<?PHP questions that don\\'t need their own thread ?>

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > <?PHP questions that don\\'t need their own thread ?>

«‹›223 »

spiritual bypass: Feb 19, 2008; Grimey Drawer

I'm trying to get the output of a shell command and it's only returning the first element of a long output.

php:

<?php
$output = shell_exec('pwgen');
print($output);
?>

only gives me something like

code:

mohD1ahj

instead of

code:

ohbePh6d aCi3ouz1 xee2uSoh Cha6niLi EbieD1wu Aim9oruJ AhM1ni2e Fahm9Yah
Seo4agh0 eeZ0eiSh Zai8eigh EiNu9aid noBaig6I aiS7biel ieQu9eh9 nae7AhTh
eeshooY7 Oov0eree aew7Sho2 eeha2aiF baut1Oph tooj9niB Xohph4ki Kath4ih9
ShohF7Da FeiGe5ei yohYee5o Lu7oota8 vohRat7e xeeZei4i eB8aht9o Eeghue1G

Is there a way to make shell_exec give me the correct output or do I need to make some crazy workaround with temp files?

# ? Sep 9, 2009 19:07

Adbot: ADBOT LOVES YOU

# ? May 16, 2024 17:07

thedaian: Dec 11, 2005; Blistering idiots.

royallthefourth posted:

Is there a way to make shell_exec give me the correct output or do I need to make some crazy workaround with temp files?

passthru might do what you want, even though the documentation makes it sound like it'll only output a binary result for some reason.

# ? Sep 9, 2009 19:49

ShoulderDaemon: Oct 9, 2003; support goon fund; Taco Defender

pwgen(1) posted:

The pwgen program is designed to be used both interactively, and in shell scripts. Hence, its default behavior differs depending on whether the standard output is a tty device or a pipe to another program. [...] When standard output (stdout) is not a tty, pwgen will only generate one password, as this tends to be much more convenient for shell scripts, and in order to be compatible with previous versions of this program.

In addition, for backwards compatibility reasons, when stdout is not a tty and secure password generation mode has not been requested, pwgen will generate less secure passwords, [...]

Manpages are helpful!

# ? Sep 9, 2009 20:21

spiritual bypass: Feb 19, 2008; Grimey Drawer

ShoulderDaemon posted:

Manpages are helpful!

Thanks for the tip. I thought I knew how to use the program, but I certainly wasn't expecting this. I don't often write programs that interact with the shell; is this sort of changing behaviour common?

# ? Sep 9, 2009 21:43

Stephen: Feb 6, 2004; Stoned

Regarding SFTP in PHP. Can anyone offer any advice or solutions for using this protocol? I still can't believe PHP doesn't have this support built in. I can't access SFTP in cURL without an upgrade to the libraries. =(

# ? Sep 10, 2009 00:52

Novo: May 13, 2003; ^{Stercorem pro cerebro habes}; Soiled Meat

Stephen posted:

Regarding SFTP in PHP. Can anyone offer any advice or solutions for using this protocol? I still can't believe PHP doesn't have this support built in. I can't access SFTP in cURL without an upgrade to the libraries. =(

Use proc_open to drive a command-line sftp session? http://www.molecularsciences.org/PHP/proc_open_tutorial_and_examples

Or mount it with FUSE and use normal filesystem functions? http://fuse.sourceforge.net/sshfs.html

# ? Sep 10, 2009 06:37

gibbed: Apr 10, 2006

http://www.php.net/manual/en/book.ssh2.php

# ? Sep 10, 2009 07:04

Novo: May 13, 2003; ^{Stercorem pro cerebro habes}; Soiled Meat

well would you look at that

# ? Sep 10, 2009 07:05

Loving Africa Chaps: Dec 3, 2007; We had not left it yet, but when I would wake in the night, I would lie, listening, homesick for it already.

Im pretty new to php and im having trouble with sessions. Basicly what im trying to do is make a simple shopping cart for t-shirts. The cart needs to store tshirt_ID, quantity and size. Im fine with the ID and quantity but size is giving me a real ball ache.

My add cart function is displayed below

code:

function addtocart()
	{
		session_start();
		$tid=$this->uri->segment(3);
		$size=$this->uri->segment(4);
				
		if  (isset($_SESSION['cart'][$tid.$size])) //if its already been added
			{
				$_SESSION['cart'][$tid.$size]['quantity']++;//add another one
				echo "extra tshirt added";
			
			}
		else //no copy of t-shirt in basket
			{
				$_SESSION['cart'][$tid.$size] = array('quantity' => 1);
				echo "added first to cart";
				
			}
		echo anchor('shop', 'back to shop');
	}

This has got the closest to what i want so far as in the view_cart page each t-shirt is on a separate row with the correct quantity but i cant get the size for each tshirt.

Where im sure im going wrong is in the view cart script. Which is fine until:

code:

foreach ($_SESSION['cart'] as $tid=>$items)

I can run the correct query with $tid but for the life of me i cant get the size displayed for each row. I originally tried adding size as part of an array but couldn't get the script to distinguish between different sizes. Any suggestions

Thanks in advance for your help.

# ? Sep 11, 2009 17:49

Begby: Apr 7, 2005; Light saber? Check. Black boots? Check. Codpiece? Check. He's more machine than kid now.

Lyric Proof Vest posted:

Im pretty new to php and im having trouble with sessions. Basicly what im trying to do is make a simple shopping cart for t-shirts. The cart needs to store tshirt_ID, quantity and size. Im fine with the ID and quantity but size is giving me a real ball ache.

My add cart function is displayed below
code:
function addtocart()
	{
		session_start();
		$tid=$this->uri->segment(3);
		$size=$this->uri->segment(4);
				
		if  (isset($_SESSION['cart'][$tid.$size])) //if its already been added
			{
				$_SESSION['cart'][$tid.$size]['quantity']++;//add another one
				echo "extra tshirt added";
			
			}
		else //no copy of t-shirt in basket
			{
				$_SESSION['cart'][$tid.$size] = array('quantity' => 1);
				echo "added first to cart";
				
			}
		echo anchor('shop', 'back to shop');
	}
This has got the closest to what i want so far as in the view_cart page each t-shirt is on a separate row with the correct quantity but i cant get the size for each tshirt.

Where im sure im going wrong is in the view cart script. Which is fine until:
code:
foreach ($_SESSION['cart'] as $tid=>$items)
I can run the correct query with $tid but for the life of me i cant get the size displayed for each row. I originally tried adding size as part of an array but couldn't get the script to distinguish between different sizes. Any suggestions

Thanks in advance for your help.

Lets say your $tid is 'myshirt' and size is xxl and add it to the cart, that means your cart array would look something like

'myshirtxxl' => array (quantity => '1')

In your foreach loop, the $tid variable will contain 'myshirtxxl' and the items would contain an the array with quantity => '1' in it.

If you think the error is in how you are displaying your cart, why don't you post that code, because I am not sure how you are trying to extract the size from the array.

Also, print_r is your friend. You call print_r($_SESSION) then load the page and view the source, and you can see the contents of the cart and exactly how its stored. Another useful one is var_dump that will show the contents of a variable and its exact type.

# ? Sep 11, 2009 19:13

Rat Supremacy: Jul 15, 2007; The custom title is an image and/or line of text that appears below your name in the forums

Is there any way to make php's shell_exec thing pretend to be a tty? Git is irritating as gently caress to work with from php. Does passthru do this?

Rat Supremacy fucked around with this message at 13:08 on Sep 12, 2009

# ? Sep 12, 2009 13:05

spiritual bypass: Feb 19, 2008; Grimey Drawer

No, passthru still behaves the same way.

# ? Sep 12, 2009 18:24

gibbed: Apr 10, 2006

haywire posted:

Is there any way to make php's shell_exec thing pretend to be a tty? Git is irritating as gently caress to work with from php. Does passthru do this?

proc_open?

# ? Sep 12, 2009 18:27

Rat Supremacy: Jul 15, 2007; The custom title is an image and/or line of text that appears below your name in the forums

gibbed posted:

proc_open?

Yummy, cheers

# ? Sep 13, 2009 01:02

Safety Shaun: Oct 20, 2004; the INTERNET!!!1

php:

<?
$myArray = $_REQUEST["myArray"];
print_r($myArray); //prints the contents fine
//^^^ Array ( ['someVar1'] => text woo ['someVar2'] => text wee ['someVar3'] => text omg ['someVar4'] => ['someVar5'] => ) 
echo "test: alias = " . $myArray['someVar1']. "<br>"; //blank?
?>

What am I doing wrong please? the array is bring passed across from the form on the previous page and print_rd properly but I am having trouble using those array entities.

# ? Sep 16, 2009 15:00

Standish: May 21, 2001

Safety Shaun posted:

php:
<?
$myArray = $_REQUEST["myArray"];
print_r($myArray); //prints the contents fine
//^^^ Array ( ['someVar1'] => text woo ['someVar2'] => text wee ['someVar3'] => text omg ['someVar4'] => ['someVar5'] => ) 
echo "test: alias = " . $myArray['someVar1']. " "; //blank?
?>
What am I doing wrong please? the array is bring passed across from the form on the previous page and print_rd properly but I am having trouble using those array entities.

can't tell without full code but I'm guessing $_REQUEST["myArray"] is the literal text:

"Array ( ['someVar1'] => text woo ['someVar2'] => text wee ['someVar3'] => text omg ['someVar4'] => ['someVar5'] => ) "

and not an array at all.

# ? Sep 16, 2009 18:34

fletcher: Jun 27, 2003; ken park is my favorite movie; Cybernetic Crumb

When I pass in an $id to my object's constructor, it looks for it in cache and if there isn't one then it queries the database and fills out the rest of the info about that object. How can I do some sort of reassign of $this so I dont have to manually assign each field?

Basically I want some one line thing:

code:

function __constructor($id) {
    $obj = $cache->get("SomeObj".$id);
     if ($obj != null)
         $this = $obj;
     else {
         //grab it from the db
     }
}

instead of (or the looping/introspecting equivalent):

code:

function __constructor($id) {
    $obj = $cache->get("SomeObj".$id);
     if ($obj != null) {
         $this->id = $obj->id;
         $this->name = $obj->name;
         //...for lots of fields
     }
     else {
         //grab it from the db
     }
}

fletcher fucked around with this message at 02:25 on Sep 17, 2009

# ? Sep 17, 2009 02:22

wolf_man: Oct 5, 2005; Nunez?

fletcher posted:

When I pass in an $id to my object's constructor, it looks for it in cache and if there isn't one then it queries the database and fills out the rest of the info about that object. How can I do some sort of reassign of $this so I dont have to manually assign each field?

Basically I want some one line thing:
code:
function __constructor($id) {
    $obj = $cache->get("SomeObj".$id);
     if ($obj != null)
         $this = $obj;
     else {
         //grab it from the db
     }
}
instead of (or the looping/introspecting equivalent):
code:
function __constructor($id) {
    $obj = $cache->get("SomeObj".$id);
     if ($obj != null) {
         $this->id = $obj->id;
         $this->name = $obj->name;
         //...for lots of fields
     }
     else {
         //grab it from the db
     }
}

if the cached object is just a cached version of the object then why not;

code:

function __constructor($id) {
    $obj = $cache->get("SomeObj".$id);
     if ($obj != null) {
		return $obj;
     }
     else {
         //grab it from the db
     }
}

if not then some sort of private function like so:

code:

function __constructor($id) {
    $obj = $cache->get("SomeObj".$id);
     if ($obj != null) {
		$this->setVariables($obj);
     }
     else {
         //grab it from the db
     }
}

private function setVariables($obj){
	$vars = array('id','name',...);
	foreach($vars as $var){
		if(isset($obj->$var)){
			$this->$var = $obj->$var;
		}
	}
}

# ? Sep 17, 2009 02:56

fletcher: Jun 27, 2003; ken park is my favorite movie; Cybernetic Crumb

wolf_man posted:

if the cached object is just a cached version of the object then why not;
code:
function __constructor($id) {
    $obj = $cache->get("SomeObj".$id);
     if ($obj != null) {
		return $obj;
     }
     else {
         //grab it from the db
     }
}

I am retarded and didn't even think of returning anything from the constructor. Thank you!

# ? Sep 17, 2009 03:44

DaTroof: Nov 16, 2000; CC LIMERICK CONTEST GRAND CHAMPION
There once was a poster named Troof
Who was getting quite long in the toof

fletcher posted:

I am retarded and didn't even think of returning anything from the constructor. Thank you!

PHP does not let you return values from a constructor. It sounds like you should use a static function. You can make the constructor private so the only way to retrieve the object is through the static function.

php:

<?
class CachedObject {
    private function __construct($id) {
        // Code to create the object from the db (and save it to the cache)
    }
    public static function Get($id) {
        $obj = $cache->get($id);
        if ($obj != null) {
            return $obj;
        } else {
            return new CachedObject($id);
        }
    }
}

$x = new CachedObject('12345'); // This won't work

$y = CachedObject::Get('12345'); // This will
?>

# ? Sep 17, 2009 07:45

frumpus: Nov 28, 2005

It sure looks to me like this code should list the events AFTER the table header...

code:

<table width="325" border="0" cellpadding="0">
  <tr>
  <th width="325" class="tableHead" scope="col">Upcoming Events</th>
  </tr>
  <tr></tr>
  <?php
    While ($eventRow = mysql_fetch_array($rsUpcomingEvents))
     {
     ?><tr><strong><?php echo $eventRow['Day'] . ", " . $eventRow['Date'] . " " . $eventRow['Time']; ?></strong><br />
     <?php echo $eventRow['Game']; ?><br />
     <?php echo $eventRow['Details']; ?><br />
     </tr>
     <tr><img src="suits.png" /></tr><?php
     } ?>
</table>

...but instead it does this.

I'm used to working in ASP so I'm sorta clueless here. Can someone give me a clue please?

# ? Sep 17, 2009 17:26

DaTroof: Nov 16, 2000; CC LIMERICK CONTEST GRAND CHAMPION
There once was a poster named Troof
Who was getting quite long in the toof

frumpus posted:

It sure looks to me like this code should list the events AFTER the table header...

code:

<table width="325" border="0" cellpadding="0">
  <tr>
  <th width="325" class="tableHead" scope="col">Upcoming Events</th>
  </tr>
  <tr></tr>
  <?php
    While ($eventRow = mysql_fetch_array($rsUpcomingEvents))
     {
     ?><tr><strong><?php echo $eventRow['Day'] . ", " . $eventRow['Date'] . " " . $eventRow['Time']; ?></strong><br />
     <?php echo $eventRow['Game']; ?><br />
     <?php echo $eventRow['Details']; ?><br />
     </tr>
     <tr><img src="suits.png" /></tr><?php
     } ?>
</table>

...but instead it does this.

I'm used to working in ASP so I'm sorta clueless here. Can someone give me a clue please?

Your table is malformed. Your loop puts content directly in the <tr> element instead of a <td> element. The empty <tr></tr> right before the loop might be a problem, too.

# ? Sep 17, 2009 17:30

frumpus: Nov 28, 2005

DaTroof posted:

Your table is malformed. Your loop puts content directly in the <tr> element instead of a <td> element. The empty <tr></tr> right before the loop might be a problem, too.

Thanks, I'll stick some td tags in there and see if that straightens it out. Leave it to me to get wrapped up in learning php and forgetting basic html. :blush:

The empty row I actually added after the problem arose to see if it changed anything.

edit: Yeah, that fixed it. I'm dumb.

frumpus fucked around with this message at 17:46 on Sep 17, 2009

# ? Sep 17, 2009 17:33

fletcher: Jun 27, 2003; ken park is my favorite movie; Cybernetic Crumb

DaTroof posted:

PHP does not let you return values from a constructor. It sounds like you should use a static function. You can make the constructor private so the only way to retrieve the object is through the static function.

Oh, maybe that's why I didn't think of doing it! Thanks for the snippet.

# ? Sep 17, 2009 20:10

Munkeymon: Aug 14, 2003; Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

Does any language with OO constructs let you return something from the constructor? I can't think of one that does.

# ? Sep 17, 2009 21:17

Filthy Lucre: Feb 27, 2006

After spending a few hours trying to get Jack's formmail.php script working and not having any luck, I gave up and wrote my own.

Since I'm pretty new at PHP, I was hoping someone with a little more experience could give my code a quick look over to make sure I'm not doing anything obviously stupid before I put the code on a public web page.

code:

<?php
$to = "me@mydomain.com";
$bcc = "";

function sanitizePOST() {
  $keyWords = array ( "to", "bcc");
  $body = "";
  
  foreach($_POST as $key => $value) {
    $goodText = true;
    for($i=0; $i<count($keyWords); $i++)
	  if ($key == $keyWords[$i]) $goodText = false;
	
    if ($goodText == true) {
	  if (strlen($value) > 0) $body .= $key .": " .$value ."\r\n\r\n";
	  else $body .= $key .": empty\r\n\r\n";
	}else exit;
  }
  return $body;
}

$msgBody = sanitizePOST();
$additionalHeaders 	= "From: Web Form Submittal\r\n";
if (strlen($bcc) > 0) $additionalHeaders .= "BCC: " .$bcc ."\r\n";
mail($to, "Web Form Submittal", $msgBody, $additionalHeaders);

echo "<b>Your submission has been sent. Thank you for your participation.</b><br><br>";
?>

$to and $bcc should be sanitized by the sanitizePOST function, so it shouldn't be able to send email to unauthorized addresses. I hope, anyway.

# ? Sep 17, 2009 22:55

Agrikk: Oct 17, 2003; Take care with that! We have not fully ascertained its function, and the ticking is accelerating.

Two things:

I have this code:

php:

<?
$Size = 0;

if ($Size === "S" || $Size === 0)  $Test =  "S";
if ($Size === "LGG") $Test =  "LGG";
if ($Size === "SGG") $Test =  "SGG";
if ($Size > 0 && $Size <=9)  $Test =  $Size;
if ($Size === "A" )  $Test =  "A";

echo $Test;
?>

Assuming the valid values for $Size are S, LGG, SGG, A and the numbers 0-9, is there a more efficient way of evaluating $Size to produce $Test?

Agrikk fucked around with this message at 07:09 on Sep 18, 2009

# ? Sep 18, 2009 07:03

Tad Naff: Jul 8, 2004; _{I told you you'd be sorry buying an emoticon, but no, you were hung over. Well look at you now. It's not catching on at all!}

Agrikk posted:

Two things:

I have this code:
php:
<?
$Size = 0;

if ($Size === "S" || $Size === 0)  $Test =  "S";
if ($Size === "LGG") $Test =  "LGG";
if ($Size === "SGG") $Test =  "SGG";
if ($Size > 0 && $Size <=9)  $Test =  $Size;
if ($Size === "A" )  $Test =  "A";

echo $Test;
?>
Assuming the valid values for $Size are S, LGG, SGG, A and the numbers 0-9, is there a more efficient way of evaluating $Size to produce $Test?

php:

<?
$Size=0;
$Test=($Size===0)?'S':$Size;
if(!preg_match('~^(S|LGG|SGG|[0-9]|A)$~',$Size) unset($Test); // this line might be unneccessary, depending
echo $Test;
?>

# ? Sep 18, 2009 07:23

Standish: May 21, 2001

Filthy Lucre posted:

After spending a few hours trying to get Jack's formmail.php script working and not having any luck, I gave up and wrote my own.

Since I'm pretty new at PHP, I was hoping someone with a little more experience could give my code a quick look over to make sure I'm not doing anything obviously stupid before I put the code on a public web page.
code:
<?php
$to = "me@mydomain.com";
$bcc = "";

function sanitizePOST() {
 $keyWords = array ( "to", "bcc");
 $body = "";
 
 foreach($_POST as $key => $value) {
 $goodText = true;
 for($i=0; $i<count($keyWords); $i++)
	 if ($key == $keyWords[$i]) $goodText = false;
	
 if ($goodText == true) {
	 if (strlen($value) > 0) $body .= $key .": " .$value ."\r\n\r\n";
	 else $body .= $key .": empty\r\n\r\n";
	}else exit;
 }
 return $body;
}

$msgBody = sanitizePOST();
$additionalHeaders 	= "From: Web Form Submittal\r\n";
if (strlen($bcc) > 0) $additionalHeaders .= "BCC: " .$bcc ."\r\n";
mail($to, "Web Form Submittal", $msgBody, $additionalHeaders);

echo "Your submission has been sent. Thank you for your participation. ";
?>
$to and $bcc should be sanitized by the sanitizePOST function, so it shouldn't be able to send email to unauthorized addresses. I hope, anyway.

You're never assigning anything from $_POST to $to and $bcc (they're hardcoded to "me@mydomain.com" and "" respectively), so there should be no need to sanitize them, unless they're being automatically assigned because you have register_globals turned on, which is really really bad and should be turned off immediately.

# ? Sep 18, 2009 09:34

MrMoo: Sep 14, 2000

Probably needs it's own thread, but anyone found or created anything useful for OpenID?

I'm looking for a PHP equivalent of this site as setup by Google to demonstrate fancy pants OpenID login:

http://www.puffypoodles.com/lso2

It's a JSP and Java Servlet combination and the magic is probably happening below. It takes the domain of an entered email address and magically conjures up the OpenID Identity URL.

code:

    // if the user typed am email address, ignore the user part
    openid = openid.replaceFirst(".*@", "");

    // we assume that the user typed an identifier for an IdP, not for a user
    IdpIdentifier openId = new IdpIdentifier(openid);

    AuthRequestHelper helper = consumerHelper.getAuthRequestHelper(
        openId, returnToUrl.toString());

http://code.google.com/p/step2/sour...ginServlet.java

I'm looking at the PHP-OpenID library that's bundled in Debian but it's rather obtuse on quick inspection, the demo is certainly not so useful,

http://openidenabled.com/php-openid/trunk/examples/consumer/

You need to enter "https://www.google.com/accounts/o8/" for Google as the Identity URL, but this wouldn't work for Yahoo!, Facebook or whatever other popular OpenID systems are out there.

# ? Sep 18, 2009 12:21

Filthy Lucre: Feb 27, 2006

Standish posted:

You're never assigning anything from $_POST to $to and $bcc (they're hardcoded to "me@mydomain.com" and "" respectively), so there should be no need to sanitize them, unless they're being automatically assigned because you have register_globals turned on, which is really really bad and should be turned off immediately.

register_globals is off. I had read that having it on is a security risk.

I was sanitizing them because I was worried about someone doing something like

http://www.mydomain.com/myscript.php?to=spammee@address.com&bcc=everyone@world

to use the script to send email. Are you saying having register_globals=off prevents that sort of thing anyway?

As you can tell, I don't have a lot of experience with PHP.

# ? Sep 18, 2009 16:09

Begby: Apr 7, 2005; Light saber? Check. Black boots? Check. Codpiece? Check. He's more machine than kid now.

Filthy Lucre posted:

register_globals is off. I had read that having it on is a security risk.

I was sanitizing them because I was worried about someone doing something like

http://www.mydomain.com/myscript.php?to=spammee@address.com&bcc=everyone@world

to use the script to send email. Are you saying having register_globals=off prevents that sort of thing anyway?

As you can tell, I don't have a lot of experience with PHP.

Yes, register globals turns that off. If you are not sure, then try doing your example above and see what happens.

As for your sanitize script, its super duper whacky. Where did you get that snippet and what exactly is it doing?

# ? Sep 18, 2009 17:12

Munkeymon: Aug 14, 2003; Motherfucker's got an
armor-piercing crowbar! Rigoddamndicu𝜆ous.

You should just compose $messageBody out of the elements of $_POST you want to use rather than try to sanitize and include whatever some jerkass pases in.

php:

<?
$messageBody = $_POST['body']."\r\n";
$subject = $_POST['sub']."\r\n";
//whatever else you _know_ you want
?>

Unless you mean to include just about anything anyone passes in, in which case you might consider preg_replaceing anything but letters, numbers and spaces with nothing ("") to prevent the strings from carrying anything suspicious.

edit: also, in_array is better than a for loop to see if some value is in an array

# ? Sep 18, 2009 17:13

Filthy Lucre: Feb 27, 2006

Begby posted:

Yes, register globals turns that off. If you are not sure, then try doing your example above and see what happens.

As for your sanitize script, its super duper whacky. Where did you get that snippet and what exactly is it doing?

I did try my example, when it didn't work I just assumed I was doing something wrong. Without knowing that register_globals turns that off, I figured it was safer to assume I was stupid than my script was secure.

The sanitize portion was doing two things;

code:

$goodText = true;
for($i=0; $i<count($keyWords); $i++)
  if ($key == $keyWords[$i]) $goodText = false;

Was to make sure no one was trying to pass in a bad value for $to or $bcc. I didn't know about the in_array function, so that's why I used the for loop.

code:

if ($goodText == true) {
  if (strlen($value) > 0) $body .= $key .": " .$value ."\r\n\r\n";
  else $body .= $key .": empty\r\n\r\n";
}else exit;

Was building the message body, assuming it wasn't a bad $to or $bcc argument. If it was a $to or $bcc argument ($goodText == false), it would exit so that the email wouldn't send.

The whole function would then return the message body into $msgBody which would go out in the mail() call.

# ? Sep 18, 2009 18:59

Filthy Lucre: Feb 27, 2006

Munkeymon posted:

You should just compose $messageBody out of the elements of $_POST you want to use rather than try to sanitize and include whatever some jerkass pases in.

It's mailing the results of a survey form from a web page. I may or may not be the one building survey page, so I was trying to build something generic. I have no way of knowing the names of the fields used on the form, hence the foreach going through $_POST rather than just pulling the elements straight out.

# ? Sep 18, 2009 19:06

fletcher: Jun 27, 2003; ken park is my favorite movie; Cybernetic Crumb

MrMoo posted:

Probably needs it's own thread, but anyone found or created anything useful for OpenID?

This may be a dumb question, but what is to stop me from putting a fake login on some site that claims to be an "OpenID login" and just stealing a bunch of OpenID credentials?

# ? Sep 18, 2009 20:10

waffle iron: Jan 16, 2004

fletcher posted:

This may be a dumb question, but what is to stop me from putting a fake login on some site that claims to be an "OpenID login" and just stealing a bunch of OpenID credentials?

With OpenID you give it a personal URL and then it hands it off to your OpenID provider. Then the result from your provider links you back to a URL at the original site with an authentication token. At least that is my understanding.

# ? Sep 19, 2009 01:27

MrMoo: Sep 14, 2000

fletcher posted:

This may be a dumb question, but what is to stop me from putting a fake login on some site that claims to be an "OpenID login" and just stealing a bunch of OpenID credentials?

The OpenID server provides a unique ID bound to that provider so cannot imitate another provider.

I found some more PHP code that has a basic hard coded array of domains to Identity URLs, but there should be some method for automatic "federated" discovery.

http://perplexed.co.uk/867_openid.htm

code:

Array
(
    [@gmail.com] => https://www.google.com/accounts/o8/id
    [@googlemail.com] => https://www.google.com/accounts/o8/id
    [@yahoo.co.uk] => http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
    [@yahoo.com] => http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
    [@aol.com] => http://openid.aol.com/{username}
    [@aol.co.uk] => http://openid.aol.com/{username}
)

# ? Sep 19, 2009 03:32

MrMoo: Sep 14, 2000

Some progress on this, I have a discovery mechanism setup patched to XRDS-Simple. The mechanism is called host-meta, patch:

http://pastebin.com/f428fac98

To SVN of Diso/XRDS-Simple:

http://diso.googlecode.com/svn/php/xrds-simple/trunk/

Then code for the Idp Discovery can run like this:

code:

<?php

require_once 'XRDS.php';
require_once 'XRDS/Discovery.php';

$domain = 'miru.hk';

$disco = new XRDS_Discovery();
$disco->discovery_methods = array('XRDS_Discovery_Host_Meta');
$xrds = $disco->discover('https://www.google.com/accounts/o8/.well-known/host-meta?hd=' . $domain);

$xrd = $xrds->xrd[0];
$identityUri = $xrd->service[1]->uri[0]->uri;

if (0 == strcmp($xrd->canonicalId, $domain)) {
	echo "identity uri: $identityUri\n\n";
} else {
	echo "discovery failed.\n\n";
}

?>

For non-Google domains the script should pull direct from http://example.com/.well-known/host-meta, with which Yahoo! this returns an XRD which I'm not sure what to do with as it's for user discovery.

code:

<XRD>
<Host>yahoo.com</Host>
<Link>
<Title>WebFinger</Title>
<Rel>http://webfinger.info/rel/service</Rel>
<Rel>describedby</Rel>
<URITemplate>http://webfinger.yahooapis.com/?id={%id}</URITemplate>
</Link>
</XRD>

MrMoo fucked around with this message at 09:42 on Sep 21, 2009

# ? Sep 21, 2009 09:40

Adbot: ADBOT LOVES YOU

# ? May 16, 2024 17:07

Hanpan: Dec 5, 2004

Does anyone have any neat methods for preparing a associative array for use in a SQL update statement? Normally I do something like this:

code:

$str = "";
foreach($values as $key=>$value)
{
   $str.= $key.'=\''.$value.'\',';
}

Then remove the last comma using substr. It's really messy, and I am sure there is a nicer way of doing it?

# ? Sep 21, 2009 16:04

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > <?PHP questions that don\\'t need their own thread ?>

«‹›223 »