|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
php-general Digest 17 Apr 2006 21:01:36 -0000 Issue 4077
php-general-digest-help
lists.php.net
Date: Mon Apr 17 2006 - 16:01:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
php-general Digest 17 Apr 2006 21:01:36 -0000 Issue 4077
Topics (messages 234103 through 234124):
Re: Table formation...
234103 by: Jochem Maas
234108 by: Jay Blanchard
234111 by: tedd
234112 by: Jochem Maas
234114 by: tedd
Re: New Date/Time Functionality and Setting Timezones
234104 by: Jochem Maas
OT - PHP Code Contest
234105 by: Weber Sites LTD
Including files from another site
234106 by: Shaun
234107 by: Weber Sites LTD
234110 by: Shaun
234115 by: Weber Sites LTD
234116 by: Shaun
234117 by: Wolf
234120 by: Shaun
234123 by: Wolf
234124 by: Shaun
Re: [PHP-WIN] Re: php editors
234109 by: Alain Roger
real time output from log file?
234113 by: Jason Gerfen
How can I see where my script wasting time?
234118 by: afan.afan.net
234119 by: Jay Blanchard
234121 by: chris smith
234122 by: Martin Alterisio \"El Hombre Gris\"
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscribelists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscribelists.php.net
To post to the list, e-mail:
php-generallists.php.net
----------------------------------------------------------------------
attached mail follows:
Jay Blanchard wrote:
> [snip]
> Pardon my asking on the eve of your launch, but is a table the most
> sensible markup for this data? It looks to me like a one-dimensional
> list that just happens to be presented two to a row.
>
> If so, I'd use an unordered list, float each item left, and limit the
> list width to two item widths.
> [/snip]
>
> Thanks, but I just used what I showed as an example. It is a table
> products including pictures, features, etc.
time limits always dictate the 'get it working' solution, that said
Paul's suggestion is rather better than using a table for a couple of
reasons (imho):
1. it saves you having to pre-order/split/etc the original data so that
you can then loop them/it in order to dump out a table.
2. it means that when the customer changes the layout your not stuck
with re-hacking output code - you just change the display style. non-rigid
markup :-)
3. the output you describe sounds like a list of info rather than a
table - which for [us] semantics freaks (hi guys ;-) mean an OL or a UL
is so much more satifying.
>
attached mail follows:
[snip]
time limits always dictate the 'get it working' solution, that said
Paul's suggestion is rather better than using a table for a couple of
reasons (imho):
1. it saves you having to pre-order/split/etc the original data so that
you can then loop them/it in order to dump out a table.
2. it means that when the customer changes the layout your not stuck
with re-hacking output code - you just change the display style.
non-rigid
markup :-)
3. the output you describe sounds like a list of info rather than a
table - which for [us] semantics freaks (hi guys ;-) mean an OL or a UL
is so much more satifying.
[/snip]
With a simple loop I can create the data in columns in a table. It is a
table of products, each product's features, etc. I am not too worried
about the client changing the layout at a later date as that would
likely be driven by me...maybe. :) The code which makes the multiple
columns of data is right simple and could easily be replaced.
if(0 == $columnCount){
echo "<tr>";
}
...do table stuff...
if(0 == $columnCount){
$columnCount++; // increment to 1
else {
echo "</tr>\n";
$columnCount--; // decrement to 0
}
/* and yes, I could have done it with a mod as well, just had this done
before the responses came back. To return the table to one product per
row all that has to be done is to remove the conditionals, leaving only
the table row mark-up */
So, semantics freaks ;), the entire site is a CSS thing of beauty with a
LAMP back-end, and there is only one spot where I have used a small
table that I need to get rid of. This product table is justified as a
table.
attached mail follows:
Jay said:
>With a simple loop I can create the data in columns in a table. It is a
>table of products, each product's features, etc. I am not too worried
>about the client changing the layout at a later date as that would
>likely be driven by me...maybe. :) The code which makes the multiple
>columns of data is right simple and could easily be replaced.
>
>if(0 == $columnCount){
> echo "<tr>";
>}
>
>...do table stuff...
>
>if(0 == $columnCount){
> $columnCount++; // increment to 1
>else {
> echo "</tr>\n";
> $columnCount--; // decrement to 0
>}
The following is just another way (not using mod):
<?php
echo("<table><tr>");
for ($i = 0; $i <= 9; $i++)
{
echo("<td>$i</td>");
if($i & 1)
{
echo("<tr></tr>");
}
}
echo("</tr><table>");
?>
Whenever I need a 1 or 0, I use ($i & 1).
>So, semantics freaks ;), the entire site is a CSS thing of beauty with a
>LAMP back-end, and there is only one spot where I have used a small
>table that I need to get rid of. This product table is justified as a
>table.
Yep, nothing wrong with using tables to show column data -- that's
what tables are for.
tedd
--
--------------------------------------------------------------------------------
http://sperling.com
attached mail follows:
tedd wrote:
> Jay said:
...
>
>
> Yep, nothing wrong with using tables to show column data -- that's what
> tables are for.
that's my point - columns have nothing to do with the data structure, it's
a presentation issue - technically it's a list of products. ergo: UL iso TABLE.
personally I think the only 2 really strong reason for using a table to display
stuff are:
1. a datagrid type of control for doing CRUD stuff.
2. HTML email newsletter (evil in their own right :-), but if a client demands it
TABLEs are often the only way to reliably control layout :-( ).
but tedd there is no need to go defending Jay. I was merely chatting with him on a
theoretical level, not telling nwhat he should/must be doing (because a, he's been
doing this stuff longer than I have been alive ;-) and b, I know that he knows
the difference between doing it 'right' and doing it on time and within budget :-)
'right' being in quotes because that's more often than not just another form of
opinion. :-)
>
> tedd
attached mail follows:
>but tedd there is no need to go defending Jay. I was merely chatting
>with him on a
>theoretical level, not telling nwhat he should/must be doing
>(because a, he's been
>doing this stuff longer than I have been alive ;-) and b, I know that he knows
>the difference between doing it 'right' and doing it on time and
>within budget :-)
>
>'right' being in quotes because that's more often than not just
>another form of
>opinion. :-)
>>
Jochem:
Oh, I wasn't defending Jay -- I didn't even know anything was in
dispute. I'm clueless as usual -- just putting in my $0.02 as I can.
Hell, I have enough problems trying to remember to remove your email
address when I reply to all. :-)
As for tables, I agree that tables are for column data and sometimes
for a quick and dirty fix to get things to work (i.e., client
pressure) -- but, after the dust settles, go back and fix it right.
As for reliable control -- however -- reliable is what works and
while css can be confusing (hacks and all), it does work reliably.
tedd
--
--------------------------------------------------------------------------------
http://sperling.com
attached mail follows:
Lester Caine wrote:
> Chris wrote:
>
>> In more than one place in the PHP documentation it refers to the
>> order in which the new Date/Time functionality determines the
>> appropriate time zone.
>>
>> That order is:
>>
>> 1) the value set by date_default_timezone_set(), if any
>> 2) the TZ environmental variable
>> 3) the date.timezone php.ini option
>> 4) "magical guess"
>> 5) UTC
>>
>> Is this indeed the actual order?
>>
>> Would it not make more sense to prioritize the date.timezone php.ini
>> setting over the TZ environmental variable?
assuming that date.timezone can be set at the .htaccess level,
which hopefully it can be, I thoroughly agree with you.
especially given that the new date extension was originally plugged
with the helpful feature of not being bound to the system settings... IIRC.
>>
>> That way users who don't have control over their TZ environmental
>> variable (such as might be the case with some shared hosting
>> environments) could set the timezone in an htaccess file rather than
>> having to ensure they call date_timezone_default_set() in every script.
>
>
> Of cause this still does nothing for the vast majority of hosting, where
> it's the timezone/daylight saving of the client that you need, not the
> server :(
maybe I'm missing your point completely but the whole point of
date_default_timezone_set() is that you can set the TZ specifically for
each request.
>
attached mail follows:
Just wanted to refresh the memory of the veterans here and also let the new
people here know
that there is a monthly code contest going on since April 2004 with pretty
cool prizes from
relevant sponsors (Zend, NuSphere, TemplateMonster, php|architect, PHP
magazine and others).
The contest is held at : http://contest.weberdev.com. It's really simple and
is more an
incentive for everyone to contribute their code snippets, than a contest.
I hope to see more people contributing code examples.
Make sure you read the rules at : http://contest.weberdev.com/about.html
Thanks
berber
attached mail follows:
Hi,
I have created a CMS where all sites on our server are administrated from
one central site, and HTML content is stored in the CMS database.
I want users to all control their sites database functions from the CMS
site, but I want to keep the database and database admin scripts in the
individual website account to keep things simple. So I need want to be able
to include these scripts within the CMS site but keep them secure. I have
tried using frames but I can't keep a session going in the database admin
scripts, is there a better way to do this?
Any advice would be greatly appreciated.
attached mail follows:
I'm not sure I understand what you are trying to do.
What is the connection between frames and security?
In general, assuming that all users have access to
The same scripts, you need to include in all of your
Scripts some kind of security logic that tells the
Script which user can do what.
Usually you would want to also allow group access
Rather then user access for easier maintenance.
You should keep a user table with user, password
And privileges. There are endless ways to do this
And you need to choose what is best for your site.
Have a look at some relevant code examples:
http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=auth
berber
-----Original Message-----
From: Shaun [mailto:shaunthornburghhotmail.com]
Sent: Monday, April 17, 2006 12:46 PM
To: php-generallists.php.net
Subject: [PHP] Including files from another site
Hi,
I have created a CMS where all sites on our server are administrated from
one central site, and HTML content is stored in the CMS database.
I want users to all control their sites database functions from the CMS
site, but I want to keep the database and database admin scripts in the
individual website account to keep things simple. So I need want to be able
to include these scripts within the CMS site but keep them secure. I have
tried using frames but I can't keep a session going in the database admin
scripts, is there a better way to do this?
Any advice would be greatly appreciated.
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
attached mail follows:
Hi,
Thanks for your reply, sorry I should have been a little clearer in my
explanation. Here goes...
I have a dedicated UNIX server with many websites on it. On this server I
have also created a Content Management System which has a database which I
use to store HTML content for all the other websites. Each website has a
database connection to the CMS database to retrieve the HTML for its pages.
Each website that uses its own database has a folder called /cms and in here
I keep all the database admin scripts for that website. I want these pages
to only be accessible from within the CMS website and nothing else. So when
the user is in the CMS they can click on database admin and it will include
the pages in that websites /cms folder.
My Question is how can I ensure that the CMS is the only website that can
access these scripts securely?
Thanks for your advice.
""Weber Sites LTD"" <berberweber-sites.com> wrote in message
news:2a6601c6621b$fa43bc60$6901a8c0forest.netvision.net.il...
> I'm not sure I understand what you are trying to do.
> What is the connection between frames and security?
>
> In general, assuming that all users have access to
> The same scripts, you need to include in all of your
> Scripts some kind of security logic that tells the
> Script which user can do what.
>
> Usually you would want to also allow group access
> Rather then user access for easier maintenance.
>
> You should keep a user table with user, password
> And privileges. There are endless ways to do this
> And you need to choose what is best for your site.
>
> Have a look at some relevant code examples:
> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=auth
>
> berber
>
> -----Original Message-----
> From: Shaun [mailto:shaunthornburghhotmail.com]
> Sent: Monday, April 17, 2006 12:46 PM
> To: php-generallists.php.net
> Subject: [PHP] Including files from another site
>
> Hi,
>
> I have created a CMS where all sites on our server are administrated from
> one central site, and HTML content is stored in the CMS database.
>
> I want users to all control their sites database functions from the CMS
> site, but I want to keep the database and database admin scripts in the
> individual website account to keep things simple. So I need want to be
> able
> to include these scripts within the CMS site but keep them secure. I have
> tried using frames but I can't keep a session going in the database admin
> scripts, is there a better way to do this?
>
> Any advice would be greatly appreciated.
>
> --
> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
attached mail follows:
I think that you are looking at this from the wrong angle.
What you should do, is password protect all CMS directories
And then, anyone that needs access has to punch in a valid
Username and password.
Have a look at : http://sourceforge.net/projects/modauthmysql/
Sincerely
berber
Visit the Weber Sites Today,
To see where PHP might take you tomorrow.
PHP code examples : http://www.weberdev.com
PHP & MySQL Forums : http://www.weberforums.com
-----Original Message-----
From: Shaun [mailto:shaunthornburghhotmail.com]
Sent: Monday, April 17, 2006 2:52 PM
To: php-generallists.php.net
Subject: Re: [PHP] Including files from another site
Hi,
Thanks for your reply, sorry I should have been a little clearer in my
explanation. Here goes...
I have a dedicated UNIX server with many websites on it. On this server I
have also created a Content Management System which has a database which I
use to store HTML content for all the other websites. Each website has a
database connection to the CMS database to retrieve the HTML for its pages.
Each website that uses its own database has a folder called /cms and in here
I keep all the database admin scripts for that website. I want these pages
to only be accessible from within the CMS website and nothing else. So when
the user is in the CMS they can click on database admin and it will include
the pages in that websites /cms folder.
My Question is how can I ensure that the CMS is the only website that can
access these scripts securely?
Thanks for your advice.
""Weber Sites LTD"" <berberweber-sites.com> wrote in message
news:2a6601c6621b$fa43bc60$6901a8c0forest.netvision.net.il...
> I'm not sure I understand what you are trying to do.
> What is the connection between frames and security?
>
> In general, assuming that all users have access to The same scripts,
> you need to include in all of your Scripts some kind of security logic
> that tells the Script which user can do what.
>
> Usually you would want to also allow group access Rather then user
> access for easier maintenance.
>
> You should keep a user table with user, password And privileges. There
> are endless ways to do this And you need to choose what is best for
> your site.
>
> Have a look at some relevant code examples:
> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut
> h
>
> berber
>
> -----Original Message-----
> From: Shaun [mailto:shaunthornburghhotmail.com]
> Sent: Monday, April 17, 2006 12:46 PM
> To: php-generallists.php.net
> Subject: [PHP] Including files from another site
>
> Hi,
>
> I have created a CMS where all sites on our server are administrated
> from one central site, and HTML content is stored in the CMS database.
>
> I want users to all control their sites database functions from the
> CMS site, but I want to keep the database and database admin scripts
> in the individual website account to keep things simple. So I need
> want to be able to include these scripts within the CMS site but keep
> them secure. I have tried using frames but I can't keep a session
> going in the database admin scripts, is there a better way to do this?
>
> Any advice would be greatly appreciated.
>
> --
> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
attached mail follows:
I see your point, the only problem is that the user will have already logged
once into the CMS, logging in again would be a little frustrating and not
very user friendly...
""Weber Sites LTD"" <berberweber-sites.com> wrote in message
news:2f9101c6624d$00964610$6901a8c0forest.netvision.net.il...
>I think that you are looking at this from the wrong angle.
> What you should do, is password protect all CMS directories
> And then, anyone that needs access has to punch in a valid
> Username and password.
>
> Have a look at : http://sourceforge.net/projects/modauthmysql/
>
> Sincerely
>
> berber
>
> Visit the Weber Sites Today,
> To see where PHP might take you tomorrow.
> PHP code examples : http://www.weberdev.com
> PHP & MySQL Forums : http://www.weberforums.com
>
>
>
> -----Original Message-----
> From: Shaun [mailto:shaunthornburghhotmail.com]
> Sent: Monday, April 17, 2006 2:52 PM
> To: php-generallists.php.net
> Subject: Re: [PHP] Including files from another site
>
> Hi,
>
> Thanks for your reply, sorry I should have been a little clearer in my
> explanation. Here goes...
>
> I have a dedicated UNIX server with many websites on it. On this server I
> have also created a Content Management System which has a database which I
> use to store HTML content for all the other websites. Each website has a
> database connection to the CMS database to retrieve the HTML for its
> pages.
>
> Each website that uses its own database has a folder called /cms and in
> here
> I keep all the database admin scripts for that website. I want these pages
> to only be accessible from within the CMS website and nothing else. So
> when
> the user is in the CMS they can click on database admin and it will
> include
> the pages in that websites /cms folder.
>
> My Question is how can I ensure that the CMS is the only website that can
> access these scripts securely?
>
> Thanks for your advice.
>
>
> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
> news:2a6601c6621b$fa43bc60$6901a8c0forest.netvision.net.il...
>> I'm not sure I understand what you are trying to do.
>> What is the connection between frames and security?
>>
>> In general, assuming that all users have access to The same scripts,
>> you need to include in all of your Scripts some kind of security logic
>> that tells the Script which user can do what.
>>
>> Usually you would want to also allow group access Rather then user
>> access for easier maintenance.
>>
>> You should keep a user table with user, password And privileges. There
>> are endless ways to do this And you need to choose what is best for
>> your site.
>>
>> Have a look at some relevant code examples:
>> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut
>> h
>>
>> berber
>>
>> -----Original Message-----
>> From: Shaun [mailto:shaunthornburghhotmail.com]
>> Sent: Monday, April 17, 2006 12:46 PM
>> To: php-generallists.php.net
>> Subject: [PHP] Including files from another site
>>
>> Hi,
>>
>> I have created a CMS where all sites on our server are administrated
>> from one central site, and HTML content is stored in the CMS database.
>>
>> I want users to all control their sites database functions from the
>> CMS site, but I want to keep the database and database admin scripts
>> in the individual website account to keep things simple. So I need
>> want to be able to include these scripts within the CMS site but keep
>> them secure. I have tried using frames but I can't keep a session
>> going in the database admin scripts, is there a better way to do this?
>>
>> Any advice would be greatly appreciated.
>>
>> --
>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>> http://www.php.net/unsub.php
>
> --
> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
attached mail follows:
So, swap your CMS logins to use the same access code for the user, then
use sessions to swap the mysql stuff in where needed.
Or make it use a mysql call from the CMS login to access their mysql
information from another table and do it that way.
1 login, 1 password, very user friendly.
And only 1 place to have to worry about changing files.
HTH,
Wolf
Shaun wrote:
> I see your point, the only problem is that the user will have already logged
> once into the CMS, logging in again would be a little frustrating and not
> very user friendly...
>
>
> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
> news:2f9101c6624d$00964610$6901a8c0forest.netvision.net.il...
>> I think that you are looking at this from the wrong angle.
>> What you should do, is password protect all CMS directories
>> And then, anyone that needs access has to punch in a valid
>> Username and password.
>>
>> Have a look at : http://sourceforge.net/projects/modauthmysql/
>>
>> Sincerely
>>
>> berber
>>
>> Visit the Weber Sites Today,
>> To see where PHP might take you tomorrow.
>> PHP code examples : http://www.weberdev.com
>> PHP & MySQL Forums : http://www.weberforums.com
>>
>>
>>
>> -----Original Message-----
>> From: Shaun [mailto:shaunthornburghhotmail.com]
>> Sent: Monday, April 17, 2006 2:52 PM
>> To: php-generallists.php.net
>> Subject: Re: [PHP] Including files from another site
>>
>> Hi,
>>
>> Thanks for your reply, sorry I should have been a little clearer in my
>> explanation. Here goes...
>>
>> I have a dedicated UNIX server with many websites on it. On this server I
>> have also created a Content Management System which has a database which I
>> use to store HTML content for all the other websites. Each website has a
>> database connection to the CMS database to retrieve the HTML for its
>> pages.
>>
>> Each website that uses its own database has a folder called /cms and in
>> here
>> I keep all the database admin scripts for that website. I want these pages
>> to only be accessible from within the CMS website and nothing else. So
>> when
>> the user is in the CMS they can click on database admin and it will
>> include
>> the pages in that websites /cms folder.
>>
>> My Question is how can I ensure that the CMS is the only website that can
>> access these scripts securely?
>>
>> Thanks for your advice.
>>
>>
>> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
>> news:2a6601c6621b$fa43bc60$6901a8c0forest.netvision.net.il...
>>> I'm not sure I understand what you are trying to do.
>>> What is the connection between frames and security?
>>>
>>> In general, assuming that all users have access to The same scripts,
>>> you need to include in all of your Scripts some kind of security logic
>>> that tells the Script which user can do what.
>>>
>>> Usually you would want to also allow group access Rather then user
>>> access for easier maintenance.
>>>
>>> You should keep a user table with user, password And privileges. There
>>> are endless ways to do this And you need to choose what is best for
>>> your site.
>>>
>>> Have a look at some relevant code examples:
>>> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut
>>> h
>>>
>>> berber
>>>
>>> -----Original Message-----
>>> From: Shaun [mailto:shaunthornburghhotmail.com]
>>> Sent: Monday, April 17, 2006 12:46 PM
>>> To: php-generallists.php.net
>>> Subject: [PHP] Including files from another site
>>>
>>> Hi,
>>>
>>> I have created a CMS where all sites on our server are administrated
>>> from one central site, and HTML content is stored in the CMS database.
>>>
>>> I want users to all control their sites database functions from the
>>> CMS site, but I want to keep the database and database admin scripts
>>> in the individual website account to keep things simple. So I need
>>> want to be able to include these scripts within the CMS site but keep
>>> them secure. I have tried using frames but I can't keep a session
>>> going in the database admin scripts, is there a better way to do this?
>>>
>>> Any advice would be greatly appreciated.
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>>> http://www.php.net/unsub.php
>> --
>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>> http://www.php.net/unsub.php
>
attached mail follows:
Hi,
Thanks for your reply, just had a thought: How secure would it be if I made
sure that the URL of the browser was www.mycms.com and only allow access to
pages in the /cms folder if true?
Is this safe or an easy hack?
"Wolf" <LoneWolfnc.rr.com> wrote in message
news:4443E960.2070403nc.rr.com...
> So, swap your CMS logins to use the same access code for the user, then
> use sessions to swap the mysql stuff in where needed.
>
> Or make it use a mysql call from the CMS login to access their mysql
> information from another table and do it that way.
>
> 1 login, 1 password, very user friendly.
>
> And only 1 place to have to worry about changing files.
>
> HTH,
>
> Wolf
>
>
> Shaun wrote:
>> I see your point, the only problem is that the user will have already
>> logged
>> once into the CMS, logging in again would be a little frustrating and not
>> very user friendly...
>>
>>
>> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
>> news:2f9101c6624d$00964610$6901a8c0forest.netvision.net.il...
>>> I think that you are looking at this from the wrong angle.
>>> What you should do, is password protect all CMS directories
>>> And then, anyone that needs access has to punch in a valid
>>> Username and password.
>>>
>>> Have a look at : http://sourceforge.net/projects/modauthmysql/
>>>
>>> Sincerely
>>>
>>> berber
>>>
>>> Visit the Weber Sites Today,
>>> To see where PHP might take you tomorrow.
>>> PHP code examples : http://www.weberdev.com
>>> PHP & MySQL Forums : http://www.weberforums.com
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Shaun [mailto:shaunthornburghhotmail.com]
>>> Sent: Monday, April 17, 2006 2:52 PM
>>> To: php-generallists.php.net
>>> Subject: Re: [PHP] Including files from another site
>>>
>>> Hi,
>>>
>>> Thanks for your reply, sorry I should have been a little clearer in my
>>> explanation. Here goes...
>>>
>>> I have a dedicated UNIX server with many websites on it. On this server
>>> I
>>> have also created a Content Management System which has a database which
>>> I
>>> use to store HTML content for all the other websites. Each website has a
>>> database connection to the CMS database to retrieve the HTML for its
>>> pages.
>>>
>>> Each website that uses its own database has a folder called /cms and in
>>> here
>>> I keep all the database admin scripts for that website. I want these
>>> pages
>>> to only be accessible from within the CMS website and nothing else. So
>>> when
>>> the user is in the CMS they can click on database admin and it will
>>> include
>>> the pages in that websites /cms folder.
>>>
>>> My Question is how can I ensure that the CMS is the only website that
>>> can
>>> access these scripts securely?
>>>
>>> Thanks for your advice.
>>>
>>>
>>> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
>>> news:2a6601c6621b$fa43bc60$6901a8c0forest.netvision.net.il...
>>>> I'm not sure I understand what you are trying to do.
>>>> What is the connection between frames and security?
>>>>
>>>> In general, assuming that all users have access to The same scripts,
>>>> you need to include in all of your Scripts some kind of security logic
>>>> that tells the Script which user can do what.
>>>>
>>>> Usually you would want to also allow group access Rather then user
>>>> access for easier maintenance.
>>>>
>>>> You should keep a user table with user, password And privileges. There
>>>> are endless ways to do this And you need to choose what is best for
>>>> your site.
>>>>
>>>> Have a look at some relevant code examples:
>>>> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut
>>>> h
>>>>
>>>> berber
>>>>
>>>> -----Original Message-----
>>>> From: Shaun [mailto:shaunthornburghhotmail.com]
>>>> Sent: Monday, April 17, 2006 12:46 PM
>>>> To: php-generallists.php.net
>>>> Subject: [PHP] Including files from another site
>>>>
>>>> Hi,
>>>>
>>>> I have created a CMS where all sites on our server are administrated
>>>> from one central site, and HTML content is stored in the CMS database.
>>>>
>>>> I want users to all control their sites database functions from the
>>>> CMS site, but I want to keep the database and database admin scripts
>>>> in the individual website account to keep things simple. So I need
>>>> want to be able to include these scripts within the CMS site but keep
>>>> them secure. I have tried using frames but I can't keep a session
>>>> going in the database admin scripts, is there a better way to do this?
>>>>
>>>> Any advice would be greatly appreciated.
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>>>> http://www.php.net/unsub.php
>>> --
>>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>>> http://www.php.net/unsub.php
>>
attached mail follows:
Personally I would use it as part of the session and verify it that way...
ie: check to see if the $PHP_SELF is www.mycms.com, if not refresh the
page to that URL automatically and then make them do the login. Only
after logging in does the session key get the "mysite=true" key or
whatever you want to check for.
That SHOULD keep it from getting hacked, as your basically verifying at
the beginning that you are only allowing entry from your location.
You should also be making sure that your server does not allow others to
host primary images so that nobody could phish your site. Paypal and
chase are really lamely set up which is making phishing easier for
people who use them.
My $.02
Wolf
Shaun wrote:
> Hi,
>
> Thanks for your reply, just had a thought: How secure would it be if I made
> sure that the URL of the browser was www.mycms.com and only allow access to
> pages in the /cms folder if true?
>
> Is this safe or an easy hack?
>
>
> "Wolf" <LoneWolfnc.rr.com> wrote in message
> news:4443E960.2070403nc.rr.com...
>> So, swap your CMS logins to use the same access code for the user, then
>> use sessions to swap the mysql stuff in where needed.
>>
>> Or make it use a mysql call from the CMS login to access their mysql
>> information from another table and do it that way.
>>
>> 1 login, 1 password, very user friendly.
>>
>> And only 1 place to have to worry about changing files.
>>
>> HTH,
>>
>> Wolf
>>
>>
>> Shaun wrote:
>>> I see your point, the only problem is that the user will have already
>>> logged
>>> once into the CMS, logging in again would be a little frustrating and not
>>> very user friendly...
>>>
>>>
>>> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
>>> news:2f9101c6624d$00964610$6901a8c0forest.netvision.net.il...
>>>> I think that you are looking at this from the wrong angle.
>>>> What you should do, is password protect all CMS directories
>>>> And then, anyone that needs access has to punch in a valid
>>>> Username and password.
>>>>
>>>> Have a look at : http://sourceforge.net/projects/modauthmysql/
>>>>
>>>> Sincerely
>>>>
>>>> berber
>>>>
>>>> Visit the Weber Sites Today,
>>>> To see where PHP might take you tomorrow.
>>>> PHP code examples : http://www.weberdev.com
>>>> PHP & MySQL Forums : http://www.weberforums.com
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Shaun [mailto:shaunthornburghhotmail.com]
>>>> Sent: Monday, April 17, 2006 2:52 PM
>>>> To: php-generallists.php.net
>>>> Subject: Re: [PHP] Including files from another site
>>>>
>>>> Hi,
>>>>
>>>> Thanks for your reply, sorry I should have been a little clearer in my
>>>> explanation. Here goes...
>>>>
>>>> I have a dedicated UNIX server with many websites on it. On this server
>>>> I
>>>> have also created a Content Management System which has a database which
>>>> I
>>>> use to store HTML content for all the other websites. Each website has a
>>>> database connection to the CMS database to retrieve the HTML for its
>>>> pages.
>>>>
>>>> Each website that uses its own database has a folder called /cms and in
>>>> here
>>>> I keep all the database admin scripts for that website. I want these
>>>> pages
>>>> to only be accessible from within the CMS website and nothing else. So
>>>> when
>>>> the user is in the CMS they can click on database admin and it will
>>>> include
>>>> the pages in that websites /cms folder.
>>>>
>>>> My Question is how can I ensure that the CMS is the only website that
>>>> can
>>>> access these scripts securely?
>>>>
>>>> Thanks for your advice.
>>>>
>>>>
>>>> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
>>>> news:2a6601c6621b$fa43bc60$6901a8c0forest.netvision.net.il...
>>>>> I'm not sure I understand what you are trying to do.
>>>>> What is the connection between frames and security?
>>>>>
>>>>> In general, assuming that all users have access to The same scripts,
>>>>> you need to include in all of your Scripts some kind of security logic
>>>>> that tells the Script which user can do what.
>>>>>
>>>>> Usually you would want to also allow group access Rather then user
>>>>> access for easier maintenance.
>>>>>
>>>>> You should keep a user table with user, password And privileges. There
>>>>> are endless ways to do this And you need to choose what is best for
>>>>> your site.
>>>>>
>>>>> Have a look at some relevant code examples:
>>>>> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut
>>>>> h
>>>>>
>>>>> berber
>>>>>
>>>>> -----Original Message-----
>>>>> From: Shaun [mailto:shaunthornburghhotmail.com]
>>>>> Sent: Monday, April 17, 2006 12:46 PM
>>>>> To: php-generallists.php.net
>>>>> Subject: [PHP] Including files from another site
>>>>>
>>>>> Hi,
>>>>>
>>>>> I have created a CMS where all sites on our server are administrated
>>>>> from one central site, and HTML content is stored in the CMS database.
>>>>>
>>>>> I want users to all control their sites database functions from the
>>>>> CMS site, but I want to keep the database and database admin scripts
>>>>> in the individual website account to keep things simple. So I need
>>>>> want to be able to include these scripts within the CMS site but keep
>>>>> them secure. I have tried using frames but I can't keep a session
>>>>> going in the database admin scripts, is there a better way to do this?
>>>>>
>>>>> Any advice would be greatly appreciated.
>>>>>
>>>>> --
>>>>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>>>>> http://www.php.net/unsub.php
>>>> --
>>>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>>>> http://www.php.net/unsub.php
>
attached mail follows:
Thanks Wolf,
Will there be a problem keeping 2 sessions from 2 websites running in one
browser?
I will need one to validate the CMS login and one running in the other
website to ensure that $_SESSION['my_site'] is set?
BTW I'm sure you know, but image phising can be resolved with mod_rewrite.
"Wolf" <LoneWolfnc.rr.com> wrote in message
news:4443FEE9.1070108nc.rr.com...
> Personally I would use it as part of the session and verify it that way...
>
> ie: check to see if the $PHP_SELF is www.mycms.com, if not refresh the
> page to that URL automatically and then make them do the login. Only
> after logging in does the session key get the "mysite=true" key or
> whatever you want to check for.
>
> That SHOULD keep it from getting hacked, as your basically verifying at
> the beginning that you are only allowing entry from your location.
>
> You should also be making sure that your server does not allow others to
> host primary images so that nobody could phish your site. Paypal and
> chase are really lamely set up which is making phishing easier for
> people who use them.
>
> My $.02
>
> Wolf
>
> Shaun wrote:
>> Hi,
>>
>> Thanks for your reply, just had a thought: How secure would it be if I
>> made
>> sure that the URL of the browser was www.mycms.com and only allow access
>> to
>> pages in the /cms folder if true?
>>
>> Is this safe or an easy hack?
>>
>>
>> "Wolf" <LoneWolfnc.rr.com> wrote in message
>> news:4443E960.2070403nc.rr.com...
>>> So, swap your CMS logins to use the same access code for the user, then
>>> use sessions to swap the mysql stuff in where needed.
>>>
>>> Or make it use a mysql call from the CMS login to access their mysql
>>> information from another table and do it that way.
>>>
>>> 1 login, 1 password, very user friendly.
>>>
>>> And only 1 place to have to worry about changing files.
>>>
>>> HTH,
>>>
>>> Wolf
>>>
>>>
>>> Shaun wrote:
>>>> I see your point, the only problem is that the user will have already
>>>> logged
>>>> once into the CMS, logging in again would be a little frustrating and
>>>> not
>>>> very user friendly...
>>>>
>>>>
>>>> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
>>>> news:2f9101c6624d$00964610$6901a8c0forest.netvision.net.il...
>>>>> I think that you are looking at this from the wrong angle.
>>>>> What you should do, is password protect all CMS directories
>>>>> And then, anyone that needs access has to punch in a valid
>>>>> Username and password.
>>>>>
>>>>> Have a look at : http://sourceforge.net/projects/modauthmysql/
>>>>>
>>>>> Sincerely
>>>>>
>>>>> berber
>>>>>
>>>>> Visit the Weber Sites Today,
>>>>> To see where PHP might take you tomorrow.
>>>>> PHP code examples : http://www.weberdev.com
>>>>> PHP & MySQL Forums : http://www.weberforums.com
>>>>>
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Shaun [mailto:shaunthornburghhotmail.com]
>>>>> Sent: Monday, April 17, 2006 2:52 PM
>>>>> To: php-generallists.php.net
>>>>> Subject: Re: [PHP] Including files from another site
>>>>>
>>>>> Hi,
>>>>>
>>>>> Thanks for your reply, sorry I should have been a little clearer in my
>>>>> explanation. Here goes...
>>>>>
>>>>> I have a dedicated UNIX server with many websites on it. On this
>>>>> server
>>>>> I
>>>>> have also created a Content Management System which has a database
>>>>> which
>>>>> I
>>>>> use to store HTML content for all the other websites. Each website has
>>>>> a
>>>>> database connection to the CMS database to retrieve the HTML for its
>>>>> pages.
>>>>>
>>>>> Each website that uses its own database has a folder called /cms and
>>>>> in
>>>>> here
>>>>> I keep all the database admin scripts for that website. I want these
>>>>> pages
>>>>> to only be accessible from within the CMS website and nothing else. So
>>>>> when
>>>>> the user is in the CMS they can click on database admin and it will
>>>>> include
>>>>> the pages in that websites /cms folder.
>>>>>
>>>>> My Question is how can I ensure that the CMS is the only website that
>>>>> can
>>>>> access these scripts securely?
>>>>>
>>>>> Thanks for your advice.
>>>>>
>>>>>
>>>>> ""Weber Sites LTD"" <berberweber-sites.com> wrote in message
>>>>> news:2a6601c6621b$fa43bc60$6901a8c0forest.netvision.net.il...
>>>>>> I'm not sure I understand what you are trying to do.
>>>>>> What is the connection between frames and security?
>>>>>>
>>>>>> In general, assuming that all users have access to The same scripts,
>>>>>> you need to include in all of your Scripts some kind of security
>>>>>> logic
>>>>>> that tells the Script which user can do what.
>>>>>>
>>>>>> Usually you would want to also allow group access Rather then user
>>>>>> access for easier maintenance.
>>>>>>
>>>>>> You should keep a user table with user, password And privileges.
>>>>>> There
>>>>>> are endless ways to do this And you need to choose what is best for
>>>>>> your site.
>>>>>>
>>>>>> Have a look at some relevant code examples:
>>>>>> http://www.weberdev.com/AdvancedSearch.php?searchtype=title&search=aut
>>>>>> h
>>>>>>
>>>>>> berber
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Shaun [mailto:shaunthornburghhotmail.com]
>>>>>> Sent: Monday, April 17, 2006 12:46 PM
>>>>>> To: php-generallists.php.net
>>>>>> Subject: [PHP] Including files from another site
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I have created a CMS where all sites on our server are administrated
>>>>>> from one central site, and HTML content is stored in the CMS
>>>>>> database.
>>>>>>
>>>>>> I want users to all control their sites database functions from the
>>>>>> CMS site, but I want to keep the database and database admin scripts
>>>>>> in the individual website account to keep things simple. So I need
>>>>>> want to be able to include these scripts within the CMS site but keep
>>>>>> them secure. I have tried using frames but I can't keep a session
>>>>>> going in the database admin scripts, is there a better way to do
>>>>>> this?
>>>>>>
>>>>>> Any advice would be greatly appreciated.
>>>>>>
>>>>>> --
>>>>>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>>>>>> http://www.php.net/unsub.php
>>>>> --
>>>>> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
>>>>> http://www.php.net/unsub.php
>>
attached mail follows:
Hi,
personally i use Zend studio for its variables on-live debugging
possibility.
However, i'm sad that for debugging you need to install the Zend debugging
server features.
Alain
On 4/15/06, pfancy <pfancybscn.com> wrote:
>
> Thanks for all the php editor idea. I have been going through them.
>
>
>
>
> ""Stephen Lake"" <slake2ns.sympatico.ca> wrote in message
> news:73.87.19715.A6800444pb1.pair.com...
> > Try http://www.php-editors.com they list many different editors that
> you
> > can use....it lists freebies, commercialware and shareware
> >
> > ""pfancy"" <pfancybscn.com> wrote in message
> > news:FD.2A.19715.4DCBB344pb1.pair.com...
> > > I've been reading over php. I have bought php and mysql for dummies
> but
> my
> > > question is what kind of php editors can a person get where they can
> view
> > > what it looks like? or where do you find your php.ini file. i've been
> > > reading i need to work on that. and when that is fixed up to where i
> need
> > > it
> > > would i be able to view a php file like i would an html file? thanks.
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
attached mail follows:
Anyone use php to tail a log file for patterns and perhaps updating a
iframe or something similar? If so do you have a link to some resources
on it?
--
Jason Gerfen
"You will never be ready for me."
~ Me
attached mail follows:
Hi to all!
I was developing one site with fake records in DB. Now, I put it live whit
real records. The site is running ok, but it's painfully slow. Even for
grabbing an order from DB and showing it on screen, from 1-2 sec (while
developing) went to almost 10-15 sec?!? No, of records for orders is a
little bit over 200,000 - what is not "so much".
I'm assuming that the problem is not in the script than in the way I built
queries.
My question is how can I check what's taking so long in execution of the
script/query?
Where to start with improving the script?
Thanks for any help.
-afan
attached mail follows:
[snip]
I was developing one site with fake records in DB. Now, I put it live
whit
real records. The site is running ok, but it's painfully slow. Even for
grabbing an order from DB and showing it on screen, from 1-2 sec (while
developing) went to almost 10-15 sec?!? No, of records for orders is a
little bit over 200,000 - what is not "so much".
I'm assuming that the problem is not in the script than in the way I
built
queries.
My question is how can I check what's taking so long in execution of the
script/query?
Where to start with improving the script?
[/snip]
Probably not the script. Do you have indexes on your tables?
attached mail follows:
On 4/18/06, Jay Blanchard <jblanchardpocket.com> wrote:
> [snip]
> I was developing one site with fake records in DB. Now, I put it live
> whit
> real records. The site is running ok, but it's painfully slow. Even for
> grabbing an order from DB and showing it on screen, from 1-2 sec (while
> developing) went to almost 10-15 sec?!? No, of records for orders is a
> little bit over 200,000 - what is not "so much".
>
> I'm assuming that the problem is not in the script than in the way I
> built
> queries.
>
> My question is how can I check what's taking so long in execution of the
> script/query?
> Where to start with improving the script?
> [/snip]
>
> Probably not the script. Do you have indexes on your tables?
If you're using mysql, you can enable slow logs and that will help you:
http://dev.mysql.com/doc/refman/5.0/en/slow-query-log.html
--
Postgresql & php tutorials
http://www.designmagick.com/
attached mail follows:
Use the EXPLAIN sql command to check what your queries are really doing,
you'll have to read the manual for the database you're using to figure
out the information returned by this command.
afanafan.net wrote:
>Hi to all!
>
>I was developing one site with fake records in DB. Now, I put it live whit
>real records. The site is running ok, but it's painfully slow. Even for
>grabbing an order from DB and showing it on screen, from 1-2 sec (while
>developing) went to almost 10-15 sec?!? No, of records for orders is a
>little bit over 200,000 - what is not "so much".
>
>I'm assuming that the problem is not in the script than in the way I built
>queries.
>
>My question is how can I check what's taking so long in execution of the
>script/query?
>Where to start with improving the script?
>
>Thanks for any help.
>
>-afan
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]