[ZendTo] Re: Duplicated insert

Jules Jules at ZendTo.com
Thu Aug 12 11:33:12 BST 2010 


On 12/08/2010 11:19, Sergio Rabellino wrote:
>
>
> Jules ha scritto:
>>
>>
>> On 11/08/2010 23:15, Sergio Rabellino wrote:
>>>
>>>
>>> Jules ha scritto:
>>>> On 09/08/2010 12:48, Sergio Rabellino wrote:
>>>>    
>>>>> In my code-checks i've found that the auth code is inserted twice and
>>>>> only the latest is used.
>>>>> I suggest to remove in lib/Verify.php the lines from 163 to 168.
>>>>>      
>>>> Where is the other instance?
>>>>    
>>> It's in Verify.php too, line 219, but in another func.
>> It's not quite as simple as that, as in the sub initWithFormData 
>> called from "new Verify()" it is needed when approving an 
>> authenticated user who doesn't get send the email. So if anything, it 
>> should be removed from the code that sends the email 
>> $verify->sendVeryifyEmail() and not from initWithFormData().
>> Do you agree?
> hmmm. Why do you need an auth entry for an authenticated user ? I 
> didn't find a situation where it's needed. I did two dropoffs either 
> with an authenticated user or an unauthenticated one, both of them 
> successfully.
It's handy for making the rest of the code simpler, as it can just read 
the organisation and so forth from the Auth table, regardless of whether 
it's an authenticated user or not.

>> I'm going to leave it alone for now as it doesn't actually cause any 
>> damage at all, but I would like to hear your thoughts on the question.
>>>
>>>>> A question: there is any reason about the removal of any international
>>>>> chars from name and organization ?
>>>>>      
>>>> Me being paranoid about people putting nasty characters into databases
>>>> and HTML.
>>>>    
>>>>> I've adapted my code to write down utf8 strings into mysqldb
>>>>>      
>>>> How do I do that?
>>>>    
>>> First of all the tables must be created/altered to support utf8 
>>> chars: I did an alter from phpmyadmin setting the collation tu 
>>> utf8-general-ci (case insensitive). Then creating the connection to 
>>> the db, the first sql statement is
>>>
>>> DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
>>>
>>> to be sure that client and server share the same charset. (If you 
>>> are paranoid, you can lately check if it's true, asking thru php the 
>>> current charset/collation).
>>> Then the code must be changed, encoding/decoding the strings from/to 
>>> web forms, removing also the regex check for user typing.
>>> If all of this convince you, i can send all the changes (8/10 lines 
>>> somewhere).
>>> As far as i know, utf8 is backward compatible to ascii chars, so no 
>>> dual code is required, and today asking for an utf8 mysql table it's 
>>> a must for many (L)AMP apps.
>> I'm not wholly convinced, but send me the code anyway, so I can put 
>> it in (possibly commented-out for now).
> First of all, the tables fields must be created (or altered if exists) 
> adding  "character set utf8 " after the field type (I did it simply 
> from phpmyadmin :-) ).
What about the same for SQLite? I *have* to support that completely too.
> My code changes follow. The line numbers can be slightly different as 
> i frequently add some tag lines to the code...
>
> file lib/MySQL.php
> add below  line 54
> >  // SET CHARSET
> >  $query = "DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;";
> >  if (!$this->database->query($query)) {
> >   return "FALSE";
> >  }
>
> file lib/NSSDropbox.php
> change line 1152 to  $name = utf8_decode($recordlist[0]['FullName']);
> change line 1155 to  $org   = utf8_decode($recordlist[0]['Organization']);
>
> file lib/NSSDropoff.php
> change line 936 to       $this->_senderName          = 
> utf8_decode($qResult['senderName']);
> change line 937 to      $this->_senderOrganization  = 
> utf8_decode($qResult['senderOrganization']);
> change line 939 to      $this->_note                = 
> utf8_decode($qResult['note']);
> change line 1239 to    utf8_encode($senderName), 
> utf8_encode($senderOrganization), $senderEmail,
> change line 1243 to  utf8_encode($note)) ) {
>
> file lib/Verify.php
> add below line 213
>     $senderName = utf8_encode($senderName);
>     $senderOrganization = utf8_encode($senderOrganization);
> change line 236 to  $smarty->assign('senderName',  
> utf8_decode($senderName));
> change line 237 to  $smarty->assign('senderOrg',   
> utf8_decode($senderOrganization));
>
> With these changes, i can use utf8 chars (i.e. à ì) into username, 
> organization and note.
Thanks.
>
>>
>>>>> and i do not see any evidence of problem about it: i'm wrong ?
>>>>>      
>>>> I just want to be absolutely doubly sure that people cannot put evil
>>>> text in it, which is very easy to allow by mistake.
>>>>
>>>>    
>>> I understand, but in italian language (and in many other languages) 
>>> the 'special' chars are often used: university-> università ....
>> Ah, that does explain a good use for it, which definitely helps 
>> convince me :-)
> Ah, i forgot to mention a possibly interesting change into 
> lib/NSSLDAPAuthenticator.php: can happen that you can't login as 
> anonymous into an ldap server (my university central server is 
> configured without anon query), so can be useful adding an optional 
> username/password for ldap binding.
>
> config/preferences.php
> add two prefs as follow
>  'authLDAPDn'            => 'o=MyOrg,uid=MyUser',
>  'authLDAPPass'          => 'MyPASStoLDAP',
>
> lib/NSSLDAPAuthenticator.php
> add below line 50
> >  protected $_ldapDn = NULL;
> >  protected $_ldapPass = NULL;
> add below line 73
> >   $this->_ldapDn        = $prefs['authLDAPDn'];
> >   $this->_ldapPass      = $prefs['authLDAPPass'];
>
> change line 147 to   if ( $ldapBind = 
> @ldap_bind($ldapConn,$this->_ldapDn,$this->_ldapPass) ) {
> change line 230 to     if ( $ldapBind = 
> @ldap_bind($ldapConn,$this->_ldapDn,$this->_ldapPass) ) {
>
> If you setup the two preferences with empty string, the bind will be 
> anonymous, as before these changes.
> hope this helps.
Good idea, I'll definitely put that one in.

Thanks!

Jules

-- 
Julian Field MEng CITP CEng
www.ZendTo.com

Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20100812/9ffcaa8f/attachment-0001.html

More information about the ZendTo mailing list