Posts by cereal

Hi,

to verify if your setting is applied you can use:

echo ini_get('max_execution_time');

Questions:

• The timeout error is at PHP or database level?
• Can you paste the error message and error code here?
• And, if pertinent, which database and version of it, are you using?

Just replace the text with the input received from the form:

$message = $_POST['query']; # name of textarea

And then set the body:

$mail->Body = $message;

The same applies to subject and altbody (which is optional and helpful if in body you set an HTML message). To get the email address of the sender replace:

$mail->addAddress('office@---.com');

With:

$email = $_POST['email'];

$mail->addAddress($email);

For the moment get it to work, after that you MUST add validation and sanitazation, because at the moment the script is not safe against attacks. The validation & sanitazation process is not complex you just have to add some rules through filter_input(), as example:

$name    = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);

# sanitize
$email   = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);

# validate if sanitization was successful
$email   = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);

$message = filter_input(INPUT_POST, 'query', FILTER_SANITIZE_STRING);

Docs:

• http://php.net/filter-input
• http://php.net/manual/en/filter.filters.sanitize.php
• http://php.net/manual/en/filter.filters.validate.php
• http://php.net/manual/en/filter.filters.php

A sanitize filter is used to remove extra characters, like javascript, html tags, null bytes. A validation filter, instead, is used to verify that the input is in the correct format. When filter_input() fails it returns boolean FALSE, so after you set the variables $name, $email and $message you could verify the status of them and decide if run the mail script or not, so you should just replace:

if(!$mail->send()) {

with:

if($name !== FALSE && $email !== FALSE && $message !== FALSE && !$mail->send())

Or, better, you could place an independent if statement before …

Hi, Date in the select list is a reserved word, you can use it if you wrap it in backticks.

Docs:

• https://dev.mysql.com/doc/refman/5.6/en/keywords.html

It could be the port or the password. Remove the comment character from line 12 to enable the debugger and access the information, with level 3 it will show the communications between server and client:

$mail->SMTPDebug = 3;

And also follow the link returned by the error:

• https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting

It explains why the connection can fail.

There is a condition under which $_POST and $_FILES are not populated, it's related to the value of enable_post_data_reading, if this is 0 then it's disabled. Are you including some php script that uses ini_set()?

You can use the same form, which by the way seems fine, even when the file uploads are disabled you should still receive the POST body request from the form. Can you show the receiving script?

Some docs that could be useful:

• http://php.net/manual/en/ini.core.php#ini.file-uploads
• http://php.net/manual/en/features.file-upload.common-pitfalls.php

So what is the problem? Do you have a specific doubt? It seems you have to create a form, read the received input and display the result, it's easy if you read the documentation:

• http://php.net/manual/en/tutorial.forms.php

It's a configuration file for npm, so that it can install the correct versions of each required dependency of your application and define some other information.

A dependency can be a library that you want to add to your application, you have to just define the link of the git/svn repository and the version, or the range version, and when you run the install/update process your app will be set up.

Here is described how the file should be written:

• https://docs.npmjs.com/files/package.json

In addition: you could add a timeout to file() so that if the resource is not reachable, it will stop after a defined number of seconds and emit an E_WARNING message:

$options["http"]  = array(
    "method"    => "GET",
    "header"    => "Content-Type: text/xml; charset=UTF-8\r\n".
                   "Connection: close\r\n",
    "timeout"   => 15,
);
$context = stream_context_create($options);

if( ! ($fp = fopen($file, "r", FALSE, $context))) {

Hi,

excuse me but I don't understand: are you talking about the connection between client and server? Do you wish to use two different domains for backoffice and reporting application? About files what you want to avoid?

Ok, now it displays fine.

Before it was returning multiple 302 redirects, the console log returned 150 requests and then Chrome stopped the request, I tested few times. I have an HEAD request log:

HTTP/1.1 302 Found
Connection: Keep-alive
Content-Encoding: gzip
Content-Length: 20
Content-Type: text/html
Date: Thu, 11 Jun 2015 14:30:43 GMT
Location: https://www.daniweb.com/web-development/php/threads/496793/security-web-architecture
Server: Apache
Set-Cookie: csrf_cookie=XXX; expires=Thu, 11-Jun-2015 16:30:43 GMT; Max-Age=7200; path=/; domain=www.daniweb.com; Secure
Set-Cookie: geolocation=IT; path=/; domain=www.daniweb.com; Secure
Vary: User-Agent,Accept-Encoding
Via: 1.1 ID-0002262071760660 uproxy-3

If this can help. If it happens again I will try to send a screenshot.

Hi,

when trying to access this thread:

• https://www.daniweb.com/web-development/php/threads/496793/security-web-architecture

the browser returns ERR_TOO_MANY_REDIRECTS.

Hi!

Which is the error? The thread title is truncated. And, can you share your code and explain where the issue happens?

I suppose you're using their library, is this correct?

Heh, I just came to the same solution, correct link is:

• http://feeds.sciencedaily.com/sciencedaily/space_time/space_exploration?format=xml

The problem happens because the old link asks for a session cookie, which is not submitted by the request, in absence it will return an HTML page, instead of the XML. You can test it by using file_get_contents():

$file = "http://www.sciencedaily.com/rss/space_time/space_exploration.xml";
print_r(file_get_contents($file));

Besides: at line 73 you're declaring $numItems; without any default value, which means the variable is still undefined, and it will fail if for example you do something like:

$a;
echo $a++;

Bye!

It is the Space Exploration feed from Science Daily:

No, I was asking for your RSS feed not for the source but yes, at this point, as suggested by pixelsoul share also your PHP code.

Yes, just replace * with the path, for example:

rm -rdf /tmp/something/

I suggest you to read the manual, it explains all the available options and there are also few examples.

That's due to new lines \n (10 in ascii code) or carriage returns \r (13) or other characters (null bytes) in the textarea of the example form.

The sanitize filter FILTER_SANITIZE_SPECIAL_CHARS of filter_var() was converting them, I replaced that with FILTER_SANITIZE_STRING and a trim() after line 14, now it should play fine.

Please, note that the example was developed just to send some random input and show how to decode adjacent strings, not as encode solution, that part is very limited and is breaking lines in groups of four words, just to create a dummy list to encode. So that you could enter the input as:

1 admin admin@gmail.com password 2 bob bob@gmail.com bobpass

Instead of using two lines. That part of script is written like this just because I entered loripsum.net API to get some random sentences to test... bye!

In addition: the example code does not take in account special characters, but these can be added to str_word_count() as third parameter, at line 19:

$words  = str_word_count($post, 1, '@.-_0123456789');

If you want to use this approach, then you should include all allowed special characters to the list, otherwise the function will split or ignore. The example is now updated and should return correctly.

Does this information indicate the problem is with the PHP code, or the incoming feed?

It seems related to the XML document, not to PHP, otherwise the error would be at PHP level. Could you share the XML?

Hi,

you can use rm -rdf * it will remove all files and directories recursively. For more information about the options read the manual: man rm and be careful, always check current path, as it can hurt.

No problem! So, it seems to work fine for me. Maybe the path to the encoded file is not correct or readable by the PHP script? Here's my live test:

• http://runnable.com/VXTePxPdiT8x6mmi/simple-encode-decode-for-php

I'm encoding and saving the input to a temporary file, then using the result for the decoding test, the decoding block is practically the same of my & yours previous post. Just click run and test it. As basic input, with $key = 'test' you should get:

Input
a b c d

Encoded
e5 f5 g5 h5

Decoded
b c

In my tests, I got an empty result only when the source file was not found, due to read permissions or wrong path.

If this does not help, try to change the error reporting level to -1:

error_reporting(-1);

to return all errors.

Hi, you could loop the $invoice->addItem() method, but this is part of a class I don't have access to, and I don't know how this works (could you share more about it?).

Anyway, try to check the documentation of the $invoice class, to see if it handles arrays of if there's a method like addItems().

Ok, I was thinking to something like this:

<?php

    require 'functions.php';

    $result = '';
    $file   = file('encoded.txt');

    foreach($file as $line)
    {
        $array = explode(' ', $line);

        array_shift($array);
        array_pop($array);

        $convert = array_map(function($value) use($key){
            return decode($value, $key);
        }, $array);

        $result .= implode(' ', $convert) . PHP_EOL;
    }

    echo $result;

The file() function reads each line of the source into an array, then we loop and explode each line (which is still a string), then array_shift() and array_pop() will remove the first and the last element of the line array, leaving only the two central elements in the array which are looped against the decode() function through array_map() (which is faster than a simple loop) and an anonymous function.

Normally, you could call directly your decode function, but the second argument of your function is the decoding key which is always the same, so in order to work properly you should create another array where you repeat such value, as array_map does not support strings:

foreach($file as $line)
{
    $array = explode(' ', $line);

    array_shift($array);
    array_pop($array);

    $keys[]  = $key;
    $convert = array_map('decode', $array, $keys);

    $result .= implode(' ', $convert) . PHP_EOL;
}

Which is not much memory efficient if you're going to decode a large number of strings.

And, to use fopen() just replace $file and the foreach statement with this:

$file   = fopen('encoded.txt', 'r');
while($line = fgets($file, 1000))

I would just like to understand if you want to skip the first line. From your previous code it seemed that …

It seems ok for the code block I was referring.

By collecting all the remaining words (second & third of each line) into an array you could loop it against the decoding function. If in doubt, please, provide an example of encoded file.

@Devi_3

When you write:

after successful insert in database it value shows as "james/bond"

You intend this is how the input is actually saved in the database or how is it returned by the retrieving script?

Also: could you show the insert query? The escaping function shouldn't change the slashes.

Check the documentation on MySQL site, here are the links:

• https://dev.mysql.com/doc/refman/5.6/en/stored-programs-views.html
• https://dev.mysql.com/doc/refman/5.6/en/create-procedure.html
• http://dev.mysql.com/doc/apis-php/en/apis-php-mysqli.quickstart.stored-procedures.html

The last link provides some examples with the PHP MySQLi API.

For troubleshooting errors about the script & .htaccess check the Apache documentation, here's the link:

• http://httpd.apache.org/docs/current/howto/cgi.html#troubleshoot

In cgi when can i put websites allowed here?

The content of the whitelist array can be hardcoded (as in my example) or dynamic: let say you use memcached to save the list (through an update script) in RAM and pull it at request or, instead of memcached, you could use a database connection. It's up to you.

Hi,

I haven't tested this but I think you could use mod_actions with X-Frame-Options SAMEORIGIN, this header is used to define if an external website can include your pages through an iframe. It has three statements:

• SAMEORIGIN
• DENY
• ALLOW-FROM http://url.tld/

The third option would be perfect for you but is not supported by all browsers. The actions module instead allows you to run a script when a defined type of file is requested, so, in your case a SWF file. The idea is to check if the referrer is in the whitelist array. If the condition is satisfied we simply set an environment variable (readable by Apache) and block the setting of the X-Frame-Options header.

So, set these lines in the .htaccess file:

Actions application/x-shockwave-flash /cgi-bin/swf.cgi
Header append X-FRAME-OPTIONS SAMEORIGIN env=!SWF_ALLOWED

And, as example of the swf.cgi script, write:

#!/usr/bin/env php
echo "Content-type: text/html\n\n";

$whitelist = array(
    'domainA.tld',
    'domainB.tld',
);

$ref = get_env('HTTP_REFERER');

if($ref && in_array($ref, $whitelist)) 
    apache_setenv("SWF_ALLOWED", "TRUE");

More information here:

• https://httpd.apache.org/docs/current/mod/mod_actions.html
• https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
• http://tools.ietf.org/html/rfc7034
• http://httpd.apache.org/docs/current/howto/cgi.html#writing
• http://php.net/manual/en/function.getenv.php
• http://php.net/manual/en/function.apache-setenv.php

Hi,

I think the same happens here:

• https://www.daniweb.com/web-development/rss-web-services-and-soap/threads/495356/soap-query-parameter-head-ache-#post2167904

I noted the issue two weeks ago, when posted the code was correctly indented, a part this I saw also few posts of mine in the same conditions, but at the moment I don't remember which ones.

Also, from profile/posts the indentation appears to be correct for both users:

• https://www.daniweb.com/members/1120553/donz365/posts/upvoted
• https://www.daniweb.com/members/903876/davyyg/posts

Great Dani! :)

Ok,

Dani I received the cash out, thanks! Now there is a problem, in the reward page, I get:

Currently Available for Cash Out 3219

but, since when I pressed the cash button (six weeks ago), I collected only ~1000 points, not 3219, at the moment it seems the system is including the previous cashed points.

Besides, the cash out was for $21.63 and this is what I received, but the reward page returns it was for $34.10 which is the payment of June 2014, here's a screenshot:

Thank you! The spell check seems to work fine now. But there is still a problem, it seems it does not check some wrong words after the attached image. Before: worng helol wrod.

After: worng eholl wrod. The first and the third words are matched because are the same of the previous sentence, so the script finds the matches and performs the highlight, after the attachment the parsing seems to stop, so the second word which is different but always wrong is not highligted. << But this error is matched!

And, if I move the Before sentence to a new line his errors are not highlighted:

I'm not sure this issue is related to the migration. Bye!

Hi!

Dani there is a problem with the spell checker, it bars all the words. Here's a screenshot:

Strange part is that after inserting the attachment the issue disappeared in this post, note that the first line is now fine:

But by adding some text after the attachment changes the result another time:

Oh, you can create a separated script and included it, just place it on top of the file and check if the request method is POST, and if the submission comes from the contact form, for example:

<?php

    $result = FALSE;

    if($_POST && array_key_exists('action', $_POST))
    {
        # mail script here
        $result = require './send.php';
    }
?>
<!DOCTYPE html>
<html>
    ...

<?php if($result) echo "<p>{$result}</p>"; ?>

And at the end of the send.php script, instead of:

echo ! $mail->send() ? 'Error: ' . $mail->ErrorInfo : 'Success!';

You place a return:

return ! $mail->send() ? 'Error: ' . $mail->ErrorInfo : 'Success!';

Now the $result variable will carry the value returned by the included script.

Otherwise point the form directly to the script and then redirect back with a session message. It's up to you.

Sorry, I'm not sure I've understood: you mean how to connect the form to the sending script? Through the action attribute of the form tag:

<form action="contact_page.php" method="POST">

Besides, the enctype should defined only when it's expected to upload a file through the form, yours does not seem to be the case, so you can remove it.

You're welcome.

where do i find the smtp password ?

It's the password that you use to access the defined email account.

As I wrote: in a script like this, sender (FROM) and receiver (TO) can be the same email address. But:

1. this requires the disclosure of the password of this email account;
2. if this password is changed the script will fail.

For this reason I suggest to dedicate an email account only to the scripts. From your hosting control panel you should be able to create a new email account and to define his password.

Let me try to explain: when you send an email message from your email client (for example Outlook or Mozilla Thunderbird) you connect to an SMTP server, submit password and if it's ok it will allow the sending of the message. You create the connection to SMTP and POP3 servers during the setup of the account, correct?

Now: when you send an email message from a PHP script you need to execute the same steps, otherwise, the SMTP server will deny the access and the email message will not be delivered.

At the moment at line 29 you are defining the FROM header basing on the sender email address:

$from="From: $name<$email>\r\nReturn-path: $email"; 

This is wrong, because this is the email defined by the client through your contact form. You don't have access to his credentials, so you cannot set the FROM header with his email address.

What you have to do is to:

1. define, in your script, an email address that you can authenticate through a password, for example: web@website.com which will be used in the FROM header;
2. use the Reply-To header to define the client email address, i.e. the value of the $email variable.

How to accomplish this? Use a PHP library that allows you to connect to your SMTP server. Something like PHPMailer:

• http://phpmailer.worxware.com/

An example:

<?php

require './PHPMailerAutoload.php';

$name    = $_REQUEST['name']; 
$email   = $_REQUEST['email']; 
$message = $_REQUEST['message']; 

$mail = new PHPMailer;
$mail->isSMTP();
$mail->SMTPDebug = 2;

# authentication
$mail->SMTPAuth  = TRUE;
$mail->Host      = …

@chandrama

At the moment you are not escaping the third backslash in the sequence: \\server\printer. So, if the dll is correctly loaded as the pecl package, try:

$handle = printer_open("\\\\server\\Brother MFC-J430W Printer");

Or with single quotes:

$handle = printer_open('\\server\Brother MFC-J430W Printer');

Else, I'm not sure Microsoft Windows supports the IPP protocol, if that's the case you could use this class: http://www.nongnu.org/phpprintipp/

Hi,

when the query fails MySQLi will return FALSE, so add mysqli_error() to get some information about it.

I think there is an ambiguous column error, which means the two tables have at least a column with the same name, for example postdate.

Hi,

it seems the same issue you had last month:

• https://www.daniweb.com/web-development/php/threads/495015/mail-php-problem

The sender email must be authenticated before sending the email. The email to authenticate is the one set in the FROM header, i.e. the one defined here:

$headers = "From: website@website.com" . "\r\n";

Free hostings solves this problem by replacing the FROM email address with their and by setting yours as REPLY_TO, so they don't have to authenticate your SMTP server. For this reason it appears to work fine. Check the headers of the test messages you have sent.

Which PHP version are you using? If below 5.3 then you cannot use anonymous functions, just replace $patterns with this:

function patterns($value)
{
    return "/\b$value\b/i";
}

$patterns = array_map('patterns', $blacklist);

In practice array_map() is looping the blacklist array. Besides, the code you posted stops at line 20, the error is at line 25. So if the above doesn't solve, share the rest of the code. Bye!

Hi,

did you considered the fping command? With the -g option you can define a range:

fping -c 1 -g 192.168.129.1 192.168.129.20
fping -c 1 -g 192.168.129.0/24

And to get just the active IPs do:

fping -c 1 -g 192.168.129.1 192.168.129.20 2> /dev/null

Hi,

have you considered preg_replace()? Basic example:

<?php

    $s = 'google googler';
    echo preg_replace('/\bgoogle\b/i', 'go*gle', $s);

    # outputs: go*gle googler

With arrays it gets tricky because you have to write the pattern for each word to filter, but you can use an anonymous function to fix it, for example:

<?php

    $words = array(
        'google',
        'googler',
        'yahoo',
        'yahoos',
        );

    $replace = array(
        'go*gle',
        'yah*o'
        );

    $blacklist = array(
        'google',
        'yahoo'
        );

    $patterns = array_map(function($value) {
        return "/\b$value\b/i";
    }, $blacklist);

    $results = preg_replace($patterns, $replace, $words);
    print_r($results);

Returns:

Array
(
    [0] => go*gle
    [1] => googler
    [2] => yah*o
    [3] => yahoos
)

The anonymous function will create an array of patterns that looks like this:

Array
(
    [0] => /\bgoogle\b/i
    [1] => /\byahoo\b/i
)

The slashes / are delimiters. The \b is an escape character used to match the word boundaries, so the pattern used by preg_replace means: search only this specific word. The i is a modifier to use case insensitive search.

• http://php.net/preg-replace
• http://php.net/manual/en/regexp.reference.escape.php
• http://php.net/manual/en/reference.pcre.pattern.modifiers.php
• http://php.net/manual/en/regexp.reference.delimiters.php
• http://php.net/manual/en/functions.anonymous.php

btw can they use in php ?

Yes, if you set the asp_tags directive to TRUE, but this will be removed from PHP version 7.*, so it's better to not use it. More information here:

• http://php.net/manual/en/ini.core.php#ini.asp-tags
• http://php.net/manual/en/language.basic-syntax.phptags.php

@Mike

Yes, I'm sure of that too. However, I made my question because from user point of view is not much clear how the reward system works, last month came out there was a bug that didn't allowed the submission of cash requests. Now it was in pending status for a month. Since there is not a FAQ which explains these aspects of the system, I thought it was time to ask. Dani explained the reason very well, that's why I'm thankful to her.

If my question sounded rough, I'm sorry about that. Bye!

Ok, no problem. Thanks for your reply!

You could use xpath() to match only the selected questions:

$xpath = $xml->xpath('//main[@select="selected"]');

So you can remove the IF statement:

if($main['select'] == "selected")

Then count to get the total and create a simple pagination system:

$count = count($xpath);
$page  = isset($_GET['page']) && $_GET['page'] > 0 ? $_GET['page'] : 1;
$numbr = $page - 1;

# load the current question
$main  = $xpath[$numbr];

Once you have $main, you don't need this loop:

foreach($xml->main as $main)

Then create the page links:

<ul class="nav">
    <?php
    for($i = 1; $i <= $count; $i++)
    {
        if($page == $i)
            echo "<li><a class=\"current\" href=\"question.php?page={$i}\">{$i}</a></li>";

        else
            echo "<li><a href=\"question.php?page={$i}\">{$i}</a></li>";
    }
    ?>
</ul>

And to your form code simply add the question id, which is the attribute id in the main object:

<input type="hidden" name="questionID" value="<?php echo $main->attributes()->id; ?>" />

Docs:

• http://php.net/manual/en/simplexmlelement.xpath.php

Hi,

you could count the nodes, create a range array and then shuffle the range, finally you return the node, for example:

<?php 

    $xml = <<<EOD
<?xml version="1.0" encoding="UTF-8"?>
<main>
    <articles>
        <article>
            <title>Title 001</title>
            <content>Content 001</content>
        </article>
        <article>
            <title>Title 002</title>
            <content>Content 002</content>
        </article>
        <article>
            <title>Title 003</title>
            <content>Content 003</content>
        </article>
    </articles>
</main>
EOD;

    $load  = simplexml_load_string($xml);
    $count = $load->articles->article->count();

    if($count > 0)
    {
        $numbr = $count > 2 ? $count - 1 : $count;
        $range = range(0, $numbr);

        shuffle($range);

        echo $load->articles->article[$range[0]]->title . PHP_EOL;
    }

    else
    {
        echo "No articles found!";
    }

If you have doubts, please show your XML structure, otherwise it's difficult to help. Bye!

Hi, you could use the get_json.php end point to get the data array. For example:

$u = 'http://api.hostip.info/get_json.php';
$r = json_decode(file_get_contents($u));

echo $r->country_name;