Hi Tommy,

if the scheme/protocol is "https" (or "https:"), I think the following snippet:

curl_setopt($con, CURLOPT_SSLVERSION, 3);

is needed in here:
https://github.com/tmccarthy9/aerogear-unified-push-php-client/blob/master/src/SenderClient.php#L74-L80


-Matthias




On Wed, Aug 21, 2013 at 9:02 PM, Tommy McCarthy <tomccart@redhat.com> wrote:
For Matthias, I'm looking into the SSL issue now. Currently it only works over HTTP. I'm looking into my options with that now, and have found a few, but still need to work them into my code properly. I'll keep the list updated when I get something.

As for the register_globals concerns, they have been deprecated since PHP 5.3, and completely removed since 5.4.0. [1] Most servers have register_globals off nowadays.

[1] http://php.net/manual/en/security.globals.php

----- Original Message -----
From: "Karel Piwko" <kpiwko@redhat.com>
To: aerogear-dev@lists.jboss.org, yeylon@redhat.com
Sent: Wednesday, August 21, 2013 4:55:06 AM
Subject: Re: [aerogear-dev] PHP SDK

First review of PHP code available, kudos to Yaniv (in CC).

Pasting response:

Karel,
sorry for not replying in the github.com but those are more informal code
changes that you can use.

its been so few year since i've last touched PHP but while i was there i used
to work with global registers for session. at the top of each php page verify
that your session is still valid, it is also good for security so people will
not login to the page directly.

if($user_id==0 || $user_id==Null){
        die('Time out - please login again');
        Exit;
}




another thing you can use is the "$$" which will create a var at the same name.



foreach($_POST as $key=>$value){
        $$key=addslashes($value);
        $form_vars["$key"]=$value;
}
foreach($_GET as $key=>$value){
        $$key=addslashes($value);
        $form_vars["$key"]=$value;
}

On Tue, 20 Aug 2013 13:59:51 -0400 (EDT)
Tommy McCarthy <tomccart@redhat.com> wrote:

> Hey everyone,
> I'm at the point now where I believe my PHP SDK code is complete and ready to
> be reviewed and tested. Of course, if anyone has any feedback for it so far,
> that would be appreciated as well. The GitHub repo is available here [1].
> I've created a JIRA [2] for creating a GitHub repo for the PHP code under the
> AeroGear account.
>
> If there's anything you'd like to see added, changed, or removed, please let
> me know! There is a webapp included as a part, which demonstrates a great way
> to send messages from a web form (or other request)
>
> Thanks!
> Tommy
>
> [1] https://github.com/tmccarthy9/aerogear-unified-push-php-client
> [2] https://issues.jboss.org/browse/AEROGEAR-1312
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf