kicken

No, forward proxy using ProxyRequests On and CONNECT to handle https. For example: <VirtualHost *:443> ProxyRequests On <Proxy *> AuthType Basic AuthName "Proxy" AuthUserFile /var/www/.htpasswd AuthBasicProvider file Require valid-user </Proxy> </VirtualHost> Then you configure your browser to use the proxy and just browse normally.

Setting up an actual proxy and configuring your browser to use it would be simpler if you can manage it. This is what I did ages ago when attending some college classes and their wifi was blocking various sites I wanted to use. I setup apache at home as a HTTP proxy and while on campus configured Firefox to use it. Otherwise, just capturing the mime type sent by the original server is really what you should do, rather than trying to determine the mime type later on.

There's nothing wrong with using query parameters. Trying to avoid them for the sake of having a "pretty" URL is silly. If you really want pretty URLs, use mod_rewrite to get something like example.com/order/123456/complete or whatever. In your case, there may be nothing wrong with it. A user isn't likely (or maybe even able to) process two different orders at the same time in different tabs. That multi-tab action is where using the session to pass data around can become a problem. As an example of what not to do, I work on a system for a school where staff search for students and then "open" their student record. Opening the record stores the student's ID in the session and takes them to a page showing various details and links to reports. With modern tabbed browsing it's easy to open different students in different tabs messes up the state of previous tabs. For example, opening student B in a new tab, the going back to the previous tab where you had student A opening and clicking the link to view their class schedule would end up showing student B's schedule rather than student A's schedule as expected. So when determining when you can use the session to pass data, you need to consider that kind of multi-tab interaction and whether it might cause problems. My general rules for storing data in sessions is the data must be either: Be related to the entire session, regardless of how many tabs/windows a user has open. Things like the active user, shopping cart details, site preferences, etc. Be short-lived temporary data that's used then removed in the next request. For example, I have flash messages on the site so after saving a DB record I add a "Record saved successfully" message to the session and redirect back to the list. The list page displays that message then removes it from the session. From the sounds of it, your situation doesn't really meet either of those parameters, so I wouldn't use the session. I'd stick the order number in the URL as a parameter and pass it along in the image URL as well for the readfile script. Eliminates and potential session issues and makes the code more standalone/reusable (ie, you could maybe reuse the page in a "Past orders" view).

I assume you're talking about the Expires: header, that comes from session_start(). By default enabling sessions will attempt to disabling caching which is done by marking the page expired and setting the Cache-control / Pragma headers.

This is where that ?? operator you tried earlier would come in. It will prevent that error from occurring by providing a default value if the variable isn't set. You can also avoid the if using && if you wanted, though one could argue over which is better from a readability standpoint. ($_SESSION["username"]??'') != 'admin' && exit;

There may be conversion processes for specific cases, but there isn't a general conversion process. The docblock annotations where not any kind of standard/official thing, just a popular idea that people copied. Each specific implementation will have it's own requirements when it comes to converting them to an official PHP attribute implementation or vice-versa.

Uploaded files are in $_FILES, not $_POST.

UPDATE / DELETE queries don't have a result set, as such mysqli_query will just return true/false to indicate whether the query was successful or not. There's nothing to fetch so no reason to use mysqli_fetch_array. By returning the result, I mean those methods could have just been: public function deleteCategory($id) { return mysqli_query($this->conn, "DELETE FROM top_categories WHERE top_cat_id=$id"); } mysqli_query will return true or false. Adding the variable and if branch to check if it's true, just to then return true if it is, is entirely unnecessary.

It's been a long time since I compiled PHP, or anything really, but if it's setup to use pkg-config then I presume what you'd do is use PKG_CONFIG_PATH to point to a location for your special version of curl. Something like PKG_CONFIG_PATH=/path/to/curl ./configure --with-curl The actual path you use may be different, it needs to point to the .pc file with the curl configuration information.

Your file should be named with a .php extension, not .html. You need to load the file via the web server, not by just double-clicking on it to open it in windows. Open your browser and load the url http://localhost/index.php

They execute a SQL Query by calling the mysqli_query function. The variable holds the result of whether that query was executed successfully or not (true/false). The variable and if/else statements are unnecessary, they could have just returned the result of mysqli_query directly instead.

It would help if you indented your code properly. Let's look at that area with some better indentation. public function submitPost($body, $user_to){ $body = strip_tags($body);////Removing HTML TAGS $body = mysqli_real_escape_string($this->con, $body); $check_empty = preg_replace('/\s+/', '', $body);//delte all spaces if ($check_empty != ""){ //Current Date and time $date_added = date("Y-m-d H:i:s"); //get username $added_by = $this->user_obj->getUsername(); //if user have not a profile send to the none if ($user_to == $added_by){ $user_to = "none"; } ////insert query $query = mysqli_query($this->con, "INSERT INTO posts VALUES('','$body','$added_by','$user_to','$date_added','no','no','0')"); $retured_id = mysqli_insert_id($this->con); //insert notification //Update post count for user $num_post = $this->user_obj->getNumPosts(); $num_post++; $update_query = mysqli_query($this->con, "UPDATE users SET num_post = '$num_post' WHERE username = '$added_by'"); } public function loadPostsFriends(){ Notice how that last } just before the function is indented? That's because it matches up with your if ($check_empty statement and not your function. You're missing a } somewhere in that function body.

It would seem you've been making too many requests so their server has decided to stop serving you. Wait a while and see if it starts working later.

The suggestion is to use command-line arguments rather than prompts. Doing that makes your script more versatile as you don't need to be there to answer questions when it's run. For example, you'd set it up so you can run say: ./update_nextcloud --backup-current --version 1.0 Using a library such as Commando makes this relatively simple. If you have http wrappers enabled, which they usually are by default, you don't need curl, you can just copy. copy("https://download.nextcloud.com/server/releases/nextcloud-{$version}.zip", "nextcloud.zip"); Also, Calling shell_exec to run cd is a bit silly, just chdir().

add var_dump($buffer, $ary); after your call to explode, maybe it'll shed some light on the situation? Is this code being called multiple times? Maybe the first time it has the data like you expect, but the second time $buffer is an empty string.

Much better. As a testament to how bad it was before I didn't even notice it actually had some header text explaining what the input was for before. I thought it was just a completely unlabeled input and submit button and wondered how the f* such a bad UI was ever released lol.

You can use a UNION to combine two queries into a single result set. SELECT 'movie' as type, id, title as label FROM movies WHERE title like 'blah%' UNION ALL SELECT 'actor' as type, id, name as label FROM actors WHERE name like 'blah%' Each query must return the same number and type of columns. If necessary, you can use literal values / NULL to fill out columns that might be irrelevant in one query or the other.

Some places will try and do that by checking the referrer and denying access if it doesn't exist or match the right domain. It's not going to stop anyone with even the slightest determination from downloading your file though. IMO, it's not worth the effort to even try and do something like that. Basic rule of the web is if the browser needs access to the file, then by necessity the user can also download a copy of that file.

Yes, it's a phone app. You scan a QR code and it saves a secret key which the phone then uses to generate codes that the server can verify. It's an implementation of Time-based One Time Password which a lot of places use for Two-factor authentication. Unlike a lot of google stuff, this information isn't backed up to a google account so if you didn't take steps to back it up and move it to a new phone then you've lost the secret key and will no longer be able to generate the needed codes.

The code it's asking for would be from Google Authenticator. You would have set this up previously at some point and should have an entry in the Google Authenticator app providing the code. If you no longer have the Google Authenticator setup you'd have to use one of the other methods I guess. I got the same screen when going to the page to change my password. Entering the code from my Google Authenticator worked fine. I agree the UI for this is kind of crap though. Maybe some template work could help, dunno how hard that'd be to do.

There is almost certainly a better way, but I don't know what's in your include files so it's hard to say exactly what you'd need to do. It sounds like you mostly just have a code ordering problem. The solution is to re-arrange your code in a more functional way. For example, there's no reason you should need to get rid of your header.php file and duplicate the code directly into the other pages. If your header.php file is initializing variables that you need for your redirect code, then the proper solution is to move those initializations somewhere else, such as initializations.php. Then you could order your code like: require 'initializations.php'; if(isset($_POST['add_cat'])) { $cat_obj->add_category($_POST['cat_title']); header("Location: admin/category.php"); exit; } require 'header.php'; //... Also, note the exit; after the redirect. You need that so the page will stop executing and not do anything unintended.

Security is all about balance. You have to have to strike a balance between making the system usable and making the system secure, which means making a determination about how likely it is a particular scenario is. As mentioned, an attacker gaining root access is generally rare. Trying to protect against someone with that level of access severely hurts your overall system usability, so in general that's considered a "game over, hackers won" scenario. Your efforts are better spent trying to prevent that scenario in the first place rather than maintain security in it. The only real thing I can think of that might be helpful in such a scenario is to require a passphrase on boot/startup which must be entered manually by you. That narrows the scenario to the hacker needing to gain root privileges without restarting. The downside to this is that nothing will work after a restart until you are able to login and provide said passphrase, which means you (or someone) has to babysit it pretty much 24/7 or accept downtime. Think about if there's a brief power outage just after you went to bed, your system will be offline until you wake up 8 hours later, notice the problem and fix it. Is all that hassle worth while for protecting a packing slip? I'd say no. Your idea of just storing the data encrypted in the columns has downsides long before this level of problem anyway. You can't effectively query against such encrypted data which can make potential data processing way harder than it needs to be. What if some day you want to see which state/country you do the most shipping to. If all your customers shipping addresses are stored encrypted then you can't just do a simple query grouping by state/country, instead you have to query every row, decrypt every row, and tally it all up. Fine/doable for a one-off reports, less acceptable if you want to get such data more frequently (monthly/daily say). tl;dr, encrypting everyone's data is nice in theory, but not always practical.

Your class definition (class time_counter { ... }) should not be inside your if statement. Move it outside to the top level. There's no reason for it's declaration to be conditional. No processing gets done when you declare the class, only when you instantiate it (new time_counter()). So, declare the class unconditionally, instantiate it conditionally if needed.

You do essentially what you were doing with $dbHandler. You had the right idea, just the wrong details. private static $instance = null; //... public static function getInstance() { if(self::$instance) { return self::$instance; } return self::$instance = new Self(); }

public static function getInstance() { if(self::$dbHandler) { return self::$dbHandler; } return $instance = new Self(); } This code is incorrect. When you first call this function you will return $instance which is an instance of your Database class. Every subsequent time you call it you will return self::$dbHandler which is an instance of PDO. You need to save $instance on the object (ie, self::$instance) and check if that exists and return it. Your self::$dbHandler should just be a normal instance variable ($this->dbHandler) not a static one.