phplib-users Mailing List for PHPLIB (Page 75)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users — A list for users of phplib to talk / discuss phplib
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(106) |
Sep
(99) |
Oct
(44) |
Nov
(97) |
Dec
(60) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(56) |
Feb
(81) |
Mar
(134) |
Apr
(69) |
May
(106) |
Jun
(122) |
Jul
(98) |
Aug
(52) |
Sep
(184) |
Oct
(219) |
Nov
(102) |
Dec
(106) |
| 2003 |
Jan
(88) |
Feb
(37) |
Mar
(46) |
Apr
(51) |
May
(30) |
Jun
(17) |
Jul
(45) |
Aug
(19) |
Sep
(5) |
Oct
(4) |
Nov
(12) |
Dec
(7) |
| 2004 |
Jan
(11) |
Feb
(7) |
Mar
|
Apr
(15) |
May
(17) |
Jun
(13) |
Jul
(5) |
Aug
|
Sep
(8) |
Oct
(6) |
Nov
(21) |
Dec
(13) |
| 2005 |
Jan
(4) |
Feb
(3) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(11) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
(7) |
Dec
|
| 2006 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(1) |
Aug
|
Sep
|
Oct
(9) |
Nov
|
Dec
(5) |
| 2007 |
Jan
(15) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(9) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
(12) |
May
|
Jun
(3) |
Jul
(1) |
Aug
(19) |
Sep
(2) |
Oct
|
Nov
|
Dec
(6) |
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
|
From: Tarique S. <ta...@sa...> - 2002-02-12 02:20:08
|
On Tue, 12 Feb 2002, Marco [ISO-8859-1] M=FCller wrote: > The problem is: I've checked the fieldnames but - nothing is returned=20 > with the command. doing $db->next_record() before you try anything should help=20 Tarique --=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D |
|
From: Marco <new...@dk...> - 2002-02-12 00:19:37
|
Hello list,
I do a query like "select * from table where index = "test"". The query
works fine. $db->affected_rows is "1" after the query.
Now I want to fill a OOH-Form with these values or sinply print it on
the page. I decided to use the command "$db->p("field")" lieke decribed
in "documentation-3" in the doc directory.
The problem is: I've checked the fieldnames but - nothing is returned
with the command.
What can I do? Any help?
Bye
Marco
|
|
From: Marco <ma...@dk...> - 2002-02-12 00:15:25
|
Hello list,
I do a query like "select * from table where index = "test"". The query
works fine. $db->affected_rows is "1" after the query.
Now I want to fill a OOH-Form with these values or sinply print it on
the page. I decided to use the command "$db->p("field")" lieke decribed
in "documentation-3" in the doc directory.
The problem is: I've checked the fieldnames but - nothing is returned
with the command.
What can I do? Any help?
Bye
Marco
|
|
From: Marko K. <Mar...@mc...> - 2002-02-11 09:39:45
|
Hi Nathan, > makes a new array with the name found in persistent_slot and then re-adds > the serailized data to it. Well, that's what lets it forget the current position in the array. > Your method of saving the pointer postion is what you need to do. That's what I did. > I don't think that you can actually "save" a pointer, so you may want > to find the current location in the array, determinie it's index > number and save that. Well, I did this by reimplementing the next(), prev(), current(), end() and reset() methods of an array within my class, since I didn't see a method in php's array-functions which would return the current pointer position inside the array. That's a lot of overhead in my class now, but at least it works. > I think this would be a good feature to have for phplib to do > transparently, please file a SF Feature Requiest for it adn we'll try to > get it in to a future release. I'll do that. Greetings and thanks, Nathan, for replying! Bye, Marko |
|
From: rck <rc...@sw...> - 2002-02-08 16:31:24
|
Thanks for you support, extra_html worked wonders. :-) Any Idea how I could get answers to the other two questions? Thanks again! -----Urspr=FCngliche Nachricht----- Von: Tarique Sani <ta...@sa...> [mailto:ro...@sa...]=20 Gesendet: Freitag, 01. Februar 2002 12:08 An: rck Cc: 'phplib-users' Betreff: Re: [Phplib-users] Templates, Table, OOH! Forms and DB_Sql On Fri, 1 Feb 2002, rck wrote: > The third thing is about OOH! Forms. Have I overseen something? I=20 > can't find a way to specify a style-class to a given form_element. Do=20 > I have to tweak it up my own? Most (90%) of what you ask can be done BUT I have time only to say Use extra_html attribute to add class=3D'blah' for your elements HTH Tarique --=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D |
|
From: nathan r. h. <na...@ds...> - 2002-02-08 13:41:46
|
Yeppers, phplib serializes the data in your array and stores it to
whatever container you've setup (file, db, etc..) when the session object
unserializes your array and "re-constitutes" it and really does that, it
makes a new array with the name found in persistent_slot and then re-adds
the serailized data to it.
Your method of saving the pointer postion is what you need to do. I don't
think that you can actually "save" a pointer, so you may want to find the
current location in the array, determinie it's index number and save that.
I think this would be a good feature to have for phplib to do
transparently, please file a SF Feature Requiest for it adn we'll try to
get it in to a future release.
-n
------
nathan hruby
na...@ds...
------
On Fri, 8 Feb 2002, Marko Kaening wrote:
> Hi,
>
> I tried to save an array inside a class which should be able to save its
> variables using phplib. As persistent slot I took the array "list" as
> shown in the snip-out of my code below.
>
> The problem is that the list certainly gets properly saved, but the
> pointer got lost... Though the class gets saved after reloading its state
> with a new page changes made to the current position in the array are
> forgotten. I mean, if I cycled with next() and prev() through the array
> "list" I always start at the first entry the class got reloaded... Too
> sad.
>
> Does anybody know how to save the pointer to the current element?
> Looks like one needs to get the current position inside the array and then
> to treat this as a seperate entry in the "persistent_slots"!
>
> Any comments are welcome. Maybe I ve overseen something, but maybe this is
> a principle problem for phplib, being unable to save the actual state of
> an array object.
>
> Thanks in advance,
> Marko
>
>
> -- SNIP ---
>
> class StepItClass
> {
> var $classname= 'StepItClass';
> var $persistent_slots = array(
> 'list'
> );
>
> #------------------------------------------------------------
> # persistent variables:
>
> var $list=array();
> ...
>
>
>
> _______________________________________________
> Phplib-users mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phplib-users
>
|
|
From: Marko K. <Mar...@mc...> - 2002-02-08 10:28:02
|
Hi,
I tried to save an array inside a class which should be able to save its
variables using phplib. As persistent slot I took the array "list" as
shown in the snip-out of my code below.
The problem is that the list certainly gets properly saved, but the
pointer got lost... Though the class gets saved after reloading its state
with a new page changes made to the current position in the array are
forgotten. I mean, if I cycled with next() and prev() through the array
"list" I always start at the first entry the class got reloaded... Too
sad.
Does anybody know how to save the pointer to the current element?
Looks like one needs to get the current position inside the array and then
to treat this as a seperate entry in the "persistent_slots"!
Any comments are welcome. Maybe I ve overseen something, but maybe this is
a principle problem for phplib, being unable to save the actual state of
an array object.
Thanks in advance,
Marko
-- SNIP ---
class StepItClass
{
var $classname= 'StepItClass';
var $persistent_slots = array(
'list'
);
#------------------------------------------------------------
# persistent variables:
var $list=array();
...
|
|
From: Kevin F. <fre...@ip...> - 2002-02-04 15:29:08
|
We actually ran into this problem. If the page content is dynamic or new content AOL users will request the page one or more times. Once for the browser, second time for the proxy system, and a third for the AOL spider. To overcome this problem we added a trust value to our authentication system. If the request for a restricted page or application comes in, the IP address is checked against the current session data. If there is a mismatch the current request is treated as not trusted. No password changes, no submitting of forms, etc. If they do match then the session is treated as trusted and the user can access the Web site functions. This same method could be used to detect more then one login from one or more computers to the same account. We have been using a version of this type of authentication system for about 4-5 years. We currently support about 15,000 users on-campus and off-campus via AOL, @Home, UUNET, AT&T Worldnet, and a number of other local and national ISPs BTW: This also gets you out of having to ask the user to closes AOL or another ISPs custom browser and used the installed IE or Netscape to access your site. On HTTP connections AOL users are: AOL Spider: spider-*.proxy.aol.com 152.163.195.208 AOL Cache: cache-*.proxy.aol.com 64.12.96.166 AOL User: *.ipt.aol.com 172.131.132.99 On HTTPS connections AOL users area: AOL Spider: spider-*.proxy.aol.com 152.163.195.208 AOL User: *.ipt.aol.com 172.131.132.99 Kevin Fredrick Software Technician Walter E. Helmke Library Indiana University - Purdue University Fort Wayne 260-481-5445 http://www.lib.ipfw.edu/ >>> Michael Chaney <mdc...@mi...> 02/02/02 02:11PM >>> On Fri, Feb 01, 2002 at 02:02:30PM -0500, Kevin Fredrick wrote: > I would say that you use the IP address of the user coming from A to B > and some secret known only to A and B to encrypt the data and append > it > to the URL. Forget the IP address, a shared secret is fine if the encryption is good. > When you get the forwarded link from A the users "should" > still be using the same IP address. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Sorry to be so blunt, but this is absolutely wrong, and I want to save someone the time of going down this road only to have to redo their code when the find it doesn't work. Many large ISP's, AOL among them, run all port 80 traffic through a proxy farm. The IP address of the request rarely remains consistent across page views. Here's an example of me surfing my site through AOL: 64.12.96.166 - - [02/Feb/2002:12:58:45 -0600] "GET /services.php3 HTTP/1.0" 200 5479 64.12.96.78 - - [02/Feb/2002:12:58:49 -0600] "GET /contact.php3 HTTP/1.0" 200 5822 64.12.96.103 - - [02/Feb/2002:13:01:12 -0600] "GET /aboutus.php3 HTTP/1.0" 200 6511 Name: cache-mtc-ah01.proxy.aol.com Address: 64.12.96.166 Name: cache-mtc-ac09.proxy.aol.com Address: 64.12.96.78 Name: cache-mtc-af02.proxy.aol.com Address: 64.12.96.103 Michael -- Michael Darrin Chaney mdc...@mi... http://www.michaelchaney.com/ _______________________________________________ Phplib-users mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Carl Y. <ca...@yo...> - 2002-02-03 11:04:46
|
Thanks! The preauth() was the part I was missing. FYI for those of you implementing this, you'll also want to override the $auth->logout() function so that it deletes the "rememberme" cookies, or else the user will never be able to log out! Carl ----- Original Message ----- From: "Tarique Sani <ta...@sa...>" <ro...@sa...> To: <php...@li...> Sent: Saturday, February 02, 2002 9:54 PM Subject: Re: [Phplib-users] Basic authentication (fwd) > > -- > ========================================================== > PHP Applications for E-Biz : http://www.sanisoft.com > > The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com > ========================================================== > ---------- Forwarded message ---------- > Date: Sun, 3 Feb 2002 10:22:20 +0530 (IST) > From: "Tarique Sani <ta...@sa...>" <ro...@bo...> > To: Carl Youngblood <ca...@yo...> > Cc: "Phplib (E-mail)" <Php...@li...> > Subject: Re: [Phplib-users] Basic authentication > > On Sat, 2 Feb 2002, Carl Youngblood wrote: > > > Yeah, I would like some code samples if you don't mind. I added code to my > > auth_validatelogin() function to set the cookie with the userid in it, but > Here are the relevant code snippets, note that you will have to implement > "Forget Me" functionality separately > > ================================ > function auth_preauth(){ > > global $uidcookie; > > $uid= false; > > > $this->db->query(sprintf("select * > from %s > where uid = '%s' ", > $this->database_table, > $uidcookie)); > > while($this->db->next_record()) { > $uid = $this->db->f("uid"); > $this->auth["uname"]=$this->db->f("username"); > $this->auth["email"]=$this->db->f("email"); > $this->auth["name"]=$this->db->f("name"); > $this->auth["perm"] = $this->db->f("perms"); > $this->auth["classid"]=$this->db->f("classid"); > } > return $uid; > } > > function auth_validatelogin(){ > global $username, $password, $remind_me; > > if(isset($username)) { > $this->auth["uname"]=$username; ## This provides access for > "loginform.ihtml" > } > > $uid = false; > > $this->db->query(sprintf("select * > from %s > where username = '%s' > and password = '%s'", > $this->database_table, > addslashes($username), > addslashes($password))); > > while($this->db->next_record()) { > $uid = $this->db->f("uid"); > $this->auth["uname"]=$this->db->f("username"); > $this->auth["email"]=$this->db->f("email"); > $this->auth["name"]=$this->db->f("name"); > $this->auth["perm"] = $this->db->f("perms"); > $this->auth["classid"]=$this->db->f("classid"); > if (isset($remind_me)){ > $this->auth["remind_me"]="yes"; > setCookie("uidcookie",$uid,time()+31536000); > > } > > } > return $uid; > } > } > ========================== > -- > ========================================================== > PHP Applications for E-Biz : http://www.sanisoft.com > > The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com > ========================================================== > > > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Tarique S. <ta...@sa...> - 2002-02-03 05:10:15
|
-- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== ---------- Forwarded message ---------- Date: Sun, 3 Feb 2002 10:22:20 +0530 (IST) From: "Tarique Sani <ta...@sa...>" <ro...@bo...> To: Carl Youngblood <ca...@yo...> Cc: "Phplib (E-mail)" <Php...@li...> Subject: Re: [Phplib-users] Basic authentication On Sat, 2 Feb 2002, Carl Youngblood wrote: > Yeah, I would like some code samples if you don't mind. I added code to my > auth_validatelogin() function to set the cookie with the userid in it, but Here are the relevant code snippets, note that you will have to implement "Forget Me" functionality separately ================================ function auth_preauth(){ global $uidcookie; $uid= false; $this->db->query(sprintf("select * from %s where uid = '%s' ", $this->database_table, $uidcookie)); while($this->db->next_record()) { $uid = $this->db->f("uid"); $this->auth["uname"]=$this->db->f("username"); $this->auth["email"]=$this->db->f("email"); $this->auth["name"]=$this->db->f("name"); $this->auth["perm"] = $this->db->f("perms"); $this->auth["classid"]=$this->db->f("classid"); } return $uid; } function auth_validatelogin(){ global $username, $password, $remind_me; if(isset($username)) { $this->auth["uname"]=$username; ## This provides access for "loginform.ihtml" } $uid = false; $this->db->query(sprintf("select * from %s where username = '%s' and password = '%s'", $this->database_table, addslashes($username), addslashes($password))); while($this->db->next_record()) { $uid = $this->db->f("uid"); $this->auth["uname"]=$this->db->f("username"); $this->auth["email"]=$this->db->f("email"); $this->auth["name"]=$this->db->f("name"); $this->auth["perm"] = $this->db->f("perms"); $this->auth["classid"]=$this->db->f("classid"); if (isset($remind_me)){ $this->auth["remind_me"]="yes"; setCookie("uidcookie",$uid,time()+31536000); } } return $uid; } } ========================== -- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== |
|
From: Chris J. <ch...@ch...> - 2002-02-03 03:44:17
|
I'd be interested in seeing your code, also, Brian. Why not post it to this list, if it's not too lengthy? ..chris ----- Original Message ----- From: "Carl Youngblood" <ca...@yo...> Yeah, I would like some code samples if you don't mind. I added code to my auth_validatelogin() function to set the cookie with the userid in it, but that didn't seem to be enough. Does this not work when you are using the GET method of session ID propagation? I would assume that, as long as the userid cookie gets set, even if the session IDs are being propagated with cookies, it should work. THanks, Carl ----- Original Message ----- From: "Brian Popp" <bp...@ct...> > Yeah it's really easy. You just stuff their user_id into a cookie after > verifying their username & password. I can send code samples if anyone needs > a little help. > > BPopp |
|
From: Carl Y. <ca...@yo...> - 2002-02-02 19:21:50
|
Yeah, I would like some code samples if you don't mind. I added code to my auth_validatelogin() function to set the cookie with the userid in it, but that didn't seem to be enough. Does this not work when you are using the GET method of session ID propagation? I would assume that, as long as the userid cookie gets set, even if the session IDs are being propagated with cookies, it should work. THanks, Carl ----- Original Message ----- From: "Brian Popp" <bp...@ct...> To: "Phplib (E-mail)" <Php...@li...> Sent: Friday, February 01, 2002 10:42 AM Subject: RE: [Phplib-users] Basic authentication > Yeah it's really easy. You just stuff their user_id into a cookie after > verifying their username & password. I can send code samples if anyone needs > a little help. > > BPopp > > -----Original Message----- > From: Tarique Sani <ta...@sa...> [mailto:ro...@sa...] > Sent: Friday, February 01, 2002 11:17 AM > To: Carl Youngblood > Cc: 'phplib-users' > Subject: Re: [Phplib-users] Basic authentication > > > On Fri, 1 Feb 2002, Carl Youngblood wrote: > > > What I would really like to see is the added feature of a "remember me" > > checkbox on the PHPLIB logon page so that users could have the option of > not > > continually typing in their password everytime they visit my site. I'm > sure > > There already is a way :-) > > Checkout pre_auth() in the auth class > > You just have to implement (read override) it whatever way you please > > Cheers > > Tarique > > -- > ========================================================== > PHP Applications for E-Biz : http://www.sanisoft.com > > The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com > ========================================================== > > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Michael C. <mdc...@mi...> - 2002-02-02 19:07:46
|
On Fri, Feb 01, 2002 at 02:02:30PM -0500, Kevin Fredrick wrote: > I would say that you use the IP address of the user coming from A to B > and some secret known only to A and B to encrypt the data and append > it > to the URL. Forget the IP address, a shared secret is fine if the encryption is good. > When you get the forwarded link from A the users "should" > still be using the same IP address. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Sorry to be so blunt, but this is absolutely wrong, and I want to save someone the time of going down this road only to have to redo their code when the find it doesn't work. Many large ISP's, AOL among them, run all port 80 traffic through a proxy farm. The IP address of the request rarely remains consistent across page views. Here's an example of me surfing my site through AOL: 64.12.96.166 - - [02/Feb/2002:12:58:45 -0600] "GET /services.php3 HTTP/1.0" 200 5479 64.12.96.78 - - [02/Feb/2002:12:58:49 -0600] "GET /contact.php3 HTTP/1.0" 200 5822 64.12.96.103 - - [02/Feb/2002:13:01:12 -0600] "GET /aboutus.php3 HTTP/1.0" 200 6511 Name: cache-mtc-ah01.proxy.aol.com Address: 64.12.96.166 Name: cache-mtc-ac09.proxy.aol.com Address: 64.12.96.78 Name: cache-mtc-af02.proxy.aol.com Address: 64.12.96.103 Michael -- Michael Darrin Chaney mdc...@mi... http://www.michaelchaney.com/ |
|
From: Layne W. <la...@if...> - 2002-02-01 19:04:49
|
> Hi,
>
> ok, basically I tried to put the question in the subject.
>
> If you have a block, in which there are no {VARS} replaced, the whole
> block is shown in the output.
>
> I am not a wizard, but after taking a look into template.inc it seems,
> like this behaviour can not be changed easily, am I right?
Correct. I create blocks in my templates for clearing out lists and other
bits of content that are only shown when certain criteria are met. I often
have 2 or 3 blocks in one part of the page when only 1 of them will ever be
shown at a time. To save parsing time, I do not declare the blocks I keep.
Extending upon my recent example:
***** sample.html *****
<!-- BEGIN show_employees -->
<table>
<tr>
<th>Name</th>
<th>Email</th>
</tr>
<!-- BEGIN employee -->
<tr>
<td>{name}</td>
<td><a href="mailto:{email}">{email}</a></td>
</tr>
<!-- END employee -->
</table>
<!-- END show_employees -->
<!-- BEGIN no_employees -->
I'm sorry, no records could be found.
<!-- END no_employees -->
***** /sample.html *****
***** sample.php *****
$t = new Template;
$t2 = new Template;
$t->set_file("content", "sample.html");
$db = new DB_MySQL;
$db->query("select name, email from employee order by name");
if($db->num_rows()) {
$t->set_block("content", "employee", "employees");
$t2->set_var("employee", $t->get_var("employee"));
while($db->next_record()) {
$t2->set_var($db->Record);
$t2->parse("employees", "employee", true);
}
$t->set_var("employees", $t2->get_var("employees"));
$t->set_block("content", "no_employees");
$t->set_var("no_employees", "");
}
else {
$t->set_block("content", "show_employees");
$t->set_var("show_employees", "");
}
$t->parse("out", "content");
$t->pparse("out");
***** /sample.php *****
Layne Weathers
Ifworld Inc.
|
|
From: Kevin F. <fre...@ip...> - 2002-02-01 19:02:45
|
I would say that you use the IP address of the user coming from A to B and some secret known only to A and B to encrypt the data and append it to the URL. When you get the forwarded link from A the users "should" still be using the same IP address. You can then decode the user account info and added it if needed to B. Then proceeded with logging the users in with the passed information. The Idea could also be expanded to include a dynamic piece of information that is also used in the key and sent in plain text to detect any URL hacking. Kevin Fredrick Software Technician Walter E. Helmke Library Indiana University - Purdue University Fort Wayne 260-481-5445 http://www.lib.ipfw.edu/ >>> "Chris Johnson" <ch...@ch...> 02/01/02 01:48PM >>> 1) "combined server log" is just the style of server log being used on my Apache webserver. 2) My problem with the authetication is that I do not control the source server in any fashion. In other words, users will signon to server A owned and operated by another company with which my company has an agreement to provide services. They will click on a link to go to my server B. We want them to be able to do that without signing on again. We will register users coming from A to B in our user database on B, so we know who all valid users are. I just need a way to know it IS a valid user coming from A. Thus, I need to tell the programmer at company A how to specify the user to my server at B via the URL in such a fashion that it is secure and I can reliably know they are authenticated at A and who they are. I'm using HTTPS for all connections, so it's only the URL I'd really have to worry about being hacked. All other data should be encrypted, should it not? ..chris ----- Original Message ----- From: "Peter Kursawe" <su...@si...> To: <php...@li...> Sent: Friday, February 01, 2002 12:01 AM Subject: Re: [Phplib-users] Basic authentication Hello Chris, here some ideas on your problems: > 1) Get the user name in the combined web server log. (I use apache, and > have not had any luck with other methods.) This is lower priority. I do not understand the phrase "... in the combined server log" ? > "single signon" capability -- that is, they logged in at the other site, and > the URL needs to contain the information that they logged in with. As you > know, the standard URL form is something like: > > [protocol]://[username]:[password]@host.domain.name:[port]/document_path I never ever would send passwords in an URL - very good opportunity for hackers! My plan (not realized yet!) to provide a single-sign-on: On server A there is a user database. On another server B the user U calls a page first time. B recognizes, that U isn't logged in and redirects the URL to a log on page at A. The URL must contain information that this request comes from B. U logs on. A opens a session with phplib and redirects the URL back to B including the session-id. B uses a tool like XML/RPC to establish a connection to A and reading the user information required. Instead of XML/RPC you may force A to write a file with the necessary user information and B can do a simple fopen. Further actions depend on your demands: If you do not use session variables, all is perfect. Every page on B can check if the user is still logged in at A. Or you have a phplib at B also to check that. This is a raw outline. In fact you have to do some more customizing. E.g. the server A must not give access to the user-files mentioned from other servers than B ... Sounds complicated, I know. But its very secure (I hope so at least ;-)) Peter Kursawe www.learn4use.com _______________________________________________ Phplib-users mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phplib-users _______________________________________________ Phplib-users mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Layne W. <la...@if...> - 2002-02-01 18:57:41
|
> Hi,
>
> because I am trying to understand how exactly template.inc
> works, I put
> some extra debug-stuff in subst():
>
> if ($this->debug & 4) {
> echo '<b>NOW SHOWING VARKEYS: </b>'.NL;
> foreach ($this->varkeys as $k => $v) echo "KEY: $k --- VAL: $v ".NL;
> echo '<b>NOW SHOWING VARVALS: </b>'.NL;
> foreach ($this->varvals as $k => $v) echo "KEY: $k --- VAL: $v ".NL;
> }
>
>
> (NL is just "<BR>\n")
>
> This showed me, that *each* time I call parse, e.g to parse a block,
> ALL variables are processed everytime. Is this a wanted behaviour?
>
> Could somebody explain this?
It would be non-trivial (and take longer) to discover which variables exist
in a given block. For many pages, this does not cause a performance hit, but
we like to use templates to build selects and lists, so I use 2 instances of
the template class.
For a simple example:
***** sample.html *****
<table>
<tr>
<th>Name</th>
<th>Email</th>
</tr>
<!-- BEGIN employee -->
<tr>
<td>{name}</td>
<td><a href="mailto:{email}">{email}</a></td>
</tr>
<!-- END employee -->
</table>
***** /sample.html *****
***** sample.php *****
$t = new Template;
$t2 = new Template;
$t->set_file("content", "sample.html");
$t->set_block("content", "employee", "employees");
$t2->set_var("employee", $t->get_var("employee"));
$db = new DB_MySQL;
$db->query("select name, email from employee order by name");
while($db->next_record()) {
$t2->set_var($db->Record);
$t2->parse("employees", "employee", true);
}
$t->set_var("employees", $t2->get_var("employees"));
$t->parse("out", "content");
$t->pparse("out");
***** /sample.php *****
This has produced dramatic speed gains on my cluttered pages. Since I do
this many times per page, I clear out all $t2 vars before starting another
loop. I extend Template with the following function to make this easy:
function clear_vars() {
$this->varkeys = $this->varvals = array();
}
Layne Weathers
Ifworld Inc.
|
|
From: James W. <jwi...@ma...> - 2002-02-01 18:52:56
|
On 2/1/02 10:28 AM, "Peter Holm" <PH...@gm...> wrote:
> If you have a block, in which there are no {VARS} replaced, the whole
> block is shown in the output.
<code>
// Create your template object
$tpl = new Template('/my/template/dir/','remove');
// Read in your template file
$tpl->set_file(array("page" => "item.html"));
// Call set_block, replacing the block with a variable
$tpl->set_block("page","my_block","output");
// If there is data, sel the varibles in the block and parse
if ($data) {
while ($data) {
$tpl->set_var(array(
"var1" => $var1;
// etc
));
// Call parse appending to any other rows/blocks already output
$tpl->parse("output","my_block",true);
}
} else {
// No data so strip the block
$tpl->set_var("output","");
}
</code>
If the template object is created and told to remove undefined variables,
the else statement should not be necessary, but for some reason I think it
is...
|
|
From: Chris J. <ch...@ch...> - 2002-02-01 18:48:59
|
1) "combined server log" is just the style of server log being used on my Apache webserver. 2) My problem with the authetication is that I do not control the source server in any fashion. In other words, users will signon to server A owned and operated by another company with which my company has an agreement to provide services. They will click on a link to go to my server B. We want them to be able to do that without signing on again. We will register users coming from A to B in our user database on B, so we know who all valid users are. I just need a way to know it IS a valid user coming from A. Thus, I need to tell the programmer at company A how to specify the user to my server at B via the URL in such a fashion that it is secure and I can reliably know they are authenticated at A and who they are. I'm using HTTPS for all connections, so it's only the URL I'd really have to worry about being hacked. All other data should be encrypted, should it not? ..chris ----- Original Message ----- From: "Peter Kursawe" <su...@si...> To: <php...@li...> Sent: Friday, February 01, 2002 12:01 AM Subject: Re: [Phplib-users] Basic authentication Hello Chris, here some ideas on your problems: > 1) Get the user name in the combined web server log. (I use apache, and > have not had any luck with other methods.) This is lower priority. I do not understand the phrase "... in the combined server log" ? > "single signon" capability -- that is, they logged in at the other site, and > the URL needs to contain the information that they logged in with. As you > know, the standard URL form is something like: > > [protocol]://[username]:[password]@host.domain.name:[port]/document_path I never ever would send passwords in an URL - very good opportunity for hackers! My plan (not realized yet!) to provide a single-sign-on: On server A there is a user database. On another server B the user U calls a page first time. B recognizes, that U isn't logged in and redirects the URL to a log on page at A. The URL must contain information that this request comes from B. U logs on. A opens a session with phplib and redirects the URL back to B including the session-id. B uses a tool like XML/RPC to establish a connection to A and reading the user information required. Instead of XML/RPC you may force A to write a file with the necessary user information and B can do a simple fopen. Further actions depend on your demands: If you do not use session variables, all is perfect. Every page on B can check if the user is still logged in at A. Or you have a phplib at B also to check that. This is a raw outline. In fact you have to do some more customizing. E.g. the server A must not give access to the user-files mentioned from other servers than B ... Sounds complicated, I know. But its very secure (I hope so at least ;-)) Peter Kursawe www.learn4use.com _______________________________________________ Phplib-users mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Peter H. <PH...@gm...> - 2002-02-01 18:34:47
|
Hi,
ok, basically I tried to put the question in the subject.=20
If you have a block, in which there are no {VARS} replaced, the whole
block is shown in the output.=20
I am not a wizard, but after taking a look into template.inc it seems,
like this behaviour can not be changed easily, am I right?
Thanks for your attention!
Have a nice thread,
Peter
|
|
From: Peter H. <PH...@gm...> - 2002-02-01 18:34:44
|
Hi,
because I am trying to understand how exactly template.inc works, I put
some extra debug-stuff in subst():
if ($this->debug & 4) {
echo '<b>NOW SHOWING VARKEYS: </b>'.NL;
foreach ($this->varkeys as $k =3D> $v) echo "KEY: $k --- VAL: $v ".NL;
echo '<b>NOW SHOWING VARVALS: </b>'.NL;
foreach ($this->varvals as $k =3D> $v) echo "KEY: $k --- VAL: $v ".NL;
}
(NL is just "<BR>\n")
This showed me, that *each* time I call parse, e.g to parse a block,
ALL variables are processed everytime. Is this a wanted behaviour?
Could somebody explain this?
Have a nice thread,
Peter
|
|
From: Brian P. <bp...@ct...> - 2002-02-01 17:37:12
|
Yeah it's really easy. You just stuff their user_id into a cookie after verifying their username & password. I can send code samples if anyone needs a little help. BPopp -----Original Message----- From: Tarique Sani <ta...@sa...> [mailto:ro...@sa...] Sent: Friday, February 01, 2002 11:17 AM To: Carl Youngblood Cc: 'phplib-users' Subject: Re: [Phplib-users] Basic authentication On Fri, 1 Feb 2002, Carl Youngblood wrote: > What I would really like to see is the added feature of a "remember me" > checkbox on the PHPLIB logon page so that users could have the option of not > continually typing in their password everytime they visit my site. I'm sure There already is a way :-) Checkout pre_auth() in the auth class You just have to implement (read override) it whatever way you please Cheers Tarique -- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== _______________________________________________ Phplib-users mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: Tarique S. <ta...@sa...> - 2002-02-01 17:31:47
|
On Fri, 1 Feb 2002, Carl Youngblood wrote: > What I would really like to see is the added feature of a "remember me" > checkbox on the PHPLIB logon page so that users could have the option of not > continually typing in their password everytime they visit my site. I'm sure There already is a way :-) Checkout pre_auth() in the auth class You just have to implement (read override) it whatever way you please Cheers Tarique -- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== |
|
From: Carl Y. <ca...@yo...> - 2002-02-01 17:21:25
|
What I would really like to see is the added feature of a "remember me" checkbox on the PHPLIB logon page so that users could have the option of not continually typing in their password everytime they visit my site. I'm sure I could figure out how to do with a little time and energy, but I'm sure that the phplib programmers could do it more securely than I would. Thanks, Carl Youngblood ----- Original Message ----- From: "Tarique Sani <ta...@sa...>" <ro...@sa...> To: "Chris Johnson" <ch...@ch...> Cc: "'phplib-users'" <php...@li...> Sent: Friday, February 01, 2002 1:27 AM Subject: Re: [Phplib-users] Basic authentication > On Thu, 31 Jan 2002, Chris Johnson wrote: > > > 2) Provide a method for users linking in from another site to have a > > "single signon" capability -- that is, they logged in at the other site, and > > the URL needs to contain the information that they logged in with. As you > > know, the standard URL form is something like: > > There is an article on www.phpbuilder.com about cross domain cookies > > Be warned it is NOT really about cross domain cookies BUT a hack to make > it appear so ;-) > > Hope this helps > > Tarique > > -- > ========================================================== > PHP Applications for E-Biz : http://www.sanisoft.com > > The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com > ========================================================== > > > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
|
From: rck <rc...@sw...> - 2002-02-01 10:21:05
|
Hello! I've been looking through the PHPlib-documentation, through the forums on sourcefourge and around the Internet (with google). But I was unable to find a example, on how to integrate PHPlib Templates, Tables, Forms and DB_Sql together. Like: A Template, that describes a Form, which is used for entering new data and altering existing data. But has no php in it, so it could be made completely by the screendesigner with his html wysiwyg-tool. And a php-file, which does the communication between the form and the database. But does no layout work at all (positions, colors, etc. would be defined by the template). And: Another Template, that is kind of a command-center. It would describe the mainpage of my webapplication. It would print out all records of a given select-statement. this select-statement would be filtered by some textfields (a bit like SQLQuery, but not as 'hardcoded' ;-)). Again, without any php. And again with a php-file, which does the communication between filter and database. The third thing is about OOH! Forms. Have I overseen something? I can't find a way to specify a style-class to a given form_element. Do I have to tweak it up my own? I guess, this stuff can't be solved before my deadline (in less than 4 hours), but maybe it will help me in further projects. Thanks a lot for keeping up the maillinglist and for PHPlib. It might have caused some work (it's not that easy to understand for me) but has solved problems already I haven't thought of before :-) yours sincerely, Ren=E9 C. Kiesler! |
|
From: Tarique S. <ta...@sa...> - 2002-02-01 08:43:00
|
On Thu, 31 Jan 2002, Chris Johnson wrote: > 2) Provide a method for users linking in from another site to have a > "single signon" capability -- that is, they logged in at the other site, and > the URL needs to contain the information that they logged in with. As you > know, the standard URL form is something like: There is an article on www.phpbuilder.com about cross domain cookies Be warned it is NOT really about cross domain cookies BUT a hack to make it appear so ;-) Hope this helps Tarique -- ========================================================== PHP Applications for E-Biz : http://www.sanisoft.com The Ultimate Ghazal Lexicon: http://www.aaina-e-ghazal.com ========================================================== |
17 messages has been excluded from this view by a project administrator.
