Jump to content

kutchbhi

Members
  • Posts

    22
  • Joined

  • Last visited

Posts posted by kutchbhi

  1. Hello

     

    I am using fpdf to generate pdf files based on certain csv files. Now the client wants certain fields of the generated pdf file to be 'interactive' .

    Is this possible ? Googling about editable (interactive pdf's) only confused me . any help ?

     

     btw by interactive I mean fields that can be typed into directly by the client and then saved into the pdf .

  2. The following query selects the rows that I want to delete-

    select bad_rows.*
         from products as bad_rows
          inner join (
           select pid, MAX(last_updated_date) as maxdate
              from products
               group by pid
                 having count(*) > 1
              ) as good_rows on good_rows.pid= bad_rows.pid
                and good_rows.maxdate <> bad_rows.last_updated_date;
    
    

    Now to actually delete them I tried changing the first word - 'select' to 'delete', but in this case the query seems to run forever and no rows are deleted. Why ?

     

    How else can these rows be deleted?

     

    btw what I am trying to do is get rid of duplicates. the selelct query works just fine in selecting the records, all I have to do is figure out a way of deleteting them

    Thanks

  3. I am building a site that will have a basic form for user submitted content.

    I would like to screen / moderate the content before it goes live. Is there an existing script that can be just plugged in to my code ?

     

    I don't need anything fancy, just a script that would work something like this: load data from a specified table and have a couple of buttons to toggle a columns value from approved to unapproved etc..

     

    Thanks

     

  4. So I have an old bit of database that is inserting data into a table unescaped. Which means quotes are unescaped.

     

    Now I have to do a select with a LIKE comparison on the  data. But since the data in the table isn't escaped, I get no match if I escape the data while selecting. 

    Basically the LIKE comparison takes place between "Tom Clancy's: Splinter Cell%" and "Tom Clancy's: Splinter Cell%"

     

    Now I am not sure how to handle this . Any suggestions please ? 

    $escapedTitle = $db_connection->escape_string($title) ;
    $res = select_sql('products', "product_name LIKE  '" .$escapedTitle . "%' AND subtitle = '" . $db_connection->escape_string($sub) . "'  LIMIT 1") ;
    

    Thanks

  5. This may sound strange, but I really struggle to use ANY php CMS, even though I am fine with frameworks..reason I think is because while using a CMS, I have to google a lot. For every little thing I have to google for several minutes, and keep thinking only if I wasn't using a CMS, I would know exactly what to do...

     

    Now I am building another classified like site, a site that could really benefit from a CMS . But I am wary of giving wordpress another try, since I know I'll spend more time googling than coding.

     

    So if anyone understands my predicament and can offer some suggestions OR knows what I am doing wrong and can suggest a suitable CMS ?

     

    btw I am VERY comfortable with coding in php, its just that CMS seem to require more research than actual coding..

     

    Thanks

     

  6. My aim is to really understand what a framework does behind the scenes. Don't worry I am not trying to write my own, but I really want to understand a framework..

     

    I tried going through the source of a few, and even though I understood what the individual lines were supposed to do, I couldn't quite get the 'logic' of the app. Any suggestions on how to 'read' code ? 

     

    Any other resources that may help me in knowing how/what  framework does?

     

     

    Thanks

     

  7. $mail_headers = imap_headerinfo($inbox, $emails[0]);
    $head = imap_fetchheader($inbox, $mail_headers->Msgno, FT_INTERNAL &  FT_PREFETCHTEXT );
    $mail_body = imap_fetchbody($inbox, $mail_headers->Msgno, '1', FT_INTERNAL);
    // file_put_contents('spotify.csv', $mail_body) ;
    print_r($mail_body) ;
         
    

    I am trying to read a message from a pop3 email account. the email which contains a csv file as text, 

     

    When I try to print_r the email_body it contains more new lines than what it had originally. My guess is that the imap_fetch functions are inserting newlines inside the text (to make it readable).

     

    How do I prevent this ?

  8. When I do like this  

    $category = $dom->createElement('CATEGORY') ;
    $catName = htmlspecialchars_decode(str_replace('-', '>',$CategoryName )) ;
    $category->setAttribute('name', $catName  );
    

    I get a > instead of a > . am I doing something wrong ?

     

    also right now I am just using a str_replace on the whole file that works..but not sure if its ok.. 

     

  9. I am looking at an xml that has the greater than sign inside the attribute value.

     

    <CATEGORY id='163' name='Toys > Other '></CATEGORY>

     

    My job is to create a similar xml where the > sign exists inside the node's attribute value ? is this possible ? how ?

     

    I tried this:

     

    $catName = htmlspecialchars_decode(str_replace('-', '>',$CategoryName )) ;

     

    but it just encoded the > into > .

     

    Thanks

  10. Trying to post to this page here:

     

    How it works: The form has several hidden fields, one inputs value is generated randomly each time. So had to parse the page(using simple html dom) to get that. Then using firebug, found other input fields that were 'generated'(fetched?) with javascript. Used cookiejar and cookiefile to keep cookies between sessions.

    But the end result is that it isn't posting. It just echoes the form page.

    The code:

    <?php
        include("includes/simple_html_dom.php") ;
        define("WEBBOT_NAME", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1");
        define("CURL_TIMEOUT", 25);
    
    function get_initial_page($target)
        {
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $target) ;       // Target site
                  
            curl_setopt($ch, CURLOPT_COOKIEJAR, "C:/cookie-lawyer.txt"); //CHANGE THIS 
            curl_setopt($ch, CURLOPT_REFERER, "www.google.com");  
            curl_setopt($ch, CURLOPT_TIMEOUT, CURL_TIMEOUT);    // Timeout
            curl_setopt($ch, CURLOPT_USERAGENT, WEBBOT_NAME); 
           // curl_setopt ($ch, CURLOPT_POST, 1);
           //  curl_setopt ($ch, CURLOPT_POSTFIELDS, "username=kutchbhi&password=rem0te&autologin=1&hideonline=1&redirect=&login=Log in" );
            
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);     // Follow redirects
            curl_setopt($ch, CURLOPT_MAXREDIRS, 4);             // Limit redirections to four
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);     // Return in string  
            $curled_page = curl_exec($ch);
            curl_close($ch);
            return $curled_page ;
        }
        
        function post_with_curl($target,$ref, $name ,$viewStateValue )
        {
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $target) ;       // Target site
                  
            curl_setopt($ch, CURLOPT_COOKIEFILE, "C:/cookie-lawyer.txt"); //CHANGE THIS 
            curl_setopt($ch, CURLOPT_REFERER, $ref);  
            curl_setopt($ch, CURLOPT_TIMEOUT, CURL_TIMEOUT);    // Timeout
            curl_setopt($ch, CURLOPT_USERAGENT, WEBBOT_NAME); 
            curl_setopt ($ch, CURLOPT_POST, 1);
            curl_setopt ($ch, CURLOPT_HEADER, 1);
            switch ($target)
            {
                case "http://198.173.15.31/V2/COUNTY/Default.aspx":
                // echo "targe found" ;
                $postfields = array("__EVENTTARGET" => '' , "__EVENTARGUMENT" => '' , "__VIEWSTATE" => $viewStateValue , "__VIEWSTATEENCRYPTED" => '' , 'ctl00$ContentPlaceHolder1$NameSearch1$CompanyNameTextBox1' => $name , 'ctl00$ContentPlaceHolder1$SearchButton' => 'Search Now'  ) ;
                curl_setopt ($ch, CURLOPT_POSTFIELDS, $postfields );
                break ;
            }
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);     // Follow redirects
            curl_setopt($ch, CURLOPT_MAXREDIRS, 4);             // Limit redirections to four
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);     // Return in string  
            $curled_page = curl_exec($ch);
            curl_close($ch);
            return $curled_page ;
        }
    
                   $viewStateValue = "" ;
                   // $url = "default.htm" ; $formPage = file_get_html($url) ; 
                    $url = "http://198.173.15.31/V2/COUNTY/" ;  
                    $curled_page = get_initial_page($url) ;              
                    $formPage = str_get_html($curled_page) ; 
                  
                    $viewState = $formPage->find('input[id=__VIEWSTATE]') ;
                    foreach($viewState as $theState)
                    {
                     //   echo "found viewstate"  ."<br>";;
                        $viewStateValue = $theState->value   ;
                      //  echo $viewStateValue  ."<br>";;
                    }
                   // echo $viewStateValue ;
                   $resultPage = post_with_curl("http://198.173.15.31/V2/COUNTY/Default.aspx","http://198.173.15.31/V2/COUNTY/", "jenna" ,$viewStateValue ) ;
                   echo $resultPage ;
    ?>
    

     

    the contents of the cookie file:

    # Netscape HTTP Cookie File
    # http://curl.haxx.se/rfc/cookie_spec.html
    # This file was generated by libcurl! Edit at your own risk.
    
    #HttpOnly_198.173.15.31	FALSE	/	FALSE	0	ASP.NET_SessionId	fxr0bu45fvme0wbv4t5u0k55
    

    can someone kind have a look ? is it because of the javascript generated input fields? My guess is that the cookies are not being maintained within sessions.

     

    Thanks

     

  11. I have simple script here that uses curl to post to a few forms and send receive cookies.

    Now whenever I run the script it takes 10 seconds for the whole process to finish . Is it possible to reduce this time whenever the script is run the second or third.. time. 

    my english is poor , i am having difficulty in putting words to what I want to say... But what I want is for the script to somehow use the previous cookies , detect if they are expired and then do things accordingly(run only the last block of code , if cookie hasn't expired) .

     

    How do I go about doing this ? any suggestions ?

     

    Thanks

    The script:

    <?php
    
    //Create File
    // $ckfile = tempnam("","testfile.tmp") ;
    $ckfile = "testFile.tmp";
    $ourFileHandle = fopen($ckfile, 'w') or die("can't open file");
    fclose($ourFileHandle); 
    
    
    //goto home page , to get initial cookies (not required the second time)
    $ch = curl_init ("http://pericles.ipaustralia.gov.au/atmoss/falcon.application_start");
    curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile); 
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
    $output = curl_exec ($ch);
    
    ////click on enter as guest. and post the info from te form.
    $ch = curl_init ("http://pericles.ipaustralia.gov.au/atmoss/Falcon_Users_Cookies.Run_Create");
    curl_setopt ($ch, CURLOPT_COOKIEFILE, $ckfile);
    curl_setopt ($ch, CURLOPT_POST, 1);
    curl_setopt ($ch, CURLOPT_POSTFIELDS, "p_JS=N&p_Anon=ANONYMOUS&p_user_type=Enter as Guest");
    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
    
    curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile);
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
    $output = curl_exec ($ch);
    
    //open the search page. 
    $ch = curl_init ("http://pericles.ipaustralia.gov.au/atmoss/Falcon.Search_Screen?p_search_no=0&p_SearchLevel=FULL");
    curl_setopt ($ch, CURLOPT_COOKIEFILE, $ckfile);
    
    curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile); 
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
    $output = curl_exec ($ch);
    
    //search on the search page.
    $ch = curl_init ("http://pericles.ipaustralia.gov.au/atmoss/Falcon.Result");
    curl_setopt ($ch, CURLOPT_COOKIEFILE, $ckfile);
    
    curl_setopt ($ch, CURLOPT_POST, 1);
    curl_setopt ($ch, CURLOPT_POSTFIELDS, "p_partword_1=nice");
    curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile);
    curl_exec ($ch);
    
    //fclose($ourFileHandle); 
    
    
    ?>

     

    Also for some reason the cookie file ends up being a zero byte file. any one know why

  12. Question:

    I have this:

    $fileName = $_FILES['image1']['name'];
                                    $tmpName  = $_FILES['image1']['tmp_name'];
                                    $fileSize = $_FILES['image1']['size'];
                                    $fileType = $_FILES['image1']['type'];
    uploadfile() ;
    echo "<br>File $fileName uploaded<br>";
    
    

    in this case does fileName needs to be escaped with htmlspecialchars ?

  13. I have made a classified website. it works and I am proud of it. But as far as securing it goes, I have done almost nothing and I am sure, if in case the site becomes popular, it would be compromised with ease.

     

    So I have started reading a book ' essential php security' and am reading several articles on php security online , but am still unable to wrap my head around the whole security issue. :(

     

    Can someone help me ? there are a lot of unfamiliar topics, filtering, escaping , validating, session hijacking etc etc and it all goes over my head.

     

    Its a classified website , considering this on what should I concentrate on as far as security goes ? 

    btw what I have managed to do is use mysql_real_escape_string on every var going into a mysql $query.

     

    Thanks

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.