phplib-users Mailing List for PHPLIB (Page 61)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users — A list for users of phplib to talk / discuss phplib
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
| 2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
| 2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
| 2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
| 2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
|
From: Giancarlo P. <gia...@na...> - 2002-05-29 15:13:16
|
You all probably know that anyone can be forced to an hijackable session just by offering him to click on a link like http://whatever.com/whatever.php3?Example_Session=friendsonly ?? This case shows cookies to be a secure choice. I am sure there's something wrong in the code, because even if 'get' is the intended mode as a 'fallback', here we not only force the session, but the mode too. I think that if 'cookie' is set and cookies are on, it should definitely use them. While it seems to be driven into the fallback mode when the session is present in the URL. I am afraid this is a fault, and should be fixed. It should be stressed that mode=get should be disabled for security and by default, and use only in restricted environment Giancarlo |
|
From: Ernest B. <Er...@Be...> - 2002-05-29 13:49:38
|
Hello, I use user-variables to store the users setting. Now I need to select that users that have something enabled. If I'd used pure sql to store the settings, I could simply run a "select * .. where setting='y'". But how can I do it with user-variables, which are not readable to the sql server? PS: user value is something like this [stored in session table]: "RHJIb3Jha19Vc2VyOiR0aGlzLT5pbiA9ICcwJzsgJHRoaXMtPn..." -- Ernest Beinrohr, OERNii eAdmin @ AxonPro.sk, http://www.AxonPro.sk +421-2-62410360, +421-905-241903 HomePage: http://www.oernii.sk |
|
From: Giancarlo P. <gia...@na...> - 2002-05-29 09:02:49
|
Joost wrote: > > Hi, > > I can't figure out how to pass variables into a > session-with-authentication/perms page. > > This is the case: > I've got a 404 error document, which simplifies searching. (Just type > www.mydomain.nl/some_query) > Some folks are (already)authenticated, some are not. > The 404 script *includes* my search script. The results of the query depend > on perms, so this script needs authentication. > > When some user is not yet logged in, the login form is presented. After > logging in the variables are lost, and no search is executed. (It all works > fine when a user was already logged in.) You could re-present the search form there too, with the input already typed... I mean two forms. Or hidden fields even within the same form. Or save in your session the $HTTP_POST_VARS with a name and pick it up later. Gian |
|
From: Joost <jo...@jo...> - 2002-05-29 08:03:27
|
Hi, I can't figure out how to pass variables into a session-with-authentication/perms page. This is the case: I've got a 404 error document, which simplifies searching. (Just type www.mydomain.nl/some_query) Some folks are (already)authenticated, some are not. The 404 script *includes* my search script. The results of the query depend on perms, so this script needs authentication. When some user is not yet logged in, the login form is presented. After logging in the variables are lost, and no search is executed. (It all works fine when a user was already logged in.) I know a refresh (with the variables in the url) works, but, besides I think that's kinda ugly :o), I don't want to invite users trying adding/changing variables in the url. Also, I prefer not using cookies. Best regards, Joost Do I know what rhetorical means? --Homer Simpson |
|
From: Stephen W. <wo...@sw...> - 2002-05-28 18:47:22
|
SELECT .... LIMIT FIRST_ROW_NUMBER, NUMBER_OF_ROWS Marek Siegle wrote: > > Hello, > I want to print a SQL query on more than one page. The DB table > does not have an index. How can I realize the pages functionality > easily ? > Regards, > MAREK. > > _______________________________________________________________ > > Don't miss the 2002 Sprint PCS Application Developer's Conference > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Marek S. <so...@gm...> - 2002-05-28 18:36:18
|
Hello, I want to print a SQL query on more than one page. The DB table does not have an index. How can I realize the pages functionality easily ? Regards, MAREK. |
|
From: Giancarlo P. <gia...@na...> - 2002-05-28 12:52:07
|
I was reflecting on the rationale behind this intermediate state, whenever a login or register form is showed out, The auth object is initialized with the $auth->auth[uid]='form' This is done in method start of auth class. Then, only if this value is set to 'form', the $auth->mode value (reg/log) is tested, and a registration or a login is attempted with the data supplied. This too is done within the start method of class auth. All this is not taken into account if you provide your own auth_preauth function. I don't know why this intermediate state has been coded, I suppose there can be some safety gains, and maybe you can point me to some. One I can think of is that you block 'post-and-register' submissions (in fact is getsession-post-and-register), because that value has to be set to form. What other can be the end of having that intermediate state? Is the end to forces you to have got a form before sobmitting it? But this causes a whole lot of problems, among which: -you cannot simply show a login or register form anywhere, 'cause it's input won't be taken in consideration, not being auth[uid]=='form' -once a for is showed yu are stuck and need the cancel_login button to get clean The auth->mode log/reg issue is very incumbrent too, at least being it handled from inside auth. You are stuck with the same policy all over the site, log or reg mode I'd prefer it to be decided by me, when I need to put out a form. Cnaging this behavior means we have to dig into method $auth->start, see how to twickle the 'mode' value has arrived down to there : quite complicated at the moment The patched auth.inc and page.inc that I posted on sourceforge try to simplify this. Can anyone give them a try? Giancarlo Pinerolo |
|
From: LS <alp...@ya...> - 2002-05-25 01:29:16
|
Ah, yes, that makes sense. It's not something I'd need in my application but I can see the case for others. And thanks for pointing out that the "register globals" fix exists in the stable branch. I updated from that module and everything runs fine with register globals turned off. --- Layne Weathers <la...@if...> wrote: > > Why is there both a user_id and username column in the > > auth-user table? The > > username is declared unique, so why not just make it the > > primary key and get rid of > > the user_id column? > > I'm not the original developer, so I can't tell you why that design decision > was made, but I will tell you why I like it the way it is. > > Although the username is unique, it does not necessarily have to be static > throughout its lifetime. Many people who use PHPLib use email addresses as > the username. Without a separate user_id, any related tables will need to be > updated when a user wants to update their email address - some of those > tables may have been archived into read-only formats rendering an update > impossible. Another scenario would be a user registering under an offensive > username. With a separate user_id, I have the flexibility of changing the > username or deleting the account, whichever suits my tastes. > > Remember, PHPLib is a very generalized library that allows developers to use > it however they like. If you want to reference other data using the username > instead of the user_id, go ahead, no one is telling you not to. > > Layne Weathers > Ifworld Inc. > __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com |
|
From: Layne W. <la...@if...> - 2002-05-25 00:06:50
|
> Why is there both a user_id and username column in the > auth-user table? The > username is declared unique, so why not just make it the > primary key and get rid of > the user_id column? I'm not the original developer, so I can't tell you why that design decision was made, but I will tell you why I like it the way it is. Although the username is unique, it does not necessarily have to be static throughout its lifetime. Many people who use PHPLib use email addresses as the username. Without a separate user_id, any related tables will need to be updated when a user wants to update their email address - some of those tables may have been archived into read-only formats rendering an update impossible. Another scenario would be a user registering under an offensive username. With a separate user_id, I have the flexibility of changing the username or deleting the account, whichever suits my tastes. Remember, PHPLib is a very generalized library that allows developers to use it however they like. If you want to reference other data using the username instead of the user_id, go ahead, no one is telling you not to. Layne Weathers Ifworld Inc. |
|
From: LS <alp...@ya...> - 2002-05-24 20:42:06
|
Hi-
Please excuse this question if it's in the archives, but the archives don't
seem to be available now.
Why is there both a user_id and username column in the auth-user table? The
username is declared unique, so why not just make it the primary key and get rid of
the user_id column?
__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
|
|
From: Chris J. <ch...@ch...> - 2002-05-22 21:45:41
|
Along these same lines, at what point in execution does OO usage in PHP most suffer? That is, it sounds like to me that the appserver helps efficiency by maintaining environment and variable state. If I use PHP and PHPLIB in a long-running (e.g. more than 1 hour) batch script instead of as a webserver script, do the OO costs become a much smaller part of the calculation? Are the OO costs mostly start-up and instantiation of the objects? Thus, if my script initializes things once, creating the objects it needs and then (mostly) does not create/destroy objects each iteration, am I likely to see pretty good efficiency? PHP and PHPLIB's DB classes make a very powerful and easy to use tool for writing batch scripts which have to interact with a database, as well as with flat files. I'm already doing a lot of this. I'm just curious if I'm really inefficient at execution time. ..chris ----- Original Message ----- From: "Kristian Koehntopp" <kr...@ko...> On Tue, May 07, 2002 at 08:57:58AM +0200, Saulius wrote: > By speed there are two groups: 1) mysql, phplib, adodb; 2) pear, > metabase. I think it's not effective to use pear db in projects. >From an OO design POV phplib has extremely badly designed database classes. That's why they are that fast. :-) No, really, PHPLIB was written on and for PHP3. That is an environment where classes really are nothing more than namespaces, and where state and code cannot be kept efficiently in memory, like for example it would be possible in an application server and with truly compiled code. OO design techniques strongly favor such an appserver execution environment, and PHP does not offer such an environment at all, in fact, it almost offers the antithesis to such an environment. PHPLIB was written with the particular execution model used in PHP in mind and tested on sun4m hardware. That's why it performs adequately, even today. It is not a bit fashionable, though. Kristian -- |
|
From: Michael C. <mdc...@mi...> - 2002-05-22 16:00:01
|
On Wed, May 22, 2002 at 08:52:58AM -0300, Leandro Nery wrote: > Hi all, > > Its possible to know which users are online at the same moment using the > phplib classes of session/auth, etc? Short answer: Count the number of rows in active_sessions where the date is greater than 15 minutes ago (or whatever time you want to use). The best that you can do is say "How many people have viewed a page within the last 15 minutes?" If you're using PHP4 sessions, then you'll have to check your session directory instead. I recommend making a separate session directory for each site. Long answer: Check the archives. This has been discussed at length in the past. Michael -- Michael Darrin Chaney mdc...@mi... http://www.michaelchaney.com/ |
|
From: Marko K. <Mar...@mc...> - 2002-05-22 15:03:43
|
> danka viel mol > there is always a way to be polite for those who ask bullshit Sorry, it wasn't meant to be impolite! I just remembered that we had a detailed discussion on the list some while ago. Since it's a complicated matter I wanted to give you a hint where to start searching for answers. nothing more. regards, Marko |
|
From: Marko K. <Mar...@mc...> - 2002-05-22 13:58:16
|
> Its possible to know which users are online at the same moment using the > phplib classes of session/auth, etc? You should check the archive!!! I remember that we had a lengthy discussion about this! It was still on marc at times when sourceforge wasn't yet discovered for the phplib hosting. Marko |
|
From: Leandro N. <lea...@ho...> - 2002-05-22 11:53:10
|
Hi all, Its possible to know which users are online at the same moment using the phplib classes of session/auth, etc? Thks! Leandro Nery _________________________________________________________________ Una-se ao maior serviço de email do mundo: o MSN Hotmail. http://www.hotmail.com |
|
From: Mike G. <Mik...@sa...> - 2002-05-22 11:06:33
|
The $t needs to be in a global inside the function. E.g.
include('template.inc');
$t = new Template('./templates');
function test() {
global $t;
$t->set_var("REPLACE","SOMETHING");
}
Cheers!
Mike Green
Quadratini wrote:
> include "template.inc"
>
> .....
> .....
>
> function test()
> {
> $t->set_var("REPLACE","SOMETHING");
>
> }
>
> .......
> .......
>
> why wouldn't it work?
> It works if it's outside the function. But if it's INSIDE the function,
> it won't work. Help me please ?
|
|
From: Richard A. <rh...@ju...> - 2002-05-22 10:54:21
|
At 6:37 PM +0800 22/5/02, Quadratini wrote:
>function test()
>{
global $t;
> $t->set_var("REPLACE","SOMETHING");
>
>}
...R.
|
|
From: Quadratini <qua...@sn...> - 2002-05-22 10:29:25
|
include "template.inc"
.....
.....
function test()
{
$t->set_var("REPLACE","SOMETHING");
}
.......
.......
why wouldn't it work?
It works if it's outside the function. But if it's INSIDE the function,
it won't work. Help me please ?
|
|
From: Tarique S. <ta...@sa...> - 2002-05-21 10:44:21
|
On Tue, 21 May 2002, Maxim Novozhilov wrote: Hi Maxim, This is an Off Topic question here however .... Don't fall into the typical "new commer" trap :-) On-line transactions are not something arcane OR special. In fact most of it consists of simple programming of forms. Most banks/payment gateways make available these API to be used. Verisign (Payflow) Paypal, Surepay, Paybycheck everyone has documents which you can download for study. Have you decieded on which bank/gateway you are going to use? HTH Tarique -- ============================================================= PHP Applications for E-Biz: http://www.sanisoft.com Indian PHP User Group: http://groups.yahoo.com/group/in-phpug ============================================================= |
|
From: Maxim N. <ma...@ho...> - 2002-05-21 07:15:32
|
Hi people !
I'm writting for the first time...
I have some trouble, I'd like to know how to work with credit cards, =
how to do transactions between WEB interface and some Bank using credit =
card? Where can I read something about this? And can I see a couple =
examples somewhere ?
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D
With best regards, Maxim Novozhilov. E-mail: =
ma...@ho...
SMS: =
380...@2s...
|
|
From: Layne W. <la...@if...> - 2002-05-21 01:42:50
|
> Thank you for the reply. I just took a look at the latest
> code via WebCVS and from
> what I can see, it still relies on the globals. The Auth_Sql
> class in auth/sql/ has
> this for the auth_validatelogin() routine:
> ## validate login information.
> ## please remember to adapt the global statements here to match the
> ## variables used in your loginform.ihtml.
> ## this function has to return false, if the login fails, or
> ## a valid user_id.
> function auth_validatelogin() {
> global $username, $password, $mode;
>
>
> Are $username and $password set somewhere else from
> $_POST["username"] etc?
PHPLib releases are taken from the 'php-lib-stable' project. I made some of
the register globals fixes to the php-lib-stable project but did not
duplicate those fixes in the php-lib project (bad programmer, no caffeine!).
Layne Weathers
Ifworld Inc.
|
|
From: Richard A. <rh...@ju...> - 2002-05-21 01:41:40
|
At 6:22 PM -0700 20/5/02, LS wrote: >Thank you for the reply. I just took a look at the latest code via >WebCVS and from >what I can see, it still relies on the globals. The Auth_Sql class in >auth/sql/ has Please use the php-lib-stable CVS tree. http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phplib/php-lib-stable/ The other one is a repository of various people's experimental additions to PHPLIB. We're slowly working through that tree merging the "good bits" into the -stable tree. ...Richard. |
|
From: LS <alp...@ya...> - 2002-05-21 01:22:20
|
Thank you for the reply. I just took a look at the latest code via WebCVS and from
what I can see, it still relies on the globals. The Auth_Sql class in auth/sql/ has
this for the auth_validatelogin() routine:
## validate login information.
## please remember to adapt the global statements here to match the
## variables used in your loginform.ihtml.
## this function has to return false, if the login fails, or
## a valid user_id.
function auth_validatelogin() {
global $username, $password, $mode;
Are $username and $password set somewhere else from $_POST["username"] etc?
--- Layne Weathers <la...@if...> wrote:
> > > > 2. register_globals off (more secure)
> >
> > > This has been fixed in PHPLib.
> >
> > Has it? I just downloaded 7.4pre1 and local.inc relies on
> > $password and $username
> > to be global. I had to turn on register globals to get the
> > phplib showoff demo to
> > work.
> >
> > Others have asked the same question of phplib recently. Can
> > someone say what the
> > status is on this?
>
>
> Grab the latest CVS.
>
> Layne Weathers
> Ifworld Inc.
>
__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com
|
|
From: Layne W. <la...@if...> - 2002-05-20 23:16:57
|
> > > 2. register_globals off (more secure) > > > This has been fixed in PHPLib. > > Has it? I just downloaded 7.4pre1 and local.inc relies on > $password and $username > to be global. I had to turn on register globals to get the > phplib showoff demo to > work. > > Others have asked the same question of phplib recently. Can > someone say what the > status is on this? Grab the latest CVS. Layne Weathers Ifworld Inc. |
|
From: LS <alp...@ya...> - 2002-05-20 23:06:33
|
> > 2. register_globals off (more secure) > This has been fixed in PHPLib. Has it? I just downloaded 7.4pre1 and local.inc relies on $password and $username to be global. I had to turn on register globals to get the phplib showoff demo to work. Others have asked the same question of phplib recently. Can someone say what the status is on this? __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com |
17 messages has been excluded from this view by a project administrator.
