Jump to content


Member Since 06 May 2003
Offline Last Active Today, 02:51 AM

#1547448 Extracting nibbles from byte not working

Posted by gizmola on 17 June 2017 - 12:19 AM

A byte is system defined, however in most systems, it's an 8 bit value.  Unless using unicode, each byte represents a single character. So I think this was the point being made by ginerjm.  
Nibbles are 4 bit portions of an 8 bit byte, with the high nibble being the left 4 bits and low order being the right 4 bits.
PHP does not have byte values, but they do have integers.  You can do bit arithmetic with php.
In looking at your file it's unclear what this line means:

Each value after the comma is a byte that contains 2 bytes (with a value of 0 - 15) that were stored by shifting a 1st byte to the left. You get the idea...

Not really.  A byte can't contain 2 bytes.  You need to explain this better.
An unsigned byte can have a value between 0-255.  
Often, hexadecimal is used to represent the values in a single byte because you can represent all the values from 0-255 using 2 hex digits.  When you start talking about 0-15 it makes me think you are talking about hex, since the values of hex representation are from 0-15 (0-F).
In terms of bit shifting, when you shift bits you are either losing them (shifting to the right) or increasing the number by a power of 2 when left shifting.  Since a php integer is larger than a byte, if you assume you will shift off (lose bits) by left shifting, that won't happen with small values like the ones in your file.
Last but not least you have weird stuff like a loop that runs once:
for($b = 1; $b <=1; $b++) {
This makes it hard to understand what the code is supposed to be doing.

#1542804 Ahhh! How to assign active class to menu item

Posted by gizmola on 15 February 2017 - 05:55 PM

This seemingly simple question actually calls into question a number of things you are doing that aren't great from a security or SEO standpoint.
While Jacques1 handed you a technique to identify the currently requested parent script in a web server environment, your code reveals some things you are doing that could be better handled explicit with a better architecture pattern.  There are many out there, but the most typically use are front-controller/mvc.
For example, if you had a front controller script, you would already know where you were in the control structure all the time, and that state could be passed into the menu.  
In most apps these days, people are moving to a richer client experience with more javascript client code/ ajax etc., and less dependency on page requests.  
It is also much better to obfuscate your underlying architecture for SEO purposes, not to mention the fact it lessens what others know about your hosting environment.
Google likes this:
Much better than yoursite.com/fly-control.php

Your site is easier to maintain as well if you are using a front controller that all requests are going through. With the proliferation of small easy to use micro frameworks like slim, silex, lumen etc. or even symfony3 configured as a microkernel, the answer to your question could be very different if you improved your underlying site architecture.

For reference: http://symfony.com/b...-microframework

#1540538 Congratulations to Barand on 1000 likes

Posted by gizmola on 19 December 2016 - 09:21 PM

Our resident SQL guru Barry "Barand" Andrews, who recently surpassed the 1k "like" mark -- a first for any member of phpfreaks.

The "like" mechanism is a relatively recent addition to the site, making it that much more impressive.

Phpfreaks has always been a 100% volunteer effort. People like Barand are what makes this site the amazing place it is, and they do so to help others learn and achieve their goals.

A number of our members have been visiting the site on a weekly basis for over a decade. Barry is one of those incredible people, and I feel proud to be associated with the site thanks to regulars like Barry who have kept the community alive through its many ups and downs over the years.

I hope you'll join me in congratulating Barry on this milestone, and in thanking him for sharing his expertise with so many people over the years.

#1536923 Why Warning "Cannot modify header information" Is NOT Fired ?

Posted by gizmola on 31 August 2016 - 09:26 PM

Also it is good practice not to end php scripts with an end tag:


// some code

Remove all those "?>" tags. When you include scripts a spurious newline or extra bit of whitespace after the tag can trigger output, and be hard to track down.

#1535873 TWIG Security

Posted by gizmola on 10 August 2016 - 12:10 AM

Twig code is compiled into php code, at least when used in a symfony project. There is absolutely no way you should have twig template files under the web root as Jacques commented earlier. Quite frankly with a front controller, there is really no code other than the front controller and static assets that should go under the webroot.

#1534061 delete all but latest 6 rows

Posted by gizmola on 27 June 2016 - 11:02 PM

I tested my query before posting - it does work. Provided it is unique, you can substitute the timestamp for the id.

Hey Barand,
My comment was addressed to the original post, not to your answer. I actually didn't see your answer until after I had posted --- we were posting at approximately the same time I guess.

#1533487 Laravel ORM (Eloquent) and the real world

Posted by gizmola on 08 June 2016 - 04:06 PM

My experience mirrors Kicken. I had worked on a large symfony1 app, as well as a big ZF1 project before symfony2 and ZF2 became things.
I used various database libraries and ORM's on those projects, Propel for the Symfony1 project as I recall.

At that time Doctrine1 existed, and then the symfony2 project came out with a much higher binding to Doctrine2, in borrowing some of the things that the Doctrine2 people had created for annotation and event handling.

Whenever you are dealing with an ORM it takes a bit of time to change your thinking, because ORM's are concerned with "objects" and not tables. Often that is advantageous (see Kicken's example Doctrine2 code) and once you start to use all that baked in goodness you really come to appreciate what it can do for you.

With that said, it is not always the most efficient code, nor memory friendly, and people that just want to write raw sql have a hard time dealing with it. To have it work properly you have to design your tables and relations the right way, and it helps save time if you use their conventions, or you have to do extra configuration.

Instead of thinking about the relationships between tables, you have to think about the relationships between objects, and the ORM will often have default behavior that tries to do all sorts of things that make it simple for you to deal with data, but sometimes you realize that it's doing lots of queries you don't want it to do.

Ok, so much of that has to do with doctrine2 and symfony2, which I used on a project to build a pretty complicated (not to mention supposedly scalable) social network application that included social graphs and lots of the the stuff you expect in those types of apps. We also threw in MongoDB and built a hybrid app where some of the data was in a relational store, and some data was in mongo.
Doctrine2 allows you to use the same basic model and repository classes which was very helpful in stitching everything together.

I also have worked on several Laravel projects, and Eloquent has similar capabilities, but is far less ambitious.

To understand Eloquent, the main thing you need to know is that the goal of Eloquent is to implement ActiveRecord. ActiveRecord is a design pattern proposed by Martin Fowler where there's more or less a one-to-one relationship between a class and a table, and each object represents a single row in a table. You then have methods like $obj->save(); My take on Eloquent is that it does the bare minimum to be an Active Record implementation, and there's nothing wrong with that approach. Like most ORM's it has a querybuilder component that often strikes people who are used to hand crafting their SQL as being an annoyance and not worth the trouble.

However, once your application begins to get more complex and you have components that implement pagination and integrate with caching libraries, and in general becomes more sophisticated, you start to see the value of having an ORM that often supports and integrates with the component libraries.

#1527737 Morfy Website

Posted by gizmola on 09 December 2015 - 05:18 PM

Flat files for content management? Really?


For a lot of mostly static sites, this could be a great solution that removes the need for databases and subsequently caching etc.


There are also small footprint embedded systems and kiosks that might make use of this.  


At the end of the day, if the CMS is well done, other storage engines could be added using plugins I suppose.

#1527736 Morfy Website

Posted by gizmola on 09 December 2015 - 05:16 PM

Hi Sergey,

   This looks like an amazing project.  Your site is really slick and modern, and I see that you've made it responsive.  


While it looks great there are a few small concerns I have:


Check this 403 I got, not sure why:  https://sidecar.gitt.../sidecar.js.map


When you first hit the site, it's not immediately obvious that you can scroll down to see the real meat of the site.  While the universe and subtle animation is cool, I'd be worried about the marketing aspect of it more.  At the bottom I'd really want to have some visual clue that was less subtle that insured the user will scroll down to see the other sections.


I would also suggest a couple of additions:


  1. A section that lists features of the CMS that are focused on end-user functionality rather than the nicely done list of design and technology features you already have.
  2. A screenshot gallery of administration and basic screens
  3. A gallery of sample templates/sites using morfy.


Overall, the site is already a great representation of the project and your github integration is nicely done.



Just out of curiosity, why did you integrate the fenom templating engine rather than twig or blade?   

#1527732 Ticket reservation system, array assistence needed

Posted by gizmola on 09 December 2015 - 04:50 PM

Hey Barand,

   Seems from the post there are no rows, so you only have to deal with gaps.




Seems like these are your requirements:



  1. There are only seat numbers (not rows) so I only have to make sure that the seatnumbers are assigned to the guests as close as possible.
  2. ... fit the number of visitors in between the seats that are already taken. If there are more seats available then I have to assign the lowest seatnumber.
  3. If there is no room for the visitors to sit to each other then I have to look elsewhere, where to fit them.  (E.g: if there is no room for 7 visitors to each other then I have to find a place where there can be 6 and the 7th will sit elsewhere.)
  4. If it’s not possible I’ll return null instead of the array.


I can't think of any specific array functions that will help you with this other than array_merge for building the initial master seating array from the list of reserved seats and the entire theater.  What does occur to me is that a data structure that stores seat openings from first to last might be helpful.  If you generated something like this:



$gaps[] = array('start' => 1, 'end' => 4, 'count' => 4);


Then you could traverse that looking for blocks of seats that are >= the size you need.


Obviously your function would need to traverse the master array once it's loaded with reservations and generate the $gaps array.

#1527354 Getting statistics from 3 different tables using foreign keys

Posted by gizmola on 30 November 2015 - 08:25 PM

Here's the group by example, just for reference:

SELECT m.gender, m.count(*) as countOf
FROM team_players as tp
LEFT JOIN teams_info as ti ON (ti.team_id = tp.team_id AND ti.entry_year = 2015)
LEFT JOIN members as m ON (m.members_id = tp.members_id)
GROUP BY m.gender

#1527332 Preventing emails being sent from website with user's FROM email from ini...

Posted by gizmola on 30 November 2015 - 06:34 PM

Hi NotionCommotion,


Just to clarify what you are doing, albeit for ostensibly understandable reasons, is one or both of "spoofing" or "relaying" which are considered highly undesirable by spam classification systems.  


They also, depending on the implementation, open your site up to blacklisting, because nefarious individuals often exploit these features, which used to be common but are now considered a "really bad idea"  to send spam, using your systems.


So first relaying:


When you are the Mail transfer agent (MTA) for a domain or even several domains, that is something that is configured in DNS, in your MTA settings, and typically has SPF and DKIM settings wired in.  These are things the sysadmin configures, and there are also reverse DNS settings that come into play.


In summary, the only emails your MTA is supposed to send on your behalf are emails from user@yourdomain.xyz.   If your MTA sends out emails or relays emails from user@someotherdomain.com, then you are "relaying" emails for that domain, and that is not supposed to be possible, and is an exploitable problem that degrades email for everyone.  That will get you on blacklists.


I'm not sure how you are sending out emails, as it is possible to send them directly from an app server, but that is also a great way NOT to get your emails delivered.  Sure they will go out and even be received by some sites, but many more will blackhole your emails (receive and silently delete them) or grade them with high spam scores that are sent to the end user's spam box.  You can also again, get your site on blacklists for doing this.  


You should only send email out via a valid MTA for your domain!


Many sites also, often by necessity use remailing services, especially if they are hosted on cloud services, as many of these services (AWS for example) severely limit the number of emails that can be sent out of their network directly via SMTP protocol.


The one trick that people often try and use to get around the problem without entirely violating the rules and spoofing the from address, is to send emails out as a valid user for your domain, but add the "from user" as the reply to email header.  I know that's not what you're trying to do, but is about all you are typically allowed to do without raising your spam score to the "this is spam" level of most classification systems.


I know this is not what you wanted to do, but you simply can not spoof a from address and send it out of your domain and not suffer repercussions that will at very least have the majority of your emails going into the receivers spam box, or more often than not, simply rejected or silently deleted.


This is because spoofing from addresses is harmful to the email ecosystem at large, and is a huge red flag for spam classification systems.  It can also cause the receiver's system to erroneously spray error replies to domains that had nothing to do with the email, not to mention the fact, that inherently you are not able to prove to anyone that the email address you are claiming the email is coming from, is actually the person who owns the email in question.


This is one reason why the good old html mail tag causes the browser to invoke the user's configured mail client, so that they can send emails out through their own system as it is the only way to legitimately do what you're hoping to accomplish, and have it taken seriously by the receiving email systems.


Sorry to be the bearer of the bad news, but the bad people ruined email for the rest of the world a long time ago.

#1527331 a little help please

Posted by gizmola on 30 November 2015 - 06:12 PM

No, I'm sorry, I thought display_form() was a predefined function, sorry. 



No, sure isn't.  Keep in mind you can always use the php.net site.  It supports a rewrite for every function via  http://php.net/function_name.  So for example:




Worth trying when in doubt.

#1526215 Controller or Model

Posted by gizmola on 11 November 2015 - 07:43 PM

It really depends on the capabilities of the Model system you are using.  If it was for example, something like Symfony2 and Doctrine2, the typical answer would be that the validation rules are attached to the model.  Of course with that said, form processing rules can get quite complicated, and since the form object lives and dies inside the controller, you will typically have the actual validation check occurring specifically in the controller logic.



Something like:


if ($form->validate()) {
    // Persist the data
    // Redirect as desired
} else {
  //redirect back to form, adding the error data

#1526211 PHP with Java | C/C++ | Python

Posted by gizmola on 11 November 2015 - 07:37 PM

I'm not going to go into the "which is best" question.  The answer always depends on a lot of variables that are typically unique to the circumstance.  Obviously c++ is often used for compiled software, and java is often used due to it's availability on a platform (Android for example) or in the enterprise where one or more application servers are desired.  


In my experience, for server side web development, Python, Ruby, PHP, Java and Node.js are all popular choices that typically come down to the preference of the Lead developer.


In terms of intermixing languages, specifically with PHP one popular way to do that is to use Gearman.  For example, I worked on a project where there was a computation engine written in Java.  The website MVC and additional computation and presentation code was created in PHP using a popular PHP framework.  PHP utilized gearman to send data to the Java computation processes as needed (this had to do with crunching large amounts of historical stock price information) and received the results back for presentation within the PHP framework.  


You can also build your own queueing sub/pub applications using many different technologies, and achieve similar separation of work.  This type of architecture is frequently used where scalability is a significant concern.  An example might be a system like Youtube, where the video encoding or post processing is going to be separated from the front end, and clustered. The clustering and DevOps scaling will be separated from the web application code, and since processing of that type is cpu and IO intensive, you won't have that code running on the same server(s) where the PHP code resides.