| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
Comments:
<0> i really don't trust avatars
<1> you actually store the custom avatars on YOUR server?
<2> ^Migs^: the alternative?
<3> Malachi: you can set the from address by p***ing it as a From Header in the header parameter too: http://www.php.net/mail Although if you do that and using a variable make sure you are filtering it as being JUST an e-mail address
<4> uhh... no!? dont store iamges in a DB... ^Artnez: i give each user a folder (foldername is the user id) and then images are stored in their folder
<5> i'd store them in /avatars/ or something and keep a record of which avatar belongs to what user in the database
<2> itrebal: 30,000 folders scares me
<0> so many security risks.
<1> link avatars offsite
<4> ^Artnez: true
<2> Xyphoid: everything is a security issue :)
<4> ^Artnez: haha, put them on Flickr :)
<2> itrebal: hahaha
<0> storing and displaying user-provided files publicly is a mean one, though.
<2> ^Migs^: not an answer to my question, but thanks :)
<1> haha
<1> just have 30,000 files
<1> maybe make each file the name of the user id or the username
<1> whatever your primary key is
<2> yes, that is the obvious solution
<1> indeed 'tis
<2> i'm thinking of maybe breaking them up into dirs based on zip code
<1> why?
<1> you don't like having 30,000 files in one directory?
<2> well, not zip code.. thats stupid
<1> yes, stupid
<2> ^Migs^: you ever tried accessing a dir with 30,000 files?
<4> the first letter of their username
<1> it's pretty stupid to keep avatars on your server in the first place
<2> itrebal: same problem with zip, it may be changed
<2> ^Migs^: if you're making a guestbook for a blog, then yes
<1> just zip them up and decompress when you need to access one of the files
<1> hehe
<4> ^Migs^: why is it stupid to keep avatars on your server?
<1> anyway, go with itrebal's idea. First letter of username
<1> like Xyphoid said, security risks
<4> or Flickr
<2> ^Migs^: lol
<2> you can't be serious
<4> i should do that sometime, make it harnes Flickr
<1> I'm always serious
<2> then your brain is playing tricks on you
<4> how could it be a security risk?
<2> driving a car is dangerous, doesnt mean it shouldn't be done. there are a million reasons why you would need to store user file on server
<6> hi, i have an index page that accepts arguments like: ?page=2, and includes a different file for each number. how can someone point me in the right direction to do this with register_globals turned off?
<2> because there are a million different applications that could be built
<6> -how **
<1> at LEAST a million
<0> itrebal: do you check the images are real images?
<4> Xyphoid: finfo extension
<2> billion even.. gazillion... bafrillion!
<2> Xyphoid: there are numerous techniques to make sure the user is in fact uploading an image
<1> they'd have to be virus scanned too
<7> !tell elouise about register_globals
<1> at least a MILLION techniques
<4> how can a virus be implimented into an image?
<0> oh sure, i'm not saying it's impossible
<6> thanks ||cw
<0> it's scary, though. user-provided data on my disk?
<7> itrebal: by expoiting flaws in internet explorer
<1> it's definitely not unheard of, itrebal
<2> do not say something is stupid if its only based on the ***umption that the developer is stupid... its false information and bad advice
<4> woah.... heh
<4> i think he just called you stupid :)
<1> yeah. ***ume the developer is stupid ONLY if the idea is stupid.
<2> read it again itrebal
<4> i know :)
<8> a regex for numbers, letters and commas and periods?
<2> ^Migs^: enlighten my why that idea is stupid
<9> tekHneEk?
<2> ^Migs^: also care to include every single reason why someone would need to upload an avatar for an application and layout a brief summary of why it is bad for the user.
<4> /[a-zA-Z0-9,\.]/ i thinkg
<8> Anomaly0: I need a regular expression that only allows letters, numbers, periods (.), commas
<10> itrebal: i don't think you need to escape a period inside []
<8> and single quotations
<4> that may bee
<10> itrebal: but i'd need to test it out to be sure :-)
<4> be*
<2> tekHneEk: http://www.phpguru.org/downloads/PCRE%20Cheat%20Sheet/PHP%20PCRE%20Cheat%20Sheet.pdf
<9> /[a-zA-Z0-9,.']/ i should work
<4> /[a-zA-Z0-9,.']/
<8> can you explain why to me?
<0> read this, anyway: it's what made me paranoid about image uploading: http://marc.theaimsgroup.com/?l=bugtraq&m=113017003617987
<10> haha
<8> nevermind
<10> tekHneEk: because someone really cool wrote regular expressions and that's the way it is!
<8> :)
<8> thanks for the help guys
<2> there's a better way... but..
<2> or atleast i think so
<10> ^Artnez: what way?
<2> http://pastebin.com/587681
<2> use PCRE when possible for regex
<8> and for additional characters I suppose it's just "?
<2> well actually
<8> /[a-z-A-Z0-9,.'"]/?
<2> tekHneEk: this will process faster, i recommend: http://pastebin.com/587684
<7> Xyphoid: that makes me paranoid abotu using IE, not about allowing my users to post files, who have to sign up with a valid email address and get their IP address logged, as well as http GET headers
<2> use that with preg_*() functions
<8> ^Artnez: are you sure?
<2> tekHneEk: sure as sugar :)
<8> Alright. Thanks.
<7> if they uplaod an image that doens't display in an img tag, it will be suspect and probably get deleted very quickly
<8> That cheat sheet is freaking ridiculously easy to use.
<2> tekHneEk: wait until you need a complex regex
<2> tekHneEk: you will instantly go bald, i promise
<8> I know
<8> $content_regex_cheat = '/(\w|\.)/si';
<8> do I have toe use ^ and $^ for start and finish?
<8> $content_regex_cheat = '^/(\w|\.)/si$^';
<4> wtf do i have 66kb/s on my LOCAL network!?
<11> just a really quick question, is there an easy way to p*** an array through _POST?
<1> are you having a problem doing it?
<4> flamed: serialize it
<2> tekHneEk: http://pastebin.com/587697
<2> flamed: itrebal is correct. when you serialize and p*** it over, watch out for magic quotes
<2> might have to stripslashes, twice even
<11> security and sanity isnt a problem :] its a local application
<11> just wanted to know if it was possible before giving it a go... lazy i know :( but :|
<5> flamed, you can serialize->base64_encode
<11> :] thx Wilik i'll look into it
<12> ds-: Thanks, it worked!
<3> yup
<4> anyone know of Youngblood Br*** Band?
<13> what are the major gotchas is using php with apache worker threads? is gettext ones of them? mysql?
<14> is is_null() the always the same as $x === null ?
<15> var_dump(is_null($null_var)); var_dump($null_var === null);
<16> Akuma_: try it
<16> Akuma_, and the very first comment in the manual gives you a comprehensive listing of how it behaves.
<17> bonsoir est-ce qu'il y aurait des francais pour m'aider ?
<14> j'peux essayer
<14> PeRsOnE|Monocycl: msg me
<17> merci
<14> Julian|Work: i pretty much know how it works, i just couldn't think of a case where it might not be
<14> and since its hard to prove a negative ...
<16> Akuma_, people have listed all the possibilities in the user comments.
<4> wouldn't it make sense for is_null to return only true/false? and for it to be $var === null ?
<18> is_null() returns something other than true/false? :O
<18> I don't see a need for a is_*() function to return anything OTHER than true/false :P
<4> thats what i'm thinking
<18> It's kind of a yes or no question.
<18> I'm asking if $foo is something, and it should only answer with a yes or a no :P
<18> Weird :P
<4> is $var null? maybe.
<18> :P
<4> if(is_null($var) === true){echo 'yes!';}elseif(is_null($var) === false){echo 'no!';}elseif(is_null($var) === maybe){echo 'maybe!';}
<4> else{echo 'well ****....';}
<16> itrebal, he's wondering about how it behaves with various input values, not what the output values are.
<4> gotchya
Return to
#php
or
Go to some related
logs:
dbi fork perl
#xorg
swf ubuntu64
sopcast synaptic package manager
hlieberman
gentoo livecd default root password
google. wrapper-gtk24
#php
#web
bnf of c
|
|