requinix

Go for the latest everything. I don't know CentOS but generally there's a package that serves as the PHP module for Apache. I don't see that in your list. Without it you can't run PHP from Apache (unless you use a different execution method). The package probably has "apache2" and "php53" in the name.

You don't an actual timer - just keep track of when they visited the first time. 1. When they visit the page, check in your database when they first visited. 2. If they have visited at all, check whether that time was within the last two hours or not: show the predefined value if so, continue the script if not. 3. If they haven't, record the current time and show them the predefined value.

Speaking of outdated, Upgrade! PHP 5.3 and MySQL 5.0 are years old and no longer supported - latest versions are PHP 5.6 and MySQL 5.6 (which is pure coincidence). Find your php.ini and make sure you have error_reporting = -1 display_errors = onset. Then restart Apache.

"Geolocation" is the term you should be searching for.

Depending on the rest of your code it may not actually be possible to do this in a reasonable way. Fortunately you should take a slightly different approach to it. Rather than allow anything as a variable, which is extremely dangerous, you should use a whitelist of values. At that point it's really just an array of names and values. Pass that to the callback function. $values = array( "icao" => $icao, "tzoff" => $tzoff, "day" => $day, // etc ); $post = preg_replace_callback('/\{(\w+)\}/', function($match) use ($values) { if (isset($values[$match[1]])) { return $values[$match[1]]; } else { return $match[0]; // no change // return ""; // empty // or whatever you want to do } }, $post);

Doesn't it depend on the positioning of the two blocks?

Why not? /** * <http://tools.ietf.org/html/rfc3492#section-5> */ const PUNYCODE_DIGITS = 'abcdefghijklmnopqrstuvwxyz0123456789'; /** * Punycode: Adapt * * <http://tools.ietf.org/html/rfc3492#section-6.1> * * @param int $delta * @param int $numpoints * @param bool $firsttime * @return int */ protected static function punycodeAdapt($delta, $numpoints, $firsttime) { if ($firsttime) { $delta = (int)($delta / 700); } else { $delta >>= 1; } $delta += (int)($delta / $numpoints); for ($k = 0; $delta > 455; $k += 36) { $delta = (int)($delta / 35); } return $k + (int)((36 * $delta) / ($delta + 38)); } /** * Punycode: decode * * <http://tools.ietf.org/html/rfc3492#section-6.2> * * @param string $string * @param string $encoding * @return string */ public static function punycodeDecode($string, $encoding = "UTF-8") { $n = 128; $i = 0; $bias = 72; $output = array(); $_s = strrpos($string, "-"); if ($_s !== false) { $output += str_split(substr($string, 0, $_s)); $_s++; } else { $_s = 0; } $_slen = strlen($string); while ($_s < $_slen) { $_olds = $_s; $oldi = $i; $w = 1; for ($k = 36; ; $k += 36) { if ($_s >= $_slen) { return false; } $digit = strpos(self::PUNYCODE_DIGITS, strtolower($string[$_s++])); if ($digit === false) { return false; } $i += $digit * $w; $t = $k - $bias; if ($t > 26) { $t = 26; } else if ($t < 1) { $t = 1; } if ($digit < $t) { break; } $w *= (36 - $t); } $_len = count($output) + 1; $bias = self::punycodeAdapt($i - $oldi, $_len, $oldi == 0); $n += (int)($i / $_len); $i = ($i % $_len); // utf-8 encoding // 0xxxxxxx if ($n <= 0x3F) { $_n = chr($n); } // 110xxxxx 10xxxxxx else if ($n <= 0x7FF) { $_n = chr(0xC0 | ($n >> 6 & 0x1F)) . chr(0x80 | ($n & 0x3F)); } // 1110xxxx 10xxxxxx 10xxxxxx else if ($n <= 0xFFFF) { $_n = chr(0xE0 | ($n >> 12 & 0x0F)) . chr(0x80 | ($n >> 6 & 0x3F)) . chr(0x80 | ($n & 0x3F)); } // 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx else if ($n <= 0x1FFFFF) { $_n = chr(0xF0 | ($n >> 18 & 0x07)) . chr(0x80 | ($n >> 12 & 0x3F)) . chr(0x80 | ($n >> 6 & 0x3F)) . chr(0x80 | ($n & 0x3F)); } // fail else { warning("f.url", ["Invalid Unicode codepoint U+%04X at offset %d '%s'", $n, $_olds, substr($string, $_olds, $_s - $_olds)]); $_n = "\xEF\xBF\xBD"; // U+FFFD REPLACEMENT CHARACTER } array_splice($output, $i, 0, [$_n]); $i++; } return mb_convert_encoding(implode("", $output), $encoding, "UTF-8"); } /** * Punycode: encode * * <http://tools.ietf.org/html/rfc3492#section-6.3> * * @param string $string * @param string $encoding * @return string */ public static function punycodeEncode($string, $encoding = "UTF-8") { $n = 128; $delta = 0; $bias = 72; $h = $b = 0; $output = ""; $_cps = []; $_len = mb_strlen($string, $encoding); $_c = array_map("ord", str_split(mb_convert_encoding($string, "UTF-8", $encoding))); $_ccount = count($_c); for ($_i = 0; $_i < $_ccount; ) { // utf-8 decoding // 0xxxxxxx if (($_c[$_i] & 0x80) == 0x00) { $_cp = $_c[$_i++]; $output .= chr($_cp); $h++; $b++; } // 110xxxxx 10xxxxxx else if (($_c[$_i] & 0xE0) == 0xC0 && ($_c[$_i + 1] & 0xC0) == 0x80) { $_cp = (($_c[$_i++] & 0x1F) << 6) | ($_c[$_i++] & 0x3F); } // 1110xxxx 10xxxxxx 10xxxxxx else if (($_c[$_i] & 0xF0) == 0xE0 && ($_c[$_i + 1] & 0xC0) == 0x80 && ($_c[$_i + 2] & 0xC0) == 0x80) { $_cp = (($_c[$_i++] & 0x0F) << 12) | (($_c[$_i++] & 0x3F) << 6) | ($_c[$_i++] & 0x3F); } // 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx else if (($_c[$_i] & 0xF8) == 0xF0 && ($_c[$_i + 1] & 0xC0) == 0x80 && ($_c[$_i + 2] & 0xC0) == 0x80 && ($_c[$_i + 3] & 0xC0) == 0x80) { $_cp = (($_c[$_i++] & 0x07) << 18) | (($_c[$_i++] & 0x3F) << 12) | (($_c[$_i++] & 0x3F) << 6) | ($_c[$_i++] & 0x3F); } // fail else { warning("f.url", ["Invalid UTF-8 byte 0x%02X at offset %d", $_c[$_i], $_i]); $_cp = 0xFFFD; // U+FFFD REPLACEMENT CHARACTER } $_cps[] = $_cp; } $_sortcps = $_cps; sort($_sortcps, SORT_NUMERIC); if ($b > 0) { $output .= "-"; } while ($h < $_len) { do { $m = array_shift($_sortcps); } while ($m < $n); $delta += ($m - $n) * ($h + 1); $n = $m; foreach ($_cps as $c) { if ($c < $n) { $delta++; } else if ($c == $n) { $q = $delta; for ($k = 36; ; $k += 36) { $t = $k - $bias; if ($t > 26) { $t = 26; } else if ($t < 1) { $t = 1; } if ($q < $t) { break; } $output .= substr(self::PUNYCODE_DIGITS, $t + (($q - $t) % (36 - $t)), 1); $q = (int)(($q - $t) / (36 - $t)); } $output .= substr(self::PUNYCODE_DIGITS, $q, 1); $bias = self::punycodeAdapt($delta, $h + 1, $h == $b); $delta = 0; $h++; } } $delta++; $n++; } return $output; } Code has to do with IDNs (international domain names) and converting them to/from ASCII representation using an algorithm called Punycode. Which is distressingly complicated.

The immediate derefencing part - getting an array value from an array literal (with either syntax) - requires PHP 5.6 though. In PHP current(array_slice(["B", "KB", "MB", "GB", "TB"], $log, 1))but easier would be using a string. trim(substr(" BKBMBGBTB", 2 * $log, 2))...but then, if I'm doing that, /* 5.6+ */ ("0KMGT"[$log] ?: "") . "B" // same shorthand deal with strings too /* <5.6 */ (substr("0KMGT", $log, 1) ?: "") . "B"That makes use of the fact that "0" == false. ?: is short for $a ? $a : $b (since 5.3) so if there was a gun to my head and I had to write for PHP ($log ? substr(" KMGT", $log, 1) : "B") . "B"Or, you know, one of a billion other ways of making this unreadable. Hopefully obvious disclaimer: don't actually do any of this stuff in real code

Ah, forgot you can't log(0). return round($bytes / pow(1024, ($log = min(floor((float)$bytes == 0 ? 0 : log(abs($bytes)) / log(1024)), 4))), $precision) . ["B", "KB", "MB", "GB", "TB"][$log];

Short, you say? function format_bytes($bytes, $precision = 2) { return round($bytes / pow(1024, ($log = min(floor(log(abs($bytes)) / log(1024)), 4))), $precision) . ["B", "KB", "MB", "GB", "TB"][$log]; }

-10 points from Slytherin for that awful code. function forum_number_format($number, $decimals = 2) { if ($number > 1e12) { return round($number / 1e12, $decimals) . 't'; } else if ($number > 1e9) { return round($number / 1e9, $decimals) . 'b'; } else if ($number > 1e6) { return round($number / 1e6, $decimals) . 'm'; } else if ($number > 1e3) { return round($number / 1e3, $decimals) . 'k'; } else { return round($number, $decimals); } }Not as "magical" but a helluva lot easier to understand and modify.

Most sites store things like the user ID in the session. It's fine. Mostly you'd only need to worry about storing data that could change, but a user ID wouldn't (shouldn't).

Is there "CAR" anywhere in the element? If not then you'll have to provide that Carolina Panthers CAR mapping somewhere yourself.

Actually that's a "type hint": you're hinting to PHP and other developers what type of argument is supposed to be passed.A type cast is $int = (int)$string;No, it's not necessary, but it's a Good Idea. The anonymous function style it has been becoming more popular over the last year or so, with a couple frameworks designed in a similar style, but like that it's a bit too limiting for my taste.And frankly I don't see what benefit the function and StructureFactory, at least as they currently are, offer over just making a new PDO object: you're still writing the connection information and the name of the PDO wrapper class (ie, the class you use to interact with PDO) directly in your code. I prefer the global configuration/settings style. For example, a JSON file containing { "databases": { "connection1": { "dsn": "mysql:...;charset=utf8", "username": "username", "password": "password", "class": "Something" }, "connection2": { "dsn": "mysql:...;charset=utf8", "username": "username", "password": "password", "class": "Foobar" } } }and abstract class Db { protected $pdo = null; protected function __construct(PDO $pdo) { $this->pdo = $pdo; } public static function get($name = "default") { // somehow get the information from the configuration file // probably a class somewhere to help with this $info = Configuration::get("databases", $name); if (!$info) { throw new Exception("No database configuration for {$name}"); } $pdo = new PDO($info["dsn"], $info["username"], $info["password"]); $class = $info["class"]; return new $class($pdo); } }(as a rough version - I'd do more, like use interfaces, add some inheritable helper methods...) // the "connectionN" name, which is a horrible name to use, is a fixed value and completely separate from the information $something = Db::get("connection1"); $foobar = Db::get("connection2");The benefit is that while you still have to put the connection information somewhere (obviously), you aren't putting the information in code but rather somewhere that can be easily edited.

The ns1 is probably harmless. Can you get the full XML? That would be really helpful because posting little bits of code here and there doesn't always do the job.

Look in $_SERVER for a request header with the forwarded IP address. There are a couple possibilities. That's the only place to look so if it's not there then you can't get it at all.

What that solution provides is more along the lines of dependency injection than a straight-up factory (though there is often overlap between the two). The anonymous function provides a way of injecting the PDO dependency into assorted classes, but it's still up to you to provide those "assorted classes". In that example code, what you pass to StructureFactory::create() is a name of a class. That class needs to have a constructor that takes a pre-configured PDO object as its only argument. It doesn't have to worry about establishing the connection on its own. class Something { // $factory->create('Something') private $pdo = null; public function __construct(PDO $pdo) { $this->pdo = $pdo; } // methods to do queries and whatever }There would also be a Foobar class along the same lines. The class is responsible for issuing queries through PDO and reading resultsets, that hasn't changed, but now it doesn't need to know connection information. That's a feature of PHP called "variable variables". Basically, in some places you can use a variable's value instead of writing something directly into code.In this case, $name is the name of a class and PHP will instantiate it as if you had written return new Something or return new Foobar.

Typo in the XML? Maybe a opening tag that was supposed to be a closing tag? The full XML, including SOAP markup, would help.

SMART tests the disk itself. It has nothing to do with partitions.

Thinking it came from you and knowing it came from you are two different things. In the first case OP knows it came from him. In this new case it does not. That's all I said. You heard it here first, folks: $value = "123"; echo $value;is unsafe. Then that's not a hard-coded value and, thankfully, doesn't apply to what I said. There wasn't a vulnerability before. They introduced it by using user input without validating it, which is where it needs to happen anyways because in "my" code it's too late to react properly to the bad value - all I can do is fail.If I can't trust the developer then all hope is lost. Or my life would be a nightmare because I'd have to second-guess everything. Could they hardcode a malicious value? Yes. Could I take precautions? Sure. Could they simply circumvent those precautions instead? You bet. Forcing to int or JSON-encoding doing something else explicitly would be a good idea. Exactly: JSON. Oh. Right. That debate...

You don't need to whitelist your own code so that it can work with itself. A whitelist is about permitting unknown input. Something coming from a user. Or really something that you aren't coming up with by yourself. That's the whole point: you don't know what input you may get so you need to be restrictive about what you allow. But your own code? You wrote it. You don't need to validate the variable that you yourself literally just set.

How do YOU want it to look? You can't tell PHP to make it display a certain way until you can decide what that certain way should be.

The user may have selected multiple values. How would you want, say, 10 values appear? Comma-separated? Bulleted list? If you can answer that then all you have to do is write the code to support it.

Checking if the host string is another string is not the same as checking if the string contains another string. strpos And you should be using HTTP_HOST instead of SERVER_NAME. The former is the actual hostname used in the URL while the second is the name configured in the server. They don't necessarily match (though they often do).

I'm glad we knew exactly what was wrong and how to fix it, but really the thanks goes to you and your exceptional explanation of the problem.