[ZendTo] Re: Duplicated insert

Sergio Rabellino rabellino at di.unito.it
Thu Aug 12 11:42:13 BST 2010 

Jules ha scritto:
>
>
> On 12/08/2010 11:19, Sergio Rabellino wrote:
>>
>>
>> Jules ha scritto:
>>>
>>>
>>> On 11/08/2010 23:15, Sergio Rabellino wrote:
>>>>
>>>>
>>>> Jules ha scritto:
>>>>> On 09/08/2010 12:48, Sergio Rabellino wrote:
>>>>>   
>>>>>> In my code-checks i've found that the auth code is inserted twice and 
>>>>>> only the latest is used.
>>>>>> I suggest to remove in lib/Verify.php the lines from 163 to 168.
>>>>>>     
>>>>> Where is the other instance?
>>>>>   
>>>> It's in Verify.php too, line 219, but in another func.
>>> It's not quite as simple as that, as in the sub initWithFormData 
>>> called from "new Verify()" it is needed when approving an 
>>> authenticated user who doesn't get send the email. So if anything, 
>>> it should be removed from the code that sends the email 
>>> $verify->sendVeryifyEmail() and not from initWithFormData().
>>> Do you agree?
>> hmmm. Why do you need an auth entry for an authenticated user ? I 
>> didn't find a situation where it's needed. I did two dropoffs either 
>> with an authenticated user or an unauthenticated one, both of them 
>> successfully.
> It's handy for making the rest of the code simpler, as it can just 
> read the organisation and so forth from the Auth table, regardless of 
> whether it's an authenticated user or not.
>
>>> I'm going to leave it alone for now as it doesn't actually cause any 
>>> damage at all, but I would like to hear your thoughts on the question.
>>>>
>>>>>> A question: there is any reason about the removal of any international 
>>>>>> chars from name and organization ?
>>>>>>     
>>>>> Me being paranoid about people putting nasty characters into databases 
>>>>> and HTML.
>>>>>   
>>>>>> I've adapted my code to write down utf8 strings into mysqldb
>>>>>>     
>>>>> How do I do that?
>>>>>   
>>>> First of all the tables must be created/altered to support utf8 
>>>> chars: I did an alter from phpmyadmin setting the collation tu 
>>>> utf8-general-ci (case insensitive). Then creating the connection to 
>>>> the db, the first sql statement is
>>>>
>>>> DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
>>>>
>>>> to be sure that client and server share the same charset. (If you 
>>>> are paranoid, you can lately check if it's true, asking thru php 
>>>> the current charset/collation).
>>>> Then the code must be changed, encoding/decoding the strings 
>>>> from/to web forms, removing also the regex check for user typing.
>>>> If all of this convince you, i can send all the changes (8/10 lines 
>>>> somewhere).
>>>> As far as i know, utf8 is backward compatible to ascii chars, so no 
>>>> dual code is required, and today asking for an utf8 mysql table 
>>>> it's a must for many (L)AMP apps.
>>> I'm not wholly convinced, but send me the code anyway, so I can put 
>>> it in (possibly commented-out for now).
>> First of all, the tables fields must be created (or altered if 
>> exists) adding  "character set utf8 " after the field type (I did it 
>> simply from phpmyadmin :-) ).
> What about the same for SQLite? I *have* to support that completely too.
No totally good news: 
http://uk.php.net/manual/en/function.sqlite-libencoding.php

>> My code changes follow. The line numbers can be slightly different as 
>> i frequently add some tag lines to the code...
>>
>> file lib/MySQL.php
>> add below  line 54
>> >  // SET CHARSET
>> >  $query = "DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;";
>> >  if (!$this->database->query($query)) {
>> >   return "FALSE";
>> >  }
>>
>> file lib/NSSDropbox.php
>> change line 1152 to  $name = utf8_decode($recordlist[0]['FullName']);
>> change line 1155 to  $org   = 
>> utf8_decode($recordlist[0]['Organization']);
>>
>> file lib/NSSDropoff.php
>> change line 936 to       $this->_senderName          = 
>> utf8_decode($qResult['senderName']);
>> change line 937 to      $this->_senderOrganization  = 
>> utf8_decode($qResult['senderOrganization']);
>> change line 939 to      $this->_note                = 
>> utf8_decode($qResult['note']);
>> change line 1239 to    utf8_encode($senderName), 
>> utf8_encode($senderOrganization), $senderEmail,
>> change line 1243 to  utf8_encode($note)) ) {
>>
>> file lib/Verify.php
>> add below line 213
>>     $senderName = utf8_encode($senderName);
>>     $senderOrganization = utf8_encode($senderOrganization);
>> change line 236 to  $smarty->assign('senderName',  
>> utf8_decode($senderName));
>> change line 237 to  $smarty->assign('senderOrg',   
>> utf8_decode($senderOrganization));
>>
>> With these changes, i can use utf8 chars (i.e. à ì) into username, 
>> organization and note.
> Thanks.
>>
>>>
>>>>>> and i do not see any evidence of problem about it: i'm wrong ?
>>>>>>     
>>>>> I just want to be absolutely doubly sure that people cannot put evil 
>>>>> text in it, which is very easy to allow by mistake.
>>>>>
>>>>>   
>>>> I understand, but in italian language (and in many other languages) 
>>>> the 'special' chars are often used: university-> università ....
>>> Ah, that does explain a good use for it, which definitely helps 
>>> convince me :-)
>> Ah, i forgot to mention a possibly interesting change into 
>> lib/NSSLDAPAuthenticator.php: can happen that you can't login as 
>> anonymous into an ldap server (my university central server is 
>> configured without anon query), so can be useful adding an optional 
>> username/password for ldap binding.
>>
>> config/preferences.php
>> add two prefs as follow
>>  'authLDAPDn'            => 'o=MyOrg,uid=MyUser',
>>  'authLDAPPass'          => 'MyPASStoLDAP',
>>
>> lib/NSSLDAPAuthenticator.php
>> add below line 50
>> >  protected $_ldapDn = NULL;
>> >  protected $_ldapPass = NULL;
>> add below line 73
>> >   $this->_ldapDn        = $prefs['authLDAPDn'];
>> >   $this->_ldapPass      = $prefs['authLDAPPass'];
>>
>> change line 147 to   if ( $ldapBind = 
>> @ldap_bind($ldapConn,$this->_ldapDn,$this->_ldapPass) ) {
>> change line 230 to     if ( $ldapBind = 
>> @ldap_bind($ldapConn,$this->_ldapDn,$this->_ldapPass) ) {
>>
>> If you setup the two preferences with empty string, the bind will be 
>> anonymous, as before these changes.
>> hope this helps.
> Good idea, I'll definitely put that one in.
>
> Thanks!
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.ZendTo.com
>
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zendto.com
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>   

-- 
Ing. Sergio Rabellino

Università degli Studi di Torino
Dipartimento di Informatica
ICT Services Director
Tel +39-0116706701  Fax +39-011751603
C.so Svizzera , 185 - 10149 - Torino

<http://www.di.unito.it>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20100812/925d169d/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.jpg
Type: image/jpeg
Size: 4570 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20100812/925d169d/attachment.jpg

More information about the ZendTo mailing list