requinix

What are the current "webm_encoding_options" settings that the conversion script is using?

Depends what Config is doing with the file path. Probably something simple, like file_get_contents()? Relative paths for plain file access (so not using include/require) are according to the current working directory. From the CLI that's where you were when you started PHP, while for web things it could be the web root or the directory of the executed file or something else. If the config/config.json path is always relative to the same /path/to/my location then you could add that to Config, along the lines of public function __construct($path) { if (strncmp($path, "/", 1) == 0) { // absolute path } else if (!empty($_SERVER["DOCUMENT_ROOT"])) { $path = $_SERVER["DOCUMENT_ROOT"] . "/" . $path; } else { // relative to cwd $path = getcwd() . "/" . $path; } Using a relative path based on __DIR__ might be easier, as in __DIR__/../$path.

It's not so much against forum rules as it is just Not A Nice Thing To Do. The key things to note with it are: 1. The fact that it gets information from $_POST and $_COOKIE. Malicious scripts don't do one single thing anymore - they take instructions sent to them from a person or another machine. 2. That it can output phpversion() data. So someone can see your server configuration. 3. The is_writable() checks and file_put_contents() function calls with ".php" file extensions. It's designed to write arbitrary code to whatever files on your server.

Please don't post malicious code in a public forum. You cannot simply "undo" the attack. There's no way to know the full extent of the damage. Assume that everything has been compromised. Take your website offline. Restore all the files from a recent backup (which you hopefully have), restore the database from a recent backup (ditto), then make sure you are up to date with WordPress and your plugins and everything else. Then bring your site back up and keep a very close eye on it for the next few weeks. Ideally, you can identify the attack vector: an outdated plugin, insecure permissions, something like that. Then make sure that is closed off. If your site has user registration or people's personal information, such as an email address or password, then you need to deal with that too. Which needs to include informing users of the breach.

You saw the link I posted, right? That's most of the way there. 1. Calculate the correct new starting date and time. 2. Get the diff between the gap, in days, then subtract 1 from it. Measured in days because having exact weekdays is important, and a little short so that it's definitely going to be the day before the desired time. 3. Add that many days to the new start, then do the next weekday/time thing. PHP will handle the rest. https://3v4l.org/7JDgp The two things to keep in mind: working with periods defined in terms of month units or larger sucks so don't try, and DST really needs to go away once and for all.

Not all WEBMs are created equal. Codecs matter. That's what I've been trying to tell you.

Almost thought I understood: fillStart 2019-07-23 00:15:00 Tue fillEnd 2019-09-23 13:00:00 Mon gapStart 2019-05-23 00:15:00 Thu gapEnd 2019-06-23 13:00:00 Sun fillStartModified 2019-07-25 00:15:00 Thu fillEndModified 2019-08-25 13:00:00 Sun "fill" is the date range you're working with, and "gap" is a start and end whose weekday numbers and times (aka "WeekDayTimes") should be copied. You need to move the fill's start date forwards the least amount of time (ie, "to the next") such that it has the same weekday number and time as the "gap" start; same for the fill's end date except it goes backwards. That would explain how 07-23 00:15 becomes 07-25 00:15 (moved forwards "to the next" Thu 00:15) but not how 09-23 13:00 moved back almost a month to 08-25 13:00. PS: https://3v4l.org/0lBR6

This is likely due to one or more CSS rules. Would have to see those to know what's wrong.

First step is for you to learn how to indent your code properly. I'm not entirely sure but I suspect your problem will become apparent if you do this.

Is it the same set of information for everyone? Definitely do not do this. No offense, but it doesn't sound like you understand what databases do or how they work. Thing is, you would never actually do that. You would run a SELECT query with a WHERE clause. And the system will be able to pull up the information far more efficiently than you could if you tried to do it yourself.

I don't have a calendar in front of me either, but I'm really sure that there is no time in January which ends on the same week as February 12th. Try explaining it again but with different words. Let's say that you can't use the words "gap", "earliest", or "closest".

Probably. Going to need to hear more about it than just how it's "individualized information". Definitely not.

Time for you to do a little detective work: does the browser/iOS on your iPhone 5S support playing WEBM videos? If so, is it restricted to the VP8 codec? Is that what your WEBM videos are using?

Have you ever tried to take your car to a mechanic and when they asked what was wrong you said the car was "no-go"? Try that sometime and let me know what they say. That is useful information. Stick the path to the video in an <a> link and click it (on mobile). What happens?

...so about those dates...

That <?php <th>Auto Update: </th> <td></td> ?> is not valid PHP code. But it's also not what you showed in your second post so I don't know what to think.

You "only" want to use it for desktop and mobile? Okay... so what do you not want to use it for? If you want WEBM at all then can I assume you did not remove support for it from the conversion script? And what does "no go" mean when you say it's not working? How is it not working? What do you want it to do and what is it actually doing?

You changed it from using MP4 to using WEBM. I thought you said you were removing support for both of those? According to caniuse.com, WEBM is generally supported with VP8 as the most portable codec.

Can I assume you've tried Google? I just checked now and I'm seeing some relevant results.

Hold on. How did you arrive at those two dates?

jQuery will consider it an error if the request responds with a 4xx or 5xx status. You can use http_response_code to set it. Suggested status codes are: - 400 if the request didn't have the fields you need - 400 if the new username was invalid - 403 if the user tried to update the status of someone they're not supposed to jQuery won't deserialize the JSON for an error response so your code should attempt to do that itself. Then it can look for an error message.

It's not just about user input. It's about not knowing right there at that moment whether the value is safe. Can you guarantee that there is no possible way a username could have anything wrong with it? Not just in the database but also the value stored in the session? Modern day "hacks" are not about finding a single problem that gives someone complete access. They're about finding a series of small vulnerabilities that combine to form something large. In your case, perhaps there's a way to get a username that's kinda invalid into the database, and then maybe there's a flaw in some code that loads the username into the session, and then maybe there's a flaw in this particular script where the bad username in the session can turn into SQL injection. That's why application security is so difficult: to protect yourself you have to make sure that everything is covered, but for a malicious user all they have to do is find one or two problems.

"Quoted" is the term ("escaped" is like what you might do with backslashes) but yes: just like how strings in PHP need quotes around them, so do strings in SQL. But adding quotes isn't enough because there's a risk the username will have something harmful in it. Use a prepared statement.

Let's investigate that. if ($result = mysqli_query($link, "SELECT su FROM accounts WHERE username = $user", MYSQLI_STORE_RESULT)) { There's the query. Does it look like there might be anything wrong with it? Try putting that string into a variable, echoing the variable so you can see the exact query, and running that query yourself manually.

while ($row = $result->fetch_assoc()) { $priv === $row["su"]; } What is that second line doing?