crwork

Thanks folks, that sounds like the best solution to me as well.

I'm trying to resize a larger image into a small 24x24 avatar. Via imagecopyresampled, I was able to crop the larger image into a square and resize successfully so that the image wouldn't be distorted when transformed into a small avatar. However, I was told I need to keep the original image aspect ratio as much as possible when fitting into a fixed 24x24 frame. So the avatar frame still needs to be 24x24 but the image that fits inside it, which will most likely be a landscape image, should retain the original aspect ratio as much as possible. This will no doubt result in a letterbox appearance. With regard to the code, can this be done with imagecopyresampled so that the actual image, assuming landscape, doesn't fill up the entire 24x24 window and become distorted? This is my current code that will crop a landscape large image into a square then resize down to 24x24: imagecopyresampled($imNew, $im, 0, 0, $xoffset, 0, 24, 24, $origHeight, $origHeight);

Yes, if the original were 150x200 I'd want 150x150. If I wanted to crop evenly on both the left and right, I guess I'd just need to do some math and change the parms on the imagecopyresampled command?

I'm creating a user avatar image from a user-uploaded photo. The avatar is required to be 24x24. The uploaded photo has typical dimensions in that the width is going to be greater than the height. This code works as far as re-sizing the original to a 24x24 avatar. The problem is that the image is noticeably distorted. What I'd like to be able to do is figure out a way to crop the original image so that both height and width dimensions are the same, then re-size down to a lower image so that the image isn't distorted: $im = imagecreatefromstring($imgDecoded); // Get width and height of original image resource $origWidth = imagesx($im); $origHeight = imagesy($im); // Create new destination image resource for new 24 x 24 image $imNew = imagecreatetruecolor(24, 24); // Re-sample image to smaller size // resource $dst_image , resource $src_image , int $dst_x , int $dst_y , int $src_x , int $src_y , int $dst_w , int $dst_h , int $src_w , int $src_h ) imagecopyresampled($imNew, $im, 0, 0, 0, 0, 24, 24, $origWidth, $origHeight); imagepng($imNew); imagedestroy($im); imagedestroy($imNew); Could someone point me in the right direction with regard to a good way to crop the original image before it gets resized? Thanks!

Have a project where I'm trying to connect to an LDAP server with a user and password. My issue is that I can connect to the LDAP with ldap_bind (return code in TRUE), but it doesn't care what I use for a password. It will let me in anonymously or with a known LDAP email address. However I can put in a bad password and it still lets me in. One question I have: is it only possible to use a user password on the ldap_bind step? After I do the bind, I'd like to do a search, via ldap_search. But since the bind is ignoring the password, is there another way to authenticate a password on the ldap_search? $ldaprdn='cn=vvv@vvv.com,ou=Service,o=theorg,dc=com'; $ldapbind = ldap_bind($ldap,$ldaprdn); This works even when I put in a bogus password: $ldaprdn='cn=vvv@vvv.com,ou=Service,o=theorg,dc=com'; $ldapbind = ldap_bind($ldap,$ldaprdn, 'testpw'); It returns TRUE. The end result is that if a user is trying to log in on a form that validates against the LDAP, their user id will be checked, but they could put in any password they want and it will let them in. Any suggestions?

Ok, thanks. I guess that leads me to another related question (let me know if I should start a new thread). In this particular Zend application I'm learning, there is an option for the user to log in, but they can still see the site as an anonymous user without logging in. Just by opening the website as an anonymous user, the app is creating cookies for the anonymous user, setting a user id, and inserting this into a database. Through debugging, I've isolated where it's doing the anonymous cookie creation: if (Zend_Auth::getInstance()->hasIdentity()) { . . . } If I put an exit statement as the first part of the if block, the cookies have already been created. So what doesn't make sense is that the user has not logged in, yet "hasIdentity" is coming back as TRUE. Is this normal behavior for Zend? I looked at the storage adapter (in this case Cookies), and it looks to me like the identity should be coming back as FALSE, but this isn't the case. I'm a bit stumped.

I'm new to Zend and am having trouble understanding something specific about how a user is authenticated. I'm reading that the Zend_Auth class is built with a singleton pattern. So this means just one instance of the object for all users, correct? If that is true, then isn't this command non-user specific? Zend_Auth::getInstance()->hasIdentity() What is that command checking for exactly? Identity of the application itself? Or is it user-specific? Since there are no parameters being passed, I'm having trouble making the connection how that would authenticate a specific user.

I'm generally a fan of Dreamweaver, having used it with Coldfusion and now with PHP. I heard Aptana was a good editor as well. I downloaded Aptana Studio 3, and it seems more PHP friendly to me, and I might consider switching to it were it not for one important flaw: I can't find how to compare a local vs. remote file. I use this in Dreamweaver all the time before uploading especially with a shared server. And even though Aptana allows compare of local files, I can't see how to compare a local vs. remote unless you do it in a compare utility outside of Aptana. Anyone use Aptana and know how to accomplish this if it is even possible?

Ok, thanks shlumph.

I'm about to adapt some software that uses Zend for purposes of user authentication. On the home page of the existing Zend site, even if you've logged off, closed all browsers, then come back to the home page without logging on, the code still thinks the user has been authenticated. The following statement is true in index.php: if (Zend_Auth::getInstance()->hasIdentity()) {... I've done some research on user authentication via Zend (which I'm new to), but I seem to missing a basic point. When Zend authenticates a user, where is that information going? To the session? Cookies? It feels like a black box to me. I've looked in the Zend code, but it's a serious labyrinth. I can't pinpoint where the user authentication is going.

Thanks Christian, that helps to narrow it down. lighttpd is running on port 80. Given this info, there's something peculiar going on. Now, when I run phpinfo(), log_errors is set to OFF. So in a test file with an intentional php error I used 'ini_set' to turn it on. Lo and behold the php error was written to the error file specified in the lighttpd.conf file which makes sense given the netstat result. This opens up another question for me about what php.ini file is being used since lighttpd is the active web server. In phpinfo() the value for 'Loaded Configuration File' is '(none)'. Is this normal for lighttpd? I did a search on the server for 'p*.ini'. It found the php.ini in the apache2 directory, but then my search timed out. I searched in the /etc folder separately, but to no avail. Does lighttpd have its own version of a php.ini or am I barking up the wrong tree?

Unfortunately, that didn't work, but thanks for the suggestion, MD. Come to find out this server has both lighttpd and Apache(!), so I think there's a configuration conflict somewhere. Once I get my head around that, I'll post here with any updates.

The reason for my post is that I'm already getting a PHP error and it's not being logged to the default error location in lighttpd.conf. In fact, the file pointed to by server.errorlog in lighttpd.conf doesn't exist. That's why I posted-I am confused as to where the default error log is being written to. Any recommendations?

I'm trying to find the default location for the error_log. We're running a lighttpd server with PHP 5.3. If I run phpinfo(), log_errors is ON, but error_log has no value. Does this mean that the error_log location is whatever is defined in the Apache httpd.conf file? Or in our case, lighttpd.conf?

Ok, thanks for the info!

Learning the MVC framework was painful for me. Eventually, I began to understand it when I built my own site using CodeIgniter. I felt like I understood MVC enough at least on a rudimentary level. But wow, my current project uses elements of Zend and I am totally overwhelmed. It looks like another language to me and the documentation online isn't nearly as clear as for CodeIgniter. I'm sure plenty of people use it and love it, but to me it seems like it's adding another layer of complexity I don't have time to learn. Oh well, job security for a lot of people I guess. In any case, just on a basic level, I'm having some trouble finding decent documentation for newbs. I don't need to have a thorough command of Zend to get through my project, but it would be helpful to at least know a few things. If anyone can explain just a few tidbits, I'd appreciate it: 1) The Zend Registry: Are these considered session variables? The app I have uses this to set many variables, but if I dump $_SESSION there's nothing there. Are they stored in cookies? 2) User Authentication: My app has a function called "gettheUser" that contains this command: $user = Zend_Auth::getInstance()->getIdentity(); Since no parameters are being used, how does Zend know where to get the user's identity? Is there a database behind the scenes that automatically handles this? Thanks and apologies for my "duh"-ness.

Ok, it is coming together for me. If a user logs on to the site, and session variables are built, it makes sense to use the session as input to the REST service GET process. However, if I don't pass around the userid and just use the PHP session value assigned to that userid, does that mean that I couldn't test the REST service with something external like cREST or RESTclient? As of now, with RESTClient, I'm supplying the userid as part of the URL parameter, e.g. mysite.com/user_prefs/user_prefs.php?userid=11111 to test with, then in the service loading the GET parms. Also, looking at this site code (which I've inherited) it is not setting any session variables per se. If I do a dump on $_SESSION there's nothing there. When a userID is first created, the app code sets a hashed variable it calls a "sessionid". It writes this to a cookie called "sessionid" and also updates a DB "sessionid" column for that user. Oddly, the hashed sessionid for the userid does not change in the DB with each logon. It stays the same in the DB no matter how many times you log out and log on. Is this weird or no? One question above on this statement: "Generally this is done by setting [the PHP session variable] as a cookie (which PHP does for you typically)." Do you mean that PHP does this for you if you initiate session_start?

Ok, that helps, but I have some confusion there. Let's take the following scenario: 1) user logs into site with email address and password 2) code retrieves the associated user id from DB (5 digit integer) and stores in a session variable Now let's stop here for a sec. Since the session variable is a hash of some sort, would the hash need to include the user ID as part of it? Or is the session variable just the 5-digit user id itself? If we compare a hashed session id of the user, how would this prevent a user from getting a REST response if the GET user id has nothing to do with the hash? I swear I'm not trying to be difficult... just trying to wrap my head around it. We thank you for your patience...

Adam, just wanted to follow-up on your comment regarding security of REST services. I was reading up on security in the book "Pro PHP Security." There's an interesting chapter on REST with good code examples. However, it doesn't say much with regard to how to validate the user before returning anything. This is what I'm a bit confused on. Let's say I'm calling a REST service with userid as a POST parameter. As it stands now, the service will create a database row if the userid does not already exist, and update the row if it does. If a malicious user were to switch their userid with someone else's, how would the server know who is whom? Via session variables? If so, should a session variable be set when the user logs on to match the userid being sent to the REST service? Sorry if I'm being dense. Just want to make sure I have all my ducks in a row here...

Thanks premiso. And good point about running the script once and saving the user's thumbnail on the server. I will have to put some thought into whether or not we'll need to do it, but it's now on my to-do list.

Sorry, I just posted a slice of it. Yes, I do have a "header" statement at the top of thumbnail.php. There are some curl commands in the file I left out for readability. Here's the code minus the curl commands: thumbnail.php <?php header("Content-type: image/png"); // curl stuff . . . // Decode base64 encoded image into Image $imgDecoded = base64_decode($userImage64); // Requires string image as parm, returns image resource $im = imagecreatefromstring($imgDecoded); // Get width and height of original image resource $origWidth = imagesx($im); $origHeight = imagesy($im); // Create new destination image resource for new 24 x 24 image $imNew = imagecreatetruecolor(24, 24); // Re-sample image to smaller size and display imagecopyresampled($imNew, $im, 0, 0, 0, 0, 24, 24, $origWidth, $origHeight); imagepng($imNew); imagedestroy($im); imagedestroy($imNew);

I'm calling a web resource to retrieve a base64 encoded image, and then re-sizing it into a small thumbnail to insert into the site header. Most examples of PHP image re-sizing/display I've seen online assume you want to display the image on a page by itself using the header function. The page I'm working on has tons of content, so I don't want to get the headers already sent error. I want to set up the thumbnail within an IMG tag and don't want to save the image thumbnail to a file. I stumbled upon a comment someone made on php.net that is doing the trick for me in a test environment. It suggests using a separate file (thumbnail.php) to display the image via imagepng(), then in the original page (testpage.php) use an IMG tag to call thumbail.php. However, I wanted to see if this method was the most efficient way of accomplishing this. Since I didn't see a lot written about this specific need I have, I wanted to double-check here to see if anyone had a better idea. Here is the code that works to 1) re-size a large image into a small thumbnail, and 2) displaying the image on a test page with other content. thumbnail.php // Decode base64 encoded image into Image $imgDecoded = base64_decode($userImage64); // Requires string image as parm, returns image resource $im = imagecreatefromstring($imgDecoded); // Get width and height of original image resource $origWidth = imagesx($im); $origHeight = imagesy($im); // Create new destination image resource for new 24 x 24 image $imNew = imagecreatetruecolor(24, 24); // Re-sample image to smaller size and display imagecopyresampled($imNew, $im, 0, 0, 0, 0, 24, 24, $origWidth, $origHeight); imagepng($imNew); imagedestroy($im); imagedestroy($imNew); Then in the content page: <p>Here is some content</p> echo "<img src=\"thumbnail.php\">"; <p>Here is some more content</p> Since I'm the only PHP programmer here, there's no-one to bounce this off of, so if anyone has thoughts on a better or more efficient way to do this, please feel free. Thanks...

Ok, got it. Thanks guys.

Question regarding the decoding and display of base64 images. I have a site that will display a user avatar at the top of the content page. There is a web service I'm calling that receives a user ID as input and retrieves a base64 encoded image. I'm getting the base64 image back successfully with this code: //Get base64 image from XML return in cURL resource $userImageData = curl_exec($ch); //Extract the base64 image $userImageXML = new SimpleXMLElement($userImageData); $userImage64 = $userImageXML->return; //Decode the base64 image $imgDecoded = base64_decode($userImage64); What isn't working is when I display the variable for the decoded image, $imgDecoded, in an IMG tag. It just shows a long string of odd characters. However, what DOES work is if I display the encoded base64 image that has not been decoded, variable $userImage64: echo "<img src=data:image/png;base64,$userImage64 title='User Avatar' >"; I'm confused, and this is probably a simple explanation, as to why the decoded base64 image, variable $imgDecoded won't display in the IMG tag. I feel like I'm missing something basic, but I'm a bit stuck on this one...

Thanks kicken for taking the time to explain that. I was banging my head against a wall, but it makes more sense now.