2

Hi,

probably putting the server offline, removing the disk and accessing it in readonly mode from an OS that will not execute any of the code in that disk could be a starting point to backup what is still available.

It's important to make sure it cannot spread in your lan, through wifi or shared folders.

For the removal and recovering it depends on the version that affected your server, see if this helps: https://www.pcrisk.com/removal-guides/11217-amnesia-ransomware

Bye.

1

In other words you want to return back the new name of the uploaded file? In the PHP script you can send a JSON response with the filename, so move line 12 to 11 and replace the echo with:

header('Content-type: application/json');
echo json_encode(['target_file' => $targetFile]);

and use the success event in DropzoneJS to get the response from the server:

Then use javascript to parse JSON and compile a list of uploaded files as (hidden) inputs... but start with something easier: print the response.

By the way, time() will not prevent overwrites.

1

Hi!

I remember reading that there was a failure point on SSL as antiviruses were performing a MITM against browsers to verify the contents of connected pages. In practice they used to replace certificates in the client machine. Is this still an issue? See: http://ieeexplore.ieee.org/document/6956558/

Anyway, just a drop in the ocean.

Votes + Comments
AV vendors installing their own root certificates was always a recipe for disaster. I don't use AV products so I'm not really up to date on this
2

This board has been most helpful to me! I learned that the term "serial numbers", although not a big deal to me, can be taken very seriously by scammers and I need to simply change serial numbers to first and last names when asking for help, to weed out any potential scammers asking why, why, why, why and hiding behind XY problem. Of course they are going to ask why, they want to know if I am stupid enough to give out "real serial numbers".

uh :o are you sure it was not just too young and eager to help? A part Skype & co. I had few questions too about your task, because, for example, for me it was not clear enough how input was structured (basically type and size: alphanumeric, integer, with spaces, splitted in multiple files and to be considered as a whole or repetitions and uniqueness for each file...) and how to output. For example, depending on method awk, from command line could work fine to identify repetitions. Along with rproffitt's suggest about uniq.

1

@RJ

most is still true, I read the same on forums for years, about people changing system every month like scarves, but I suspect it comes only from those which have time to waste. I have never had to put my hands on kernel, to be honest I don't even know from where to start. I use Ubuntu because it's different from other distros, which I agree are not friendly with new users, but Ubuntu is easy to install and configure, it's all graphical and supports a lot of hardware.

You can always open the terminal and compile a source if needed, most of the time it's easy, but not always because it happens that you have to find which library satisfies an obscure dependency but it's rare that an average user will ever need that software. I bought the laptop from which I'm writing in 2008, installed and never formatted. I do upgrades to follow the LTS (Long Time Support) versions which are supported for 5 years, now I'm on 16.04. Yes, I don't get the edgy versions of softwares but I gain in stability. I do reboots only because systemd, the new process manager, in practice an equivalent of your svchost.exe, sometimes requires to reboot the machine after an update (sigh), but otherwise I don't even need to do it for weeks.

1

It may be true that Linux offers a smaller surface attack with the default configuration, but as RJ states, it depends a lot more on how you use the system. Lately I read about a user hit by a ransomware on Linux, he was running Mozilla Firefox as root, who knows why, and got infected through an extension of the browser (seemingly Adobe Flash).

Disclaimer: I use Linux since 2001 and abandoned Microsoft OS since 2004.

2

You can use varbinary(16) to store IPV4 (4bytes) and IPV6 (16bytes), MySQL has some functions to convert the IP from a string representation to a blob and reverse, see for INET6_ATON() and INET6_NTOA(), which deals with both IP types:

Note, the HEX() function in the documentation example is used only to show the hexadecimal value of the blob. When you want to store the IP just do, something like this:

INSERT INTO `log_table` (`ip_address`, `created_at`) VALUES(INET6_ATON(?), NOW());

Where ? is the IP to save.
When you want to search do:

SELECT INET6_NTOA(`ip_address`) AS `ip` FROM `log_table` WHERE `ip_address` = INET6_ATON(?);

This allows you to create an index on the ip_address column, which means fast access. So it's important, in the WHERE statement, to convert the IP to the binary representation, not reverse:

SELECT INET6_NTOA(`ip_address`) AS `ip` FROM `log_table` WHERE INET6_ATON(`ip_address`) = ?;

This would be very slow because it would convert each row into a string representation.

In the result set you could also return as blob, so:

SELECT `ip_address` FROM `log_table` WHERE `ip_address` = INET6_ATON(?);

and convert in PHP through inet_ntop():

But this requires to compile PHP with IPV6 support, otherwise it will fail. I use the same storing method with file paths:

SELECT UNHEX(MD5(TRIM(TRAILING '/' FROM '/path/to/file')));

It's working fine with +2M rows. Right now I would focus much on the storage size issue.

1

The above would not be an inline code, which is defined by backticks. Here you should use a code block, when you want to do such and you have other text above, then hit Return two times, so that you go to a new line and set a line of space between the text and the code. Hit TAB (or hit 4 spaces) and paste the code. If you are copying from your editor, then you can tab there, just make sure it equals at least at 4 spaces.

This textarea does not act like you would expect, so using the TAB key here does not focus on the next form element.

When the code is under 4 spaces then it's parsed as simple text.

At the end of the code block, if you want to insert other text, then again hit Return two times, otherwise there could be a parsing issue with the following text.

In alternative use the CODE button above, it will open a modal to paste the code.

For the XAMPP issue, see if the Apache error log gives information. Also, make sure the file has the .php extension.

2

Hi,

in addition, have you tried with SplFixedArray? It should be faster than standard arrays. Also if you want to open files from the script, than use fopen() instead of file_get_contents(), because the latter will load the entire file in memory before starting processing, while the former will read in chunks and start the execution immediately.

See: http://php.net/manual/en/class.splfixedarray.php

1

Hmm, no, here I'm not accepting passwords from users. It's a server side configuration step to connect Solr with MySQL. Solr is a search engine service developed by Apache. Here I'm setting the credentials into a configuration file, named data-config.xml to access the database. This file can store the database password in plain text or in an encrypted version.

I have an issue with the encrypted implementation. In practice it reads the value from the configuration file, but it does not decrypt and I wonder if it's caused by the IV value. I understand your point, but I cannot refactor this part, unless I'm missing something, also because resetting those values would mean to restart Solr, unless doing something like suggested (but not shown :D):

I'm not sure it's doable with the current version. Anyway, the methods I'm showing above are from the Solr code, I seeked them from the source version, to understand the error log.

As far as I know it can be added the Data Encryption (SSL) to the JDBC driver to enhance security, which will happen as soon this works, but in order to make the connection to the database, Solr has to decrypt the password stored in the configuration file.

3

Just to support rproffitt's, on Ubuntu 16.04 it redirects to 127::1:

» ping -c 3 0.0.0.0                                                                                       
PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.055 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.048 ms

--- 0.0.0.0 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.029/0.044/0.055/0.011 ms

On Mac OS it fails:

$ ping -c 3 0.0.0.0
PING 0.0.0.0 (0.0.0.0): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: No route to host
Request timeout for icmp_seq 1
^C
--- 0.0.0.0 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
Votes + Comments
Thanks for the tests.
1

Ah, no. Okay for that you need variable variables:

For example:

<?php

$start_balance = 2;
$stop = 5;
$roi  = 5;
$sum  = 0;

for($i = 1; $i <= $stop; $i++)  
{
    if(1 == $i)
        $sum = $roi * $start_balance;

    elseif(2 == $i)
        ${'sum' . $i} = $roi * $sum;

    else
        ${'sum' . $i} = $roi * ${'sum' . ($i - 1)};
}

print_r(get_defined_vars()) . PHP_EOL;

Which prints, among the other variables:

[sum]  => 10
[sum2] => 50
[sum3] => 250
[sum4] => 1250
[sum5] => 6250

Which means the loop defined these variables $sum, $sum2, ..., $sum5. If you want to use a function, then keep in mind that the variables will be set in the function scope, so these won't be available outside, unless you set them global:

function _sum($start_balance = 0, $stop = 1, $roi = 1)
{
    for($i = 1; $i <= $stop; $i++)  
    {
        if(1 == $i)
        {
            global $sum;
            $sum = $roi * $start_balance;
        }

        elseif(2 == $i)
        {
            global ${'sum' . $i};
            ${'sum' . $i} = $roi * $sum;
        }

        else
        {
            global ${'sum' . $i};
            ${'sum' . $i} = $roi * ${'sum' . ($i - 1)};
        }
    }
}

_sum(2, 5, 5);

If you explain why you need it like this, maybe we can suggest a better solution.

Votes + Comments
+ for making a solution with variable variables. This same approach can be done with an array resulting cleaner code and easier maintenance
1

Hi,

you can use a for() loop and the assignment operator *=, for example:

<?php

function _sum($start_balance = 0, $stop = 1, $roi = 1)
{
    for($i = 0, $sum = $start_balance * $roi; $i < $stop - 1; $sum *= $roi, $i++) { }
    return $sum;
}

print _sum(2, 5, 5);

But if you plan to use floats or to produce big numbers, then you have to change approach, use BCMath or GMP and read carefully about floating point quirks (which BCMath solves):

1

Hi,

usually you define which column (or columns) mark a row as a duplicate and set a unique key index, so you have to alter your table schema. Once this is done add IGNORE to your insert query:

INSERT IGNORE into excel(excel_name, excel_email) values('name', 'email@address');

Then use:

$affected = mysqli_affected_rows($connect);

It will return an integer: 0 if the insert failed, 1 if it occurred, -1 means there was an error. For more information, read:

Also, use prepared statements, do not use PHP variables inside queries. And, please, make meaningful titles for your threads: "php" does not help anyone.

2

If implemented, IMO, it should be consistent through all code as jQuery does.

Using mutators and accessors, as described by jkon, can simplify because the naming suggests what to expect: setSomething(), getSomething(). Even if more verbose.

Anyway, I made a small research, this could be defined as dynamic dispatch which can be combined with traits, in the end you could create methods with similar names which are choosen by the reflection library basing on the signature (parameter types).

An example is here:

Here's the source:

Which however does not deal with empty methods, so I made few small changes to __candidateMatch() and to __resolveparameterTypes() which was not handling booleans correctly, now it seems to work fine (pasting outside, because the post is too long):

Here's the test class:

<?php

require 'overloader.php';

class Test {

    use Overloader;

    private $_producers;
    private $_song;
    private $_songs;

    // Producers //

    public function producers_set(string $str)
    {
        $this->_producers = $str;
        return $this;
    }

    public function producers_get()
    {
        if(property_exists($this, '_producers'))
            return $this->_producers;

        return '';
    }

    public function producers_unset(bool $unset)
    {
        $this->_producers = NULL;
        return $this;
    }

    // Song //

    public function song_set(string $str)
    {
        $this->_song = $str;
        return $this;
    }

    public function song_get()
    {
        if(property_exists($this, '_song'))
            return $this->_song;

        return '';
    }

    public function song_unset(bool $unset)
    {
        $this->_song = NULL;
        return $this;
    }

    // Songs //

    public function songs_set(string $str)
    {
        $this->_songs[] = $str;
        return $this;
    }

    public function songs_get()
    {
        if(property_exists($this, '_songs'))
            return implode(', ', $this->_songs);

        return '';
    }

    public function songs_unset(bool ...
Votes + Comments
Outstanding post and effort. Give me some time to process it! Songs :D
Very interesting songs
2

Hi,

you can create DOM nodes, see:

As example:

<button id="button">Add</button>
<div id="box"></div>

<script type="text/javascript">
    var btn = document.getElementById('button');
    var box = document.getElementById('box');

    btn.addEventListener('click', function(event) {
      event.preventDefault();

      // create elements
      let child_img = document.createElement('img');
      let div1 = document.createElement('div');
      let div1_text = document.createTextNode('$87.03');

      let div2 = document.createElement('div');
      let div2_text = document.createTextNode('Some text');

      // append attributes
      div1.classList.add('value');
      div2.classList.add('subtext');
      child_img.setAttribute('src', 'http://lorempixel.com/400/200/sports/');

      // append img to box
      box.appendChild(child_img);

      // append text node to div1 and div1 to box
      div1.appendChild(div1_text);
      box.appendChild(div1);

      // append text node to div2 and div2 to box
      div2.appendChild(div2_text);
      box.appendChild(div2);

    }, {
      passive: false
    });
</script>

The live example is here: https://jsfiddle.net/fmbe1yyd/

Obviously you have to change the code to insert dynamic data, so if you have difficulties to make it work, explain better your issue, for example from where you get the input used to populate the elements that you want to create?

1

I would say there are many drawbacks with shared hostings. What do you need it for?

Personally I try to avoid them. Once I was asked to find why a specific website at a specific hour stopped working, after some research I saw that MySQL had max_user_connections & max_connections set to 161 (which is very low). In practice one of the other websites opened so many permanent connections, during that hour, that the pool of the server was saturated, so all the other attempts were going in timeout.

Similar issues happens if the open file limit of MySQL is to low and if in the server there are too many tables, which are files. If the limit is reached, then it causes accessing errors.

1

// EDIT
I just saw your reply, I'm glad you solved!

// Old answer
Hmm,

as far $permissions is defined by the input and defaulting to the database and not like an array:

$permissions = ((isset($_POST['permissions']) && $_POST['permissions'] != '')?sanitize($_POST['permissions']):$User['permissions']);

you can hardcode the options in the select tag, and then just compare which is set:

<select name="permissions">
    <option value="editor" <?php echo (0 == strcasecmp($permissions, 'editor')) ? ' selected="selected"' : ''; ?>>Editor</option>
    <option value="admin,editor" <?php echo (0 == strcasecmp($permissions, 'admin,editor')) ? ' selected="selected"' : ''; ?>>Admin,Editor</option>
</select>

For the sanitazation you could also write:

$permissions = filter_input(INPUT_POST, 'permissions', FILTER_SANITIZE_STRING) ? : $User['permissions'];

filter_input() will fail to FALSE or NULL if the filter fails or the input is not set, in both cases will fallback to $User['permission'], instead, it will return a string on success.

I usually manage selects through two functions:

if ( ! function_exists('_form_select'))
{
    /**
     * Create <select>
     *
     * $array_options format:
     *
     *  'option value' => 'text'
     * 
     * @param  string $name
     * @param  string $label
     * @param  array  $array_options
     * @param  string $selected
     * @return string
     */
    function _form_select($name, $label, $array_options, $selected = FALSE)
    {
        $template = '
        <label for="%1$s">%2$s</label>
        <select name="%1$s" id="%1$s">
            %3$s
        </select>
        ';

        $options = '';

        foreach($array_options as $key => $value)
            $options .= _form_options($key, $value, $selected);        

        return sprintf($template, $name, $label, $options);
    }
}

if ( ! function_exists('_form_options'))
{
    /**
     * Create <option>
     * 
     * @param  string  $key
     * @param  string  $value
     * @param  boolean $selected
     * @return string
     */
    function _form_options($key, $value, $selected ...
1

Hi,

you are trying to iterate the same result set two times: on line 28 and 106. On line 28 you get the first row, so if the query returns only one, you don't get anything when you call mysqli_fetch_assoc() again on line 106. You can use $User otherwise, if you need to loop again, insert data_seek() at line 105:

mysqli_data_seek($userResults, 0);

This will rewind the result set. Documentation:

1

Hi,

it can depend on the path of the files, for example:

$xls  = "Sealing Report/{$date}/sealing_production.xls";
$xls1 = "Sealing Report/{$date}/sealing_assembly.xls";

the path is relative to the script position, so if the files are in the same directory of the main index.php, then change them to:

$xls  = FCPATH . "Sealing Report/{$date}/sealing_production.xls";
$xls1 = FCPATH . "Sealing Report/{$date}/sealing_assembly.xls";

the FCPATH constant is set in the main index.php file and refers to the directory of this file. Also you could serve an array list to the function, so:

$attach_list = [$xls, $xlsl];

Once you have done this, add the $attachments argument to your function and a loop to add the files to the message:

<?php

function sendfullmail($receipient, $title, $message, $cc = '', $bcc = '', $attachments = [])
{
    $this->load->library('email');

    $this->email->from($this->from, $this->fromname);
    $this->email->to($receipient);

    if('' !== $cc)
        $this->email->cc($cc);

    if('' === $bcc)
        $bcc = 'sindisystem@gmail.com';

    else
        $bcc .= ',sindisystem@gmail.com';

    $this->email->bcc($bcc);

    if(is_array($attachments) && 0 < ($c = count($attachments)))
        for($i = 0; $i < $c; $i++)
            $this->email->attach($attachments[$i]);

    elseif(is_string($attachments))
        $this->email->attach($attachments);

    $this->email->subject($title);
    $this->email->message($message);
    $this->email->set_alt_message($this->alt);
    return $this->email->send();
}

$xls  = FCPATH . "Sealing Report/{$date}/sealing_production.xls";
$xls1 = FCPATH . "Sealing Report/{$date}/sealing_assembly.xls";

// or submit a string: $attach_list = $xls;
$attach_list = [$xls, $xlsl];

sendfullmail('recipient@mail.tld', 'Hello', 'here you go', '', '', $attach_list);

If by adjusting the path it still does not work, then set send() to FALSE and add the print_debugger() method:

// You need to pass FALSE while sending in order for the email data
// to not be cleared - if that happens, print_debugger() would have
// nothing to ...