If you have the answer to one I would be happy to hear an answer, anything that would help or point me in the right directions would be greatly appreciated.
1. ok I know about 3 files that I want to totally learn a bout how to use and how to control. The .htaccess, the php.ini, and the httpd.conf. I found a great tutorial here on php freaks to help me answer ALL my questions on php.ini, it explains it very well, and the php manual has some good info on that, I wanted to study that soon, but does anyone have any idea on where i can find decent/good resources on the other, I don't know where these originate, and searching for the just file extensions and related searches in google brought up nothing.
2. One specific question I had was about httpd.conf, where do I get access to this file at, studying security I ran across some information, and I am trying to make it a habbit to always(and encourage clients) to to change the Server Signatures, and Server Tokens. I want to make this a habbit but don't know where to access the file at, or how to get access to it with web hosting companies.
3. ok this is very important to me, I have run across some functions in a book, and triple cross referenced it, the best practice I see would be to do this with everything but I don't understand the process, and cna't find any good resourced on it to answer my specific questions. it's relating to incryption and decryption like this.
<?php srand((double)microtime()*1000000 ); $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $ks = mcrypt_enc_get_key_size($td); $key = substr(sha1('Your Secret Key Here'), 0, $ks); mcrypt_generic_init($td, $key, $iv); $ciphertext = mcrypt_generic($td, 'This is very important data'); mcrypt_generic_deinit($td); mcrypt_module_close($td); print $iv . "\n"; print trim($ciphertext) . "\n"; ?>descryption
<?php srand((double)microtime()*1000000 ); $td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $ks = mcrypt_enc_get_key_size($td); $key = substr(sha1('Your Secret Key Here'), 0, $ks); mcrypt_generic_init($td, $key, $iv); $ciphertext = mcrypt_generic($td, 'This is very important data'); mcrypt_generic_deinit($td); mcrypt_generic_init($td, $key, $iv); $plaintext = mdecrypt_generic($td, $ciphertext); mcrypt_generic_deinit($td); mcrypt_module_close($td); print $iv . "\n"; print trim($ciphertext) . "\n"; print trim($plaintext) . "\n"; ?>
With this I want to get in the habit of ALWAYS encrypting all data before emailing form information or entering into a database, and decrypting it, but I don't understand the how and when, do I encrypt after validation before emailing, or databasing. If so then when do I decrypt, encrypt before emailing, when it reaches the clients email address( the person I am working for) can he read it, or am I understanding this wrong. I really want to get this down, and master these if this is helpful, if it's usless for that, then what can I use it for what type of things.
5. If I fclose() a file inside a script, and lock it with flock() completely, will someone be able to open the file using a url if it's live or is that a good way to prevent people from getting to a part of the site, like I could flock() a db connection page, using like 3 other pages, isn't that like triple lock to prevent people from opening it, or doing anything with it through a url. Just a general inquiry, I don't know about this, I was just wondering it was a theory.
6. This is really important to me, one thing I am trying to find out here is about opinions. What is better honestly. I use external .php files with forms, but I can do it that way, I tried doing same page, and it failed horribly, I completely sucked at it, I know that I love doing external when I am doing database connections, or whatever else, and when you click submit and it comes up with the errors, they click back the information is still there without them having to retype the data in. What I was wondering about this was what are the pro's and con's of each one from personal opinions and perspectives. I know that I prefer the external because It gives me more room to play around, I can have more fun with less distractions, and if I decide to do some huge scripts or try to get fancy, I have plenty of room to do whatever I want, I also heard some people keep db connections on another file, and include it, I tried this and didn't like it, it seemed just harder to use, I only like using 1 external file, but I wanted to learn how to do same page when doing really small contact forms, because I thought it would be a lot quicker, 5 hours fighting with a same page file, then I switched over to an external file and it worked perfectly. I don't see the point in going through the hassle.
7. The reason I don't understand classes is because it's always use as examples relating to people or real life situations, but the bad thing about that is: when I see a dog/cat class, I cna't create a dog/cat in a php function and use them, what can I do with that but print out bark, or meow, I can't make a cat materialize, and work with it and make it shit and piss, and meow with
I just don't understand how this works, how is a class utilized on a php file, what kind of things, for instacne can a class come in when doing forms, if so I mean I read all the material given to me last time I asked, I have read through tons of tutorials, and books, but when it comes to classes, I get nothing but real world explanations, once I understand the concept of how it relates to php I will have an easier time keeping up with it when referring to real world scenarious.
8. Why are there so many ways to validate form information, what in fact is the right/wrong way, or are no way's right or wrong, I don't understand this at all, I do it the way you saw earlier in other posts, I tried wildteen88's way but always get errors around the foreach statement, I tried other methods seen on here, some of them worked but didn't match my style of coding, it didn't feel good, or have fun, programming those, as compared to other ways I have tried, how do I find the right kinds for me, this has been puzzling me for quite some time.
9. Is it good to use harden php, the act of
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]This is a set of patches to the PHP source code that make the task of hacking your server by exploiting PHP that much harder. Hardened PHP is not an official PHP project, and so cannot be relied upon to be as stable as the core PHP release, however it is just a set of minor patches and so isn't likely to affect stability at all. [/quote]
"quoted from php in a nutshell"
Is this something I need to be aware of, study on, or try to implement on a regular basis, or should I avoid this, what is the point.
10. Is there a book out there that is
11. ok this is about the eval function, quoting the book "php in a nutshell" as it quotes the owner(or creator) of php, as him saying
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Rasmus Lerdorf "If eval() is the answer, you're almost certainly asking the wrong question."[/quote]
With me seeing that, the book also comments
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]That is, you should be able to achieve your goals without resorting to eval().[/quote]
With this being said it is obviously trying to tell me without an explanation about eval() being bad, ineffective, or a security issue. What is the reason for him saying those things, does anyone on here use eval() what are the positives or negatives, and why is it so severe that the owner himself would comment on it specifically like that. If it was so bad, why doesn't he just remove it from the newer versions of php instead of letting it re-enter new versions, because by what he says it's not good to use.
12. The same with register_globals, I hate them, I always keep them off, if there not off I force them off, but why didn't the creator just remove them out of 4-5 when he found out, within 2 years everyone would have upgraded there scripts.
13. Why are so many 3rd party scripts insecure as in they require register_globals on to use them, that prevents me access from most major third party scripts, I even had os Commerce, and Zen Cart tell me register_globals had to be set as on to be used, I just cna't have that, forcing me to do something new every time.
14. why is it that sometimes when I use empty it works and sometimes I have to add a ! at the beginning that confuses me.
15. Someone told me that using isset to pic up information on whether a form was submitted or not does not always work and it's better to use if ($_POST['whateverbuttoniscalled'] == "")
instead of if (isset($_POST['whateverbuttoniscalled']));
is this true or was he just a dumbass, that needed to re-learn php, the reason I ask is because this is the way I learnt and he criticized me for it, also he disagreed that register_globals being on was not a security issue, I went past him to his boss, and talked him into changing the server's anyway. Where does he get those kind of ideas(sorry partially ranting, and raving::And no I amnot a girl I am a guy, I just get pissed something:::')
16. Is there a consideration for release of php6, a release date, beta release date, does anyone here know anything that we might be able to expect from new releases.
17. Is mysql 5 good enough for me to be able to utilize affectively, safely, and securely without too big of an issue.
18. Is it better to use Pear Db: when connecting to mysql, is it more or less secure, if so is it part of the core language, or do I have to compile certain extensions.
Thanks for all the help I greatly appreciate it.