|
rt4 posted:I found something that really confuses me about an application. There's a function that serializes an array and then posts that string to another file using cURL. That file just unserializes and the post and passes the data into a function. It looks to me like it would make far more sense just to pass the stuff straight into the function from the initial function. Sounds like artificial multi-threading, the caller of the first function returns while the second function is still running.
|
# ? Feb 5, 2010 22:18 |
|
|
# ? May 15, 2024 02:09 |
|
Alex007 posted:Sounds like artificial multi-threading, the caller of the first function returns while the second function is still running. I'd go with that except the program waits for cURL to return before proceeding and uses the return value for the following calculations. It looks like it does a require() of a class in the second file. The required classes all implement the same interface; perhaps he was trying to prevent the size of the code from getting too big (I don't know why)? Perhaps some of the classes the end up getting required cause conflicts with each other?
|
# ? Feb 5, 2010 22:23 |
|
rt4 posted:I'd go with that except the program waits for cURL to return before proceeding and uses the return value for the following calculations. Are there other apps that use the same interface? If not, then
|
# ? Feb 5, 2010 23:15 |
|
Lumpy posted:Are there other apps that use the same interface? If not, then None at all. I'm going to refactor this piece of poo poo.
|
# ? Feb 5, 2010 23:19 |
|
Am I using PHP's crypt() function as securely as I should be? When I have a new user, or a user changes his password, I generate the new password hash like this: $Password = crypt($Password); When I have to check that a user has entered his password correctly, I get his hashed password from the database and compare like this: $EnteredPassword = crypt($EnteredPassword,$HashedPassword); if ( $EnteredPassword == $HashedPassword ) { /* Password was entered correctly */ } else { /* Password was incorrect */ } I have read many exhortations to supply a salt for the encryption algorithm to use. But everything I read online says that crypt() creates its own random salt if it is called without its salt argument. So why is it that there are so many warnings about not using salts, if it's automatic? Am I doing something wrong? NB. I am aware that it is necessary to check that a sufficiently secure encryption algorithm is in use. I have verified that my hosting provider's installation of PHP uses MD5. When I browse my database, all of the hashed user passwords begin with $1$... and all of them are different from the 4th character onwards. One thing I do find confusing is that the PHP manual page on crypt() states that "if you are using the supplied salt, you should be aware that the salt is generated once. If you are calling this function repeatedly, this may impact both appearance and security." At face value this appears to mean that the random salt is generated only once, and will be the same every time you use crypt() without its second argument in the course of a script. But this doesn't seem to be the case from what I can see.
|
# ? Feb 8, 2010 18:20 |
|
Hammerite posted:Am I using PHP's crypt() function as securely as I should be? It looks like it's storing the salt on the front end of the string it spits out in the examples in the docs. Why not store the salt in a different column and hash with a better algorithm? You can see what's available with hash_algos(): php:<? $sample = 'somedumbasshole@someannoyingclinet.com'; echo 'All the hashes I know how to do of "', $sample, '":<br>'; foreach(hash_algos() as $hash) echo $hash, ': |', hash($hash, $sample), '|<br>'; ?>
|
# ? Feb 8, 2010 19:17 |
|
I was reading up on the limitations of automatic password generators on Wikipedia yesterday and was wondering how this effort would do at addressing them. It uses the current microtime() to seed the mt_rand generator, but then uses another source of randomness, the digits a user entered*, to determine how many times the generator is called before it actually starts being used to generate passwords. *OK so humans aren't a good source of randomness, but I figure it's a valid way of improving randomness that's already present. Munkeymon posted:sha256 should be available and it's better than MD5. This way, you know what's going on and you're not depending on PHP's magical behavior. Also you could more easily use the same database with a different language should you ever choose to do so. If there's better methods to be used I guess I'll see about making use of them. I don't want to break the current system though, since it works well. Seems like it would be necessary to set up a system for managing which type of hash was being used for each user's passwords, and using the appropriate method to check when they enter their password. Of course, I could set it up so that it automatically swaps out their MD5 hash for an sha256 hash when a correct password is entered. I was mainly worried that I was inadvertently doing something horrifically wrong without realising it, but it doesn't sound like it.
|
# ? Feb 9, 2010 15:14 |
|
rt4 posted:I found something that really confuses me about an application. There's a function that serializes an array and then posts that string to another file using cURL. That file just unserializes and the post and passes the data into a function. It looks to me like it would make far more sense just to pass the stuff straight into the function from the initial function. If the two files are operating remotely (different hosts) to one another, then you could do that. If it's legacy that the second file used to use a form input, then it might be a hack to replace the form with a script directly to the processor. There's probably a reason for it other than someone hating their fingertips.
|
# ? Feb 9, 2010 16:41 |
|
Just a quick question about callbacks I've never realised before: When you pass the callback function to the looping function, you are limited in that you can't pass other variables to it:php:<? $args = array(); loopfunction($callback); // This is fine loopfunction($callback($args)); // this is NOT fine ?> php:<? function loopfunction($callback, $args) { $callback($args); } loopfunction($callback, $args); $callback = function($args) { ... }; ?>
|
# ? Feb 9, 2010 17:24 |
|
http://us2.php.net/manual/en/function.call-user-func.php and http://us2.php.net/manual/en/function.call-user-func-array.php For some reason I really hate the abbreviation of function as 'func' but not quite as much as I hate the use of 'app' in basically every context it's commonly used in now
|
# ? Feb 9, 2010 17:35 |
|
I'm pulling a couple DECIMAL(10,2) values from the db, but I see warning signs everywhere making sure I never compare floats. How does one do anything related to currency in php? Rounding? BC_Math? String comparison? Keeping dollars and cents as separate integers? round($f1, 2) === round($f2, 2) won't work as I'd like it to, will it?
|
# ? Feb 10, 2010 05:13 |
epswing posted:I'm pulling a couple DECIMAL(10,2) values from the db, but I see warning signs everywhere making sure I never compare floats. How does one do anything related to currency in php? Rounding? BC_Math? String comparison? Keeping dollars and cents as separate integers? Check to see if the differences are within an acceptable tolerance. Check out this for more information on why you shouldn't compare floats. fletcher fucked around with this message at 07:49 on Feb 10, 2010 |
|
# ? Feb 10, 2010 07:46 |
|
fletcher posted:Check to see if the differences are within an acceptable tolerance. Something crazy like php:<? function close_enough($f1, $f2) { return abs($f1 - $f2) < 0.001; } ?> epswing fucked around with this message at 08:05 on Feb 10, 2010 |
# ? Feb 10, 2010 08:00 |
|
Finite posted:This was a bit too vicious for what I had in mind, so after some tests I wrote my own to see if I could make it better. Ended up as far too intensive for what I had in mind, so pre-cropping the images turns out to be the more sensible solution aside from writing a little client-side uploader to help them out. Not sure if your still following this thread, but have you considered using some type of javascript cropping tool? Its going to be a little more effort, but for someone that isn't uber computer savvy and not able to figure out how to crop there own images in Paint or Photoshop, its a good solution. Here is a jQuery based one i've used in the past: http://deepliquid.com/content/Jcrop.html
|
# ? Feb 10, 2010 09:18 |
|
epswing posted:I'm pulling a couple DECIMAL(10,2) values from the db, but I see warning signs everywhere making sure I never compare floats. How does one do anything related to currency in php? Rounding? BC_Math? String comparison? Keeping dollars and cents as separate integers?
|
# ? Feb 10, 2010 10:28 |
|
Does anyone happen to know how to keep PHP errors out of Apache's error log? I set error_log to a separate file, which it is logging to, but the errors are also in Apache's and I'd like to keep them out.
|
# ? Feb 10, 2010 20:07 |
|
I have a dumb beginner's question. I am learning PHP/MySQL. I am very familiar with RDBMS in general and fairly familiar with MySQL. I started 2 days ago knowing jack about php, but I'm learning. Anyway, with that in mind, I have a very simple html form with 5 textbox inputs. The values that get put into them need to be numeric. My question is, would it be generally better/faster to validate these using javascript or using is_numeric() in php? Or is there no difference? One of the things I'm trying to pay attention to from the get-go is being efficient in php, as that seems to be a bit of a challenge. Any advice would be appreciated. Thanks.
|
# ? Feb 11, 2010 00:03 |
|
Sub Par posted:I have a dumb beginner's question. I am learning PHP/MySQL. I am very familiar with RDBMS in general and fairly familiar with MySQL. I started 2 days ago knowing jack about php, but I'm learning. Never trust javascript validation. You should do js validation to avoid trips to the sever, but never, ever, ever trust it, as it can be easily bypassed or avoided.
|
# ? Feb 11, 2010 00:08 |
|
Validate in JavaScript for the sake of saving your user time and having a slick interface. Validate again in PHP for the sake of keeping out people who would exploit your program. Don't be too concerned about efficiency; PHP is as fast as any other JIT-compiled language. Most of your execution time will be spent waiting for the database, anyway.
|
# ? Feb 11, 2010 00:08 |
|
PHP isn't JIT compiled.
|
# ? Feb 11, 2010 00:28 |
|
Plorkyeran posted:PHP isn't JIT compiled. Woops. I was getting my info from Wikipedia, but everything else out there seems to contradict me
|
# ? Feb 11, 2010 00:35 |
|
Thanks for the quick responses. I will move forward doing both.
|
# ? Feb 11, 2010 00:36 |
|
Standish posted:Store everything as cents. I might actually do this. epswing fucked around with this message at 18:08 on Feb 12, 2010 |
# ? Feb 11, 2010 03:12 |
|
code:
Why isn't my file getting included?
|
# ? Feb 11, 2010 06:33 |
|
rt4 posted:Why isn't my file getting included? Sanity check: can you require_once any other files in /usr/share/pear?
|
# ? Feb 11, 2010 08:02 |
|
I tried PEAR.php and that isn't working either. Any idea what's going on? When I try using the absolute path (/usr/share/pear/MDB2.php), I get code:
spiritual bypass fucked around with this message at 16:11 on Feb 11, 2010 |
# ? Feb 11, 2010 16:05 |
|
Safe mode restrictions? http://php.net/manual/en/features.safe-mode.php
|
# ? Feb 11, 2010 17:39 |
|
I just tried disabling safe mode and it's behaving the same way.
|
# ? Feb 11, 2010 17:44 |
|
http://www.php.net/manual/en/ini.core.php#ini.open-basedir
|
# ? Feb 11, 2010 17:55 |
|
It turns out it was all of those things at once, but not in php.ini My dedicated virtual server has a per-vhost config file that sets some PHP settings behind your back. Why do they think they're being so helpful by doing things like removing yum and making pear unusable by default? Wouldn't everyone much rather have a system with a normal install?
|
# ? Feb 11, 2010 18:01 |
|
Ok so I'm working on a template upgrade system for a number of side projects and games. The games themselves have a finite number of in-game objects (weapons, supplies, ammo etc) all of which the users have access to. The problem is, that we now need a way of creating a system of "upgrades" or modifications that have the potential to alter any property of any of these in-game objects. Let's say, for example, that the user has armed a steel sword. The database entry for the sword tells us its arbitrary power, cost, speed, strength etc etc. We now need to alter this with an upgrade; for example, a better grip, which could increase the speed. My initial method for tackling this, was to have a "list" of all potential modified params... In the case of the above example, we could have a "modification type" called "weapon_speed" which could be read at the time of requiring the sword. This however leads to messy code: (This is obviously simplified pseduocode) code:
Ideally, this solution requires everything in the weapon entry to be automatically "proxied" through "something" to transparently appear in the code... It's for this reason, I thought about doing it with an extended class system, but I'm not really sure how that would work - if modifications were stored in the database too. Any ideas on how this system could be structured? I guess this question probably could use its own thread...
|
# ? Feb 12, 2010 02:48 |
|
I haven't thought about it too much but it sounds like a good place to use the decorator pattern.
|
# ? Feb 12, 2010 04:57 |
|
EDIT: nvm :X
Randuin fucked around with this message at 19:05 on Feb 12, 2010 |
# ? Feb 12, 2010 09:43 |
|
Really quick question: I just installed some javascript onto my website's header (the news ticker) and I can't figure out how to align it vertically. I did a quick skim of Google and found nothing that seemed to work. What's the proper DIV code (if that's even what I should be using) to move the ticker between the borders I've set up? It's probably incredibly simple but I'm rubbish with coding so it's to be expected.
|
# ? Feb 12, 2010 10:00 |
|
Goodpart posted:Really quick question: Try sticking style="vertical-align: middle" in different <div> tags until it does what you want. (I don't think 3 separate, nested divs are likely to be necessary to do what you want, but I lack the expertise to tell you precisely what to do instead.)
|
# ? Feb 12, 2010 10:08 |
|
No good... I also tried <div style="margin-top:Xpx" but that bumps the WHOLE page down instead of laying the ticker over the header.
Goodpart fucked around with this message at 10:18 on Feb 12, 2010 |
# ? Feb 12, 2010 10:15 |
|
Goodpart posted:No good... I also tried <div style="margin-top:Xpx" but that bumps the WHOLE page down instead of laying the ticker over the header. You'd need to sit above everything .. for example: position: absolute; left: 900px; top:0px; z-index:9999; (if you're leaving it where it is) Otherwise, you should really be putting that ticker in '.art-Header-jpeg' then positioning it in there, you'd have alot less issues. ( and you wouldnt have to position:absolute; it, you could just margin it down as long as the div was inside. SiCk fucked around with this message at 10:33 on Feb 12, 2010 |
# ? Feb 12, 2010 10:31 |
|
SiCk posted:You'd need to sit above everything .. for example:
|
# ? Feb 12, 2010 10:53 |
|
Goodpart posted:Perfect! Thanks a ton dude. Had to fiddle with the values a bit but it worked out. no problemo
|
# ? Feb 12, 2010 11:50 |
|
|
# ? May 15, 2024 02:09 |
|
Hello friends, I'm trying to search a long string to find a certain tag: [flv]blahblahblkahblah[/flv] I want to search the string for the match above... I have the following: code:
I don't need the [flv][/flv] tags, just everything inside! edit: christ I'm tired. I just need to read up on bbcode tags!
|
# ? Feb 13, 2010 05:03 |