ignace
Moderators-
Posts
6,457 -
Joined
-
Last visited
-
Days Won
26
Everything posted by ignace
-
When you allow users to upload files, you should: Verify the upload actually succeeded using the ['error'] index Check if something was actually uploaded using is_uploaded_file Move the uploaded file to a specified directory using move_uploaded_file Rename the file md5(filename), chmod to 400 (only readable by owner) and DO NOT store it in a publicly accesible place Use a download.php file to actually download the files and use file_get_contents/readfile to retrieve the content.
-
That you are gonna come back here after your graduation and ask us to delete all of your posts. I think most people opt to apply well-known patterns in procedural to architecture their application, not to make it eye-pleasing. Drupal for example applies several patterns successfully.
-
A pattern becomes an anti-pattern when the disadvantages outweigh the advantages. Just because "IT'S NOT OO" does not make it an anti-pattern. That said show me any OO project and I'll show you procedural coding. TS is a simple pattern to solve simple problems (patterns actually solve problems you know, not just to put buzzwords in your project). A TS can be a function, method, or even a class (Command pattern). A simple example of a TS function bookHotelRoom(Room $room, Guest $guest, PaymentGateway $card) { // 1. check room availability // 2. calculate rates // 3. update the database }A simple transaction. A TS is not a good choice when your code is really complex and changes a lot, in these cases it's better to use a Domain Model. Which does not mean that FOR EVERY problem you should create a domain model instead you should put a little thought in your app. design and not just break out the warships to S.W.A.T. a fly. Many people seem to believe that if their code is simple they are not professional programmers which is why the code on many projects is really complex (CS degree required) while their domain is really simple to understand (bubblegum dispenser). Praise yourself when you have been able to solve a problem in a very simple fashion. Read this more detailed article on TS by MF http://www.informit.com/articles/article.aspx?p=1398617
-
Obviously the infinite redirect loop is due to the hook being called for EVERY request thus also your login controller meaning it never reaches your controller. You should check your router to the current action/controller is NOT the login action. Or maybe you should consider a framework that actually takes work out of your hands instead of putting more into it. Which is true where $frameworkName !== 'CodeIgniter'
-
If the faces and growling of my Drupal colleagues is any indication, your in for quite a few headaches.
-
I got a server just like that running right here. Always a fuss to find the on/off switch. The others are "Logoff Internet", "Shutdown Earth Kernel", "Beat Me Up, Scotty", "Call FBI" (I guess that's support or something, quite crappy at it too, every issue starts with COVERT- and it's always redacted).
-
After 3 days the geniuses at the datacenter figured out which of all those buttons and wires was the on-button. Haha.. just kidding! I have no idea what the real cause was My vote is on: We pissed off a guy who knows how to properly run a DDoS, Anon, I know it was you!
-
A twister - Unable to prevent a second login by the same member.
ignace replied to ajoo's topic in PHP Coding Help
No it doesn't. When you do a header redirect, anything after it basically doesn't exist. even if you put an exit() it would never be reached. Oh yeah? header('Location: http://www.google.com'); file_put_contents('test.txt', 'Supposedly never reached...'); sleep(1000); // in this time you may want to read php.net while you wait to be redirected Run this code, then check your folder. You might wanna read up on what header() does exactly: http://php.net/manual/en/function.header.php. If output_buffering = Off then you will not have to wait 1000 seconds. Maybe even the file won't be written.. This is the reason why you should always add an exit after every header location call. -
I was actually replying to the OP about jcbones' code using your comment, it wasn't directly pointed at you. But yeah sure they can fire up any script and send a million mails IF they know his e-mail. However the form provides an open gateway for any attacker to e-mail him WITHOUT knowing his e-mail address. Also I need to test what the below code would do: $from = filter_var(filter_var('foo%40bar.com%0ATo%3Ae1634719@rmqkr.net', FILTER_SANITIZE_EMAIL), FILTER_VALIDATE_EMAIL); echo $from; echo 'mail sent ' . (mail('t@t.t', 'Test', 'test', 'From: ' . $from . "\n") ? 'success' : 'failed');
-
namespace Blog; class Comment { private $id; private $author; private $postedDate; private $comment; .. public function setAuthor(CommentAuthorInterface $author) { $this->author = $author; } public function setPostDate(DateTime $date) { $this->postedDate = $date; } } /* interface for authoring */ interface CommentAuthorInterface { public function getDisplayName(); public function getIpAddress(); } class Guest implements CommentAuthorInterface , .. {} class User implements .., CommentAuthorInterface, .. {} class Pingback implements CommentAuthorInterface, .. {}This is true OO code using abstraction, polymorphism, and inheritance. And generally what you should strive for to create if you want to really use the advantages of OO. The first step in better OO is stopping to think about a database, it no longer exists to you. You have to become agnostic in terms of a database. Create an OO-model that works for you and leave the database for an after-thought. Your above code ties your database heavily to your code. What you do above would normally be done by a Mapper. abstract class AbstractMapper { public function hydrate(Array $data, $object) { foreach ($data as $key => $value) { $this->callSetter($object, $key, $this->getType($key)->convert($value)); } } abstract protected function getType($name); } class CommentMapper extends AbstractMapper { public function getAll() { $rows = $this->db->getAll(); foreach ($rows as $key => $row) { $this->hydrate($row, $this->factory->createEmptyInstance()); } } protected function getType($name) { if ($name === 'date') { return new DateTimeConverter; } return new ScalarConverter; } }And again this code uses abstraction to solve the problem of converting a row to an object and vice versa, albeit in a very simple fashion. This works for simple objects but not for objects having relations (which are most objects). To achieve your goal here you need something like Doctrine, which does the heavy ORM (object-relational mapping) lifting for you.
-
Which won't help secure your form, a script doesn't have cookies/sessions, so you are only blocking any users that may want to send you a second e-mail. A bot will still simply send out a million mails.
-
Try it. And no you are only verifying it's e-mail-ish. It does nothing against making sure the script isn't executed repeatedly or sending mass mails.
-
Best way to grab all info from one mysql row?
ignace replied to dannyb785's topic in PHP Coding Help
Your question is already answered by Jessica. It's not efficient, because PHP is still interpreted to C(++?) which is itself compiled down to assembly to be executed by the CPU. You are standing on top of the empire state building and asking if you are close to the ground. It's not efficient because there is more to efficiency then just the number of cpu cycles. Developing software is a trade-off between readability/maintainability and performance. PHP is an interpreted language which means it is executed statement after statement by the php binary on each run. This translation takes time, if your script contains any require/include lines it will use a disk seek, which is like we all know, SLLLLLLOOOOOOOOOOOWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW, but not by a magnitude you'll ever notice. All of these things add up to being unable to serve just one or two more requests. But as a business you are not looking to serve one or two more people, you are looking to serving thousands more and no matter how good your code, how optimized your queries, you just can't get a thousand more out of it. Do yourself and those you work with, and those that will work on your code after you a service, and write clean/good code. -
Best way to grab all info from one mysql row?
ignace replied to dannyb785's topic in PHP Coding Help
..you would write it in Assembler. Can't get more efficient then that. -
If your form isn't protected it won't make any difference whether they mail to you directly or through your form. Also I can send your form by simply making requests to: send_form_email.php?email=t@t.tPut that in a loop and call it say 99999999999999 times? You are gonna have one lovely inbox.
-
http://be1.php.net/manual/en/soapclient.setsoapheaders.php
- 1 reply
-
- soap
- soapclient
-
(and 1 more)
Tagged with:
-
Your $srcimg is false which means it failed, we need to see the code that creates $srcimg.
-
Having a solid understanding of design patterns, GoF and Martin Fowler are highly recommended, will give you more options during the design phase. Sometimes you look at a problem and you can't quite put your finger on it, simply because you can't name it, and the weird names you come up with make it feel wrong, which means you'll be doing revision after revision and the final design is not always the best. Sometimes you only fully understand a problem when you are able to put a name or analogy on it. And not everyone has the luck of working with very talented colleagues so your mostly on your own trying to come up with a solution for which your colleagues won't hate you.
-
In OO everything is resembled by an object so your pages query (which returns blog posts?) would return Page/BlogPost objects. A basic example of this in code would be: foreach ($blogPosts as $post) { // $blogPosts is an array of BlogPost objects. $post->getTitle(); $post->getContent(); } Now this is all fine, but what if you want to both print blog posts on an HTML page and an RSS feed? RSS does not understand html entities (unless you add it in through a custom doctype). So you want to be able to print both in different ways depending on the context. foreach ($renderer->getStrategy('html', $blogPosts) as $post) { $post->getTitle(); $post->getContent(); Not much difference? Actually if you would inspect $post now you would see it's a BlogPostHtmlView and no longer a BlogPost. The BlogPostHtmlView: class BlogPostHtmlView { private $post; .. public function getTitle() { return htmlentities($this->post->getTitle()); } public function getContent() { return htmlentities($this->post->getContent()); } } Whereas the BlogPostRssView: class BlogPostRssView { private $post; .. public function getTitle() { return new DOMCDataSection($this->post->getTitle()); } public function getContent() { return new DOMCDataSection($this->post->getContent()); } } That said because this code is the same for all posts you could make a flyweight out of it. class BlogPostRssView { private $posts; private $post; .. public function seek($pos) { $this->post = $this->posts[$pos]; } public function getTitle() { return new DOMCDataSection($this->post->getTitle()); } public function getContent() { return new DOMCDataSection($this->post->getContent()); } } In OO it's important to understand what the responsibility is for each object and more important what isn't. Rule of thumb, if they own the data, they are responsible. That said just because they own the data does not mean they are also responsible for loading/storing themselves in a database because you want some flexibility here and also be able to load them from for example an XML or simply an array during testing. So, we put that responsibility in another object. Also sometimes the responsibility is dependent upon language limitations for example in Java they have constructor polymorphism and constructing an object in different valid states is possible using multiple constructors, in PHP you only have one, so most opt to use a Factory Method to work around that problem, but more often then not this will pollute your object and create hard dependencies in different areas of your code, and since these are mostly business domain objects they change ALOT. For example at some point you may have a Special Case so now your original object would be responsible for creating other objects.. In these cases it's best to simply create a Factory and a Special Case will no longer bother you.
-
They are not As josh puts it, they are people "who know their shit", and are awarded a special title to stand out. Philip said they are his minions and CF makes him sandwiches, don't try to deny it CF.
-
How to stop a code from working if the row is locked
ignace replied to cliftonbazaar's topic in MySQL Help
You need INNODB for this to work. -
Change your function to: function Register($request, $Identifier, $Status)And call it like: $response = $sClient->Register($request, $Identifier, $Status);
-
Then what's the problem? Like HTML, CSS, JS?
-
Setting up then fetching data from another internal page?
ignace replied to MrTIMarshall's topic in PHP Coding Help
Having a page that has several widgets on it that in it's own queries an URL is gonna be painfully slow. What is it exactly that you want to build? You mean like with Ajax? -
Nice. Brilliant idea, start a webdevelopment firm and hope some stranger on the internet will build your websites.. FOR FREE!! Like a $10,000 check in the mail?