From davidalanroth at gmail.com  Sun Aug  1 17:24:59 2010
From: davidalanroth at gmail.com (David Roth)
Date: Sun, 1 Aug 2010 21:24:59 +0000
Subject: [nycphp-talk] OT: Sales Management Tool (Open Source) for Linux
	server (or Mac application)?
Message-ID: <AANLkTi=1jBfF5V1Pt2i0Zbqqd=gH1a_48LJFcZxeeYx0@mail.gmail.com>

I'm looking for a Sales Management Tool that's Open Source similar in
functionality to ACT! that runs on a Linux server or on The Macintosh. The
following features are most important:
- Integration with gmail, Mac's Mail.app or handle client pop e-mail.
- Reminders of activities.
- Pipeline/Opportunity Stages/Sales Funnel Management.
- For a single user (in other words, not a full Enterprise solution is
necessary)
- Doesn't have to be written in PHP, but should be Linux (unless it's a Mac
application)
I'd appreciation recommends of software packages that you highly recommend
that you've had experience with.

Thanks in advance!

David Roth
davidalanroth at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100801/d289acbb/attachment.html>

From mitch.pirtle at gmail.com  Sun Aug  1 22:22:13 2010
From: mitch.pirtle at gmail.com (Mitch Pirtle)
Date: Sun, 1 Aug 2010 22:22:13 -0400
Subject: [nycphp-talk] OT: Sales Management Tool (Open Source) for Linux
	server (or Mac application)?
In-Reply-To: <AANLkTi=1jBfF5V1Pt2i0Zbqqd=gH1a_48LJFcZxeeYx0@mail.gmail.com>
References: <AANLkTi=1jBfF5V1Pt2i0Zbqqd=gH1a_48LJFcZxeeYx0@mail.gmail.com>
Message-ID: <AANLkTikGjT-M=1uJa83JRpg3oE=eDT0ZuW9OT6bczV8E@mail.gmail.com>

Specific to the Mac, I've used iBiz (sales, project management and
billing) and was perfectly happy with it for freelance stuff. Might be
problematic if you have several people needing access though.

    http://www.iggsoftware.com/ibiz/index.php

Not sure if this is enough for specifically tracking sales efforts,
but it might work for you.

-- Mitch


From garyamort at gmail.com  Mon Aug  2 12:52:49 2010
From: garyamort at gmail.com (Gary Mort)
Date: Mon, 2 Aug 2010 12:52:49 -0400
Subject: [nycphp-talk] Mongo...sharding??
In-Reply-To: <AANLkTim18T1yNpLVBOLccNsJikUr4hcU3vo-8+q+yGhh@mail.gmail.com>
References: <AANLkTimUKwDJ=84bnMkHyi+TFQkEQDmFk7ndNNdSd4W7@mail.gmail.com> 
	<AANLkTim18T1yNpLVBOLccNsJikUr4hcU3vo-8+q+yGhh@mail.gmail.com>
Message-ID: <AANLkTimBA1mBhbJRo+fmYP4p=pErVnD2vxa9=vzpNCZa@mail.gmail.com>

On Wed, Jul 28, 2010 at 3:10 PM, Justin Dearing <zippy1981 at gmail.com> wrote:

> Full disclosure : I've contributed minor enhancements to windows support on
> mongodb, so I'm biased.
>
>
No worries, we have a number of Mongo enthusiasts here. :-)


> Also, consider asking this question on mongo-user (
>> http://groups.google.com/group/mongodb-user). If someone of note is using
>> an unstable version of mongo in their production systems, there is a good
>> chance they hang out on that list.
>>
>
> I'm more interested in NYPHP's.... I'd rather know if the cream of the crop
is using it than just any average user. :-)

-Gary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100802/6767ffb5/attachment.html>

From fgabrieli at gmail.com  Fri Aug  6 14:11:15 2010
From: fgabrieli at gmail.com (Fernando Gabrieli)
Date: Fri, 6 Aug 2010 15:11:15 -0300
Subject: [nycphp-talk] SalesForce
Message-ID: <AANLkTiku-hx1YMA7WCNw_Nigc9iuZhihNDP0JrgtNF12@mail.gmail.com>

Hi all, i'm working for a company which is considering creating a website
using SalesForce

I've been asked about how many time it would take for a developer to get
into it

Have you ever used it? How much did it take to you to get familiar?

thanks in advance

best regards
Fernando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100806/110c2b54/attachment.html>

From papillion at gmail.com  Fri Aug  6 21:50:07 2010
From: papillion at gmail.com (Anthony Papillion)
Date: Fri, 6 Aug 2010 20:50:07 -0500
Subject: [nycphp-talk] Making text hard to copy
Message-ID: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>

I'm starting to work on a system that will require a bit of extra security.
One of the security protocols the customer's decided on is that the
outputted page should be fairly hard to copy. Yes, I know making an HTML
page uncopyable is impossible but I want to make it as hard as possible.

So far, I've come up with the following possible solutions:

- Put all the output on an image and disable right click
- Output a PDF

Both of these solutions really feel nasty to me and don't really solve the
problem at all.  Does anyone have any other ideas?

Thanks!
Anthony

-- 
Anthony Papillion
Lead Developer / Owner
Advanced Data Concepts - "Enabling work anywhere"
(918) 533-9969

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100806/d9e71bc6/attachment.html>

From jtg at intarcorp.com  Fri Aug  6 22:42:38 2010
From: jtg at intarcorp.com (J. T. Gray)
Date: Fri, 6 Aug 2010 22:42:38 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
Message-ID: <B868BB0C-3BCC-49F9-9C7C-073D2AEFA2C0@intarcorp.com>

Output to Flash :D



On Aug 6, 2010, at 9:50 PM, Anthony Papillion <papillion at gmail.com>  
wrote:

> I'm starting to work on a system that will require a bit of extra  
> security. One of the security protocols the customer's decided on is  
> that the outputted page should be fairly hard to copy. Yes, I know  
> making an HTML page uncopyable is impossible but I want to make it  
> as hard as possible.
>
> So far, I've come up with the following possible solutions:
>
> - Put all the output on an image and disable right click
> - Output a PDF
>
> Both of these solutions really feel nasty to me and don't really  
> solve the problem at all.  Does anyone have any other ideas?
>
> Thanks!
> Anthony
>
> -- 
> Anthony Papillion
> Lead Developer / Owner
> Advanced Data Concepts - "Enabling work anywhere"
> (918) 533-9969
>
> Facebook: http://www.facebook.com/cajuntechie
> My Blog:   http://www.cajuntechie.com
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100806/38ab8536/attachment.html>

From gatzby3jr at gmail.com  Fri Aug  6 22:59:57 2010
From: gatzby3jr at gmail.com (Brian O'Connor)
Date: Fri, 6 Aug 2010 22:59:57 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <B868BB0C-3BCC-49F9-9C7C-073D2AEFA2C0@intarcorp.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
	<B868BB0C-3BCC-49F9-9C7C-073D2AEFA2C0@intarcorp.com>
Message-ID: <AANLkTi=qSgrCdm4Efdk6o0CRdL3XUCcTyYoqpK5fDoZ+@mail.gmail.com>

Well, you're pretty limited to javascript (unless you output to flash
or pdf), which obviously means anyone who disables it won't be
affected. However, as you already stated you're aware of that, one
thing that might be cool is to detect the ctrl+c keys being pushed,
and reversed the selected text. That requires access to the clipboard
(not always available), and disabling right click.

I don't really think about this problem too much, but might be an
interesting idea.



On 8/6/10, J. T. Gray <jtg at intarcorp.com> wrote:
> Output to Flash :D
>
>
>
> On Aug 6, 2010, at 9:50 PM, Anthony Papillion <papillion at gmail.com>
> wrote:
>
>> I'm starting to work on a system that will require a bit of extra
>> security. One of the security protocols the customer's decided on is
>> that the outputted page should be fairly hard to copy. Yes, I know
>> making an HTML page uncopyable is impossible but I want to make it
>> as hard as possible.
>>
>> So far, I've come up with the following possible solutions:
>>
>> - Put all the output on an image and disable right click
>> - Output a PDF
>>
>> Both of these solutions really feel nasty to me and don't really
>> solve the problem at all.  Does anyone have any other ideas?
>>
>> Thanks!
>> Anthony
>>
>> --
>> Anthony Papillion
>> Lead Developer / Owner
>> Advanced Data Concepts - "Enabling work anywhere"
>> (918) 533-9969
>>
>> Facebook: http://www.facebook.com/cajuntechie
>> My Blog:   http://www.cajuntechie.com
>>
>> _______________________________________________
>> New York PHP Users Group Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> http://www.nyphp.org/Show-Participation
>

-- 
Sent from my mobile device

Brian O'Connor


From ramons at gmx.net  Fri Aug  6 23:13:46 2010
From: ramons at gmx.net (David Krings)
Date: Fri, 06 Aug 2010 23:13:46 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
Message-ID: <4C5CCF6A.4070602@gmx.net>

On 8/6/2010 21:50, Anthony Papillion wrote:
> I'm starting to work on a system that will require a bit of extra security.
> One of the security protocols the customer's decided on is that the outputted
> page should be fairly hard to copy. Yes, I know making an HTML page uncopyable
> is impossible but I want to make it as hard as possible.
>
> So far, I've come up with the following possible solutions:
>
> - Put all the output on an image and disable right click
> - Output a PDF
>
> Both of these solutions really feel nasty to me and don't really solve the
> problem at all.  Does anyone have any other ideas?

An image would be better, copying text out of a PDF is a piece of cake. And 
even with all the protections in place one can always make a screen shot and 
use OCR. All you can do is making the process a bit more annoying. If the 
customer doesn't want anyone to copy the content, don't have them put it on 
the web. And in that sense, why bother with any tricked out web site. Either 
put it out there and be prepared to have it copied or don't do it. It is 
possibly one of these cases where management tries to solve  a management 
problem with some technology. That usually fails.

Other options would be audio. The text gets recorded and you play the audio 
file. Any optical means fall flat here. So the only way is to use voice 
recognition or stenography. Could even do video, maybe that gives an option to 
present the content nicely.

In the end there is always a way and the real question is, how much damage 
could occur if indeed someone copies and distributes the content. If that 
would be potentially bad the next step up is paper copies and an NDA. At least 
the customer has something to base a lawsuit on.

David


From blakeelias at gmail.com  Sat Aug  7 00:01:21 2010
From: blakeelias at gmail.com (Blake)
Date: Sat, 7 Aug 2010 00:01:21 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
Message-ID: <AANLkTimLBHZASz+61OCvF69_5CAYvcNcAQr+dF+aOnQQ@mail.gmail.com>

One site that I worked on had an image for each character on some
pages -- in the images directory, each file X.gif was an image
representation of character X, and the pages would call for a bunch of
those images to spell out words.  I think it was more so they could
get a particular font than for any duplication concerns, but that
could be a pain to copy.  It did impact performance and search engine
optimization, so I ended up converting it to text by replacing each
<img> tag with its respective character.  It wasn't that hard for me,
but would require a user who wants to duplicate it to know how to view
source, and then to have some knowledge of find/replace or regular
expressions.

You could make it even harder by naming the file something different
than the character represents, without an obvious formula.  Make a key
of characters -> filenames that only you have, and have a script
(possibly PHP) convert your text into a series of images following
that key.  A user would have to read through the source code, match up
each filename to the character on the page, and run a bunch of
find/replace commands to get the original text.

If all that's still too easy to copy, insert some extraneous
character-images in between the real ones, and have a Javascript
dynamically remove them from the page.  Now someone using view >
source would have a real tough time matching it all up and removing
the extraneous characters, unless they are using a DOM inspector tool
like Firebug that shows DOM changes as they are executed.

At this point it would be faster for them to just retype the whole
page, which they can do no matter what.

Basically, it all depends how much you care about accessibility to a
variety of users, speed/performance, and search engine optimization.
Images and Flash will make it inaccessible to some users and make it a
bit slower.  That may be a price you and the customer are willing to
pay.  It will also make it hard/impossible for search engines to
crawl.

Good luck,

Blake Elias

On Fri, Aug 6, 2010 at 9:50 PM, Anthony Papillion <papillion at gmail.com> wrote:
> I'm starting to work on a system that will require a bit of extra security.
> One of the security protocols the customer's decided on is that the
> outputted page should be fairly hard to copy. Yes, I know making an HTML
> page uncopyable is impossible but I want to make it as hard as possible.
> So far, I've come up with the following possible solutions:
> - Put all the output on an image and disable right click
> - Output a PDF
> Both of these solutions really feel nasty to me and don't really solve the
> problem at all. ?Does anyone have any other ideas?
> Thanks!
> Anthony
>
> --
> Anthony Papillion
> Lead Developer / Owner
> Advanced Data Concepts - "Enabling work anywhere"
> (918) 533-9969
>
> Facebook: http://www.facebook.com/cajuntechie
> My Blog:?? http://www.cajuntechie.com
>
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>


From papillion at gmail.com  Sat Aug  7 02:13:48 2010
From: papillion at gmail.com (Anthony Papillion)
Date: Sat, 7 Aug 2010 01:13:48 -0500
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
Message-ID: <AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>

Thank you everyone for your feedback on this problem. In the end, I think
the most secure way of solving this problem is to output the text to
Flash.   While I know it's fairly easy to download a Flash applet (which
would, in essence, copy the text, I believe most of the people using this
system won't know that and will be 'safe enough'.   Additionally, if I
remember correctly, Flash content doesn't show up in a screenshot (though I
could be wrong on this).

So thank you for the input. It's much appreciated.


-- 
Anthony Papillion
Lead Developer / Owner
Advanced Data Concepts - "Enabling work anywhere"
(918) 533-9969

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100807/dd11a975/attachment.html>

From edwardpotter at gmail.com  Sat Aug  7 04:16:22 2010
From: edwardpotter at gmail.com (Edward Potter)
Date: Sat, 7 Aug 2010 04:16:22 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
	<AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>
Message-ID: <D1012D39-0630-4E2E-95E5-E79C185B02C7@gmail.com>

Impossible.

I can always get a screen shot, shoot it  off to Amazon Turk and have it 100% transcribed and sent to my email probably in a few minutes.  

There is no way of 100% preventing a screenshot. The core DNA of the Internet is built on sharing.  No way of getting around that.   

You can make it a bit harder but impossible to prevent copying.  Just the nature of the beast.  

Sent from my iPhone

On Aug 7, 2010, at 2:13 AM, Anthony Papillion <papillion at gmail.com> wrote:

> Thank you everyone for your feedback on this problem. In the end, I think the most secure way of solving this problem is to output the text to Flash.   While I know it's fairly easy to download a Flash applet (which would, in essence, copy the text, I believe most of the people using this system won't know that and will be 'safe enough'.   Additionally, if I remember correctly, Flash content doesn't show up in a screenshot (though I could be wrong on this). 
> 
> So thank you for the input. It's much appreciated.
> 
> 
> -- 
> Anthony Papillion
> Lead Developer / Owner
> Advanced Data Concepts - "Enabling work anywhere"
> (918) 533-9969
> 
> Facebook: http://www.facebook.com/cajuntechie
> My Blog:   http://www.cajuntechie.com
> 
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> http://www.nyphp.org/Show-Participation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100807/4d38dfc2/attachment.html>

From papillion at gmail.com  Sat Aug  7 04:44:39 2010
From: papillion at gmail.com (Anthony Papillion)
Date: Sat, 7 Aug 2010 03:44:39 -0500
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <D1012D39-0630-4E2E-95E5-E79C185B02C7@gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
	<AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>
	<D1012D39-0630-4E2E-95E5-E79C185B02C7@gmail.com>
Message-ID: <AANLkTi=f+VzHJvt45K-Z3hvqmn+uxtbre1=S9BOJQ5Dd@mail.gmail.com>

You're right, Ed. It's impossible to prevent someone who wants a
screenshot from getting one. Someone intent on copying information
will do it, even if they have to take a picture of the screen or hand
copy the material.

The goal of this project is just to make it harder for the "average"
enterprise use from copying information.

Thanks,
A

On 8/7/10, Edward Potter <edwardpotter at gmail.com> wrote:
> Impossible.
>
> I can always get a screen shot, shoot it  off to Amazon Turk and have it
> 100% transcribed and sent to my email probably in a few minutes.
>
> There is no way of 100% preventing a screenshot. The core DNA of the
> Internet is built on sharing.  No way of getting around that.
>
> You can make it a bit harder but impossible to prevent copying.  Just the
> nature of the beast.
>
> Sent from my iPhone
>
> On Aug 7, 2010, at 2:13 AM, Anthony Papillion <papillion at gmail.com> wrote:
>
>> Thank you everyone for your feedback on this problem. In the end, I think
>> the most secure way of solving this problem is to output the text to
>> Flash.   While I know it's fairly easy to download a Flash applet (which
>> would, in essence, copy the text, I believe most of the people using this
>> system won't know that and will be 'safe enough'.   Additionally, if I
>> remember correctly, Flash content doesn't show up in a screenshot (though
>> I could be wrong on this).
>>
>> So thank you for the input. It's much appreciated.
>>
>>
>> --
>> Anthony Papillion
>> Lead Developer / Owner
>> Advanced Data Concepts - "Enabling work anywhere"
>> (918) 533-9969
>>
>> Facebook: http://www.facebook.com/cajuntechie
>> My Blog:   http://www.cajuntechie.com
>>
>> _______________________________________________
>> New York PHP Users Group Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> http://www.nyphp.org/Show-Participation
>

-- 
Sent from my mobile device

Anthony Papillion
Lead Developer / Owner
Advanced Data Concepts - "Enabling work anywhere"
(918) 533-9969

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com


From edwardpotter at gmail.com  Sat Aug  7 07:50:57 2010
From: edwardpotter at gmail.com (Edward Potter)
Date: Sat, 7 Aug 2010 07:50:57 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTi=qSgrCdm4Efdk6o0CRdL3XUCcTyYoqpK5fDoZ+@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
	<B868BB0C-3BCC-49F9-9C7C-073D2AEFA2C0@intarcorp.com>
	<AANLkTi=qSgrCdm4Efdk6o0CRdL3XUCcTyYoqpK5fDoZ+@mail.gmail.com>
Message-ID: <9A2EC3FA-AEB2-49EA-B35F-711FE95641AE@gmail.com>



Sent from my iPhone

On Aug 6, 2010, at 10:59 PM, "Brian O'Connor" <gatzby3jr at gmail.com> wrote:

> Well, you're pretty limited to javascript (unless you output to flash
> or pdf), which obviously means anyone who disables it won't be
> affected. However, as you already stated you're aware of that, one
> thing that might be cool is to detect the ctrl+c keys being pushed,
> and reversed the selected text. That requires access to the clipboard
> (not always available), and disabling right click.
> 
> I don't really think about this problem too much, but might be an
> interesting idea.
> 
> 
> 
> On 8/6/10, J. T. Gray <jtg at intarcorp.com> wrote:
>> Output to Flash :D
>> 
>> 
>> 
>> On Aug 6, 2010, at 9:50 PM, Anthony Papillion <papillion at gmail.com>
>> wrote:
>> 
>>> I'm starting to work on a system that will require a bit of extra
>>> security. One of the security protocols the customer's decided on is
>>> that the outputted page should be fairly hard to copy. Yes, I know
>>> making an HTML page uncopyable is impossible but I want to make it
>>> as hard as possible.
>>> 
>>> So far, I've come up with the following possible solutions:
>>> 
>>> - Put all the output on an image and disable right click
>>> - Output a PDF
>>> 
>>> Both of these solutions really feel nasty to me and don't really
>>> solve the problem at all.  Does anyone have any other ideas?
>>> 
>>> Thanks!
>>> Anthony
>>> 
>>> --
>>> Anthony Papillion
>>> Lead Developer / Owner
>>> Advanced Data Concepts - "Enabling work anywhere"
>>> (918) 533-9969
>>> 
>>> Facebook: http://www.facebook.com/cajuntechie
>>> My Blog:   http://www.cajuntechie.com
>>> 
>>> _______________________________________________
>>> New York PHP Users Group Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>> 
>>> http://www.nyphp.org/Show-Participation
>> 
> 
> -- 
> Sent from my mobile device
> 
> Brian O'Connor
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> http://www.nyphp.org/Show-Participation


From danielc at analysisandsolutions.com  Sat Aug  7 09:06:00 2010
From: danielc at analysisandsolutions.com (Daniel Convissor)
Date: Sat, 7 Aug 2010 09:06:00 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
	<AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>
Message-ID: <20100807130600.GA28019@panix.com>

Hola:

> the most secure way of solving this problem is to output the text to
> Flash.

And what do you do for users that don't have a flash player installed?

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409


From tedd.sperling at gmail.com  Sat Aug  7 09:54:03 2010
From: tedd.sperling at gmail.com (tedd)
Date: Sat, 7 Aug 2010 09:54:03 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTi=f+VzHJvt45K-Z3hvqmn+uxtbre1=S9BOJQ5Dd@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
	<AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>
	<D1012D39-0630-4E2E-95E5-E79C185B02C7@gmail.com>
	<AANLkTi=f+VzHJvt45K-Z3hvqmn+uxtbre1=S9BOJQ5Dd@mail.gmail.com>
Message-ID: <p06240804c883156da514@[192.168.1.104]>

At 3:44 AM -0500 8/7/10, Anthony Papillion wrote:
>You're right, Ed. It's impossible to prevent someone who wants a
>screenshot from getting one. Someone intent on copying information
>will do it, even if they have to take a picture of the screen or hand
>copy the material.
>
>The goal of this project is just to make it harder for the "average"
>enterprise use from copying information.
>
>Thanks,
>A

A:

You might investigate placing a transparent image over the text 
making it harder to copy.

Here's a working example of how I did that to protect an image from 
being easily copied.

http://webbytedd.com/b/protect-image/

Granted, it doesn't stop everyone, but it does slow them down.

Cheers,

tedd

-- 
-------
http://sperling.com/


From ramons at gmx.net  Sat Aug  7 10:16:59 2010
From: ramons at gmx.net (David Krings)
Date: Sat, 07 Aug 2010 10:16:59 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <20100807130600.GA28019@panix.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>	<AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>
	<20100807130600.GA28019@panix.com>
Message-ID: <4C5D6ADB.6030600@gmx.net>

On 8/7/2010 9:06, Daniel Convissor wrote:
> Hola:
>
>> the most secure way of solving this problem is to output the text to
>> Flash.
>
> And what do you do for users that don't have a flash player installed?
>
> --Dan
>

Hmmm, and what about those people who do not want or are not allowed to 
install Flash for security reasons? Also, on older systems Flash is just 
excrutiatingly slow. I mentioned earlier using video files. I was first 
thinking about a person presenting the content, but why not take images of the 
content and compose a video of that. I am sure any system has some basic video 
capabilities, which typically can play an avi that uses a common coding (OK, 
video on older systems isn't great either, but typically works better than 
Flash). Depending on how the video is embedded in the page you can have player 
controls that allow people to stop the video and read the text.
Again, even that is no sure way of stopping anyone from obtaining and 
retaining the content, see Fahrenheit 451.

David


---Not sent from any mobile device


From davidalanroth at gmail.com  Mon Aug  9 03:01:49 2010
From: davidalanroth at gmail.com (David Roth)
Date: Mon, 9 Aug 2010 03:01:49 -0400
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTi=f+VzHJvt45K-Z3hvqmn+uxtbre1=S9BOJQ5Dd@mail.gmail.com>
References: <AANLkTik4sSEC6d+EBB0FCT1vvGbi3JMVd+G8tOYVG5Zm@mail.gmail.com>
	<AANLkTi=VD+FsuPN-Be6NZhfJh819aLggiatKAGA4YTTs@mail.gmail.com>
	<D1012D39-0630-4E2E-95E5-E79C185B02C7@gmail.com>
	<AANLkTi=f+VzHJvt45K-Z3hvqmn+uxtbre1=S9BOJQ5Dd@mail.gmail.com>
Message-ID: <08E0CEF1-89BD-466E-9E03-16EA3DA4B2AA@gmail.com>

Anthony, I think for the average visitor to a web page, I would look  
into outputting the text as an image. This way it could be made to  
look like a regular web page and doesn't require the visitor to  
install or update anything on their computer such as Flash. I remember  
seeing some routines built-in to PHP that including writing text over  
a graphic. The graphic could be simply white to look like the  
background of the web page or whatever the design is.

You could write some test examples and run them at the Linux command  
level using the 'time' command to see how much overhead they really  
add vs displaying the text:

time php textasgraphic.php
time php justtext.php

Before anyone else further beats up on the concept, I can understand  
why someone would prefer not to have people copy and paste their  
content out of context and  e-mail it around such as a company news  
release, where the company would prefer people direct others to the  
web page itself.

David Roth


On Aug 7, 2010, at 4:44 AM, Anthony Papillion wrote:

> You're right, Ed. It's impossible to prevent someone who wants a
> screenshot from getting one. Someone intent on copying information
> will do it, even if they have to take a picture of the screen or hand
> copy the material.
>
> The goal of this project is just to make it harder for the "average"
> enterprise use from copying information.
>
> Thanks,
> A
>
> On 8/7/10, Edward Potter <edwardpotter at gmail.com> wrote:
>> Impossible.
>>
>> I can always get a screen shot, shoot it  off to Amazon Turk and  
>> have it
>> 100% transcribed and sent to my email probably in a few minutes.
>>
>> There is no way of 100% preventing a screenshot. The core DNA of the
>> Internet is built on sharing.  No way of getting around that.
>>
>> You can make it a bit harder but impossible to prevent copying.   
>> Just the
>> nature of the beast.
>>
>> Sent from my iPhone
>>
>> On Aug 7, 2010, at 2:13 AM, Anthony Papillion <papillion at gmail.com>  
>> wrote:
>>
>>> Thank you everyone for your feedback on this problem. In the end,  
>>> I think
>>> the most secure way of solving this problem is to output the text to
>>> Flash.   While I know it's fairly easy to download a Flash applet  
>>> (which
>>> would, in essence, copy the text, I believe most of the people  
>>> using this
>>> system won't know that and will be 'safe enough'.   Additionally,  
>>> if I
>>> remember correctly, Flash content doesn't show up in a screenshot  
>>> (though
>>> I could be wrong on this).
>>>
>>> So thank you for the input. It's much appreciated.
>>>
>>>
>>> --
>>> Anthony Papillion
>>> Lead Developer / Owner
>>> Advanced Data Concepts - "Enabling work anywhere"
>>> (918) 533-9969
>>>
>>> Facebook: http://www.facebook.com/cajuntechie
>>> My Blog:   http://www.cajuntechie.com
>>>
>>> _______________________________________________
>>> New York PHP Users Group Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> http://www.nyphp.org/Show-Participation
>>
>
> -- 
> Sent from my mobile device
>
> Anthony Papillion
> Lead Developer / Owner
> Advanced Data Concepts - "Enabling work anywhere"
> (918) 533-9969
>
> Facebook: http://www.facebook.com/cajuntechie
> My Blog:   http://www.cajuntechie.com



From dorgan at donaldorgan.com  Mon Aug  9 09:45:46 2010
From: dorgan at donaldorgan.com (Donald J. Organ IV)
Date: Mon, 9 Aug 2010 09:45:46 -0400 (EDT)
Subject: [nycphp-talk] Making text hard to copy
In-Reply-To: <AANLkTi=f+VzHJvt45K-Z3hvqmn+uxtbre1=S9BOJQ5Dd@mail.gmail.com>
Message-ID: <1093093.292.1281361546258.JavaMail.root@localhost>

either in your body tag or on a secured block of text(div) you can use onselectstart="return false"   which will not allow the user to highlight said block of text.  Id doesnt secure things 100% but at least its another roadblock.



----- Original Message -----
From: "Anthony Papillion" <papillion at gmail.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Saturday, August 7, 2010 4:44:39 AM
Subject: Re: [nycphp-talk] Making text hard to copy

You're right, Ed. It's impossible to prevent someone who wants a
screenshot from getting one. Someone intent on copying information
will do it, even if they have to take a picture of the screen or hand
copy the material.

The goal of this project is just to make it harder for the "average"
enterprise use from copying information.

Thanks,
A


From paul at devonianfarm.com  Mon Aug  9 13:23:31 2010
From: paul at devonianfarm.com (Paul A Houle)
Date: Mon, 09 Aug 2010 13:23:31 -0400
Subject: [nycphp-talk] SalesForce
In-Reply-To: <AANLkTiku-hx1YMA7WCNw_Nigc9iuZhihNDP0JrgtNF12@mail.gmail.com>
References: <AANLkTiku-hx1YMA7WCNw_Nigc9iuZhihNDP0JrgtNF12@mail.gmail.com>
Message-ID: <4C603993.8010906@devonianfarm.com>

Fernando Gabrieli wrote:
> Hi all, i'm working for a company which is considering creating a 
> website using SalesForce
>
> I've been asked about how many time it would take for a developer to 
> get into it
>
> Have you ever used it? How much did it take to you to get familiar?
>
> thanks in advance
>
> best regards
> Fernando
>
    I haven't made "Salesforce pages" (public-facing web sites that run 
on the SF platform) but I have done some work with the API and I made it 
to Dreamforce last year.

    From a technical point of view,  you can develop public and private 
facing SF applications with a system that's very similar to modern MVC 
frameworks like CakePHP or symfony,  but you'd do coding in a language 
called APEX,  which is derived from Java,  and the database is somewhere 
between SQL and NoSQL.  There's a Web UI builder in the IDE for it,  so 
you can build simple pages with very little coding -- I saw a demo aimed 
at marketing people where they were able to knock up a form in the 
builder in about five minutes.  Particularly looking at the API I see a 
lot of similarities between the SF platform and the Facebook platform,  
but SF is really optimized for classic OLTP applications and doesn't 
have the specializations for large social networks that you see in sites 
like FB or LinkedIn.

    That said,  I find the business of Salesfore puzzling.  I like 
building web sites that are supported by advertising,  so think in terms 
of eCPM,  which is typically between $0.25-$5.00 for the sites I make.  
Pages hosted on the SF platform cost $1.00 eCPM to host,  which would 
eat an unacceptable amount of my profits...  Particularly when the costs 
of a more conventional system (MySQL/PHP,  or MSSQL/ASP.NET) is probably 
1/100 that assuming reasonable scale and utilization.  SF has an ARPU of 
around $1000 a year...  If it wasn't possible to provision a similar 
kind of service for 1/1000 the price,  it wouldn't be possible for 
Facebook to exist.  You'd think,  given the prices they charge,  SF 
would have good margins,  but according to what they file with the 
S.E.C.,  Salesforce.com's margins are much much smaller than those of 
Amazon Web Services!

    In the back end,  SF has several big clusters that center around an 
instance of Oracle 10g,  and they buy lots of gold plated hardware.  The 
reliability of SF is excellent,  and performance is really good for OLTP 
work,  but the platform is weak for analytics,  network analysis and 
anything that doesn't fit into its paradigm...  They charge something 
like $1K / month/ GB for database storage,  which is just nuts...  They 
could be storing it in RAM for what they're charging.

    Overall,  if your company is already using SF and you want to build 
applications that communicate with your SF database in an OLTP manner,  
SF pages are a reasonable way to go.  If you don't already have a 
commitment to SF,  I'd stay away.  They like to recall the days that 
they were a disruptive upstart,  but I think 10 years from now they're 
going to be seen as an over-the-hill high cost provider.


From fgabrieli at gmail.com  Mon Aug  9 15:39:34 2010
From: fgabrieli at gmail.com (Fernando Gabrieli)
Date: Mon, 9 Aug 2010 16:39:34 -0300
Subject: [nycphp-talk] SalesForce
In-Reply-To: <4C603993.8010906@devonianfarm.com>
References: <AANLkTiku-hx1YMA7WCNw_Nigc9iuZhihNDP0JrgtNF12@mail.gmail.com>
	<4C603993.8010906@devonianfarm.com>
Message-ID: <AANLkTimPdcw_=SKC9VEJvBRimNQe5OHCjNZDCXdGQHdW@mail.gmail.com>

Paul,

First of all, thank you for sharing all this information

In this case it seems like a client is already using SalesForce and asking
about doing some changes. So after this i've been asked about how many time
it would take for a developer to get into the platform

My first guess was a week, then i downloaded the manual (with > 300 pages)
and i started thinking in two weeks, but if it's Java i don't think we'll be
able to take it. We are doing PHP mostly, also FB apps, ASP, AS, but not
Java

>From what you are telling me, it seems like we might need to develop in
Java, not in PHP, is this correct?


best,
Fernando



On Mon, Aug 9, 2010 at 2:23 PM, Paul A Houle <paul at devonianfarm.com> wrote:

> Fernando Gabrieli wrote:
>
>> Hi all, i'm working for a company which is considering creating a website
>> using SalesForce
>>
>> I've been asked about how many time it would take for a developer to get
>> into it
>>
>> Have you ever used it? How much did it take to you to get familiar?
>>
>> thanks in advance
>>
>> best regards
>> Fernando
>>
>>    I haven't made "Salesforce pages" (public-facing web sites that run on
> the SF platform) but I have done some work with the API and I made it to
> Dreamforce last year.
>
>   From a technical point of view,  you can develop public and private
> facing SF applications with a system that's very similar to modern MVC
> frameworks like CakePHP or symfony,  but you'd do coding in a language
> called APEX,  which is derived from Java,  and the database is somewhere
> between SQL and NoSQL.  There's a Web UI builder in the IDE for it,  so you
> can build simple pages with very little coding -- I saw a demo aimed at
> marketing people where they were able to knock up a form in the builder in
> about five minutes.  Particularly looking at the API I see a lot of
> similarities between the SF platform and the Facebook platform,  but SF is
> really optimized for classic OLTP applications and doesn't have the
> specializations for large social networks that you see in sites like FB or
> LinkedIn.
>
>   That said,  I find the business of Salesfore puzzling.  I like building
> web sites that are supported by advertising,  so think in terms of eCPM,
>  which is typically between $0.25-$5.00 for the sites I make.  Pages hosted
> on the SF platform cost $1.00 eCPM to host,  which would eat an unacceptable
> amount of my profits...  Particularly when the costs of a more conventional
> system (MySQL/PHP,  or MSSQL/ASP.NET) is probably 1/100 that assuming
> reasonable scale and utilization.  SF has an ARPU of around $1000 a year...
>  If it wasn't possible to provision a similar kind of service for 1/1000 the
> price,  it wouldn't be possible for Facebook to exist.  You'd think,  given
> the prices they charge,  SF would have good margins,  but according to what
> they file with the S.E.C.,  Salesforce.com's margins are much much smaller
> than those of Amazon Web Services!
>
>   In the back end,  SF has several big clusters that center around an
> instance of Oracle 10g,  and they buy lots of gold plated hardware.  The
> reliability of SF is excellent,  and performance is really good for OLTP
> work,  but the platform is weak for analytics,  network analysis and
> anything that doesn't fit into its paradigm...  They charge something like
> $1K / month/ GB for database storage,  which is just nuts...  They could be
> storing it in RAM for what they're charging.
>
>   Overall,  if your company is already using SF and you want to build
> applications that communicate with your SF database in an OLTP manner,  SF
> pages are a reasonable way to go.  If you don't already have a commitment to
> SF,  I'd stay away.  They like to recall the days that they were a
> disruptive upstart,  but I think 10 years from now they're going to be seen
> as an over-the-hill high cost provider.
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100809/1803385f/attachment.html>

From paul at devonianfarm.com  Mon Aug  9 16:35:04 2010
From: paul at devonianfarm.com (Paul A Houle)
Date: Mon, 09 Aug 2010 16:35:04 -0400
Subject: [nycphp-talk] SalesForce
In-Reply-To: <AANLkTimPdcw_=SKC9VEJvBRimNQe5OHCjNZDCXdGQHdW@mail.gmail.com>
References: <AANLkTiku-hx1YMA7WCNw_Nigc9iuZhihNDP0JrgtNF12@mail.gmail.com>	<4C603993.8010906@devonianfarm.com>
	<AANLkTimPdcw_=SKC9VEJvBRimNQe5OHCjNZDCXdGQHdW@mail.gmail.com>
Message-ID: <4C606678.4070008@devonianfarm.com>

Fernando Gabrieli wrote:
> Paul,
>
> First of all, thank you for sharing all this information
>
> In this case it seems like a client is already using SalesForce and 
> asking about doing some changes. So after this i've been asked about 
> how many time it would take for a developer to get into the platform
>
> My first guess was a week, then i downloaded the manual (with > 300 
> pages) and i started thinking in two weeks, but if it's Java i don't 
> think we'll be able to take it. We are doing PHP mostly, also FB apps, 
> ASP, AS, but not Java
>
> From what you are telling me, it seems like we might need to develop 
> in Java, not in PHP, is this correct?
>
    The language is APEX,  which is very similar to Java -- there's an 
IDE for APEX that runs in Eclipse.

    You definitely can write applications in some other language that 
access Salesforce via a SOAP API.  In my experience this works very well 
with Microsoft's SOAP stack in .NET,  I can't say I've ever tried it 
with PHP.  On the other hand,  if you host the whole app in Salesforce 
there are some big advantages in terms of reliability,  performance,  
not having to sysadmin,  etc.


From fgabrieli at gmail.com  Tue Aug 10 16:01:35 2010
From: fgabrieli at gmail.com (Fernando Gabrieli)
Date: Tue, 10 Aug 2010 17:01:35 -0300
Subject: [nycphp-talk] SalesForce
In-Reply-To: <4C606678.4070008@devonianfarm.com>
References: <AANLkTiku-hx1YMA7WCNw_Nigc9iuZhihNDP0JrgtNF12@mail.gmail.com>
	<4C603993.8010906@devonianfarm.com>
	<AANLkTimPdcw_=SKC9VEJvBRimNQe5OHCjNZDCXdGQHdW@mail.gmail.com>
	<4C606678.4070008@devonianfarm.com>
Message-ID: <AANLkTimBdbRhWG1gxrz3L1NPHaLGJeFvmrsPOyNvHv7w@mail.gmail.com>

Thanks again Paul, i'll see what they want to do about this

On Mon, Aug 9, 2010 at 5:35 PM, Paul A Houle <paul at devonianfarm.com> wrote:

> Fernando Gabrieli wrote:
>
>> Paul,
>>
>> First of all, thank you for sharing all this information
>>
>> In this case it seems like a client is already using SalesForce and asking
>> about doing some changes. So after this i've been asked about how many time
>> it would take for a developer to get into the platform
>>
>> My first guess was a week, then i downloaded the manual (with > 300 pages)
>> and i started thinking in two weeks, but if it's Java i don't think we'll be
>> able to take it. We are doing PHP mostly, also FB apps, ASP, AS, but not
>> Java
>>
>> From what you are telling me, it seems like we might need to develop in
>> Java, not in PHP, is this correct?
>>
>>    The language is APEX,  which is very similar to Java -- there's an IDE
> for APEX that runs in Eclipse.
>
>   You definitely can write applications in some other language that access
> Salesforce via a SOAP API.  In my experience this works very well with
> Microsoft's SOAP stack in .NET,  I can't say I've ever tried it with PHP.
>  On the other hand,  if you host the whole app in Salesforce there are some
> big advantages in terms of reliability,  performance,  not having to
> sysadmin,  etc.
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100810/d3e6e790/attachment.html>

From danielc at analysisandsolutions.com  Fri Aug 13 16:00:40 2010
From: danielc at analysisandsolutions.com (Daniel Convissor)
Date: Fri, 13 Aug 2010 16:00:40 -0400
Subject: [nycphp-talk] Make PHP Better.  Come to Brooklyn's PHP TestFest.
Message-ID: <20100813200040.GA24424@panix.com>

Hey Folks:

Hang out, drink some beer and write some unit tests for PHP.

Unit tests ensure the PHP engine behaves as expected and continues to do 
so as it is developed. Let's put our minds to work exploring the 
underlying C source code and documentation to find edge cases and 
uncovered segments that need checking and then we'll go about writing 
those tests.

Bring a laptop that has PHP CLI installed or Internet access to a machine 
that does. I will explain the rest. Also bring some interesting beer to 
share.

Saturday, August 28, 12:00 PM - 4:00 PM

We will be meeting in the Sunset Park neighborhood of Brooklyn. 
Accessible by the D, R and N trains and the B35 and B63 buses. RSVP via 
Meetup:  http://www.meetup.com/BKTK-meetup/calendar/14197299/

If you REALLY don't want to sign up for a Meetup account, contact me 
directly.

See you,

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409


From dorgan at donaldorgan.com  Fri Aug 13 16:13:31 2010
From: dorgan at donaldorgan.com (Donald J. Organ IV)
Date: Fri, 13 Aug 2010 16:13:31 -0400 (EDT)
Subject: [nycphp-talk] file_get_contents() with a context
Message-ID: <11416065.377.1281730411472.JavaMail.root@localhost>

I am using file_get_contents() with a context that defines it should be using http 1.1 default is 1.0.... 


I am using this inside of a loop that is pulling remote product images and creating thumbnails.... 


The reason we had to add a context is because with no context specified file_get_contents() used http 1.0 and when looping through say 2000 products it creates 2000 connections to a server in under say 10 seconds.....Most servers dont like this and most hosting companies will see this as a DOS attack. 


So Now we've added the context and now each request is taking anywhere from 8-15 seconds. From what I can tell it has to do with the fact that http 1.1 uses a single connection for all of these requests...if I add connection: close to the header then I am right back where I started with http 1.0 


So I was wondering if there is a way to tel file_get_contents that it can use more than one connection but its only allow to use say 10. 




Any help on this is greatly appreciated. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100813/26ec38ca/attachment.html>

From dcech at phpwerx.net  Fri Aug 13 16:39:10 2010
From: dcech at phpwerx.net (Dan Cech)
Date: Fri, 13 Aug 2010 16:39:10 -0400
Subject: [nycphp-talk] file_get_contents() with a context
In-Reply-To: <11416065.377.1281730411472.JavaMail.root@localhost>
References: <11416065.377.1281730411472.JavaMail.root@localhost>
Message-ID: <4C65AD6E.3010502@phpwerx.net>

On 8/13/2010 4:13 PM, Donald J. Organ IV wrote:
> I am using file_get_contents() with a context that defines it should
> be using http 1.1 default is 1.0....
>
> I am using this inside of a loop that is pulling remote product
> images and creating thumbnails....
>
> The reason we had to add a context is because with no context
> specified file_get_contents() used http 1.0 and when looping through
> say 2000 products it creates 2000 connections to a server in under
> say 10 seconds.....Most servers dont like this and most hosting
> companies will see this as a DOS attack.
>
> So Now we've added the context and now each request is taking
> anywhere from 8-15 seconds. From what I can tell it has to do with
> the fact that http 1.1 uses a single connection for all of these
> requests...if I add connection: close to the header then I am right
> back where I started with http 1.0
>
> So I was wondering if there is a way to tel file_get_contents that it
> can use more than one connection but its only allow to use say 10.

I'd be looking into cURL and specifically curl_multi, or forking a bunch
of sub-processes so that each one can maintain its own connection and
process a portion of the requests.

http://us2.php.net/curl
http://us2.php.net/manual/en/book.pcntl.php

Dan


From dorgan at donaldorgan.com  Sat Aug 14 20:25:38 2010
From: dorgan at donaldorgan.com (Donald J. Organ IV)
Date: Sat, 14 Aug 2010 20:25:38 -0400 (EDT)
Subject: [nycphp-talk] file_get_contents() with a context
In-Reply-To: <4C65AD6E.3010502@phpwerx.net>
Message-ID: <23976924.397.1281831938471.JavaMail.root@localhost>

I guess my biggest problem is with http 1.0 and multiple simultaneous connection i can process 2,000 images in about 13 seconds.

with http 1.1 it is taking anywhere from 8-15 seconds per image.  for lets say 10 seconds.

so on 2,000 images that would take approx. 5.5 hours.

Now if i cut that down and did 10 at a time with something such as curl_multi or forking scripts.  it would still take 30 minutes.


Now 30 minutes I guess isnt that bad for 2,000 images but say i have to do 1 magnitude higher than that and had to do 20,000 thats back up to 5 hours.


Maybe the question is...If a customers site is running on shared host what would be an acceptable number of simultaneous connections to do this would 10 be OK , and if so how about 20? and if so how about 30?  And would it matter based on the host?

I know the easy solution to this is to have the customer send us a DVD and process the images this way...but that assume that the customer is capable and even has the knowledge to do so.


Suggestions/comments and anything else is welcome.


I guess the BIGGEST question of all is why does it take 10 seconds to process an image when using http 1.1 but less than a second when using http 1.0, and can this be fixed?



----- Original Message -----
From: "Dan Cech" <dcech at phpwerx.net>
To: talk at lists.nyphp.org
Sent: Friday, August 13, 2010 4:39:10 PM
Subject: Re: [nycphp-talk] file_get_contents() with a context

I'd be looking into cURL and specifically curl_multi, or forking a bunch
of sub-processes so that each one can maintain its own connection and
process a portion of the requests.

http://us2.php.net/curl
http://us2.php.net/manual/en/book.pcntl.php

Dan
_______________________________________________
New York PHP Users Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/Show-Participation


From dorgan at donaldorgan.com  Sun Aug 15 00:16:21 2010
From: dorgan at donaldorgan.com (Donald J. Organ IV)
Date: Sun, 15 Aug 2010 00:16:21 -0400 (EDT)
Subject: [nycphp-talk] file_get_contents() with a context
In-Reply-To: <23976924.397.1281831938471.JavaMail.root@localhost>
Message-ID: <22190263.428.1281845781062.JavaMail.root@localhost>

The cause for the increase in speed is PHP was not pipelining the requests so it was waiting for the connection to timeout..which was what was causing it to appear that the file was taking longer to download.

I ended up using http://code.google.com/p/php-pipeline Which gives me the ability to pipeline on multiple connections.

Now I just need to figure out how to log the number of connections over a given number of time to make sure it's actually working  


From rmarscher at beaffinitive.com  Mon Aug 16 10:33:37 2010
From: rmarscher at beaffinitive.com (Rob Marscher)
Date: Mon, 16 Aug 2010 10:33:37 -0400
Subject: [nycphp-talk] file_get_contents() with a context
In-Reply-To: <22190263.428.1281845781062.JavaMail.root@localhost>
References: <22190263.428.1281845781062.JavaMail.root@localhost>
Message-ID: <06ADD929-EAC5-4300-A3DC-098693693BD1@beaffinitive.com>

On Aug 15, 2010, at 12:16 AM, "Donald J. Organ IV" <dorgan at donaldorgan.com> wrote:

> The cause for the increase in speed is PHP was not pipelining the requests so it was waiting for the connection to timeout..which was what was causing it to appear that the file was taking longer to download.

Interesting thread. Thanks the update. 
-Rob



From lists at zaunere.com  Tue Aug 17 12:03:06 2010
From: lists at zaunere.com (Hans Zaunere)
Date: Tue, 17 Aug 2010 12:03:06 -0400
Subject: [nycphp-talk] FW: [TriPUG] Rasmus at Digg
Message-ID: <001101cb3e25$ae7275c0$0b576140$@com>

Some interesting points in the talk, also here:

http://talks.php.net/show/digg

H


> I haven't watched the whole thing yet, but for those of you interested
> in PHP, this may be fun.
> 
> http://about.digg.com/blog/rasmus-lerdorf-php-performance
> 
> The first part is historical context, apparently the second half is
> about optimizations that can be done.





From dwang at udfi.biz  Tue Aug 17 15:26:22 2010
From: dwang at udfi.biz (David Wang)
Date: Tue, 17 Aug 2010 15:26:22 -0400
Subject: [nycphp-talk] FW: [TriPUG] Rasmus at Digg
In-Reply-To: <001101cb3e25$ae7275c0$0b576140$@com>
References: <001101cb3e25$ae7275c0$0b576140$@com>
Message-ID: <282741E6-9A2A-4366-A0EC-5D5432F5B891@udfi.biz>

awesome slideshow!

-d

On Aug 17, 2010, at 12:03 PM, Hans Zaunere wrote:

> Some interesting points in the talk, also here:
> 
> http://talks.php.net/show/digg
> 
> H
> 
> 
>> I haven't watched the whole thing yet, but for those of you interested
>> in PHP, this may be fun.
>> 
>> http://about.digg.com/blog/rasmus-lerdorf-php-performance
>> 
>> The first part is historical context, apparently the second half is
>> about optimizations that can be done.
> 
> 
> 
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> http://www.nyphp.org/Show-Participation



From jessesanford at gmail.com  Thu Aug 19 13:02:09 2010
From: jessesanford at gmail.com (Jesse Sanford)
Date: Thu, 19 Aug 2010 13:02:09 -0400
Subject: [nycphp-talk] NY Symfony MVC PHP Framework is holding a social
 gathering with Fabien Potencier and other core Symfony team members with
 free pizza and beer tonight! 7pm
Message-ID: <AANLkTik3SniBJVxCEL47hk9DhYiz4wvqbxfFcLmWz20D@mail.gmail.com>

This invite is extended out to the broader NYPHP community! Please register
for the event here: http://www.meetup.com/Symfony-NYC/calendar/13737979/

DETAILS:

Much of the symfony core team will be in town for the PHPBB Libertyvasion
event and we are going to throw a party!

The meetup will be at the Meetup.com Offices located at: 632 Broadway, suite
301, New York, NY 10012

It will start off with a quick meet and greet and then we will hand over the
podium to Fabien/Symfony core team for a Question and Answer session so come
armed with your most interesting and intriguing Symfony questions!

We will then have a post Q/A cocktail hour at a bar down the street. I am
trying to secure a location today. Does anyone have any preference in that
area? I reserved a table at:

http://www.sweetandvi...

It also has a backyard for those who smoke.

Finally if you get to the meetup.com offices early you can help us choose
what kind of food to order! I think I will be there by 6:30 so your welcome
to come any time after that.

We will have the following food options:

Two Boots Bleeker Pizza
http://www.twoboots.c...

Grandaisy Bakery
http://www.grandaisyb...

Yushi Bento Bar (we usually use downtown location)
http://www.yushi.com/...

Lombardi's Pizza
http://www.firstpizza...

I am of the opinion that Pizza is easiest but we can get whatever the
consensus is. Also we will be sure to order vegetarian/vegan options as well
if their is a need. Please if you have dietary restrictions SPEAK UP!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100819/58c73a96/attachment.html>

From jessesanford at gmail.com  Thu Aug 19 15:18:34 2010
From: jessesanford at gmail.com (Jesse Sanford)
Date: Thu, 19 Aug 2010 15:18:34 -0400
Subject: [nycphp-talk] NY Symfony MVC PHP Framework is holding a social
 gathering with Fabien Potencier and other core Symfony team members with
 free pizza and beer tonight! 7pm
In-Reply-To: <AANLkTik3SniBJVxCEL47hk9DhYiz4wvqbxfFcLmWz20D@mail.gmail.com>
References: <AANLkTik3SniBJVxCEL47hk9DhYiz4wvqbxfFcLmWz20D@mail.gmail.com>
Message-ID: <AANLkTinhDpOXHnLxw2vtgnZ3GrLDvF47Uh6FLBohN0R5@mail.gmail.com>

Did I mention FREE BEER?!

On Thu, Aug 19, 2010 at 1:02 PM, Jesse Sanford <jessesanford at gmail.com>wrote:

> This invite is extended out to the broader NYPHP community! Please register
> for the event here: http://www.meetup.com/Symfony-NYC/calendar/13737979/
>
> DETAILS:
>
> Much of the symfony core team will be in town for the PHPBB Libertyvasion
> event and we are going to throw a party!
>
> The meetup will be at the Meetup.com Offices located at: 632 Broadway,
> suite 301, New York, NY 10012
>
> It will start off with a quick meet and greet and then we will hand over
> the podium to Fabien/Symfony core team for a Question and Answer session so
> come armed with your most interesting and intriguing Symfony questions!
>
> We will then have a post Q/A cocktail hour at a bar down the street. I am
> trying to secure a location today. Does anyone have any preference in that
> area? I reserved a table at:
>
> http://www.sweetandvi...
>
> It also has a backyard for those who smoke.
>
> Finally if you get to the meetup.com offices early you can help us choose
> what kind of food to order! I think I will be there by 6:30 so your welcome
> to come any time after that.
>
> We will have the following food options:
>
> Two Boots Bleeker Pizza
> http://www.twoboots.c...
>
> Grandaisy Bakery
> http://www.grandaisyb...
>
> Yushi Bento Bar (we usually use downtown location)
> http://www.yushi.com/...
>
> Lombardi's Pizza
> http://www.firstpizza...
>
> I am of the opinion that Pizza is easiest but we can get whatever the
> consensus is. Also we will be sure to order vegetarian/vegan options as well
> if their is a need. Please if you have dietary restrictions SPEAK UP!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100819/bcdc5645/attachment.html>

From papillion at gmail.com  Fri Aug 20 17:21:10 2010
From: papillion at gmail.com (Anthony Papillion)
Date: Fri, 20 Aug 2010 16:21:10 -0500
Subject: [nycphp-talk] Being notified when something changes in the database
Message-ID: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>

So I'm developing an application that will work within a larger supply chain
system. There is a table in the database called 'Items' which holds a list
of all items and how many of those items are in stock at a particular
location.  Fairly regularly, another system will change that table (for
example, when a new shipment of items come in) and I need to notified of
that change and fire a script to process those changes.

How can this be done effectively and reliably?  Is there a 'standard' way of
doing it?

Thanks!
Anthony Papillion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100820/ee4942f7/attachment.html>

From matt at atopia.net  Fri Aug 20 17:22:28 2010
From: matt at atopia.net (Matt Juszczak)
Date: Fri, 20 Aug 2010 17:22:28 -0400 (EDT)
Subject: [nycphp-talk] Being notified when something changes in the
 database
In-Reply-To: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>
References: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.1008201722200.34976@venus.atopia.net>

Use triggers, plus a queue, and have a script watch that queue.

-Matt

On Fri, 20 Aug 2010, Anthony Papillion wrote:

> So I'm developing an application that will work within a larger supply chain system. There is a table in the database
> called 'Items' which holds a list of all items and how many of those items are in stock at a particular location. ?Fairly
> regularly, another system will change that table (for example, when a new shipment of items come in) and I need to
> notified of that change and fire a script to process those changes.
> How can this be done effectively and reliably? ?Is there a 'standard' way of doing it?
> 
> Thanks!
> Anthony Papillion
> 
>

From papillion at gmail.com  Fri Aug 20 17:24:38 2010
From: papillion at gmail.com (Anthony Papillion)
Date: Fri, 20 Aug 2010 16:24:38 -0500
Subject: [nycphp-talk] Being notified when something changes in the
	database
In-Reply-To: <alpine.BSF.2.00.1008201722200.34976@venus.atopia.net>
References: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>
	<alpine.BSF.2.00.1008201722200.34976@venus.atopia.net>
Message-ID: <AANLkTi=k-VrGXNhftROCZ1vvM+A9HOGbjwzuxYJhi8H=@mail.gmail.com>

Hi Matt,

I get the use of triggers but can you explain the queue concept? Let's say I
want to be notified every time the count of an item is increased. How would
a queue play into that?

Anthony

On Fri, Aug 20, 2010 at 4:22 PM, Matt Juszczak <matt at atopia.net> wrote:

> Use triggers, plus a queue, and have a script watch that queue.
>
> -Matt
>
>
> On Fri, 20 Aug 2010, Anthony Papillion wrote:
>
>  So I'm developing an application that will work within a larger supply
>> chain system. There is a table in the database
>> called 'Items' which holds a list of all items and how many of those items
>> are in stock at a particular location.  Fairly
>> regularly, another system will change that table (for example, when a new
>> shipment of items come in) and I need to
>> notified of that change and fire a script to process those changes.
>> How can this be done effectively and reliably?  Is there a 'standard' way
>> of doing it?
>>
>> Thanks!
>> Anthony Papillion
>>
>>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100820/e4784ded/attachment.html>

From matt at atopia.net  Fri Aug 20 17:27:42 2010
From: matt at atopia.net (Matt Juszczak)
Date: Fri, 20 Aug 2010 17:27:42 -0400 (EDT)
Subject: [nycphp-talk] Being notified when something changes in the
 database
In-Reply-To: <AANLkTi=k-VrGXNhftROCZ1vvM+A9HOGbjwzuxYJhi8H=@mail.gmail.com>
References: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>
	<alpine.BSF.2.00.1008201722200.34976@venus.atopia.net>
	<AANLkTi=k-VrGXNhftROCZ1vvM+A9HOGbjwzuxYJhi8H=@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.1008201727070.34976@venus.atopia.net>

> I get the use of triggers but can you explain the queue concept? Let's say I want to be notified every time the count of
> an item is increased. How would a queue play into that?

Have a trigger create a record in the event queue, and then have a process 
that runs to process the queue (could be a cron, or a daemon) and send out 
emails, etc.

-Matt


From papillion at gmail.com  Fri Aug 20 17:28:46 2010
From: papillion at gmail.com (Anthony Papillion)
Date: Fri, 20 Aug 2010 16:28:46 -0500
Subject: [nycphp-talk] Being notified when something changes in the
	database
In-Reply-To: <alpine.BSF.2.00.1008201727070.34976@venus.atopia.net>
References: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>
	<alpine.BSF.2.00.1008201722200.34976@venus.atopia.net>
	<AANLkTi=k-VrGXNhftROCZ1vvM+A9HOGbjwzuxYJhi8H=@mail.gmail.com>
	<alpine.BSF.2.00.1008201727070.34976@venus.atopia.net>
Message-ID: <AANLkTin7gmET01+hRZP3UyQrukspehW-Xi0DiVBWb+eh@mail.gmail.com>

Ahh I get it! Cool. That's easy. Thank you!

On Fri, Aug 20, 2010 at 4:27 PM, Matt Juszczak <matt at atopia.net> wrote:

>  I get the use of triggers but can you explain the queue concept? Let's say
>> I want to be notified every time the count of
>> an item is increased. How would a queue play into that?
>>
>
> Have a trigger create a record in the event queue, and then have a process
> that runs to process the queue (could be a cron, or a daemon) and send out
> emails, etc.
>
> -Matt
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100820/73d9562e/attachment.html>

From anoland at indigente.net  Fri Aug 20 20:23:29 2010
From: anoland at indigente.net (anoland)
Date: Fri, 20 Aug 2010 19:23:29 -0500
Subject: [nycphp-talk] Being notified when something changes in the
	database
In-Reply-To: <alpine.BSF.2.00.1008201727070.34976@venus.atopia.net>
References: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>	<alpine.BSF.2.00.1008201722200.34976@venus.atopia.net>	<AANLkTi=k-VrGXNhftROCZ1vvM+A9HOGbjwzuxYJhi8H=@mail.gmail.com>
	<alpine.BSF.2.00.1008201727070.34976@venus.atopia.net>
Message-ID: <4C6F1C81.4080201@indigente.net>


On 08/20/2010 04:27 PM, Matt Juszczak wrote:
>> I get the use of triggers but can you explain the queue concept? 
>> Let's say I want to be notified every time the count of
>> an item is increased. How would a queue play into that?
>
> Have a trigger create a record in the event queue, and then have a 
> process that runs to process the queue (could be a cron, or a daemon) 
> and send out emails, etc.
>
> -Matt

Not to discount Matt's solution; it is a good one. But for the sake of 
completeness: you could also use the observer pattern here.

Some articles about it.
http://devzone.zend.com/article/12229
http://www.phpro.org/tutorials/Design-Patterns.html#6
http://www.fluffycat.com/PHP-Design-Patterns/Observer/



From tedd.sperling at gmail.com  Sat Aug 21 10:15:44 2010
From: tedd.sperling at gmail.com (tedd)
Date: Sat, 21 Aug 2010 10:15:44 -0400
Subject: [nycphp-talk] Being notified when something changes in the
 database
In-Reply-To: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>
References: <AANLkTi=T7bnOudZDgM6s5uhTTFaXQopa6MVwOab2ZVLM@mail.gmail.com>
Message-ID: <p06240801c8958f0bdd97@[192.168.1.104]>

At 4:21 PM -0500 8/20/10, Anthony Papillion wrote:
>So I'm developing an application that will work within a larger 
>supply chain system. There is a table in the database called 'Items' 
>which holds a list of all items and how many of those items are in 
>stock at a particular location.  Fairly regularly, another system 
>will change that table (for example, when a new shipment of items 
>come in) and I need to notified of that change and fire a script to 
>process those changes.
>
>How can this be done effectively and reliably?  Is there a 
>'standard' way of doing it?
>
>Thanks!
>Anthony Papillion

Anthony:

Not to discount anyone's solution, but I had a similar problem that I 
solved by simply emailing what happened. As someone updated the 
database, the script that changed the database also sent an email to 
me at the same time telling what happened.

Cheers,

tedd


-- 
-------
http://sperling.com/


From danielc at analysisandsolutions.com  Tue Aug 24 21:27:05 2010
From: danielc at analysisandsolutions.com (Daniel Convissor)
Date: Tue, 24 Aug 2010 21:27:05 -0400
Subject: [nycphp-talk] Make PHP Better.  Come to Brooklyn's PHP TestFest.
Message-ID: <20100825012705.GA13192@panix.com>

Hello Again:

A reminder... TestFest is this Saturday...

Hang out, drink some beer and write some unit tests for PHP.

Unit tests ensure the PHP engine behaves as expected and continues to do 
so as it is developed. Let's put our minds to work exploring the 
underlying C source code and documentation to find edge cases and 
uncovered segments that need checking and then we'll go about writing 
those tests.

Bring a laptop that has PHP CLI installed or Internet access to a machine 
that does. I will explain the rest. Also bring some interesting beer to 
share.

Saturday, August 28, 12:00 PM - 4:00 PM

We will be meeting in the Sunset Park neighborhood of Brooklyn. 
Accessible by the D, R and N trains and the B35 and B63 buses. RSVP via 
Meetup:  http://www.meetup.com/BKTK-meetup/calendar/14197299/

If you REALLY don't want to sign up for a Meetup account, contact me 
directly.

See you,

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409


From david at davidmintz.org  Tue Aug 31 12:43:19 2010
From: david at davidmintz.org (David Mintz)
Date: Tue, 31 Aug 2010 12:43:19 -0400
Subject: [nycphp-talk] design question: user self-registration
Message-ID: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>

[Not PHP-specific, but we all know the greatest minds in town are here, so
---]

Here's my dilemma. For reasons a little too boring and involved to go into
here, I have split the thing called User into two tables, one called
'people' that holds firstname, lastname, email, and other personal data. The
'users' table holds username, password, last_login timestamp, etc. Both
tables have a boolean 'active' so that I can disable user accounts and mark
people as, well, inactive and only interesting for historical reasons.

I want to provide a self-service user registration, with an email
verification thing. They submit their data, we email them a link to verify
that they control the email address they provided, bla bla, then the account
is enabled. So I thought I would go ahead and do the inserts, marking both
new records as 'inactive' pending email confirmation.

In some cases, though, there may already be a row in people corresponding to
the new user. If I attempt the insert and the email already exists I will
get a duplicate email error. But if I instead run an update on the
already-existing row, I will have done the update without first verifying
the email. I am therefore thinking that the pending person/user rows maybe
ought to be stored somewhere else temporarily. I am even thinking, maybe
serialize much of the person and user details, perhaps as JSON, since it's
just being crammed away temporarily pending verification.

What would you do?

Gratefully yours....



-- 
Support real health care reform:
http://phimg.org/

--
David Mintz
http://davidmintz.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100831/66ec54b1/attachment.html>

From dcech at phpwerx.net  Tue Aug 31 12:52:10 2010
From: dcech at phpwerx.net (Dan Cech)
Date: Tue, 31 Aug 2010 12:52:10 -0400
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
Message-ID: <4C7D333A.6080207@phpwerx.net>

On 8/31/2010 12:43 PM, David Mintz wrote:
> I want to provide a self-service user registration, with an email
> verification thing. They submit their data, we email them a link to verify
> that they control the email address they provided, bla bla, then the account
> is enabled. So I thought I would go ahead and do the inserts, marking both
> new records as 'inactive' pending email confirmation.
>
> In some cases, though, there may already be a row in people corresponding to
> the new user.

In this case would it make sense to let the user know that there is 
already an account and just offer to re-send the verification or 
password reset email (depending on the status of the account)?

Of course that would assume that the account hasn't been disabled for 
some reason, in which case if you have a hard unique constraint on the 
email you're going to have to reactivate the account rather than being 
able to create a "new" account for the user and leave the old account as 
deactivated.

Dan


From evdo.hsdpa at gmail.com  Tue Aug 31 13:58:39 2010
From: evdo.hsdpa at gmail.com (Robert Kim Wireless Internet Advisor)
Date: Tue, 31 Aug 2010 10:58:39 -0700
Subject: [nycphp-talk] What's your favorite shopping cart? Why?
Message-ID: <AANLkTikhz3dS3KmyNvJ7EPx4LDQLtkcmJjEXJ4AbgxwV@mail.gmail.com>

Hey guys... im doing a blog post about shopping carts because Im
getting more and more questions recently about ecommerce... prolly
because retailers are closing down! UGH!

But i figure... this is the place to ask... what's your favorite
shopping cart and why? Pros and cons?

-- 
Robert Q Kim
2611 S Coast Highway
San Diego, CA 92007
310 598 1606

My Latest Blog Post:
http://sparkah.com/2010/07/29/experienced-iphone-app-developer-los-angeles-how-to-tell-if-youre-going-to-get-burnt/
http://sparkah.com/2010/08/25/facebook-marketing-strategies-from-nyc-and-los-angeles-most-devious-minds-2/


From mitch.pirtle at gmail.com  Tue Aug 31 14:21:05 2010
From: mitch.pirtle at gmail.com (Mitch Pirtle)
Date: Tue, 31 Aug 2010 14:21:05 -0400
Subject: [nycphp-talk] What's your favorite shopping cart? Why?
In-Reply-To: <AANLkTikhz3dS3KmyNvJ7EPx4LDQLtkcmJjEXJ4AbgxwV@mail.gmail.com>
References: <AANLkTikhz3dS3KmyNvJ7EPx4LDQLtkcmJjEXJ4AbgxwV@mail.gmail.com>
Message-ID: <AANLkTim8+=8d_q=NipWH5mZcJAvUNR00TAeOoN6GbvPa@mail.gmail.com>

On Tue, Aug 31, 2010 at 1:58 PM, Robert Kim Wireless Internet Advisor
<evdo.hsdpa at gmail.com> wrote:
> Hey guys... im doing a blog post about shopping carts because Im
> getting more and more questions recently about ecommerce... prolly
> because retailers are closing down! UGH!
>
> But i figure... this is the place to ask... what's your favorite
> shopping cart and why? Pros and cons?

The big dedicated commerce platform out there is Magento:

    http://www.magentocommerce.com/

They are getting more and more aggressive with converting from FOSS to
paid downloads, but are currently still open source.

There's also Tienda, which is a Joomla-native suite of commerce tools:

    http://bit.ly/bUTyKV

My preference is the DIY approach, but that's mainly due to people
only coming to me with very specific needs that don't settle well with
the one-size-fits-all solutions out there. My advice is to look at the
features provided by the existing platforms, and weigh those with the
requirements of the store you're trying to produce. Somewhere in there
should be the justification for the "Build or Buy" decision that
should be your first task. :-)

-- Mitch


From david at davidmintz.org  Tue Aug 31 14:58:54 2010
From: david at davidmintz.org (David Mintz)
Date: Tue, 31 Aug 2010 14:58:54 -0400
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <4C7D333A.6080207@phpwerx.net>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
	<4C7D333A.6080207@phpwerx.net>
Message-ID: <AANLkTika=NQsCyBp+R6+-wxhLgJwN_31AnTrD4BZDhUk@mail.gmail.com>

On Tue, Aug 31, 2010 at 12:52 PM, Dan Cech <dcech at phpwerx.net> wrote:

> On 8/31/2010 12:43 PM, David Mintz wrote:
>
>> I want to provide a self-service user registration, with an email
>> verification thing. They submit their data, we email them a link to verify
>> that they control the email address they provided, bla bla, then the
>> account
>> is enabled. So I thought I would go ahead and do the inserts, marking both
>> new records as 'inactive' pending email confirmation.
>>
>> In some cases, though, there may already be a row in people corresponding
>> to
>> the new user.
>>
>
> In this case would it make sense to let the user know that there is already
> an account and just offer to re-send the verification or password reset
> email (depending on the status of the account)?
>
> Of course that would assume that the account hasn't been disabled for some
> reason, in which case if you have a hard unique constraint on the email
> you're going to have to reactivate the account rather than being able to
> create a "new" account for the user and leave the old account as
> deactivated.
>
>



Sorry, I didn't explain clearly enough. There may be cases where there is
already record for the soon-to-be user in the 'people' table, but not the
'users.' See the issue? If I try to insert where the email already exists, I
run into the unique constraint, but then if I say instead 'update ... where
email = $their_email'  before confirming the email, well, that sounds like a
poor idea, basically  allowing anyone to run an update on anyone else's
record in the table.

Not the end of the world, but I am looking for the most graceful solution.


-- 
Support real health care reform:
http://phimg.org/

--
David Mintz
http://davidmintz.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100831/6ab54079/attachment.html>

From ramons at gmx.net  Tue Aug 31 15:05:15 2010
From: ramons at gmx.net (David Krings)
Date: Tue, 31 Aug 2010 15:05:15 -0400
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
Message-ID: <4C7D526B.1030905@gmx.net>

On 8/31/2010 12:43, David Mintz wrote:
> In some cases, though, there may already be a row in people corresponding to
> the new user. If I attempt the insert and the email already exists I will get
> a duplicate email error. But if I instead run an update on the
> already-existing row, I will have done the update without first verifying the
> email. I am therefore thinking that the pending person/user rows maybe ought
> to be stored somewhere else temporarily. I am even thinking, maybe serialize
> much of the person and user details, perhaps as JSON, since it's just being
> crammed away temporarily pending verification.
>
> What would you do?
>

Hi!

I would tell them that they are already registered with that email and offer 
them to send them a temporary password to said email address in case they 
forgot the one they chose before. The Insert to fail is exactly what you want, 
saves one query compared to first checking and if not in the table inserting.

David


From gatzby3jr at gmail.com  Tue Aug 31 15:09:24 2010
From: gatzby3jr at gmail.com (Brian O'Connor)
Date: Tue, 31 Aug 2010 15:09:24 -0400
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <AANLkTika=NQsCyBp+R6+-wxhLgJwN_31AnTrD4BZDhUk@mail.gmail.com>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
	<4C7D333A.6080207@phpwerx.net>
	<AANLkTika=NQsCyBp+R6+-wxhLgJwN_31AnTrD4BZDhUk@mail.gmail.com>
Message-ID: <AANLkTinomN0G1-yj2paBkv3iT2ZZyoXKvSZEW6N=jXxh@mail.gmail.com>

This may very well be a dumb question, but what's wrong with doing the
insert and just detecting if it fails?  If you get a duplicate key, you know
they're in the database and can act accordingly.  Otherwise, it inserts.

This may be somewhat of a controversial stance, but I'm all in favor of
letting my database do my checks for me.

On Tue, Aug 31, 2010 at 2:58 PM, David Mintz <david at davidmintz.org> wrote:

>
>
> On Tue, Aug 31, 2010 at 12:52 PM, Dan Cech <dcech at phpwerx.net> wrote:
>
>> On 8/31/2010 12:43 PM, David Mintz wrote:
>>
>>> I want to provide a self-service user registration, with an email
>>> verification thing. They submit their data, we email them a link to
>>> verify
>>> that they control the email address they provided, bla bla, then the
>>> account
>>> is enabled. So I thought I would go ahead and do the inserts, marking
>>> both
>>> new records as 'inactive' pending email confirmation.
>>>
>>> In some cases, though, there may already be a row in people corresponding
>>> to
>>> the new user.
>>>
>>
>> In this case would it make sense to let the user know that there is
>> already an account and just offer to re-send the verification or password
>> reset email (depending on the status of the account)?
>>
>> Of course that would assume that the account hasn't been disabled for some
>> reason, in which case if you have a hard unique constraint on the email
>> you're going to have to reactivate the account rather than being able to
>> create a "new" account for the user and leave the old account as
>> deactivated.
>>
>>
>
>
>
> Sorry, I didn't explain clearly enough. There may be cases where there is
> already record for the soon-to-be user in the 'people' table, but not the
> 'users.' See the issue? If I try to insert where the email already exists, I
> run into the unique constraint, but then if I say instead 'update ... where
> email = $their_email'  before confirming the email, well, that sounds like a
> poor idea, basically  allowing anyone to run an update on anyone else's
> record in the table.
>
> Not the end of the world, but I am looking for the most graceful solution.
>
>
> --
> Support real health care reform:
> http://phimg.org/
>
> --
> David Mintz
> http://davidmintz.org/
>
>
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>



-- 
Brian O'Connor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100831/df12caa0/attachment.html>

From papillion at gmail.com  Tue Aug 31 15:09:38 2010
From: papillion at gmail.com (Anthony Papillion)
Date: Tue, 31 Aug 2010 14:09:38 -0500
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <AANLkTika=NQsCyBp+R6+-wxhLgJwN_31AnTrD4BZDhUk@mail.gmail.com>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
	<4C7D333A.6080207@phpwerx.net>
	<AANLkTika=NQsCyBp+R6+-wxhLgJwN_31AnTrD4BZDhUk@mail.gmail.com>
Message-ID: <AANLkTimE-Foeer7Z1UGCC53ngz1QDNEqFVeuATJViQ+P@mail.gmail.com>

Disqus does something like this. If you run into where there is an
email in the system but no "profile" (entry in the "people" table)
just bring up a screen and have the user fill out the rest of the
information. Then, stick it in the database and you're on your merry
way!

On 8/31/10, David Mintz <david at davidmintz.org> wrote:
> On Tue, Aug 31, 2010 at 12:52 PM, Dan Cech <dcech at phpwerx.net> wrote:
>
>> On 8/31/2010 12:43 PM, David Mintz wrote:
>>
>>> I want to provide a self-service user registration, with an email
>>> verification thing. They submit their data, we email them a link to
>>> verify
>>> that they control the email address they provided, bla bla, then the
>>> account
>>> is enabled. So I thought I would go ahead and do the inserts, marking
>>> both
>>> new records as 'inactive' pending email confirmation.
>>>
>>> In some cases, though, there may already be a row in people corresponding
>>> to
>>> the new user.
>>>
>>
>> In this case would it make sense to let the user know that there is
>> already
>> an account and just offer to re-send the verification or password reset
>> email (depending on the status of the account)?
>>
>> Of course that would assume that the account hasn't been disabled for some
>> reason, in which case if you have a hard unique constraint on the email
>> you're going to have to reactivate the account rather than being able to
>> create a "new" account for the user and leave the old account as
>> deactivated.
>>
>>
>
>
>
> Sorry, I didn't explain clearly enough. There may be cases where there is
> already record for the soon-to-be user in the 'people' table, but not the
> 'users.' See the issue? If I try to insert where the email already exists, I
> run into the unique constraint, but then if I say instead 'update ... where
> email = $their_email'  before confirming the email, well, that sounds like a
> poor idea, basically  allowing anyone to run an update on anyone else's
> record in the table.
>
> Not the end of the world, but I am looking for the most graceful solution.
>
>
> --
> Support real health care reform:
> http://phimg.org/
>
> --
> David Mintz
> http://davidmintz.org/
>

-- 
Sent from my mobile device

Anthony Papillion
Lead Developer / Owner
Advanced Data Concepts - "Enabling work anywhere"
(918) 533-9969

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com


From chsnyder at gmail.com  Tue Aug 31 15:13:04 2010
From: chsnyder at gmail.com (Chris Snyder)
Date: Tue, 31 Aug 2010 15:13:04 -0400
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
Message-ID: <AANLkTi=S-yr+=LGuX79EPEq8qkT_Buf9MLa3ySBhG1LR@mail.gmail.com>

On Tue, Aug 31, 2010 at 12:43 PM, David Mintz <david at davidmintz.org> wrote:

> What would you do?
> Gratefully yours....

One way to handle the duplicate key problem is to append a flag to the
key when you mark the record inactive. So chsnyder at gmail.com becomes
chsnyder at gmail.com_20100831. That way your tables are ready for the
next chsnyder at gmail.com to come along.

If you want to mark a user inactive AND prevent them from
reregistering, don't add change the key.


From david at davidmintz.org  Tue Aug 31 16:03:02 2010
From: david at davidmintz.org (David Mintz)
Date: Tue, 31 Aug 2010 16:03:02 -0400
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <AANLkTi=S-yr+=LGuX79EPEq8qkT_Buf9MLa3ySBhG1LR@mail.gmail.com>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
	<AANLkTi=S-yr+=LGuX79EPEq8qkT_Buf9MLa3ySBhG1LR@mail.gmail.com>
Message-ID: <AANLkTik+85WRZ_mG2n9sDXegzDV8-X8wDJoF5cOpM2nL@mail.gmail.com>

On Tue, Aug 31, 2010 at 3:13 PM, Chris Snyder <chsnyder at gmail.com> wrote:

> On Tue, Aug 31, 2010 at 12:43 PM, David Mintz <david at davidmintz.org>
> wrote:
>
> > What would you do?
> > Gratefully yours....
>  <http://lists.nyphp.org/mailman/listinfo/talk>
>


All interesting, thank you. I think I still might not be explaining the
situation clearly enough. Or I am dense and not getting it.

The form I am gonna display is bound -- so to speak -- to two tables.
Actually I'm using Zend Framework and MySQL and Zend_Form_SubForm. I don't
know until I see their email whether this is someone whose information has
already been put in the people table. Usually it will not be, they will be
entirely new to the application.

In the typical case, filter and validate and attempt insert, marking the
records 'inactive' until we confirm the email by sending them a link with a
token as URL parameter, they click it, bla bla, all good.

If however I catch a duplicate email exception when I attempt the insert
into 'people,' then I know this is most likely a person we've dealt with but
who has never created an actual user account -- a row in users as opposed to
people. IOW there is a record in 'people' that has this email address, but
there is no corresponding row in users. Now, I might go ahead and run an
update of the old row -- indeed MySQL provides ON DUPLICATE KEY UPDATE
syntax for just this situation. But I don't want to do that until I have
confirmed their email. So... I think I just need to hold onto their input
pending email verification.

Thanks again.


-- 
Support real health care reform:
http://phimg.org/

--
David Mintz
http://davidmintz.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100831/4fa272f5/attachment.html>

From kevin at vimeo.com  Tue Aug 31 16:05:27 2010
From: kevin at vimeo.com (Kevin Sheurs)
Date: Tue, 31 Aug 2010 16:05:27 -0400
Subject: [nycphp-talk] What's your favorite shopping cart? Why?
In-Reply-To: <AANLkTim8+=8d_q=NipWH5mZcJAvUNR00TAeOoN6GbvPa@mail.gmail.com>
References: <AANLkTikhz3dS3KmyNvJ7EPx4LDQLtkcmJjEXJ4AbgxwV@mail.gmail.com>
	<AANLkTim8+=8d_q=NipWH5mZcJAvUNR00TAeOoN6GbvPa@mail.gmail.com>
Message-ID: <AANLkTimXYyw2Tk63P+7MiCuVCZoCggqscc096V0tN0-6@mail.gmail.com>

goodsie.com

On Tue, Aug 31, 2010 at 2:21 PM, Mitch Pirtle <mitch.pirtle at gmail.com>wrote:

> On Tue, Aug 31, 2010 at 1:58 PM, Robert Kim Wireless Internet Advisor
> <evdo.hsdpa at gmail.com> wrote:
> > Hey guys... im doing a blog post about shopping carts because Im
> > getting more and more questions recently about ecommerce... prolly
> > because retailers are closing down! UGH!
> >
> > But i figure... this is the place to ask... what's your favorite
> > shopping cart and why? Pros and cons?
>
> The big dedicated commerce platform out there is Magento:
>
>    http://www.magentocommerce.com/
>
> They are getting more and more aggressive with converting from FOSS to
> paid downloads, but are currently still open source.
>
> There's also Tienda, which is a Joomla-native suite of commerce tools:
>
>    http://bit.ly/bUTyKV
>
> My preference is the DIY approach, but that's mainly due to people
> only coming to me with very specific needs that don't settle well with
> the one-size-fits-all solutions out there. My advice is to look at the
> features provided by the existing platforms, and weigh those with the
> requirements of the store you're trying to produce. Somewhere in there
> should be the justification for the "Build or Buy" decision that
> should be your first task. :-)
>
> -- Mitch
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100831/d20049e4/attachment.html>

From gatzby3jr at gmail.com  Tue Aug 31 16:15:07 2010
From: gatzby3jr at gmail.com (Brian O'Connor)
Date: Tue, 31 Aug 2010 16:15:07 -0400
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <AANLkTik+85WRZ_mG2n9sDXegzDV8-X8wDJoF5cOpM2nL@mail.gmail.com>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
	<AANLkTi=S-yr+=LGuX79EPEq8qkT_Buf9MLa3ySBhG1LR@mail.gmail.com>
	<AANLkTik+85WRZ_mG2n9sDXegzDV8-X8wDJoF5cOpM2nL@mail.gmail.com>
Message-ID: <AANLkTikN=hiQt1_EF=jbXX+pyjRa9stnfBDBFiqXJMYY@mail.gmail.com>

Can you insert the new user, associate it with the existing person, and
still make them activate the email address?

On Tue, Aug 31, 2010 at 4:03 PM, David Mintz <david at davidmintz.org> wrote:

>
>
> On Tue, Aug 31, 2010 at 3:13 PM, Chris Snyder <chsnyder at gmail.com> wrote:
>
>> On Tue, Aug 31, 2010 at 12:43 PM, David Mintz <david at davidmintz.org>
>> wrote:
>>
>> > What would you do?
>> > Gratefully yours....
>>  <http://lists.nyphp.org/mailman/listinfo/talk>
>>
>
>
> All interesting, thank you. I think I still might not be explaining the
> situation clearly enough. Or I am dense and not getting it.
>
> The form I am gonna display is bound -- so to speak -- to two tables.
> Actually I'm using Zend Framework and MySQL and Zend_Form_SubForm. I don't
> know until I see their email whether this is someone whose information has
> already been put in the people table. Usually it will not be, they will be
> entirely new to the application.
>
> In the typical case, filter and validate and attempt insert, marking the
> records 'inactive' until we confirm the email by sending them a link with a
> token as URL parameter, they click it, bla bla, all good.
>
> If however I catch a duplicate email exception when I attempt the insert
> into 'people,' then I know this is most likely a person we've dealt with but
> who has never created an actual user account -- a row in users as opposed to
> people. IOW there is a record in 'people' that has this email address, but
> there is no corresponding row in users. Now, I might go ahead and run an
> update of the old row -- indeed MySQL provides ON DUPLICATE KEY UPDATE
> syntax for just this situation. But I don't want to do that until I have
> confirmed their email. So... I think I just need to hold onto their input
> pending email verification.
>
> Thanks again.
>
>
> --
> Support real health care reform:
> http://phimg.org/
>
> --
> David Mintz
> http://davidmintz.org/
>
>
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>



-- 
Brian O'Connor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20100831/43112d31/attachment.html>

From danielc at analysisandsolutions.com  Tue Aug 31 17:17:47 2010
From: danielc at analysisandsolutions.com (Daniel Convissor)
Date: Tue, 31 Aug 2010 17:17:47 -0400
Subject: [nycphp-talk] What's your favorite shopping cart? Why?
In-Reply-To: <AANLkTim8+=8d_q=NipWH5mZcJAvUNR00TAeOoN6GbvPa@mail.gmail.com>
References: <AANLkTikhz3dS3KmyNvJ7EPx4LDQLtkcmJjEXJ4AbgxwV@mail.gmail.com>
	<AANLkTim8+=8d_q=NipWH5mZcJAvUNR00TAeOoN6GbvPa@mail.gmail.com>
Message-ID: <20100831211746.GA9288@panix.com>

On Tue, Aug 31, 2010 at 02:21:05PM -0400, Mitch Pirtle wrote:
> 
> The big dedicated commerce platform out there is Magento:

Uh, "big" doesn't seem to be the right word.  Perhaps "ginormous" fits 
the bill a little better.  A note of mine indicates it weighs in at 
106MB, though I think that was a subversion checkout.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409


From jcampbell1 at gmail.com  Tue Aug 31 23:56:26 2010
From: jcampbell1 at gmail.com (John Campbell)
Date: Wed, 1 Sep 2010 11:56:26 +0800
Subject: [nycphp-talk] design question: user self-registration
In-Reply-To: <AANLkTika=NQsCyBp+R6+-wxhLgJwN_31AnTrD4BZDhUk@mail.gmail.com>
References: <AANLkTimD3QrXzZ+dVKw1q6W0MVopPPGpN8JCePxyyKz1@mail.gmail.com>
	<4C7D333A.6080207@phpwerx.net>
	<AANLkTika=NQsCyBp+R6+-wxhLgJwN_31AnTrD4BZDhUk@mail.gmail.com>
Message-ID: <AANLkTikYwUB46sPJTvvMbJCcvWfcyyOZCGfcMd_CPs1r@mail.gmail.com>

> that sounds like a
> poor idea, basically ?allowing anyone to run an update on anyone else's
> record in the table.

Are you using the email as the only "GET" parameter to do the
confirmation?  That is a mistake.

Do something like:

confirm.php?email=joe at example.com&checksum=abcdefg123

where checksum is md5($email . 'a secret');

Now when you run the update do:

if($_GET['email'] && md5($_GET['email'] . 'a secret') == $_GET['checksum']) );
  // sql update

- - - - -

There are lots of variations on this pattern.  You can just save the
checksum in the table, and avoid the email altogether if you want a
shorter url.

Regards,
John Campbell