Posts by Aeonix

I think, first 6 of those are already something I could do and would be observable, and I'm entirely NOT a SEO person.

Do you mean inclusion files? Like System.Linq, System.IO and such?
They're located in

C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\CommonExtensions\Microsoft

Microsoft Visual Studio 12.0, on Windows 7 x64, you can make constant variable out of that.

If you need something else, please explain it with more details.

path of an embedded file

Doesn't say much to someone who works with C# and Visual Studio. Or at least, it says not a lot to me.

There is no failure in computing, only in human thinking, if you run the PHP code you receive an 8.

That means every other way of thinking is wrong, except one that refers to 8.
Unfortunately for me, I'm wrong :|

Answer is 8 not 6

Yea, I found this answer later (after I posted the post) and while I was editing post, DaniWeb stopped responding for like next 30 minutes, and, it refuses any edits later. So it remains with "kind of" wrong answer.

I think you're missing the point I'm making, so I'll give an example. The security of your app will be down to PHP, not JS.

Well, the second sentence is kind of answering the questions :)

you should let server-side sessions ensure that this critical action can only be completed by a logged in user who has sufficient rights.

How would I do that? I mean, I can't create a passphrase and give it AJAX and then say, "give me username, and your session ID", because it's then hijackable.

Ajax should not have any greater or lesser security than somebody typing the url into their address bar.

So, actually I don't need to worry about anything after all? I can just use Ajax, and it will have same results as regular PHP file inclusion? I don't need to worry about extra measurements of protection for Ajax, between Ajax and PHP or in PHP?

Are you sure, that if I parse input correctly, there are no visible leaks or ways to bypass it? (besides the regular "hacky-do-daddy")

Compiler Mode - Engaged

$x = 1;                         int x = 1;
echo $x + $x++ + $x++ + $x;     print x + x++ + x++ + x;
                                int temp[n][] = 1;
                                int temp[n][] = 1 + 1;
                                int temp[n][] = 1 + 1 + (temp[x]);
                                int temp[x][] += x;
                                int temp[x][] == 2;
                                int temp[n][] = 1 + 1 + 2;
                                int temp[n][] = 1 + 1 + 2 + (temp[x]);
                                int temp[x][] += x;
                                int temp[x][] == 3;
                                int temp[n][] = 1 + 1 + 2 + (temp[x]);
                                int temp[n][] = 1 + 1 + 2 + 3;
                                print temp[n];
                                print 1 + 1 + 2 + 3;
                                6
echo $x;                        print 3;
$x = 1;
                                <<EOF

Does this answer satisfy you?

If you try to put "functions" I wrote on the right side in any programming language, it will go bad. But everybody knows what print, int etc. mean.

Recently I got interested into dynamic execution of scripts. That is, user clicks the button and the JavaScript part (or any other library attached to it) will send a request to a file with $_GET[] or $_POST[] data. Then PHP (preference) would execute the function or anything that it has been asked to execute and user gets a response, for example "It succeeded". So I went working onto it, and within 30 minutes I managed to get Ajax execute my commands, here are the files:

index.php

<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
<input type="text" placeholder="The square root of" name="thecalc" id="inputing" />

<script>
    $("#inputing").focusout(function() {
        formContent = document.getElementById("inputing").value;
        $.ajax({
            url: "script.php",
            type: "POST",
            data: "multi=" + formContent,
            success: function(msg){
                alert(msg);
            }
        })
    })
</script>

script.php

<?php

if (isset($_POST["multi"])) {
    $toRoot = $_POST["multi"];
    echo pow($toRoot, 2);
}
?>

Script works perfectly fine, of course, if you input a number, you get root of it alerted towards you, if you input a character, it would probably respond in NaN, but nevermind, it works, and things like "integers only" rule can easily be implemented.

Soon though, I realized that if JavaScript is executing on client-side and so is Ajax, someone can just look up the source-files, and execute scripts manually. This wouldn't be a problem, because, why would someone on my theoretical website, take all this effort to execute their own commands like "edit-profile.php" instead of just pressing button and getting there in no time. I'm more afraid of someone who is …

This sounds like you're trying to create a virus and boot it without permission, how good that user firstly needs to agree (and be admin) on making it bootable and evelated and that antivirus will block every attempt. After this, program will be ran by SYSTEM.

The code for this is:

Process.Start(String.Format("cmd /k {0} & {1}", "schtasks /create /tn "XXX" /tr "YYY" /sc onlogon", "shutdown /r /t 5"))

Where XXX is name of your task (you probably call it your program name) and YYY is path to your program e.g. C:/Program Files/Kerbal Space Program/KSP.exe.

You cannot use HTML to connect to MySQL, the closest you can get is the PHP (Hypertext Preprocessor). I assume you're running Windows. You would need Apache server for this. I personally would recommend installing XAMPP, which has MySQL and Apache server in it. After all installation, at the end you will be asked whether open "Control Panel", makes sure that the box is checked and the panel will open, start Apache and MySQL servers. After this, go to: C:/xampp/htdocs/ create folder projects, in there, make a file called config.php, open this file with your favourite editor (let it be Notepad++, Brackets, SublimeEditor, Microsoft Notepad) and in there, copy this:

<?php
    $sql_un = "root";   // default: "root";
    $sql_pd = "";       // default: "";
    $sql_db = "";       // you will need to create database and input here it's name
    $sql_conn = mysqli_connect("127.0.0.1", $sql_un, $sql_pd, $sql_db);

    if (!$sql_conn) {
        die("Something didn't work, the file couldn't connect to database!");
    }
    echo "File's request has been successfully sent and answer received.";

?>

If you need further assistance with phpMyAdmin, or Apache server. Feel free to ask.

secondly if(isset($_POST["update"])) is listed the name of the button in the form have you noticed on the submit button <input type="submit" class="btn" value="update" name="update" />

Pardon me, I haven't noticed it.

1. Try finding out if the variables are actually saved, after if(isset($_POST["update"])) try to echo each and single one variable from $_POST array.
2. Echo the query update, pure echo $query_update; and look up if query looks strange to you.
3. Attempt to edit profile, and as same as on step 2, but this time, take the query and try to execute it manually on the SQL server.

There is thousands of ways why it wouldn't work (not precisely talking about your code, every program has millions of ways to go wrong), but let's make sure you can execute those 3, and maybe one of those is leading into something that would specify the "error" little more. It would also point out where exactly it's going wrong.

Couple things to point out, not trying to be meanie, just, I looked at your code.

First of, your form:

<form method="POST" action="includes/update_profile.php">

Redirects you to update_profile.php, it's not update.php nor editrecord.

Second of all, update.php says if(isset($_POST["update"])) but I can't spot it being set anywhere in your form. So this is never fulfilled (it's never TRUE), and nothing happens.

Dear Sir J.J. also known as cambalinho,

Wanted to change autorun.inf file on an USB that has been delivered to him by his ISP for WiFi range extension, and to allow him surfing on the internet. On my behalf I attempted many ways to modify the file through TeamViewer. Unfortunately for the case, this USB is write protected. So if he really needs to change that file, he needs to refer to his ISP.

Close request.

It's kind of hard to troubleshoot it from distance. Would you mind installing TeamViewer and send me data through private message? In this manner I would able to see directly what your system thinks of USB, instead of these hours long spaces.

'access denied'

Are you sure you ran cmd as administrator? Do you have physical access to the pendrive? If so, could you move to the computer it is attached to and attempt the same (e.g. executing scripts)? Is the stick is damaged, can you move your important files in your HDD temporarily? Do you think that if everything else fails, we can format your USB (with specific tools (3 ways to that))?

...once again, you would need to know the letter.
Run cmd as administrator. Type inside:

X:
cd /
echo > autorun.inf
echo FIRST LINE OF THE FILE > autorun.inf
echo SECOND LINE OF THE FILE >> autorun.inf
echo THIRD LINE OF THE FILE >> autorun.inf
echo FOURTH LINE OF THE FILE >> autorun.inf
echo FIFTH LINE OF THE FILE >> autorun.inf

And so on. Replace X: with the letter of the pendrive. Notice the difference between FIRST LINE OF THE FILE and rest, there's a difference, watch out.

But still I don't get it, if it's USB attached over network, every single device that is usable to Windows needs a letter, here's an example on how USB attached to network looks like. In this case it's letter Y:. And this image, shows pendrive having letter Z:, I can't really help you further unless you give me the letter of pendrive, or execute commands posted above or pass me screenshot of the properties of this pendrive.

instead a letter can i use a program name or pen 'ID'?

I wouldn't know how this could be achieveable by cmd. Which "program name" do you mean exactly? Pendrive ID can be used to format the pendrive, leaving it empty and still usable. If you're willing to do this here's pretty detailed tutorial. But why exactly couldn't you use a letter of pendrive? It needs one to start program, if you don't know what it is, if you open "My Computer", every single drive and letter has attached letter to them, Windows is mostly on C:/, and DVD/RW drive on D:/, so your USB also has to obtain one that run a program.

Or would you like me to assist you "personally" on this, through TeamViewer?

Also, your first post says

i have 1 pen drive, that is my network.

Do you know localization of pendrive? If not, why is it there? Could you right-click on it and choose for "Properties", take screenshot of it and post it here?

Just a sugesstion, couldn't you just select your <input>'s by Id, and then say that if it's empty, produce a message?

For example, HTML being:

<input id="byName" value="" name="name" placeholder="Name" />

And JavaScript being:

$("#inputName").focusout(function() {
    usernameForm = document.getElementById("inputName").value;
    if (usernameForm == "")
        alert("C'mon man! Everybody has a name, doe!");
});

Could you try this one maybe? I'm not genius with jQuery. Just tested on jFiddle, works like dream.

It would do actually nothing, except when you quit the form of the ID, then it'll run trigger, which will select the form by it's ID (inputName) and get readable characters out of it, then it will look if the usernameForm is "empty" (I wonder why null didn't work), if it's true, you get misappropriated message.

I can help you on with building further on this, but I can't really continue with your script (while looking at script you provided, it's not my style and I won't write/think optimally).

If that would go, you just could replace alert() with variable containing message, for example "You forgot to input your name." and trigger it at the end and displaying only last message. And then playing around with usernameForm.length(). If you're ready to go on my solution, I'm ready to convert your code into this type of setting, just say "Yes".

I'd like to crash the autorun function, so it will execute only when you access it to through software or Windows Explorer so that nothing will start automatically. Open command prompt as administrator and type this:

X:
cd /
echo > autorun.inf

But replace, X: with your USB's letter.

In case this wouldn't work, there's lots of solutions, eventually you could format it leaving no software, no autorun file, no problem.

It would depend on project itself. If you would release your project and keep making it better, then no other company would be able to be better at it. The final step of protection for that software of yours, would be releasing it when finished, protected, and polished and then keep implementing many features. Before any other company would find out about your humble project. You would then have solid fan-base and a proof/evidence that you were one that made it work first, the first one that made working and useful tool for people out there, and they're only nothing but copying your project due to lack of imagination.

You might try to get patent for it, then no one would be able to use it, although it's not as quite cheap as free.

Essentially nothing really blocks anybody from stealing your idea. And if you can't steal their idea, you buy them and their idea (look YouTube, Tumblr, Picnik). Google is even trying to steal idea from Facebook, and it works, even though Facebook is a gigantic company now.

This is just how software production works, creating something awesomely useful without being eaten alive by big marketing monsters.

Glad to be helpful :)

The code beneath, is one chunk of code (after "Three."), both <?php and ?> are parts excluded from parsing.

1. One
2. Two.

3. Three.

   <?php

   $images = glob("*.png");
   $folderRoot = "http://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["PHP_SELF"]);
   
   foreach($images as $imageName) {
       $imageUrl = $folderRoot . "/" . $imageName;
       echo "<a href=" . $imageUrl . ">" . $imageName . "</a><br />";
   }
   

   ?>

Okay, this is my final answer, if this can't solve your issue, I can't really help you:

1. First off, be entirely sure, your Linux installation allows both your folder AND your image, a public access.

2. Second of all, update your script to this:

   <?php

   $images = glob("*.png");
   $folderRoot = "http://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["PHP_SELF"]);
   
   foreach($images as $imageName) {
       $imageUrl = $folderRoot . "/" . $imageName;
       echo "<a href=" . $imageUrl . ">" . $imageName . "</a><br />";
   }
   

   ?>

3. Make sure this script lands amongst images.

Oops, made a typo, sorry, try this one:

$fileSelf = pathinfo(__FILE__);
$folderRoot = $fileSelf["dirname"];
$images = glob($folderRoot . "*.jpg");
foreach($images as $linkto) {
    $imageSelf = pathinfo($linkto);
    $suffixToAdd = $imageSelf["filename"] . $imageSelf["extension"];
    echo "<a href=" . $folderRoot . $suffixToAdd . ">" . $suffixToAdd . "</a><br />";
}

This script was actually ready-thing, you hadn't replace anything.

Could this work? If not, could you repeat those 5 questions again in this case?

I meant, run this script, look if it works for thine purposes. If it doesn't, I requested you repeating these 5 researches:

What is absolute (full) address (browser) path to that one image?
What is absolute (full) address (browser) path to folder of image?
What is the address that you go to when you click on the link?
What is the address, when you copy links destination?
Where is this all located on your HDD? (full address please).

The last script I provided, was a ready thing, nothing had to be changed.

which are place holders that I need to add actual folder names to.

I don't understand, sorry. May you please explain?

Hmmmm...

$fileSelf = pathinfo(__FILE__);
$folderRoot = $fileSelf["dirname"]

$images = glob($folderRoot . "*.jpg");

foreach($images as $linkto) {
    $imageSelf = pathinfo($linkto);
    $suffixToAdd = $imageSelf["filename"] . $imageSelf["extension"];
    echo "<a href=" . $folderRoot . $suffixToAdd . ">" . $suffixToAdd . "</a><br />";
}

Could this work? If not, could you repeat those 5 questions again in this case?

Sorry, I don't, understand.

1. What is absolute (full) address (browser) path to that one image?
2. What is absolute (full) address (browser) path to folder of image?
3. What is the address that you go to when you click on the link?
4. What is the address, when you copy links destination?
5. Where is this all located on your HDD? (full address please).

Yes, try this, if you configure file correctly (that is, modifying paths and names), it should be able to see all the files and list their links and by clicking those links, you will be sent to these photos.

If this wouldn't work, I suggest we may use TeamViewer to solve your issue. It's a program that would temporarily allow me control of mouse and keyboard, I would then be able to set up basic "file reader" and I would let you work onward with it.

If you're interested in that solution, download and install it and pass me the number and PIN (of the program) through private message. Don't be worried, if you feel like I'm bluffing or doing something wrong that I wasn't supposed to do, it's as easy as closing window.

Answer may be as ridiculous as disabling and enabling your wireless card by Fn button on your keyboard. In case that wouldn't work. You can still check in the router, whether you haven't excluded your new IP from access. IP of router varies, it can be 192.168.2.1 or 192.168.255.1. Get into this address from computer that can get onto internet (and that is part of your home network). Login, and search for options that allow people access with specific MAC only.

Maybe this?

It automatically installs DoSBox and TurboC++ for you, and all setting are automatically made for you, so you just install it, start it and you're good to go.

Is the folder of photos within a server directory (htdocs or www)?

If so, you can create folder, put your pictures in it, and then refer your visitors to the folder. Keep in mind to not create any home, index or default page. As soon as server doesn't have these files, it will list every file in that directory. In such form (a little bit outdated):
http://www.askdavetaylor.com/0-blog-pics/apache-directory-listing.png

In case, when the folder is out of the reach of htdocs or www. You could go to folder where you have your images (for example cd /home/me/), then use ll commands and ls -l or ll. And give us your output.

Your directory may be free to be read by public, but your files may not be.

Alternatively you could always make index.php with:

$imgdir = "PATH_TO_YOUR_IMAGES_FOLDER";
$images = glob($imgdir . "*.jpg");

foreach($images as $linkto) {
    echo "<a href=$linkto>".basename($linkto)."</a><br />";
}

This code is not yet tested so it may not work perfectly well. Try to put this into your images file.

I don't think it's quite possible to (to my understanding of your post):

Input custom code from your website and make it interactive on public site, where everyone else can see and interact with it.

This would leave a lot of holes in security of Facebook and make your page, or rather your visitors vulnerable to XSS.

I highly doubt this would be possible by pure HTML (maybe HTML5).

How precisely are you willing to edit the picture? Do you want to add a text? Make it smaller? The amount of the options to edit a picture is also very limited by pure server-side scripting language, unless you have pre-written libraries.

Also, you can't "retrieve back in HTML", only PHP or any other server-side script does that for you.