Jump to content

hobeau

Members
  • Posts

    62
  • Joined

  • Last visited

    Never

About hobeau

  • Birthday 10/22/1982

Contact Methods

  • Website URL
    http://www.solutionbot.com

Profile Information

  • Gender
    Male
  • Location
    VA

hobeau's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Unfortunately I have been misunderstood. I do not mean that programming in an OOP language equals programming in an OOP way. I mean that to program at all with a language like C# or Java, you absolutely WILL use objects even if you do not write a class. For instance, if you want to connect to a database you will be using the System.Data namespace. Then you will be using the data classes to access the database and you must use the properties and methods of this class. In php, you have an option to do functions or object oriented. For instance, http://us.php.net/manual/en/mysqli.query.php you will see that there are 2 methods to connect to the database using the mysqli extensions. The first is a procedural method, the second is an object oriented method. C# and Java does not have this. This is what I meant. Sorry for the confusion.
  2. Something to note. There are alot of other languages where understanding OOP is really not the issue. C#, Java, Python, you are an Object Oriented Programmer weather you know it or not. Its the best way of promoting reusable code. PHP started out as a Procedural Oriented language. There is alot of debate between the two. Object Oriented programmers would say that working with OOP is better because it is easier to create and maintain large enterprise systems that many developers work on together. It's all about the code readability and ease of use and reuse. Nothing redundant. On the other side of the spectrum, we have our procedural programmers who are all about performance. OOP causes alot of 'unnecessary overhead' that reduces performance. Procedural programming opts more for performance and focuses on creating user-defined functions or better yet language extensions (in this case c++ for PHP) that do not use OOP. There are compelling reasons to do both. You can definitely tell that PHP tends towards Procedural programming as there are over 3,000 built in functions. It is moving more towards OOP, and I personally believe this is a good thing, but there are a lot of compelling reasons to not overdo the OOP. PHP is very powerful in that you have more of a choice in what kind of developer you wish to be. However with that vast flexibility there is a price to pay. No one PHP developers code looks exactly the same as another. This is why there are so many frameworks out there such as Zend and Symphony. The idea is not only to create a rapid application development framework (RAD) but also to create boundaries. Boundaries are important when working in a multideveloper environment as no one would be on the same page about anything. What I like about PHP is the ability, power and flexability to define my own API and framework. You can do this in very unique ways as there are much fewer boundaries in PHP. Just a few random thoughts.
  3. hi ds111, Instead of using a script, why not make it easy on yourself and use something like sqlyog (http://www.webyog.com/en/screenshots_sqlyog.php[/url)? That would make it much easier to either export a sql dump (data structure AND data) or into a csv or even transferring a table to another database instance.
  4. I agree. Switch statements are faster than if/else statements.
  5. Hey Boo-ums, Since no one has sent you any examples yet, here are a few that I've written: http://www.solutionbot.com/2008/12/27/secure-session-management/ http://www.solutionbot.com/2008/12/27/secure-file-upload/ http://www.solutionbot.com/2008/10/27/pdo-where-php-is-headed-php-data-objects/ The last one is an example of using PDO instead of mysql, or mysqli. This is the direction PHP is headed in the future. Mysql and Mysqli extensions are being phased into PDO (http://us2.php.net/manual/en/book.pdo.php).
  6. Hey guys, I thought I'd participate. I'm Beau Brownlee, 26, married, and I live in the Washington DC area. I have been a javascript/XHTML/PHP/MySQL guy for awhile but also have done alot of development with other languages such as VB6 (back in the day), C#/Microsoft SQL, Python and some C++ (classic ASP if I have to admit it). My passion is building out load balanced distributed web applications instead of just single server solutions. I like working on large web apps and discovering new ways of distributing work between multiple languages (rock on json RPC!!!!).
  7. Just using session_start() and your $_SESSION variable is not enough. There is a huge security hole called Session Fixation (http://en.wikipedia.org/wiki/Session_fixation) that hackers use to take advantage of web applications on literally a daily basis. To help to avoid that you must regenerate your session ID on each page, validate the ip address, the web domain referrer, and the client info such as the operating system and browser information. Here is a class that can help http://www.solutionbot.com/2008/12/27/secure-session-management/. When you verify your user login (aka, check the existence of the username and password in the database) simply do: <?php session::start_secure_session(); ?> This gets all of the initial information from your browser and passes into a session variable to get the users' 'fingerprint'. Next, on each page after, run: <?php if (!session::check()) { session::destroy(); header('Location: login.php'); die(); } ?> This validates the current client fingerprint against the initial fingerprint to make sure nothing has changed. If something has changed, we know that it is highly possible that there is a hacker trying to take advantage of session fixation and we must log the user account out immediately. Also, take note of the fact that the session::destroy() function actually destroys the session. A nuance with PHP is that to completely destroy a session you must set the session to a blank array, unset the session, and then run the session_destroy() function. session_destroy() alone will not destroy a session. There are also other functions such as add_param() and get_param() that have alot of built in functionality so that you don't have to worry about it. Session security is severely overlooked when building web applications and this is very unfortunate as hackers are having a ball getting into other peoples 'secure' accounts very easily. This is very bad for all php developers as php gets a bad reputation because of the lack of awareness.
  8. good call chronister, I'm actually curious about that too. l_kris06 to login you usually check the existence of a pair of username/passwords and then start a secure session. Here's a secure login class i wrote http://www.solutionbot.com/2008/12/27/secure-session-management/ that may come in handy.
  9. I would have the page post back to itself. In other words you would have your php script at the top of the page: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Do your login code here $username = "user"; $password = "password"; if ($username != $password) { $message = "Wrong username/password"; } else { header('Location: main.php'); } } ?> <html> <head> <title>login page</title> </head> <body> <form method='POST' action="<?= $_SERVER['PHP_SELF'] ?>"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="login" /> </form> </body> </html>
  10. Hey ingeva, Try http://www.swiftmailer.org/ and save yourself alot of hassle. Really great library especially for sending email attachments.
  11. hunna03, I've had to fix many a site (not built by me) that were just querying and didn't escape their sql statements. It doesn't matter what you are trying to do, if it gets injected into your sql statement it can easily be turned into an insert, update, or delete statement (I'm assuming that $state is coming from the client).
  12. Hey virtuexru, Here's a couple links that might help. Here is a function that will force a download of any file http://www.solutionbot.com/2009/01/06/php-force-download-file/ and here is a secure file uploader http://www.solutionbot.com/2008/12/27/secure-file-upload/. Check out some of what I wrote. It is very important to securely upload files as this is a wide open door for hackers if your not careful.
  13. Ok, I'm going to make a couple assumptions: 1. Your using php to connect to a tcp listener. 2. I'm assuming we're talking about TCP and not UDP. Here is some code that might help. I tested it with a php tcp listener I wrote and it worked. I've not tested it in your environment though: <?php //The ip address of the host $address = gethostbyaddr('127.0.0.1); //Create a TCP socket in memory $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if ($socket === false) { echo "socket_create() failed: reason: " . socket_strerror(socket_last_error()); } //Attempt to connect to the server //Here is the meat of it. Put your connection in a loop and try to connect a designated amount of times for ($i=0;, $i<100, $i++) { //Connect to whatever port you wish $result = socket_connect($socket, $address, 1015); if ($result !== false) { break; } } if ($result === false) { echo "socket_connect() failed: reason:" . socket_strerror(socket_last_error($socket)); } // ... your code after this ?> As you can see I just put the socket_connect() function in a loop and attempted to connect multiple times. If it connects then exit out of the loop and continue. I used a for loop instead of a while loop since this could run on forever if there really is something wrong with the listener.
  14. Is the tcp listener (the socket handler) a forked php process (daemon) or is this written in another language and you are connecting to the tcp listener with php?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.