All Activity

@mac_gyver yes, I had discovered that, but it wasn't the actual fix. The real issue was that my test for is_file was flawed; it didn't drill down to actually test the specified file. if (is_file($subDir)) { //needed to become if (is_file($directory.'/'.$subDir)) { After both adjustments, everything is running better than expected!

the above line is missing any { }, so the only line of code that gets executed for an is_dir() is the - echo '<strong>'.$directory .'</strong> <br>'; all the rest of the lines get executed regardless of what $directory is. i recommend that you always format your code so that you can see when it is actually doing.

I thought this made sense, but it wouldn't work until I removed lines that I thought would provide extra validation: $dir = 'rootFolder'; $directories = scandir($dir); foreach($directories as $directory){ if($directory=='.' or $directory=='..' ){ echo 'dot'; }else{ if(is_dir($directory)) echo '<strong>'.$directory .'</strong> <br>'; $filePath = scandir($directory); foreach($filePath as $subDir){ if($subDir=='.' or $subDir=='..' ){ echo 'dot2 <br>'; }else { // if (is_file($subDir)) { //Only provided PHP files but NO IMAGES echo $subDir . "<br>"; } } // } } } } I'm just feeling down one level of a director to see what I've get. It seemed like a simple exercise until I tried to list the files. Obviously, of it's not a directory it MUST be a file, but why did quantifying it as a file not recognize my files as a file??

Hi Emmanuel, Welcome to the PHP Freaks community! We’re excited to have passionate developers like you join the conversation. At Trophy Developers, we specialize in web design and development in Uganda, and it's always great to connect with fellow professionals who share a deep interest in PHP and building user-focused applications. Your experience across diverse projects sounds impressive, and we’re especially glad to see your enthusiasm for continuous learning and collaboration. If you're ever exploring areas like progressive web apps (PWAs), clean architecture, or performance optimization, we'd be happy to share insights from our work too. Looking forward to learning from your contributions and growing alongside you in this community!

The main issue I see with AI coding tools is that you still need to be able to understand the syntax and code that the AI tools generate. As with anything that is changing rapidly, a significant investment in time is required. From what I've seen demonstrated (and beyond the simple things I have available to me when I'm using VSCode) there are some impressive demonstrations I've seen where new features can be added to existing well structured and formalized code (typically already built in a framework that provides a formalized base) and I could see how AI can be a very effective way of producing what many code generation and boilerplate tools do now, to various degrees of effectiveness. What I've seen in these demonstrations is that the people who are using the tools have spent a lot of time preparing them, determining what types of groundwork and templating is needed, understanding the most effective prompts to construct, and in general, spending a lot of time (and money) in the AI tools. There are also significant privacy and security concerns in sending all of your code up into an AI hive, which is also absorbing that for its own ongoing LLM training. I would also point out that the top practitioners in the PHP development world, employ a variety of tools, and practices, using their IDE and various plugins to produce better tested and more standardized code. Static analysis, unit testing and other automated testing tools, etc. In the world of object oriented programming there is an entire layer of sophistication in regards to the employment of OOP design patterns which are often used by those who have developed expertise and experience. As one quite simple but important example, more than a few PHP frameworks, including the community leading ones (Laravel and Symfony) are built upon the foundational design pattern of Dependency Injection. To be effective with either of these frameworks, a developer needs to know what DI is, what problems it solves, and how to use the pattern in their own code. You generate some AI code, and now you're looking at it, and an obvious question becomes: how is this generated code structured? Does it use a design pattern? If so, which one(s) and were those applied appropriately in regards to the requirements? Did the underlying architecture of the code come with limits or flaws that will only be obvious when the next feature needs to be added? How is a "vibe" coder who doesn't really understand any of these things, or for that matter the application code they generated going to figure this out?

Great advice from mac_gyver. As it happens, there is another recent thread that overlaps here you should check out, as it includes advice on how to design the database structure you can add that will facilitate the type of server side login restriction mechanism.

if you use a cookie or the session to hold this data, it can be bypassed by simply deleting the cookie or not propagating the cookie or session id cookie between requests. you must store this data persistently on the server, in a database table. next, you are not trying to lock the account, you are preventing login attempts for an account, from a device (client type) and its location (ip). if you actually lock the account, it will allow someone to log out and lock out a legitimate user, by just making a bunch of bad login attempts for an account. once you have stored the data in a database table, on each login attempt, you would query to find if, how many, and how long ago the bad login attempts were for the account, for the device (client type) and its location (ip). If the current time is greater than the time limit you have chosen from the last bad attempt, you would process the login attempt.

I am trying to set a cookie for my login_system so that when a user enters wrong email or password for three time than I set a cookie for ten minutes I have done that now I want to check that cookie if it is expired if it is than I will let user to try again if not I will keep his account lock for like ten minutes how to do it?

Absolutely, user's often don't logout intentionally, so you can't depend on that event being recorded. In general, you should be interested in any attempted change to their profile or other "escalation of privilege" or change to the core authentication mechanisms (password reset, password change). Many systems will also include and require a 2nd factor authentication at registration, which unless it's a mobile app, will typically be email. So that's another couple of event types you want to log (email authentication failure, email authentication re-request, email authentication success). Even if you are not prepared to make use of IP logging initially, I'd recommend creating the column in the table as analysis of most events you want to be concerned with (like brute force attacks) will necessitate IP logging if you want to understand where the attacks or coming from, or building in automatic countermeasures like time based IP bans.

@gizmola Yes, I had considered IP tracking for the types of instances that you mentioned. Thankfully, this isn't (as of yet) for users that would be ill-intentioned (but it's good to know the expansion potential). As a side note, recording the time of logout seems reasonable when the user clicks the button. But what is the process of the user simply shuts down the browser?

I just want to add a different opinion to the subject. I am more into speed and efficiency and i am always willing to rewrite my own code to find faster and better ways of accomplishing the same tasks. I've spent three years rewriting my website code and it is faster, smarter and better than all of the previous code. I do hate the fact that we do not yet have vision code or machine learning code in php (built-in features added to the language). Vision would be nice here but coding it will be a pain. Anyway, i hate it when people make unnecessary variables and also use long variable names. Each letter used in a variable name is stored in memory. Memory saving code is always better, no matter what someone else will say. I have started using single letter variables and i love it. The code is cleaner and easier to read. Sometimes a legend is necessary as a multi-line comment but the single character variable works. OP: The names array should not be coded in such a manner if it is not to be used in the manner that it is coded (bob_smith will be used as bob_smith). I think that once you start finding reasons to separate the names (last name only), you will discover that this method is not a good idea. I do not know why php coders waste memory with variables and variable names but complain about multi-dimensional arrays. I would rather see someone use a database or a multi-dimensional array when it comes to names. Gizmola pointed out rank, such as Senior (Sr.) or Junior (Jr.), which is a good point. Other naming conventions will also cause a problem. I think that anyone in this position should use a multi-dimensional array which separates first and last names, stores titles and ranks et cetera. Then finding matching names is easier and it simplifies performing other data crunching ideas that have yet to be thought of. And it becomes easier to add info to the arrays or remove info from the arrays. as a note for users that want to save memory, i am including example code that reuses the foreach variable, rather than creating a second or third variable. Also, this code is 2-3 milliseconds faster. I am certain that this code can also be tweaked for speed and memory but it serves as a model of code reusability and memory-saving techniques. I'd like to see more people writing faster, smarter, better code - myself included. $names = ['bob_jones', 'sam_smith', 'jane_doe', 'john_smith', 'jill_jackson', 'matt_jones', 'john_doe', 'emily_smith']; $sn = []; //surnames foreach ($names as $x) { $x = substr($x, strpos($x, '_') +1); empty($sn[$x]) ? $sn[$x] = 1 : $sn[$x]++; } print_r($sn);

"Revolution"? lol. It's another Whatever from the tech world. It's not the first fad used to pump up stock prices, and it won't be the last. The current state of glorified autocomplete systems AI contributes just about as much value to the world as The Blockchain does. You remember that whole thing? Wasn't that long ago when The Blockchain was being called a "revolution" too... The next Whatever will happen in a few weeks, or months, or years, and every publicly-traded company will jump on that as fast as they can too. (Make sure you're not still holding onto all of your NVDA when that happens.) And I'm sure that'll bring its own "revolution" too.

Done this for many systems: 100% agree with Barand. I will go one step further and make this an "event" table where the system can insert rows for other events. Off the top of my head other events (in an event_type table or enum) would be a list like this: login logout bad password attempt change password reset password request etc. A simple table like this is common, has and has the benefit (with proper indexing) of allowing for the types of analysis and controls Barand listed. It also allows for mitigating brute force password attempts, as you can use this table to limit the number of login attempts within a given time period for a specific user, and lock the account after a certain number of attempts. Beyond the relationship to the User table (by Id) and a timestamp, you also typically want to store the IP address of the client. If it's mysql, the best way to do this (and natively support both IPv4 and IPv6) is to store the IP as VARBINARY(16) and use the INET6_ATON() and INET6_NTOA() functions to convert the IP when storing and retrieving. Small tables like this, with a clear design scale very well, as MySQL/MariaDB (using the InnoDB engine) is tuned to maximize Select & Insert concurrency. Often people will attempt to use a column or 2 in the user table, which they repeatedly update (ie. "last_login") which reduces concurrency, and is also less valuable than having a full history.

Logging every login by a registered user is the favoured option. Not only does it give you an audit trail of the logins but it adds functionality, such as being able to count logins in different time periods or determine most popular login times etc.

I'm considering setting up a webpage and tracking logins. For simplicity, let's say an account is required with an email address. So, [email protected] cannot do anything until he created his account. Now I want to know how often he logs in. Is there a recommended or best practice to gathering and storing this data before it becomes cumbersome or unuseful? Or is it as simple as connecting a table that associates a timestamp with every login by a registered user and just letting it run? (I'm wondering if there's something more efficient and less storage reliant)

I recently dabbled with some AI after a webinar that proclaimed its wonders. Luke everything else, some features were good, others not so much. I asked it for some code and immediately recognized the response was accepted from W3. LOL Are there any worthwhile AI applications that are especially helpful for PHP? Javascript? HTML or CSS? Curious, but still prefer finding my own answers and coming to phpfreaks when stumped.

@gizmola Sorry for the delay in my return to comment (but had some personal situations), and yes, I did realize the similarity. I very much wanted to use Barand's method (to try something new and more brief) but it wouldn't operate (I think an extra parenthesis) and the FOREACH solution was more in line with my understanding and existing code. If I recall correctly, I adapted this method successfully. Thanks to all that helped.

One thing that might be helpful is to use the declare to wrap the block of code you want to have evaluated for statement processing. $count = 0; function statements() { global $count; $count++; echo "Statement Count: $count\n"; } register_tick_function('statements'); declare(ticks=5) { for ($x = 0; $x < 10; $x++) { echo "\$x = $x \n"; } } And you get: $x = 0 $x = 1 $x = 2 $x = 3 $x = 4 Statement Count: 1 $x = 5 $x = 6 $x = 7 $x = 8 $x = 9 Statement Count: 2

????

const LOG_READ_SIZE = 1024; Place that line somewhere in your code that is before you refer to LOG_READ_SIZE and where it will definitely be executed (EG not inside an IF() block.

Okay, so the LOG_READ_SIZE = 1024, so how to properly enter that code and where?

E_DEPRECATED and E_USER_DEPRECATED are the same thing, with the one difference that the former is used by the engine and the latter is used by trigger_error. So the question is in what environments do you care/not care about getting messages about using deprecated features and functionality?

> Because `E_DEPRECATED` can only be triggered by PHP itself, to indicate deprecated functionality in the PHP engine itself. For userland code (_including_ frameworks and libraries!) to trigger deprecation notices, you must use `E_USER_DEPRECATED`. > > BTW, you can add that to the `error_reporting` mask, too: > > ``` ini > error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_USER_DEPRECATED > ``` > _Originally posted by @weierophinney in [#98](https://github.com/zendframework/zend-mvc/issues/98#issuecomment-194395567)_ Anyway, it seems to me that by default E_USER_DEPRECATED is disabled. When (at what stage of development) do you usually prefer to keep it disabled? When do you usually prefer to enable it (error_reporting = ~E_USER_DEPRECATED & ...)? Maybe in pre-production/finishing stage?

Sigh. I mean, if you're able to understand ticks from that then congratulations?

$ cat tick3.php <?php declare(ticks=3); function my_tick_function() { debug_print_backtrace(); } register_tick_function('my_tick_function'); abs(1); // added abs(1); // added abs(1); // added $ php tick3.php #0 /tmp/tmp.MLb8GRwmkU/tick3.php(6): my_tick_function() #0 /tmp/tmp.MLb8GRwmkU/tick3.php(8): my_tick_function() OK, thanks