php security - Page 435

One codebase - lots of hosted services (similar to a basecamp style service) - planning structure

- by RickM

We have built a service (PHP Based) for a client, and are now looking to offer it to other clients as a hosted service. For this example, think of it like a hosted forum service, where a client signs up on our site, and is given a subdomain or can use their own domain, and the code picks up the domain, checks it against a 'master' users table, and then loads the content as needed. I'm trying to work out the best way of handling multiple clients. At the moment I can only think of two options that would work: Option 1 - Have 1 set of database tables, but on each table have a column called 'siteid' - this would mean every query has to check the siteid. This would effectively work with just 1 codebase, and 1 database. Option 2 - Have 1 'master' database with all the core stuff such as the client details and their domain. Then when the systen checks the domain, it pulls the clients database details (username/password/dbname) from a table, and loads a second database. The issue here is security of the mysql server details, however it does have the benefit that they are running their own database instead of sharing one. Which option would I be better taking here, and why? Ideally I want it to be fairly easy to convert the 'standalone' script to the 'multi-domain' script as we're on a tight deadline.

Read the article

Chinese Characters in email sent via PHP not showing up.

- by rye

hi All, a funny problem. I send mail via PHP from my testing server with Chinese chars in it and it sends perfectly. Encoding is utf-8. When I upload the same PHP file to another server and try to send from there, the e-mail will look 90% fine in one mail client (web-based mail actually, gmail), but in my mail client (Apple Mail) it's all gibberish even when I try changing the encoding in the mail client. I'm stuck here because everything works fine on one server, but not on another so I'm not sure where to start looking for solutions. What's even more puzzling is that on the production server, the mail looks somewhat ok (strange case of some characters not showing) but in other mail apps it looks like garbage. any idea where I can start looking to solve this? thanks for any help here! Regards.. php script $books = json_decode ($_POST['books']); $body = ' ?? ' . $_POST['name'] . ',?????????,????????,???????? '; $iLen = count($books); for ($i = 0; $i ' . $book-title . '' . $book-author . ''; $body .= '??: ' . $book-synopsis . ''; $body .= '???: ' . $book-age . ''; $body .= '??: ' . $book-setting . ''; $body .= '??: ' . $book-purpose . ''; $body .= '???: ' . $book-call . ''; $body .= '???: ' . $book-publisher . ''; } $body .= ' ????,Name '; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From: Name ' . "\r\n"; $ok = mail ($_POST['email'], '???????:???????????', $body, $headers); result ä? å¥? ryan, ä»¥ä¸—æ?¯ä? ä»/å–œä’ ç?Œç«?,ç»?å–©å–?è®”æ??äº—è¯=ç¨—,æ˜•èœ™æ±?ç°=ä’œç±Ÿå?ŸåŸ? ç‘?ç‘?ævŒæ?˜å¤°çv±ä? éºœå?—å¸8é?·å°p, å±±å§? Synopsis: ç?—å?¯çv±ç°=å°?å?‰å®?å®?æ•/ä’vç‰¨å®8ç—¬ç˜’ç°=æˆ’åp?å‚‘å?‰åœvåœvè¯´å®8æ?˜å¤°çv±å®8ã•? Age Group: 4 - 6 å”™ Setting: ç=¤ä?„ Purpose: ä»·å•pè§?å‚‘ä¿8è¿?äº”å–?ç°=æ=ƒæ8? Call no: JP MAC Publisher: éºœå?—å¸8é?·å°p, å±±å§?. ç‘?ç‘?ævŒæ?˜å¤°çv±ä? .ä¸…æµ· : å°Œå’´å=¿ç«¥åOºç˜vç¤=, 2005.

Read the article

$.post is not working

- by BEBO

i am trying to post data to Mysql using jquery $.post and php page. my code is not running and nothing is added to the mysql table. I am not sure if the path i am creating is wrong but any help would be appreciated. Jquery location: f_js/tasks/TaskTest.js <script type="text/javascript"> $(document).ready(function(){ $("#AddTask").click(function(){ var acct = $('#acct').val(); var quicktask = $('#quicktask').val(); var user = $('#user').val(); $.post('addTask.php',{acct:acct,quicktask:quicktask,user:user}, function(data){ $('#result').fadeIn('slow').html(data); }); }); }); </script> addTask.php (runs the jqeury code) <?php include 'dbconnect.php'; include 'sessions.php'; $acct = $_POST['acct']; $task = $_POST['quicktask']; $taskstatus = 'Active'; //get task Creator $user = $_POST['user']; //query task creator from users table $allusers = mysql_query("SELECT * FROM users WHERE username = '$user'"); while ($rows = mysql_fetch_array($allusers)) { //get first and last name for task creator $taskOwner = $rows['user_firstname']; $taskOwnerLast = $rows['user_lastname']; $taskOwnerFull = $taskOwner." ".$taskOwnerLast; mysql_query("INSERT INTO tasks (taskresource, tasktitle, taskdetail, taskstatus, taskowner, taskOwnerFullName) VALUES ('$acct', '$task', '$task', '$taskstatus', '$user', '$taskOwnerFull' )"); echo "inserted"; } ?> Accountview.php finally the front page <html> <div class="input-cont "> <input type="text" class="form-control col-lg-12" placeholder="Add a quick Task..." name ="quicktask" id="quicktask"> </div> <div class="form-group"> <div class="pull-right chat-features"> <a href="javascript:;"> <i class="icon-camera"></i> </a> <a href="javascript:;"> <i class="icon-link"></i> </a> <input type="button" class="btn btn-danger" name="AddTask" id="AddTask" value="Add" /> <input type="hidden" name="acct" id="acct" value="<?php echo $_REQUEST['acctname']?>"/> <input type="hidden" name="user" id="user" value="<?php $username = $_SESSION['username']; echo $username?>"/> <div id="result">result</div> </div> </div>  <script src="js/jquery.js"></script> <script src="f_js/tasks/TaskTest.js"></script>  <script src="js/common-scripts.js"></script> <script type="text/javascript" src="assets/gritter/js/jquery.gritter.js"></script> <script src="js/gritter.js" type="text/javascript"></script> <script> </html> Firebug reponse: Response Headers Connection Keep-Alive Content-Length 0 Content-Type text/html Date Fri, 08 Nov 2013 21:48:50 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.16 X-Powered-By PHP/5.4.16 refresh 5; URL=index.php Request Headers Accept */* Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Content-Length 13 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Cookie PHPSESSID=6gufl3guiiddreg8cdlc0htnc6 Host localhost Referer http://localhost/betahtml/AccountView.php?acctname=client%201 User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 X-Requested-With XMLHttpRequest

Read the article

Why is this unwanted ">" character being displayed when displaying this PHP document in a browser?

- by CT

This page takes an asset id from $_GET of the url and displays some info about the asset after querying a mysql database. When I view the page in my browser there is an unwanted "" character within the page and I have no idea why. I've commented where it appears. It appears before the < table create tag right afterward. The < table tag was originally outside the php script section but I threw it in to see if it made a difference. It did not. Thank you all. I am viewing the page in Firefox. The web server is running on an Ubuntu Server 10.04 virtual machine on my laptop. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="style.css" /> <title>Wagman IT Asset</title> </head> <body> <div id="page"> <div id="header"> <img src="images/logo.png" /> </div> </div> <div id="content"> <div id="container"> <div id="main"> <div id="menu"> <ul> <table width="100%" border="0"> <tr> <td><li><a href="index.php">Search Assets</a></li></td> <td><li><a href="browse.php">Browse Assets</a></li></td> <td><li><a href="add_asset.php">Add Asset</a></li></td> <td>        </td> </tr> </table> </ul> </div> <div id="text"> <ul> <li> <h1>View Asset</h1> </li> </ul> //UNWANTED > CHARACTER APPEARS HERE <?php echo "<table width='100%' border='0' cellpadding='2'>"; //make database connect mysql_connect("localhost", "asset_db", "asset_db") or die(mysql_error()); mysql_select_db("asset_db") or die(mysql_error()); //get asset $id = $_GET["id"]; //get type of asset $sql = "SELECT asset.type From asset WHERE asset.id = $id"; $result = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_assoc($result); $type = $row['type']; switch ($type){ case "Server": $sql = " SELECT asset.id ,asset.company ,asset.location ,asset.purchase_date ,asset.purchase_order ,asset.value ,asset.type ,asset.notes ,server.manufacturer ,server.model ,server.serial_number ,server.esc ,server.user ,server.prev_user ,server.warranty FROM asset LEFT JOIN server ON server.id = asset.id WHERE asset.id = $id "; $result = mysql_query($sql); while($row = mysql_fetch_assoc($result)) { echo "<tr><td>      </td><td>Asset ID:</td><td>"; $id = $row['id']; setcookie('id', $id); echo "$id</td></tr>"; echo "<tr<td>      </td>><td>Company:</td><td>"; $company = $row['company']; setcookie('company', $company); echo "$company</td></tr>"; echo "<tr><td>      </td><td>Location:</td><td>"; $company = $row['location']; setcookie('location', $location); echo "$location</td></tr>"; echo "<tr><td>      </td><td>Purchase Date:</td><td>"; $purchase_date = $row['purchase_date']; setcookie('purchase_date', $purchase_date); echo "$purchase_date</td></tr>"; echo "<tr><td>      </td><td>Purchase Order:</td><td>"; $purchase_order = $row['purchase_order']; setcookie('purchase_order', $purchase_order); echo "$purchase_order</td></tr>"; echo "<tr><td>      </td><td>Value:</td><td>"; $value = $row['value']; setcookie('value', $value); echo "$value</td></tr>"; echo "<tr><td>      </td><td>Type:</td><td>"; $type = $row['type']; setcookie('type', $type); echo "$type</td></tr>"; echo "<tr><td>      </td><td>Notes:</td><td>"; $notes = $row['notes']; setcookie('notes', $notes); echo "$notes</td></tr>"; echo "<tr><td>      </td><td>Manufacturer:</td><td>"; $manufacturer = $row['manufacturer']; setcookie('manufacturer', $manufacturer); echo "$manufacturer</td></tr>"; echo "<tr><td>      </td><td>Model / Description:</td><td>"; $model = $row['model']; setcookie('model', $model); echo "$model</td></tr>"; echo "<tr><td>      </td><td>Serial Number / Service Tag:</td><td>"; $serial_number = $row['serial_number']; setcookie('serial_number', $serial_number); echo "$serial_number</td></tr>"; echo "<tr><td>      </td><td>Express Service Code:</td><td>"; $escy = $row['esc']; setcookie('esc', $esc); echo "$esc</td></tr>"; echo "<tr><td>      </td><td>User:</td><td>"; $user = $row['user']; setcookie('user', $user); echo "$user</td></tr>"; echo "<tr><td>      </td><td>Previous User:</td><td>"; $prev_user = $row['prev_user']; setcookie('prev_user', $prev_user); echo "$prev_user</td></tr>"; echo "<tr><td>      </td><td>Warranty:</td><td>"; $warranty = $row['warranty']; setcookie('warranty', $warranty); echo "$warranty</td></tr></table>"; } break; case "Laptop": $sql = " SELECT asset.id ,asset.company ,asset.location ,asset.purchase_date ,asset.purchase_order ,asset.value ,asset.type ,asset.notes ,laptop.manufacturer ,laptop.model ,laptop.serial_number ,laptop.esc ,laptop.user ,laptop.prev_user ,laptop.warranty FROM asset LEFT JOIN laptop ON laptop.id = asset.id WHERE asset.id = $id "; $result = mysql_query($sql); while($row = mysql_fetch_assoc($result)) { echo "<tr><td>      </td><td>Asset ID:</td><td>"; $id = $row['id']; setcookie('id', $id); echo "$id</td></tr>"; echo "<tr<td>      </td>><td>Company:</td><td>"; $company = $row['company']; setcookie('company', $company); echo "$company</td></tr>"; echo "<tr><td>      </td><td>Location:</td><td>"; $company = $row['location']; setcookie('location', $location); echo "$location</td></tr>"; echo "<tr><td>      </td><td>Purchase Date:</td><td>"; $purchase_date = $row['purchase_date']; setcookie('purchase_date', $purchase_date); echo "$purchase_date</td></tr>"; echo "<tr><td>      </td><td>Purchase Order:</td><td>"; $purchase_order = $row['purchase_order']; setcookie('purchase_order', $purchase_order); echo "$purchase_order</td></tr>"; echo "<tr><td>      </td><td>Value:</td><td>"; $value = $row['value']; setcookie('value', $value); echo "$value</td></tr>"; echo "<tr><td>      </td><td>Type:</td><td>"; $type = $row['type']; setcookie('type', $type); echo "$type</td></tr>"; echo "<tr><td>      </td><td>Notes:</td><td>"; $notes = $row['notes']; setcookie('notes', $notes); echo "$notes</td></tr>"; echo "<tr><td>      </td><td>Manufacturer:</td><td>"; $manufacturer = $row['manufacturer']; setcookie('manufacturer', $manufacturer); echo "$manufacturer</td></tr>"; echo "<tr><td>      </td><td>Model / Description:</td><td>"; $model = $row['model']; setcookie('model', $model); echo "$model</td></tr>"; echo "<tr><td>      </td><td>Serial Number / Service Tag:</td><td>"; $serial_number = $row['serial_number']; setcookie('serial_number', $serial_number); echo "$serial_number</td></tr>"; echo "<tr><td>      </td><td>Express Service Code:</td><td>"; $escy = $row['esc']; setcookie('esc', $esc); echo "$esc</td></tr>"; echo "<tr><td>      </td><td>User:</td><td>"; $user = $row['user']; setcookie('user', $user); echo "$user</td></tr>"; echo "<tr><td>      </td><td>Previous User:</td><td>"; $prev_user = $row['prev_user']; setcookie('prev_user', $prev_user); echo "$prev_user</td></tr>"; echo "<tr><td>      </td><td>Warranty:</td><td>"; $warranty = $row['warranty']; setcookie('warranty', $warranty); echo "$warranty</td></tr></table>"; } break; case "Desktop": $sql = " SELECT asset.id ,asset.company ,asset.location ,asset.purchase_date ,asset.purchase_order ,asset.value ,asset.type ,asset.notes ,desktop.manufacturer ,desktop.model ,desktop.serial_number ,desktop.esc ,desktop.user ,desktop.prev_user ,desktop.warranty FROM asset LEFT JOIN desktop ON desktop.id = asset.id WHERE asset.id = $id "; $result = mysql_query($sql); while($row = mysql_fetch_assoc($result)) { echo "<tr><td>      </td><td>Asset ID:</td><td>"; $id = $row['id']; setcookie('id', $id); echo "$id</td></tr>"; echo "<tr<td>      </td>><td>Company:</td><td>"; $company = $row['company']; setcookie('company', $company); echo "$company</td></tr>"; echo "<tr><td>      </td><td>Location:</td><td>"; $company = $row['location']; setcookie('location', $location); echo "$location</td></tr>"; echo "<tr><td>      </td><td>Purchase Date:</td><td>"; $purchase_date = $row['purchase_date']; setcookie('purchase_date', $purchase_date); echo "$purchase_date</td></tr>"; echo "<tr><td>      </td><td>Purchase Order:</td><td>"; $purchase_order = $row['purchase_order']; setcookie('purchase_order', $purchase_order); echo "$purchase_order</td></tr>"; echo "<tr><td>      </td><td>Value:</td><td>"; $value = $row['value']; setcookie('value', $value); echo "$value</td></tr>"; echo "<tr><td>      </td><td>Type:</td><td>"; $type = $row['type']; setcookie('type', $type); echo "$type</td></tr>"; echo "<tr><td>      </td><td>Notes:</td><td>"; $notes = $row['notes']; setcookie('notes', $notes); echo "$notes</td></tr>"; echo "<tr><td>      </td><td>Manufacturer:</td><td>"; $manufacturer = $row['manufacturer']; setcookie('manufacturer', $manufacturer); echo "$manufacturer</td></tr>"; echo "<tr><td>      </td><td>Model / Description:</td><td>"; $model = $row['model']; setcookie('model', $model); echo "$model</td></tr>"; echo "<tr><td>      </td><td>Serial Number / Service Tag:</td><td>"; $serial_number = $row['serial_number']; setcookie('serial_number', $serial_number); echo "$serial_number</td></tr>"; echo "<tr><td>      </td><td>Express Service Code:</td><td>"; $escy = $row['esc']; setcookie('esc', $esc); echo "$esc</td></tr>"; echo "<tr><td>      </td><td>User:</td><td>"; $user = $row['user']; setcookie('user', $user); echo "$user</td></tr>"; echo "<tr><td>      </td><td>Previous User:</td><td>"; $prev_user = $row['prev_user']; setcookie('prev_user', $prev_user); echo "$prev_user</td></tr>"; echo "<tr><td>      </td><td>Warranty:</td><td>"; $warranty = $row['warranty']; setcookie('warranty', $warranty); echo "$warranty</td></tr></table>"; } break; } ?> </div> </div> </div> <div class="clear"></div> <div id="footer" align="center"> <p> </p> </div> </div> <div id="tagline"> Wagman Construction - Bridging Generations since 1902 </div> </body> </html>

Read the article

Interesting articles and blogs on SPARC T4

- by mv

Interesting articles and blogs on SPARC T4 processor I have consolidated all the interesting information I could get on SPARC T4 processor and its hardware cryptographic capabilities. Hope its useful. 1. Advantages of SPARC T4 processor Most important points in this T4 announcement are : "The SPARC T4 processor was designed from the ground up for high speed security and has a cryptographic stream processing unit (SPU) integrated directly into each processor core. These accelerators support 16 industry standard security ciphers and enable high speed encryption at rates 3 to 5 times that of competing processors. By integrating encryption capabilities directly inside the instruction pipeline, the SPARC T4 processor eliminates the performance and cost barriers typically associated with secure computing and makes it possible to deliver high security levels without impacting the user experience." Data Sheet has more details on these : "New on-chip Encryption Instruction Accelerators with direct non-privileged support for 16 industry-standard cryptographic algorithms plus random number generation in each of the eight cores: AES, Camellia, CRC32c, DES, 3DES, DH, DSA, ECC, Kasumi, MD5, RSA, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512" I ran "isainfo -v" command on Solaris 11 Sparc T4-1 system. It shows the new instructions as expected : $ isainfo -v 64-bit sparcv9 applications crc32c cbcond pause mont mpmul sha512 sha256 sha1 md5 camellia kasumi des aes ima hpc vis3 fmaf asi_blk_init vis2 vis popc 32-bit sparc applications crc32c cbcond pause mont mpmul sha512 sha256 sha1 md5 camellia kasumi des aes ima hpc vis3 fmaf asi_blk_init vis2 vis popc v8plus div32 mul32 2. Dan Anderson's Blog have some interesting points about how these can be used : "New T4 crypto instructions include: aes_kexpand0, aes_kexpand1, aes_kexpand2, aes_eround01, aes_eround23, aes_eround01_l, aes_eround_23_l, aes_dround01, aes_dround23, aes_dround01_l, aes_dround_23_l. Having SPARC T4 hardware crypto instructions is all well and good, but how do we access it ? The software is available with Solaris 11 and is used automatically if you are running Solaris a SPARC T4. It is used internally in the kernel through kernel crypto modules. It is available in user space through the PKCS#11 library." 3. Dans' Blog on Where's the Crypto Libraries? Although this was written in 2009 but still is very useful "Here's a brief tour of the major crypto libraries shown in the digraph: The libpkcs11 library contains the PKCS#11 API (C_\*() functions, such as C_Initialize()). That in turn calls library pkcs11_softtoken or pkcs11_kernel, for userland or kernel crypto providers. The latter is used mostly for hardware-assisted cryptography (such as n2cp for Niagara2 SPARC processors), as that is performed more efficiently in kernel space with the "kCF" module (Kernel Crypto Framework). Additionally, for Solaris 10, strong crypto algorithms were split off in separate libraries, pkcs11_softtoken_extra libcryptoutil contains low-level utility functions to help implement cryptography. libsoftcrypto (OpenSolaris and Solaris Nevada only) implements several symmetric-key crypto algorithms in software, such as AES, RC4, and DES3, and the bignum library (used for RSA). libmd implements MD5, SHA, and SHA2 message digest algorithms" 4. Difference in T3 and T4 Diagram in this blog is good and self explanatory. Jeff's blog also highlights the differences "The T4 servers have improved crypto acceleration, described at https://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine. It is "just built in" so administrators no longer have to assign crypto accelerator units to domains - it "just happens". Every physical or virtual CPU on a SPARC-T4 has full access to hardware based crypto acceleration at all times. .... For completeness sake, it's worth noting that the T4 adds more crypto algorithms, and accelerates Camelia, CRC32c, and more SHA-x." 5. About performance counters In this blog, performance counters are explained : "Note that unlike T3 and before, T4 crypto doesn't require kernel modules like ncp or n2cp, there is no visibility of crypto hardware with kstats or cryptoadm. T4 does provide hardware counters for crypto operations. You can see these using cpustat: cpustat -c pic0=Instr_FGU_crypto 5 You can check the general crypto support of the hardware and OS with the command "isainfo -v". Since T4 crypto's implementation now allows direct userland access, there are no "crypto units" visible to cryptoadm. " For more details refer Martin's blog as well. 6. How to turn off SPARC T4 or Intel AES-NI crypto acceleration I found this interesting blog from Darren about how to turn off SPARC T4 or Intel AES-NI crypto acceleration. "One of the new Solaris 11 features of the linker/loader is the ability to have a single ELF object that has multiple different implementations of the same functions that are selected at runtime based on the capabilities of the machine. The alternate to this is having the application coded to call getisax(2) system call and make the choice itself. We use this functionality of the linker/loader when we build the userland libraries for the Solaris Cryptographic Framework (specifically libmd.so and libsoftcrypto.so) The Solaris linker/loader allows control of a lot of its functionality via environment variables, we can use that to control the version of the cryptographic functions we run. To do this we simply export the LD_HWCAP environment variable with values that tell ld.so.1 to not select the HWCAP section matching certain features even if isainfo says they are present. This will work for consumers of the Solaris Cryptographic Framework that use the Solaris PKCS#11 libraries or use libmd.so interfaces directly. For SPARC T4 : export LD_HWCAP="-aes -des -md5 -sha256 -sha512 -mont -mpul" .. For Intel systems with AES-NI support: export LD_HWCAP="-aes"" Note that LD_HWCAP is explained in http://docs.oracle.com/cd/E23823_01/html/816-5165/ld.so.1-1.html "LD_HWCAP, LD_HWCAP_32, and LD_HWCAP_64 - Identifies an alternative hardware capabilities value... A “-” prefix results in the capabilities that follow being removed from the alternative capabilities." 7. Whitepaper on SPARC T4 Servers—Optimized for End-to-End Data Center Computing This Whitepaper on SPARC T4 Servers—Optimized for End-to-End Data Center Computing explains more details. It has DTrace scripts which may come in handy : "To ensure the hardware-assisted cryptographic acceleration is configured to use and working with the security scenarios, it is recommended to use the following Solaris DTrace script. #!/usr/sbin/dtrace -s pid$1:libsoftcrypto:yf*:entry, pid$target:libsoftcrypto:rsa*:entry, pid$1:libmd:yf*:entry { @[probefunc] = count(); } tick-1sec { printa(@ops); trunc(@ops); }" Note that I have slightly modified the D Script to have RSA "libsoftcrypto:rsa*:entry" as well as per recommendations from Chi-Chang Lin. 8. References http://www.oracle.com/us/corporate/features/sparc-t4-announcement-494846.html http://www.oracle.com/us/products/servers-storage/servers/sparc-enterprise/t-series/sparc-t4-1-ds-487858.pdf https://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine https://blogs.oracle.com/DanX/entry/where_s_the_crypto_libraries https://blogs.oracle.com/darren/entry/howto_turn_off_sparc_t4 http://docs.oracle.com/cd/E23823_01/html/816-5165/ld.so.1-1.html https://blogs.oracle.com/hardware/entry/unleash_the_power_of_cryptography https://blogs.oracle.com/cmt/entry/t4_crypto_cheat_sheet https://blogs.oracle.com/martinm/entry/t4_performance_counters_explained https://blogs.oracle.com/jsavit/entry/no_mau_required_on_a http://www.oracle.com/us/products/servers-storage/servers/sparc-enterprise/t-series/sparc-t4-business-wp-524472.pdf

Read the article

Can Google Employees See My Saved Google Chrome Passwords?

- by Jason Fitzpatrick

Storing your passwords in your web browser seems like a great time saver, but are the passwords secure and inaccessible to others (even employees of the browser company) when squirreled away? Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites. The Question SuperUser reader MMA is curious if Google employees have (or could have) access to the passwords he stores in Google Chrome: I understand that we are really tempted to save our passwords in Google Chrome. The likely benefit is two fold, You don’t need to (memorize and) input those long and cryptic passwords. These are available wherever you are once you log in to your Google account. The last point sparked my doubt. Since the password is available anywhere, the storage must in some central location, and this should be at Google. Now, my simple question is, can a Google employee see my passwords? Searching over the Internet revealed several articles/messages. Do you save passwords in Chrome? Maybe you should reconsider: Talks about your passwords being stolen by someone who has access to your computer account. Nothing mentioned about the central storage security and vulnerability. There is even a response from Chrome browser security tech lead about the first issue. Chrome’s insane password security strategy: Mostly along the same line. You can steal password from somebody if you have access to the computer account. How to Steal Passwords Saved in Google Chrome in 5 Simple Steps: Teaches you how to actually perform the act mentioned in the previous two when you have access to somebody else’s account. There are many more (including this one at this site), mostly along the same line, points, counter-points, huge debates. I refrain from mentioning them here, simply carry a search if you want to find them. Coming back to my original query, can a Google employee see my password? Since I can view the password using a simple button, definitely they can be unhashed (decrypted) even if encrypted. This is very different from the passwords saved in Unix-like OS’s where the saved password can never be seen in plain text. They use a one-way encryption algorithm to encrypt your passwords. This encrypted password is then stored in the passwd or shadow file. When you attempt to login, the password you type in is encrypted again and compared with the entry in the file that stores your passwords. If they match, it must be the same password, and you are allowed access. Thus, a superuser can change my password, can block my account, but he can never see my password. So are his concerns well founded or will a little insight dispel his worry? The Answer SuperUser contributor Zeel helps put his mind at ease: Short answer: No* Passwords stored on your local machine can be decrypted by Chrome, as long as your OS user account is logged in. And then you can view those in plain text. At first this seems horrible, but how did you think auto-fill worked? When that password field gets filled in, Chrome must insert the real password into the HTML form element – or else the page wouldn’t work right, and you could not submit the form. And if the connection to the website is not over HTTPS, the plain text is then sent over the internet. In other words, if chrome can’t get the plain text passwords, then they are totally useless. A one way hash is no good, because we need to use them. Now the passwords are in fact encrypted, the only way to get them back to plain text is to have the decryption key. That key is your Google password, or a secondary key you can set up. When you sign into Chrome and sync the Google servers will transmit the encrypted passwords, settings, bookmarks, auto-fill, etc, to your local machine. Here Chrome will decrypt the information and be able to use it. On Google’s end all that info is stored in its encrpyted state, and they do not have the key to decrypt it. Your account password is checked against a hash to log in to Google, and even if you let chrome remember it, that encrypted version is hidden in the same bundle as the other passwords, impossible to access. So an employee could probably grab a dump of the encrypted data, but it wouldn’t do them any good, since they would have no way to use it.* So no, Google employees can not** access your passwords, since they are encrypted on their servers. * However, do not forget that any system that can be accessed by an authorized user can be accessed by an unauthorized user. Some systems are easier to break than other, but none are fail-proof. . . That being said, I think I will trust Google and the millions they spend on security systems, over any other password storage solution. And heck, I’m a wimpy nerd, it would be easier to beat the passwords out of me than break Google’s encryption. ** I am also assuming that there isn’t a person who just happens to work for Google gaining access to your local machine. In that case you are screwed, but employment at Google isn’t actually a factor any more. Moral: Hit Win + L before leaving machine. While we agree with zeel that it’s a pretty safe bet (as long as your computer is not compromised) that your passwords are in fact safe while stored in Chrome, we prefer to encrypt all our logins and passwords in a LastPass vault. Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.

Read the article

How to install FFMpeg in WampServer 2.0 (Windows XP)

- by Richard Knop

I need to install the ffmpeg PHP extension on my localhost so I can test few of my scripts but I am having troubles figuring out how to do that. I have WampServer 2.0 with PHP 5.2.9-2, my OS is Windows XP. Please somebody give me step by step instructions. I have found some Windows builds here: http://sourceforge.net/projects/ffmpeg-php/files/ But I don't know which one to download and what to do with files. EDITED: What I have done so far: Download ffmpeg_new Copy php_ffmpeg.dll from the php5 folder to the C:\wamp\bin\php\php5.2.9-2\ext Copy files from common to the windows/system32 folder Add extension=php_ffmpeg.dll to php.ini file Restarted all services (Apache, PHP...) I am gettings an error after using this code: $extension = 'ffmpeg'; $extension_soname = 'php_ffmpeg.dll'; $extension_fullname = PHP_EXTENSION_DIR . "/" . $extension_soname; // load extension if(false === extension_loaded($extension)) { if (false === dl($extension_soname)) throw new Exception("Can't load extension $extension_fullname\n"); } The error: Warning: dl() [function.dl]: Not supported in multithreaded Web servers - use extension=ffmpeg.dll in your php.ini in C:\wamp\www\hunnyhive\application\modules\default\controllers\MyAccountController.php on line 314 Plus I also get the exception from above.

Read the article

How to use role-hierarchy in Spring Security 3 with Spring EL?

- by Aleksey

I want to use @PreAuthorize annotation on service methods with Spring Security. One of requirements is to use role-hierarchy. But by default it is not enabled. I found that in SecurityExpressionRoot class ("the base class for expression root objects") there is a property roleHierarchy. The class actually does use this property for methods like hasRole() and hasAnyRole(). I suppose that if I supply it with my own RoleHierarchy bean I will be able to use @PreAuthorize annotations with hierarchical roles. How can I inject my hierarchy bean into SecurityExpressionRoot?

Read the article

Updating textfield in doctrine produces an exception

- by james-murphy

I have a textfield that contains say for example the following text:- "A traditional English dish comprising sausages in Yorkshire pudding batter, usually served with vegetables and gravy." This textfield is in a form that simply updates an item record using it's ID. If I edit part of the textfield and replace "and gravy." with "humous." So that the textfield now contains "A traditional English dish comprising sausages in Yorkshire pudding batter, usually served with vegetables and humous." I get the following exception:- Fatal error: Uncaught exception 'Doctrine_Query_Exception' with message 'Unknown component alias humous' in C:\Projects\nitrous\lightweight\system\database\Doctrine\Query\Abstract.php:780 Stack trace: C:\Projects\nitrous\lightweight\system\database\Doctrine\Query\Abstract.php(767): Doctrine_Query_Abstract-getQueryComponent('humous') C:\Projects\nitrous\lightweight\system\database\Doctrine\Query\Set.php(58): Doctrine_Query_Abstract-getAliasDeclaration('humous') C:\Projects\nitrous\lightweight\system\database\Doctrine\Query\Abstract.php(2092): Doctrine_Query_Set-parse('i.details = 'A ...') C:\Projects\nitrous\lightweight\system\database\Doctrine\Query.php(1058): Doctrine_Query_Abstract-_processDqlQueryPart('set', Array) C:\Projects\nitrous\lightweight\system\database\Doctrine\Query\Abstract.php(971): Doctrine_Query-getSqlQuery(Array) C:\Projects\nitrous\lightweight\system\database\Doctrine\Query\Abstract.php(1030): Doctrine_Query_Abstract-_execute(Array) C:\Projects\nitrous\lightweight\system\appl in C:\Projects\nitrous\lightweight\system\database\Doctrine\Query\Abstract.php on line 780 I'm using Doctrine 1.0.6 hooked into CodeIgniter 1.7.0 if anyone is interested. My doctrine query that actually performs the update looks as follows:- public function updateItems($id, $arrayItem) { $query = new Doctrine_Query(); $query->update('Item i'); foreach($arrayItem as $key => $value) { $query->set('i.'.$key, "'".$value."'"); } $query->where('i.id = ?', $id); return $query->execute(); } This seems bizarre because if i replace the entire string "A traditional English dish comprising sausages in Yorkshire pudding batter, usually served with vegetables and humous." with something completely different like just "test" it doesn't throw an exception and works just fine. This baffles me... is it a bug in Doctrine or have I missed something?

Read the article

error with swiftmailer

- by user1298805

I'm trying to add a contact form to my website. In localhost it worked fine, now moving on Tiscali server I'm getting this error: Warning: is_writable() [function.is-writable]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www/virtual/mydomain.it/:/usr/share/php/:/var/www/ispcp/gui/tools/filemanager/) in /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/preferences.php on line 15` Fatal error: Uncaught exception Swift_TransportException' with message 'Expected response code 220 but got code "554", with message "554 santino.mail.tiscali.it ESMTP server not available from your IP "' in /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Transport/AbstractSmtpTransport.php:422 Stack trace: #0 /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Transport/AbstractSmtpTransport.php(315):` Swift_Transport_AbstractSmtpTransport->_assertResponseCode('554 santino.mai...', Array) #1 /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Transport/AbstractSmtpTransport.php(123): Swift_Transport_AbstractSmtpTransport->_readGreeting() #2 /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Mailer.php(79): Swift_Transport_AbstractSmtpTransport->start() #3 /var/www/virtual/mydomain.it/htdocs/prova-intro/mail_SwiftMailer.php(129): Swift_Mailer->send(Object(Swift_Message) in /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Transport/AbstractSmtpTransport.php on line 422` Parameter I'm using: define('HOST_SMTP', 'smtp.mydomain.it'); define('PORT_SMTP', 465); define('SECUTITY_SMTP', ssl); define('EMAIL_SMTP', '[email protected]'); define('PASSWORD_SMTP', 'xxxxxxx'); define('EMAIL_DESTINATARIO', $_POST['destinatario']); define('MAX_DIM_FILE', 1048576); // 1mb

Read the article

additional security measures besides a login with user-password - what can you think of?

- by Tom Tom

I'm wondering which additional security measures one could take besides a traditional login with user and password. What do you think of this one: _manually adding a cookie to each client which includes a secret key _this cookie is not served by the webserver, it is actually copied "by hand" to each client computer _if a client connects to the web-app the server graps that cookie and if the containing secret key is ok, the traditional login box is presented where the user has to enter the user-password combination _communication between client and server is encrypted with https Thus a potential intruder would first need to get the cookie from the clients computer, which is only possible with having access to the clients computer. This would work only for a very small user-base and an admin willing to do this manual work.

Read the article

Spring security annotations with EL -- requires debug information compiled in?

- by HDave

I am considering using Spring Security annotations for my application, with the EL (expression language) feature. For example: @PreAuthorize("hasPermission(#contact, 'admin')") public void deletePermission(Contact contact, Sid recipient, Permission permission); I need the EL capability because I have built my own ACL implementation. However, to use this capability with the "#contact" type arguments, the Spring documentation says this: You can access any of the method arguments by name as expression variables, provided your code has debug information compiled in. This begs two questions: It is acceptable to have a production application commercially distributed with debug info in it? If not, is there any way around this? Thanks for any guidance on this!

Read the article

drupal_add_css not working

- by hfidgen

Hiya, I need to use drupal_add_css to call stylesheets onto single D6 pages. I don't want to edit the main theme stylesheet as there will be a set of individual pages which all need completely new styles - the main sheet would be massive if i put it all in there. My solution was to edit the page in PHP editor mode and do this: <?php drupal_add_css("/styles/file1.css", "theme"); ?> <div id="newPageContent">stuff here in html</div> But when i view source, there is nothing there! Not even a broken css link or anything, it's just refusing to add the css sheet to the css package put into the page head. Variations don't seem to work either: drupal_add_css($path = '/styles/file1.css', $type = 'module', $media = 'all', $preprocess = TRUE) My template header looks like this, i've not changed anything from the default other than adding a custom JS. <head> <?php print $head ?> <title><?php print $head_title ?></title> <?php print $styles ?> <?php print $scripts ?> <script type="text/javascript" src="<?php print base_path() ?>misc/askme.js"></script>  </head> Can anyone think of a reason why this function is not working? Thanks!

Read the article

How to enable and use HTTP PUT and DELETE with Apache2 and PHP?

- by Andreas Jansson

Hi, It should be so simple. I've followed every tutorial and forum I could find, yet I can't get it to work. I simply want to build a RESTful API in PHP on Apache2. In my VirtualHost directive I say: <Directory /> AllowOverride All <Limit GET HEAD POST PUT DELETE OPTIONS> Order Allow,Deny Allow from all </Limit> </Directory> Yet every PUT request I make to the server, I get 405 method not supported. Someone advocated using the Script directive, but since I use mod_php, as opposed to CGI, I don't see why that would work. People mention using WebDAV, but to me that seems like overkill. After all, I don't need DAV locking, a DAV filesystem, etc. All I want to do is pass the request on to a PHP script and handle everything myself. I only want to enable PUT and DELETE for the clean semantics. Thanks, Andreas

Read the article

iPhone SDK Push notification randomly fails

- by Jameson

I have a PHP file with the following content that works perfectly on development ceritficates, but when I switch to a production certificate the PHP errors and gives the below message, but it only does this about 50% of the time. The other 50% it works. Anyone know why this might be happening? <?php // masked for security reason $deviceToken = 'xxxxxx'; // jq $ctx = stream_context_create(); stream_context_set_option($ctx, 'ssl', 'local_cert', dirname(__FILE__)."/prod.pem"); $number = 5; $fp = stream_socket_client('ssl://gateway.push.apple.com:2195', $err, $errstr, 60, STREAM_CLIENT_CONNECT, $ctx); if (!$fp) { print "Failed to connect $err $errstr\n"; } else { print "Connection OK\n"; $msg = $_GET['msg']; $payload['aps'] = array('alert' => $msg, 'badge' => 1, 'sound' => 'default'); $payload = json_encode($payload); $msg = chr(0) . pack("n",32) . pack('H*', str_replace(' ', '', $deviceToken)) . pack("n",strlen($payload)) . $payload; print "sending message :" . $payload . "\n"; fwrite($fp, $msg); fclose($fp); } ?> The PHP error: Warning: stream_socket_client() [function.stream-socket-client]: Unable to set local cert chain file `/var/www/vhosts/thissite.com/httpdocs/prod.pem'; Check that your cafile/capath settings include details of your certificate and its issuer in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Warning: stream_socket_client() [function.stream-socket-client]: failed to create an SSL handle in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Failed to connect 0

Read the article

PHP, We have sessions, and cookies....I love cookies, but they are blowing my mind right now.

- by Matt

I am not sure how to go about accessing the variable I need to set on a cookie... I was thinking about using the $_POST global but I dont know how based on my design if it will work. I am using a master page type design seperating index.php from my function includes and database information and individual pages (that will be returned to an include in index.php based on a $_GET) Okay so back to my question. What is the most efficient way to set a cookie on a design that has a main page that everything will branch from. How would I pull the value. Is $_POST a good enough way to go about it? Also...by saying it must be the first thing sent...does that mean I cannot run any serverside scripts before that? I could definately utilize a login query I think but I dont want to write code just to be dissapointed based on my lack of time and knowledge. I did search for answers...I know this most likely feels like a generic question that could be answered in a difference place...but I know I will get an accurate and professional answer here...so I dont want to bet on the half answers I found otherwise. Of course I will sanitize everything and not store any sensitive information (passwords,address,phone,or anything really for that matter besides some kind of session ID and the username) If this is confusing I am sorry but I am on a gov computer...and they lock these tighter than ft knox...so getting my code on here will be a chore until I get back to my room. Thanks, Matt

Read the article

Codeigniter: Base_url doesn't seem to be working

- by Dwayne

I have developed a simple site that fetches tweets from the Twitter public timeline, caches them for 60 seconds and so on. I have recently moved hosts from Hostgator to Mediatemple and my site was previously working fine on Hostgator. My application doesn't use a database connection, nor does it use any form of flat-file database either. Tweets are cached in an XML file stored in the root directory, not that most of that is important. The url helper is being included as can be seen below (this is my helpers line from autoload.php): $autoload['helper'] = array('url'); I have also removed my index.php file from the URL using .htaccess directives and once again this was previously working on Hostgator (see my .htaccess code below): RewriteEngine On RewriteRule ^(application) - [F,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule .* index.php/$0 [PT,L] In my home.php view file which is in the views folder inside of application, I am using the function base_url() which was previously working on Hostgator inside of my view files and appending it a base href value in my header: <base href="<?php echo base_url(); ?>" /> Here is what my base_url value looks like in the config.php file: $config['base_url'] = "http://threetune.com/"; Although what appears to be happening is that the base_url is not to be seen at all. It doesn't appear to be echoing out the value of base_url as it appears to be empty for some reason. What makes things weirder is that I have a link in another view file called 'fetch.php' and for some reason it appears to be stripping out the value (XSS filtering is off): <a href="threetune/show"><img src="assets/images/cookie.jpg" /></a> The threetune/show part is not to be seen and I only see an empty href value like this <a href=""><img src="assets/images/cookie.jpg" /></a> Can anyone possibly see anything wrong that I may have done, some kind of Mediatemple server limitation or PHP.ini flag that needs to be set? Thank you and I hope I was descriptive enough.

Read the article

About my changes on php class... is there any bug in my changes ? I need help, thanks.

- by question_about_the_problem

I'm junior coder and I have no good experience. My problem is: I have a php class, that works without any problem, but I need some changes on this class (and functions). And i don't have fax machine right now to try. is there any bug in my changes ? Here is my changes text: 1.) Open the file xxx.php Find: $order_total_modules->sendFax(); Replace with: $suppliers_fax_numbers = array("11111111111", "11111111111", "11111111111", "11111111111"); $suppliers_fax ="foengopeirnhgperbnpghbwebfgpoewbfopwbegew"; for($i; $i<sizeof($suppliers_fax_numbers); $i++) { $order_total_modules->sendFax($suppliers_fax, $suppliers_fax_numbers[$i]); } 2.) Open the file xxx.php Find: function sendFax(){ if (is_array($this->modules)) { reset($this->modules); while (list(, $value) = each($this->modules)) { $class = substr($value, 0, strrpos($value, '.')); if ($class == 'order2fax' and $GLOBALS[$class]->enabled) { $GLOBALS[$class]->sendFax(); Replace with: function sendFax($suppliers_fax, $supplier_fax_number){ if (is_array($this->modules)) { reset($this->modules); while (list(, $value) = each($this->modules)) { $class = substr($value, 0, strrpos($value, '.')); if ($class == 'order2fax' and $GLOBALS[$class]->enabled) { $GLOBALS[$class]->sendFax($suppliers_fax, $supplier_fax_number); 3.) Open the file xxx.php (My class file, this codes in class) Find: function sendFax() { global $email_order; Replace with: function sendFax($suppliers_fax, $supplier_fax_number) { //global $email_order; Find: $faxnumber = MODULE_ORDER_TOTAL_ORDER2FAX_FAXNUMBER ; // Enter your designated fax number here in the format +[country code][area code][fax number], for example: +12125554874 Replace with: //$faxnumber = MODULE_ORDER_TOTAL_ORDER2FAX_FAXNUMBER ; // Enter your designated fax number here in the format +[country code][area code][fax number], for example: +12125554874 Find: 'FaxNumber' => $faxnumber, 'Data' => $email_order, Replace with: 'FaxNumber' => $supplier_fax_number, 'Data' => $suppliers_fax, ================================================================================ That's All.

Read the article

How do I best remove the unicode characters that XHTML regards as non-valid using php?

- by Andrew Stacey

I run a forum designed to support an international mathematics group. I've recently switched it to unicode for better support of international characters. In debugging this conversion, I've discovered that not all unicode characters are considered as valid XHTML (the relevant website appears to be http://www.w3.org/TR/unicode-xml/). One of the steps that the forum software goes through before presenting the posts to the browser is an XHTML validation/sanitisation step. It seems a reasonable idea that at that stage it should remove any unicode characters that XHTML doesn't like. So my question is: Is there a standard (or best) way of doing this in PHP? (The forum is written in PHP, by the way.) I guess that the failsafe would be a simple str_replace (if that's also the best, do I need to do anything extra to make sure it works properly with unicode?) but that would involve me having to go through the XHTML DTD (or the above-referenced W3 page) carefully to figure out what characters to list in the search part of str_replace, so if this is the best way, has someone already done that so that I can steal, err, copy, it? (Incidentally, the character that caused the problem was U+000C, the 'formfeed', which (according to the W3 page) is valid HTML but invalid XHTML!)

Read the article

What is your preferred tool stack for PHP development in the Windows Environment?

- by Tim Visher

I have been developing basic web sites for awhile now with some PHP thrown in for getting dynamic stuff done. However, I recently decided that it was time I got my hands a little dirtier so I wanted to start to play with the underpinnings of Wordpress and other such apps. I work on a Mac at home and have been using Coda for most of my editing needs and I love it. Also, to manage the services stack I use MAMP at home. However, I've begun to realize that for heavy PHP and Web work (AJAX, etc.), more is needed. I'm very interested to hear the kinds of tools more experienced web developers use on a day to day basis to manage the entire work flow. I found this article over on developer tutorials and decided to go with XAMPP (for the moment) for managing the services. However, IDE, Source Control, Debugger, etc. are all up for grabs. Anyway, your thoughts are much appreciated. And, if at all possible, try to describe your entire stack with what each tool fulfills for your development process.

Read the article

how to know which response data is associated with its requested url (using RollingCurl.php) ?

- by Ken

I am writing a web application that grabs the http response headers from multiple sites (with RollingCurl.php) then stores it in an array and at the end outputs it in json format. Since some sites do redirects to new locations, $info (array) in “request_callback” function always has an url ($info[‘url’]) where the requested url was redirect.to, and it’s quite expected. But how to put a requested url in $info ($info[‘requested_url’]) and to know which $info (response data) is associated with its requested url? $urls = array( ‘http://google.com’, ‘http://microsoft.com’ // more urls here ); $json = array(); if ( $urls ) { $rc = new RollingCurl("request_callback"); $rc->window_size = 20; foreach ($urls as $url) { $request = new Request($url); $rc->add($request); } $rc->execute(); echo json_encode($json); } function request_callback($response, $info) { global $json; $json['status'][] = $info; } from RollingCurl.php: // send the return values to the callback function. $callback = $this->callback; if (is_callable($callback)){ $info[‘requested_url’] = ??? // How to put requested url here??? call_user_func($callback, $output, $info); }

Read the article

How should I implement lazy session creation in PHP?

- by Adam Franco

By default, PHP's session handling mechanisms set a session cookie header and store a session even if there is no data in the session. If no data is set in the session then I don't want a Set-Cookie header sent to the client in the response and I don't want an empty session record stored on the server. If data is added to $_SESSION, then the normal behavior should continue. My goal is to implement lazy session creation behavior of the sort that Drupal 7 and Pressflow where no session is stored (or session cookie header sent) unless data is added to the $_SESSION array during application execution. The point of this behavior is to allow reverse proxies such as Varnish to cache and serve anonymous traffic while letting authenticated requests pass through to Apache/PHP. Varnish (or another proxy-server) is configured to pass through any requests without cookies, assuming correctly that if a cookie exists then the request is for a particular client. I have ported the session handling code from Pressflow that uses session_set_save_handler() and overrides the implementation of session_write() to check for data in the $_SESSION array before saving and will write this up as library and add an answer here if this is the best/only route to take. My Question: While I can implement a fully custom session_set_save_handler() system, is there an easier way to get this lazy session creation behavior in a relatively generic way that would be transparent to most applications?

Read the article

Using Zend Framework and Doctrine with independend modular structures

- by stefax

I've seen a lot of articles about integrating ZF and Doctrine. There is also a proposal for ZF here but they have always two possible structures. Either they put all models into one top level model directory or they put it into a module related model directory. application |-- Bootstrap.php |-- configs |-- controllers |-- models - EITHER HERE |-- modules | -- examplemodule | |-- controllers | |-- models - OR HERE | |-- views |-- views For our projects I see problems for either of the two options: 1. One directory: application/models - in a complex system after a short time there will be hundreds of files, over all when you have the table classes two (e.g. User.php and UserTable.php). 2. Module based model directories: application/modules/examplemodule/models - in many cases we use models in multiple modules at the same time. So the "User" is required e.g. in the modules "game", "administration", ... Is there a way to use some kind of sub directories under the top level directory "models" to get some grouping. It should be completely independent of the module structure. application |-- Bootstrap.php ... |-- models | -- user | |-- User.php | |-- Friend.php | |-- other user related models | -- game | |-- Game.php | |-- Score.php | |-- ... ... Any solution should support autoloading and the class generation from yaml files. Any ideas, links or solutions? Thanks!

Read the article

What's the best way to transition to MVC coding?

- by ggfan

It's been around 5 months since I picked up a PHP book and started coding in PHP. At first, I created all my sites without any organizational plan or MVC. I soon found out that was a pain.. Then I started to read on stackoverflow on how to separate php and html and that's what I have been doing ever since. Ex: profile.php <--this file is HTML,css. I just echo the functions here. profile_functions.php <--this file is mostly PHP. has the functions. This is how I have been separating all my coding so far and now I feel I should move on and start MVC. But the problem is, I never used classes before and suck with them. And since MVC (such as cakephp and codeigniter) is all classes, that can't be good. My question: Is there any good books/sites/articles that teaches you how to code in MVC? I am looking for beginner beginner books :) I just started reading the codeigniter manuel and I think I am going to use that. When I looked at the example MVC, they use different PHP coding. When I start coding in MVC, would I have to learn a "new" way to code? Because right now I am coding in pure basic PHP.

Read the article

Reading a .dat file as "rb" read binary

- by donpal

I have a web-accessible php script that accesses a folder above the webroot (not web accessible) called \folder\. This is done via setting the path to \folder\ in .htaccess the usual way so that \folder\ becomes part of the project. \folder\ contains a .php script (communicates with the web-accessible script inside the webroot) some .inc files (used by the .php in the same folder, above the webroot) a dat file (used by the .inc in the same folder, above the webroot) All files are accessible to each other as needed: the web-accessible php inside the webroot can communicate with the php above the webroot the php above the webroot can communicate with the inc in the same folder But the inc above the webroot can't communicate with the dat in the same folder, and I have no idea why that's the case The inc myinc.inc is supposed to open the dat mydat.dat in the same folder like this fopen('mydat.dat', "rb"); but I get an error that no file called mydat.dat exists inside \folder\myinc.inc. Of course it does not, the .dat is sibling to .inc and is not supposed to be inside it. Why is php expecting to find the .dat file inside the .inc. The stranger thing is that if I move the .dat in the web-accessible folder, it becomes readable now. Any ideas why php is trying to find the .dat inside the .inc?

Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 435/1734 | < Previous Page | 431 432 433 434 435 436 437 438 439 440 441 442 | Next Page >

- by RickM

- by rye

- by BEBO

- by CT

- by mv

- by Jason Fitzpatrick

- by Richard Knop

- by Aleksey

- by james-murphy

- by user1298805

- by Tom Tom

- by HDave

- by hfidgen

- by Andreas Jansson

- by Jameson

- by Matt

- by Dwayne

- by question_about_the_problem

- by Andrew Stacey

- by Tim Visher

- by Ken

- by Adam Franco

- by stefax

- by ggfan

- by donpal

< Previous Page | 431 432 433 434 435 436 437 438 439 440 441 442 | Next Page >