Maximum SELF_DESTRUCT_AGE limit

[RussW]

@sozzled define ( '_FPA_SELF_DESTRUCT_AGE', 1 ); // age of FPA file before _FPA_SELF_DESTRUCT runs (set as CONSTANT so it can't be changed/overridden at runtime)

One day should be enough. If the file is auto deleted, the owner can put a new version there. Reducing the time wait reduces the opportunity for someone else running the FPA and (possibly) obtaining some private information.

[sozzled]

OMFG! I am so sorry that made a mistake and forgot that the 172. range is wider that just 172.16.x.y, yet not once in your disprovals/disagreements did you ever prompt, remind or mention it until now and then "spit the dummy"...

I'll will have to find a 'cuter' method to search through an array of all these ranges, that can then also be added to at a later date, if any more addresses become reserved or need to change.

I didn't "spit the dummy". I had my reservations that the addr range was not comprehensive and I only confirmed my suspicions after I researched the matter further.

[sozzled]

BTW, if you're wondering "What would happen if the FPA is unable to create a file on the server (because it's lacking the necessary permissions)?" I can answer that question, too. It would only take me a minute; I'll give you my telephone number and then I could explain what we could do in that case.

[RussW]

have updated the test for localhost to now include the 172. ranges I forgot to include, by looping through an array using strpos still to find the result and set $isLOCALHOST = 1 (thus not invoking _FPA_SELF_DESTRUCT on localhosts.

Tested on Mac local environment, Linux remote environments, appears to now function as expected/desired.

[RussW]

Surely, if the user now copies the FPA again on his localhost, the date on the .ini file can be older than the 5 days and FPA will simply auto_delete itself? So, now the user needs to keep remembering to also delete the ini file if they recopy FPA on a localhost? Is that how it would work?

Here's an even easier way to check if the age of the "fpa-en.php" file is old:

1. On first activation of the FPA on a website, look for the existence of a file called "fpa-en.ini".
2. If this file doesn't exist, create it (the "last modified date" will be now) in the same folder as where fpa-en.php lives.
3. If the file exists, proceed through the rest of the script.
4. Check the last modified date of fpa-en.ini and, if it's old, delete both that file and the fpa-en.php file if the auto self-destruct conditions are met.
5. The file fpa-en.ini doesn't have to contain anything but it could be used to store run-time settings (in a future version release) if needed.

It's not 100% bullet-proof but it would probably resolve the discussion we've been having.

[sozzled]

Unlikely that the average user will upload a new copy of the FPA if they already have a copy there, right? Obviously, after asking several times if you want to discuss this person-to-person, you don't want to talk it over. I'll leave it to you.

(That's not a dummy-spit. It's just the conclusion I have to come to after dragging this out. For a "minor change" we've spent a lot of time on this, hmmm?)

[RussW]

We are, and have been discussing things, on here, where everyone can see and follow the discussion thread, and in due course and timezone, respond if they wish to regarding the currently implemented solution and any alternative solutions that have been proposed that they may prefer.

This takes time, not only to read the thread but to gather their thoughts and any responses.

[RussW]

closed to "5 Day" self-delete function age and including all 172. reserved subnets for localhost (lan) dtection