Posts by cereal

Just an addition. To test the queries you can try mysqlslap: https://dev.mysql.com/doc/refman/5.7/en/mysqlslap.html

It is smarty.net, a template engine.

Okay, at line 24 change $Lo_ID to $lo_id. In PHP variable names are case sensitive.

The loop is not executing the insert query, because the statement is executed at line 13. So only the last will be inserted. The insert can fail for different reasons:

• $id does not increment through the loops, i.e. with: $i++;
• when you execute the form again, $id will start from zero and if column ref is a primary key, it will generate an error for duplicate entry

It is better to use auto_increment on MySQL side and remove the column from the insert statement. The loop, by itself, seems fine, but the error refers to line 24, here there are only 14 lines: do you have other loops in the add script?

Also you have to include the TweenMax javascript:

• https://cdnjs.cloudflare.com/ajax/libs/gsap/1.12.1/TweenMax.min.js

it's visible in Codepen JS settings .

Hi,

please share the code and explain where you have difficulties. Also write meaningful titles, just php does not help who wants to help or is searching a solution for your same issue.

// EDIT

In addition to rproffitt's: contents, in the MS knowledge board, are loaded through Javascript, file_get_contents() won't load them, you need a rendering engine (like browsers do) to run your scripts. So you need something like PhantomJS: http://phantomjs.org/

Few months ago I posted an usage example here:

• https://www.daniweb.com/community-center/threads/507919/daniweb-breaking-links-in-posts#post2218987

Which generates a screenshot of the page. The discussion was about testing the existence of a page with an HEAD request, which MS drops, and on success perform a GET request.

Hi,

if you can edit the main php.ini file, change the option to on:

allow_url_fopen=on

then reload the phpinfo page to see if it applied. The location of the file is defined in the Configuration File (php.ini) Path of the phpinfo view. If you cannot edit the main php.ini, you can try to create a new php.ini file in the document root. And just add the options you want to change. The Loaded Configuration File field of the phpinfo view should show if the new file is loaded.

Note: some times, the configuration (of PHP or of the web server) does not allow to override the settings through custom php.ini files, so you may need to contact your hosting support to make changes.

For more info, see the HOST and PATH directives:

• http://php.net/ini.sections

Continue here: https://www.sitepoint.com/community/t/why-400-error/266706

is there i way to remove apache2 completly and make my pc forget it for ever ??

Yes, you can run:

sudo dpkg --purge apache2

This however will not remove the default document root (usually /var/www/html/) as the installation writes the welcoming apache frontpage.

${APACHE_RUN_DIR} should be defined in /etc/apache2/envvars, now I don't have one to verify, but it should be something like:

export APACHE_RUN_DIR=/var/run/apache2$SUFFIX

Do you care to share the solution? Also, show us the form and the updated PHP code.

IMHO it's best printing the name on the usb case and let the client reuse the drive. Otherwise you have to change the firmware of the usb to act like a CD, see if this helps: https://superuser.com/a/822578

Thanx for your reply but I am still facing the same issue.
Can't store values of text fields in variables

You're welcome, but I was not suggesting a fix, I suggested you to run those functions in order to see if there are errors in your database connection, in the query syntax or if it rises a duplicate entry error (due to unique columns). If you don't get any errors, then check if the $_POST array is populated and if it gets the correct index names:

print_r($_POST);

Hi, add error checks before and after the query:

if($conn->connect_errno)
    die(sprintf("CONNECT ERROR: %s: %s", $conn->connect_errno, $conn->connect_error));

$result = mysqli_query($conn, $sql);

if($conn->errno)
    die(sprintf("ERROR: %s [%s]: %s", $conn->errno, $conn->sqlstate, $conn->error));

And see if you get any useful input.

Maybe this will be helpful for your research:

• https://arxiv.org/abs/1703.04993

Okay, I do not dance. Never. But I can listen the music while squinching at my shadow :D However the YT link seems broken (I mean the video id, not the protocol).

Hi,

you are missing a comma between these two columns, in the update statement:

work_carry = '$work_carry' demage_found = '$demage_found'

Then edit_customer_detail is not set by the form which, however, is okay if this is set by a previous step and carried through GET.

Not from godaddy. She cannot even log in into a backend panel to manage contents? Anyway the source code seems generated by ligthcms:

• https://www.lightcms.com/
• template: https://html5up.net/helios

In case you don't get the access, it should be easy enough to rebuild it.

Yes, it's the same on tcpiputils: https://www.tcpiputils.com/browse/domain/stacychristine.com

And if you see the result of the WHOIS you can see who is the real registrant:

Registrant Name: CCA, Lt webPHOTOMaster, Betcha Private Registration

Which is:

• http://webphotomaster.com/

It seems they developed the website, registered the godaddy DNS management for your client, then saved the website into Netsuite. If your client does not have the credentials to enter in Netsuite, then she can only ask to webPHOTOMaster support. I have some doubts you would be able to access that account. It will more probable that you could only point the DNS somewhere else, from godaddy panel, and start the website from zero. Good luck! :)

Besides: the hosting in use is powered by ASP.NET, not PHP:

> http head stacychristine.com                                                                   

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: keep-alive
Date: Tue, 30 May 2017 14:32:14 GMT
Location: http://www.stacychristine.com
Server: akka-http/10.0.0-100-netsuite-02
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

It seems godaddy was used to register and manage the DNS. Enter into the domain management page and see where it points. From those IPs you should be able to find the hosting company. The same can be done through tools like dig and whois:

> dig daniweb.com ANY

...
daniweb.com.        299 IN  A   198.23.117.137
...

> whois 198.23.117.137

...
Organization:   SoftLayer Technologies Inc. (SOFTL)
...

or through a service like:

• https://www.tcpiputils.com/

for example, if you search daniweb.com you get a summary with the hosting company name:

Domain daniweb.com is listed in the top million list of Alexa ... This domain is hosted by SoftLayer Technologies Inc. (AS36351)...

Which is http://www.softlayer.com/

I see why, to be honest I was reading the documentation for PDO and saw why you were using fpassthru():

PDO::PARAM_LOB tells PDO to map the data as a stream, so that you can manipulate it using the PHP Streams API.

However while testing I got:

PHP Warning:  fpassthru() expects parameter 1 to be resource, string given

And in fact a comment in the same page states the same issue:

• http://php.net/manual/en/pdo.lobs.php#96311

Great, now change fpassthru($lob); to echo $lob; as fpassthru() is used with file pointers.

Hi,

in your view.php code, you have this query:

SELECT * FROM jobselection_data_old WHERE id=:id

Then you bind the first column returned by the wildcard * to the variable $lob, which means that if the table structure as an id column as first column, $lob will receive the value of the id. Change the column order by expliciting the column names:

SELECT image_col, id, ...

Then you should be able to get the correct datum. In addition datetime in your query at line 3, is a reserved word, change it or use backticks.

With the disabled attribute those inputs are not submitted by the browser, you can use readonly instead.

You're welcome ;)

This part is not correct:

$name=array();
$email=array();
$role=array();

$rows = [];
$rows[] = [
    'user_id' => $user_id,
    'name' => $_POST['name'],
    'email' => $_POST['email'],
    'role' => $_POST['role']
];

Your loop does:

while(1 < count($name))

It's like writing:

while(1 < count([]))

the print_r($stmt->debugDumpParams()); but it didn't display anything.

It will never run because $name, as array, is empty. Do:

$name  = $_POST['name'];
$email = $_POST['email'];
$role  = $_POST['role'];

each variable will be an array. I'm keeping this simple, here instead of $_POST you should use filter_input_array(), but this can be refined when you get the script to work. You can, also, remove the $rows initialization and assignement, unless you don't need it for something else.

Just a note!

I was just curious to learn why anyone would bother using the long version if the short version can do the same job. file_get_contents() using a URL is not guaranteed to work in all situations, as it depends on a configuration setting to allow it to use HTTP (which is sometimes disabled for security reasons) ...

It happens because allow_url_fopen is set to false, in case curl is not available you can also use sockets or fsockopen() & co.

Also, file_get_contents() allows more complex requests, in fact, it can make POST requests, by using the resource context parameter. The same can be done by file(), readfile(), fopen() and in general by all functions that support streams, an example:

<?php

$url = "https://www.apple.com/";

// Resource context
$rc["http"]["method"] = "GET";
$rc["http"]["header"] = "Accept-language: en\r\n";
$rc["http"]["follow_location"] = 1; // 1 = yes, 0 = no
$rc["http"]["timeout"] = 10; // seconds

$context = stream_context_create($rc);

$fp = fopen($url, "r", FALSE, $context);

while( ! feof($fp))
    print fread($fp, 4096);

fclose($fp);

$name is defined? If not the loop will not run:

while($i < count($name))
{
    $stmt->execute([':user_id' => $user_id, ':name' => $name[$i], ':email' => $email[$i], ':role' => $role[$i]]);
    $i++;
}

Also, you could add debugDumpParams() to see what looks like the prepared statement:

while($i < count($name))
{
    $stmt->execute([':user_id' => $user_id, ':name' => $name[$i], ':email' => $email[$i], ':role' => $role[$i]]);
    print_r($stmt->debugDumpParams());
    die;
}

This will stop the execution after the first loop and will show the contents of the query. If it does not help paste the result here and also the code.

There is a missing $ in $email[$i] and $role[$i].

Then you are passing three arguments to the execute() method: one array and then email and role with a syntax that would probably send some warnings.

$this cannot be used in this context, use $stmt.

In the prepare() method, the syntax to define the placeholder is not correct, the format is :keyword, not : keyword, nor =: keyword and not even = : keyword. And it is missing the last column: role.

The query has also another issue, a bracket: (, I think here you were trying to mix the two available syntaxes for inserts in MySQL:

INSERT INTO table (column, column) VALUES('', '');
INSERT INTO table SET column = '', column = '';

The first is the standard, the second is a peculiarity of MySQL.

To recap:

$stmt = $pdo->prepare("INSERT INTO `contact` (`user_id`, `name`, `email`, `role`) VALUES (:user_id, :name, :email, :role)");

while($i < count($name))
{
    $stmt->execute([':user_id' => $user_id, ':name' => $name[$i], ':email' => $email[$i], ':role' => $role[$i]]);
    $i++;
}

However there is still an issue. In the form there are some checkbox, by default if none are selected, the checkboxes will not be set by the browser and so the POST array will miss them. So, if your forms has fields for two identities (Person1, Person2) and you select only Teacher for Person2, you will get role[0] => Teacher. Value, that according to the loop, will be associated to Person1, not to Person2, as expected.

To avoid this, you have …

Hi,

what is the size of the array? There are few errors:

1. a syntax error: you are missing a comma between user_id and dateTime;
2. dateTime, it does not matter the case, is a reserved word, so use backticks.

Also you could move prepare() outside the loop and use placeholders:

$stmt = $dbh->prepare("INSERT INTO `worksheet` SET `user_id` = :user_id, `dateTime` = NOW(), `indicator` = :indicator");

And set an array into execute() to define the values of each loop:

$stmt->execute([':user_id' => $user_id, ':indicator' => $indicator[$i]]);

You should move the header() outside the loop, too, but after, otherwise you keep setting it at each iteration. Right after that set exit, to stop the execution and make the server redirect. To recap:

$stmt = $dbh->prepare("INSERT INTO `worksheet` SET `user_id` = :user_id, `dateTime` = NOW(), `indicator` = :indicator");

while($i < count($indicator))
{
    $this->execute([':user_id' => $user_id, ':indicator' => $indicator[$i]]);
    $i++;
}

header('Location: form-page2.php');
exit;

See if these changes, in particular the syntax error, makes a difference. Otherwise, as you defined the exception mode, set a try catch block to see if PDO sends an exception.

How is this script working? Through command line or through web interface? Do you have access and error logs of the web server (in case of web interface) and of the FTP server?

MySQL suggests LONGBLOB or LONGTEXT, however with 5.7.8 there is also the JSON data type:

• https://dev.mysql.com/doc/refman/5.7/en/json.html

I have used the blob type to save small JSON objects, it works fine.

If you can use the latest version of MySQL, then you can use JSON_REPLACE:

JSON_REPLACE(data, '$.Employee_Number', '544')

See: https://dev.mysql.com/doc/refman/5.7/en/json-modification-functions.html

All my other scripts (mysqli and procedural) worked like this:
if($sql)
So, why didn't it tonight ?
Why it only worked with oop style ?
if(TRUE === $conn->query($sql))
Is it because most part of the script is oop ?

No, it happens because $sql is a string, you could either do:

$conn->query($sql);

Or procedural:

$sql = mysqli_query($conn, "INSERT QUERY HERE");

With the procedural then your IF statement would work fine:

if($sql)

as the result of the query is assigned to the $sql variable. In my example I just skipped the assignement to a new variable an ran the query directly in the statement. It's the same.

it is not actually dumping just the url I am visiting but more. Infact, it's logging other links on my visited page.
Is it because the browser called those links to load the images (even though I did not click them) ?

Yes, the proxy is rewriting all the urls, so the browser is going to request them through the proxy script, it's the same list that you get through the Network tab of the Developer Tools.

and one link twice ?

It happens because there is a redirect with status code 301 or 302, then it reloads the page with status code 200, so the script log its boths.

If you were in my position, how would you code it so the img or video links (that are residing on …

I, even tried taking out the single quotes from the VALUES in the INSERT command. Like so:
$sql = "INSERT INTO users(browsings) VALUES($url)";

Single quotes are necessary as $url is a string, so:

$sql = "INSERT INTO users(browsings) VALUES('$url')";

$sql is a string too, it has not been submitted to mysqli_query() yet, so, instead of:

if($sql)

do:

if(TRUE === $conn->query($sql))

Those sites you are viewing do not host your http://localhost:80/proxy/test.php? links nor precede it but your proxy itself does it.
Now, as you can see the proxy is preceding "http://localhost:80/proxy/test.php?" in order to proxify your chosen url. But my idea is, instead of getting it to precede "http://localhost:80/proxy/test.php?", why don't we get it to precede "http://localhost:80/proxy/tracker.php?" instead.
Now, can you figure-out which part of the code to replace with what to get the script to start logging ?

Sorry, but tracker.php what should do? It's the same code of test.php? Then just rename the file. If it's different and you want to send people from script A (test.php) to script B (tracker.php), you just need a form whose action points to script B, but then what is the role of the proxy here? Once you are on the tracker script, the proxy won't work anymore as the execution is completed. If you want to mix the proxy with the tracker then rename test.php to tracker.php and include your tracking code inside this file.

I have already suggested where you can place the tracking code.

Also consider that you don't need a form to initialize the proxy script, just append a link to the file name with a ? and it will work fine. Anyway, see if you get other replies. Bye.

@UI

in addition to Andris, the first 16 lines are useless, because it makes a request to google and it does not use it. Line 21 ($url) is not used by the following code, so curl sends a request to the homepage not to the search. Even by changing that, to run the query and set an additional fake user agent, it will hit against a robot check:

<!--
    To discuss automated access to Amazon data please contact api-services-support@amazon.com.
    For information about migrating to our APIs refer to our Marketplace APIs at https://developer.amazonservices.com/ref=rm_c_sv, or our Product Advertising API at https://affiliate-program.amazon.com/gp/advertising/api/detail/main.html/ref=rm_c_ac for advertising use cases.
-->

or status code 503 from CloudFront. Why? Try running the link you want to access through the command line curl:

curl -s -D - https://www.amazon.com/s/field-keywords=movies+2017 -o /dev/null

You get:

HTTP/1.1 301 Moved Permanently
...
Location: https://www.amazon.com/movies-2017/s?ie=UTF8&page=1&rh=i%3Aaps%2Ck%3Amovies%2B2017

which means you have to add a curl option to follow redirects. Would now work? Yes, but it probably won't return results because this part of the pattern ._AC_US_160_.jpg, in the preg match expression, is not pointing to what is currently returned by Amazon results page. So, you can:

• open the source page and verify what is in use and hard code the change
• or modify the pattern to be more flexible to code changes

in your current code it returns what is in the scr and in srcset attributes, so you can get an extended list of links for each entry and you could apply another …

Hi,

in practice you want to log the $url variable. Between line 202 and 246 the scripts initialize the variable, verifies if the url format is valid and finally it attemps to contact the server. Now you have to decide at which step you want to log, for example if you want separate logging for successful and failed requests do it after line 246, i.e. after this line:

$response = makeRequest($url);

and use the responseInfo index returned in the $response array to log the differences.

Hi,

read the notice and the warning:

Notice: Use of undefined constant RETURNTRANSFER - assumed 'RETURNTRANSFER' in C:\xampp\htdocs\test\curl.php on line 27

Warning: curl_setopt() expects parameter 2 to be integer, string given in C:\xampp\htdocs\test\curl.php on line 27

The notice tells you that RETURNTRANSFER is not defined. The PHP engine in this case makes an assumption: you probably meant to use it as a string, so it dress the constant with quotes and serve it to the code.

The warning is just curl_setopt() complaining because, by consequence of the PHP engine assumption, received a string, when it was expecting an integer. So, have you checked if, among curl constants, there is something like RETURNTRANSFER?

@sophia_4

You're welcome, I just realized you are usign CodeIgniter here, then you can use the Encryption library rather than the Encrypt library which is deprecated in the framework, see:

• https://codeigniter.com/userguide3/libraries/encryption.html

If the issue is solved, please press the solved button at the right side of the page, bye! :)

Hi,

you have to define an HTML form, for some examples see:

• https://learnrubythehardway.org/book/ex51.html
• https://github.com/sinatra/sinatra/blob/master/examples/chat.rb

Almost done. You need to set the TO header, in this case it can be the SMTP username or another email address of yours:

$mail->AddAddress($row['email']);

Line 17 will probably need to be set to TRUE:

$mail->SMTPAuth = true;

Otherwise it will not attempt to authenticate, you can set it to FALSE if the SMTP does not require the authentication or if you are using the POP-before-SMTP auth method, see their example:

• https://github.com/Synchro/PHPMailer/blob/master/examples/pop_before_smtp.phps

Hi,

look at the WHERE clause, you have:

WHERE (qbcd_user_email.address = '.patrick.kershner@gmail.com.')

So is going to search an email address with a leading and trailing dot, due to:

WHERE (qbcd_user_email.address = '.$email.')

Since you are using double quotes to enclose the query, you don't need the concatenation operator ., just change it to:

WHERE (qbcd_user_email.address = '$email')

This fixes the query, but read this thread about prepared statements:

• https://www.daniweb.com/programming/web-development/tutorials/499320/common-issues-with-mysql-and-php

It will help you to build safer queries.

Hi,

you cannot do this with plain HTML. You need javascript: you could use AJAX to submit the two forms, but you are going to generate two separated requests, with two separated responses from the server(s). Which means the second could return before the first is completed. Or one could fail, due to timeout or other issues. To solve these scenarios you could use the Promise API:

• http://exploringjs.com/es6/ch_promises.html

In practice the requests are performed asynchronously, and each will generate a promise, i.e. an object that represents a successful response or a failure. This can be done also in server side, see:

• https://www.slideshare.net/wimg/the-promise-of-asynchronous-php
• https://github.com/guzzle/promises

Can you explain why you want to keep them separated?

No, the password is not anymore involved. You could change the password for the daniweb@1.2.3.4 account and still be able to access without altering the key, because SSH is going to use another authentication method (via asymmetric cryptography). See:

• https://debian-administration.org/article/530/SSH_with_authentication_key_instead_of_password

For example: if you have 10 servers to connect, by copying the public key on each, you won't need to remember the password of each host. The same key will give you the access everywhere.

Instead, the equivalent of your Windows command, in *nix environments is a script like this:

#!/usr/bin/env bash
sshpass -f <(printf '%s\n' YOUR_PASSWORD) ssh daniweb@1.2.3.4

To execute ./dani.sh. But it requires sshpass, which on Mac is available through HomeBrew: https://brew.sh/

The ssh-keygen command generates keys for ssh, these are stored into your profile, under the ~/.ssh/ directory. Through scp you are copying your local ~/.ssh/*.pub files (the public keys) into the ~/.ssh/autorized_keys file of your remote home directory account, i.e. into daniweb@1.2.3.4

To get information about the commands simply prepend man command:

man ssh-keygen
man scp

It returns the documentation for the commands. By using this approach, only trusted keys will be allowed to connect the host and you can disable the SSH password access, avoiding brute-force attacks.

Okay,

you set up admin@web.com in the FROM header, but the authentication is failing. Is this the account that is authenticating to the SMTP server? From the log it seems you are using GMail SMTP.

Can you explain how this script would work? From who (client email address) to who (website email address)? Or reverse? Or client to client? I ask it, because you may need to set the sender in the REPLY-TO header and the authenticating email address in the FROM header:

$mail->Username = "smtp_username"; # authentication
$mail->From     = "smtp_username"; # from
$mail->AddReplyTo($row["email"]);  # reply-to

This because the script acts like a mail carrier (technically an SMTP Relay), which gets the message and sends it through his SMTP server.

Hi Dani,

hope you're doing well, try to send the report to studio-feedback@zend.com or to their forums http://forums.zend.com and see if they can help. It seems related to Zend, if it was the system then there would be something about a shared library issue.

Ops! My fault, I confused error_log() with file_put_contents() syntax :D

Sorry, please replace the error log line with:

error_log(sprintf("(%s) %s\r\n", $level, $message), 3, $log_file);

And it should work fine.

Any idea where to get the smtp username and password?

Those would, usually, be the email address and the related password. In case of Gmail, however, you should generate and use an application password.

Hi,

in order to send an email through SMTP you need to setup the connection correctly, right now you are pointing the host to localhost instead of something like smtp.domain.tld and the port to 25, which is not correct if connecting through tsl or ssl, it may be port 465, 587 or 993 or something completely different, depending on the host configuration. Also you have to set $mail->isSMTP();. You can raise the debug level to 4 and add a debug function to get more information:

// Debug
$log_file = sprintf(__DIR__ . '/mail-%s.txt', (new \DateTime)->format('Ymd'));

$mail->SMTPDebug   = 4;
$mail->Debugoutput = function($message, $level) use($log_file) {
            error_log($log_file, sprintf('(%u) %s', $level, $message));
            return ;
      };

The Debugoutput closure will create, in the same path of the script, a log file named mail-20170504.txt with the flow of the connection between the client (the script) and the SMTP server, from there you should be able to see the server response and why it fails to complete the request. If you need help with the debug, you can attach the log file to the forum, but remember to remove passwords and other details you want to keep private.