.jpeg.8ec67f371e1ef4cde740f60480786a37.jpeg)
phppup
-
Posts
862 -
Joined
-
Last visited
-
Days Won
1
Posts posted by phppup
-
-
@Barand didn't know that.
I'll try it next time. Easier than twisting the phone sideways too.
Overall, code has been less problematic (except for this anomaly).
Hope things have been well with you. New "official" holiday today: Juneteenth.
No other news to report.
-
@Barand I do.
Maybe my screen just isn't big enough, but that's how I get the quote option.
-
Quote
var inputs = document.getElementsByTagName('input');
for(var x= 0; x< inputs.length; x++) {
if(inputs[x].type == 'checkbox') {alert(inputs[x].id);
//Create the variable
var dee = inputs[x].id;var chosen = document.getElementById(dee).checked;
//Do new stuff FAILS at this point UNLESS variable dee is hardcoded with an actual element ID.
[Ironically, there are only 2 checkboxes to be assessed, but I thought that this method of coding would "save time" (rather than hardcoded coding)... LOL
Of course, it's always good tho learn (at least that's what THEY tell me.]
Quoteshould be using the Code <> button when posting code instead of the Quote " button
I would if I could.
But when I access from my very very smart phone, the quote is the only available option that resembles <>
-
RE-POSTED for clarity and errors
** Ignore the TWO previous similar postings **It originates from in the beginning of a FOR loop and I then rename it to use within the same loop.
At it's inception
Quotefor ( yada yada yada.....) {
alert (loop_item[x]); //displays XYZ4
var dee = loop_item[x];
alert(dee); //displays XYZ4
And I expected dee to work as described.
What exactly is a "proper variable"? What would make it improper?
Note: when posting code that contained [ ] and lowercase i
the code showed incorrectly and altered text to ITALIC.
Mgmt may want to address this.
-
My problem amounts to tryong to get element using a variable's value instead of a hardcoded name.
This works
Quotevar chosen = document.getElementById("XYZ4").checked;
But this has been problematic
Quote//other code that produces
result = XYZ4;
var dee = result;
var chosen = document.getElementById(dee).checked;
I've tried an exhaustive array of variations with single quotes, double quotes, and + sign combinations, but seem to be missing the bullseye.
How can I insert the variable so that var chosen is viable?
-
I stayed surfing the web again (someone should unplug that thing) and went down the rabbit hole, again.
Quote//header("Content-Type: image/jpeg");
//header("Content-Transfer-Encoding: binary");
readfile("1a.jpg" , "r");The code above displays lines of character text.
Uncommenting the two header lines created a black screen with a black outlined square.
How can I get a the image to display?
Can I use this method to display multiple images?
Will this provide a layer of security by eliminating a visible url to the image?
-
Either the code or it's creator needs to take a nap.
I get cranky when I'm hungry.
Empathetically, I accessed some code this afternoon that had worked fine 2 months ago. But this afternoon it was obstinate about running.
It took 3 hours before I discovered that TWO conditional statements had been removed with comment tags.
That darn code must've gotten active after I tucked it in and turned out the light.
There's no other rational explanation.
Pleasant dreams.
-
You need to understand what your code is saying.
The first version says: attempt this, attemp that, try to send mail, try going to the Thank You page.
There are no indications or notifications of which success and which fail.
The alternate version directs the process to EITHER go to the Thank You on success, or indicate failure.
It's safe to safe the email is FAILING in all attempts.
You just don't restrict it from going to the Thank You page on the first version.
I would hardcode and see where that takes me. Also don't forget my initial statements about spam filters.
I'm not familiar with PHPmailer, but it could be beneficial.
-
@kicken Using file_get_contents($image)
gave me a page with characters and LOTS of black diamond-question marks.
That's what got me into this mess, and lead me down a path that had suggestions on the WWW to use everything from decode_base64/encode_base64 to bin2hex etc.
I think all my images are now inverted, upside-down, and mixed between Latin, Arabic, and Japanese characters. LOL
It seemed like a good idea at the start.
Maybe I'll just back away from the path verrrry slowly.
-
Take a break and get back to basics.
Did you try @gw1500se suggestion?
Add $state= "Test state";
one line above the culprit code line
if the email is successfully processed with that text value, then you can resolve the issue with a comparison condition afterward.
-
In your HTML, the drop-down for states which provides the value for $state is DISABLED.
Why?????
-
I would hardcode the troublesome header and see what happens.
Maybe the code doesn't like something in
$headers = "From: $email_from" . "\r\n";
PS: I did notice the command sending the user to the "Thank you" page. You could expand it and do something like
Quoteif(mail(.... blah, blah...) {
header('Location... blah blah
} ELSE {
echo "Message failed. Try again";
}
Gotta go get a COVID shot. Good luck.
-
Then we did it?
Hurray!! Glad we could help.
(Don't forget to remove or comment hide the error reporting)
-
If you put the first few words of a notification into a search engine, you can generally begin to find an understanding (and hopefully a solution).
The last item of the message that provides "line #" is referencing the line in your CODE where the error occurred. (Taking into account that sometimes the error existed but didn't cause a problem until this point, the line number is accurate.)
Depending on your code editor, the line numbers are available, although counting to line 21 isn't nearly as difficult as finding line 642. LOL. (an empty line is still a counted line)
Make sure to eliminate the error initiation code BEFORE going live. It gives too much information to a user if displayed at an inopportune time.
I'll take another look at your code, but beyond this point, there are other people here that would be more capable than myself.
-
Do you want this??
print_r($array_name);
-
As previously mentioned, YES, place some functional validation to determine IF the system sent the email.
Something like
Quoteecho "Your message was sent";
} else {
echo "Something went wrong";
This will not only help you during development, but also benefit the user when operational.
And, as often recommended, turn on ERROR REPORTING by placing this immediately after your opening PHP tag <?
Quoteini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);
(if you haven't used this, just do something blatantly wrong and then run the page to see the result)
** Remove it BEFORE production **
Aside from your CODE, other variables can be in-play with email. Spam filters are notorious for creating issues.
If you're sending and receiving identical messages repeatedly, the safety net may outsmart itself and cause you an issue.
I've personally had emails take hours until being released by the server. Or tested soooo many times that a failure/spam designation stopped everything.
My suggestion: if the code is good, send an email to an outside address and confirm it to another (with a subject line that does NOT contain "test" or "sample" etc). - EVERYTHING has to 'appear' to be "real/valid" communication.
Once you've established that messages are being sent and received adequately, then you can gingerly tweak the settings (with a degree of confidence).
-
7 hours ago, kicken said:
If you wanted you could opt to render it as a string of 1s and 0s.
...and there's nothing preventing you from interpreting the same data in multiple different ways...
@kicken Thanks for clarifying that for me.
Thankfully, my understanding wasn't/isn't that far off, although my terminology may have been a little murky.
So how can I display an image as just 1s and 0s in a browser?
And to my REAL question, what is the preferred/default method of interpretation for PHP?
(Am I correct that images are essentially meaningless to PHP for display purposes?
ECHO $img; is worthless [until HTML intervenes to help translate with an <img> tag]
It's like a memo being passed thru the United Nations assembly. It is written in plain English, but the note needs to be interpreted depending on the recipient. And for some, the message will never be clear. [No political innuendo intended. LOL])
So what is being displayed from the
file_get_contents($image)
result?
-
1 hour ago, requinix said:
This is a really, really basic and fundamental question about what files are and what file_get_contents does.
Unfortunately not a single search result had offered a sentence that elaborates to say "...displays the contents in language XYZ."
Nor does any site elaborate on that manner regarding "creating an image", "image code", et al.
I assume it all begins with binary, but references to hex, base, etc. seem almost arbitrary without a foundational resource.
Quoteup to your neck......
Ya got that right.
But i think I've been understanding and learning more, thanks to the help I've gotten here.
At this point "the forest" will probably take care of "the trees" since I'm hopefully disarming ill-intended code with other measures already.
This "last thought" seemed like a reasonable idea, if for no other purpose, than to alert me of a potential attack (rather than actually prevent it).
-
But might it be a start?
Stopping even a single 'bad actor' seeems worthwhile.
Still, if I
echo file_get_contents($image_path);
what am I seeing?
ASCII? Hex? Other?
How do I clean it up to view it properly (in its entirety)?
Is it the same for jpg , png, bmp, etc?
-
Quote
I don't know how any of that would help - at least not in an automated way.
Does someone like this
Quote$imageFile = file_get_contents($image_path);
$dangerousSyntax = ['<?', '<?php', '?>'];
$error = '';
foreach($dangerousSyntax as $value) {
$find = strpos($value, $imageFile);
if( $find == true ) {
unlink$image_path);
$error = 'Found dangerous code in image';
}
}
//$error could be used to determine other actions that would follow
seem like a practical and effective effort?
Limitations? Potential problems?
Sensible?
-
@requinix THANK YOU.
Very enlightening.
I think I have most precautionary measures covered adequately, but the more I read, the higher my stress level climbs.
Granted there are some articles/blogs that are just inaccurate, misleading, or completely wrong; and I thank you for helping me sort them out from the valid resources and information.
I've seen recommendations to encode images to base64. Or decode to hex. Or transform into a string. All suggesting that analyzing the file in this way could facilitate in detecting hidden scripting: Are any of these ideas worth considering? Effective?
And then I stumbled across blobs, but thankfully, I don't see that as my preferred pathway.
-
Quote
<button type="button" id="uploaad">upload</button>
id = "uploaad" ????
Did you want TWO letter AAs?
Easier to fix it now before problems (if it was a typo).
-
I've been surfing the web and reading various articles, and probably have more questions than answers, so any guidance or direction to resources will (hopefully) be useful.
I'm trying to connect the dots to more adequately understand the security issues within uploading image files.
From its inception, light hits a camera sensor and an image is created. Is it in binary form? ASCII? Other?
Now suppose additional code is added to the image. (For this example, let's say it's a simple script that says Hello - which I suppose would STILL be considered malicious).
If it's simply placed into the image code, how can I open the image (as the recipient) to see the code in its TEXT form?
(I'm assuming that the code would need to be activated either by clicking the script or calling the code in order to actual function)
And if the code is hidden or camouflaged by using an alternate character set, how would it be translated from the unnoticeable character set into something more meaningful in order to perform?
-
I guess it depends on what is being examined (and retained) by imagecreatefromjpeg().
Surely it's examining more than just the file extension to determine whether true or false.
And if an image does PASS (as true) but contains malicious code, is it nullified?
Suppose I take a 10 kb jpeg and incorporate 1 MB of evil scripting. The uploaded file is now the size of that sum, right?
What size will it be after running through imagecreatefromjpeg?
Does the process evaluate the file and eliminate/erase/void pieces that are not color/image related??
(Maybe I should learn to hack so I can test it myself, LoL)
Using variable to getElement
in Javascript Help
Posted
Ummm, back to my original posted question, maybe, please.
PS: toolbar looks awesome.