Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 03/04/2013 in all areas

  1. 3 points
    I can't imagine a scenario where the gobbledy-gook of a system you apparently are trying to create would be justified, or possible within your demonstrated engineering capabilities. You are talking about trying to create a system that requires a user to only use one workstation and browser to access your system. I don't know what your system would be doing, but it better be providing literally life saving services, because short of that, nobody is going to put up with the restrictions you have in mind. They are anti-user, and when you make things difficult for users, they stop using your system, or never even stay long enough to pass the entry point. It is damn difficult to get anyone to sign up to use legitimately valuable services, which is why you see so many systems that integrate with facebook, google and twitter, so that you can create your account and trust authentication from those systems to allow access. Furthermore some of your plans reflect an apparent lack of understanding of Internet basics like NAT. In your system, if we were to follow along with your plans, for a large company with perhaps 1000 employees at a particular site, you plan to only allow 1 employee there to use your system. Ditto universities, or even an average household: "Hey there roommate, I just made an account at this site, you should too!" "WTF, the system says I'm banned!" Since you are focused on investigating a client IP, I will say this about IP addresses -- they are reliable at least to the degree that they reflect the tcp socket connection from the client to the server. That information bubbles up to PHP from the IP layer, to the server, and finally to PHP's $_SERVER superglob. The problem is, that a client could have bounced through a variety of gateways, proxy servers or VPN prior to the point that you are finally connected. In many sophisticated hosting environments there are things like load balancers or reverse proxy servers that sit between the client connection and the server which interfere with $_SERVER['REMOTE_ADDR']. Rather than see the client IP, you instead see the IP of the proxy server. If you have that sort of environment, then you can examine $_SERVER['X-Forwarded-For'] or $_SERVER['HTTP_X_FORWARDED_FOR'] variables. These may be arrays with a series of addresses. Again you have the issue that these are provided by the "client" so if it is a proxy server you can depend on at least the most recent address to have been the one that made the TCP socket connection to YOUR proxy server. Other legitimate proxy servers will provide the same data. However, someone who is taking steps to hide their origin is not going to be prevented from obscuring their IP and there is absolutely nothing you can do about it. Almost everyone uses NAT in some form, so the actual person IP address of a workstation on a network is never going to be visible (and would also be useless if it was, since these will be non-routable IP addresses that are shared by hundreds of millions of users). Solutions to the issue of certification and authentication, when people have real and legitimate reasons to solve them, involve cryptography. What you are trying to do can be accomplished using X.509 certificates which have support built into browsers. In a nutshell, at account creation time you would generate an client certificate for that user, installing that into your server, and then providing the signed cert back to them in a specific header (application/x-x509-user-cert ). This will cause the browser to prompt the user to install the cert into their browser. If they accept you know have a reliable way of identifying a specific user. At that point, whenever they connect (must be under SSL) you'll be able to authenticate them back to your system via that particular certificate. Those without a client certificate will be unable to connect. You can think of this as white listing. It is highly effective but is typically used only in environments where the system knows in advance who their allowed users are. Trying to use it in a public facing website with an unknown user base is something you just don't see because the benefits of trying to do this far outweigh the tolerance that people have for a system that has that degree of odious overhead and invasion of their privacy. In conclusion: The types of things you are obsessed with are all edge case items. No quality system begins with the premise that the #1 goal is to try and catch and outsmart an imaginary horde of people attacking your site for reasons unknown. This started as a specific thread about the contents of $_SERVER variables and then escalated into fairly delusional territory, with a dash of your personal Devshed drama thrown in. And let's just be clear about one thing: If you ever bring up your personal issues regarding your Devshed access again, which are irrelevant to this community, then your access to this community will end as well. It's off topic, it's a waste of people's time and efforts here, and it's rude. I just want to be clear that I won't tolerate it again.
  2. 2 points
    Not as it is now - if you want to tell the user which is taken you'll have to update the query. Right now it just returns a count of records that match either the username or the email. You'll have to actually select both and then check in PHP which one matches, or rewrite the query to return the offending column. However, I'd recommend just letting people know that one of the two has been taken. That way you're not confirming to an outside party which of the two actually exists in the database - a hacker that knows for a fact a username exists has less work to do and can focus only on figuring out a correct password.
  3. 2 points
    here's a list of things i saw in the posted code - 1. don't put php variables inside of double-quotes if they are the only thing in the string. 2, don't use or die() for error handling. use exceptions and in most cases let php catch the exception. note: your use of mysqli_error(...) in the connection code won't work because there's no connection to use. 3. don't unconditionally output database errors onto a web page (this will go away when you get rid of the or die() logic.) 4. don't run queries inside of loops. learn to do JOIN queries. 5. if your code is tabbed that far over because it is located inside your html document, you need to put the php code that's responsible for getting/producing data before the start of your html document, fetch the data into appropriately named php variable(s), then use those variable(s) in the html document. 6. handling the negative/failure case is usually shorter then the positive/successful case. if you invert the logic tests and handle the negative/failure condition first, your code will be clearer. you won't have logic for the negative/failure case 10's/100's of lines later in the code. 7. don't use loops to fetch what will be at most one row of data. just directly fetch the single row of data. 8. don't put static calculations inside of loops. the various date values shouldn't change during one report (where they are at now, they will if the request spans midnight.) put them before the start of the loop. 9. don't put quotes around numbers. 10. don't selected things that are not used and don't create variables that are not used (given the amount of code, the cases i saw of this may not be accurate.) 11. if you are looping to do something (should go away with JOINed queries), don't evaluate count() statements in the loop. determine the loop count, once, before the start of the loop. 12. doing some of these things will simplify variable naming. you won't have to think up unique names for variables because you will only have one instance in the code. 13. the $AffID is probably from external/unknown data. you should NOT put eternal/unknown data directly into an sql query statement. use a prepared query, with a place-holder for each data value, then supply the data when the query gets executed. switching to the much simpler php PDO extension will make using prepared queries easy compared to the php mysqli extension.
  4. 2 points
    In the absence of a reply, I estimated the radius to be about 3.5m from that photo. This gives a table of volmes and weights based on that radius. Note the absence of if..., if..., if..., if...) <?php const R = 350; // radius of tank cm NOTE: estimated - replace with actual radius const HC = 40; // cone height cm function tank_volume ($h) { $k = M_PI * R**2 ; if ($h <= HC) { $vol = $k * $h / 3 ; } else { $vol = $k * HC / 3 + $k * ($h - HC); } return $vol; } $results = []; foreach (range(1,500) as $h) { $vol = tank_volume($h); $results[] = [ 'ht' => $h, 'vol' => number_format($vol, 0), 'Kg' => number_format($vol/1000, 0) ]; } $chunks = array_chunk($results,100); $output = ''; foreach ($chunks as $ch) { $output .= "<div class='output'> <table><tr><th>Height<?th><th>Volume (cc)</th><th>Kg</th></tr> "; foreach ($ch as $res) { $cls = $res['ht'] < 41 ? "class='cone'" : ''; $output .= "<tr $cls><td>".join('</td><td>', $res)."</td></tr>\n"; } $output .= "</table></div>\n"; } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="generator" content="PhpED 18.0 (Build 18044, 64bit)"> <title>Tank Volumes</title> <meta name="author" content="Barand"> <link rel="shortcut icon" href=""> <meta name="creation-date" content="02/01/2019"> <style type='text/css'> body { font-family: calibri, arial, sans-serif; font-size: 10pt; } #title { height: 50px; font-size: 24px; font-weight: 600; background-image: linear-gradient(#2DABE1, #FFFFFF); color: #FFF; padding: 15px; } .output { width: 300px; font-size: 20px; float: left; padding: 2px; border-right: 1px solid #BB9A21; } table { width: 100%; font-size: 10pt; } th { background-color: #BB9A21; color: #FFF; padding: 5px; } td { text-align: right; padding: 2px 5px; } .cone { background-color: #EEE; } </style> </head> <body> <div id='title'>Tank Volumes and Weights</div> <?=$output?> </body> </html> Sample output
  5. 2 points
    OK, I've donned my red costume and white beard. Here's an example of displaying more or less text Data CREATE TABLE `product` ( `product_id` int(11) NOT NULL AUTO_INCREMENT, `description` text, PRIMARY KEY (`product_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; INSERT INTO `product` (`description`) VALUES ('Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Maecenas porttitor congue massa. Fusce posuere, magna sed pulvinar ultricies, purus lectus malesuada libero, sit amet commodo magna eros quis urna. Nunc viverra imperdiet enim. Fusce est. Vivamus a tellus. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Proin pharetra nonummy pede. Mauris et orci. Aenean nec lorem.'), ('In porttitor. Donec laoreet nonummy augue. Suspendisse dui purus, scelerisque at, vulputate vitae, pretium mattis, nunc. Mauris eget neque at sem venenatis eleifend. Ut nonummy. Fusce aliquet pede non pede. Suspendisse dapibus lorem pellentesque magna. Integer nulla. Donec blandit feugiat ligula. Donec hendrerit, felis et imperdiet euismod, purus ipsum pretium metus, in lacinia nulla nisl eget sapien.'), ('Donec ut est in lectus consequat consequat. Etiam eget dui. Aliquam erat volutpat. Sed at lorem in nunc porta tristique. Proin nec augue. Quisque aliquam tempor magna. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Nunc ac magna. Maecenas odio dolor, vulputate vel, auctor ac, accumsan id, felis. Pellentesque cursus sagittis felis.'); Example code <?php include('db_inc.php'); $db = pdoConnect("test"); // connect to "test" database // // this bit handles the AJAX request to get the full or partial description // if (isset($_GET['ajax'])) { $stmt = $db->prepare("SELECT description FROM product WHERE product_id = ? "); $stmt->execute( [ $_GET['id'] ] ); $descrip = $stmt->fetchColumn(); switch ($_GET['ajax']) { case 'more': $less = "<span class='less' data-id='{$_GET['id']}'> (less)</span>"; exit($descrip.$less); // send back the description in the ajax response case 'less': $words = explode(' ', $descrip); $partial_descrip = join(' ', array_slice($words, 0, 25)); $more = "<span class='more' data-id='{$_GET['id']}'> ...more</span>"; exit($partial_descrip.$more); } } // // select the product details from the table // $res = $db->query("SELECT product_id , description FROM product "); ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="generator" content="PhpED 18.0 (Build 18044, 64bit)"> <title>Example</title> <style type='text/css'> .descrip { font-family: verdana, sans-serif; font-size: 10pt; margin-left: 50px; width: 50%; } .more, .less { color: blue; cursor: pointer; } </style> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> <script type='text/javascript'> $().ready( function() { $(".more").click( function() { var id = $(this).data('id') var target = $(".descrip[data-id="+id+"]") // find descrip div with matching data-id $.get ( "", // send request to "self" { "ajax" : "more", "id" : id }, function(resp) { target.html(resp) // put returned description in target div enableLess() }, "TEXT" ) }) }) function enableLess() { $(".less").click( function() { var id = $(this).data('id') var target = $(".descrip[data-id="+id+"]") // find descrip div with matching data-id $.get ( "", // send request to "self" { "ajax" : "less", "id" : id }, function(resp) { target.html(resp) // put returned description in target div }, "TEXT" ) }) } </script> </head> <body> <?php // // display the data, putting description in its own div // foreach ($res as $row) { $words = explode(' ', $row['description']); $partial_descrip = join(' ', array_slice($words, 0, 25)); // show first 25 words of description $more = "<span class='more' data-id='{$row['product_id']}'> ...more</span>"; echo "<div class='product'> <h3>Product {$row['product_id']}</h3> <div class='descrip' data-id='{$row['product_id']}'> <h4>Description</h4> $partial_descrip $more </div> </div>\n"; } ?> </body> </html> Sample output
  6. 2 points
    Added some extra lines to facilitate output (commented) <?php $results = []; $teamnames = []; // array to gather the unique team names foreach ($data as $yr => $ydata) { if (!isset($results[$yr])) { $results[$yr] = []; } foreach ($ydata as $tdata) { if (!isset($results[$yr][$tdata['team']])) { $results[$yr][$tdata['team']] = 0; } $results[$yr][$tdata['team']] += $tdata['value']; $teamnames[$tdata['team']] = 0; // put teamname in array as the key. } } $thead = "<tr><th>Year</th><th>" . join('</th><th>', array_keys($teamnames)) . "</th></tr>\n"; $tdata = ''; foreach ($results as $yr => $tresults) { $totals = $teamnames; // copy of the empty teamnames array foreach ($tresults as $tm => $tot) { $totals[$tm] = $tot; /// put the totals into the team column } $tdata .= "<tr><td>$yr</td><td>" . join('</td><td>', $totals) . "</td></tr>\n"; } ?> <html> <body> <table border='1' style='border-collapse:collapse'> <?=$thead?> <?=$tdata?> </table> </body> </html>
  7. 2 points
    As you are sorting on "name", which is the first element of the sub-arrays, you can just use an ordinay sort() or rsort() call. (By default it will sort on the values oof the first element) EG $tadminlist["pvp"] = [ [ 'name' => 'mapname1', 'type' => 'pvp', 'beta' => 'y', 'final' => 'n', 'modded' => '', 'classification' => 'land', 'sf' => 'n', 'tod' => 'dawn', 'weather' => 'fog', 'es2' => 'y' ], [ 'name' => 'mapname3', 'type' => 'pvp', 'beta' => 'yy', 'final' => 'n', 'modded' => 'y', 'classification' => 'air', 'sf' => 'y', 'tod' => 'day', 'weather' => 'rain', 'es2' => 'n' ], [ 'name' => 'mapname2', 'type' => 'pvp', 'beta' => 'n', 'final' => 'y', 'modded' => 'n', 'classification' => 'sea', 'sf' => 'n', 'tod' => 'night', 'weather' => 'clear', 'es2' => 'n' ], ]; echo "line = " . join(', ', array_keys($tadminlist["pvp"][0])) . '<br><br>'; listData($tadminlist["pvp"]); echo "<br>SORTED ASC<br>"; sort($tadminlist["pvp"]); listData($tadminlist["pvp"]); echo "<br>SORTED DESC<br>"; rsort($tadminlist["pvp"]); listData($tadminlist["pvp"]); function listData($arr) { foreach ($arr as $tlist) echo join(', ', $tlist) . '<br>'; } OUTPUTS line = name, type, beta, final, modded, classification, sf, tod, weather, es2 mapname1, pvp, y, n, , land, n, dawn, fog, y mapname3, pvp, yy, n, y, air, y, day, rain, n mapname2, pvp, n, y, n, sea, n, night, clear, n SORTED ASC mapname1, pvp, y, n, , land, n, dawn, fog, y mapname2, pvp, n, y, n, sea, n, night, clear, n mapname3, pvp, yy, n, y, air, y, day, rain, n SORTED DESC mapname3, pvp, yy, n, y, air, y, day, rain, n mapname2, pvp, n, y, n, sea, n, night, clear, n mapname1, pvp, y, n, , land, n, dawn, fog, y To sort by any other element would require usort, eg to sort by classification usort($tadminlist["pvp"], function($a, $b) { return $a['classification'] <=> $b['classification']; } );
  8. 2 points
    Applying opacity to a div affects everything within the div, including type and nested divs. Use background opacity via rgba() to do what you're wanting: body{ background: url("https://image.ibb.co/h93Ndo/abstract.jpg") top right no-repeat; background-attachment: fixed; } .body-container{ display: flex; flex-direction: column; justify-content: stretch; align-items: stretch; background: red; color: white; min-height: 100vh; } .header{ flex-grow: 0; background: rgba(58, 152, 253, 1); } .two-cols{ flex-grow: 1; display: flex; flex-direction: row; justify-content: stretch; } .left-container{ display: flex; flex-direction: column; justify-content: flex-start; flex-grow: 1; flex-basis: 20%; background: rgba(59, 74, 83, 1); } .content{ display: flex; flex-direction: column; justify-content: flex-end; flex-grow: 1; flex-basis: 80%; background: rgba(255, 255, 255, .7); } Also, is there any reason why you needed to add the !important to the display rule on the .body-container div? @gizmola - apparently I'm going to need to read that article as well as I've not found float collapse to be an issue using flexbox. Or at least I've not recognized that that's what it is... Anyway - thanks for the link!
  9. 2 points
    I'd go a step further and give all the checkboxes the same name EG name='problem[]' so they are posted as an array <label><input type="checkbox" name="problem[]" value="Hard Drive Crashed"> Hard Drive Crashed</label><br> <label><input type="checkbox" name="problem[]" value="Has Virus"> Has Virus</label><br> <label><input type="checkbox" name="problem[]" value="Needs Operating System"> Needs Operating System</label><br> <label><input type="checkbox" name="problem[]" value="Needs Microsoft Office"> Needs Microsoft Office</label><br> <label><input type="checkbox" name="problem[]" value="Interested In Backup Services"> Interested In Backup Services</label><br> <label><input type="checkbox" name="problem[]" value="Wants A Custom PC Build"> Wants A Custom PC Build</label><br> In your processing foreach ($_POST['problem'] as $problem) { echo $problem . '<br>'; }
  10. 2 points
    Commencing with test_config.txt as # interface eth0 subnet 10.0.10.0 netmask 255.255.255.0 { } host cm-test1 { hardware ethernet 78:8d:f7:2b:bc:79; fixed-address 172.17.12.80; filename "srv-050.cfg"; } host cm-test2 { hardware ethernet 5c:35:3b:4d:73:4b; fixed-address 172.17.13.119; filename "srv-042.cfg"; } host cm-instrumenti { hardware ethernet 78:8d:f7:2b:bc:79; fixed-address 172.17.12.80; filename "srv-050.cfg"; } host cm-nimonmehmetaj { hardware ethernet 5c:35:3b:4d:73:4b; fixed-address 172.17.13.119; filename "srv-042.cfg"; } This is one way $unwanted = [ 'cm-instrumenti', 'cm-nimonmehmetaj' ]; // unwantedt host names $text = file_get_contents('test_config.txt'); $config = array_map('trim',explode('}', $text)); $new_config = array_filter($config, function ($v) use($unwanted) { foreach ($unwanted as $name) { if (strpos($v, $name)!==false) return false; // remove unwanted elements } return $v!=''; // remove blank entries }); file_put_contents('new_config.txt', join("\n}\n", $new_config) . "\n}\n"); giving new_config.txt as # interface eth0 subnet 10.0.10.0 netmask 255.255.255.0 { } host cm-test1 { hardware ethernet 78:8d:f7:2b:bc:79; fixed-address 172.17.12.80; filename "srv-050.cfg"; } host cm-test2 { hardware ethernet 5c:35:3b:4d:73:4b; fixed-address 172.17.13.119; filename "srv-042.cfg"; }
This leaderboard is set to New York/GMT-04:00
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.