[FX.php List] Re: FX.php_List Digest, Vol 48, Issue 44
ryanh amtektechnologies.com
ryanh at amtektechnologies.com
Thu Jul 31 10:45:06 MDT 2008
Hi. I will be in the office around 2 today
----- Original Message -----
From: fx.php_list-bounces at mail.iviking.org <fx.php_list-bounces at mail.iviking.org>
To: fx.php_list at mail.iviking.org <fx.php_list at mail.iviking.org>
Sent: Thu Jul 31 12:40:17 2008
Subject: FX.php_List Digest, Vol 48, Issue 44
Send FX.php_List mailing list submissions to
fx.php_list at mail.iviking.org
To subscribe or unsubscribe via the World Wide Web, visit
http://www.iviking.org/mailman/listinfo/fx.php_list
or, via email, send a message with subject or body 'help' to
fx.php_list-request at mail.iviking.org
You can reach the person managing the list at
fx.php_list-owner at mail.iviking.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of FX.php_List digest..."
Today's Topics:
1. Re: [OFF] Sending php mail as anyone(?!)
(Gjermund Gusland Thorsen)
2. Re: [OFF] Sending php mail as anyone(?!) (Jonathan Schwartz)
3. RE: FM / FX / PHP Library system (CSInfo)
4. Re: FM / FX / PHP Library system (Anders Monsen)
5. Re: FM / FX / PHP Library system (Derrick Fogle)
6. RE: FM / FX / PHP Library system (CSInfo)
7. RE: $_REQUEST (Lindal, Mark)
8. Re: $_REQUEST (Chris Hansen)
----------------------------------------------------------------------
Message: 1
Date: Thu, 31 Jul 2008 09:27:01 +0200
From: "Gjermund Gusland Thorsen" <ggt667 at gmail.com>
Subject: Re: [FX.php List] [OFF] Sending php mail as anyone(?!)
To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
Message-ID:
<e6ecb7940807310027l2ddfb070xf58593f565ded513 at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Joel as the psychosecretary?
ggt
2008/7/31 Steve Winter <steve at bluecrocodile.co.nz>:
> Hi Joel,
>
> What you're missing is that the mail server you're using to send these
> messages is poorly configured and is an open relay... in the world of
> SPAMing this is a very good thing, in the world of internet security it is a
> very BAD thing...!! assuming that this mail server is publicly accessible,
> then the mail server owner needs to make some changes pretty swiftly...
>
> Essentially, if a mailserver isn't configured correctly, it can be used to
> send mail as anyone that the user of that server likes, as you have
> discovered, and therefore yip, you could post 500 word replies appearing to
> be ggt... :-)
>
> Most mail servers these days use at least one of, and in many instance a
> combination of, approaches like;
> pop before smtp - a user must have successfully checked for mail within
> the last x min for them to be able to send mail
> authentication - a user must signin before sending mail
> IP restrictions - a user must have a specific IP address, or be within
> an IP block to send mail
>
> Essentially what you've just discovered, is what the people that send you
> all that SPAM you have to filter out discovered ages ago, there are mail
> servers on the net that are open relays... or they can install their own
> mail sever, on their own ISP's connection and send out a truck load of
> mail...
>
> The blacklists that you mention, and other 'strategies' by ISPs (like port
> 23 blocking for 'residential users' have all been attempts to shutdown this
> practice, however when all's said and done, it's still woefully easy to find
> open relays...
>
> Cheers
> Steve
>
> -----Original Message-----
> From: Joel Shapiro <jsfmp at earthlink.net>
> To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
> Date: Wed, 30 Jul 2008 23:41:43 -0700
> Subject: [FX.php List] [OFF] Sending php mail as anyone(?!)
>
> Hi all
>
> I'm just starting to look at sending mail via php. I'm successfully
> sending mail from my development machine via swiftmailer, but I'm
> kinda shocked that it's so easy to send email seemingly from just
> about *anybody's* email address. Just put it in the 'sender'
> parameter and it arrives looking like it was actually sent by that
> person.
>
> I know there are email blacklists, SMTP authentication, etc., but can
> it really be this simple to send as someone else? (Is this
> "spoofing"?) I mean, I could start posting 500-word replies to this
> list as ggt and none of you would even realize they weren't from him,
> right? (all due respect, ggt ;-)
>
> What am I missing? Any recommended primers on this crazy scary new
> world?
>
> TIA,
> -Joel
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
------------------------------
Message: 2
Date: Thu, 31 Jul 2008 06:33:28 -0700
From: Jonathan Schwartz <jschwartz at exit445.com>
Subject: Re: [FX.php List] [OFF] Sending php mail as anyone(?!)
To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
Message-ID: <p06200700c4b76617519a@[192.168.1.17]>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Hi Joel,
The game isn't how much email gets SENT. It's how much email gets
READ. Notice I didn't say RECEIVED. You email could very well be
RECEIVED, but put in the SPAM or JUNK folder, where it is unlikely to
be RECOGNIZED, OPENED or READ.
Between Point A and Point B, there is layer upon layer of hardware
and software attempting to decide if your mail goes through or not,
often arbitrarily. You can maximize your success by knowing the hard
and fast rules and keeping current with the less defined,
ever-changing spam filter rules. Your mail gets through by NOT doing
what the spam filters are looking for, even though you don't really
understand what that is. Fun, huh?
This list isn't the place to have a further discussion unless other
folks want to hear it.
Send me an email from the server in question. I will contact you
offline and get you started on this bumpy road. ;-)
Jonathan
At 11:41 PM -0700 7/30/08, Joel Shapiro wrote:
>Hi all
>
>I'm just starting to look at sending mail via php.
>
>What am I missing? Any recommended primers on this crazy scary new world?
>
>TIA,
>-Joel
--
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-370-5011
------------------------------
Message: 3
Date: Thu, 31 Jul 2008 10:02:44 -0500
From: "CSInfo" <CSinfo at comcast.net>
Subject: RE: [FX.php List] FM / FX / PHP Library system
To: "'FX.php Discussion List'" <fx.php_list at mail.iviking.org>
Message-ID: <001101c8f31e$7d21ba70$0301a8c0 at CSDellXP>
Content-Type: text/plain; charset="US-ASCII"
Thanks for the input, I further thought about what my client wants and that
is to "see" the files in containers in FileMaker after uploaded (by PHP). If
I have the file paths put into a field, do I then have this Robot do a Troi
import to get the file preview into a referencing container? Or can PHP
extract and put a preview images in a container field?
Thanks,
John
------------------------------
Message: 4
Date: Thu, 31 Jul 2008 10:12:25 -0500
From: Anders Monsen <andersm at alamark.com>
Subject: Re: [FX.php List] FM / FX / PHP Library system
To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
Message-ID: <3F494F67-8A97-4712-A269-934D1B4CC5CB at alamark.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
How about displaying the files in the web viewer instead? If these are
images then you can call the url in the field from the web viewer and
not worry about container?
Anders
On Jul 31, 2008, at 10:02 AM, CSInfo wrote:
> Thanks for the input, I further thought about what my client wants
> and that
> is to "see" the files in containers in FileMaker after uploaded (by
> PHP). If
> I have the file paths put into a field, do I then have this Robot do
> a Troi
> import to get the file preview into a referencing container? Or can
> PHP
> extract and put a preview images in a container field?
> Thanks,
> John
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
------------------------------
Message: 5
Date: Thu, 31 Jul 2008 10:16:38 -0500
From: Derrick Fogle <derrick at fogles.net>
Subject: Re: [FX.php List] FM / FX / PHP Library system
To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
Message-ID: <583ED04B-CA60-431C-94FB-437C83B3334A at fogles.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
With FM8.5+, you can use the web viewer to 'see' files that are stored
in, and accessible via, a web server. But it only works for HTML and
PDF content, not Word documents or other stuff. And there are some
'gotchas' to viewing PDF's, at least on Macs.
I think you're in for a world of hurt trying to get this running using
Filemaker. I'm certain it can be done, but I don't recommend it. So,
I'm going to bow out of the thread and hope there are others on this
list willing to give you some tips and pointers.
On Jul 31, 2008, at 10:02 AM, CSInfo wrote:
> Thanks for the input, I further thought about what my client wants
> and that
> is to "see" the files in containers in FileMaker after uploaded (by
> PHP). If
> I have the file paths put into a field, do I then have this Robot do
> a Troi
> import to get the file preview into a referencing container? Or can
> PHP
> extract and put a preview images in a container field?
> Thanks,
> John
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
Derrick
------------------------------
Message: 6
Date: Thu, 31 Jul 2008 10:42:14 -0500
From: "CSInfo" <CSinfo at comcast.net>
Subject: RE: [FX.php List] FM / FX / PHP Library system
To: "'FX.php Discussion List'" <fx.php_list at mail.iviking.org>
Message-ID: <000601c8f324$01f05900$920a4d0a at CSDellXP>
Content-Type: text/plain; charset="US-ASCII"
Good Idea but they are not all images, the files will be word docs, PDFs,
ext. But now that you bring it up I do not need to show the specific file
previews in a container anyway.
So here is my plan:
1. upload the files using PHP using a standard file selection dialog
2. Put the stored file path in a field via PHP/FX
3. In FM, create a calculation to show an Icon (PDF/Word/Text) if that file
path is valid.
4. Display a list of files that have been uploaded (DB query)
5. Download files via PHP when selected from the list
If anybody wants to cost estimate and write basic PHP/FX code (using FM
Studio) for steps 1,2,4 & 5 please contact me off list at csinfo at comcast.net
Thanks
John Funk
-----Original Message-----
From: fx.php_list-bounces at mail.iviking.org
[mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Anders Monsen
Sent: Thursday, July 31, 2008 10:12 AM
To: FX.php Discussion List
Subject: Re: [FX.php List] FM / FX / PHP Library system
How about displaying the files in the web viewer instead? If these are
images then you can call the url in the field from the web viewer and not
worry about container?
Anders
On Jul 31, 2008, at 10:02 AM, CSInfo wrote:
> Thanks for the input, I further thought about what my client wants and
> that is to "see" the files in containers in FileMaker after uploaded
> (by PHP). If I have the file paths put into a field, do I then have
> this Robot do a Troi import to get the file preview into a referencing
> container? Or can PHP extract and put a preview images in a container
> field?
> Thanks,
> John
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
_______________________________________________
FX.php_List mailing list
FX.php_List at mail.iviking.org
http://www.iviking.org/mailman/listinfo/fx.php_list
------------------------------
Message: 7
Date: Wed, 30 Jul 2008 19:04:44 -0400
From: "Lindal, Mark" <mlindal at pfc.cfs.nrcan.gc.ca>
Subject: RE: [FX.php List] $_REQUEST
To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
Message-ID:
<D80640C08904D944B780C17B27C4229A0A4A3063 at S0-OTT-X2.nrn.nrcan.gc.ca>
Content-Type: text/plain; charset="US-ASCII"
I just went through this with a battery of IT security 'experts', who
when they saw I used $_REQUEST went through the roof and wanted the site
shut down.
However, if you have the proper validation code in place, you can use
$_REQUEST. We spent exhaustive amounts of time validating everything.
Yes - the dangers of the $_GET have to be thought of and all $_GET
values need to be checked to see if it is real data or not. Hackers can
even set up $_POST values to send to insecure web sites.
The lesson we learned, was validate, validate, validate.
As long as your validation code is secure, there is no fear in using
$_REQUEST.
Mark
-----Original Message-----
From: Jonathan Schwartz [mailto:jschwartz at exit445.com]
Sent: Wednesday, July 30, 2008 3:00 PM
To: FX.php Discussion List
Subject: RE: [FX.php List] $_REQUEST
I assumed that everyone has this challenge. Folks arrive to a given page
from either a link using a GET or a from using a POST. Let's say that we
need to edit the page and the recid is the field in question.
Either the GET or the POST has to contain a recid or it's a no go....
if(isset($_GET['recid']) or isset($_POST[recid]) { Good }else{ Bad }
or, the other way...
if(!isset($_GET['recid']) and !isset($_POST[recid]) { Bad }else{ Good }
Of course, just testing for empty isn't good enough, so this code starts
to expand. ;-)
Just thought that the $_REQUEST was a simpler approach that I had
overlooked.
J
At 4:40 PM -0500 7/30/08, Andrew Denman wrote:
>
>I have not yet had an instance where I'm using both POST and GET so I
>haven't used $_REQUEST and cannot provide first-hand experience.
>detection.
>
>Andrew Denman
--
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-370-5011
------------------------------
Message: 8
Date: Thu, 31 Jul 2008 10:40:13 -0600
From: Chris Hansen <chris at iViking.org>
Subject: Re: [FX.php List] $_REQUEST
To: "FX.php Discussion List" <fx.php_list at mail.iviking.org>
Message-ID: <5B2CFBF8-E680-4D53-AFFE-750137FB1E03 at iViking.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Here's my approach (note that you can see this in the Book_List
example, too -- though that solution admittedly needs some updating =):
$arrayName = '_' . $_SERVER["REQUEST_METHOD"];
foreach ($$arrayName as $key => $value) {
/* code here */
}
Note that this makes your code completely flexible, AND it only pays
attention to data sent via the current request method (no ambiguity
with GET and POST parameters with the same name...)
HTH
--Chris Hansen
FileMaker 7/8/9 Certified Developer
Creator of FX.php
"The best way from FileMaker to the Web."
www.iViking.org
On Jul 30, 2008, at 5:41 PM, Nick wrote:
> You can actually use both GET and POST variables and they work very
> well together.
>
> here's some example:
> my html form:
> <form method="post" action="this.php?cmd=new">
> <input type="text" name="email" />
> <input type="submit" value="Create new email" />
>
> and my processing text in "this.php"
> <?php
> if (isset($_GET) && isset($_GET['cmd']))
> {
> if ($_GET['cmd'] == 'new') {
> $my_find = new FX();
> $my_find->layout = 'web_email';
> $my_find->AddDBParam('email', $_POST['email']);
> $my_find_result = $my_find->FMNew();
> $record = current($my_find_result['data']);
> }
> }
> ?>
>
> Of course, I use -modid in case a user goes back a page, and submit
> that with the form, among other things
> for example i always do a find on the record i'm viewing before
> anything... to determine permissions and such.
> and on a new record i usually use header('Location: this.php?
> record='.$record['ID'][0].'&cmd=view');
> or something like that....there are a few things to validate that
> I'm not doing in the example.
>
>
> On Wed, Jul 30, 2008 at 4:17 PM, Jonathan Schwartz <jschwartz at exit445.com
> > wrote:
> Hi Folks,
>
> I've been rethinking how to handle forms and validation.
>
> Sometimes the data being validated comes from a POST and sometimes a
> GET, depending on whether the data was generated from a Form or a
> link.
>
> Up until now, I have had to deal with both cases ...if($_GET[] ) and
> if($_POST).
>
> I just realized that I can use $_REQUEST and not worry which type
> the data came from.
>
> Is this a valid way to go? Something tells me that $_REQUEST isn't.
>
> Thanks
>
> J
> --
> Jonathan Schwartz
> Exit 445 Group
> jonathan at exit445.com
> http://www.exit445.com
> 415-370-5011
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
------------------------------
_______________________________________________
FX.php_List
FX.php_List at mail.iviking.org
http://www.iviking.org/mailman/listinfo/fx.php_list
End of FX.php_List Digest, Vol 48, Issue 44
*******************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://localhost/pipermail/fx.php_list/attachments/20080731/f373642d/attachment-0001.html
More information about the FX.php_List
mailing list