Jump to content

kicken

Gurus
  • Content Count

    3,525
  • Joined

  • Last visited

  • Days Won

    90

Everything posted by kicken

  1. kicken

    How to access symmetric key?

    I'd log whatever I see across the socket. For example: public function read(){ $data = fread($this->socket, 8192); $this->logger->debug('Socket data read: {data}', ['data' => $data]); return $data; } public function write($data){ fwrite($this->socket, $data); $this->logger->debug('Socket data written: {data}', ['data' =>$data]); } The idea is just to have a record in case it is needed to debug a problem. If the data being read/written was binary rather than plain text, then I'd either base64_encode or bin2hex it first. Higher levels of the app would have additional logging. For example whatever code parses the raw data into some useful data structure may then log the result of that parsing. I have not. Like I mentioned above though, for non-string data you can always encode it before printing. bin2hex is nice for as you can easily inspect and compare individual bytes of data. it doubles the size of whatever data you're logging though. base64_encode uses less space and can compare whole values easily, but requires decoding to do detailed comparisons.
  2. kicken

    How to access symmetric key?

    The easiest solution if you need to view the traffic would be to either disable encryption or pass the traffic through a proxy that can log the traffic then pass it on. Alternatively, modify your code to log traffic it sends/receives across the socket. I usually include some sort of raw traffic logging ability in things I develop for easy debugging.
  3. kicken

    Returning before complete

    The reason for your observations is that calling the write method doesn't immediately send the data over the wire. Instead it just adds it to the write buffer which will then be flushed to the socket at some point in the near future, probably on the next loop tick. So what you would need to do is find a way to wait until you know the write has gone through before you start your long operation. Unfortunately I don't think react has a nice way to do this. The only way would probably be to just set a timeout on the loop to run your operation after a seconds delay or similar.
  4. kicken

    File permission issues

    I'd assume when creating a new file/directory the system only consults the immediate parent when checking if the set-guid bit is set. As such, having it set at a higher level isn't going to make a difference. You could recursively set it using the -R flag like you did in the previous commands, but that would set it on files too which you probably don't want. You can use find to set it on just the directories within a given path. That'll get it applied to everything currently existing and then new stuff in the future should properly inherit it. find /var/www/~/storage -type d -exec chmod g+s {} \;
  5. kicken

    PHP Templating

    It's possible for $_SERVER['DOCUMENT_ROOT'] to not be what you expect, but unlikely. Any issue with it would likely be due to a server configuration issue rather than an attempted attack most likely. dirname(__FILE__) can be replace by __DIR__ since 5.3. @PrinceTaz, create yourself a single file such as common.php that you can include into all your pages. That file can then take care of setting up your environment for your scripts such as setting the include path, defining the path to your files, etc. For example: <?php set_include_path(__DIR__.'/templates'); function render($__template, $__vars){ extract($__vars); require 'header.tpl'; require $__template; require 'footer.tpl'; }; Then in your individual page files you can use __DIR__ to build a path to that common file and include it. With the include path then configured, everything else can be included with a simple relative path. Given a directory tree then such as: | common.php | +---public_html | about.php | index.php | \---templates | footer.tpl | header.tpl | +---about | index.tpl | \---home index.tpl Then your index.php page could be: <?php require __DIR__.'/../common.php'; render('home/index.tpl', ['PageTitle' => 'Home']); And about.php page could be: <?php require __DIR__.'/../common.php'; render('about/index.tpl', ['PageTitle' => 'About me']);
  6. kicken

    File permission issues

    Maybe I just don't understand it well enough, but I've always felt like the traditional linux file permissions system became inadequate quickly. I have all my servers setup now with PHP-FPM and a separate pool for each user. Each site is configured to use the pool for which ever user owns that site so permissions mostly become a non-issue. The user PHP is using is the same as the user for SSH, SFTP, etc. Possibly not the most secure solution, but it's much simpler to setup and deal with. Regarding your issue, there are a couple things to note regarding the set-guid bit on directories. You only show applying g+s to the /var/www/~/storage/ directory, but it appears you have an uploads directory under that. Was that directory already there? If so, you need to apply the bit to it as well. Likewise with any other pre-existing directories that you want to have the bit set. You can't just apply it to a point in the path and have it automatically affect everything under that point. The uploaded temporary file is going to be owned by apache. Just moving it over to your storage directory won't change that. You'll have to copy it instead, which may be undesirable as it could be slow, particularly for large files. Alternatively, since you made apache part of the ssphpd group you could just chgrp the file after moving it. Likewise with the directories after making them.
  7. kicken

    Simulating $_FILES array

    If you need the information in that format then you'll have to generate it yourself. There's no existing function that does so.
  8. To remove the border, apply the style outline: none; to your audio element. Regarding removing the download option, you can't really.
  9. kicken

    Help with run command from the shell

    add echo $ffmpeg_command; To the code, then copy the command that is output and run that in a shell to test it. Your code has quoting issues though, as it's written above the code shouldn't even run at all. You'd get a parse error. $ffmpegCommand =''.$ffmpeg_b.' -y -i '.$video_file_full_path.' -i '.$watermark_image_full_path.' -filter_complex "[0]scale=426:-2[vid];[1][vid]scale2ref='oh*mdar':'ih/10'[wm][vid];[vid][wm]overlay=5:5:format=rgb,format=yuv420p" -vcodec libx264 -preset '.$pt->config->convert_speed.' -crf 26 -report'.$video_output_full_path_240.' 2>&1'; //--------------^^^ Unnecessary -------------------------------------------------------------------------------------------------------------------------^^^^^^^^^^^^^^^^^ Invalid quoting error --------------------------------------------------------------------------------------------------------^^ Needs a space
  10. kicken

    Optimize My Code

    Your editor probably has a setting to control how wide a tab is displayed as. That's one of the arguments in the tabs vs spaces debate when it comes to indenting code. Maybe your editor displays a tab as 2 or 4 spaces so it looks reasonable but here in the browser it's shown very wide, making it annoying because it doesn't take long for half the line to be empty space. You'll have to decide for your self if you prefer tabs or spaces, just be consistent and configure your editor appropriately. Many coding editors have a tab-inserts-spaces option so you can still hit tab to indent but it'll insert space characters rather than a tab character. A view is a template essentially, just another name for it. You'd move the HTML out of your main code file into it's own file. Limit the PHP usage in your html files to simple echo/conditional/loop statements. Do all your typical logic and processing code in your main PHP file and assign variables as needed for your template, then require whichever template is needed for that branch of code. Your common header/footer html can be in separate files then either required in from either your php code or as part of your template file.
  11. kicken

    Cleaner way to write long operator conditionals

    I tend to break it out into variables as it can help with readability quite a bit by giving a name to a particular condition. For example: $isRequired = $input->isRequired(); $isBlank = is_array($value) ? count($value) === 0 : trim($value) === ''; if ($isRequired && $isBlank){ $Errors[] = $input->getLabel() . ' is required.'; } Each condition now has an easy to understand name making it very clear what exactly is being checked for. There's no need to try and parse the actual conditional code to figure it out. It also allows for easy re-use of a particular condition. $type = $input->getType(); $isRequired = $input->isRequired(); $isBlank = is_array($value) ? count($value) === 0 : trim($value) === ''; if ($isRequired && $isBlank){ $Errors[] = $input->getLabel() . ' is required.'; } else if (!$isBlank && $type === CourseFormInput::SINGLE_CHOICE){ //Check if $value is a valid option } else if (!$isBlank && $type === CourseFormInput::MULTI_CHOICE){ //Check if $value array contains all valid options. } $isBlank can be easily used repeatedly for each branch. If a set of conditions gets particularly complicated or is checked frequently I may just make a separate method for that condition. private function isEmptyInstitution($data){ return !$data['name'] && !$data['address1'] && !$data['address2'] && !$data['city'] && !$data['country'] && !$data['state'] && !$data['start_month'] && !$data['start_year'] && !$data['end_month'] && !$data['end_year'] && !$data['credits'] && !$data['degree']; }
  12. In your array_filter_recursive function this section of code: foreach ($input as &$value) { if (is_array($value)) { $value = array_filter_recursive($value); } } Goes through all the first level $input elements an if it's an array, calls the function again recursively to update it's values. Then this section of the code: return array_filter($input, function($v) { return $v instanceOf ValidatorCallbackInterface; }); Goes through all the first level elements of $input again and checks if it's an instance of ValidatorCallbackInterface. If not, it drops it. Is $input['info'] an instance of ValidatorCallbackInterface? Nope, so it'll get dropped. The only thing in your initial input that would pass that check is $input['singleobject']. If you're going to make a generic array_filter_recursive function you may as well pass in the callback as an argument. Then you'd formulate the function as: function array_filter_recursive($input, $filter) { $newArray = []; foreach ($input as $index=>$value) { if (is_array($value)) { $newArray[$index] = array_filter_recursive($value, $filter); } else if ($filter($value)){ $newArray[$index] = $value; } } return $newArray; } That builds a new array which preserves only the elements where the filter returns true. For array elements it applies the filter recursively. For non array elements it checks the filter function, adding item to the new array only if it returns true.
  13. kicken

    Adjusting font size to fit width of DIV...

    Not with just CSS afaik. It can be done with javascript by measuring the size of the text at different sizes then applying which ever size fits best. There's a library for this called FitText.
  14. kicken

    Am I seeing windmills?!?!?

    If they can get a file on your server with a .php extension then yes, they can run it by visiting the URL. That's not the only way someone could get code to run though. As mentioned, code that include() or require()'s incorrectly could also cause problems, or incorrect usage of eval(), etc. Regardless of the means though, if someone can run code on your server then they can access the information on your server. Hard-coding your credentials wouldn't make them any harder to get in that scenario as the attacker could just echo file_get_contents('database.php'); to dump the source code of your database connection file. The point of using variables/defines for your credentials over hard-coding doesn't really have anything to do with improved security. It's all about configurability and convienence. It's much nicer to have all your configuration parameters centralized in one place rather than spread across several files. That way if things change it's easier to update the configuration.
  15. kicken

    Help With Bash Script To PHP

    If you don't want to expose passwords I'd suggest just not showing them at all. Just show a generic statement or maybe a count of the total passwords found. As far as the script, for PHP you'd scan a directory tree using the RecursiveDirectoryIterator / RecursiveIteratorIterator. It looks like the data may be stored in folders/files based on a prefix of the email so maybe you could just go straight to the file in question by building the file path and checking for it instead using file_exists. Once you have the file(s), you can read them and check each line for the email using substr or explode.
  16. I'd probably just go with essentially option one. I don't see any real benefit to using a shell object. class OptionOne { private $clientList; public function __construct() { $this->clientList = new SplObjectStorage;; } public function clientConnects($stream) { $client=new UnregisteredClient($stream); $stream->setClient($client); $this->clientList[$stream] = $client; } public function clientRegisters($stream, $data) { $client=new NewClient($stream, $data); $stream->setClient($client); $this->clientList[$stream] = $client; } }
  17. You can just re-attach it to change the data, or just use it as an array. //Option 1 $storage->attach($obj, new dataB); $data = $storage[$obj]; var_dump($data); //Option 2 $storage[$obj]=new dataC; $data = $storage[$obj]; var_dump($data); offsetSet is there because SplObjectStorage implements ArrayAccess which means you can just read/write keys like any other array. The offset* functions are not really intended to be called directly.
  18. Does that mean if you access the url http://example.com/public/index.php then things work? If so then you'll either need to re-configure your server so that the document root points to the public folder or setup a .htaccess file in your project folder to redirect requests to the public folder. Otherwise, if you mean adding a different .php file to the public folder and it works but the index.php file does not, then as mentioned above you probably have an error. The best way to find out is to check the error log, either for your server or a separate php error log depending on how it's configured. Create a file that executes the phpinfo() function to see how things are configured.
  19. The values would be coming into PHP as part of the $_POST array so you'd check if they exist there and if so echo the value back out. <?php $count = 10; echo "<tr>"; for($j=0; $j<$count; $j++) { $value = $_POST['reply'][$j] ?? ''; echo "<td> <input type='text' name='reply[]' class='ansbox' value='" . htmlspecialchars($value) . "'></td>"; } echo "</tr>";
  20. kicken

    pass a php array into js

    Trying to inject code directly into JS like in your original post is risky. Someone may be able to use it to inject html/js into the document. The better approach is to insert the JSON data into your HTML document (with normal HTML escaping applied) and then parse it. A hidden input is one way to do that, another way is with a data attribute which is what I typically do (jQuery will auto-parse json data attributes). <script src="/js/something.js" data-rs="[[1,2,3],[2,3,4],[3,4,5]]"></script> var rs = $(document.currentScript).data('rs'); document.currentScript needs to be read during the initial script load, you can't put it in an event handler for example. According to caniuse.com, it also doesn't work in IE. If that's a concern, there are alternative methods / polyfills that exist.
  21. First off, for form fields you use the name attribute to define the name they are submitted as, not the id attribute. Secondly you can't have multiple elements with the same id attribute in html. ID's have to be unique. Once you fix that, then you can either query for them by the name or by giving them all a common class and using a class selector. <input type='text' name='reply[]' value=''> var test_arr = $('[name="reply[]"]');
  22. kicken

    Uncaught PDOException: could not find driver...

    Sometimes there are separate ini files for cli, cgi, and apache modules. The phpinfo() output will also tell you which php.ini file it's looking at so you know which one to edit. Look for a line similar to
  23. kicken

    Uncaught PDOException: could not find driver...

    Create a page with the code <?php phpinfo(); and check it's output for a PDO section. It should show a line saying: If it doesn't, then you haven't loaded the proper extensions.
  24. You can make it a color that's really close to black. For example, rgb(0,0,1); A person wouldn't be able to tell the difference. It's not rgb(0,0,0) though so the browser doesn't change it to the normal disabled gray.
  25. It just looks like part of the animation to me. As the pieces slide together you get a smaller and smaller gap between them. Just before it finishes the gap would only be a pixel or two so it looks some lines.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.