Posts by cereal

I am trying to change the whole 3 circles with one button press. Any clue how? Why only one circle that changes color?

The reason is the ID (unique identifier):

<div id="circle1"></div>
<div id="circle1"></div>
<div id="circle1"></div>

which must be unique in the page, you have three of them.

I don't think the margin has an issue.

That's correct, in fact, I was referring to CSS properties with a specific feature: hyphens.

In Javascript, hyphenated CSS properties margin-top & co. are converted to lower camel case, so marginTop. Line 27 has this issue.

See: https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Manipulating_documents

Hi!

Those are definitions of the same function (hcf), the first line is defining a default in case the second argument is 0, in that case returns the first argument (a). Why? Because if you run mod 1 0 you get an exception:

*** Exception: divide by zero

In haskell there are partial and total functions, mod is partial, as it returns an error in case the argument is not a valid value. By defining the default for 0 you cover that error. See:

• http://dev.stephendiehl.com/hask/#partial-functions

You have already asked this:

• https://www.daniweb.com/programming/web-development/threads/500001/changing-style-color
• https://www.daniweb.com/programming/web-development/threads/461404/change-css

You received solutions in both threads. Bye.

You have to print the $row:

 <iframe src="<?php echo $row["blog"]; ?>"></iframe>

See if this helps.

Hi,

in this case the artisan command won't solve the issue, because it's PHP telling those functions are deprecated as PHP 7.1.0.

The Mcrypt library has been declared deprecated and will be moved to PECL with the release of PHP 7.2.0, this because it relies on libmcrypt which has not been developed or mantained since 2007, see:

• https://sourceforge.net/projects/mcrypt/files/Libmcrypt/
• http://php.net/manual/en/intro.mcrypt.php

To solve, update the code with an alternative library.

Very wide. Depends on the role and the permissions connected to these credentials. What can be done with them: can you connect, for example, to the internal network through a VPN?

It can go from social engineering, requering more access through the stolen account to accessing the network, gathering data, install software, run a ransomware on shared resources...

Agree, preg results are painful. The following should ship the same output with preg_match_all():

$results = array_column($matches[0], 1);

However, I suspect it will add some overhead.

You can also use a regular expression (regex), in PHP you can use regex with preg_* functions:

preg_match_all('/5/', $numberedString, $matches, PREG_OFFSET_CAPTURE);

The first argument is the pattern to search, the slashes are delimiters; the second argument is the subject to search, your string; the third argument is the array that will hold the results; the last argument is a constant to show the position of each match in the researched subject.

So, if you print it, you get:

print_r($matches);

Array
(
    [0] => Array
        (
            [0] => Array
                (
                    [0] => 5
                    [1] => 4
                )

            [1] => Array
                (
                    [0] => 5
                    [1] => 14
                )

            [2] => Array
                (
                    [0] => 5
                    [1] => 24
                )

            [3] => Array
                (
                    [0] => 5
                    [1] => 34
                )

        )

)

About the docs: at the end of each function page, there is a list of other functions to consider as alternative. If you open php.net/strpos you get preg_match, which would return only $matches[0][0], from there you can reach preg_match_all. Once you get used, you just have to explore and test.

In addition: it happens because it's boolean FALSE which is converted automatically to an empty string, you won't get a string FALSE, for example:

echo "FALSE"; # string, printed
echo 'FALSE'; # string, printed
echo FALSE;   # boolean, empty

From the manual:

A boolean TRUE value is converted to the string "1". Boolean FALSE is converted to "" (the empty string). This allows conversion back and forth between boolean and string values.

Link: http://php.net/manual/en/language.types.string.php#language.types.string.casting

In your case you can write:

$pos = strpos('Hello World!', 's');

if(FALSE !== $pos)
{
    # success
}

else
{
    # not found
}

Saying all this, I guess white space or the TAB/INDENT is considered as FALSE if some-how there can be "values" set to them one way or the other.

Have you tried to evaluate it through var_dump()?

var_dump(empty("\t"), empty(" "), empty(""));

can you help me set up the controller and stuff ? or you cant...

Hi, what do you mean?

Almost,

in the query you should write AND/OR between the WHERE clauses, and execute() does not allow two parameters, so you should merge the array, and in this case convert $data = NULL; to $data = []; because otherwise you cannot merge it. So:

Line 1:

$sql = "SELECT * FROM `names` WHERE %s OR %s";

Line 10, 21:

$data = [];
$data2 = [];

Line 25:

$stmt->execute(array_merge($data, $data2));

About bindParam(), it's up to you, I was showing how you can build the query, now if you want something more complex, you can stack the params into an array and loop it, like this:

if($int > 0)
{
    $condition = "`fname` = :fname";
    $data[] = [':fname', 'klaus', PDO::PARAM_STR];
}

else
{
    $condition = "`fname` IS NOT NULL";
    $data[] = [];
}

if($int2 > 0)
{
    $condition2 = "`fname` = :fname2";
    $data[] = [':fname2', 'klaus2', PDO::PARAM_STR];
}

else
{
    $condition2 = "`fname` IS NOT NULL";
    $data[] = [];
}

$stmt = $db->prepare(sprintf($sql, $condition, $condition2));

foreach($data as $k => $v)
    if(count($v) > 0)
        $stmt->bindParam($v[0], $v[1], $v[2]);

$stmt->execute();

However, by using sprintf() the query will always expect two clauses, if you want to make it more dynamic then you have to change that part and build the query with an assignement operator .= or an array and then you implode by space. As example, consider to have an if statement for $int3, but no else statement:

if($int3 > 0)
{
    # ...
}

The origin query does not work anymore because it could …

In the specific case of Twitter, there is an API that allows to search through the public tweets of a specific account:

• https://dev.twitter.com/rest/public/search

You can check the libraries used to connect this service here and see how it is done:

• https://dev.twitter.com/resources/twitter-libraries#php

If you want to check the contents of a static page and here I mean the contents generated on server side and loaded in plain HTML, you can use a library to analyze the DOM, like:

• http://php.net/manual/en/book.dom.php
• http://php.net/manual/en/domxpath.query.php
• http://symfony.com/doc/current/components/dom_crawler.html

DOM libraries require valid documents, if these are malformed then the extraction can fail.

If, instead, the contents are loaded through Javascript, you need a browser engine and some javascript, see as example:

• http://phantomjs.org/

A part these, there are many other available solutions, like regular expressions or scripting with command line tools as awk or sed:

• https://www.gnu.org/software/gawk/manual/gawk.html
• https://docstore.mik.ua/orelly/unix/sedawk/
• http://www.regular-expressions.info/

Also, if the goal is to extract data, don't limit your choices to PHP, there are excellent solutions written in other languages, see for example Scrapy:

• https://scrapy.org/

Curious to see what the code would look like and php is capable of doing it in how many lines of code.

Hehe, I think you can try to extract the tweet through a DOM library (DOM Crawler should be easy to use), check the HTML source of the link you provided, load the page and see what you can …

In addition: consider that a bind can be defined in the execute() method, so:

$stmt->execute([':id' => $id]);

You could change the queries to whitelist some expressions and add it as a variable, something like this should work and allow you to define multiple conditions:

$sql = "SELECT * FROM `names` WHERE %s";

if($int > 0)
{
    $condition = "`fname` = :fname";
    $data = [':fname' => 'klaus'];
}

else
{
    $condition = "`fname` IS NOT NULL";
    $data = NULL;
}

$stmt = $db->prepare(sprintf($sql, $condition));
$stmt->execute($data);

Bye!

Hi,

IS NOT NULL is not a string, it's an expression. So, as far as I know, you cannot bind it into a prepared statement. Do two queries:

if($gjendja_id > 0)
{
    $stmt = $dbconnection->prepare('SELECT a.dokumenti, a.datafillimit, a.datambarimit, b.programi, c.lloji_diplomes, d.ial, e.akreditimi FROM programet_akreditimet AS a INNER JOIN programet AS b ON a.programi_id = b.id INNER JOIN programet_llojet_diplomave AS c ON b.lloji_diplomes_id = c.id INNER JOIN institucionet AS d ON b.ial_id = d.id INNER JOIN akreditimet_llojet AS e ON a.lloji_akreditimit_id = e.id WHERE a.datambarimit >= CURDATE() AND b.gjendja_id =:gjendja_id AND d.gjendja_id = 1 AND a.trashed = 0 ORDER BY d.ial ASC');
    $stmt->bindParam(':gjendja_id', $gjendja_id, PDO::PARAM_INT);
}

// Is not null
else
{
    $stmt = $dbconnection->prepare('SELECT a.dokumenti, a.datafillimit, a.datambarimit, b.programi, c.lloji_diplomes, d.ial, e.akreditimi FROM programet_akreditimet AS a INNER JOIN programet AS b ON a.programi_id = b.id INNER JOIN programet_llojet_diplomave AS c ON b.lloji_diplomes_id = c.id INNER JOIN institucionet AS d ON b.ial_id = d.id INNER JOIN akreditimet_llojet AS e ON a.lloji_akreditimit_id = e.id WHERE a.datambarimit >= CURDATE() AND b.gjendja_id IS NOT NULL AND d.gjendja_id = 1 AND a.trashed = 0 ORDER BY d.ial ASC');
}

$stmt->execute();

Hehe, sure you can!

If you want to solve it, instead, read the notice, it says Use of undefined constant session - assumed 'session', which means you probably wrote:

$autoload['libraries'] = array(session); # without quotes

Instead of:

$autoload['libraries'] = array('session'); # with quotes

By adding quotes the value is considered a string, which is what you need in this case.

Take care Dani!

Open application/config/autoload.php and set session inside:

$autoload['libraries'] = array('session');

You can do the same with other libraries or helpers that you will use constantly, like database or form.

More info: https://codeigniter.com/user_guide/general/autoloader.html

Hi,

it is not clear where you are having difficutiles.

Mostly running, for few hours, 4 times per week, it's my break from everything. About plants, I don't have a garden anymore, but I have a small room with a French window exposed to south, I use it as a small greenhouse, with some plants... last year I grew up four avocado plants from seeds, one of these is now 2mt tall, I didn't expected such results. Now I want to try with a mango or something else outlandish.

Have you guys ever thought of building it ? It would sell well.

Hmm, that would infringe YouTube terms of services (ToS) I suggest you to not try to monetize it, however, if you want to investigate it look at youtube-dl project on GitHub:

• http://rg3.github.io/youtube-dl/

I use it along with mps-yt as command line YT player, I set it to not show the video, so it does not consume resources.

Open this link:

• https://www.visualstudio.com/downloads/

Click on Other Tools and Frameworks and download Microsoft Visual C++ Redistributable for Visual Studio 2017 for your platform, that should install the missing library. The previous error was connected to the same issue.

It, probably, happens because you are calling the session inside application/core/MY_Loader.php but you are loading it from the controller, which is executed after the MY_Loader. Have you tried to autoload the session?

Okay,

consider to use the identical operator === on line 20:

if ($this->form_validation->run() == FALSE)

The alpha_space_only() callback can fail when using accented characters like àèéìòùñ, so you may want to replace the regex pattern to:

preg_match('/^[\p{L} ]+$/ui', $str)

a part this your code seems fine.

But another error happen.

So, what is the error?

Hello KK,

from the screenshot is seems you are trying to load CI resources from outside the application folder. Is Contact.php a CI controller? Can you share it? Remember to remove address and password as the post is public.

Have you read this? http://php.net/manual/en/language.expressions.php
Basically a statement can be an expression. And:

The simplest yet most accurate way to define an expression is "anything that has a value"

About tokens: in PHP it can be, strictly, used to define some parts of the language or used widely by the interlocutor to refer to other concepts, see:

• http://php.net/manual/en/tokens.php
• Computing on https://en.wikipedia.org/wiki/Token

Hi,

I don't want to add confusion, but I wonder if there is an open process pointing to an unlinked file in that directory. Try something like:

lsof -nP +L1 | grep '(deleted)' | grep -i ".club"

from a terminal, to see if it outputs results. To be honest, I ran a test on my system[2] and, while the file was still "existing" for the process, I was able to install Flarum through composer.

Reference:

1. http://www.gnu.org/software/libc/manual/html_node/Deleting-Files.html
2. http://www.linuxquestions.org/questions/linux-security-4/how-can-i-hide-a-file-from-ls-a-496229/

Anyway, instead of using composer on the server, you could install it on local and then use SFTP (Filezilla has the client too) to upload all the files to the server.

Hi!

In addition to previous suggestion: if the path is wrong or does not have write permissions Python would return:

sqlite3.OperationalError: unable to open database file

Instead you get:

sqlite3.OperationalError: no such table: Airports

Which can be generated if:

1. the database file name is wrong due, for example, to the case: linux is case sensitive, Mac OS no (at least not by default)
2. the database file or the parent directory is read-only, so you have to change the permissions
3. the table does not exists

In the first case connect() will create the database file, but this obviously won't have the Airports table.

In the first case this:

for row in cur.execute('''SELECT "Hello"'''):
    print row

will run successfully, it will run successfully also if the file is read-only, but it will fail if there are permission issues with the parent directory. The error, however, will be related to the database file, not to the table.

Am I missing something? Or doing this completly wrong?

It's difficult to say because I don't see the current code you are using. On top of dogReview.php page, right after session_start() set var_dump() to show $_GET and $_SESSION contents:

echo "<pre>";
var_dump($_GET, $_SESSION);
echo "</pre>";

You should be able to see what is sent through the GET request (appending the parameters to the url) and the contents of the current session. If it does not help show the code of this page.

If you append parameters to the landing page:

dogReview.php?u=USER&dogID=123

Then you can access those values by using $_GET:

$user  = $_GET['u'];
$dogID = $_GET['dogID'];

$_SESSION, instead, is reserved to values set in the session handler.

See:

• http://php.net/manual/en/reserved.variables.get.php
• http://php.net/manual/en/session.examples.basic.php

Hi,

can you show the previous step, i.e. the code used to set the session variables?

Hi,

once you load the document, create an element (customer) inside the root (customers), then create the children elements of customer and append them to it, at the end append the customer element to the root. Basically:

<?php

$str = <<<'XML'
<customers>
    <customer>
        <ID>C1</ID>
        <FirstName>Jack</FirstName>
        <SurName>Wong</SurName>
        <Email>jack@hotmail.com</Email>
        <Password>081292</Password> 
    </customer> 

    <customer>
        <ID>C2</ID>
        <FirstName>Ashley</FirstName>
        <SurName>Rachael</SurName>
        <Email>ashley@hotmail.com</Email>
        <Password>081292</Password> 
    </customer>

    <customer>
        <ID>C3</ID>
        <FirstName>Vongola</FirstName>
        <SurName>Steve</SurName>
        <Email>vongola@hotmail.com</Email>
        <Password>081292</Password> 
    </customer>
</customers>
XML;

$dom = new DOMDocument();
$dom->preserveWhiteSpace = FALSE;
$dom->loadXML($str);
$dom->formatOutput = TRUE;

$customers = $dom->documentElement;
$customer  = $dom->createElement("customer");

$data = ['ID'        => 'C4'
       , 'FirstName' => 'Name'
       , 'SurName'   => 'Last Name'
       , 'Email'     => 'email address here'
       , 'Password'  => 'really?!'];

foreach($data as $k => $v)
{
    $el = $dom->createElement($k, $v);
    $customer->appendChild($el);
}

$customers->appendChild($customer);
print $dom->saveXML();

See:

• http://php.net/manual/en/domdocument.createelement.php
• https://www.daniweb.com/programming/web-development/threads/487157/writing-to-a-file

The Daniweb link is about an HTML document, it uses the same rules for XML documents and it explains how to apply attributes to the elements.

To open an save to a file, use these methods :

• http://php.net/manual/en/domdocument.save.php
• http://php.net/manual/en/domdocument.load.php

Bye!

I don't know what this is as still a beginner: var_dump($numrows);

var_dump() returns information about expressions TRUE < FALSE or variables. For example:

$stmt = TRUE === TRUE || TRUE < FALSE && TRUE === FALSE;
$str  = 'Hello';
$fp   = fopen('php://memory', 'w+');
var_dump($stmt, $str, $fp);

It will return the data type and the value:

bool(true)
string(5) "Hello"
resource(3) of type (stream)

In my previous comment, I suggested you to verify the contents of the $numrows variable, to make sure you were receiving an integer (as expected) or NULL, which would suggest an error with the query.

About the code, I understand what you want to achieve, however query to verify only if the username or the email address exists, exclude the password for now, so do:

SELECT * FROM users WHERE usernames='abc' OR emails='abc' LIMIT 1;

I'm adding LIMIT 1 here, which can be avoided if you set unique keys on usernames and emails columns.

Once you get the row, fetch the password from the result set and compare it with the one submitted in the login request.

Right now, I suppose you are saving passwords in plain text, you should use password_hash() to generate the hash to save into the database and password_verify() to verify the attemp with the hash.

Read the following tutorial by Diafol, #11 Storing and Retrieving Authentication Data, which shows exactly the same approach that I would use here:

• https://www.daniweb.com/programming/web-development/tutorials/499320/common-issues-with-mysql-and-php#post2183501

It is developed for PDO and uses prepared statements, …

Hi,

what you get with var_dump($numrows);?

Besides, look at your query:

SELECT * FROM users WHERE usernames='abc' OR emails='abc' AND passwords='WRONG_pass';

Basically it is like writing:

SELECT TRUE OR FALSE AND FALSE;

Which evaluates to TRUE:

+---------------------------+
|   TRUE OR FALSE AND FALSE |
|---------------------------|
|                         1 |
+---------------------------+

In this case by knowing the username you can access without the correct password. It happens because in MySQL AND has an higher precedence than OR, so the expression is read by the database like:

SELECT TRUE OR (FALSE AND FALSE);

To avoid the issue do:

SELECT (TRUE OR FALSE) AND FALSE;

Which evaluates to:

+-----------------------------+
|   (TRUE OR FALSE) AND FALSE |
|-----------------------------|
|                           0 |
+-----------------------------+

As expected.

See: https://dev.mysql.com/doc/refman/5.7/en/operator-precedence.html

Hi!

This variable $dweetcom_borang is not defined in the script and it is used in the delete statement:

$sql = "DELETE FROM $dweetcom_borang WHERE id=$del_id";

I see, however, that in the select statement, at line 9,you are not using a variable, so I wonder if this is the issue. Let us know, bye!

@Luzinete

Hi,

please, open a new thread with the error message and the code that generates that error.

Hi,

read the error carefully, it says:

Error: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined.

And look at your prepared statement:

$query = $pdo->prepare('INSERT INTO subscriptions (name, email, subscribe) VALUES(:name, :email, :chk)');

And the execution:

$query->execute(array(':name'=> $name,':email'=> $email, ':subscribe'=> $chk));

As you see you have defined :chk in the prepared statement, and :subscribe in the array that is executed. Fix it and you will solve this error.

Has 7 made any difference to the way you code?

A bit.

To be honest, a part personal code, I have used PHP 7 only for one client's project because it was starting with that version, in that case I used strict type declarations, CSPRNG functions and Throwable to catch common errors.

For me the former and the latter were missing bits in PHP. I'm happy these were introduced. I would like to see Throwable also for warnings and notices rather than setting an error handler.

Are they massive time savers (coding-wise or run-wise)?

At the moment no, not for me.

Something I would like to see is overloading, what is currently used in PHP smells more like overriding and I find it chaotic.

If you manually run the query, does it works? If, for example: you are using InnoDB, autocommit is disabled, then there could be a deadlock.

A part from that, use var_dump against $invoice, to be sure the value is really received by the script.

Also, if you are running ext/mysqli in procedural mode, then the first argument must be the connection to the database and the second the query:

mysqli_query($conn, 'YOUR QUERY HERE');

If it still does not help provide more info, show more code, it could be something else.

Hi,

at line 7 you have:

$update_id = $post_id;

while $post_id is initialized at line 68:

$post_id = $row_post['post_id'];

Which in practice depends on $edit_id defined at line 60:

$edit_id = $_GET['edit_post'];

So, it seems that you open the page like this:

page.php?edit_post=123

All you have to do is to initialize $edit_id on top, at line 4, so that is available to the POST conditional statement and to the other code.

Do not use $_GET directly, filter the variable:

$edit_id = filter_input(INPUT_GET, 'edit_post', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

Then replace:

$update_id = $post_id;

With:

$update_id = $edit_id;

Or simply adjust the following code to use $edit_id. Use the filter functions also for the other input coming from POST and GET requests, and use prepared statements too:

• http://php.net/manual/en/book.filter.php

Hello Dani,

I don't think it's the user agent, I'm testing with Phantomjs and it uses this user agent:

Mozilla/5.0 (Unknown; Linux i686) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.1.1 Safari/538.1

The testing script render.js:

var page   = require('webpage').create(),
    system = require('system'),
    vsize  = {width: 1280, height: 1024},
    address, output;

address = system.args[1];
output  = system.args[2];

page.viewportSize = vsize;
page.clipRect = {
  top: 0,
  left: 0,
  width: vsize.width,
  height: vsize.height
};

page.open(address, function() {
  page.render(output);
  phantom.exit();
});

Execution:

./phantomjs render.js LINK output.png

And it works fine. In this specific case Microsoft is rejecting HEAD requests, it allows GET requests, in fact, it returns 200, but the page has no contents because are loaded by Javascript: test with Postman to see how it renders. So, it seems it needs a rendering engine to show the contents.

Hi,

can you provide the error message?

Hi! You can use pathinfo() or a directory iterator:

$ext = pathinfo($file)['extension'];

BUT right now the img() function can, potentially, allow the access to the contents of any directory on the server, by adding ../ to the variable, as example you can write the following and access /etc/:

pictures.php?imageID=images/../../../../etc

It depends on the position of the document root in the file system. You could use an integer and make sure it's valid, for example:

$imageID = filter_input(INPUT_GET, 'imageID', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

if(TRUE === is_null($imageID))
{
    # redirect or show 404
}

# continue if $imageID is valid

See also: https://www.owasp.org/index.php/Path_Traversal

Hi,

I do not see the conditional statement to apply the comma. Do you have an example of the input?

It is possible. Do you see the requests in the web server logs? Also you can try Postman or httpie:

• https://www.getpostman.com/
• https://httpie.org/

Send a request to the PHP script and see if you get a response. If it works, then it can be your android code.

Hi,

enter the bios, change the start up order to read the USB media before than the primary disk, save and restart.

Here you can find more suggestions:

• https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_install/performing-a-windows-10-update-everything-seemed/663f38cf-b941-431e-858f-2881c7793ff1?page=1

Bye!

I am not sure where to enter the additional php you provided.

Do not consider it anymore, I thought the request and response was between PHP pages and I was suggesting you to move the client to a landing page. In this case you probably need more an header with a status code.

A question: are you sure you are sending a POST request to the script? This error:

"Warning: mysqli_close() expects parameter 1 to be mysqli, null given in"

with the code of your first post, can raise only if the request method is not POST.

Do this test: at the end of the POST statement print the request method:

<?php

if($_SERVER['REQUEST_METHOD']=='POST'){
    # your code here
}

echo 'Current request method: ' . $_SERVER['REQUEST_METHOD'];

And see what you get.