment on this strategy pro or con? >> >> Not good for performance or scalability. > > Why exactly? mod_php is both performant and scalable. mod_php can be a memory hog, bloating your httpd processes. Who needs that bloat to serve static content? Nice little webcast about this here: > > >> A PHP framework with routing >> should allow you use URLs with .html at the end without resorting to >> changing Apache's behavior. > > You're saying that complex framework is a better solution than a > configuration one-liner. Why? Here I agree. Frameworks are great for complex systems. But they're more trouble than they're worth if all you want is pretty URLs. Though, I suppose you could write a little microframework to just do routing. But, on the other hand, you've already got mod_rewrite. From tedd at sperling.com Sun Feb 22 15:53:50 2009 From: tedd at sperling.com (tedd) Date: Sun, 22 Feb 2009 15:53:50 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: <5e2aaca40902221210i3c4ddc12v23006a5896c263c@mail.gmail.com> References: <5e2aaca40902221210i3c4ddc12v23006a5896c263c@mail.gmail.com> Message-ID: At 3:10 PM -0500 2/22/09, Greg Rundlett (freephile) wrote: >On Sun, Feb 22, 2009 at 8:44 AM, tedd wrote: > > Furthermore, if you don't wrap your html code in a heredoc >wrapper, the html >> code will cause the script to crash. > >That's not correct. If .html files are parsed through Mod_php, the >default behavior of the PHP module is to output the contents just like >text/html, which is why you have to add PHP processing instructions >(aka "tags") to your PHP files to turn ON php i.e. ("foo"); ?> I'm saying that turning on PHP processing of regular >HTML files will output HTML just like if you didn't pass the file >through mod_php. > >-- >Greg Rundlett Greg: You are absolutely right. I was thinking of using html without "" and using php variables directly in the html code. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com From jcampbell1 at gmail.com Sun Feb 22 16:13:30 2009 From: jcampbell1 at gmail.com (John Campbell) Date: Sun, 22 Feb 2009 16:13:30 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: <000701c9951a$39044800$ab0cd800$@com> References: <000701c9951a$39044800$ab0cd800$@com> Message-ID: <8f0676b40902221313o1812a4d2t29d4881737218dd7@mail.gmail.com> 2009/2/22 Peter Sawczynec : > So now if anyone with some SEO/search background can weigh in on the > page name change issue > that would be great. You are on the right track. You could do a bazillion 301 redirects from .html to .php , but that is a waste of your time, will slow down page loads, and 301 redirects don't always pass 100% of the link juice. Why bother? From greg_rundlett at harvard.edu Sun Feb 22 22:52:27 2009 From: greg_rundlett at harvard.edu (Greg Rundlett) Date: Sun, 22 Feb 2009 22:52:27 -0500 Subject: [nycphp-talk] Parse HTML Files as PHP In-Reply-To: References: <006e01c993a3$08838880$198a9980$@com> <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> Message-ID: <5e2aaca40902221952r6086036dp5f5ae0b449904226@mail.gmail.com> On Sun, Feb 22, 2009 at 3:31 PM, Tim Lieberman wrote: > On Feb 22, 2009, at 3:04 PM, Greg Rundlett wrote: > >> On Sat, Feb 21, 2009 at 11:15 PM, Ajai Khattri wrote: >>> >>> On Fri, 20 Feb 2009, Peter Sawczynec wrote: >>> >>>> Anyone have any comment on this strategy pro or con? >>> >>> Not good for performance or scalability. >> >> Why exactly? mod_php is both performant and scalable. > > mod_php can be a memory hog, bloating your httpd processes. Who needs that > bloat to serve static content? > > Nice little webcast about this here: > > > Thanks for the link Tim. That webcast offers a good explanation of the differences between a couple options for running PHP (Apache Module v. FastCGI implementation). However, the OP was looking to add PHP capabilities (e.g. logic, dynamic content, navigation, sessions, whatever) to a collection of static html files. That means he must use PHP -- either mod_php or fastcgi and will take on some performance overhead. And the question is whether he should just turn on the PHP interpreter for requests to *.html or some other approach. Saying fastcgi is faster than mod_php doesn't offer a solution to the original question. To add the php interpreter to a collection .html URIs, you can turn it on at the server configuration level (with the AddHandler directive "plan A"http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addhandler ) or you could do it in a few other ways. I think the most commonly seen method is to abandon the original URIs. E.g. "Due to a "site upgrade" our homepage home.html has now moved to home.php, please update your bookmarks". But I must say that is a bad idea. One alternate way (that has been suggested and even seconded) is to use an application framework (assuming that it has some dispatcher mechanism that maps the request to the original content) so that it can respond appropriately to requests for your original URIs. This could be implemented with many PHP frameworks (or Python etc.) The business case for "creating an application" depends on many factors we don't know about -- so I'd hesitate to recommend it apriori. In fact, I'd say that is a answer to a problem that hasn't been asked yet. Besides telling Apache to handle *.html requests with the php interpreter via the AddHandler directive (either as an Apache module, or fastcgi implementation, or perhaps using lighthttpd...) another option is to use content negotiation (which is more often used for translations but works just as well for mime types). Rename all the .html files as .php and let Apache serve the mapped file. http://www.w3.org/QA/2006/02/content_negotiation.html and http://httpd.apache.org/docs/2.0/mod/mod_negotiation.html This approach will not change the requested URIs, so it is SEO-neutral. I'd recommend using this approach while simultaneously updating all internal references to be technology-agnostic. Client requests foo.html --> Apache finds foo.php and serves it as foo.html. bar.php should link to "foo" rather than foo.html or foo.php The resource on disk should be foo.php so that developers can know the technology in use, and IDEs can easily identify the mime-type. You could rename all the files (*.html -> *.php) and use mod_rewrite under the covers but that would be a double performance hit: once for mod_rewrite execution; the other intentional performance hit for invoking PHP. I'm assuming that static or anonymous content serving (e.g. about.us.html which is now about.us.php on disk and served through the php interpreter in response to requests to either about.us or about.us.html) would be optimized using php caching, or other caching strategies. Info at http://freephile.com/wiki/index.php/PHP_Accelerator It's been a while since I dug into the current link juice algorithms, but I'd say that as long as external links to your content still work with a 200 response, then you're good. If you're implementing visible (to the client) redirects or changing URIs then you're in for a hit. Also, for those interested in benchmarking performance of different servers (Apache v. Lighty), deployment options for PHP (cgi v. module) or PHP versions (php4 v. php5) here are a couple of good links: http://buytaert.net/drupal-webserver-configurations-compared http://sebastian-bergmann.de/archives/634-PHP-GCC-ICC-Benchmark.html From artur at marnik.net Mon Feb 23 15:42:31 2009 From: artur at marnik.net (Artur Marnik) Date: Mon, 23 Feb 2009 15:42:31 -0500 Subject: [nycphp-talk] PHP scripts running in JBoss In-Reply-To: <5e2aaca40902221952r6086036dp5f5ae0b449904226@mail.gmail.com> References: <006e01c993a3$08838880$198a9980$@com> <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> <5e2aaca40902221952r6086036dp5f5ae0b449904226@mail.gmail.com> Message-ID: <49A30A37.3000709@marnik.net> Hi All In my company we are using Linux servers where we have PHP, mysql and all other nice stuff. My new manager is a Java guy and he always worked with Java and his new idea is to move all our stuff to Jboss. There is only one problem - we don't have enough time to migrate all of our PHP code to some Java stuff and he wants to install PHP servlet inside jboss to serve PHP content. Idea is ok but all info I could find in google is how to do it in Windows :( and all php5servlets that I found are for windows (php5servlet.dll). Has anyone ever done something similar and have an idea at least where to start? Thanks Artur From jmcgraw1 at gmail.com Mon Feb 23 15:44:24 2009 From: jmcgraw1 at gmail.com (Jake McGraw) Date: Mon, 23 Feb 2009 15:44:24 -0500 Subject: [nycphp-talk] PHP scripts running in JBoss In-Reply-To: <49A30A37.3000709@marnik.net> References: <006e01c993a3$08838880$198a9980$@com> <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> <5e2aaca40902221952r6086036dp5f5ae0b449904226@mail.gmail.com> <49A30A37.3000709@marnik.net> Message-ID: Try using this: http://php-java-bridge.sourceforge.net/pjb/ - jake On Mon, Feb 23, 2009 at 3:42 PM, Artur Marnik wrote: > Hi All > > In my company we are using Linux servers where we have PHP, mysql and all > other nice stuff. My new manager is a Java guy and he always worked with > Java and his new idea is to move all our stuff to Jboss. There is only one > problem - we don't have enough time to migrate all of our PHP code to some > Java stuff and he wants to install PHP servlet inside jboss to serve PHP > content. Idea is ok but all info I could find in google is how to do it in > Windows :( and all php5servlets that I found are for windows > (php5servlet.dll). Has anyone ever done something similar and have an idea > at least where to start? > > Thanks > Artur > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show_participation.php > From michael.southwell at nyphp.com Mon Feb 23 15:59:52 2009 From: michael.southwell at nyphp.com (Michael Southwell) Date: Mon, 23 Feb 2009 15:59:52 -0500 Subject: [nycphp-talk] how to grab original uri from error page Message-ID: <49A30E48.6040605@nyphp.com> I need to grab the original uri after having been redirected to an error page (like example.com/blah now that I'm in 404.php). I suppose this is somewhere in HttpRequest but I can't find it (brains not working very well right now). Anybody? -- ================= Michael Southwell Vice President, Education NYPHP TRAINING: http://nyphp.com/Training/Indepth From artur at marnik.net Mon Feb 23 16:11:21 2009 From: artur at marnik.net (Artur Marnik) Date: Mon, 23 Feb 2009 16:11:21 -0500 Subject: [nycphp-talk] how to grab original uri from error page In-Reply-To: <49A30E48.6040605@nyphp.com> References: <49A30E48.6040605@nyphp.com> Message-ID: <49A310F9.3040101@marnik.net> try $_SERVER["HTTP_REFERER"] Artur Michael Southwell wrote: > I need to grab the original uri after having been redirected > to an error page (like example.com/blah now that I'm in 404.php). > I suppose this is somewhere in HttpRequest but I can't find it > (brains not working very well right now). Anybody? > From danielc at analysisandsolutions.com Mon Feb 23 16:29:01 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 23 Feb 2009 16:29:01 -0500 Subject: [nycphp-talk] how to grab original uri from error page In-Reply-To: <49A30E48.6040605@nyphp.com> References: <49A30E48.6040605@nyphp.com> Message-ID: <20090223212901.GA6491@panix.com> Hey Michael: On Mon, Feb 23, 2009 at 03:59:52PM -0500, Michael Southwell wrote: > I need to grab the original uri after having been redirected > to an error page (like example.com/blah now that I'm in 404.php). It's in $_SERVER['REQUEST_URI']. My favorite way to figure stuff like this out is putting phpinfo() in the page you're curious about. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From danielc at analysisandsolutions.com Mon Feb 23 16:36:33 2009 From: danielc at analysisandsolutions.com (Daniel Convissor) Date: Mon, 23 Feb 2009 16:36:33 -0500 Subject: [nycphp-talk] PHP scripts running in JBoss In-Reply-To: <49A30A37.3000709@marnik.net> References: <006e01c993a3$08838880$198a9980$@com> <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com> <5e2aaca40902221952r6086036dp5f5ae0b449904226@mail.gmail.com> <49A30A37.3000709@marnik.net> Message-ID: <20090223213633.GB6491@panix.com> Hi Artur: When you want to start a new discussion, you need to make a whole new email. Replying to an earlier email makes your discussion show up as part of the earlier discussion. On Mon, Feb 23, 2009 at 03:42:31PM -0500, Artur Marnik wrote: > > My new manager is a Java guy and he always worked > with Java and his new idea is to move all our stuff to Jboss. ... > he wants to install PHP servlet inside jboss > to serve PHP content. Sorry for not really answering your question, but _exactly_ why do they want to do this? Seems like they don't know what they're doing. Adding needless layers is a really bad idea. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 From krook at us.ibm.com Mon Feb 23 16:47:36 2009 From: krook at us.ibm.com (Daniel Krook) Date: Mon, 23 Feb 2009 16:47:36 -0500 Subject: [nycphp-talk] PHP scripts running in JBoss In-Reply-To: <49A30A37.3000709@marnik.net> References: <006e01c993a3$08838880$198a9980$@com> <5e2aaca40902221204h7b913f4ahf649be67fa332d7@mail.gmail.com>