From dirk at haun-online.de Thu May 1 03:01:31 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 1 May 2008 09:01:31 +0200 Subject: [geeklog-devel] LDAP module: Where to put the config? Message-ID: <20080501070131.2137205911@smtp.haun-online.de> (whoops, only sent this to Vinny instead of sending it to the list) Vincent Furia wrote: >Is there a way of extending the configuration gui to include >configuration for the authentication module? I don't see why not. However, that would put an end to the idea of adding / removing remote auth modules by simply dropping them into the directory. So we would need a way to enable / disable and install / uninstall modules. We should probably do this, but given the amount of work required, I'd like to postpone this to post-1.5. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Thu May 1 03:21:18 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 1 May 2008 09:21:18 +0200 Subject: [geeklog-devel] [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F269D59@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F269D59@nex-pluto.nextide.ca> Message-ID: <20080501072118.1186632769@smtp.haun-online.de> Randy Kolenko wrote: >There is another issue I found in the installer - when you have a path >that has spaces in it, the installer fails right after you click on the >"Install >>" button. Hmm. /Library/WebServer/Geeklog 1.x/ worked for me. Where in your path was that space? bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From mjervis at gmail.com Thu May 1 04:02:13 2008 From: mjervis at gmail.com (Michael Jervis) Date: Thu, 1 May 2008 09:02:13 +0100 Subject: [geeklog-devel] [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 In-Reply-To: <20080501072118.1186632769@smtp.haun-online.de> References: <063B8B70CB9DA141B2FC1DB483561B9F269D59@nex-pluto.nextide.ca> <20080501072118.1186632769@smtp.haun-online.de> Message-ID: <7b42e7470805010102i4111370emfd9f65ab4bf18d66@mail.gmail.com> Dirk, > >There is another issue I found in the installer - when you have a path > >that has spaces in it, the installer fails right after you click on the > >"Install >>" button. > > Hmm. /Library/WebServer/Geeklog 1.x/ worked for me. You're on a Mac right? Or on a Linux shared host? Maybe this is just a problem on Windows? I'll see if I can try it today. List of things to do growing... Mike From dirk at haun-online.de Thu May 1 04:51:59 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 1 May 2008 10:51:59 +0200 Subject: [geeklog-devel] [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 In-Reply-To: <7b42e7470805010102i4111370emfd9f65ab4bf18d66@mail.gmail.com> References: <063B8B70CB9DA141B2FC1DB483561B9F269D59@nex-pluto.nextide.ca> <20080501072118.1186632769@smtp.haun-online.de> <7b42e7470805010102i4111370emfd9f65ab4bf18d66@mail.gmail.com> Message-ID: <20080501085159.229667295@smtp.haun-online.de> Michael Jervis wrote: >> Hmm. /Library/WebServer/Geeklog 1.x/ worked for me. > >You're on a Mac right? Or on a Linux shared host? > >Maybe this is just a problem on Windows? Yeah, I'm on a Mac. Shouldn't be different from other Unix variants there. Can't test on Windows ... bye, Dirk -- http://www.haun-online.de/accu/ From Randy.Kolenko at nextide.ca Thu May 1 06:29:33 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Thu, 1 May 2008 06:29:33 -0400 Subject: [geeklog-devel] [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F269D68@nex-pluto.nextide.ca> Windows for me.... > -----Original Message----- > From: Dirk Haun [mailto:dirk at haun-online.de] > Sent: Thursday, May 01, 2008 4:52 AM > To: geeklog-devel > Subject: Re: [geeklog-devel] > [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 > > > Michael Jervis wrote: > > >> Hmm. /Library/WebServer/Geeklog 1.x/ worked for me. > > > >You're on a Mac right? Or on a Linux shared host? > > > >Maybe this is just a problem on Windows? > > Yeah, I'm on a Mac. Shouldn't be different from other Unix > variants there. Can't test on Windows ... > > bye, Dirk > > > -- > http://www.haun-online.de/accu/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From Randy.Kolenko at nextide.ca Thu May 1 07:32:31 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Thu, 1 May 2008 07:32:31 -0400 Subject: [geeklog-devel] [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F111EB4@nex-pluto.nextide.ca> Using the patch below for the mssql tables and data, the install works all the way until the config values ar being saved to the db. This line is failing now: INSERT INTO gl_conf_values (name, value, type, subgroup, group_name, selectionArray, sort_order, fieldset, default_value) VALUES ("microsummary_short","s:4:"GL: ";","text",0,"Core",-1,80,0, "s:4:"GL: ";") The above line is generated in config.class.php and is called during the install_config() call in admin/install/index.php. Config.class.php on lines 282 and 283 does an str_replace on the apostrophes to make them quotation marks. But it would appear that the result it not quite what was intended :-) Quotation marks are valid field delimiters, but the problem is the "s:4:"GL: ";" portion of the line where we've obviously got a string issue in there. I just haven't had time to understand why the string replacements were done quite yet... Anyone more versed in that area of code (Aaron)? > $_SQL[] = " > set identity_insert {$_TABLES['users']} on > > INSERT INTO {$_TABLES['users']} (uid, username, fullname, > passwd, email, homepage, sig, regdate, cookietimeout, theme, > status,num_reminders) VALUES > (1,'Anonymous','Anonymous','',NULL,NULL,'',getdate(),0,NULL,3,0) > INSERT INTO {$_TABLES['users']} (uid, username, fullname, > passwd, email, homepage, sig, regdate, cookietimeout, theme, > status,num_reminders) VALUES (2,'Admin','Geeklog > SuperUser','5f4dcc3b5aa765d61d8327deb882cf99','root at localhost' ,'http://w ww.geeklog.net/','',getdate(),28800,NULL,3,0) set identity_insert {$_TABLES['users']} off "; From dirk at haun-online.de Thu May 1 07:48:48 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 1 May 2008 13:48:48 +0200 Subject: [geeklog-devel] [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F111EB4@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F111EB4@nex-pluto.nextide.ca> Message-ID: <20080501114848.191249120@smtp.haun-online.de> Randy Kolenko wrote: >INSERT INTO gl_conf_values (name, value, type, subgroup, group_name, >selectionArray, sort_order, fieldset, default_value) VALUES >("microsummary_short","s:4:"GL: ";","text",0,"Core",-1,80,0, "s:4:"GL: >";") That should read ... VALUES ("microsummary_short", 's:4:"GL: ";', "text", ... >Config.class.php on lines 282 and 283 does an str_replace on the >apostrophes to make them quotation marks. But it would appear that the >result it not quite what was intended :-) Not sure why there even is special handling for MS SQL. For MySQL it does a straight DB_query() with the unchanged $sql_query. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From mjervis at gmail.com Thu May 1 08:26:11 2008 From: mjervis at gmail.com (Michael Jervis) Date: Thu, 1 May 2008 13:26:11 +0100 Subject: [geeklog-devel] [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 In-Reply-To: <20080501114848.191249120@smtp.haun-online.de> References: <063B8B70CB9DA141B2FC1DB483561B9F111EB4@nex-pluto.nextide.ca> <20080501114848.191249120@smtp.haun-online.de> Message-ID: <7b42e7470805010526l79c509b0j9ed479bd58f97e4f@mail.gmail.com> I've got MSSQL install "working" However, I now get undefined index for site_name, rootdebug and several other config vars, which do appear to be in gl_conf_values. Will investigate another day, will comit fixes tonight. From dirk at haun-online.de Thu May 1 12:03:29 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 1 May 2008 18:03:29 +0200 Subject: [geeklog-devel] LDAP module: Where to put the config? Message-ID: <20080501160329.568109436@smtp.haun-online.de> Vincent Furia wrote: >Language files in system/classes/authentication makes a lot of sense. Actually, looking at the LDAP module's error handling again (which is the only place that uses the language file), I think I'd like to change that so that failure to connect to the LDAP server will simply result in a failed login. Details can then be logged in error.log and so we wouldn't need a language file any more (since error.log entries are traditionally English only anyway). Which leaves us with the config file, which I've put into system/classes/authentication/ldap/config.php bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From joe at ThrowingDice.com Thu May 1 15:47:34 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Thu, 01 May 2008 15:47:34 -0400 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes/authentication LDAP.auth.class.php, NONE, 1.1 In-Reply-To: <20080501192750.19A6110FE14@qs1489.pair.com> References: <20080501192750.19A6110FE14@qs1489.pair.com> Message-ID: <0K07003SEGBAZPU0@mta5.srv.hcvlny.cv.net> At 03:27 PM 5/1/2008, Dirk Haun wrote: > function ascii2hex($ascii) > { > /* Adapted from function courtesy kuukelekuu at gmail dot com, > * from http://www.thescripts.com/forum/thread519762.html > */ > $hex = ''; > > for ($i = 0; $i < strlen($ascii); $i++) { > $byte = strtolower(dechex(ord($ascii{$i}))); > $byte = str_repeat('0', 2 - strlen($byte)) . $byte; > $hex .= $byte; > } > > return $hex; > } You should not use {$i} to subscript a string since according to the PHP manual: Note: Strings may also be accessed using braces, as in $str{42}, for the same purpose. However, this syntax is deprecated as of PHP 6. Use square brackets instead. Is there some reason this is not just a call to binhex()? If there is, this saves a lot of calls to strlen/str_repeat and strtolower. $hex = ''; $len = strlen($ascii); for ($i = 0; $i < $len; ++$i) { $hex .= str_pad(dechex(ord($ascii[$i])), '0', 2, STR_PAD_LEFT); } return strtolower($hex); I realize this is adapted code. But during adaptation, one should cut down on the cruft of older versions. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From tony at tonybibbs.com Thu May 1 16:01:08 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 1 May 2008 13:01:08 -0700 (PDT) Subject: [geeklog-devel] geeklog.net domain Message-ID: <442550.15340.qm@web706.biz.mail.mud.yahoo.com> Server I use to host the DNS for geeklog.net has some major problems this week requiring a rebuild. That rebuild is happening today and I expect BIND back up at some point. Luckily my server acts as a hidden primary but I'm not sure if that will keep effect before I get our BIND server back up. I don't sysadmin'ing a bit but continue to host this along with one or two non-critical domains. I'm completely open (read: happy to get rid off) this domain. I will continue holding it of course but I don't like being the weak link in an otherwise good mode of operation. Apply within. --Tony From mark at the-howards.net Fri May 2 15:30:53 2008 From: mark at the-howards.net (Mark Howard) Date: Fri, 2 May 2008 15:30:53 -0400 Subject: [geeklog-devel] [geeklog-cvs] Language files updated In-Reply-To: <20080502151523.219111245@smtp.haun-online.de> References: <20080502151523.219111245@smtp.haun-online.de> Message-ID: <09c401c8ac8b$0a148e10$1e3daa30$@net> Darn it - I *live* for those things. -m -----Original Message----- From: geeklog-cvs-bounces at lists.geeklog.net [mailto:geeklog-cvs-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: Friday, May 02, 2008 11:15 AM To: geeklog-cvs at lists.geeklog.net Subject: [geeklog-cvs] Language files updated Okay, I thought I'd spare everyone the 1.3 MB or so of update posts: The language files (core and all 5 plugins) have now been updated. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ _______________________________________________ geeklog-cvs mailing list geeklog-cvs at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-cvs From chipper at llamas.net Sat May 3 15:00:12 2008 From: chipper at llamas.net (Chris 'Chipper' Chiapusio) Date: Sat, 3 May 2008 15:00:12 -0400 Subject: [geeklog-devel] geeklog.net domain In-Reply-To: <442550.15340.qm@web706.biz.mail.mud.yahoo.com> References: <442550.15340.qm@web706.biz.mail.mud.yahoo.com> Message-ID: <20080503190012.GA12243@chipsworld.llamas.net> On Thu, May 01, 2008 at 01:01:08PM -0700, Tony Bibbs wrote: >Server I use to host the DNS for geeklog.net has some major problems this week requiring a rebuild. That rebuild is happening today and I expect BIND back up at some point. Luckily my server acts as a hidden primary but I'm not sure if that will keep effect before I get our BIND server back up. I don't sysadmin'ing a bit but continue to host this along with one or two non-critical domains. I'm completely open (read: happy to get rid off) this domain. I will continue holding it of course but I don't like being the weak link in an otherwise good mode of operation. Apply within. > >--Tony > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel If you need another DNS server to improve reliablility I can help. Chip -- ------ **** Warning **** This e-mail message, without warrant or warning, and despite US law as set forth in the Foreign Intelligence Surveillance Act of 1978, may be subject to monitoring by the United States National Security Agency and/or the Department of Defense. Information contained in this message may be used against any senders or recipients, now or in the future, in a public trial or secret tribunal. Please encrypt anything important. PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D From joe at ThrowingDice.com Sun May 4 00:24:16 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 04 May 2008 00:24:16 -0400 Subject: [geeklog-devel] Bugtracker In-Reply-To: <20080503190012.GA12243@chipsworld.llamas.net> References: <442550.15340.qm@web706.biz.mail.mud.yahoo.com> <20080503190012.GA12243@chipsworld.llamas.net> Message-ID: <0K0B00KN2TK7GZO0@mta2.srv.hcvlny.cv.net> Can someone fix the Project name for this issue? I have no idea how the project wasn't Geeklog 1. http://project.geeklog.net/tracking/view.php?id=617 ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From mjervis at gmail.com Sun May 4 03:02:28 2008 From: mjervis at gmail.com (Michael Jervis) Date: Sun, 4 May 2008 08:02:28 +0100 Subject: [geeklog-devel] Bugtracker In-Reply-To: <0K0B00KN2TK7GZO0@mta2.srv.hcvlny.cv.net> References: <442550.15340.qm@web706.biz.mail.mud.yahoo.com> <20080503190012.GA12243@chipsworld.llamas.net> <0K0B00KN2TK7GZO0@mta2.srv.hcvlny.cv.net> Message-ID: <7b42e7470805040002o77891c58ve51e24bea33b1aeb@mail.gmail.com> Done, confirmed, and resolved. (Well when update/commit cycle complete...) On Sun, May 4, 2008 at 5:24 AM, Joe Mucchiello wrote: > Can someone fix the Project name for this issue? I have no idea how the > project wasn't Geeklog 1. > > http://project.geeklog.net/tracking/view.php?id=617 > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -- Michael Jervis mjervis at gmail.com 504B03041400000008008F846431E3543A820800000006000000060000007765 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 0800000006000000060000000000000000002000000000000000776562676F64 504B05060000000001000100340000002C0000000000 From dirk at haun-online.de Sun May 4 06:02:45 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 4 May 2008 12:02:45 +0200 Subject: [geeklog-devel] Geeklog 1.5 status In-Reply-To: <20080413091254.1959393166@smtp.haun-online.de> References: <20080321205301.1614627802@smtp.haun-online.de> <20080413091254.1959393166@smtp.haun-online.de> Message-ID: <20080504100245.79846771@smtp.haun-online.de> Dirk Haun wrote: >>Geeklog 1.5 is finally coming along to the point where I think I could >>actually risk running a site off of it. > >I did just that now and updated Damn Spam! .. and geeklog.info is now also running on 1.5. This time, I remembered to put the old config.php files back into place before doing the upgrade and promptly found (and fixed) a small issue with the plugin upgrade there. Other than that, it seems to run just fine. To make things more interesting, both sites are actually running off of the same code base (one small modification in lib-common.php required). While that isn't quite working as expected, it's not a problem with 1.5 itself and so it's not a showstopper. So despite the remaining known issues (MS SQL support, pending theme changes) I'd like to push out a beta release, possibly tomorrow, to get some feedback and information on as yet unknown issues. Comments? Anything else I may have missed? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From trinity93 at gmail.com Sun May 4 06:14:00 2008 From: trinity93 at gmail.com (Trinity) Date: Sun, 4 May 2008 05:14:00 -0500 Subject: [geeklog-devel] Geeklog 1.5 status In-Reply-To: <20080504100245.79846771@smtp.haun-online.de> References: <20080321205301.1614627802@smtp.haun-online.de> <20080413091254.1959393166@smtp.haun-online.de> <20080504100245.79846771@smtp.haun-online.de> Message-ID: "release early, release often" some one once said :-) On Sun, May 4, 2008 at 5:02 AM, Dirk Haun wrote: > Dirk Haun wrote: > >>>Geeklog 1.5 is finally coming along to the point where I think I could >>>actually risk running a site off of it. >> >>I did just that now and updated Damn Spam! > > .. and geeklog.info is now also running on 1.5. This time, I remembered > to put the old config.php files back into place before doing the upgrade > and promptly found (and fixed) a small issue with the plugin upgrade there. > > Other than that, it seems to run just fine. > > To make things more interesting, both sites are actually running off of > the same code base (one small modification in lib-common.php required). > While that isn't quite working as expected, it's not a problem with 1.5 > itself and so it's not a showstopper. > > So despite the remaining known issues (MS SQL support, pending theme > changes) I'd like to push out a beta release, possibly tomorrow, to get > some feedback and information on as yet unknown issues. > > Comments? Anything else I may have missed? > > bye, Dirk > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From furiousdog at gmail.com Sun May 4 08:10:25 2008 From: furiousdog at gmail.com (Sami Barakat) Date: Sun, 4 May 2008 13:10:25 +0100 Subject: [geeklog-devel] "I can see your house from here!" In-Reply-To: <7b42e7470804291141s1418e29bud79522263da95f1e@mail.gmail.com> References: <20080429093123.r1i293xu74gs40gg@webmail.df.eu> <7b42e7470804290058q41806f7cnb07f9e8e38f54ea5@mail.gmail.com> <010a01c8aa20$7e3447d0$7a9cd770$@net> <7b42e7470804291141s1418e29bud79522263da95f1e@mail.gmail.com> Message-ID: <609505460805040510s78e83ac7k45c752f62cf4cb05@mail.gmail.com> Didn't realise I hadn't included my house to the list. Anyway you can now see where I live...and down the road is the the campus I go to :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.tutty at gmail.com Sun May 4 09:08:44 2008 From: michael.tutty at gmail.com (Michael Tutty) Date: Sun, 4 May 2008 08:08:44 -0500 Subject: [geeklog-devel] "I can see your house from here!" In-Reply-To: <7b42e7470804290058q41806f7cnb07f9e8e38f54ea5@mail.gmail.com> References: <20080429093123.r1i293xu74gs40gg@webmail.df.eu> <7b42e7470804290058q41806f7cnb07f9e8e38f54ea5@mail.gmail.com> Message-ID: <62d0f2020805040608k24392982j27a0730dab094611@mail.gmail.com> Not sure if anyone knew this already, but Tony Bibbs, Justin and I all work together in Des Moines. We're literally ten feet from each other on most days :) TB actually got me into PHP, and both of us into Geeklog as well. On Tue, Apr 29, 2008 at 2:58 AM, Michael Jervis wrote: > > you can now see the locations of some of our GSoC mentors and students > (not > > all of which decided to make their location public, which is perfectly > okay > > of course). > > Gotta Love Google! > > I see Michael and Justin are very close, who'd have guessed! ;-) Oh > and is that a graveyard you live in Justin? > > Also interesting to see the difference in zoom you can achieve in > Satellite view in the UK/US vs Germany. And who's Eric? > > Mike > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sun May 4 11:25:03 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 4 May 2008 17:25:03 +0200 Subject: [geeklog-devel] {blockid} Message-ID: <20080504152503.252916540@smtp.haun-online.de> Here's something I stumbled over while updating geeklog.info: In block attributes, {blockid} is now available as a variable. It's used to give blocks a unique ID, e.g.
in blockheader.thtml. Apart from the slight misnomer (it's not the block's ID, bid, but something derived from the block's title), here are some issues I ran into: 1) It doesn't take national special characters into account. So on geeklog.info, I now have a block with id="?ber_Geeklog2". Not sure where the 2 comes from, but the actual problem is the umlaut - it's not valid HTML. Proposed solution: Instead of trying to clean up the block title using strtr(), I'd suggest to run it through COM_sanitizeID(). That will give slightly different results from before, but since this is new code anyway, it shouldn't affect too many people. 2) Based on the {blockid}, there is some CSS in style.css that controls how some lists are formatted: #Admins_Only ul, #User_Functions ul, #Topics ul { list-style:none; padding:0px; margin:0px; } In the Professional theme, the Admins Only, User Functions, and Topics block now all use proper
    lists. The above CSS rule makes them appear like before, i.e. without the bullet points. But that stops working when you rename the blocks. Like, say, because you're running a site in German where "Topics" is "Kategorien" ... Haven't really looked into a proper fix yet - it would probably involve using more block template files instead of that CSS "hack". Other ideas? bye, Dirk P.S. I actually recognized who wrote that blockid code without looking it up in CVS ;-) -- http://www.geeklog.net/ http://geeklog.info/ From joe at ThrowingDice.com Sun May 4 12:15:02 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Sun, 04 May 2008 12:15:02 -0400 Subject: [geeklog-devel] {blockid} In-Reply-To: <20080504152503.252916540@smtp.haun-online.de> References: <20080504152503.252916540@smtp.haun-online.de> Message-ID: <0K0C00MZWQHWL440@mta5.srv.hcvlny.cv.net> At 11:25 AM 5/4/2008, Dirk Haun wrote: >Apart from the slight misnomer (it's not the block's ID, bid, but >something derived from the block's title), here are some issues I ran into: Why not just take it from the block name? Whoa. I was going to say it gets passed through COM_applyFilter. But it doesn't. It doesn't even go through COM_stripslashes. It goes straight from $_POST['name'] to $name to "....,'$name',...." in DB_save. In theory block_name should be unique and after a call to COM_sanitizeID it should be fine. But you might want to check that other problem too. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From mjervis at gmail.com Sun May 4 12:52:34 2008 From: mjervis at gmail.com (Michael Jervis) Date: Sun, 4 May 2008 17:52:34 +0100 Subject: [geeklog-devel] {blockid} In-Reply-To: <0K0C00MZWQHWL440@mta5.srv.hcvlny.cv.net> References: <20080504152503.252916540@smtp.haun-online.de> <0K0C00MZWQHWL440@mta5.srv.hcvlny.cv.net> Message-ID: <7b42e7470805040952s5ded8de0n5a15fe99a493cc48@mail.gmail.com> Why not take it from bid? Which is unique and safe, prefixed with block to make it meaningful. From devel at portalparts.com Sun May 4 12:56:33 2008 From: devel at portalparts.com (Blaine Lang) Date: Sun, 04 May 2008 12:56:33 -0400 Subject: [geeklog-devel] {blockid} In-Reply-To: <20080504152503.252916540@smtp.haun-online.de> References: <20080504152503.252916540@smtp.haun-online.de> Message-ID: Dirk Haun wrote: > Apart from the slight misnomer (it's not the block's ID, bid, but something derived from the block's title) Actually the template var had more to do with it's purpose as upposed to the source used to create it. This feature was added so Javascript and CSS could be added to control blocks and we need a unique ID per block and believe block title was chosen to have something more familiar to the site admin but and bid would certainly be unique and easier to use but less descriptive or identifiable. When using block_title, the code does also handle having duplicate titles for blocks which can happen. > It doesn't take national special characters into account. So on geeklog.info, I now have a block with id="?ber_Geeklog2". Agree - I had not tested on extended characters other then the issues addressed with the strtr code > I'd suggest to run it through COM_sanitizeID(). Sounds like a good idea - don't see any issues as that should still be an identifiable name for the ID > Based on the {blockid}, there is some CSS in style.css that controls how some lists are formatted: #Admins_Only ul, #User_Functions ul, #Topics ul { list-style:none; padding:0px; margin:0px; } Hum -- does this need to be based on ID's and not class names as this will break if someone changes the block title (if these ID's are the dynamically generated ones from the above noted code). Blaine From dirk at haun-online.de Sun May 4 13:03:56 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 4 May 2008 19:03:56 +0200 Subject: [geeklog-devel] {blockid} In-Reply-To: <7b42e7470805040952s5ded8de0n5a15fe99a493cc48@mail.gmail.com> References: <20080504152503.252916540@smtp.haun-online.de> <0K0C00MZWQHWL440@mta5.srv.hcvlny.cv.net> <7b42e7470805040952s5ded8de0n5a15fe99a493cc48@mail.gmail.com> Message-ID: <20080504170356.1940669808@smtp.haun-online.de> Michael Jervis wrote: >Why not take it from bid? Which is unique and safe, prefixed with >block to make it meaningful. {blockid} is set in COM_startBlock which doesn't have the bid. Besides, do dynamically created blocks (like the Forum Menu block) even have a bid? bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From devel at portalparts.com Sun May 4 13:12:47 2008 From: devel at portalparts.com (Blaine Lang) Date: Sun, 04 May 2008 13:12:47 -0400 Subject: [geeklog-devel] {blockid} In-Reply-To: <20080504170356.1940669808@smtp.haun-online.de> References: <20080504152503.252916540@smtp.haun-online.de> <0K0C00MZWQHWL440@mta5.srv.hcvlny.cv.net> <7b42e7470805040952s5ded8de0n5a15fe99a493cc48@mail.gmail.com> <20080504170356.1940669808@smtp.haun-online.de> Message-ID: Dirk Haun wrote: > Besides, do dynamically created blocks (like the Forum Menu block) even have a bid? They do in the case of the forum but there may be some code that in the future generates the needed array of block info dynamically. Michael Jervis wrote: > Why not take it from bid? Which is unique and safe, prefixed with block to make it meaningful. It was just that id="blk23" is not as meaningfull as id="myblock" - it's easier to use in this code to set the ID though. Blaine From eakwarren at gmail.com Sun May 4 15:00:39 2008 From: eakwarren at gmail.com (Eric Warren) Date: Sun, 4 May 2008 13:00:39 -0600 Subject: [geeklog-devel] {blockid} In-Reply-To: References: <20080504152503.252916540@smtp.haun-online.de> <0K0C00MZWQHWL440@mta5.srv.hcvlny.cv.net> <7b42e7470805040952s5ded8de0n5a15fe99a493cc48@mail.gmail.com><20080504170356.1940669808@smtp.haun-online.de> Message-ID: Remember that you shouldn't start an id or class with a number according to w3schools http://www.w3schools.com/Css/css_syntax.asp because it doesn't work in Mozilla/Firefox. But using block_(blockid) would work. Thx! Eric ----- Original Message ----- From: "Blaine Lang" To: "Geeklog Development" Sent: Sunday, May 04, 2008 11:12 AM Subject: Re: [geeklog-devel] {blockid} > Dirk Haun wrote: > >> Besides, do dynamically created blocks (like the Forum Menu block) even > have a bid? > > They do in the case of the forum but there may be some code that in the > future generates the needed array of block info dynamically. > > Michael Jervis wrote: > > Why not take it from bid? Which is unique and safe, prefixed with > block to make it meaningful. > > It was just that id="blk23" is not as meaningfull as id="myblock" - it's > easier to use in this code to set the ID though. > Blaine > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel From kevin at metalaxe.com Sun May 4 16:57:45 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Sun, 4 May 2008 13:57:45 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver Message-ID: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com> Hello, My name is Kevin Peno. I work with the Microsoft Open Source Group and have been assigned to help with updating this software to work properly with the new SQL Server driver from Microsoft. I've been working on this for about 3 weeks now and have completely re-written the your abstraction file to work with the new driver, as well as cleaned up a good amount of the code, SQL batch for the install. Currently I'm at the point of fixing some issues with addslashes spread throughout the code that is causing a lot of compatibility issues. I haven't been able to get a CVS system working well yet, so I'm unable to commit, but hopefully that will be resolved soon so that you can all take a look and do some testing. Today I'm emailing because I have been watching the mailing list and noticed increased activity on the subject. Because I haven't been able to use an CVS client I'm stuck manually patching against nightly builds for now, which is making it extremely difficult for me to keep up with the changes being made (much less know the difference between what I fixed and you all have fixed. I was hoping that we could maybe sync testing/changes with each other in a better way temporarily, such as emailing me udiffs directly if changes are made. If you guys have any ideas that will help me out with this temporary inconvenience, such as workarounds for problems with any windows CVS client. I'd really appreciate it. I hope that I can get everything finished upo, reviewed and released to you fro testing within the next 1.5 weeks. Regards, Kevin Peno Senior PHP Developer Microsoft Open Source Group -------------- next part -------------- An HTML attachment was scrubbed... URL: From dirk at haun-online.de Sun May 4 17:31:41 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 4 May 2008 23:31:41 +0200 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com> References: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com> Message-ID: <20080504213141.961000704@smtp.haun-online.de> Kevin, since you've been following the mailing list, you probably noticed that we'll take all the help we can get for the MS SQL support. So welcome :-) >and have completely re-written the your >abstraction file to work with the new driver, as well as cleaned up a >good amount of the code, SQL batch for the install. Currently I'm at the >point of fixing some issues with addslashes spread throughout the code >that is causing a lot of compatibility issues. The addslashes() abuse is a hole that we dug ourselves into over the years and that isn't easy to fix without breaking things elsewhere. So be careful there. Randy Kolenko wrote the current MS SQL layer - he can probably chime in with some of his experiences. >I haven't been able to >get a CVS system working well yet, so I'm unable to commit, but >hopefully that will be resolved soon so that you can all take a look and >do some testing. I'm not on Windows, but many people here are. Surely it can't be that hard to get a CVS client working on Windows? What exactly isn't working for you? >Because I haven't been able >to use an CVS client I'm stuck manually patching against nightly builds >for now, which is making it extremely difficult for me to keep up with >the changes being made (much less know the difference between what I >fixed and you all have fixed. We also have a CVS notification list, if that helps: Since we're nearing a release, the amount of CVS changes should be slowing down now. Thanks for your efforts. I'm sure we can find a way to sync your work with ours. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From mjervis at gmail.com Mon May 5 01:53:03 2008 From: mjervis at gmail.com (Michael Jervis) Date: Mon, 5 May 2008 06:53:03 +0100 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <20080504213141.961000704@smtp.haun-online.de> References: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com> <20080504213141.961000704@smtp.haun-online.de> Message-ID: <7b42e7470805042253j2b80ab1ag132da5112c7b4f66@mail.gmail.com> > >and have completely re-written the your > >abstraction file to work with the new driver, as well as cleaned up a > >good amount of the code, SQL batch for the install. Currently I'm at the > >point of fixing some issues with addslashes spread throughout the code > >that is causing a lot of compatibility issues. Might I suggest submitting some initial patches to the list so we can incorporate things? I've been working on the MSSQL in spare lunch time at work (where my machine is powerful enough to actually run SQL Server...) don't want to duplicate effort too much! > >I haven't been able to > >get a CVS system working well yet, so I'm unable to commit, but > >hopefully that will be resolved soon so that you can all take a look and > >do some testing. > > I'm not on Windows, but many people here are. Surely it can't be that > hard to get a CVS client working on Windows? What exactly isn't working > for you? It takes about 2 seconds. Download TortoiseCVS: http://www.tortoisecvs.org/download.shtml Install, reboot. Right click in a folder, select CVS Checkout. Protocol - Secure Shell (:ext:) Server - CVS.geeklog.net Repository Folder: /cvsroot/geeklog Username: anonymous Module: Geeklog-1.x (see attached screenshot, noticing carefully that I put the wrong bloody username in) Click OK Accept the fingerprint of the host. When prompted for password, it's geeklog. Whilst that checksout, you probably also want to install winmerge: http://winmerge.org/ For creating patches etc easily. Any issues getting it working, drop me a line, I'm working on Windows with CVS/Apache/PHP/MySQL/Winmerge etc all running in windows. Cheers, Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: glcheckout.jpg Type: image/jpeg Size: 38559 bytes Desc: not available URL: From mjervis at gmail.com Mon May 5 06:22:17 2008 From: mjervis at gmail.com (Michael Jervis) Date: Mon, 5 May 2008 11:22:17 +0100 Subject: [geeklog-devel] [geeklog-cvs]Geeklog-1.x/sqlmssql_tableanddata.php, 1.34, 1.35 In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F269D59@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F269D59@nex-pluto.nextide.ca> Message-ID: <7b42e7470805050322m421dee28j32ead6b98e3d73f8@mail.gmail.com> > There is another issue I found in the installer - when you have a path > that has spaces in it, the installer fails right after you click on the > "Install >>" button. Fresh CVS, windows install, no error with a path with spaces after hitting Install >>. Weird. From kevin at metalaxe.com Mon May 5 13:10:46 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Mon, 5 May 2008 10:10:46 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <7b42e7470805042253j2b80ab1ag132da5112c7b4f66@mail.gmail.com> References: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com><20080504213141.961000704@smtp.haun-online.de> <7b42e7470805042253j2b80ab1ag132da5112c7b4f66@mail.gmail.com> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB101A7AC@hive.metalaxe.com> Hello, thanks for all the responses. The issue isn't windows and CVS, it's vista's UAC verses TortoiseCVS (or winCVS which I've also tried). It is mostly a matter of finding all of the files that I need to allow admin on as they run. Once I've narrowed it down I can start to commit. Right now I'm just getting crashes and errors all over. I wish I could pop in small patches, but honestly there is just too much work that has been done. Also, everything that I do has to go through MS (QA) for approval before I give it to you, so It would be a serious waste of time for us to go back and forth for months. I spent 2 days in the first week completely starting over the driver honestly. There are just a couple of more bugs I want to fix up (and some memory issues to clean up) then I'll start the process. I think that going through and finishing up what I've got going (mostly just fixing the installation problems now) so that I know everything is working, and then committing for help bug fixing the rest of the program is going to be the best for all of us. I also think it would be good in order to meet your next release if possible. Regards, Kevin -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Michael Jervis Sent: Sunday, May 04, 2008 10:53 PM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver > >and have completely re-written the your >abstraction file to work > with the new driver, as well as cleaned up a >good amount of the > code, SQL batch for the install. Currently I'm at the >point of > fixing some issues with addslashes spread throughout the code >that > is causing a lot of compatibility issues. Might I suggest submitting some initial patches to the list so we can incorporate things? I've been working on the MSSQL in spare lunch time at work (where my machine is powerful enough to actually run SQL Server...) don't want to duplicate effort too much! > >I haven't been able to > >get a CVS system working well yet, so I'm unable to commit, but > >hopefully that will be resolved soon so that you can all take a look > and >do some testing. > > I'm not on Windows, but many people here are. Surely it can't be that > hard to get a CVS client working on Windows? What exactly isn't > working for you? It takes about 2 seconds. Download TortoiseCVS: http://www.tortoisecvs.org/download.shtml Install, reboot. Right click in a folder, select CVS Checkout. Protocol - Secure Shell (:ext:) Server - CVS.geeklog.net Repository Folder: /cvsroot/geeklog Username: anonymous Module: Geeklog-1.x (see attached screenshot, noticing carefully that I put the wrong bloody username in) Click OK Accept the fingerprint of the host. When prompted for password, it's geeklog. Whilst that checksout, you probably also want to install winmerge: http://winmerge.org/ For creating patches etc easily. Any issues getting it working, drop me a line, I'm working on Windows with CVS/Apache/PHP/MySQL/Winmerge etc all running in windows. Cheers, Mike From mjervis at gmail.com Mon May 5 13:26:33 2008 From: mjervis at gmail.com (Michael Jervis) Date: Mon, 5 May 2008 18:26:33 +0100 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB101A7AC@hive.metalaxe.com> References: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com> <20080504213141.961000704@smtp.haun-online.de> <7b42e7470805042253j2b80ab1ag132da5112c7b4f66@mail.gmail.com> <9CE911D90980BB4980C2CFD886ED6CB101A7AC@hive.metalaxe.com> Message-ID: <7b42e7470805051026u5651176asb4a62a34cafb72e7@mail.gmail.com> On Mon, May 5, 2008 at 6:10 PM, Kevin J. Peno wrote: > Hello, thanks for all the responses. The issue isn't windows and CVS, > it's vista's UAC verses TortoiseCVS (or winCVS which I've also tried). > It is mostly a matter of finding all of the files that I need to allow > admin on as they run. Once I've narrowed it down I can start to commit. > Right now I'm just getting crashes and errors all over. Install Cygwin as administrator and use commandline CVS from BASH prompt? From eakwarren at gmail.com Mon May 5 13:41:40 2008 From: eakwarren at gmail.com (Eric Warren) Date: Mon, 5 May 2008 11:41:40 -0600 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <7b42e7470805051026u5651176asb4a62a34cafb72e7@mail.gmail.com> References: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com> <20080504213141.961000704@smtp.haun-online.de> <7b42e7470805042253j2b80ab1ag132da5112c7b4f66@mail.gmail.com> <9CE911D90980BB4980C2CFD886ED6CB101A7AC@hive.metalaxe.com> <7b42e7470805051026u5651176asb4a62a34cafb72e7@mail.gmail.com> Message-ID: Or just turn off UAC in Vista (if you're an administrator.) I hate UAC. First stupid thing I disabled when I "upgraded" to Vista. Eric On Mon, May 5, 2008 at 11:26 AM, Michael Jervis wrote: > On Mon, May 5, 2008 at 6:10 PM, Kevin J. Peno wrote: > > Hello, thanks for all the responses. The issue isn't windows and CVS, > > it's vista's UAC verses TortoiseCVS (or winCVS which I've also tried). > > It is mostly a matter of finding all of the files that I need to allow > > admin on as they run. Once I've narrowed it down I can start to commit. > > Right now I'm just getting crashes and errors all over. > > Install Cygwin as administrator and use commandline CVS from BASH prompt? > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin at metalaxe.com Mon May 5 14:19:45 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Mon, 5 May 2008 11:19:45 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: References: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com><20080504213141.961000704@smtp.haun-online.de><7b42e7470805042253j2b80ab1ag132da5112c7b4f66@mail.gmail.com><9CE911D90980BB4980C2CFD886ED6CB101A7AC@hive.metalaxe.com><7b42e7470805051026u5651176asb4a62a34cafb72e7@mail.gmail.com> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB101A7AD@hive.metalaxe.com> Hey Eric, Are you using TortoiseCVS on vista? If so which version number? I guess I should switch mailing lists :P Kevin From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Eric Warren Sent: Monday, May 05, 2008 10:42 AM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver Or just turn off UAC in Vista (if you're an administrator.) I hate UAC. First stupid thing I disabled when I "upgraded" to Vista. Eric On Mon, May 5, 2008 at 11:26 AM, Michael Jervis wrote: On Mon, May 5, 2008 at 6:10 PM, Kevin J. Peno wrote: > Hello, thanks for all the responses. The issue isn't windows and CVS, > it's vista's UAC verses TortoiseCVS (or winCVS which I've also tried). > It is mostly a matter of finding all of the files that I need to allow > admin on as they run. Once I've narrowed it down I can start to commit. > Right now I'm just getting crashes and errors all over. Install Cygwin as administrator and use commandline CVS from BASH prompt? _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From eakwarren at gmail.com Mon May 5 14:39:32 2008 From: eakwarren at gmail.com (Eric Warren) Date: Mon, 5 May 2008 12:39:32 -0600 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB101A7AD@hive.metalaxe.com> References: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com> <20080504213141.961000704@smtp.haun-online.de> <7b42e7470805042253j2b80ab1ag132da5112c7b4f66@mail.gmail.com> <9CE911D90980BB4980C2CFD886ED6CB101A7AC@hive.metalaxe.com> <7b42e7470805051026u5651176asb4a62a34cafb72e7@mail.gmail.com> <9CE911D90980BB4980C2CFD886ED6CB101A7AD@hive.metalaxe.com> Message-ID: Hi Kevin, I'm using Tortoise CVS v1.10.5, but it's got a bug in one of it's components TortoisePlink.exe, so I just pointed it to Tortoise SVN's version (configurable in the settings, I believe) and it works fine for me to grab code from the GL repo, but note that I don't have commit rights, so I've only tested CVS Checkout and CVS Update functionality. The Tortoise SVN client works fine though for Checkout, Update, and Commit functionality in Vista. Hope this helps! Eric On Mon, May 5, 2008 at 12:19 PM, Kevin J. Peno wrote: > Hey Eric, > > > > Are you using TortoiseCVS on vista? If so which version number? I guess I > should switch mailing lists :P > > > > Kevin > > > > *From:* geeklog-devel-bounces at lists.geeklog.net [mailto: > geeklog-devel-bounces at lists.geeklog.net] *On Behalf Of *Eric Warren > *Sent:* Monday, May 05, 2008 10:42 AM > *To:* Geeklog Development > *Subject:* Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver > > > > Or just turn off UAC in Vista (if you're an administrator.) I hate UAC. > First stupid thing I disabled when I "upgraded" to Vista. > > > > Eric > > On Mon, May 5, 2008 at 11:26 AM, Michael Jervis wrote: > > On Mon, May 5, 2008 at 6:10 PM, Kevin J. Peno wrote: > > Hello, thanks for all the responses. The issue isn't windows and CVS, > > it's vista's UAC verses TortoiseCVS (or winCVS which I've also tried). > > It is mostly a matter of finding all of the files that I need to allow > > admin on as they run. Once I've narrowed it down I can start to commit. > > Right now I'm just getting crashes and errors all over. > > Install Cygwin as administrator and use commandline CVS from BASH prompt? > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin at metalaxe.com Mon May 5 15:10:10 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Mon, 5 May 2008 12:10:10 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: References: <9CE911D90980BB4980C2CFD886ED6CB101A7AB@hive.metalaxe.com><20080504213141.961000704@smtp.haun-online.de><7b42e7470805042253j2b80ab1ag132da5112c7b4f66@mail.gmail.com><9CE911D90980BB4980C2CFD886ED6CB101A7AC@hive.metalaxe.com><7b42e7470805051026u5651176asb4a62a34cafb72e7@mail.gmail.com><9CE911D90980BB4980C2CFD886ED6CB101A7AD@hive.metalaxe.com> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB101A7B0@hive.metalaxe.com> That is exactly the problem I was having trouble with. Thanks a lot! Regards, Kevin From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Eric Warren Sent: Monday, May 05, 2008 11:40 AM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver Hi Kevin, I'm using Tortoise CVS v1.10.5, but it's got a bug in one of it's components TortoisePlink.exe, so I just pointed it to Tortoise SVN's version (configurable in the settings, I believe) and it works fine for me to grab code from the GL repo, but note that I don't have commit rights, so I've only tested CVS Checkout and CVS Update functionality. The Tortoise SVN client works fine though for Checkout, Update, and Commit functionality in Vista. Hope this helps! Eric On Mon, May 5, 2008 at 12:19 PM, Kevin J. Peno wrote: Hey Eric, Are you using TortoiseCVS on vista? If so which version number? I guess I should switch mailing lists :P Kevin From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Eric Warren Sent: Monday, May 05, 2008 10:42 AM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver Or just turn off UAC in Vista (if you're an administrator.) I hate UAC. First stupid thing I disabled when I "upgraded" to Vista. Eric On Mon, May 5, 2008 at 11:26 AM, Michael Jervis wrote: On Mon, May 5, 2008 at 6:10 PM, Kevin J. Peno wrote: > Hello, thanks for all the responses. The issue isn't windows and CVS, > it's vista's UAC verses TortoiseCVS (or winCVS which I've also tried). > It is mostly a matter of finding all of the files that I need to allow > admin on as they run. Once I've narrowed it down I can start to commit. > Right now I'm just getting crashes and errors all over. Install Cygwin as administrator and use commandline CVS from BASH prompt? _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From Randy.Kolenko at nextide.ca Mon May 5 19:16:39 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Mon, 5 May 2008 19:16:39 -0400 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca> This is good news that we've got some new eyes in the mix. Some Background: my initial intent and primary goal was to write the abstraction class for MSSQL to minimize the number of code changes required in Geeklog and to hopefully have as many existing plugins be easily converted to support MSSQL. That objective was at least relatively successfully accomplished! One of the reasons the initial class looks the way it does was to handle the "uniqueness" of the Geeklog original code base. That includes using the horriffic "replace into" and LIMIT without even mentioning the various add/remove/add/remove/remove/add/remove slashes :-) However there were always a variety of issues I wanted to resolve in the original MSSQL code -- and with very little MSSQL based feedback, it was tough to get enough issues presented to even have enough to go on for a rewrite. I would love to see the new abstraction class and associated install script. Can you please post them here on the list? My next question is: with the changes you've made, how does that affect the MySQL support? You can't break one to favour the other and nor will anyone adopt massive code changes for their existing and popular MySQL plugins to support mssql. -randy -----Original Message----- From: Kevin J. Peno [mailto:kevin at metalaxe.com] Sent: Sunday, May 04, 2008 4:58 PM To: geeklog-devel at lists.geeklog.net Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver Hello, My name is Kevin Peno. I work with the Microsoft Open Source Group and have been assigned to help with updating this software to work properly with the new SQL Server driver from Microsoft. I've been working on this for about 3 weeks now and have completely re-written the your abstraction file to work with the new driver, as well as cleaned up a good amount of the code, SQL batch for the install. Currently I'm at the point of fixing some issues with addslashes spread throughout the code that is causing a lot of compatibility issues. I haven't been able to get a CVS system working well yet, so I'm unable to commit, but hopefully that will be resolved soon so that you can all take a look and do some testing. Today I'm emailing because I have been watching the mailing list and noticed increased activity on the subject. Because I haven't been able to use an CVS client I'm stuck manually patching against nightly builds for now, which is making it extremely difficult for me to keep up with the changes being made (much less know the difference between what I fixed and you all have fixed. I was hoping that we could maybe sync testing/changes with each other in a better way temporarily, such as emailing me udiffs directly if changes are made. If you guys have any ideas that will help me out with this temporary inconvenience, such as workarounds for problems with any windows CVS client. I'd really appreciate it. I hope that I can get everything finished upo, reviewed and released to you fro testing within the next 1.5 weeks. Regards, Kevin Peno Senior PHP Developer Microsoft Open Source Group -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin at metalaxe.com Tue May 6 11:41:16 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Tue, 6 May 2008 08:41:16 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB101A7B2@hive.metalaxe.com> Hello Randy, The complete abstraction is very much still in place! Thankfully I haven't run in to anything that would cause me to break one for the other. I'm hoping, now that I've fixed my CVS connection issues, that I can get all the changes that took place merged together and finish up the installer tomorrow. I'm wondering your opinion on add/remove slashes. How structured are the queries in that we could possibly rely on turning on quotes_sybase in the mssql driver before queries start getting pumped out. If all the SQL queries are using proper syntax (anything that uses double quotes needs to be re-written anyway because it conflicts with SQL Server) this could solve problem temporarily while the addslashes are phased out. You probably have more experience with the Geeklog core than I, so I'm hoping you can give me some good news here. Also, in regard to MySQL....I think it is important to move that driver to mysql improved (mysqli) and start slowly implementing mysql_real_escape_string instead of addslashes, that way we can all work together in creating a better abstraction layer, hopefully making it extremely easy for anyone to drop in new support for other DBs any time! Anyway, long story short, I hope that I can finish up the installer and driver by tomorrow and send file + patches through to you all soon. Should I be on the CVS mailer for that process? Regards, Kevin Peno From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Randy Kolenko Sent: Monday, May 05, 2008 4:17 PM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver This is good news that we've got some new eyes in the mix. Some Background: my initial intent and primary goal was to write the abstraction class for MSSQL to minimize the number of code changes required in Geeklog and to hopefully have as many existing plugins be easily converted to support MSSQL. That objective was at least relatively successfully accomplished! One of the reasons the initial class looks the way it does was to handle the "uniqueness" of the Geeklog original code base. That includes using the horriffic "replace into" and LIMIT without even mentioning the various add/remove/add/remove/remove/add/remove slashes :-) However there were always a variety of issues I wanted to resolve in the original MSSQL code -- and with very little MSSQL based feedback, it was tough to get enough issues presented to even have enough to go on for a rewrite. I would love to see the new abstraction class and associated install script. Can you please post them here on the list? My next question is: with the changes you've made, how does that affect the MySQL support? You can't break one to favour the other and nor will anyone adopt massive code changes for their existing and popular MySQL plugins to support mssql. -randy -----Original Message----- From: Kevin J. Peno [mailto:kevin at metalaxe.com] Sent: Sunday, May 04, 2008 4:58 PM To: geeklog-devel at lists.geeklog.net Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver Hello, My name is Kevin Peno. I work with the Microsoft Open Source Group and have been assigned to help with updating this software to work properly with the new SQL Server driver from Microsoft. I've been working on this for about 3 weeks now and have completely re-written the your abstraction file to work with the new driver, as well as cleaned up a good amount of the code, SQL batch for the install. Currently I'm at the point of fixing some issues with addslashes spread throughout the code that is causing a lot of compatibility issues. I haven't been able to get a CVS system working well yet, so I'm unable to commit, but hopefully that will be resolved soon so that you can all take a look and do some testing. Today I'm emailing because I have been watching the mailing list and noticed increased activity on the subject. Because I haven't been able to use an CVS client I'm stuck manually patching against nightly builds for now, which is making it extremely difficult for me to keep up with the changes being made (much less know the difference between what I fixed and you all have fixed. I was hoping that we could maybe sync testing/changes with each other in a better way temporarily, such as emailing me udiffs directly if changes are made. If you guys have any ideas that will help me out with this temporary inconvenience, such as workarounds for problems with any windows CVS client. I'd really appreciate it. I hope that I can get everything finished upo, reviewed and released to you fro testing within the next 1.5 weeks. Regards, Kevin Peno Senior PHP Developer Microsoft Open Source Group -------------- next part -------------- An HTML attachment was scrubbed... URL: From joe at ThrowingDice.com Tue May 6 12:59:31 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Tue, 06 May 2008 12:59:31 -0400 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.c a> References: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca> Message-ID: <0K0G00IJJHU9TB20@mta4.srv.hcvlny.cv.net> At 07:16 PM 5/5/2008, Randy Kolenko wrote: >the various add/remove/add/remove/remove/add/remove slashes :-) I've railed about this a lot. In my opinion, there should be only one call to stripslashes in the entire code base: Inside COM_stripslashes to handle the magic quotes nonsense. As for addslashes it too should never be called. There should be a DB_quote function in lib-database and the database classes. We should do a codewide search and replace of addslashes with DB_quote, a function supported by the database layer. mySQL's DB_quote would call mysql_real_quote_string. MSSQL would double up the single quotes. Someone would have to eyeball that search/replace but it really should be done. At 11:41 AM 5/6/2008, Kevin J. Peno wrote: >Also, in regard to MySQL .I think it is >important to move that driver to mysql improved >(mysqli) and start slowly implementing >mysql_real_escape_string instead of addslashes, >that way we can all work together in creating a >better abstraction layer, hopefully making it >extremely easy for anyone to drop in new support for other DBs any time! I've been on several shared hosts that don't offer mysqli for PHP. This isn't likely to happen. Yes, it would be nice to code with ? parameters but that won't happen without rewriting lots and lots of GL1. Move to GL2 if you want a clean database abstraction. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From Randy.Kolenko at nextide.ca Tue May 6 13:08:54 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Tue, 6 May 2008 13:08:54 -0400 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F130328@nex-pluto.nextide.ca> >Also, in regard to MySQL....I think it is important to move that driver to >mysql improved (mysqli) and start slowly implementing mysql_real_escape_string >instead of addslashes, that way we can all work together in creating a better >abstraction layer, hopefully making it extremely easy for anyone to drop in >new support for other DBs any time! Good idea, however I don't necessarily see what you're suggesting actually happening in practise for GL 1.x short of doing what I had to do with the mssql class -- using approximations, stored procedures and UDFs to support the specific database flavour in order to have as many existing plugins work "out of the box" (not just plugins, but also the entire GL core code base). This is why I was curious to see your revamped mssql class in order to get an idea of what you've done to improve on it. Especially for things like LIMIT and REPLACE INTO approximations (that's not even including the fact that the UDFs and stored procs I wrote were to help ease people in moving from MySQL to MS SQL server so that their overall plugin code could remain relatively in tact when using MySQL specific functions). As for the add/strip/add/strip slashes -- well, as Dirk said, this is a bit of a sticky issue. I couldn't really count on anything being in the right escaped order. I would suggest getting Geeklog and install as many plugins as you can download and then do a global search for add/remove slashes to get a sence as to how many times its done and then how we could manage that in moving forward for ALL databases. A real long term solution for GL1.x is to use something like the boilerplate plugin example I uploaded to Geeklog.net (search for mssql and its one of the downloadable items). The boilerplate example shows how you *can* write a plugin to work with mysql and sql server using different techniques to get the data up and down the layers of the application. In that example, the UI stays the same, but the underlying data access layer can be swapped out for any DB. -randy From mjervis at gmail.com Tue May 6 15:27:42 2008 From: mjervis at gmail.com (Michael Jervis) Date: Tue, 6 May 2008 20:27:42 +0100 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB101A7B2@hive.metalaxe.com> References: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca> <9CE911D90980BB4980C2CFD886ED6CB101A7B2@hive.metalaxe.com> Message-ID: <7b42e7470805061227l6a6c8f43ge86075f3ad2cb20d@mail.gmail.com> > If all the SQL queries > are using proper syntax (anything that uses double quotes needs to be > re-written anyway because it conflicts with SQL Server) this could solve > problem temporarily while the addslashes are phased out. You probably have > more experience with the Geeklog core than I, so I'm hoping you can give me > some good news here. As previously noted by others, MySQL is the primary platform for Geeklog 1.x, the community plugin authors likely do not have MS SQL knowledge or environments, we're always going to get MySQL specific syntax and queries from other plugins. Primary reason for the whole big deal of the MS SQL abstraction that Randy produced is this compatibility issue. Of course Geeklog 2 is powered by Propel which supports MS SQL and prevents all this stuff (unless I've missed the point). I think it's unrealistic to expect Geeklog to be fully database agnostic any time soon, strip/add slashes not withstanding. (Though the story system should be suitably clean for that by now). > Also, in regard to MySQL?.I think it is important to move that driver to > mysql improved (mysqli) and start slowly implementing > mysql_real_escape_string instead of addslashes, that way we can all work > together in creating a better abstraction layer, hopefully making it > extremely easy for anyone to drop in new support for other DBs any time! Er, as noted mysqli is pretty limited in many hosting environments. Dreamhost who allow one hell of a lot (SVN server? No problem! PHP4/PHP5 switched on per domain/subdomain? No problem...) don't have mysqli installed, I'd have to compile and install my own PHP (allowed) to get it (and I'm not about to be doing that...) > Anyway, long story short, I hope that I can finish up the installer and > driver by tomorrow and send file + patches through to you all soon. Should I > be on the CVS mailer for that process? It wouldn't hurt, but, the digest is sent to this list. Now, other issue... What exactly are your rules of engagement here? I'm a little puzzled at the moment. I'm a little disconcerted that you've apparently been working on this for three weeks without even saying "hi" to the community, the core team, or the maintainer of the version. You seem to be making some hopeful assumptions about Geeklog sorting it's SQL out properly to be agnostic and work better, which haven't been discussed (hopefully it's not too depressing after my comments) which maybe would have changed your approach etc. At the very least, your life could have been less painful if you'd asked about CVS clients on Vista and getting them working earlier! You mention the inability to supply a patch or anything until it's been through Microsoft QA, but I would have said it's a bit more important it goes through us than them. Since it's not going to go into our repository (ever) if it relies on breaking all Geeklog plugin's SQL to work! ;-) What's your background with geeklog? Totally new to it before MS put you on the case? Did you pick it or were you assigned it? How much time did you spend getting to grips with the platform/codebase/community etc before starting to look at the SQL server support? What's your SQL Server experience/PHP experience etc? Don't mean to come across like the Spanish inquisition [1], but it would be really good to know what's going on... Cheers, Mike [1] - NOONE expects the Spanish inquisition, etc. From joe at throwingdice.com Tue May 6 15:55:47 2008 From: joe at throwingdice.com (Joe Mucchiello) Date: Tue, 06 May 2008 15:55:47 -0400 Subject: [geeklog-devel] Microsummaries in a topic do not work Message-ID: <0K0G00D8YQ27FPB1@mta4.srv.hcvlny.cv.net> From index.php $microsummary = false; if (isset ($_GET['display']) && empty ($topic)) { if ($_GET['display'] == 'new') { $newstories = true; } else if ($_GET['display'] == 'all') { $displayall = true; } else if ($_GET['display'] == 'microsummary') { $microsummary = true; } } So, $microsummary cannot be true if $topic is set. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From tony at tonybibbs.com Tue May 6 16:21:28 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 6 May 2008 13:21:28 -0700 (PDT) Subject: [geeklog-devel] Bad Behavior Message-ID: <967998.44551.qm@web707.biz.mail.mud.yahoo.com> I just upgraded to Bad Behavior 2 on a fresh (from scratch) 1.4.1 installation. When I try to moderating anything I get a bad behavior error saying my IP has been blocked and then I get linked to this page which doesn't help me at all. Thoughts? Technical SupportYour request was intercepted by Bad Behavior,security software which protects the Web site you visited frommalicious activity, such as hackers, spam and viruses. We apologize forthe inconvenience, but your request matched a profile of suspiciousactivity. This problem is usually quite easy to fix. Your request was blocked because of malicious automated requests received from your computer's IP address. Your computer's IP address was determined to have recently sent spam or engaged in malicious activity as reported by a third-party monitoring service. This means your computer is most likely infected with viruses or other malicious software. See below for more information and removal instructions. This problem may be caused by viruses or spyware on your computer, or by malicious software that pretends to be anti-virus or anti-spyware software. Ensure that you have REAL anti-virus and anti-spyware software on your computer, that they are kept up-to-date, and that you have run a full system scan using each tool. Once your system is cleaned of viruses and spyware, please try your request again. The free Google Pack provides trustworthy anti-virus and anti-spyware software. Get essential software with Google Pack. Thismay also occur with old versions of Bad Behavior. If you do not see anyblacklist providers listed below, and you are the site administrator,try updating to the latest version of Bad Behavior. Blacklist Reason(s): If the above suggestions fail to resolve the problem, click Back and contact the e-mail address you were given for further assistance. From tony at tonybibbs.com Tue May 6 16:29:03 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 6 May 2008 13:29:03 -0700 (PDT) Subject: [geeklog-devel] Bad Behavior Message-ID: <206610.45402.qm@web702.biz.mail.mud.yahoo.com> Sorry meant to send this to the users list. --Tony ----- Original Message ---- From: Tony Bibbs To: geeklog-devel at lists.geeklog.net Sent: Tuesday, May 6, 2008 3:21:28 PM Subject: [geeklog-devel] Bad Behavior I just upgraded to Bad Behavior 2 on a fresh (from scratch) 1.4.1 installation. When I try to moderating anything I get a bad behavior error saying my IP has been blocked and then I get linked to this page which doesn't help me at all. Thoughts? Technical SupportYour request was intercepted by Bad Behavior,security software which protects the Web site you visited frommalicious activity, such as hackers, spam and viruses. We apologize forthe inconvenience, but your request matched a profile of suspiciousactivity. This problem is usually quite easy to fix. Your request was blocked because of malicious automated requests received from your computer's IP address. Your computer's IP address was determined to have recently sent spam or engaged in malicious activity as reported by a third-party monitoring service. This means your computer is most likely infected with viruses or other malicious software. See below for more information and removal instructions. This problem may be caused by viruses or spyware on your computer, or by malicious software that pretends to be anti-virus or anti-spyware software. Ensure that you have REAL anti-virus and anti-spyware software on your computer, that they are kept up-to-date, and that you have run a full system scan using each tool. Once your system is cleaned of viruses and spyware, please try your request again. The free Google Pack provides trustworthy anti-virus and anti-spyware software. Get essential software with Google Pack. Thismay also occur with old versions of Bad Behavior. If you do not see anyblacklist providers listed below, and you are the site administrator,try updating to the latest version of Bad Behavior. Blacklist Reason(s): If the above suggestions fail to resolve the problem, click Back and contact the e-mail address you were given for further assistance. _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From dirk at haun-online.de Tue May 6 16:53:42 2008 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 6 May 2008 22:53:42 +0200 Subject: [geeklog-devel] Bad Behavior In-Reply-To: <967998.44551.qm@web707.biz.mail.mud.yahoo.com> References: <967998.44551.qm@web707.biz.mail.mud.yahoo.com> Message-ID: <20080506205342.508198600@smtp.haun-online.de> Tony Bibbs wrote: >Your request was blocked because of malicious automated requests >received from your computer's IP address. BB uses a few IP blacklists and apparently they're not too reliable. Dive into the bad_behavior directory (in public_html) and find the file that has "blacklist" in its name. In there, comment out all the blacklist entries. It's what I've done on geeklog.net. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From tony at tonybibbs.com Tue May 6 16:29:03 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 6 May 2008 13:29:03 -0700 (PDT) Subject: [geeklog-devel] [geeklog-users] Bad Behavior Message-ID: <206610.45402.qm@web702.biz.mail.mud.yahoo.com> Sorry meant to send this to the users list. --Tony ----- Original Message ---- From: Tony Bibbs To: geeklog-devel at lists.geeklog.net Sent: Tuesday, May 6, 2008 3:21:28 PM Subject: [geeklog-devel] Bad Behavior I just upgraded to Bad Behavior 2 on a fresh (from scratch) 1.4.1 installation. When I try to moderating anything I get a bad behavior error saying my IP has been blocked and then I get linked to this page which doesn't help me at all. Thoughts? Technical SupportYour request was intercepted by Bad Behavior,security software which protects the Web site you visited frommalicious activity, such as hackers, spam and viruses. We apologize forthe inconvenience, but your request matched a profile of suspiciousactivity. This problem is usually quite easy to fix. Your request was blocked because of malicious automated requests received from your computer's IP address. Your computer's IP address was determined to have recently sent spam or engaged in malicious activity as reported by a third-party monitoring service. This means your computer is most likely infected with viruses or other malicious software. See below for more information and removal instructions. This problem may be caused by viruses or spyware on your computer, or by malicious software that pretends to be anti-virus or anti-spyware software. Ensure that you have REAL anti-virus and anti-spyware software on your computer, that they are kept up-to-date, and that you have run a full system scan using each tool. Once your system is cleaned of viruses and spyware, please try your request again. The free Google Pack provides trustworthy anti-virus and anti-spyware software. Get essential software with Google Pack. Thismay also occur with old versions of Bad Behavior. If you do not see anyblacklist providers listed below, and you are the site administrator,try updating to the latest version of Bad Behavior. Blacklist Reason(s): If the above suggestions fail to resolve the problem, click Back and contact the e-mail address you were given for further assistance. _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel _______________________________________________ geeklog-users mailing list geeklog-users at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-users From dirk at haun-online.de Tue May 6 17:18:59 2008 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 6 May 2008 23:18:59 +0200 Subject: [geeklog-devel] Bad Behavior In-Reply-To: <20080506205342.508198600@smtp.haun-online.de> References: <967998.44551.qm@web707.biz.mail.mud.yahoo.com> <20080506205342.508198600@smtp.haun-online.de> Message-ID: <20080506211859.2037400302@smtp.haun-online.de> Dirk Haun wrote: >find the file that has "blacklist" in its name. For the record: I meant the blackhole.inc.php file. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From kevin at metalaxe.com Tue May 6 22:58:28 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Tue, 6 May 2008 19:58:28 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <7b42e7470805061227l6a6c8f43ge86075f3ad2cb20d@mail.gmail.com> References: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca><9CE911D90980BB4980C2CFD886ED6CB101A7B2@hive.metalaxe.com> <7b42e7470805061227l6a6c8f43ge86075f3ad2cb20d@mail.gmail.com> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB101A7B3@hive.metalaxe.com> Hello, I guess I should background a little more. I have been working with PHP for 7 years developing private projects under a variety of dbs. I still have a stronger feel for MySQL than MSSQL, but I have a large resource of people to talk to about MSSQL issues here at Microsoft. I was assigned the project with no prior knowledge of Geeklog. Due to my deadlines, I did not have time to background the project all too much (other than a review of the code). However, I was briefed on it and it was my understanding that someone had at least been in contact with the core team of this project, as is the case for every other project we've worked on. Also, I noticed little actual activity on the list regarding the mssql driver (changes to anyway) since the time I started monitoring it. So, until recently when I saw much more split development, I didn't see a need to interact with the list since some sort of status updates go through my superiors, which I assumed was getting relayed and thus the lack of activity. As far as the process I must follow. I must provide my superiors a working testable driver before I release it to your group (this is one reason why I can't release it now). While I'll be contributing to you in my name, I'm still bound by an internal review beforehand in order to catch things (such as memory issues) before they go crazy. The purpose of my work on this driver is to get programs working with the new driver, not the reversed engineered and VERY outdated php mssql driver. And hopefully have it in the release sometime around the time the driver is released. This driver's requirements will be high. This driver alone will not work in any version of php below the current version (5.2.6) because it's a CTP, not a final, and because it will be released in the coming months. So I've taken advantage of many PHP 5.2 only items that are enabled by default (SPL, etc). Even that is done in limited quantity (ie. Removing the need to store a cache of query resources in favor of returning a result object that can be destroyed at any time). > You seem to be making some hopeful assumptions about Geeklog sorting > it's SQL out properly to be agnostic and work better I'm not making assumptions, the only way you are going to get both working is to fix issues like using double quotes in column values. Otherwise they will never work without hacks. It's my job to make sure the driver works by fixing these issues. If it is not the expectation of the project to get things working without endless hacks, please let me know. However, from what I've seen so far in your code, I don't think there is a need for very much other than to make sure that very certain bad practices aren't done (i.e. the double quote issue). > we're always going to get MySQL specific > syntax and queries from other plugins. 99% of the queries made for MYSQL work without conversion. As you previously mentioned, only some very specific queries will cause issues. If I really have to, I'll run a huge amount of preg_match/replace on every single query sent in, but I find that a complete waste of the purpose and will only cause more issues down the line (like addslashes has). I think it is a better idea for your group to be sure that at minimum certain best practices for portable SQL are used. Everything else can be converted from MySQL if best practices are upheld. > As for the add/strip/add/strip slashes -- well, as Dirk said, this is a bit of a sticky issue. I couldn't > really count on anything being in the right escaped order. I would suggest getting Geeklog and install as > many plugins as you can download and then do a global search for add/remove slashes to get a sence as to how > many times its done and then how we could manage that in moving forward for ALL databases. I have, that's why I wanted to ask if anyone has simply tried turning on quote_sybase. On top of all the addslashes, I've seen a ton of bad str_replace that swap things they shouldn't be when Sybase should be used instead. I guess I'll keep cracking out fixing the installer and try out Sybase in the process. Sorry for the marathon. And I hope that I didn't come off like I'm taking things over. I've just got a lot to get done still and it appears as though thing were not as I was told. So, I will need to have a meeting with my superiors tomorrow about some issues as well. Any ammunition that you can give me for that meeting will be most appreciated. Kind Regards, (and thank you for all the responses) Kevin Peno -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Michael Jervis Sent: Tuesday, May 06, 2008 12:28 PM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver > If all the SQL queries > are using proper syntax (anything that uses double quotes needs to be > re-written anyway because it conflicts with SQL Server) this could solve > problem temporarily while the addslashes are phased out. You probably have > more experience with the Geeklog core than I, so I'm hoping you can give me > some good news here. As previously noted by others, MySQL is the primary platform for Geeklog 1.x, the community plugin authors likely do not have MS SQL knowledge or environments, we're always going to get MySQL specific syntax and queries from other plugins. Primary reason for the whole big deal of the MS SQL abstraction that Randy produced is this compatibility issue. Of course Geeklog 2 is powered by Propel which supports MS SQL and prevents all this stuff (unless I've missed the point). I think it's unrealistic to expect Geeklog to be fully database agnostic any time soon, strip/add slashes not withstanding. (Though the story system should be suitably clean for that by now). > Also, in regard to MySQL....I think it is important to move that driver to > mysql improved (mysqli) and start slowly implementing > mysql_real_escape_string instead of addslashes, that way we can all work > together in creating a better abstraction layer, hopefully making it > extremely easy for anyone to drop in new support for other DBs any time! Er, as noted mysqli is pretty limited in many hosting environments. Dreamhost who allow one hell of a lot (SVN server? No problem! PHP4/PHP5 switched on per domain/subdomain? No problem...) don't have mysqli installed, I'd have to compile and install my own PHP (allowed) to get it (and I'm not about to be doing that...) > Anyway, long story short, I hope that I can finish up the installer and > driver by tomorrow and send file + patches through to you all soon. Should I > be on the CVS mailer for that process? It wouldn't hurt, but, the digest is sent to this list. Now, other issue... What exactly are your rules of engagement here? I'm a little puzzled at the moment. I'm a little disconcerted that you've apparently been working on this for three weeks without even saying "hi" to the community, the core team, or the maintainer of the version. You seem to be making some hopeful assumptions about Geeklog sorting it's SQL out properly to be agnostic and work better, which haven't been discussed (hopefully it's not too depressing after my comments) which maybe would have changed your approach etc. At the very least, your life could have been less painful if you'd asked about CVS clients on Vista and getting them working earlier! You mention the inability to supply a patch or anything until it's been through Microsoft QA, but I would have said it's a bit more important it goes through us than them. Since it's not going to go into our repository (ever) if it relies on breaking all Geeklog plugin's SQL to work! ;-) What's your background with geeklog? Totally new to it before MS put you on the case? Did you pick it or were you assigned it? How much time did you spend getting to grips with the platform/codebase/community etc before starting to look at the SQL server support? What's your SQL Server experience/PHP experience etc? Don't mean to come across like the Spanish inquisition [1], but it would be really good to know what's going on... Cheers, Mike [1] - NOONE expects the Spanish inquisition, etc. _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From joe at throwingdice.com Tue May 6 22:37:18 2008 From: joe at throwingdice.com (Joe Mucchiello) Date: Tue, 06 May 2008 22:37:18 -0400 Subject: [geeklog-devel] Configuration screen Message-ID: <0K0H00J3PBX03FT0@mta4.srv.hcvlny.cv.net> Several things should be done on this screen: The full "admin menu" should be list below the other navigation. So that if you are looking at the stories config, you can jump straight to story admin or topic admin. Microsummary should be in stories and trackback since microsummaries only apply to index.php. (Arguably it should go in Stories right next to Hide Main Page Navigation? since neither applies to anything except index.php) What does "Restore" mean? There's no help for that. If I hit Restore on copyright year, it gives me an entry box with 2008. If you empty the box and save, you still have an empty box. Shouldn't you get "Restore" back? Paths should be after Site and before Mail. Mail should probably be its own page (especially after the GSOC notification project). The ?'s should really be hovers, not links that open a new window.. Theme | Menu Elements -- There should be a simple way to arrange the order of those elements Why are Users and Submissions | Submission Settings not with Stories and Trackbacks. Story Submission Queue? List Draft Stories? Default Post Mode Post Speed Limit -- they all look story related. Languages: I can create a configuration with 3 language files and 2 languages. Not good. If I delete all language config, it does not return to Restore. Same thing with TimeZone. How do I get back to the Default? Notifications: When you add an element, shouldn't there be a dropdown box for what you can add? This is ugly. Shouldn't the language files be hacked in some manner so that Story Default Permissions[0] displays as Owner's Permissions? Story Default Permission Story Default Permissions[0] No access Read-Only Read-Write Story Default Permissions[1] No access Read-Only Read-Write Story Default Permissions[2] No access Read-Only Read-Write Story Default Permissions[3] No access Read-Only Read-Write ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at throwingdice.com Tue May 6 23:55:01 2008 From: joe at throwingdice.com (Joe Mucchiello) Date: Tue, 06 May 2008 23:55:01 -0400 Subject: [geeklog-devel] public_html/index.php Message-ID: <0K0H00BL7C4DNTX0@mta1.srv.hcvlny.cv.net> How long has this been broken? It's in 1.4.1 and 1.5: if (!empty($U['aids'])) { $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", $U['aids'] ) . ") "; } if (!empty($U['tids'])) { $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','", $U['tids'] ) . "') "; } $U has no global value that I'm aware up. It's even a register_globals hole that could show hidden stories. I assume $U should be $_USER. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From joe at throwingdice.com Tue May 6 23:55:01 2008 From: joe at throwingdice.com (Joe Mucchiello) Date: Tue, 06 May 2008 23:55:01 -0400 Subject: [geeklog-devel] public_html/index.php Message-ID: <0K0H00BL7C4DNTX0@mta1.srv.hcvlny.cv.net> How long has this been broken? It's in 1.4.1 and 1.5: if (!empty($U['aids'])) { $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", $U['aids'] ) . ") "; } if (!empty($U['tids'])) { $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','", $U['tids'] ) . "') "; } $U has no global value that I'm aware up. It's even a register_globals hole that could show hidden stories. I assume $U should be $_USER. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From mevans at ecsnet.com Wed May 7 00:00:43 2008 From: mevans at ecsnet.com (Mark R. Evans) Date: Tue, 06 May 2008 23:00:43 -0500 Subject: [geeklog-devel] public_html/index.php In-Reply-To: <0K0H00BL7C4DNTX0@mta1.srv.hcvlny.cv.net> References: <0K0H00BL7C4DNTX0@mta1.srv.hcvlny.cv.net> Message-ID: <4821296B.5050801@ecsnet.com> Joe, Look around line 176, $U is being set from a DB_fetchArray() call. It couldn't hurt to initialize $U['aids'] and $U['tids'] to '' if it is an anonymous user. $U['maxstories'] is already being initialized to 0 if anonymous. Thanks! Mark Joe Mucchiello wrote: > How long has this been broken? It's in 1.4.1 and 1.5: > > if (!empty($U['aids'])) { > $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", $U['aids'] > ) . ") "; > } > > if (!empty($U['tids'])) { > $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','", > $U['tids'] ) . "') "; > } > > $U has no global value that I'm aware up. It's even a register_globals > hole that could show hidden stories. > > I assume $U should be $_USER. > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel From joe at ThrowingDice.com Wed May 7 00:21:46 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Wed, 07 May 2008 00:21:46 -0400 Subject: [geeklog-devel] public_html/index.php In-Reply-To: <4821296B.5050801@ecsnet.com> References: <0K0H00BL7C4DNTX0@mta1.srv.hcvlny.cv.net> <4821296B.5050801@ecsnet.com> Message-ID: <0K0H009OQDCYLOL0@mta3.srv.hcvlny.cv.net> I thought the $_USER loaded $_TABLES['userindex'] since it loads $_TABLES['userprefs']. Don't know why it doesn't. Still, $U['aids'] and $U['tids'] is not initialized when an anonymous user hits that code. Whoa, now my eyes must be bugging out. Line 459 of lib-sessions.php. $sql = "SELECT *,format FROM {$_TABLES['dateformats']},{$_TABLES["users"]},{$_TABLES['userprefs']} " Are those double quotes around "users" in $_TABLES["users"] when the string is delimited with double quotes? At 12:00 AM 5/7/2008, Mark R. Evans wrote: >Joe, > >Look around line 176, $U is being set from a DB_fetchArray() >call. It couldn't hurt to initialize $U['aids'] and $U['tids'] to >'' if it is an anonymous user. $U['maxstories'] is already being >initialized to 0 if anonymous. > >Thanks! >Mark > >Joe Mucchiello wrote: >>How long has this been broken? It's in 1.4.1 and 1.5: >> >>if (!empty($U['aids'])) { >> $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", >> $U['aids'] ) . ") "; >>} >> >>if (!empty($U['tids'])) { >> $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','", >> $U['tids'] ) . "') "; >>} >> >>$U has no global value that I'm aware up. It's even a >>register_globals hole that could show hidden stories. >> >>I assume $U should be $_USER. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Wed May 7 02:02:18 2008 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 7 May 2008 08:02:18 +0200 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB101A7B3@hive.metalaxe.com> References: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca><9CE911D90980BB4 980C2CFD886ED6CB101A7B2@hive.metalaxe.com> <7b42e7470805061227l6a6c8f43ge86075f3ad2cb20d@mail.gmail.com> <9CE911D90980BB4980C2CFD886ED6CB101A7B3@hive.metalaxe.com> Message-ID: <20080507060218.1706716905@smtp.haun-online.de> Kevin J. Peno wrote: >it was my understanding that someone had at least been in contact >with the core team of this project We have been contacted by Garrett Serack back in January, offering support in improving the compatibility with MS SQL server (in various forms). However, nothing came out of it at that point, as Garrett was apparently waiting for some internal clearance and a public announcement of the effort. We haven't heard from him since. >This driver's requirements will be high. This driver alone will not work >in any version of php below the current version (5.2.6) because it's a >CTP, not a final, and because it will be released in the coming months. We've always been trying to be backward compatible. In fact, we're only now thinking about dropping support for PHP 4 after the upcoming 1.5.0 release. Having said that, I guess the typical MS SQL user will probably have less of a problem running an up-to-date version of PHP. Or, spontaneous idea: Maybe we could offer both MS SQL drivers in parallel, as an option at install time? No idea how feasible that would be, though. >Sorry for the marathon. And I hope that I didn't come off like I'm >taking things over. I've just got a lot to get done still and it appears >as though thing were not as I was told. So, I will need to have a >meeting with my superiors tomorrow about some issues as well. Any >ammunition that you can give me for that meeting will be most >appreciated. Well, you have to understand that we're wary when someone wants to drop an (apparently) huge patch on us, without any prior communication. Don't get me wrong - we obviously need help with the MS SQL support and we'll gladly take what we can get. It's just that more communication would really help here, so we both understand the others intentions better. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From mjervis at gmail.com Wed May 7 02:44:19 2008 From: mjervis at gmail.com (Michael Jervis) Date: Wed, 7 May 2008 07:44:19 +0100 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <20080507060218.1706716905@smtp.haun-online.de> References: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca> <7b42e7470805061227l6a6c8f43ge86075f3ad2cb20d@mail.gmail.com> <9CE911D90980BB4980C2CFD886ED6CB101A7B3@hive.metalaxe.com> <20080507060218.1706716905@smtp.haun-online.de> Message-ID: <7b42e7470805062344w12974123s5a50f0dc4b3a5f8f@mail.gmail.com> > >This driver's requirements will be high. This driver alone will not work > >in any version of php below the current version (5.2.6) because it's a > >CTP, not a final, and because it will be released in the coming months. > > We've always been trying to be backward compatible. In fact, we're only > now thinking about dropping support for PHP 4 after the upcoming 1.5.0 > release. My thoughts would be that if the Microsoft driver only works with 5.2.6, then the MS SQL support in Geeklog could validly only work with that. However, non of our core code (i.e. anything outside the MS SQL code) can rely on the same rule. > Or, spontaneous idea: Maybe we could offer both MS SQL drivers in > parallel, as an option at install time? No idea how feasible that would > be, though. The original PHP version only works on Windows right? So /generally/ installing the updated official Microsoft version shouldn't be too much of a problem. The problem I had testing the MS SQL install was that I couldn't get a connection to a named instance on SQL Server 2005 Express with the non-Microsoft driver. So it might be that we can only get it working with the official driver? > >Sorry for the marathon. And I hope that I didn't come off like I'm > >taking things over. I've just got a lot to get done still and it appears > >as though thing were not as I was told. So, I will need to have a > >meeting with my superiors tomorrow about some issues as well. Any > >ammunition that you can give me for that meeting will be most > >appreciated. Well thanks for explaining further, I'm still concerned and disconcerted by it to be honest. You (by which I mean people in general not you specifically) have to work /with/ Open Source projects, especially if the you in question is Microsoft with their negative reputation in the OS community. This means excellent communications, setting the RoE upfront and explaining how the Open Source team at MS has to work, and /agreeing/ what it's going to deliver. Got to rush, kids woken up... Cheers, Mike From Randy.Kolenko at nextide.ca Wed May 7 07:35:22 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Wed, 7 May 2008 07:35:22 -0400 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F13032F@nex-pluto.nextide.ca> Hi Kevin, Just some of my thoughts below: > a need to interact with the list since some sort of status > updates go through my superiors, which I assumed was getting > relayed and thus the lack of activity. Assumptions... Never make them. But to come back and say that you saw no need to interact with the list dosen't sound very "open". You said you were monitoring the list for mssql activity. If you were doing so, you would have seen the relayed messages from your superiors showing up here no? (As per what Michael said, not the inquisition etc etc etc... ) > As far as the process I must follow. I must provide my > superiors a working testable driver before I release it to > your group (this is one reason why I can't release it now). As the original writer of the MSSQL layer, and to perform some kind of peer review, I wouldn't mind to see what changes you've made. > from what I've seen so far in your code, I don't > think there is a need for very much other than to make sure > that very certain bad practices aren't done (i.e. the double > quote issue). Geeklog -- possible. All popular plugins -- perhaps not possible. > I think it is a better idea for your group to be sure > that at minimum certain best practices for portable SQL are > used. Everything else can be converted from MySQL if best > practices are upheld. > For core code -- I agree. For plugins, and especially those that are 100% mySQL based and popular, not sure how you can do that. > > I have, that's why I wanted to ask if anyone has simply tried > turning on quote_sybase. On top of all the addslashes, I've > seen a ton of bad str_replace that swap things they shouldn't > be when Sybase should be used instead. I guess I'll keep > cracking out fixing the installer and try out Sybase in the process. > I agree that the str_replace is not the optimal solution -- but you can never assume that anyone can augment any settings in a hosted environment. This was one of the actual reasons why it was written like that originally -- but above all else it was done so to keep compatability at its highest in its infancy to at least get some adoption of the mssql layer. > still and it appears as though thing were not as I was told. Ammunition for your meeting? Better Communication. Just my $0.02 worth. -randy Ps-- I still think its good to have more eyes in the mssql mix btw. From kevin at metalaxe.com Wed May 7 12:02:02 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Wed, 7 May 2008 09:02:02 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <20080507060218.1706716905@smtp.haun-online.de> References: <063B8B70CB9DA141B2FC1DB483561B9F13031D@nex-pluto.nextide.ca><9CE911D90980BB4980C2CFD886ED6CB101A7B2@hive.metalaxe.com><7b42e7470805061227l6a6c8f43ge86075f3ad2cb20d@mail.gmail.com><9CE911D90980BB4980C2CFD886ED6CB101A7B3@hive.metalaxe.com> <20080507060218.1706716905@smtp.haun-online.de> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB1737E@hive.metalaxe.com> > Well, you have to understand that we're wary when someone wants to drop an (apparently) huge patch on us, without any prior communication. Like I said, I thought that Garrett had more communication than you have mentioned. This is why I didn't think I was merely dropping in. As noted by Dirk, they had contact with Garrett, but even a review of the mailing list doesn't show that communication, unless I missed it. So I could not assume this was the only method of conversation. Again, I apologize that I didn't get in communication sooner, but I was under the impression that things were taken care of. In either case, I totally understand your reaction! :) > We've always been trying to be backward compatible. In fact, we're only now thinking about dropping support for PHP 4 after the upcoming 1.5.0 release. There's actually nothing I can do about PHP < 5 in regards to the new SQL driver. If you like, it would only take a few minor changes to release both drivers separated from one another. I had this thought at first, but was pushed to completely override it in favor (for obvious reasons). If this is the direction you want to go, I'd lose none of my work in doing so. > My thoughts would be that if the Microsoft driver only works with 5.2.6, then the MS SQL support in Geeklog could validly only work with that. I've added no PHP 5 specific code outside of the driver and do not plan to do so. Thus, PHP 5 usage would (so far) only be within the MSSQL driver. The purpose of my work was not to break anything existing in the process of adding support. > So it might be that we can only get it working with the official driver? The problems you are seeing is because the old PHP driver will not run properly (at all) with SQL Server 2005+. This is similar to trying to run a MySQL 4 client against the MySQL 5 server, exactly the same in the case of client connections in fact. This is one reason why it is a bad idea to work with the old driver. > This means excellent communications, setting the RoE upfront and explaining how the Open Source team at MS has to work, and /agreeing/ what it's going to deliver. I totally agree with you. Like I said I expected much more was going on than appears to have been. I will say, I was watching the list for MSSQL activity to catch, mostly, bug reports in the currently existing driver. Not specifically for communication, which I thought was going on elsewhere :) > Assumptions... Never make them. > But to come back and say that you saw no need to interact with the list dosen't sound very "open" As I mostly mentioned above, it isn't really my place to interact. Typically I'm given an introduction by my superiors, but this didn't happen because of time issues. Because of that, I expected the other operation (of their relaying) to happen. If I had known the situation, I would have acted much differently,a nd I do apologize! Further, "no need to interact" was both poor use of words and misjudgement on the message. I was trying to relay that I expected internal responses from my superiors, thus my place was not to interact. Again, I do apologize. > As the original writer of the MSSQL layer, and to perform some kind of > peer review, I wouldn't mind to see what changes you've made. I will be meeting with Garrett soon and, as I mentioned previously, will get you the code as soon as I possibly can so that we can get rolling again. > Geeklog -- possible. > All popular plugins -- perhaps not possible. > ... > For core code -- I agree. For plugins, and especially those that are > 100% mySQL based and popular, not sure how you can do that. As of my position at Microsoft, I'm only worried about the core. However, since eveyrthing I do will be in my name, I do plan personally to continue to help your project (if your group wishes) after we've completed the core together. I hate when someone drops a pile of work on me and runs, and I'd never expect to do the same to anyone else. However, our primary focus is only on the core at this time. > I agree that the str_replace is not the optimal solution -- but you can > never assume that anyone can augment any settings in a hosted > environment. I know I'm the new guy that seems to have rolled in to tell you all what's up, but trust my I'm actually trying to give contrsuctive critisism about the driver as it was laid out. Please don't take my comments about the current situation as if I'm just bad mouthing your work. I am just looking for the best method to complete the work with the least problems. The reason I mentioned the str_replace on \" to "" for instance is because SQL Server should never need double quotes escaped. The old PHP driver supported double quotes, the new does not. The old driver did it the wrong way to help make it closely compatable with MySQL. Your solution is ok for the old driver, especially since there are queries all over with double quotes as column value sets (which, in SQL Server, is equivilant to []), but it is horrible for the new driver. In the current driver have you tried turning on the ini setting for sybase qutoes instead of str_replace the mysql style addslashes? I will talk with my superiors today to see what other method of approval I can take to get the code out to you guys a bit more quickly. However, I'd really like to be sure the install process is atleast working properly before the first release so that I can be sure the prototype is working as expected. It is a bit hard to start getting feedback when I haven't completely finalized and perfected the design for a first review. Also, I'd like to know whom on the list should have the most involvement in the design process. It seems a little late to try this out, but I'd really like to do this the best way for you guys, and our relationship. And again, I'm sorry for what appears to be a jump in on you guys. I will do my best to reconcile the issue and repair the relationship. Kind Regards, Kevin Peno From tony at tonybibbs.com Wed May 7 12:48:28 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 7 May 2008 09:48:28 -0700 (PDT) Subject: [geeklog-devel] public_html/index.php Message-ID: <591839.48694.qm@web706.biz.mail.mud.yahoo.com> Yep perfectly legal (and valid) syntax since it is wrapped in {}. Yes it is a tad annoying to look at, though. ----- Original Message ---- From: Joe Mucchiello To: Geeklog Development Sent: Tuesday, May 6, 2008 11:21:46 PM Subject: Re: [geeklog-devel] public_html/index.php I thought the $_USER loaded $_TABLES['userindex'] since it loads $_TABLES['userprefs']. Don't know why it doesn't. Still, $U['aids'] and $U['tids'] is not initialized when an anonymous user hits that code. Whoa, now my eyes must be bugging out. Line 459 of lib-sessions.php. $sql = "SELECT *,format FROM {$_TABLES['dateformats']},{$_TABLES["users"]},{$_TABLES['userprefs']} " Are those double quotes around "users" in $_TABLES["users"] when the string is delimited with double quotes? At 12:00 AM 5/7/2008, Mark R. Evans wrote: >Joe, > >Look around line 176, $U is being set from a DB_fetchArray() >call. It couldn't hurt to initialize $U['aids'] and $U['tids'] to >'' if it is an anonymous user. $U['maxstories'] is already being >initialized to 0 if anonymous. > >Thanks! >Mark > >Joe Mucchiello wrote: >>How long has this been broken? It's in 1.4.1 and 1.5: >> >>if (!empty($U['aids'])) { >> $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", >> $U['aids'] ) . ") "; >>} >> >>if (!empty($U['tids'])) { >> $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','", >> $U['tids'] ) . "') "; >>} >> >>$U has no global value that I'm aware up. It's even a >>register_globals hole that could show hidden stories. >> >>I assume $U should be $_USER. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From Randy.Kolenko at nextide.ca Wed May 7 13:12:38 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Wed, 7 May 2008 13:12:38 -0400 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F13033A@nex-pluto.nextide.ca> > on the message. I was trying to relay that I expected > internal responses from my superiors, thus my place was not > to interact. Again, I do apologize. > I think what most people were either saying or thinking is that communication is key -- and that probably wraps it up. > I know I'm the new guy that seems to have rolled in to tell > you all what's up, but trust my I'm actually trying to give > contrsuctive critisism about the driver as it was laid out. <> > double quotes as column value sets (which, in SQL Server, is > equivilant to []), but it is horrible for the new driver. Critisisms and flames, as far as my work is concerned, are always welcome as long as we're all on the path together to make things better. > In the current driver have you tried turning on the ini > setting for sybase qutoes instead of str_replace the mysql > style addslashes? I have not done so myself. Perhaps someone else has? ( I doubt it though) -randy From kevin at metalaxe.com Wed May 7 15:27:30 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Wed, 7 May 2008 12:27:30 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F13033A@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F13033A@nex-pluto.nextide.ca> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB17383@hive.metalaxe.com> I spoke with Garrett this morning and he'll be back in contact with the group within the next day to hopefully we can clear up our communication issues and move on to a better relationship together! :) Regards, Kevin Peno -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Randy Kolenko Sent: Wednesday, May 07, 2008 10:13 AM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver > on the message. I was trying to relay that I expected > internal responses from my superiors, thus my place was not > to interact. Again, I do apologize. > I think what most people were either saying or thinking is that communication is key -- and that probably wraps it up. > I know I'm the new guy that seems to have rolled in to tell > you all what's up, but trust my I'm actually trying to give > contrsuctive critisism about the driver as it was laid out. <> > double quotes as column value sets (which, in SQL Server, is > equivilant to []), but it is horrible for the new driver. Critisisms and flames, as far as my work is concerned, are always welcome as long as we're all on the path together to make things better. > In the current driver have you tried turning on the ini > setting for sybase qutoes instead of str_replace the mysql > style addslashes? I have not done so myself. Perhaps someone else has? ( I doubt it though) -randy _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From dirk at haun-online.de Sat May 10 15:59:30 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 10 May 2008 21:59:30 +0200 Subject: [geeklog-devel] Plugin API documentation? Message-ID: <20080510195930.782602727@smtp.haun-online.de> I'm wondering if we shouldn't drop docs/plugin.html from the distribution and link to the Plugin Developers Handbook instead. I know, they're both out of date. Not necessarily wrong but incomplete. But having to maintain two documents when we can't even keep one up to date doesn't seem to make a lot of sense. I see there's a version of the Handbook in the Wiki: I haven't compared them but since there was only one version anyway (IIRC), then I assume the one in the wiki is identical to the original. And it should be easier to maintain it there than as a static document somewhere on Tom's server. So, drop plugin.html and link to the wiki? bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From devel at portalparts.com Sun May 11 12:17:20 2008 From: devel at portalparts.com (Blaine Lang) Date: Sun, 11 May 2008 12:17:20 -0400 Subject: [geeklog-devel] Plugin API documentation? In-Reply-To: <20080510195930.782602727@smtp.haun-online.de> References: <20080510195930.782602727@smtp.haun-online.de> Message-ID: Both are out of date as you mention but think it may be easier to maintain the docs/plugin.html. Atleast this document is just a listing of the API's. Tthe developers guide which has not had any real attention in over 7 years would require more effort to update. Blaine Dirk Haun wrote: > I'm wondering if we shouldn't drop docs/plugin.html from the > distribution and link to the Plugin Developers Handbook instead. > > I know, they're both out of date. Not necessarily wrong but incomplete. > But having to maintain two documents when we can't even keep one up to > date doesn't seem to make a lot of sense. > > I see there's a version of the Handbook in the Wiki: > > > > I haven't compared them but since there was only one version anyway > (IIRC), then I assume the one in the wiki is identical to the original. > And it should be easier to maintain it there than as a static document > somewhere on Tom's server. > > So, drop plugin.html and link to the wiki? > > bye, Dirk > > > From ironmax at spacequad.com Sun May 11 12:24:24 2008 From: ironmax at spacequad.com (Michael Brusletten) Date: Sun, 11 May 2008 12:24:24 -0400 Subject: [geeklog-devel] Plugin API documentation? References: Message-ID: <001401c8b383$79c3c560$fe00a8c0@ns2.spacequad.com> This sounds good to me. Your right, having to maintain it more than once can be troublesome. Michael -------------------------- > Message: 1 > Date: Sat, 10 May 2008 21:59:30 +0200 > From: "Dirk Haun" > Subject: [geeklog-devel] Plugin API documentation? > To: geeklog-devel > Message-ID: <20080510195930.782602727 at smtp.haun-online.de> > Content-Type: text/plain; charset=ISO-8859-1 > > I'm wondering if we shouldn't drop docs/plugin.html from the > distribution and link to the Plugin Developers Handbook instead. > > I know, they're both out of date. Not necessarily wrong but incomplete. > But having to maintain two documents when we can't even keep one up to > date doesn't seem to make a lot of sense. > > I see there's a version of the Handbook in the Wiki: > > > > I haven't compared them but since there was only one version anyway > (IIRC), then I assume the one in the wiki is identical to the original. > And it should be easier to maintain it there than as a static document > somewhere on Tom's server. > > So, drop plugin.html and link to the wiki? > > bye, Dirk > From dirk at haun-online.de Mon May 12 12:45:25 2008 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 12 May 2008 18:45:25 +0200 Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? Message-ID: <20080512164525.544773497@smtp.haun-online.de> So, what are the chances of us being able to ship Geeklog 1.5.0 with support for MS SQL? I'm not talking about Kevin's version here - that will come too late for 1.5.0 anyway. How's the status of MS SQL support based on Randy's driver? Last I heard, a fresh install was "almost working". After that, the next hurdle would be to get an upgrade from 1.4.1 working. And then there's the separate plugin install for the five bundled plugins. It's frustrating that I can't test this stuff myself. I'll see what I can do to change that for future releases, but it's too late to do anything about it for 1.5.0, so I'm relying on someone from the community to step up. Please? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From kevin at metalaxe.com Mon May 12 17:05:07 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Mon, 12 May 2008 14:05:07 -0700 Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? In-Reply-To: <20080512164525.544773497@smtp.haun-online.de> References: <20080512164525.544773497@smtp.haun-online.de> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB1739D@hive.metalaxe.com> Hi, I'm not sure I understand why mine will be too late. What's the cut off for review here? To update, today I got install working flawlessly and just need to verify it working with everything else. I ran in to a missing class "template" error after install completed, but I'll open a different email for that. Regards, Kevin Peno -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: Monday, May 12, 2008 9:45 AM To: geeklog-devel Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? So, what are the chances of us being able to ship Geeklog 1.5.0 with support for MS SQL? I'm not talking about Kevin's version here - that will come too late for 1.5.0 anyway. How's the status of MS SQL support based on Randy's driver? Last I heard, a fresh install was "almost working". After that, the next hurdle would be to get an upgrade from 1.4.1 working. And then there's the separate plugin install for the five bundled plugins. It's frustrating that I can't test this stuff myself. I'll see what I can do to change that for future releases, but it's too late to do anything about it for 1.5.0, so I'm relying on someone from the community to step up. Please? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From joe at ThrowingDice.com Mon May 12 17:22:52 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Mon, 12 May 2008 17:22:52 -0400 Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB1739D@hive.metalaxe.com> References: <20080512164525.544773497@smtp.haun-online.de> <9CE911D90980BB4980C2CFD886ED6CB1739D@hive.metalaxe.com> Message-ID: <0K0R00D0LY23SG60@mta1.srv.hcvlny.cv.net> Code cutoff for 1.5 was back in October. Doing a full replacement of the current mssql.class.php file is apparently beyond the focus for getting 1.5 out the door. At 05:05 PM 5/12/2008, Kevin J. Peno wrote: >Hi, > >I'm not sure I understand why mine will be too late. What's the cut off >for review here? To update, today I got install working flawlessly and >just need to verify it working with everything else. > >I ran in to a missing class "template" error after install completed, >but I'll open a different email for that. ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Mon May 12 17:22:55 2008 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 12 May 2008 23:22:55 +0200 Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB1739D@hive.metalaxe.com> References: <20080512164525.544773497@smtp.haun-online.de> <9CE911D90980BB4980C2CFD886ED6CB1739D@hive.metalaxe.com> Message-ID: <20080512212255.154626725@smtp.haun-online.de> Kevin J. Peno wrote: >I'm not sure I understand why mine will be too late. What's the cut off >for review here? We need to have a release out for the start of the coding period of our Summer of Code students. That period starts on May 26. >To update, today I got install working flawlessly and >just need to verify it working with everything else. Sounds good, but from what I understand, it's not just a drop-in replacement of the db driver? Obviously, we don't want to introduce any major code changes at this point. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From kevin at metalaxe.com Mon May 12 17:35:01 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Mon, 12 May 2008 14:35:01 -0700 Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? In-Reply-To: <20080512212255.154626725@smtp.haun-online.de> References: <20080512164525.544773497@smtp.haun-online.de><9CE911D90980BB4980C2CFD886ED6CB1739D@hive.metalaxe.com> <20080512212255.154626725@smtp.haun-online.de> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB1739F@hive.metalaxe.com> >From what I've done so far only the driver is replaced and some SQL issues (both for new and old driver) have been fixed. Other than that, so far, code-base changes are less than minor. From my initial review of the code, I don't think that too much will need to be done to the actual code base (other than verifying that SQL statements aren't using conflicting syntax like double quotes as previously mentioned). I've been talking with Garrett about how fast I can get things out the door. If I can verify the installation and (at least) first page load is working properly, I should be able to get you guys something quickly (after a brief review by MS). If I've missed this release, what's the next expected release increment/cycle and how can we become involved. If necessary I can patch for a separate driver (Randy's MSSQL based on PHP's old driver OR Mine based on the newer SQL Native driver from MS). I'd prefer to get a full, working, patch done before review (as would MS) but, I know MS is going to want to want a way in so, let me know how I should proceed. Regards, Kevin Peno -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: Monday, May 12, 2008 2:23 PM To: geeklog-devel Subject: Re: [geeklog-devel] Status of MS SQL support in 1.5.0? Kevin J. Peno wrote: >I'm not sure I understand why mine will be too late. What's the cut off >for review here? We need to have a release out for the start of the coding period of our Summer of Code students. That period starts on May 26. >To update, today I got install working flawlessly and >just need to verify it working with everything else. Sounds good, but from what I understand, it's not just a drop-in replacement of the db driver? Obviously, we don't want to introduce any major code changes at this point. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From Randy.Kolenko at nextide.ca Mon May 12 18:27:01 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Mon, 12 May 2008 18:27:01 -0400 Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F269DB7@nex-pluto.nextide.ca> I think that if Kevin's code changes are accepted, they can easily be rolled into 1.5.1. So Kevin, its not that there's a "too late" which is atomic, but rather the fact that we need a code base that is ready for the students to use for GSoC. > -----Original Message----- > From: Dirk Haun [mailto:dirk at haun-online.de] > Sent: Monday, May 12, 2008 5:23 PM > To: geeklog-devel > Subject: Re: [geeklog-devel] Status of MS SQL support in 1.5.0? > > > Kevin J. Peno wrote: > > >I'm not sure I understand why mine will be too late. What's > the cut off > >for review here? > > We need to have a release out for the start of the coding > period of our Summer of Code students. That period starts on May 26. > > > >To update, today I got install working flawlessly and > >just need to verify it working with everything else. > > Sounds good, but from what I understand, it's not just a > drop-in replacement of the db driver? Obviously, we don't > want to introduce any major code changes at this point. > > bye, Dirk > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From dirk at haun-online.de Tue May 13 01:58:41 2008 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 13 May 2008 07:58:41 +0200 Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F269DB7@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F269DB7@nex-pluto.nextide.ca> Message-ID: <20080513055841.1543050159@smtp.haun-online.de> Randy Kolenko wrote: >So Kevin, its not that there's a "too late" which is atomic, but rather >the fact that we need a code base that is ready for the students to use >for GSoC. Yep. Our release cycles are usually pretty long, but I'm half-expecting a 1.5.1 release in the not-too-distant future, as we had to rush a few things in order to try and get 1.5.0 out in time. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From mjervis at gmail.com Tue May 13 02:45:02 2008 From: mjervis at gmail.com (Michael Jervis) Date: Tue, 13 May 2008 07:45:02 +0100 Subject: [geeklog-devel] Release Cycle was: Status of MS SQL support in 1.5.0? Message-ID: <7b42e7470805122345t71de3e55y2a68e67b053696f1@mail.gmail.com> > Yep. Our release cycles are usually pretty long, but I'm half-expecting > a 1.5.1 release in the not-too-distant future, as we had to rush a few > things in order to try and get 1.5.0 out in time. I was going to compose a post later (post 26th May) proposing an official branch for 1.5 maintenance and doing a 6 month release (bug fixes and VERY minor changes only) and committing to a code freeze for 1.[6|5.2] in say, March with a release in, say, May and trying to stick to that defined annual cycle to keep the project moving and alive. Which I guess I just did (quite badly...) From kevin at metalaxe.com Tue May 13 12:46:55 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Tue, 13 May 2008 09:46:55 -0700 Subject: [geeklog-devel] Template Class loading error Message-ID: <9CE911D90980BB4980C2CFD886ED6CB101A7B7@hive.metalaxe.com> Hi, When the site is initializing the database class, if an error is encountered, the database class calls "COM_errorLog" (as assigned on line 134 of system/lib-database.php backtracing to line 94 of lib-common.php and actually called by the DB class method dbError). However, because the template class file is not included until line 205 of lib-common.php, the following fatal error occurs: Fatal error: Class 'Template' not found in Geeklog\public_html\lib-common.php on line 1479 Removing the call to COM_errorLog or moving the template include above config loading resolves the issue. This should affect all db drivers. Please let me know how to proceed. Regards, Kevin Peno -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin at metalaxe.com Tue May 13 13:01:27 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Tue, 13 May 2008 10:01:27 -0700 Subject: [geeklog-devel] Template Class loading error In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB101A7B7@hive.metalaxe.com> References: <9CE911D90980BB4980C2CFD886ED6CB101A7B7@hive.metalaxe.com> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB101A7B9@hive.metalaxe.com> To add to this, I see why this might have gone unseen before. In the mysql driver, for instance, you use die for failures, but there is still checks for verbose logging on the driver. In my driver I used the logging function instead of die for failures. However, if you were to turn on verbose logging for the mysql driver (or even randy's mssql driver), the same error would result. Shouldn't all logging follow the same methods? Regards, Kevin Peno From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Kevin J. Peno Sent: Tuesday, May 13, 2008 9:47 AM To: Geeklog Development Subject: [geeklog-devel] Template Class loading error Hi, When the site is initializing the database class, if an error is encountered, the database class calls "COM_errorLog" (as assigned on line 134 of system/lib-database.php backtracing to line 94 of lib-common.php and actually called by the DB class method dbError). However, because the template class file is not included until line 205 of lib-common.php, the following fatal error occurs: Fatal error: Class 'Template' not found in Geeklog\public_html\lib-common.php on line 1479 Removing the call to COM_errorLog or moving the template include above config loading resolves the issue. This should affect all db drivers. Please let me know how to proceed. Regards, Kevin Peno -------------- next part -------------- An HTML attachment was scrubbed... URL: From mjervis at gmail.com Tue May 13 14:57:49 2008 From: mjervis at gmail.com (Michael Jervis) Date: Tue, 13 May 2008 19:57:49 +0100 Subject: [geeklog-devel] new installer - doesn't work with magicquotes Message-ID: <7b42e7470805131157j35ac9905w9adc98882478b6be@mail.gmail.com> Subject says it all, but posting localhost\sqlexpress to the system results in localhost\\sqlexpress, which of course fails to connect. -- Michael Jervis mjervis at gmail.com 504B03041400000008008F846431E3543A820800000006000000060000007765 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 0800000006000000060000000000000000002000000000000000776562676F64 504B05060000000001000100340000002C0000000000 From dirk at haun-online.de Tue May 13 16:53:04 2008 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 13 May 2008 22:53:04 +0200 Subject: [geeklog-devel] Status of MS SQL support in 1.5.0? In-Reply-To: <20080512164525.544773497@smtp.haun-online.de> References: <20080512164525.544773497@smtp.haun-online.de> Message-ID: <20080513205304.1970734216@smtp.haun-online.de> Dirk Haun wrote: >Last I heard, a fresh install was "almost working". According to Matt, the fresh install does actually work on MS SQL 2005. With the exception of the "open" field as used by the Polls plugin, as that is apparently a reserved word (now fixed in CVS). I'm pretty sure the upgrade will _not_ work - I think the ALTER syntax is wrong for MS SQL. What should work (I hope) is the install/uninstall of plugins from the Plugins admin panel. If anyone has a chance to look into these ... bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Wed May 14 16:20:13 2008 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 14 May 2008 22:20:13 +0200 Subject: [geeklog-devel] MS SQL help needed on the geeklog.net forum Message-ID: <20080514202013.1088710319@smtp.haun-online.de> Can anyone with experience with MS SQL in 1.4.1 try and help this user here, please: bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From Randy.Kolenko at nextide.ca Wed May 14 16:47:27 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Wed, 14 May 2008 16:47:27 -0400 Subject: [geeklog-devel] MS SQL help needed on the geeklog.net forum Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F269DD0@nex-pluto.nextide.ca> His specific problem is due to the horrible way that the original driver would concatenate data without using a CAST to TEXT. Anyhow, there should have been a $sql['mssql'] call that casts the varchars to TEXT. I **think** that is the solution to the problem..... > -----Original Message----- > From: Dirk Haun [mailto:dirk at haun-online.de] > Sent: Wednesday, May 14, 2008 4:20 PM > To: geeklog-devel > Subject: [geeklog-devel] MS SQL help needed on the geeklog.net forum > > > Can anyone with experience with MS SQL in 1.4.1 try and help > this user here, please: > > > > bye, Dirk > > > -- > http://www.geeklog.net/ > http://geeklog.info/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From kevin at metalaxe.com Fri May 16 14:39:56 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Fri, 16 May 2008 11:39:56 -0700 Subject: [geeklog-devel] MySQL Install current CVS In-Reply-To: <7b42e7470805131157j35ac9905w9adc98882478b6be@mail.gmail.com> References: <7b42e7470805131157j35ac9905w9adc98882478b6be@mail.gmail.com> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB173B7@hive.metalaxe.com> I can't seem to get around a white page error when trying to install the latest CVS nightly w/ mysql (error reporting set to E_ALL | E_STRICT. Can anyone duplicate this? (IIS6 + php/FastCgi). Also, CVS can't seem to update. Attached is the log. Thanks, Kevin Peno 425-408-1094 kevin at metalaxe.com -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: CVS-Error.txt URL: From dirk at haun-online.de Fri May 16 14:55:08 2008 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 16 May 2008 20:55:08 +0200 Subject: [geeklog-devel] MySQL Install current CVS In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB173B7@hive.metalaxe.com> References: <7b42e7470805131157j35ac9905w9adc98882478b6be@mail.gmail.com> <9CE911D90980BB4980C2CFD886ED6CB173B7@hive.metalaxe.com> Message-ID: <20080516185508.491945125@smtp.haun-online.de> Kevin J. Peno wrote: >I can't seem to get around a white page error when trying to install the >latest CVS nightly w/ mysql (error reporting set to E_ALL | E_STRICT. Try E_ALL only. I can't guarantee that Geeklog will work with E_STRICT enabled. Also check that you have display_errors = On in your php.ini When I try to call up a (running) site with E_STRICT, I get --- snip --- Notice: Use of undefined constant XHTML - assumed 'XHTML' in /Library/ WebServer/Geeklog-1.x/public_html/lib-common.php on line 6502 Notice: Use of undefined constant XHTML - assumed 'XHTML' in /Library/ WebServer/Geeklog-1.x/public_html/lib-common.php on line 6503 An error has occurred: 2048 - Non-static method config::get_instance() should not be called statically @ /Library/WebServer/Geeklog-1.x/ public_html/lib-common.php line 93 --- snip --- ... I guess we don't really need to be XHTML compliant in the error handler .... bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From kevin at metalaxe.com Fri May 16 15:20:44 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Fri, 16 May 2008 12:20:44 -0700 Subject: [geeklog-devel] MySQL Install current CVS In-Reply-To: <20080516185508.491945125@smtp.haun-online.de> References: <7b42e7470805131157j35ac9905w9adc98882478b6be@mail.gmail.com><9CE911D90980BB4980C2CFD886ED6CB173B7@hive.metalaxe.com> <20080516185508.491945125@smtp.haun-online.de> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB173B8@hive.metalaxe.com> Figured out it was because the mysql_connect command used the error suppressing @ and I didn't have the mysql module loaded (mysqli was). Sorry for the bother. So is CVS working also and it's a local issue for me only? Thanks, Kevin Peno -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: Friday, May 16, 2008 11:55 AM To: geeklog-devel Subject: Re: [geeklog-devel] MySQL Install current CVS Kevin J. Peno wrote: >I can't seem to get around a white page error when trying to install the >latest CVS nightly w/ mysql (error reporting set to E_ALL | E_STRICT. Try E_ALL only. I can't guarantee that Geeklog will work with E_STRICT enabled. Also check that you have display_errors = On in your php.ini When I try to call up a (running) site with E_STRICT, I get --- snip --- Notice: Use of undefined constant XHTML - assumed 'XHTML' in /Library/ WebServer/Geeklog-1.x/public_html/lib-common.php on line 6502 Notice: Use of undefined constant XHTML - assumed 'XHTML' in /Library/ WebServer/Geeklog-1.x/public_html/lib-common.php on line 6503 An error has occurred: 2048 - Non-static method config::get_instance() should not be called statically @ /Library/WebServer/Geeklog-1.x/ public_html/lib-common.php line 93 --- snip --- ... I guess we don't really need to be XHTML compliant in the error handler .... bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From kevin at metalaxe.com Fri May 16 16:32:56 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Fri, 16 May 2008 13:32:56 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB17383@hive.metalaxe.com> References: <063B8B70CB9DA141B2FC1DB483561B9F13033A@nex-pluto.nextide.ca> <9CE911D90980BB4980C2CFD886ED6CB17383@hive.metalaxe.com> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB173BC@hive.metalaxe.com> Here's an update for you all. I've got the installation itself working great (SQL inserts and all). However I'm getting a lot of php crashing due to memory issues. It's possible it is related to the PHP SQL driver itself and we are investigating. I'll let you know when I can give further information! P.S. I never heard back about if you wanted to split release both Randy's and the MS driver I am working on. This is something I can implement in my copy while I'm waiting on feedback for the memory issues. So I figured I would ask again. It wouldn't be a difficult process. All the SQL data would be identical as far as I can see. Let me know. Regards, Kevin Peno 425-408-1094 kevin at metalaxe.com -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Kevin J. Peno Sent: Wednesday, May 07, 2008 12:28 PM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver I spoke with Garrett this morning and he'll be back in contact with the group within the next day to hopefully we can clear up our communication issues and move on to a better relationship together! :) Regards, Kevin Peno -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Randy Kolenko Sent: Wednesday, May 07, 2008 10:13 AM To: Geeklog Development Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver > on the message. I was trying to relay that I expected > internal responses from my superiors, thus my place was not > to interact. Again, I do apologize. > I think what most people were either saying or thinking is that communication is key -- and that probably wraps it up. > I know I'm the new guy that seems to have rolled in to tell > you all what's up, but trust my I'm actually trying to give > contrsuctive critisism about the driver as it was laid out. <> > double quotes as column value sets (which, in SQL Server, is > equivilant to []), but it is horrible for the new driver. Critisisms and flames, as far as my work is concerned, are always welcome as long as we're all on the path together to make things better. > In the current driver have you tried turning on the ini > setting for sybase qutoes instead of str_replace the mysql > style addslashes? I have not done so myself. Perhaps someone else has? ( I doubt it though) -randy _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From dirk at haun-online.de Sat May 17 08:55:58 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 17 May 2008 14:55:58 +0200 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB173BC@hive.metalaxe.com> References: <063B8B70CB9DA141B2FC1DB483561B9F13033A@nex-pluto.nextide.ca> <9CE911D90980BB4980C2CFD886ED6CB17383@hive.metalaxe.com> <9CE911D90980BB4980C2CFD886ED6CB173BC@hive.metalaxe.com> Message-ID: <20080517125558.702861213@smtp.haun-online.de> Kevin J. Peno wrote: >P.S. I never heard back about if you wanted to split release both >Randy's and the MS driver I am working on. This is something I can >implement in my copy while I'm waiting on feedback for the memory >issues. So I figured I would ask again. It wouldn't be a difficult >process. All the SQL data would be identical as far as I can see. Let me >know. I may have missed something ... What exactly are you proposing? bye, Dirk -- http://spam.tinyweb.net/ From kevin at metalaxe.com Sat May 17 12:39:30 2008 From: kevin at metalaxe.com (Kevin J. Peno) Date: Sat, 17 May 2008 09:39:30 -0700 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <20080517125558.702861213@smtp.haun-online.de> References: <063B8B70CB9DA141B2FC1DB483561B9F13033A@nex-pluto.nextide.ca><9CE911D90980BB4980C2CFD886ED6CB17383@hive.metalaxe.com><9CE911D90980BB4980C2CFD886ED6CB173BC@hive.metalaxe.com> <20080517125558.702861213@smtp.haun-online.de> Message-ID: <9CE911D90980BB4980C2CFD886ED6CB173BE@hive.metalaxe.com> I wasn't the one that proposed it. There had been mention of having 2 MSSQL drivers released, with separate options upon install. I was wondering if this is something you guys wanted to pursue or if you just want one driver option for MSSQL during installation. Kevin Peno 425-408-1094 kevin at metalaxe.com -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: Saturday, May 17, 2008 5:56 AM To: geeklog-devel Subject: Re: [geeklog-devel] SQL Server 2005 - MSSQL Driver Kevin J. Peno wrote: >P.S. I never heard back about if you wanted to split release both >Randy's and the MS driver I am working on. This is something I can >implement in my copy while I'm waiting on feedback for the memory >issues. So I figured I would ask again. It wouldn't be a difficult >process. All the SQL data would be identical as far as I can see. Let me >know. I may have missed something ... What exactly are you proposing? bye, Dirk -- http://spam.tinyweb.net/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From dirk at haun-online.de Sat May 17 13:00:36 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sat, 17 May 2008 19:00:36 +0200 Subject: [geeklog-devel] SQL Server 2005 - MSSQL Driver In-Reply-To: <9CE911D90980BB4980C2CFD886ED6CB173BE@hive.metalaxe.com> References: <063B8B70CB9DA141B2FC1DB483561B9F13033A@nex-pluto.nextide.ca><9CE911D90980BB4 980C2CFD886ED6CB17383@hive.metalaxe.com><9CE911D90980BB4980C2CFD886ED6CB173BC@ hive.metalaxe.com> <20080517125558.702861213@smtp.haun-online.de> <9CE911D90980BB4980C2CFD886ED6CB173BE@hive.metalaxe.com> Message-ID: <20080517170036.471845953@smtp.haun-online.de> Kevin J. Peno wrote: >I wasn't the one that proposed it. There had been mention of having 2 >MSSQL drivers released, with separate options upon install. I guess I was the one proposing that then ;-) >I was >wondering if this is something you guys wanted to pursue or if you just >want one driver option for MSSQL during installation. If I understand things correctly, then your driver will require PHP 5.2.6 and MS SQL Server 2005 whereas Randy's will also work with older versions of PHP and MS SQL Server. Assuming those are all the differences. You did mention changes in other areas of Geeklog initially ... So to me (as someone with zero experience with MS SQL Server ...) it would make sense to have both available to attract a wider audience. Or am I completely off course here and MS SQL users are more likely to upgrade so it's not worth the effort? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From dirk at haun-online.de Mon May 19 15:02:12 2008 From: dirk at haun-online.de (Dirk Haun) Date: Mon, 19 May 2008 21:02:12 +0200 Subject: [geeklog-devel] Beta 2? Message-ID: <20080519190212.199590106@smtp.haun-online.de> I'm thinking about pushing out a 1.5.0 Beta 2 tomorrow. Any objections? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From devel at portalparts.com Mon May 19 18:19:58 2008 From: devel at portalparts.com (Blaine Lang) Date: Mon, 19 May 2008 18:19:58 -0400 Subject: [geeklog-devel] Beta 2? In-Reply-To: <20080519190212.199590106@smtp.haun-online.de> References: <20080519190212.199590106@smtp.haun-online.de> Message-ID: Hi Dirk, Sounds like a good idea. I've been watching the cvs commits and don't think there have been any major issues reported right? Cheers, Blaine Dirk Haun wrote: > I'm thinking about pushing out a 1.5.0 Beta 2 tomorrow. Any objections? > > bye, Dirk > > > From dirk at haun-online.de Tue May 20 02:00:11 2008 From: dirk at haun-online.de (Dirk Haun) Date: Tue, 20 May 2008 08:00:11 +0200 Subject: [geeklog-devel] Beta 2? In-Reply-To: References: <20080519190212.199590106@smtp.haun-online.de> Message-ID: <20080520060011.551985102@smtp.haun-online.de> Blaine Lang wrote: >Sounds like a good idea. I've been watching the cvs commits and don't >think there have been any major issues reported right? Yep, mostly minor annoyances and cosmetic issues. And then there's the MS SQL issue ... bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From mjervis at gmail.com Tue May 20 02:40:12 2008 From: mjervis at gmail.com (Michael Jervis) Date: Tue, 20 May 2008 07:40:12 +0100 Subject: [geeklog-devel] Beta 2? In-Reply-To: <20080520060011.551985102@smtp.haun-online.de> References: <20080519190212.199590106@smtp.haun-online.de> <20080520060011.551985102@smtp.haun-online.de> Message-ID: <7b42e7470805192340g623bb3aagcb7d557195d1afc9@mail.gmail.com> > And then there's the MS SQL issue ... (looks shifty) Snakenet got taken out via a SQL injection into our banner ad system to inject a bot insertion exploit on any users PC. Standard Quicktime etc vulnerabilities. Pretty comprehensive job. So I've been running round trying to clean that up and so forth. Tonight, I patch the last fixes to our test environment for our "staff" to check out. Then I'm back onto sorting out the MSSQL, Dirk informs me install is verified so I'll check the upgrade, and there's a story/timezones issue to check. I'd say wait till tomorrow,but, if anything comes up with the SNMR patch job, then I won't get anything done either. Sorry, Mike From mjervis at gmail.com Tue May 20 14:48:23 2008 From: mjervis at gmail.com (Michael Jervis) Date: Tue, 20 May 2008 19:48:23 +0100 Subject: [geeklog-devel] Beta 2? In-Reply-To: <7b42e7470805192340g623bb3aagcb7d557195d1afc9@mail.gmail.com> References: <20080519190212.199590106@smtp.haun-online.de> <20080520060011.551985102@smtp.haun-online.de> <7b42e7470805192340g623bb3aagcb7d557195d1afc9@mail.gmail.com> Message-ID: <7b42e7470805201148g3892e77ai844d63e88ec0dc3c@mail.gmail.com> > Then I'm back onto sorting out the MSSQL, Dirk informs me install is > verified so I'll check the upgrade, and there's a story/timezones > issue to check. My home instance refuses to connect to SQL Server. Compared the config of SQL Server at home and work today, got all the config etc, no joy. Give in on it. I'll see what I can do about testing an upgrade at work. I have an installed 1.4.1 working at work at least. Cheers, Mike From tony at tonybibbs.com Tue May 20 17:36:08 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 20 May 2008 14:36:08 -0700 (PDT) Subject: [geeklog-devel] Bitwise SQL for ACL checks Message-ID: <422816.87021.qm@web701.biz.mail.mud.yahoo.com> Apparently Bitwise math is not part of the SQL92 standard. Given we are using bitwise operations for ACL's checks in GL2 this is a problem because we store the ACL values in a table called gl2_item_acl. Even worse, we not only store the ACL but we also allow for inverse ACL's which essentially implements both a blacklist and whitelist for access to an item. My brain isn't equipped at the moment to deal with all the possible solutions so I'm asking for help as this is one of the last things I need to knock out for the first GL2 alpha. We have a few constants for ACL check so to illustrate: ACL_READ = 1 ACL_LIST = 2 Thus a sample *mysql* query for matching the above ACL's would be: SELECT gl2_item.* FROM gl2_item, gl2_item_acl WHERE gl2_item_acl.item_id = gl2_item.item_id AND (rights & 1) OR (rights & 2) Given the &,|, etc aren't SQL92 standard is there another way to construct the SQL in a DBMS friendly manner? For reference you may want to read this first: http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 --Tony From tony at tonybibbs.com Tue May 20 17:51:41 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 20 May 2008 14:51:41 -0700 (PDT) Subject: [geeklog-devel] Bitwise SQL for ACL checks Message-ID: <283371.98491.qm@web701.biz.mail.mud.yahoo.com> K, done some more homework and I guess I've answered my own questions. Right now MySQL, SQL Server and Postgres all support & and | for bitwise math. I'll use that for now in our named queries. Moving forward our named query implementation will need to include a dbms="mysql" attribute in the XML and then you can tweak individual named queries manually. I can do this later...besides we have zero support for Oracle, DB2, etc now anyway so adding later shouldn't be a problem with this approach. Still chime in, though, if you have a question or suggestion. --Tony ----- Original Message ---- From: Tony Bibbs To: geeklog-devel at lists.geeklog.net Sent: Tuesday, May 20, 2008 4:36:08 PM Subject: [geeklog-devel] Bitwise SQL for ACL checks Apparently Bitwise math is not part of the SQL92 standard. Given we are using bitwise operations for ACL's checks in GL2 this is a problem because we store the ACL values in a table called gl2_item_acl. Even worse, we not only store the ACL but we also allow for inverse ACL's which essentially implements both a blacklist and whitelist for access to an item. My brain isn't equipped at the moment to deal with all the possible solutions so I'm asking for help as this is one of the last things I need to knock out for the first GL2 alpha. We have a few constants for ACL check so to illustrate: ACL_READ = 1 ACL_LIST = 2 Thus a sample *mysql* query for matching the above ACL's would be: SELECT gl2_item.* FROM gl2_item, gl2_item_acl WHERE gl2_item_acl.item_id = gl2_item.item_id AND (rights & 1) OR (rights & 2) Given the &,|, etc aren't SQL92 standard is there another way to construct the SQL in a DBMS friendly manner? For reference you may want to read this first: http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 --Tony _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From joe at ThrowingDice.com Tue May 20 18:22:22 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Tue, 20 May 2008 18:22:22 -0400 Subject: [geeklog-devel] Bitwise SQL for ACL checks In-Reply-To: <283371.98491.qm@web701.biz.mail.mud.yahoo.com> References: <283371.98491.qm@web701.biz.mail.mud.yahoo.com> Message-ID: <0K16004ZCU5ALXD1@mta2.srv.hcvlny.cv.net> I do believe Oracle and DB2 support bitwise ops. What databases does that leave? Worst case, you could convert ACLs to binary strings and then use substr to find the bits. So an ACL of 35 (32 | 2 | 1) would end up in the database as 00010011 (or 0000000000010011). The "rights & 1" where clause becomes "substring(rights, 7, 1) = 1" Or you can use letters: $db_rights = 'ABCDEFGHIJ'; <-- index this array using "log(2) targetright" So ACL 16 becomes 'D' So you create function that turn "10011" into EBA and store the string EBA in the rights column. Checking for access becomes "rights like '%A%' ". There's always another way to store the data. But since GL2 uses named queries, under the hood it can be as convoluted as necessary. Joe At 05:51 PM 5/20/2008, Tony Bibbs wrote: >K, done some more homework and I guess I've answered my own >questions. Right now MySQL, SQL Server and Postgres all support & >and | for bitwise math. I'll use that for now in our named queries. > >Moving forward our named query implementation will need to include a >dbms="mysql" attribute in the XML and then you can tweak individual >named queries manually. I can do this later...besides we have zero >support for Oracle, DB2, etc now anyway so adding later shouldn't be >a problem with this approach. > >Still chime in, though, if you have a question or suggestion. > >--Tony > >----- Original Message ---- >From: Tony Bibbs >To: geeklog-devel at lists.geeklog.net >Sent: Tuesday, May 20, 2008 4:36:08 PM >Subject: [geeklog-devel] Bitwise SQL for ACL checks > >Apparently Bitwise math is not part of the SQL92 standard. Given we >are using bitwise operations for ACL's checks in GL2 this is a >problem because we store the ACL values in a table called >gl2_item_acl. Even worse, we not only store the ACL but we also >allow for inverse ACL's which essentially implements both a >blacklist and whitelist for access to an item. > >My brain isn't equipped at the moment to deal with all the possible >solutions so I'm asking for help as this is one of the last things I >need to knock out for the first GL2 alpha. > >We have a few constants for ACL check so to illustrate: > >ACL_READ = 1 >ACL_LIST = 2 > >Thus a sample *mysql* query for matching the above ACL's would be: > >SELECT gl2_item.* >FROM gl2_item, gl2_item_acl >WHERE gl2_item_acl.item_id = gl2_item.item_id >AND (rights & 1) >OR (rights & 2) > >Given the &,|, etc aren't SQL92 standard is there another way to >construct the SQL in a DBMS friendly manner? For reference you may >want to read this first: > >http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 > >--Tony > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From tony at tonybibbs.com Tue May 20 18:46:55 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Tue, 20 May 2008 15:46:55 -0700 (PDT) Subject: [geeklog-devel] Bitwise SQL for ACL checks Message-ID: <399074.63549.qm@web704.biz.mail.mud.yahoo.com> DB2 and Oracle only support it with UDF's. e.g. in ORACLE you'd use the BITAND function. Hadn't thought about converting it to a string. NonthelessI think we're OK. Apparently I just need to post it so-as to make sure I'm not doing anything *really* stupid. --Tony ----- Original Message ---- From: Joe Mucchiello To: Geeklog Development Sent: Tuesday, May 20, 2008 5:22:22 PM Subject: Re: [geeklog-devel] Bitwise SQL for ACL checks I do believe Oracle and DB2 support bitwise ops. What databases does that leave? Worst case, you could convert ACLs to binary strings and then use substr to find the bits. So an ACL of 35 (32 | 2 | 1) would end up in the database as 00010011 (or 0000000000010011). The "rights & 1" where clause becomes "substring(rights, 7, 1) = 1" Or you can use letters: $db_rights = 'ABCDEFGHIJ'; <-- index this array using "log(2) targetright" So ACL 16 becomes 'D' So you create function that turn "10011" into EBA and store the string EBA in the rights column. Checking for access becomes "rights like '%A%' ". There's always another way to store the data. But since GL2 uses named queries, under the hood it can be as convoluted as necessary. Joe At 05:51 PM 5/20/2008, Tony Bibbs wrote: >K, done some more homework and I guess I've answered my own >questions. Right now MySQL, SQL Server and Postgres all support & >and | for bitwise math. I'll use that for now in our named queries. > >Moving forward our named query implementation will need to include a >dbms="mysql" attribute in the XML and then you can tweak individual >named queries manually. I can do this later...besides we have zero >support for Oracle, DB2, etc now anyway so adding later shouldn't be >a problem with this approach. > >Still chime in, though, if you have a question or suggestion. > >--Tony > >----- Original Message ---- >From: Tony Bibbs >To: geeklog-devel at lists.geeklog.net >Sent: Tuesday, May 20, 2008 4:36:08 PM >Subject: [geeklog-devel] Bitwise SQL for ACL checks > >Apparently Bitwise math is not part of the SQL92 standard. Given we >are using bitwise operations for ACL's checks in GL2 this is a >problem because we store the ACL values in a table called >gl2_item_acl. Even worse, we not only store the ACL but we also >allow for inverse ACL's which essentially implements both a >blacklist and whitelist for access to an item. > >My brain isn't equipped at the moment to deal with all the possible >solutions so I'm asking for help as this is one of the last things I >need to knock out for the first GL2 alpha. > >We have a few constants for ACL check so to illustrate: > >ACL_READ = 1 >ACL_LIST = 2 > >Thus a sample *mysql* query for matching the above ACL's would be: > >SELECT gl2_item.* >FROM gl2_item, gl2_item_acl >WHERE gl2_item_acl.item_id = gl2_item.item_id >AND (rights & 1) >OR (rights & 2) > >Given the &,|, etc aren't SQL92 standard is there another way to >construct the SQL in a DBMS friendly manner? For reference you may >want to read this first: > >http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 > >--Tony > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > >_______________________________________________ >geeklog-devel mailing list >geeklog-devel at lists.geeklog.net >http://eight.pairlist.net/mailman/listinfo/geeklog-devel ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From trinity93 at gmail.com Tue May 20 22:30:25 2008 From: trinity93 at gmail.com (Trinity) Date: Tue, 20 May 2008 21:30:25 -0500 Subject: [geeklog-devel] Bitwise SQL for ACL checks In-Reply-To: <399074.63549.qm@web704.biz.mail.mud.yahoo.com> References: <399074.63549.qm@web704.biz.mail.mud.yahoo.com> Message-ID: why not use unix style 3 digit number chmod 666 etc etc On Tue, May 20, 2008 at 5:46 PM, Tony Bibbs wrote: > DB2 and Oracle only support it with UDF's. e.g. in ORACLE you'd use the BITAND function. > > Hadn't thought about converting it to a string. NonthelessI think we're OK. Apparently I just need to post it so-as to make sure I'm not doing anything *really* stupid. > > --Tony > > ----- Original Message ---- > From: Joe Mucchiello > To: Geeklog Development > Sent: Tuesday, May 20, 2008 5:22:22 PM > Subject: Re: [geeklog-devel] Bitwise SQL for ACL checks > > I do believe Oracle and DB2 support bitwise ops. What databases does > that leave? > > Worst case, you could convert ACLs to binary strings and then use > substr to find the bits. So an ACL of 35 (32 | 2 | 1) would end up in > the database as 00010011 (or 0000000000010011). The "rights & 1" > where clause becomes "substring(rights, 7, 1) = 1" > > Or you can use letters: > > $db_rights = 'ABCDEFGHIJ'; <-- index this array using "log(2) > targetright" So ACL 16 becomes 'D' > So you create function that turn "10011" into EBA and store the > string EBA in the rights column. > Checking for access becomes "rights like '%A%' ". > > There's always another way to store the data. But since GL2 uses > named queries, under the hood it can be as convoluted as necessary. > > Joe > > > At 05:51 PM 5/20/2008, Tony Bibbs wrote: >>K, done some more homework and I guess I've answered my own >>questions. Right now MySQL, SQL Server and Postgres all support & >>and | for bitwise math. I'll use that for now in our named queries. >> >>Moving forward our named query implementation will need to include a >>dbms="mysql" attribute in the XML and then you can tweak individual >>named queries manually. I can do this later...besides we have zero >>support for Oracle, DB2, etc now anyway so adding later shouldn't be >>a problem with this approach. >> >>Still chime in, though, if you have a question or suggestion. >> >>--Tony >> >>----- Original Message ---- >>From: Tony Bibbs >>To: geeklog-devel at lists.geeklog.net >>Sent: Tuesday, May 20, 2008 4:36:08 PM >>Subject: [geeklog-devel] Bitwise SQL for ACL checks >> >>Apparently Bitwise math is not part of the SQL92 standard. Given we >>are using bitwise operations for ACL's checks in GL2 this is a >>problem because we store the ACL values in a table called >>gl2_item_acl. Even worse, we not only store the ACL but we also >>allow for inverse ACL's which essentially implements both a >>blacklist and whitelist for access to an item. >> >>My brain isn't equipped at the moment to deal with all the possible >>solutions so I'm asking for help as this is one of the last things I >>need to knock out for the first GL2 alpha. >> >>We have a few constants for ACL check so to illustrate: >> >>ACL_READ = 1 >>ACL_LIST = 2 >> >>Thus a sample *mysql* query for matching the above ACL's would be: >> >>SELECT gl2_item.* >>FROM gl2_item, gl2_item_acl >>WHERE gl2_item_acl.item_id = gl2_item.item_id >>AND (rights & 1) >>OR (rights & 2) >> >>Given the &,|, etc aren't SQL92 standard is there another way to >>construct the SQL in a DBMS friendly manner? For reference you may >>want to read this first: >> >>http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 >> >>--Tony >> >> >>_______________________________________________ >>geeklog-devel mailing list >>geeklog-devel at lists.geeklog.net >>http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> >> >> >>_______________________________________________ >>geeklog-devel mailing list >>geeklog-devel at lists.geeklog.net >>http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From michael.tutty at gmail.com Tue May 20 22:48:42 2008 From: michael.tutty at gmail.com (Michael Tutty) Date: Tue, 20 May 2008 21:48:42 -0500 Subject: [geeklog-devel] Bitwise SQL for ACL checks In-Reply-To: References: <399074.63549.qm@web704.biz.mail.mud.yahoo.com> Message-ID: <62d0f2020805201948g6dbbfd64s5773c9e9905461de@mail.gmail.com> That's still subject to the same bitwise comparisons. (~1) + 2 + 4 = 6 for owner, 6 for group, 6 for others. M. On Tue, May 20, 2008 at 9:30 PM, Trinity wrote: > why not use unix style 3 digit number > chmod 666 etc etc > > On Tue, May 20, 2008 at 5:46 PM, Tony Bibbs wrote: > > DB2 and Oracle only support it with UDF's. e.g. in ORACLE you'd use the > BITAND function. > > > > Hadn't thought about converting it to a string. NonthelessI think we're > OK. Apparently I just need to post it so-as to make sure I'm not doing > anything *really* stupid. > > > > --Tony > > > > ----- Original Message ---- > > From: Joe Mucchiello > > To: Geeklog Development > > Sent: Tuesday, May 20, 2008 5:22:22 PM > > Subject: Re: [geeklog-devel] Bitwise SQL for ACL checks > > > > I do believe Oracle and DB2 support bitwise ops. What databases does > > that leave? > > > > Worst case, you could convert ACLs to binary strings and then use > > substr to find the bits. So an ACL of 35 (32 | 2 | 1) would end up in > > the database as 00010011 (or 0000000000010011). The "rights & 1" > > where clause becomes "substring(rights, 7, 1) = 1" > > > > Or you can use letters: > > > > $db_rights = 'ABCDEFGHIJ'; <-- index this array using "log(2) > > targetright" So ACL 16 becomes 'D' > > So you create function that turn "10011" into EBA and store the > > string EBA in the rights column. > > Checking for access becomes "rights like '%A%' ". > > > > There's always another way to store the data. But since GL2 uses > > named queries, under the hood it can be as convoluted as necessary. > > > > Joe > > > > > > At 05:51 PM 5/20/2008, Tony Bibbs wrote: > >>K, done some more homework and I guess I've answered my own > >>questions. Right now MySQL, SQL Server and Postgres all support & > >>and | for bitwise math. I'll use that for now in our named queries. > >> > >>Moving forward our named query implementation will need to include a > >>dbms="mysql" attribute in the XML and then you can tweak individual > >>named queries manually. I can do this later...besides we have zero > >>support for Oracle, DB2, etc now anyway so adding later shouldn't be > >>a problem with this approach. > >> > >>Still chime in, though, if you have a question or suggestion. > >> > >>--Tony > >> > >>----- Original Message ---- > >>From: Tony Bibbs > >>To: geeklog-devel at lists.geeklog.net > >>Sent: Tuesday, May 20, 2008 4:36:08 PM > >>Subject: [geeklog-devel] Bitwise SQL for ACL checks > >> > >>Apparently Bitwise math is not part of the SQL92 standard. Given we > >>are using bitwise operations for ACL's checks in GL2 this is a > >>problem because we store the ACL values in a table called > >>gl2_item_acl. Even worse, we not only store the ACL but we also > >>allow for inverse ACL's which essentially implements both a > >>blacklist and whitelist for access to an item. > >> > >>My brain isn't equipped at the moment to deal with all the possible > >>solutions so I'm asking for help as this is one of the last things I > >>need to knock out for the first GL2 alpha. > >> > >>We have a few constants for ACL check so to illustrate: > >> > >>ACL_READ = 1 > >>ACL_LIST = 2 > >> > >>Thus a sample *mysql* query for matching the above ACL's would be: > >> > >>SELECT gl2_item.* > >>FROM gl2_item, gl2_item_acl > >>WHERE gl2_item_acl.item_id = gl2_item.item_id > >>AND (rights & 1) > >>OR (rights & 2) > >> > >>Given the &,|, etc aren't SQL92 standard is there another way to > >>construct the SQL in a DBMS friendly manner? For reference you may > >>want to read this first: > >> > >>http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 > >> > >>--Tony > >> > >> > >>_______________________________________________ > >>geeklog-devel mailing list > >>geeklog-devel at lists.geeklog.net > >>http://eight.pairlist.net/mailman/listinfo/geeklog-devel > >> > >> > >> > >>_______________________________________________ > >>geeklog-devel mailing list > >>geeklog-devel at lists.geeklog.net > >>http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > ---- > > Joe Mucchiello > > Throwing Dice Games > > http://www.throwingdice.com > > > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > > > > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mjervis at gmail.com Fri May 23 08:07:16 2008 From: mjervis at gmail.com (Michael Jervis) Date: Fri, 23 May 2008 13:07:16 +0100 Subject: [geeklog-devel] MS SQL Upgrade Message-ID: <7b42e7470805230507n62f8b321uef8a6a3a0a409e5c@mail.gmail.com> Just got keys and indicies to sort for the polls plugin upgrade now, plus this: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in O:\development\geeklog\glsql\sql\updates\mssql_1.4.1_to_1.5.0.php on line 452 $move_sql = "SELECT pid, topic FROM {$_TABLES['polltopics']}"; $move_rst = DB_query ($move_sql); $count_move = DB_numRows($move_rst); for ($i = 0; $i < $count_move; $i++) { $A = DB_fetchArray($move_rst); $A[1] = mysql_real_escape_string($A[1]); <- HERE **************************** $P_SQL[] = "INSERT INTO {$_TABLES['pollquestions']} (pid, question) VALUES ('{$A[0]}','{$A[1]}');"; } Suggestions? -- Michael Jervis mjervis at gmail.com 504B03041400000008008F846431E3543A820800000006000000060000007765 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 0800000006000000060000000000000000002000000000000000776562676F64 504B05060000000001000100340000002C0000000000 From Randy.Kolenko at nextide.ca Fri May 23 08:13:52 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Fri, 23 May 2008 08:13:52 -0400 Subject: [geeklog-devel] MS SQL Upgrade Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F269E15@nex-pluto.nextide.ca> We'll have to replace the mysql_real_escape_string function with an mssql equivalent. Since there is none, we'll have to revert to **shudder** addslashes dependent upon magic quotes being on/off. > -----Original Message----- > From: Michael Jervis [mailto:mjervis at gmail.com] > Sent: Friday, May 23, 2008 8:07 AM > To: Geeklog Development > Subject: [geeklog-devel] MS SQL Upgrade > > > Just got keys and indicies to sort for the polls plugin > upgrade now, plus this: > > Warning: mysql_real_escape_string() > [function.mysql-real-escape-string]: Access denied for user > 'ODBC'@'localhost' (using password: NO) in > O:\development\geeklog\glsql\sql\updates\mssql_1.4.1_to_1.5.0. > php on line 452 > > $move_sql = "SELECT pid, topic FROM {$_TABLES['polltopics']}"; > $move_rst = DB_query ($move_sql); > $count_move = DB_numRows($move_rst); > for ($i = 0; $i < $count_move; $i++) { > $A = DB_fetchArray($move_rst); > $A[1] = mysql_real_escape_string($A[1]); <- HERE > **************************** > $P_SQL[] = "INSERT INTO {$_TABLES['pollquestions']} (pid, > question) VALUES ('{$A[0]}','{$A[1]}');"; > } > > Suggestions? > > -- > Michael Jervis > mjervis at gmail.com > 504B03041400000008008F846431E3543A820800000006000000060000007765 > 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 > 0800000006000000060000000000000000002000000000000000776562676F64 > 504B05060000000001000100340000002C0000000000 > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From mjervis at gmail.com Fri May 23 08:22:36 2008 From: mjervis at gmail.com (Michael Jervis) Date: Fri, 23 May 2008 13:22:36 +0100 Subject: [geeklog-devel] MS SQL Upgrade In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F269E15@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F269E15@nex-pluto.nextide.ca> Message-ID: <7b42e7470805230522s1de0df5fj87c1b23e3528549e@mail.gmail.com> On Fri, May 23, 2008 at 1:13 PM, Randy Kolenko wrote: > We'll have to replace the mysql_real_escape_string function with an > mssql equivalent. > Since there is none, we'll have to revert to **shudder** addslashes > dependent upon magic quotes being on/off. ARgh. My eyes didn't even pick up it was mysql_real not mssql_... Surely we need to do a replace of ' with '' not an addslashes? From Randy.Kolenko at nextide.ca Fri May 23 08:18:44 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Fri, 23 May 2008 08:18:44 -0400 Subject: [geeklog-devel] MS SQL Upgrade Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F269E16@nex-pluto.nextide.ca> Double Argh... "Morning eyes" for me.. Yes.. Have to replace ' with ''. > -----Original Message----- > From: Michael Jervis [mailto:mjervis at gmail.com] > Sent: Friday, May 23, 2008 8:23 AM > To: Geeklog Development > Subject: Re: [geeklog-devel] MS SQL Upgrade > > > On Fri, May 23, 2008 at 1:13 PM, Randy Kolenko > wrote: > > We'll have to replace the mysql_real_escape_string function with an > > mssql equivalent. Since there is none, we'll have to revert to > > **shudder** addslashes dependent upon magic quotes being on/off. > > ARgh. My eyes didn't even pick up it was mysql_real not mssql_... > > Surely we need to do a replace of ' with '' not an > addslashes? _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From dirk at haun-online.de Fri May 23 08:25:28 2008 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 23 May 2008 14:25:28 +0200 Subject: [geeklog-devel] MS SQL Upgrade In-Reply-To: <7b42e7470805230507n62f8b321uef8a6a3a0a409e5c@mail.gmail.com> References: <7b42e7470805230507n62f8b321uef8a6a3a0a409e5c@mail.gmail.com> Message-ID: <20080523122528.4939223@smtp.haun-online.de> Michael Jervis wrote: > $A[1] = mysql_real_escape_string($A[1]); <- HERE Simply replace it with addslashes? Not sure why we're even using something else there all of a sudden. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From mjervis at gmail.com Fri May 23 08:29:37 2008 From: mjervis at gmail.com (Michael Jervis) Date: Fri, 23 May 2008 13:29:37 +0100 Subject: [geeklog-devel] MS SQL Upgrade In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F269E16@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F269E16@nex-pluto.nextide.ca> Message-ID: <7b42e7470805230529m470b6c8bu36fde7dedbc741dd@mail.gmail.com> On Fri, May 23, 2008 at 1:18 PM, Randy Kolenko wrote: > Double Argh... "Morning eyes" for me.. > Yes.. Have to replace ' with ''. I don't have the morning excuse... Now I get: The statement has been terminated.: The statement has been terminated. - INSERT INTO gl_pollquestions (pid, question) VALUES ('geeklogfeaturepoll','What is the best new feature of Geeklog?'); select SCOPE_IDENTITY() However, there is no select SCOPE_IDENTITY() in the upgrade file. So what is the adapter layer trying to do and why? From Randy.Kolenko at nextide.ca Fri May 23 08:36:03 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Fri, 23 May 2008 08:36:03 -0400 Subject: [geeklog-devel] MS SQL Upgrade Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F111ED7@nex-pluto.nextide.ca> "Select SCOPE_IDENTITY()" is tacked on the end of every insert in the adapter so that you can get the last insetted identity.. If there is no identity column, the select SCOPE_IDENTITY() returns null.. No harm. Seems that there must be a 'qid' value specified for the insert to work. The true error is that there cannot be a NULL value for the qid column. We have to add the qid column in the query OR the qid column needs to be modified to be an identity. > -----Original Message----- > From: Michael Jervis [mailto:mjervis at gmail.com] > Sent: Friday, May 23, 2008 8:30 AM > To: Geeklog Development > Subject: Re: [geeklog-devel] MS SQL Upgrade > > > On Fri, May 23, 2008 at 1:18 PM, Randy Kolenko > wrote: > > Double Argh... "Morning eyes" for me.. > > Yes.. Have to replace ' with ''. > > I don't have the morning excuse... > > Now I get: > > The statement has been terminated.: The statement has been terminated. > - INSERT INTO gl_pollquestions (pid, question) VALUES > ('geeklogfeaturepoll','What is the best new feature of > Geeklog?'); select SCOPE_IDENTITY() > > However, there is no select SCOPE_IDENTITY() in the upgrade file. > > So what is the adapter layer trying to do and why? > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From mjervis at gmail.com Fri May 23 13:31:10 2008 From: mjervis at gmail.com (Michael Jervis) Date: Fri, 23 May 2008 18:31:10 +0100 Subject: [geeklog-devel] MS SQL Upgrade In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F111ED7@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F111ED7@nex-pluto.nextide.ca> Message-ID: <7b42e7470805231031q2c71c32m41e883e4d42775ff@mail.gmail.com> > Seems that there must be a 'qid' value specified for the insert to work. > The true error is that there cannot be a NULL value for the qid column. > We have to add the qid column in the query OR the qid column needs to be > modified to be an identity. Thanks. Right, having investigated that and compared to the mysql update process, mssql and mysql install process I am confused with the keys and indicies for the poll tables. Who did the work on polls? Can someone who did the work or understands it tell me what the schema should be? Should qid be an autonumber/identity field? etc. Cheers, Mike From dirk at haun-online.de Fri May 23 13:44:54 2008 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 23 May 2008 19:44:54 +0200 Subject: [geeklog-devel] MS SQL Upgrade In-Reply-To: <7b42e7470805231031q2c71c32m41e883e4d42775ff@mail.gmail.com> References: <063B8B70CB9DA141B2FC1DB483561B9F111ED7@nex-pluto.nextide.ca> <7b42e7470805231031q2c71c32m41e883e4d42775ff@mail.gmail.com> Message-ID: <20080523174454.5401102@smtp.haun-online.de> Michael Jervis wrote: >Who did the work on polls? Oliver >Can someone who did the work or understands >it tell me what the schema should be? Should qid be an >autonumber/identity field? etc. In 1.5, a polltopic (pid) can have several pollquestions (qid) each of which can have several pollanswers (aid). None of them should be autoincrement, from what I understand. The pid is user-editable and part of the URL. The qid starts over from 0 for every new polltopic. As does the aid, only that it seems to be 1-based. HTH bye, Dirk -- http://www.haun-online.de/accu/ From Randy.Kolenko at nextide.ca Fri May 23 13:47:56 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Fri, 23 May 2008 13:47:56 -0400 Subject: [geeklog-devel] MS SQL Upgrade Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F269E27@nex-pluto.nextide.ca> The issue in the upgrade is that the qid column is a primary key and it cannot be null.. Problem with the query is that its missing the qid value. Question becomes: whats the qid value then? > -----Original Message----- > From: Dirk Haun [mailto:dirk at haun-online.de] > Sent: Friday, May 23, 2008 1:45 PM > To: geeklog-devel > Subject: Re: [geeklog-devel] MS SQL Upgrade > > > Michael Jervis wrote: > > >Who did the work on polls? > > Oliver > > > >Can someone who did the work or understands > >it tell me what the schema should be? Should qid be an > >autonumber/identity field? etc. > > In 1.5, a polltopic (pid) can have several pollquestions > (qid) each of which can have several pollanswers (aid). > > None of them should be autoincrement, from what I understand. > > The pid is user-editable and part of the URL. The qid starts > over from 0 for every new polltopic. As does the aid, only > that it seems to be 1-based. > > HTH > > bye, Dirk > > > -- > http://www.haun-online.de/accu/ > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > From dirk at haun-online.de Fri May 23 14:10:46 2008 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 23 May 2008 20:10:46 +0200 Subject: [geeklog-devel] MS SQL Upgrade In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F269E27@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F269E27@nex-pluto.nextide.ca> Message-ID: <20080523181046.1569931118@smtp.haun-online.de> Randy Kolenko wrote: >The issue in the upgrade is that the qid column is a primary key and it >cannot be null.. >Problem with the query is that its missing the qid value. >Question becomes: whats the qid value then? In 1.4.1, polls only had one question. So during the upgrade they are transferred over and the qid for all of them becomes 0. That bit looks okay to me and it worked with the old polls on geeklog.info. In the MySQL db schema, the primary key is PRIMARY KEY (qid, pid) whereas in the MS SQL schema, only qid is the primary key. That looks like the problem to me. bye, Dirk -- http://www.haun-online.de/ http://geeklog.info/ From Randy.Kolenko at nextide.ca Fri May 23 14:38:33 2008 From: Randy.Kolenko at nextide.ca (Randy Kolenko) Date: Fri, 23 May 2008 14:38:33 -0400 Subject: [geeklog-devel] MS SQL Upgrade Message-ID: <063B8B70CB9DA141B2FC1DB483561B9F111EDB@nex-pluto.nextide.ca> > > In the MySQL db schema, the primary key is > > PRIMARY KEY (qid, pid) > > whereas in the MS SQL schema, only qid is the primary key. > That looks like the problem to me. > True -- its one of the problems. The other is that the qid column needs a default value of '0' as shown here in the mysql install sql: $_SQL[] = " CREATE TABLE {$_TABLES['pollquestions']} ( qid mediumint(9) NOT NULL DEFAULT '0', pid varchar(20) NOT NULL, question varchar(255) NOT NULL, PRIMARY KEY (qid, pid) ) TYPE=MyISAM "; Which now means that we have to alter the mssql version to look like this: CREATE TABLE [dbo].[gl_pollquestions] ( [qid] [int] NOT NULL , [pid] [varchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , [question] [varchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ) ON [PRIMARY] GO ALTER TABLE [dbo].[gl_pollquestions] ADD CONSTRAINT [DF_gl_pollquestions_qid] DEFAULT (0) FOR [qid], CONSTRAINT [PK_gl_pollquestions] PRIMARY KEY CLUSTERED ( [qid], [pid] ) ON [PRIMARY] GO From mjervis at gmail.com Fri May 23 15:37:23 2008 From: mjervis at gmail.com (Michael Jervis) Date: Fri, 23 May 2008 20:37:23 +0100 Subject: [geeklog-devel] MS SQL Upgrade In-Reply-To: <063B8B70CB9DA141B2FC1DB483561B9F111EDB@nex-pluto.nextide.ca> References: <063B8B70CB9DA141B2FC1DB483561B9F111EDB@nex-pluto.nextide.ca> Message-ID: <7b42e7470805231237i340d9586kc38e1e5281a52f58@mail.gmail.com> Ah yes, I was a little confused running through it today. I believe that with this thread as a reference and the SQL I've tuned with a working MS SQL environment so far I can now fix it up properly tomorrow, provided the kids give me the peace to do so. I have media and probably the right to use a licence for SQL 2000 Developer edition on an environment so I will /try/ and establish that and finish it off over the weekend as I get time. Cheers, Mike On Fri, May 23, 2008 at 7:38 PM, Randy Kolenko wrote: >> >> In the MySQL db schema, the primary key is >> >> PRIMARY KEY (qid, pid) >> >> whereas in the MS SQL schema, only qid is the primary key. >> That looks like the problem to me. >> > > > True -- its one of the problems. The other is that the qid column needs > a default value of '0' as shown here in the mysql install sql: > > $_SQL[] = " > CREATE TABLE {$_TABLES['pollquestions']} ( > qid mediumint(9) NOT NULL DEFAULT '0', > pid varchar(20) NOT NULL, > question varchar(255) NOT NULL, > PRIMARY KEY (qid, pid) > ) TYPE=MyISAM > "; > > > Which now means that we have to alter the mssql version to look like > this: > > > > CREATE TABLE [dbo].[gl_pollquestions] ( > [qid] [int] NOT NULL , > [pid] [varchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT > NULL , > [question] [varchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS > NULL > ) ON [PRIMARY] > GO > > ALTER TABLE [dbo].[gl_pollquestions] ADD > CONSTRAINT [DF_gl_pollquestions_qid] DEFAULT (0) FOR [qid], > CONSTRAINT [PK_gl_pollquestions] PRIMARY KEY CLUSTERED > ( > [qid], > [pid] > ) ON [PRIMARY] > GO > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -- Michael Jervis mjervis at gmail.com 504B03041400000008008F846431E3543A820800000006000000060000007765 62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82 0800000006000000060000000000000000002000000000000000776562676F64 504B05060000000001000100340000002C0000000000 From joe at ThrowingDice.com Fri May 23 22:28:49 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Fri, 23 May 2008 22:28:49 -0400 Subject: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/public_html/admin/plugins/calendar index.php, 1.35, 1.36 In-Reply-To: <20080523202459.EE19810FE12@qs1489.pair.com> References: <20080523202459.EE19810FE12@qs1489.pair.com> Message-ID: <0K1C004YZPK1AJ20@mta3.srv.hcvlny.cv.net> At 04:24 PM 5/23/2008, Dirk Haun wrote: >Check the token inside CALENDAR_saveEvent so user can use the back >button in case of missing fields Obviously you've just discovered a new Best Practice regarding placement of the call to SEC_checkToken(). Is there any documentation on the token stuff? There's no wiki pages for 1.5 yet. (Well, there's the pdf of the database layout.) ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Sun May 25 05:50:54 2008 From: dirk at haun-online.de (Dirk Haun) Date: Sun, 25 May 2008 11:50:54 +0200 Subject: [geeklog-devel] geeklog.net on 1.5.0 - and a db problem Message-ID: <20080525095054.8085923@smtp.haun-online.de> So geeklog.net is now running on 1.5.0. Thanks to everyone who helped in the final spurt during the last few days. If you notice any problems on geeklog.net, let me know ASAP. Thanks. I ran into one problem: MySQL complained about the "urlfor" field in gl_tokens. It's a VARCHAR field and at least in MySQL 4.0, those are still restricted to 255 characters. I've patched it in CVS for now. Suggestions on how to proceed? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From macosx at rocteur.cc Sun May 25 07:03:13 2008 From: macosx at rocteur.cc (Jerry Rocteur) Date: Sun, 25 May 2008 13:03:13 +0200 Subject: [geeklog-devel] geeklog.net on 1.5.0 - and a db problem In-Reply-To: <20080525095054.8085923@smtp.haun-online.de> References: <20080525095054.8085923@smtp.haun-online.de> Message-ID: <20080525110312.GG16054@incc-g5.telenet.be> * Dirk Haun [2008-05-25 11:59]: > So geeklog.net is now running on 1.5.0. Thanks to everyone who helped in > the final spurt during the last few days. > > If you notice any problems on geeklog.net, let me know ASAP. Thanks. > > > I ran into one problem: MySQL complained about the "urlfor" field in > gl_tokens. It's a VARCHAR field and at least in MySQL 4.0, those are > still restricted to 255 characters. > > I've patched it in CVS for now. Suggestions on how to proceed? > > bye, Dirk Hi, Great stuff for 1.5.0, I'm looking forward to updating my sites. I can't believe that nobody tried to jazz up geeklog.net for 1.5.0 a little bit, it is still the same boring old theme. Just to celebrate 1.50 ?? geeklog.net is the showroom of Geeklog, unbelievable ! Are Geeklog developers so un artistic and/or boring ? Regards, -- _ Jerry Rocteur MACosX at rocteur.CC _|_|_ http://www.rocteur.cc (0 0) MSN macosx at rocteur.cc ooO--(_)--Ooo Jabber jerry at jabber.rocteur.cc _________________________________________________ [06:23:57 rocteur.cc /Users/jerry] From mark at the-howards.net Sun May 25 11:53:15 2008 From: mark at the-howards.net (Mark Howard) Date: Sun, 25 May 2008 11:53:15 -0400 Subject: [geeklog-devel] geeklog.net on 1.5.0 - and a db problem In-Reply-To: <20080525095054.8085923@smtp.haun-online.de> References: <20080525095054.8085923@smtp.haun-online.de> Message-ID: <01ec01c8be7f$728e94d0$57abbe70$@net> Hi Dirk - Would declaring the fieldtype as TEXT provide data value compatibility? While not as cool as it could be, fields of type TEXT are ostensibly equivalent to VARCHAR, with the following differences: From: http://dev.mysql.com/doc/refman/5.0/en/blob.html --- excerpt --- In most respects, you can regard a BLOB column as a VARBINARY column that can be as large as you like. Similarly, you can regard a TEXT column as a VARCHAR column. BLOB and TEXT differ from VARBINARY and VARCHAR in the following ways: * There is no trailing-space removal for BLOB and TEXT columns when values are stored or retrieved. Before MySQL 5.0.3, this differs from VARBINARY and VARCHAR, for which trailing spaces are removed when values are stored. On comparisons, TEXT is space extended to fit the compared object, exactly like CHAR and VARCHAR. * For indexes on BLOB and TEXT columns, you must specify an index prefix length. For CHAR and VARCHAR, a prefix length is optional. See Section 7.4.3, "Column Indexes". * BLOB and TEXT columns cannot have DEFAULT values. LONG and LONG VARCHAR map to the MEDIUMTEXT data type. This is a compatibility feature. If you use the BINARY attribute with a TEXT data type, the column is assigned the binary collation of the column character set. MySQL Connector/ODBC defines BLOB values as LONGVARBINARY and TEXT values as LONGVARCHAR. --- cut here --- Also - I have this link in my favorite MySQL bookmarks: http://dev.mysql.com/doc/refman/5.0/en/storage-requirements.html Not sure how this approach would applu to MSSQL, it requires additional research, which doesn't make sense to do if this doesn't work for you in MySQL. ;^) Best regards. -m -----Original Message----- From: geeklog-devel-bounces at lists.geeklog.net [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun Sent: Sunday, May 25, 2008 5:51 AM To: geeklog-devel Subject: [geeklog-devel] geeklog.net on 1.5.0 - and a db problem So geeklog.net is now running on 1.5.0. Thanks to everyone who helped in the final spurt during the last few days. If you notice any problems on geeklog.net, let me know ASAP. Thanks. I ran into one problem: MySQL complained about the "urlfor" field in gl_tokens. It's a VARCHAR field and at least in MySQL 4.0, those are still restricted to 255 characters. I've patched it in CVS for now. Suggestions on how to proceed? bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From eakwarren at gmail.com Sun May 25 15:30:27 2008 From: eakwarren at gmail.com (Eric Warren) Date: Sun, 25 May 2008 13:30:27 -0600 Subject: [geeklog-devel] 1.5.0 Themes - was geeklog.net on 1.5.0 - and a db problem In-Reply-To: <20080525110312.GG16054@incc-g5.telenet.be> References: <20080525095054.8085923@smtp.haun-online.de> <20080525110312.GG16054@incc-g5.telenet.be> Message-ID: > Hi, > > Great stuff for 1.5.0, I'm looking forward to updating my sites. > > I can't believe that nobody tried to jazz up geeklog.net for 1.5.0 a > little bit, it is still the same boring old theme. Just to celebrate 1.50 > ?? > gl Labs (www.gllabs.org) will be releasing a 1.5 compatible version of our Nouveau theme (see it in action at http://nouveau.gllabs.org) once Geeklog v1.5 final is released. (The 1.4.1 compatible version has been released and can be found at http://www.gllabs.org/filemgmt/index.php?id=191.) If you follow the mailing list, you'll notice there was an effort to update the look of Geeklog, but ultimately it was rejected/postponed by Dirk, even though several of the other core devs voiced their favor of the new theme. I understand Dirk's reasoning in not wanting to support/maintain multiple themes in the release tarball. He has offered to create a link to our theme on geeklog.net below the link to download v1.5, so I think the effort hasn't completely fallen on deaf ears. :-) > Are Geeklog developers so un artistic and/or boring ? > That's a strong statement, and one that I wouldn't go on record as saying. I would say though that developers in general have different priorities, focuses and strengths. For instance, my interests, talents, and emphasis lie in theme design, GUI, etc. Mark Evans, one of my associates at gl Labs, has coding skills for the "under-the-hood" stuff, but self-admittedly isn't strong in the graphic design area. This is what makes our working relationship so great, our strengths and weaknesses balance one another. If anything, I would say that the core devs are focused on the infrastructure and inner workings of Geeklog, rather than its exterior appearance. This isn't necessarily a bad thing, ...but without the coupling of function *with* form, yes, the end result is a somewhat dated look. Thx! Eric > Regards, > -- > _ Jerry Rocteur From eakwarren at gmail.com Wed May 28 10:38:36 2008 From: eakwarren at gmail.com (Eric Warren) Date: Wed, 28 May 2008 08:38:36 -0600 Subject: [geeklog-devel] system messages Message-ID: I've noticed that it is difficult to directly style the system message box. Dirk, in lib-common.php would you be willing to change: . '

    ' . $message . '

    ' to: . '

    ' . $message . '

    ' and then include the following in style.css: .sysmessage img { border:none; float:left; padding-bottom:3px; padding-right:5px; } This would remove hard-coded styling and allow greater layout flexibility in styling the system message. Thx! Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at tonybibbs.com Wed May 28 11:44:24 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Wed, 28 May 2008 08:44:24 -0700 (PDT) Subject: [geeklog-devel] Atom publishing Message-ID: <817154.87818.qm@web708.biz.mail.mud.yahoo.com> Is this enabled on gl.net? Tried testing this by using the "blog this" option from Flickr.com. I gave the atom endpoint of http://www.geeklog.net/webservices/atom/index.php but it says it isn't a valid atom endpoint. Maybe I gave the wrong URL? --Tony From dirk at haun-online.de Wed May 28 13:00:17 2008 From: dirk at haun-online.de (Dirk Haun) Date: Wed, 28 May 2008 19:00:17 +0200 Subject: [geeklog-devel] Atom publishing In-Reply-To: <817154.87818.qm@web708.biz.mail.mud.yahoo.com> References: <817154.87818.qm@web708.biz.mail.mud.yahoo.com> Message-ID: <20080528170017.1014491411@smtp.haun-online.de> Tony Bibbs wrote: >Is this enabled on gl.net? Tried testing this by using the "blog this" >option from Flickr.com. Two reasons why it doesn't work: 1) geeklog.net is in PHP 4. That feature requires PHP 5. 2) Flickr uses WSSE authentication. Which we can't support since it requires us to know the user's _unencrypted_ password. Instructions are in the wiki, btw: bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From tony at tonybibbs.com Thu May 29 12:46:25 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 29 May 2008 09:46:25 -0700 (PDT) Subject: [geeklog-devel] Atom publishing Message-ID: <535215.78432.qm@web704.biz.mail.mud.yahoo.com> [snip] 2) Flickr uses WSSE authentication. Which we can't support since it requires us to know the user's _unencrypted_ password. [/snip] Thought about a password field in the DB separate from the current one used only for web services? I'm thinking of one that could be still encrypted with, say PEAR's Crypt_Blowfish library but only usable to make WS calls? Not sure how many ATOM clients use WSSE so maybe it's not worth the effort. --Tony From dracul01 at gmail.com Thu May 29 13:46:32 2008 From: dracul01 at gmail.com (Damien Hodgkin) Date: Thu, 29 May 2008 13:46:32 -0400 Subject: [geeklog-devel] Atom publishing In-Reply-To: <535215.78432.qm@web704.biz.mail.mud.yahoo.com> References: <535215.78432.qm@web704.biz.mail.mud.yahoo.com> Message-ID: <200805291346.36384.dracul01@gmail.com> In order for the ATOM enabled site to work properly with what you need, you need to have your password properly setup and passed to the site as a "digest" ie. 1. create a "nonce" 2. get the timestamp the nonce was created on in W3DTF format: 2003-12-15T14:43:07Z 3. create your password digest: $PasswordDigest = Base64(SHA1("nonce goes here" + "Timestamp" + "password")) Then you would send the PasswordDigest like this: POST /atom.php HTTP/1.1 Host: www.example.com Content-Type: application/atom+xml Authorization: WSSE profile="UsernameToken" <--- must always be UsernameToken X-WSSE: UsernameToken Username="$User", PasswordDigest="$PasswordDigest", Nonce="$Nonce", Created="$TimeStamp" FOO $TimeStamp

    Foo Bar

         This looks confusing, but in all actuality it's pretty simple. And really shouldn't be too hard to implement in PHP4. Hope this info helps. On Thursday 29 May 2008 12:46:25 pm Tony Bibbs wrote: > [snip] > 2) Flickr uses WSSE authentication. Which we can't support since it > requires us to know the user's _unencrypted_ password. > [/snip] > > Thought about a password field in the DB separate from the current one used > only for web services? I'm thinking of one that could be still encrypted > with, say PEAR's Crypt_Blowfish library but only usable to make WS calls? > > Not sure how many ATOM clients use WSSE so maybe it's not worth the effort. > > --Tony > > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel -- Best Regards, Damien ------------- "Think for yourself and question authority." - Timothy Leary -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part. URL: From dirk at haun-online.de Thu May 29 14:48:39 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 29 May 2008 20:48:39 +0200 Subject: [geeklog-devel] Atom publishing Message-ID: <20080529184839.840988666@smtp.haun-online.de> (sigh, this was supposed to go to the list) Damien Hodgkin wrote: >1. create a "nonce" (snip) There is actually a working WSSE implementation in system/lib- webservices.php. It's commented out, though. But if you had the user's unencrypted password, you could use it. I tested it with a hack where I simply used the password hash as my "password" on the other end. That's very insecure of course and I only used it on a test setup. None of this went into Geeklog's code. bye, Dirk -- http://www.haun-online.de/accu/ From tony at tonybibbs.com Thu May 29 16:09:37 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 29 May 2008 13:09:37 -0700 (PDT) Subject: [geeklog-devel] Atom publishing Message-ID: <543096.20368.qm@web707.biz.mail.mud.yahoo.com> That said, my original question is still valid. If we stored a password encrypted some 2-way cipher in the DB you could 1) get encrypted PW from DB 2) decrypt using cipher 3) compare the pw from #2 against the WSSE request using the sha of WSSE's nonce, timestamp and the pw Ideas is that pw could be optionally stored for only web service users and would be different from the normal gl password. I would also assume this could optionally require submission approval. --Tony ----- Original Message ---- From: Dirk Haun To: geeklog-devel Sent: Thursday, May 29, 2008 1:48:39 PM Subject: Re: [geeklog-devel] Atom publishing (sigh, this was supposed to go to the list) Damien Hodgkin wrote: >1. create a "nonce" (snip) There is actually a working WSSE implementation in system/lib- webservices.php. It's commented out, though. But if you had the user's unencrypted password, you could use it. I tested it with a hack where I simply used the password hash as my "password" on the other end. That's very insecure of course and I only used it on a test setup. None of this went into Geeklog's code. bye, Dirk -- http://www.haun-online.de/accu/ _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From tony at tonybibbs.com Thu May 29 16:57:45 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 29 May 2008 13:57:45 -0700 (PDT) Subject: [geeklog-devel] For my friend, Vinny Message-ID: <687962.80040.qm@web704.biz.mail.mud.yahoo.com> Lol, so we are getting serious for the GL2 alpha and the ACL stuff is mostly done minus one real PITA. For reference there's been this page: http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 So we've done some incarnation of everything there minus the last section called: "Selecting Multiple Items Based on Permissions" Any chance you have the "how" part of that? My brain is hurting. Why: Groups can be tied in a complex web (not necessarily hierarchical). For example Group B belongs to Group A Group C belongs to Group B Group 2 belongs to Group 1 Group 3 belongs to Group 2 Group 3 belongs to Group B That's a worst case scenario but me-thinks it'd be awful hard to do in SQL. --Tony From joe at ThrowingDice.com Thu May 29 16:37:24 2008 From: joe at ThrowingDice.com (Joe Mucchiello) Date: Thu, 29 May 2008 16:37:24 -0400 Subject: [geeklog-devel] Atom publishing In-Reply-To: <543096.20368.qm@web707.biz.mail.mud.yahoo.com> References: <543096.20368.qm@web707.biz.mail.mud.yahoo.com> Message-ID: <0K1N00AECDAGPHT0@mta5.srv.hcvlny.cv.net> Where do you store the cipher key? At 04:09 PM 5/29/2008, Tony Bibbs wrote: >That said, my original question is still valid. If we stored a >password encrypted some 2-way cipher in the DB you could ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com From dirk at haun-online.de Thu May 29 16:58:27 2008 From: dirk at haun-online.de (Dirk Haun) Date: Thu, 29 May 2008 22:58:27 +0200 Subject: [geeklog-devel] Atom publishing In-Reply-To: <543096.20368.qm@web707.biz.mail.mud.yahoo.com> References: <543096.20368.qm@web707.biz.mail.mud.yahoo.com> Message-ID: <20080529205827.104124828@smtp.haun-online.de> Tony Bibbs wrote: >Ideas is that pw could be optionally stored for only web service users >and would be different from the normal gl password. Since you would enter your password on a 3rd-party site, that sounds like a good idea to me. bye, Dirk -- http://www.haun-online.de/ http://spam.tinyweb.net/ From tony at tonybibbs.com Thu May 29 17:19:10 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 29 May 2008 14:19:10 -0700 (PDT) Subject: [geeklog-devel] Atom publishing Message-ID: <87808.21695.qm@web701.biz.mail.mud.yahoo.com> Dunno, pick a place. a .txt file on the file system?!? In that case the system would want to ensure the .txt file is locked down permission-wise. I think your point is where ever we store it we'd better lock it down best as we can. Couldn't agree more. --Tony ----- Original Message ---- From: Joe Mucchiello To: Geeklog Development Sent: Thursday, May 29, 2008 3:37:24 PM Subject: Re: [geeklog-devel] Atom publishing Where do you store the cipher key? At 04:09 PM 5/29/2008, Tony Bibbs wrote: >That said, my original question is still valid. If we stored a >password encrypted some 2-way cipher in the DB you could ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel From vfuria at gmail.com Thu May 29 17:34:02 2008 From: vfuria at gmail.com (Vincent Furia) Date: Thu, 29 May 2008 15:34:02 -0600 Subject: [geeklog-devel] Atom publishing In-Reply-To: <87808.21695.qm@web701.biz.mail.mud.yahoo.com> References: <87808.21695.qm@web701.biz.mail.mud.yahoo.com> Message-ID: <8319e2d60805291434j25fb3f99k1ea212dab332d619@mail.gmail.com> Why encrypt the web services password at all? There is a good chance, if an attacker has access to your database he has access to your filesystem (and the encryption key). Additionally, what a person can do from a third party web site should be limited for security reasons anyway. -Vinny On Thu, May 29, 2008 at 3:19 PM, Tony Bibbs wrote: > Dunno, pick a place. a .txt file on the file system?!? In that case the > system would want to ensure the .txt file is locked down permission-wise. > > I think your point is where ever we store it we'd better lock it down best > as we can. Couldn't agree more. > > --Tony > > ----- Original Message ---- > From: Joe Mucchiello > To: Geeklog Development > Sent: Thursday, May 29, 2008 3:37:24 PM > Subject: Re: [geeklog-devel] Atom publishing > > Where do you store the cipher key? > > At 04:09 PM 5/29/2008, Tony Bibbs wrote: > >That said, my original question is still valid. If we stored a > >password encrypted some 2-way cipher in the DB you could > > ---- > Joe Mucchiello > Throwing Dice Games > http://www.throwingdice.com > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at tonybibbs.com Thu May 29 17:44:20 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 29 May 2008 14:44:20 -0700 (PDT) Subject: [geeklog-devel] Atom publishing Message-ID: <423316.49968.qm@web706.biz.mail.mud.yahoo.com> Yeah, I thought the same thing. I guess my only additional justification is that doing the encryption isn't much work and it would require some hunting and pecking (e.g. what files use this database, where's the code that looks up the key, where's they key). Your last point about limiting what you can do remotely makes sense which gets to what I said about also considering having remotely published stuff going to submission queues. --Tony ----- Original Message ---- From: Vincent Furia To: Geeklog Development Sent: Thursday, May 29, 2008 4:34:02 PM Subject: Re: [geeklog-devel] Atom publishing Why encrypt the web services password at all? There is a good chance, if an attacker has access to your database he has access to your filesystem (and the encryption key). Additionally, what a person can do from a third party web site should be limited for security reasons anyway. -Vinny On Thu, May 29, 2008 at 3:19 PM, Tony Bibbs wrote: Dunno, pick a place. a .txt file on the file system?!? In that case the system would want to ensure the .txt file is locked down permission-wise. I think your point is where ever we store it we'd better lock it down best as we can. Couldn't agree more. --Tony ----- Original Message ---- From: Joe Mucchiello To: Geeklog Development Sent: Thursday, May 29, 2008 3:37:24 PM Subject: Re: [geeklog-devel] Atom publishing Where do you store the cipher key? At 04:09 PM 5/29/2008, Tony Bibbs wrote: >That said, my original question is still valid. If we stored a >password encrypted some 2-way cipher in the DB you could ---- Joe Mucchiello Throwing Dice Games http://www.throwingdice.com _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From vfuria at gmail.com Thu May 29 18:17:01 2008 From: vfuria at gmail.com (Vincent Furia) Date: Thu, 29 May 2008 16:17:01 -0600 Subject: [geeklog-devel] For my friend, Vinny In-Reply-To: <687962.80040.qm@web704.biz.mail.mud.yahoo.com> References: <687962.80040.qm@web704.biz.mail.mud.yahoo.com> Message-ID: <8319e2d60805291517t197b7521o3f320efb07cc65f9@mail.gmail.com> Like in GL 1.4.x, you'd have to resolve the total set of group membership before doing the query. Since you're caching credentials anyway, you could cache the total group membership as well. So, in your example, a user in group 3 would have a total group membership of 3, B, 2, 1, A. The the query would check for rights for all those groups, and "and" the results together (getting the highest level of access granted to those groups). There a couple of levels where we can cache this data. It probably makes sense to keep it denormalized in the user table or the group table and update all users when a group memberships are modified. It can also be cached in the session, but then you run the risk of updating groups membership not being recognized until the session expires. Let me know if additional/better explanation is needed. I'm not sure I did all that good a job of describing what I meant. -Vinny On Thu, May 29, 2008 at 2:57 PM, Tony Bibbs wrote: > Lol, so we are getting serious for the GL2 alpha and the ACL stuff is > mostly done minus one real PITA. For reference there's been this page: > > http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 > > So we've done some incarnation of everything there minus the last section > called: > > "Selecting Multiple Items Based on Permissions" > > Any chance you have the "how" part of that? My brain is hurting. Why: > > Groups can be tied in a complex web (not necessarily hierarchical). For > example > > Group B belongs to Group A > Group C belongs to Group B > Group 2 belongs to Group 1 > Group 3 belongs to Group 2 > Group 3 belongs to Group B > > That's a worst case scenario but me-thinks it'd be awful hard to do in SQL. > > --Tony > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tony at tonybibbs.com Thu May 29 18:25:21 2008 From: tony at tonybibbs.com (Tony Bibbs) Date: Thu, 29 May 2008 15:25:21 -0700 (PDT) Subject: [geeklog-devel] For my friend, Vinny Message-ID: <428648.45962.qm@web705.biz.mail.mud.yahoo.com> Yeah, that's pretty much where I was going with it. We've been talking about this pretty much all day and we think while this complexity is nice we need to consider using three basic levels of security checking: 1) Blog: Single user blogging about their own stuff. They never intend to have their site act in any other capacity so no need to complicate the use of ACLs. 2) Community: This would essentially work just like 1.x 3) Enterprise: This would come with a full set of ACLs checks per our current discussion. I'm not sure about the need for both 2 and 3 but I do feel strongly about needing #1. In fact Michael suggested that during the install we should ask how they intend to use the software to help them pick the right path. Thoughts? --Tony ----- Original Message ---- From: Vincent Furia To: Geeklog Development Sent: Thursday, May 29, 2008 5:17:01 PM Subject: Re: [geeklog-devel] For my friend, Vinny Like in GL 1.4.x, you'd have to resolve the total set of group membership before doing the query. Since you're caching credentials anyway, you could cache the total group membership as well. So, in your example, a user in group 3 would have a total group membership of 3, B, 2, 1, A. The the query would check for rights for all those groups, and "and" the results together (getting the highest level of access granted to those groups). There a couple of levels where we can cache this data. It probably makes sense to keep it denormalized in the user table or the group table and update all users when a group memberships are modified. It can also be cached in the session, but then you run the risk of updating groups membership not being recognized until the session expires. Let me know if additional/better explanation is needed. I'm not sure I did all that good a job of describing what I meant. -Vinny On Thu, May 29, 2008 at 2:57 PM, Tony Bibbs wrote: Lol, so we are getting serious for the GL2 alpha and the ACL stuff is mostly done minus one real PITA. For reference there's been this page: http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 So we've done some incarnation of everything there minus the last section called: "Selecting Multiple Items Based on Permissions" Any chance you have the "how" part of that? My brain is hurting. Why: Groups can be tied in a complex web (not necessarily hierarchical). For example Group B belongs to Group A Group C belongs to Group B Group 2 belongs to Group 1 Group 3 belongs to Group 2 Group 3 belongs to Group B That's a worst case scenario but me-thinks it'd be awful hard to do in SQL. --Tony _______________________________________________ geeklog-devel mailing list geeklog-devel at lists.geeklog.net http://eight.pairlist.net/mailman/listinfo/geeklog-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From vfuria at gmail.com Thu May 29 18:29:45 2008 From: vfuria at gmail.com (Vincent Furia) Date: Thu, 29 May 2008 16:29:45 -0600 Subject: [geeklog-devel] For my friend, Vinny In-Reply-To: <428648.45962.qm@web705.biz.mail.mud.yahoo.com> References: <428648.45962.qm@web705.biz.mail.mud.yahoo.com> Message-ID: <8319e2d60805291529r7f220beaifaf1ff29fec71e24@mail.gmail.com> The reason why I suggested ACLs when we started working on GL2 was flexibility. It is basically just a GUI change to present 1, 2 or 3 to the user. The backend can be exactly the same for all 3. I imagine it would be pretty easy to make a configuration option that was. Choose access level control: 1. One site user, no complex ACLs 2. Legacy Geeklog 1.x 3. Full ACL support And then adjust the GUI based on that choice. Obviously you'd have to come up with better descriptions than those I made on the fly above. -Vinny On Thu, May 29, 2008 at 4:25 PM, Tony Bibbs wrote: > Yeah, that's pretty much where I was going with it. We've been talking > about this pretty much all day and we think while this complexity is nice we > need to consider using three basic levels of security checking: > > 1) Blog: Single user blogging about their own stuff. They never intend to > have their site act in any other capacity so no need to complicate the use > of ACLs. > 2) Community: This would essentially work just like 1.x > 3) Enterprise: This would come with a full set of ACLs checks per our > current discussion. > > I'm not sure about the need for both 2 and 3 but I do feel strongly about > needing #1. In fact Michael suggested that during the install we should ask > how they intend to use the software to help them pick the right path. > > Thoughts? > > --Tony > > > ----- Original Message ---- > From: Vincent Furia > To: Geeklog Development > Sent: Thursday, May 29, 2008 5:17:01 PM > Subject: Re: [geeklog-devel] For my friend, Vinny > > Like in GL 1.4.x, you'd have to resolve the total set of group membership > before doing the query. Since you're caching credentials anyway, you could > cache the total group membership as well. So, in your example, a user in > group 3 would have a total group membership of 3, B, 2, 1, A. The the query > would check for rights for all those groups, and "and" the results together > (getting the highest level of access granted to those groups). > > There a couple of levels where we can cache this data. It probably makes > sense to keep it denormalized in the user table or the group table and > update all users when a group memberships are modified. It can also be > cached in the session, but then you run the risk of updating groups > membership not being recognized until the session expires. > > Let me know if additional/better explanation is needed. I'm not sure I did > all that good a job of describing what I meant. > > -Vinny > > On Thu, May 29, 2008 at 2:57 PM, Tony Bibbs wrote: > >> Lol, so we are getting serious for the GL2 alpha and the ACL stuff is >> mostly done minus one real PITA. For reference there's been this page: >> >> http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 >> >> So we've done some incarnation of everything there minus the last section >> called: >> >> "Selecting Multiple Items Based on Permissions" >> >> Any chance you have the "how" part of that? My brain is hurting. Why: >> >> Groups can be tied in a complex web (not necessarily hierarchical). For >> example >> >> Group B belongs to Group A >> Group C belongs to Group B >> Group 2 belongs to Group 1 >> Group 3 belongs to Group 2 >> Group 3 belongs to Group B >> >> That's a worst case scenario but me-thinks it'd be awful hard to do in >> SQL. >> >> --Tony >> >> >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> > > > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.tutty at gmail.com Thu May 29 20:08:15 2008 From: michael.tutty at gmail.com (Michael Tutty) Date: Thu, 29 May 2008 19:08:15 -0500 Subject: [geeklog-devel] For my friend, Vinny In-Reply-To: <8319e2d60805291529r7f220beaifaf1ff29fec71e24@mail.gmail.com> References: <428648.45962.qm@web705.biz.mail.mud.yahoo.com> <8319e2d60805291529r7f220beaifaf1ff29fec71e24@mail.gmail.com> Message-ID: <62d0f2020805291708o4cb72109v546a87c70ede76d6@mail.gmail.com> Vinny, While you're right that the GUI could be different, there are also different optimizations at the different levels. I suggested that we get the "blog" ACL module working, since relatively slow code won't matter there. Then as we move to the more complex models, we can either keep the simpler code as-is, or make the more robust module handle the lower-level stuff. M. On 5/29/08, Vincent Furia wrote: > The reason why I suggested ACLs when we started working on GL2 was > flexibility. It is basically just a GUI change to present 1, 2 or 3 to the > user. The backend can be exactly the same for all 3. I imagine it would be > pretty easy to make a configuration option that was. > > Choose access level control: > 1. One site user, no complex ACLs > 2. Legacy Geeklog 1.x > 3. Full ACL support > > And then adjust the GUI based on that choice. Obviously you'd have to come > up with better descriptions than those I made on the fly above. > > -Vinny > > On Thu, May 29, 2008 at 4:25 PM, Tony Bibbs wrote: > >> Yeah, that's pretty much where I was going with it. We've been talking >> about this pretty much all day and we think while this complexity is nice >> we >> need to consider using three basic levels of security checking: >> >> 1) Blog: Single user blogging about their own stuff. They never intend to >> have their site act in any other capacity so no need to complicate the use >> of ACLs. >> 2) Community: This would essentially work just like 1.x >> 3) Enterprise: This would come with a full set of ACLs checks per our >> current discussion. >> >> I'm not sure about the need for both 2 and 3 but I do feel strongly about >> needing #1. In fact Michael suggested that during the install we should >> ask >> how they intend to use the software to help them pick the right path. >> >> Thoughts? >> >> --Tony >> >> >> ----- Original Message ---- >> From: Vincent Furia >> To: Geeklog Development >> Sent: Thursday, May 29, 2008 5:17:01 PM >> Subject: Re: [geeklog-devel] For my friend, Vinny >> >> Like in GL 1.4.x, you'd have to resolve the total set of group membership >> before doing the query. Since you're caching credentials anyway, you >> could >> cache the total group membership as well. So, in your example, a user in >> group 3 would have a total group membership of 3, B, 2, 1, A. The the >> query >> would check for rights for all those groups, and "and" the results >> together >> (getting the highest level of access granted to those groups). >> >> There a couple of levels where we can cache this data. It probably makes >> sense to keep it denormalized in the user table or the group table and >> update all users when a group memberships are modified. It can also be >> cached in the session, but then you run the risk of updating groups >> membership not being recognized until the session expires. >> >> Let me know if additional/better explanation is needed. I'm not sure I >> did >> all that good a job of describing what I meant. >> >> -Vinny >> >> On Thu, May 29, 2008 at 2:57 PM, Tony Bibbs wrote: >> >>> Lol, so we are getting serious for the GL2 alpha and the ACL stuff is >>> mostly done minus one real PITA. For reference there's been this page: >>> >>> http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 >>> >>> So we've done some incarnation of everything there minus the last section >>> called: >>> >>> "Selecting Multiple Items Based on Permissions" >>> >>> Any chance you have the "how" part of that? My brain is hurting. Why: >>> >>> Groups can be tied in a complex web (not necessarily hierarchical). For >>> example >>> >>> Group B belongs to Group A >>> Group C belongs to Group B >>> Group 2 belongs to Group 1 >>> Group 3 belongs to Group 2 >>> Group 3 belongs to Group B >>> >>> That's a worst case scenario but me-thinks it'd be awful hard to do in >>> SQL. >>> >>> --Tony >>> >>> >>> _______________________________________________ >>> geeklog-devel mailing list >>> geeklog-devel at lists.geeklog.net >>> http://eight.pairlist.net/mailman/listinfo/geeklog-devel >>> >> >> >> >> _______________________________________________ >> geeklog-devel mailing list >> geeklog-devel at lists.geeklog.net >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel >> >> > -- Sent from Gmail for mobile | mobile.google.com From casual.dodo at gmail.com Thu May 29 20:22:32 2008 From: casual.dodo at gmail.com (Ramnath R Iyer) Date: Thu, 29 May 2008 20:22:32 -0400 Subject: [geeklog-devel] Atom publishing In-Reply-To: <8319e2d60805291434j25fb3f99k1ea212dab332d619@mail.gmail.com> References: <87808.21695.qm@web701.biz.mail.mud.yahoo.com> <8319e2d60805291434j25fb3f99k1ea212dab332d619@mail.gmail.com> Message-ID: <200805292022.36086.casual.dodo@gmail.com> On Thursday 29 May 2008 17:34:02 Vincent Furia wrote: > Why encrypt the web services password at all? There is a good chance, if > an attacker has access to your database he has access to your filesystem > (and the encryption key). Additionally, what a person can do from a third > party web site should be limited for security reasons anyway. One good reason for encrypting the password is to prevent the website owner from knowing the user's passwords. For example, the user might be using the same password for many mail accounts too. -- Ramnath R Iyer > -Vinny > > On Thu, May 29, 2008 at 3:19 PM, Tony Bibbs wrote: > > Dunno, pick a place. a .txt file on the file system?!? In that case the > > system would want to ensure the .txt file is locked down permission-wise. > > > > I think your point is where ever we store it we'd better lock it down > > best as we can. Couldn't agree more. > > > > --Tony > > > > ----- Original Message ---- > > From: Joe Mucchiello > > To: Geeklog Development > > Sent: Thursday, May 29, 2008 3:37:24 PM > > Subject: Re: [geeklog-devel] Atom publishing > > > > Where do you store the cipher key? > > > > At 04:09 PM 5/29/2008, Tony Bibbs wrote: > > >That said, my original question is still valid. If we stored a > > >password encrypted some 2-way cipher in the DB you could > > > > ---- > > Joe Mucchiello > > Throwing Dice Games > > http://www.throwingdice.com > > > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > > > > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel -- Ramnath R Iyer Cornell University -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From vfuria at gmail.com Thu May 29 22:21:02 2008 From: vfuria at gmail.com (Vincent Furia) Date: Thu, 29 May 2008 20:21:02 -0600 Subject: [geeklog-devel] For my friend, Vinny In-Reply-To: <62d0f2020805291708o4cb72109v546a87c70ede76d6@mail.gmail.com> References: <428648.45962.qm@web705.biz.mail.mud.yahoo.com> <8319e2d60805291529r7f220beaifaf1ff29fec71e24@mail.gmail.com> <62d0f2020805291708o4cb72109v546a87c70ede76d6@mail.gmail.com> Message-ID: <8319e2d60805291921wf084941qa31eda56dff219e4@mail.gmail.com> I'm not sure at what level you mean about different optimizations. The backend should be the same for all the different types. ACLs for user x, group a (as appropriate) For the simple blog interface: user x has all rights For the backwards compatible w/ geeklog 1.x: user x has read or edit, group a has read or edit For the "complete ACL": users x, y, z each separately have different access levels and groups a, b, c each separtely have different levels No matter the display setting though, the backend database queries and logic would be the same the for all three methods. The big advantage here is that you only need one implementation and you get a lot of flexibility. -Vinny On Thu, May 29, 2008 at 6:08 PM, Michael Tutty wrote: > Vinny, > While you're right that the GUI could be different, there are also > different optimizations at the different levels. I suggested that we > get the "blog" ACL module working, since relatively slow code won't > matter there. Then as we move to the more complex models, we can > either keep the simpler code as-is, or make the more robust module > handle the lower-level stuff. > M. > > > > > On 5/29/08, Vincent Furia wrote: > > The reason why I suggested ACLs when we started working on GL2 was > > flexibility. It is basically just a GUI change to present 1, 2 or 3 to > the > > user. The backend can be exactly the same for all 3. I imagine it would > be > > pretty easy to make a configuration option that was. > > > > Choose access level control: > > 1. One site user, no complex ACLs > > 2. Legacy Geeklog 1.x > > 3. Full ACL support > > > > And then adjust the GUI based on that choice. Obviously you'd have to > come > > up with better descriptions than those I made on the fly above. > > > > -Vinny > > > > On Thu, May 29, 2008 at 4:25 PM, Tony Bibbs wrote: > > > >> Yeah, that's pretty much where I was going with it. We've been talking > >> about this pretty much all day and we think while this complexity is > nice > >> we > >> need to consider using three basic levels of security checking: > >> > >> 1) Blog: Single user blogging about their own stuff. They never intend > to > >> have their site act in any other capacity so no need to complicate the > use > >> of ACLs. > >> 2) Community: This would essentially work just like 1.x > >> 3) Enterprise: This would come with a full set of ACLs checks per our > >> current discussion. > >> > >> I'm not sure about the need for both 2 and 3 but I do feel strongly > about > >> needing #1. In fact Michael suggested that during the install we should > >> ask > >> how they intend to use the software to help them pick the right path. > >> > >> Thoughts? > >> > >> --Tony > >> > >> > >> ----- Original Message ---- > >> From: Vincent Furia > >> To: Geeklog Development > >> Sent: Thursday, May 29, 2008 5:17:01 PM > >> Subject: Re: [geeklog-devel] For my friend, Vinny > >> > >> Like in GL 1.4.x, you'd have to resolve the total set of group > membership > >> before doing the query. Since you're caching credentials anyway, you > >> could > >> cache the total group membership as well. So, in your example, a user > in > >> group 3 would have a total group membership of 3, B, 2, 1, A. The the > >> query > >> would check for rights for all those groups, and "and" the results > >> together > >> (getting the highest level of access granted to those groups). > >> > >> There a couple of levels where we can cache this data. It probably > makes > >> sense to keep it denormalized in the user table or the group table and > >> update all users when a group memberships are modified. It can also be > >> cached in the session, but then you run the risk of updating groups > >> membership not being recognized until the session expires. > >> > >> Let me know if additional/better explanation is needed. I'm not sure I > >> did > >> all that good a job of describing what I meant. > >> > >> -Vinny > >> > >> On Thu, May 29, 2008 at 2:57 PM, Tony Bibbs wrote: > >> > >>> Lol, so we are getting serious for the GL2 alpha and the ACL stuff is > >>> mostly done minus one real PITA. For reference there's been this page: > >>> > >>> http://wiki.geeklog.net/wiki/index.php/Using_ACLsG2 > >>> > >>> So we've done some incarnation of everything there minus the last > section > >>> called: > >>> > >>> "Selecting Multiple Items Based on Permissions" > >>> > >>> Any chance you have the "how" part of that? My brain is hurting. Why: > >>> > >>> Groups can be tied in a complex web (not necessarily hierarchical). > For > >>> example > >>> > >>> Group B belongs to Group A > >>> Group C belongs to Group B > >>> Group 2 belongs to Group 1 > >>> Group 3 belongs to Group 2 > >>> Group 3 belongs to Group B > >>> > >>> That's a worst case scenario but me-thinks it'd be awful hard to do in > >>> SQL. > >>> > >>> --Tony > >>> > >>> > >>> _______________________________________________ > >>> geeklog-devel mailing list > >>> geeklog-devel at lists.geeklog.net > >>> http://eight.pairlist.net/mailman/listinfo/geeklog-devel > >>> > >> > >> > >> > >> _______________________________________________ > >> geeklog-devel mailing list > >> geeklog-devel at lists.geeklog.net > >> http://eight.pairlist.net/mailman/listinfo/geeklog-devel > >> > >> > > > > -- > Sent from Gmail for mobile | mobile.google.com > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vfuria at gmail.com Thu May 29 22:30:42 2008 From: vfuria at gmail.com (Vincent Furia) Date: Thu, 29 May 2008 20:30:42 -0600 Subject: [geeklog-devel] Atom publishing In-Reply-To: <200805292022.36086.casual.dodo@gmail.com> References: <87808.21695.qm@web701.biz.mail.mud.yahoo.com> <8319e2d60805291434j25fb3f99k1ea212dab332d619@mail.gmail.com> <200805292022.36086.casual.dodo@gmail.com> Message-ID: <8319e2d60805291930j20585349lb79ef14729dadf2f@mail.gmail.com> You have to trust the website owner. With the any method of encryption that we're talking about, whether one way hash or AES, it is trivial for the owner of a website get your password. (i.e. as the website owner I could simply disable the hash/encryption, record the password prior to hashing/encryption, or simply decrypt the passwords.) -Vinny On Thu, May 29, 2008 at 6:22 PM, Ramnath R Iyer wrote: > On Thursday 29 May 2008 17:34:02 Vincent Furia wrote: > > Why encrypt the web services password at all? There is a good chance, if > > an attacker has access to your database he has access to your filesystem > > (and the encryption key). Additionally, what a person can do from a > third > > party web site should be limited for security reasons anyway. > > One good reason for encrypting the password is to prevent the website owner > from knowing the user's passwords. For example, the user might be using the > same password for many mail accounts too. > > -- > Ramnath R Iyer > > > -Vinny > > > > On Thu, May 29, 2008 at 3:19 PM, Tony Bibbs wrote: > > > Dunno, pick a place. a .txt file on the file system?!? In that case > the > > > system would want to ensure the .txt file is locked down > permission-wise. > > > > > > I think your point is where ever we store it we'd better lock it down > > > best as we can. Couldn't agree more. > > > > > > --Tony > > > > > > ----- Original Message ---- > > > From: Joe Mucchiello > > > To: Geeklog Development > > > Sent: Thursday, May 29, 2008 3:37:24 PM > > > Subject: Re: [geeklog-devel] Atom publishing > > > > > > Where do you store the cipher key? > > > > > > At 04:09 PM 5/29/2008, Tony Bibbs wrote: > > > >That said, my original question is still valid. If we stored a > > > >password encrypted some 2-way cipher in the DB you could > > > > > > ---- > > > Joe Mucchiello > > > Throwing Dice Games > > > http://www.throwingdice.com > > > > > > _______________________________________________ > > > geeklog-devel mailing list > > > geeklog-devel at lists.geeklog.net > > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > > > > > > > > > _______________________________________________ > > > geeklog-devel mailing list > > > geeklog-devel at lists.geeklog.net > > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > -- > Ramnath R Iyer > Cornell University > > _______________________________________________ > geeklog-devel mailing list > geeklog-devel at lists.geeklog.net > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From casual.dodo at gmail.com Thu May 29 23:16:44 2008 From: casual.dodo at gmail.com (Ramnath R Iyer) Date: Thu, 29 May 2008 23:16:44 -0400 Subject: [geeklog-devel] Atom publishing In-Reply-To: <8319e2d60805291930j20585349lb79ef14729dadf2f@mail.gmail.com> References: <87808.21695.qm@web701.biz.mail.mud.yahoo.com> <200805292022.36086.casual.dodo@gmail.com> <8319e2d60805291930j20585349lb79ef14729dadf2f@mail.gmail.com> Message-ID: <200805292316.48414.casual.dodo@gmail.com> On Thursday 29 May 2008 22:30:42 Vincent Furia wrote: > You have to trust the website owner. With the any method of encryption > that we're talking about, whether one way hash or AES, it is trivial for > the owner of a website get your password. (i.e. as the website owner I > could simply disable the hash/encryption, record the password prior to > hashing/encryption, or simply decrypt the passwords.) I could send my password to Yahoo trusting that the password won't be intercepted and stored, but I wouldn't want some random Yahoo employee who has access to the db to know my password. It really depends on the situation... -- Ramnath R Iyer > -Vinny > > On Thu, May 29, 2008 at 6:22 PM, Ramnath R Iyer > > wrote: > > On Thursday 29 May 2008 17:34:02 Vincent Furia wrote: > > > Why encrypt the web services password at all? There is a good chance, > > > if an attacker has access to your database he has access to your > > > filesystem (and the encryption key). Additionally, what a person can > > > do from a > > > > third > > > > > party web site should be limited for security reasons anyway. > > > > One good reason for encrypting the password is to prevent the website > > owner from knowing the user's passwords. For example, the user might be > > using the same password for many mail accounts too. > > > > -- > > Ramnath R Iyer > > > > > -Vinny > > > > > > On Thu, May 29, 2008 at 3:19 PM, Tony Bibbs wrote: > > > > Dunno, pick a place. a .txt file on the file system?!? In that case > > > > the > > > > > > system would want to ensure the .txt file is locked down > > > > permission-wise. > > > > > > I think your point is where ever we store it we'd better lock it down > > > > best as we can. Couldn't agree more. > > > > > > > > --Tony > > > > > > > > ----- Original Message ---- > > > > From: Joe Mucchiello > > > > To: Geeklog Development > > > > Sent: Thursday, May 29, 2008 3:37:24 PM > > > > Subject: Re: [geeklog-devel] Atom publishing > > > > > > > > Where do you store the cipher key? > > > > > > > > At 04:09 PM 5/29/2008, Tony Bibbs wrote: > > > > >That said, my original question is still valid. If we stored a > > > > >password encrypted some 2-way cipher in the DB you could > > > > > > > > ---- > > > > Joe Mucchiello > > > > Throwing Dice Games > > > > http://www.throwingdice.com > > > > > > > > _______________________________________________ > > > > geeklog-devel mailing list > > > > geeklog-devel at lists.geeklog.net > > > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > > > > > > > > > > > > > _______________________________________________ > > > > geeklog-devel mailing list > > > > geeklog-devel at lists.geeklog.net > > > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel > > > > -- > > Ramnath R Iyer > > Cornell University > > > > _______________________________________________ > > geeklog-devel mailing list > > geeklog-devel at lists.geeklog.net > > http://eight.pairlist.net/mailman/listinfo/geeklog-devel -- Ramnath R Iyer Cornell University -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From dirk at haun-online.de Fri May 30 01:56:30 2008 From: dirk at haun-online.de (Dirk Haun) Date: Fri, 30 May 2008 07:56:30 +0200 Subject: [geeklog-devel] Atom publishing In-Reply-To: <200805292316.48414.casual.dodo@gmail.com> References: <87808.21695.qm@web701.biz.mail.mud.yahoo.com> <200805292022.36086.casual.dodo@gmail.com> <8319e2d60805291930j20585349lb79ef14729dadf2f@mail.gmail.com> <200805292316.48414.casual.dodo@gmail.com> Message-ID: <20080530055630.374291681@smtp.haun-online.de> Ramnath R Iyer wrote: >On Thursday 29 May 2008 22:30:42 Vincent Furia wrote: >> You have to trust the website owner. With the any method of encryption >> that we're talking about, whether one way hash or AES, it is trivial for >> the owner of a website get your password. > >I could send my password to Yahoo trusting that the password won't be >intercepted and stored, but I wouldn't want some random Yahoo employee who >has access to the db to know my password. I'd say you're both right. You will have to trust the website owner to some extent, but we should at least protect sensitive information against accidental disclosure. bye, Dirk -- http://www.geeklog.net/ http://geeklog.info/ From nick at nick-andrew.net Fri May 30 06:13:19 2008 From: nick at nick-andrew.net (Nick Andrew) Date: Fri, 30 May 2008 20:13:19 +1000 Subject: [geeklog-devel] Atom publishing In-Reply-To: <535215.78432.qm@web704.biz.mail.mud.yahoo.com> References: <535215.78432.qm@web704.biz.mail.mud.yahoo.com> Message-ID: <20080530101319.GD2231@tull.net> On Thu, May 29, 2008 at 09:46:25AM -0700, Tony Bibbs wrote: > 2) Flickr uses WSSE authentication. Which we can't support since it > requires us to know the user's _unencrypted_ password. Flickr supports OAuth ... see http://oauth.net/about/ Nick. -- PGP Key ID = 0x418487E7 http://www.nick-andrew.net/ PGP Key fingerprint = B3ED 6894 8E49 1770 C24A 67E3 6266 6EB9 4184 87E7