|
Whilst farting I posted:This is the entirety of logout.php Try changing your login cookie call to: php:<?
setcookie("user", $username, $expire, '/');
?>jasonbar fucked around with this message at 23:15 on Dec 10, 2008 |
#
?
Dec 10, 2008 23:11
|
|
|
|
| # ? May 17, 2024 01:06 |
|
|
Is there anything wrong with doing the following:php:<?
$Decode = array('barr1'=>0,'barr2'=>1,'birk'=>2,'birk1'=>2,'blac1'=>3,'blac2'=>4,
'blac3'=>5,'bolt1'=>6,'bolt2'=>7,'bolt3'=>8,'burn1'=>9,
'burn2'=>10,'bury1'=>11,'bury2'=>12,'coln1'=>13,'coln2'=>14,
'elle'=>15,'elle1'=>15,'flee'=>16,'flee1'=>16,'lanc1'=>17,'lanc2'=>18,
'live1'=>19,
'live2'=>20,'live3'=>21,'live4'=>22,'macc1'=>23,'macc2'=>24,
'manc1'=>25,'manc2'=>26,'manc3'=>27,'manc4'=>28,'oldh1'=>29,
'oldh2'=>30,'pres1'=>31,'pres2'=>32,'pres3'=>33,'roch1'=>34,
'roch2'=>35,'roch3'=>36,'stoc1'=>37,'stoc2'=>38,'warr1'=>39,
'warr2'=>40,'wiga1'=>41,'wiga2'=>42);
if ( isset($Decode[$x]) ) {
$y = $Decode[$x];
}
?>* 43 plus 3 that are set to the same thing as other keys, i.e. 'birk' which is the same thing as 'birk1', 'elle' which is the same thing as 'elle1' and 'flee' which is the same thing as 'flee1'.
|
|
#
?
Dec 11, 2008 19:52
|
|
|
A Flaming Chicken posted:PHPMailer is defunct. SwiftMailer is the way to go. I've been reading through the thread and came upon this. I use PHPMailer, and a new version was just released last month (a month after this post was written); was it considered defunct because it's bad, or defunct because it'd been a while since the last update? Do others agree that SwiftMailer really is the way to go?
|
|
#
?
Dec 12, 2008 01:01
|
|
|
Golbez posted:I've been reading through the thread and came upon this. I use PHPMailer, and a new version was just released last month (a month after this post was written); was it considered defunct because it's bad, or defunct because it'd been a while since the last update? I've been using PHPMailer for years, and I haven't had a reason to switch. The PHP 5 version works fine for me.
|
|
#
?
Dec 12, 2008 04:44
|
|
|
This is more of a basic HTML question but... When you are linking something and you do < a href = ".../">text</ a> or < a href = "../../mysqli_connect.php">text</ a> What do the .. and ... do? How do I use all the combination of ../.. I can't seem to find online with a google search. Appreciate any help.
|
|
#
?
Dec 12, 2008 10:24
|
|
|
cannibustacap posted:This is more of a basic HTML question but... This is the same as the DOS/UNIX equivalent, which means to go up one directory. So "../../" means to look for the file, "mysqli_connect.php" two directories above from where the current HTML file (or PHP script) is located.
|
|
#
?
Dec 12, 2008 10:51
|
|
|
Strong Sauce posted:This is the same as the DOS/UNIX equivalent, which means to go up one directory. So "../../" means to look for the file, "mysqli_connect.php" two directories above from where the current HTML file (or PHP script) is located. The other half of the question was, what does .../ mean? Three dots. Does this have a meaning or was it a typo?
|
|
#
?
Dec 12, 2008 18:48
|
|
|
Golbez posted:The other half of the question was, what does .../ mean? Three dots. Does this have a meaning or was it a typo? Typo. ./ is the current directory, ../ is the one above it.
|
|
#
?
Dec 12, 2008 18:55
|
|
|
I'm having troubles getting a simple script working, and I think the problem is I don't have the correct permissions for the file I'm trying to write to. Here is the code:code:I also don't even know if this is going to be a very wise idea. Basically I want the admin to be able to edit the code of the page. So this function gets passed the new code (passed in the POST), and a page (the page is just the name of the page, not the actual page itself - it is passed as a GET), and it has to write it to that page. EDIT: I should mention that I'm not actually even getting an error message. However, when I tried to open the file (I tried just using fopen() on it), I got the following message: Warning: filesize() [function.filesize]: stat failed for (url). I also received the following error when I tried to using file_put_contents (just to see if anything different would happen): Warning: file_put_contents() expects parameter 1 to be string, resource given in (url) Munky_Magic fucked around with this message at 01:04 on Dec 13, 2008 |
|
#
?
Dec 13, 2008 00:49
|
|
|
Strong Sauce posted:This is the same as the DOS/UNIX equivalent, which means to go up one directory. So "../../" means to look for the file, "mysqli_connect.php" two directories above from where the current HTML file (or PHP script) is located. Cool, is there a difference between two periods and three? Somtimes I see code:
|
|
#
?
Dec 13, 2008 01:17
|
|
|
Munky_Magic posted:I'm having troubles getting a simple script working, and I think the problem is I don't have the correct permissions for the file I'm trying to write to. Here is the code: Also, there's no need to nest "if" statements like that when you can just use && instead. Here's how I would have written the whole thing: php:<?php $server_path = "/home/~someuser/www"; // just an example session_start(); if ( isset($_SESSION['logged']) && // check for admin isset($_GET["page"]) && isset($_POST["txtsrc"]) ) { $page = $_GET["page"]; $src = $_POST["txtsrc"]; echo $src; // preview the page $filename = $server_path . "/include/" . $page . ".php"; $file = fopen($filename, "w+"); fwrite($file, $src); fclose($file); } ?> Zorilla fucked around with this message at 01:29 on Dec 13, 2008 |
|
#
?
Dec 13, 2008 01:24
|
|
|
cannibustacap posted:Cool, is there a difference between two periods and three? (edit) introduced in Windows '95 apparently. MrMoo fucked around with this message at 02:57 on Dec 13, 2008 |
|
#
?
Dec 13, 2008 02:53
|
|
|
Zorilla posted:Are you making sure to use a server-side path where you have (website...) ? It may be trying to open the file in entirely the wrong location otherwise. Thanks! This was the problem. Thanks also for the style tip - In hindsight I have no idea why I had so many nested IFs. It was arond 4 in the morning when I coded it - I guess I wasn't thinking straight. Do you think the setup I described is bad? This is how my page edit works: - You have index.php which loads page content according to the _GET 'page' parameter. - Within index.php is a switch statement on the page parameter. If the page is a non editable page (eg. the login page) it just includes that page in the body of index. - If the page is one of the editable pages, it includes "view.php". - view.php firstly includes the page itself. However, if the user is logged in as admin, it also includes a page edit section. This page section reads the $page . ".php" file and loads it into a textarea. The person can then edit the page, hit submit (which is then when the update.php script is called, as posted above). It works, but I don't know if there are any obvious security problems, or if the solution itself is a bad idea. With regards to update.php, it gets passed $page as a _GET parameter, but it receives the code itself as a PUT. EDIT: I'm thinking of instead of making view.php display the page and the editing section, just changing my setup so that the page is always displayed by being included in index.php, and then if the user is logged in, it also includes say "edit.php" which is the admin portion of the page.
|
|
#
?
Dec 13, 2008 02:54
|
|
|
MrMoo posted:Three periods is Microsoft-only for the parent of the parent directory. Okay so two periods will always work, three periods will only work with windows. So just stick with two periods. Got it. Thanks guys.
|
|
#
?
Dec 14, 2008 11:49
|
|
|
I've got a script that I'm using for AJAX requests and various responses query a singleton object that I've created. However, the singleton doesn't appear to be maintaining state at all. I populate it, and I can get the information out of it. When I make different type of request after instantiating it, the singleton object is null and gets re-instantiated. Here's the code:php:<?
class Database {
private $list;
private static $instance;
private function __construct( )
{
$this->list = array();
}
//Singleton
public static function singleton( )
{
if ( !isset( self::$instance ) ) {
$c = __CLASS__;
self::$instance = new $c;
}
return self::$instance;
}
}
?>php:<? $x = Database::singleton( ); ?> Edit: I'm tired so for clarity I'll recap the issue. The first time I use the singleton (called via an AJAX request) it becomes instantiated when singleton() is called, then I populate the $list array. I come back later via another AJAX request (one that isn't supposed to populate any data in the singleton object) I try pulling up the singleton instance of Database and come back with a freshly instantiated one. No private member data to be found. Edit 2: Looks like I answered my own question. PHP apparently has scope based on requests. Is there any elegant way around this? I don't want to have to serialize data that shouldn't have to be. Ferg fucked around with this message at 23:15 on Dec 16, 2008 |
|
#
?
Dec 16, 2008 22:37
|
|
|
Ferg posted:Edit 2: Looks like I answered my own question. PHP apparently has scope based on requests. Is there any elegant way around this? I don't want to have to serialize data that shouldn't have to be. What exactly are you trying to do? You can use memcache to store things in memory to reduce database queries, I don't think you are supposed to use it to store things like the database connection though. A persistent database connection is probably better left managed by the db. MySQL has options for persistant connections and you can set something like PDO::ATTR_PERSISTENT when you create your database connection.
|
|
#
?
Dec 16, 2008 23:51
|
|
|
I'm just starting to learn PHP, and I'm doing so by making my own forum. Anyways, I want to have one script to handle all database updating (update.php) and I was planning on making a case in update.php which would check the value of _GET['action'] and perform the specific action depending on what 'action' is. I have no problems with the syntax on this end, but lets say I have a page for registering a new user. I want to only have action=adduser show up in the URL, not the username and the password. Is there a way for me to POST their credentials and GET the action that needs to be performed on the database? Or, I could POST everything, but I don't know how to POST the 'action' without having another form. agscala fucked around with this message at 02:37 on Dec 17, 2008 |
|
#
?
Dec 17, 2008 02:34
|
|
|
Yes.code:
|
|
#
?
Dec 17, 2008 02:41
|
|
|
fletcher posted:What exactly are you trying to do? You can use memcache to store things in memory to reduce database queries, I don't think you are supposed to use it to store things like the database connection though. A persistent database connection is probably better left managed by the db. MySQL has options for persistant connections and you can set something like PDO::ATTR_PERSISTENT when you create your database connection. It's not a database connection, the database connection is through Caché. We connect to it and query it through an in-house framework. What I'm storing into the database object is nothing more than a list of objects that having on hand would reduce the amount of times I need to query the actual database. I got it working by serializing my database object and then storing it in a $_SESSION variable. Would memcache be a faster/better way to do this?
|
|
#
?
Dec 17, 2008 02:44
|
|
|
supster posted:Yes. Well, what would be a better way to abstract it? I'd rather learn it a better way cause I can probably come up with wrong ones all day long.
|
|
#
?
Dec 17, 2008 02:45
|
|
|
Ferg posted:It's not a database connection, the database connection is through Caché. We connect to it and query it through an in-house framework. What I'm storing into the database object is nothing more than a list of objects that having on hand would reduce the amount of times I need to query the actual database. I got it working by serializing my database object and then storing it in a $_SESSION variable. Would memcache be a faster/better way to do this? Yeah, sounds like a good use of memcache. I can't really comment on the performance of that vs. just doing a DESCRIBE of the table every time, which is what it sounds like you want to store, I'd guess memcache is faster though.
|
|
#
?
Dec 17, 2008 03:01
|
|
|
fletcher posted:Yeah, sounds like a good use of memcache. I can't really comment on the performance of that vs. just doing a DESCRIBE of the table every time, which is what it sounds like you want to store, I'd guess memcache is faster though. It's not even a table actually. I'm not a Mumps programmer so I'm not entirely sure on exactly how Caché perceives data, but we get it in a tilda delimited string. It's pretty drat awkward.
|
|
#
?
Dec 17, 2008 03:10
|
|
|
Ferg posted:It's not a database connection, the database connection is through Caché. We connect to it and query it through an in-house framework. What I'm storing into the database object is nothing more than a list of objects that having on hand would reduce the amount of times I need to query the actual database. I got it working by serializing my database object and then storing it in a $_SESSION variable. Would memcache be a faster/better way to do this? Your database object will still have to be serialized to store with memcached. edit: oh my god Caché and MUMPS are you seroius  edit2: out of curiosity, hwo well is Caché performing? How large are your data sets? supster fucked around with this message at 03:42 on Dec 17, 2008 |
|
#
?
Dec 17, 2008 03:34
|
|
|
agscala posted:Well, what would be a better way to abstract it? I'd rather learn it a better way cause I can probably come up with wrong ones all day long. However, if you really want to do it a different way - then consider having your update.php be a collection of functions (or a class) that allows you to interact with your database. Then instead of posting to update.php post to something specific to what action is being performed (e.g., adduser.php) and then use the collection of functions defined in update.php to interact with the database.
|
|
#
?
Dec 17, 2008 03:38
|
|
|
supster posted:One large difference between memcached and $_SESSION will be that memcache will store only one copy of your database object, whereas $_SESSION will be storing one for each concurrent user session that is active. Well it will be an interesting test to see if there's a performance boost. I don't mind serializing if it at least gives me some boost to speed. The app this is for is a smaller project with minimal traffic compared to my main job. I'm the frontend developer for a large pizza online ordering site (I'm not entirely sure it's kosher for me to say which). I can't say how many orders we put through a night or what kind of data we're working with, but it's big time. The database holds up well to the pressure, though we keep on several full time Caché guys and our IT guys work pretty hard. Ferg fucked around with this message at 04:26 on Dec 17, 2008 |
|
#
?
Dec 17, 2008 04:16
|
|
|
So you guys use Cache with PHP? Or are you using CSP for the pizza place? Did you used to use a relational database and then move to Cache because of performance problems? Oh and for your original problem... if creating a database object for each user isn't really a problem (i.e., few users, lots of pageviews per user) then just use $_SESSION to store the seralized object, but if you are going to have a lot of concurrent users then you might want to look into memcached.
|
|
#
?
Dec 17, 2008 04:27
|
|
|
supster posted:So you guys use Cache with PHP? Or are you using CSP for the pizza place? Did you used to use a relational database and then move to Cache because of performance problems? We'll have about 8,000 concurrent users  It's a customer service ticket tracking app that's run in stores. Each store runs it to handle their customer service issues (i.e. bitchy customers) independently.Yeah we've got a custom-built interface to access the Caché from PHP. The application is about 7 years old, and I haven't been there that long so I have no idea what the original reason was for using Caché. But drat do I wish we had something more normal. I'll double check later that it's cool for me to talk about which large pizza joint uses Caché and fill you in to give you a grasp of the scope. But to put it bluntly, it's big. Ferg fucked around with this message at 04:38 on Dec 17, 2008 |
|
#
?
Dec 17, 2008 04:33
|
|
|
Here's a quick question about string processing. I want to save HTML code to a string value. However, problems arise when the HTML code has characters which would usually have to be escaped in PHP. For example, if I wanted to store the string <div id="foo">, php automatically converts the string to <div id=\"foo\"> ie. with the escape characters. Now, I want to be able to save the code to an html file, and then render that page. You can therefore see why the above problem would cause trouble. At the moment, I write the string to the file and it keeps the escape characters. This then causes the page to not render. How do I go about solving this problem? Will I have to traverse the array character by character and remove the escape characters or is there a simple string method or other solution that can take care of this?
|
|
#
?
Dec 17, 2008 07:36
|
|
|
Munky_Magic posted:For example, if I wanted to store the string <div id="foo">, php automatically converts the string to <div id=\"foo\"> ie. with the escape characters. Where does it do this, with the deprecated magic quotes?
|
|
#
?
Dec 17, 2008 07:46
|
|
|
Munky_Magic posted:How do I go about solving this problem? Will I have to traverse the array character by character and remove the escape characters or is there a simple string method or other solution that can take care of this? You're looking for [url=http://us3.php.net/stripslashes[/url]stripslashes()[/url]. I'm not quite sure why your strings are automatically getting escaped though. If it is form input, then magic quotes would be causing this (as MrMoo said) and you should turn magic quotes off and properly escape your own data.
|
|
#
?
Dec 17, 2008 07:52
|
|
|
Ferg posted:We'll have about 8,000 concurrent users Anyway, it doesn't really matter what pizza joint it is (I saw it before your edit anyway  ), I was just mostly curious about the advantages of using Caché and why someone would choose to use it over a more traditional RDBMS. You said that you wish you were using something more normal... how come you aren't using something more normal on this new project? Are you guys just a Caché shop and that's how you do it?
supster fucked around with this message at 07:59 on Dec 17, 2008 |
|
#
?
Dec 17, 2008 07:56
|
|
|
supster posted:I'm not quite sure why your strings are automatically getting escaped though. If it is form input, then magic quotes would be causing this (as MrMoo said) and you should turn magic quotes off and properly escape your own data. It is form input. The textarea that the code is in (which then gets POST'd to an update.php page which writes the textarea's content to the file) is inside a form. Is turning off Magic Quotes something that I can do from my end? I thought that it was something you'd have to set server side (I use webhosting, and don't run my own server). Thanks for your response - I'll try the stripslashes function. Munky_Magic fucked around with this message at 08:03 on Dec 17, 2008 |
|
#
?
Dec 17, 2008 08:01
|
|
|
Munky_Magic posted:Is turning off Magic Quotes something that I can do from my end? I thought that it was something you'd have to set server side (I use webhosting, and don't run my own server). 1. Disable it in the php.ini configuration file. You probably can't do this unless it's your own server, although I think a lot of shared hosts allow you to have local php.ini files that are loaded in addition to the global php.ini. Add this line: magic_quotes_gpc = Off 2. Add this line to your .htaccess file: php_flag magic_quotes_gpc Off 3. Use ini_set() at runtime. Put ini_set('magic_quotes_gpc', 0) at the top of your scripts (before form data is posted). You may lack permissions to do any of the above. If that is the case then you can stick this at the top of your scripts to artificially turn it off by stripping slashes from everything macig quotes affects. php:<?
if (get_magic_quotes_gpc())
{
function remove_magic_quotes(&$data)
{
if(is_array($data))
{
foreach($data as $k=>$v)
$data[$k] = remove_magic_quotes($v);
return $data;
}
else
return stripslashes($data);
}
$_GET = remove_magic_quotes($_GET);
$_POST = remove_magic_quotes($_POST);
$_COOKIE = remove_magic_quotes($_COOKIE);
$_REQUEST = remove_magic_quotes($_REQUEST);
}
?>
|
|
#
?
Dec 17, 2008 08:51
|
|
|
supster posted:Sounds like you should definitely look into using memcached, but honestly if you're expecting 8k concurrent users I suspect you probably (hopefully) have someone experienced and knowledgable in designing the architecture to support your application with that many users and memcached may not be the path s/he wants to take. Yeah the entire reason I'm writing this application is to improve speed on the old one. There's a lot of care being taken into performance, so I'll give memcache a shot. As far as why Caché for this project, it's so deeply integrated into the system at this point that you could say we're a Caché shop and that's our thing. My assumption is (and I'm not a Caché programmer) that they need the power of the Mumps language to interface with the point-of-sale systems in each store. Every store doesn't use the same system, so it adds a layer of complexity to the mix. I know from talking to the database guys that there's a good deal of power in Mumps that allows them to manually handle delegating which jobs go to which servers at the datacenter. I do believe in an upcoming redesign of the main ordering app we will be looking more into Caché's SQL features to hopefully get a more sane interface working. I've heard it does do some RDBMS type stuff, but I try to avoid databasing at all costs at this job.
|
|
#
?
Dec 17, 2008 15:49
|
|
|
Is it a bad idea to do an INSERT into a MyISAM table every time a page of a website is loaded? How many hits/sec would it take to start being a problem? I want to keep track of each GET/POST to the site, with information about who it was, what they were doing, etc. Or should I be doing this with apache logs? How might I write the user id # relevant to my webapp to the apache log?
|
|
#
?
Dec 18, 2008 05:43
|
|
|
fletcher posted:How might I write the user id # relevant to my webapp to the apache log? There's a few mod_sql variants that should be able to handle this for you.
|
|
#
?
Dec 18, 2008 05:55
|
|
|
===== EDIT ===== I realised I could test out the answer for myself. PHP's behaviour is as desired, i.e. a new random salt every time. Is anybody able to answer this question on crypt() for me? I want to use the following procedure when someone sends me a form to register a new account. I am generating a validation string which will be sent to them in an email. I am also encrypting the validation string, the password and the "secret answer" and storing them in the database. php:<?
$CharArray = array ("a","b","c","d","e","f","g","h","i","j",
"k","l","m","n","o","p","q","r","s","t",
"u","v","w","x","y","z","0","1","2","3",
"4","5","6","7","8","9","-","~",",","!",);
$thevstring = "";
for ($i=0;$i<20;$i++) {
$j = rand(0,39);
$thevstring .= $CharArray[$j];
}
$encryptedthevstring = crypt($thevstring);
$EscapedPassword = crypt($EscapedPassword);
$EscapedAnswer = crypt($EscapedAnswer);
$QueryResult = mysqli_query ($cxn,
"INSERT INTO User (Name,Password,SecretAnswer,Email,RegistrationDate,
LastLogin,Pronoun,PersonalStatement,ScrambleKey) VALUES
('{$EscapedUserName}','{$EscapedPassword}','{$EscapedAnswer}','{$EscapedEmail}',
NOW(),NOW(),'{$_POST[Pronoun]}','','{$encryptedthevstring}')")
or die($writeerrormessage);
$NewUserID = mysqli_insert_id($cxn);
(etc)
?>php.net posted:salt The first paragraph seems to mean that PHP will use a different salt in each of the three encryptions it is carrying out in my program. This is the behaviour I want. I'm not sure what the second paragraph means, though. Does it mean that crypt() will just keep using the same salt every time I call it during the execution of this script? This is not what I want it to do, and I'm confused because if this is the correct interpretation of the second paragraph then it seems to contradict the first paragraph. What does "the supplied salt" mean, anyway? If it is going to use the same salt three times, is there some way I can get it to re-randomise the salt between my calls to crypt()? Further details - I have found that CRYPT_SALT_LENGTH is equal to 12 on my PHP installation. When users wish to log in, use their secret question, etc. the password (or whatever) that they supply will be compared to the encrypted password in the database by calling crypt() and specifying the encrypted password as the salt. Hammerite fucked around with this message at 19:09 on Dec 18, 2008 |
|
#
?
Dec 18, 2008 18:49
|
|
|
php:<?
try
{
$rs = $this->db->CacheExecute($sql, $username);
$this->user = $rs->FetchRow();
}
catch(Exception $e)
{
$this->user = array();
}
return $rs == true;
?>
|
|
#
?
Dec 18, 2008 21:18
|
|
|
Hammerite posted:Further details - I have found that CRYPT_SALT_LENGTH is equal to 12 on my PHP installation. When users wish to log in, use their secret question, etc. the password (or whatever) that they supply will be compared to the encrypted password in the database by calling crypt() and specifying the encrypted password as the salt. Don't you want to be comparing the input crypted by the original salt against the encrypted password, rather than decrypt the password? Isn't this also a case where you'd want to store a SHA-1 hashed password and the salt in the database? Validation's not so much decrypting the field to check the input, but making sure the input encrypts the same as the field. Is encrypt() more secure than sha1()?
|
|
#
?
Dec 18, 2008 21:24
|
|
|
|
| # ? May 17, 2024 01:06 |
|
|
drcru posted:Will this evaluate the last statement? Yes.
|
|
#
?
Dec 18, 2008 22:18
|
|