-
Posts
293 -
Joined
-
Last visited
-
Days Won
5
Everything posted by jodunno
-
try removing the received/arrived loop and go back to the basics. An if block or two can go a long way with logic and critical thinking. Let's look at verbose and redundant basic code: <?php $ark = array( '3 cows', '7 fish', '3 cows', '1 cat' ); $received = array( '3 cows', '7 fish' ); $reckoning = count($received) -1; $line = 0; $endOfTheLine = 0; foreach($ark as $expected) { echo $expected; if (!$endOfTheLine) { if ($line <= $reckoning) { if ($received[$line] === $expected) { echo ' ARRIVED!'; $line++; } } else { $endOfTheLine = 1; } } echo '<br>'; } ?> you should see the results that you are seeking. Now you just need to apply that logic to the inner loop to control what is to be expected as an arrival. Best wishes, John
-
I have a weak code injection scanner that was using lines via a generator function that yields each line. I didn't know how to read a file at the time of creation as i am not a programmer yet. Anyway, i decided to try that Blacksmith image and my code reports that extra data was found, which means that php or javascript code was found. I am not sure if it is a false positive or not. I will have to tweak my code to find the exact position of the match and decode it. I may not have enough time to rewrite the function today but i will keep working on it. Just a notice incase the scanner is not a false positive. I wouldn't want anyone to run that image through insecure php code if it really does contain encoded code injection. None of my other images return extra data alerts except for the known injection images, so i find it to be quite interesting.
-
I have the answer. LOL. I thought about it now for two hours and it dawned on me how to erase the thumbnail data from my code. I'm not telling my solution because you have no desire to accept reality that is not your own. The world doesn't need to code the way you code and inaccuarately naming code that does not conform to your ideology as being spaghetti code is downright ridiculous. Spaghetti code is php weaving in-and-out of html like strings of spaghetti noodles. My code is pure php. The added html is for dislay of the memory usage only. Simply remove it and echo memory usage to the screen. 0.0 I doubt that you could fix my code to exclude the thumbnails because you believe that data size is somewhere in the TIFF header. I know where the end can be found and i just watched it disappear from my code with one tweak. It is quite brilliant because most people would not think of it. So my current code displays the same markerids as your code but simpler. I am happy with my code and now i have positions to all of the data as well. I'm moving on from this project now. Best wishes, John
-
I'm not sure how to implement the data length to skip over it in my code but i notice that this data is accurate compared to your data accept all of the data contained in the e1 metadata marker. I looked at my code but adding an echo to see where this data is coming from. I can see that it is contained in the e1 marker. Then my code picks up at e2 where yours picks up at. I'll have to think about how to skip the metadata in e1, i suppose.
-
I don't know if it is accurate. I have not found an algorithm for accurately detecting markers. I only ever read xFF followed by x?? and not null x00 but that is false in code because it detects rescan and restart data and perhaps more! I have a compact camera and i checked a photo from that camera and i am seeing strange markers which lead me to believe that my code is incorrect (ff b5, ff ee, ff dd and so forth). How can i get the accurate markers and not all of the dn rescan markers? what is the algorithm? i found a document that also mentions idf markers and i wonder if the b5 ee dd is idf data. i am getting frustrated. edit: there should not be more than one c0 but my code for blacksmith shows several c0 entries. I sometimes see ff d8 in a scan with this code which seems to be incorrect.
-
I mentioned that my code needs tweaked. Adjust it but at the end of the day, you have too many functions and too much hamster wheeling happening. I prefer a single handler for the markers. Get in, get out and the data is available for analysis (stored positions for gathering the data.) My tweak might be gathering false markers. I have not examined the data at those markers. The Blacksmith image has a ton of markers. mt tweaked code (also checks for null before FF not just following FF) <?php $startMemory = memory_get_usage(); $SID_filePointer = fopen("Blacksmith.jpg", 'rb'); $SID_JPEGmarkers = (array) []; $SID_eoi = 0; switch (fread($SID_filePointer, 2)) { case "\xFF\xD8": // SOI found $SID_JPEGmarkers[] = (array) ['d8' => 1]; while (!feof($SID_filePointer)/*.*/) { $SID_markerID = fread($SID_filePointer, 1); switch ($SID_markerID) { case "\xFF": $SID_nextMarkerID = fread($SID_filePointer, 1); if ($SID_nextMarkerID === "\x0" || $SID_nextMarkerID === "\xFF") { break; } if ($SID_nextMarkerID === "\xD9") { $SID_offset = ftell($SID_filePointer); $SID_thirdMarkerID = fread($SID_filePointer, 1); if ($SID_thirdMarkerID === "\x0" || $SID_thirdMarkerID === "\xFF") { fseek($SID_filePointer, $SID_offset); break; } if (!$SID_thirdMarkerID) { $SID_eoi = 1; } } $SID_JPEGmarkers[] = (array) [dechex(ord($SID_nextMarkerID)) => ftell($SID_filePointer)]; echo dechex(ord($SID_markerID)) . dechex(ord($SID_nextMarkerID)) . ' ' . sprintf("0x%'.08X", ftell($SID_filePointer)) . ' (' . ftell($SID_filePointer) . ')<br>'; if ($SID_eoi) { break(2); } break; case "\x0": $SID_offset = ftell($SID_filePointer); if (fread($SID_filePointer, 1) === "\xFF") { break; } fseek($SID_filePointer, $SID_offset); } } break; default: echo 'The file is not readable.'; } fclose($SID_filePointer); ?> <html> <head> <title></title> </head> <body> <p><?php print_r($SID_JPEGmarkers); ?></p> <div style="background: #ffffff; color: #000000;"><?php echo memory_get_usage() - $startMemory, ' bytes'; ?></div> </body> </html> you could actually be useful in tweaking my code to accomplish what you think is not working rather than insisting on coding it with your idealogy. I think that the tweaked code is not prematurely finding the eoi. But the code is probably reading false markers as it finds a ton of data in Blacksmith.jpg I tweaked my code and it shows the following for Blacksmith image ffe1 0x00000004 (4) ffdb 0x00000140 (320) ffdd 0x000001C6 (454) ffee 0x000001CC (460) ffc0 0x000001DC (476) ffc4 0x000001EF (495) ffda 0x00000293 (659) ffd0 0x0000044F (1103) ffd1 0x000005DE (1502) ffd2 0x0000078C (1932) ffd3 0x00000920 (2336) ffd4 0x00000ABA (2746) ffd5 0x00000C13 (3091) ffd6 0x00000DC0 (3520) ffd7 0x00000FB4 (4020) ffd0 0x0000128E (4750) ffd1 0x000015EA (5610) ffd2 0x00001904 (6404) ffd3 0x00001BB3 (7091) ffd4 0x00001DAD (7597) ffd5 0x00001F51 (8017) ffd6 0x0000204F (8271) ffd7 0x0000211D (8477) ffd0 0x000021FC (8700) ffed 0x000022DB (8923) ffd8 0x00002525 (9509) ffdb 0x00002527 (9511) ffdd 0x000025AD (9645) ffee 0x000025B3 (9651) ffc0 0x000025C3 (9667) ffc4 0x000025D6 (9686) ffda 0x0000267A (9850) ffd0 0x00002836 (10294) ffd1 0x000029C5 (10693) ffd2 0x00002B73 (11123) ffd3 0x00002D07 (11527) ffd4 0x00002EA1 (11937) ffd5 0x00002FFA (12282) ffd6 0x000031A7 (12711) ffd7 0x0000339B (13211) ffd0 0x00003675 (13941) ffd1 0x000039D1 (14801) ffd2 0x00003CEB (15595) ffd3 0x00003F9A (16282) ffd4 0x00004194 (16788) ffd5 0x00004338 (17208) ffd6 0x00004436 (17462) ffd7 0x00004504 (17668) ffd0 0x000045E3 (17891) ffe2 0x000046DF (18143) ffe1 0x00004921 (18721) ffdb 0x00007547 (30023) ffdd 0x000075CD (30157) ffee 0x000075D3 (30163) ffc0 0x000075E3 (30179) ffc4 0x000075F6 (30198) ffda 0x000076BE (30398) ffd0 0x00008DBC (36284) ffd1 0x0000A42C (42028) ffd2 0x0000BAAD (47789) ffd3 0x0000D199 (53657) ffd4 0x0000E7F0 (59376) ffd5 0x0000FDEB (65003) ffd6 0x0001140D (70669) ffd7 0x00012950 (76112) ffd0 0x00013ED0 (81616) ffd1 0x000154A9 (87209) ffd2 0x000169E2 (92642) ffd3 0x00017F3B (98107) ffd4 0x000193FA (103418) ffd5 0x0001A893 (108691) ffd6 0x0001BD88 (114056) ffd7 0x0001D20F (119311) ffd0 0x0001E65C (124508) ffd1 0x0001FA60 (129632) ffd2 0x00020ED1 (134865) ffd3 0x0002238A (140170) ffd4 0x00023930 (145712) ffd5 0x00024E24 (151076) ffd6 0x00026282 (156290) ffd7 0x000276E6 (161510) ffd0 0x00028AD5 (166613) ffd1 0x00029EA4 (171684) ffd2 0x0002B2B8 (176824) ffd3 0x0002C630 (181808) ffd4 0x0002D9C1 (186817) ffd5 0x0002EDBD (191933) ffd6 0x000301A4 (197028) ffd7 0x00031568 (202088) ffd0 0x00032A54 (207444) ffd1 0x00033E82 (212610) ffd2 0x000352E1 (217825) ffd3 0x0003684F (223311) ffd4 0x00037C6E (228462) ffd5 0x00039026 (233510) ffd6 0x0003A491 (238737) ffd7 0x0003B7FA (243706) ffd0 0x0003CB84 (248708) ffd1 0x0003E025 (253989) ffd2 0x0003F3DB (259035) ffd3 0x0004081C (264220) ffd4 0x00041D17 (269591) ffd5 0x000431A8 (274856) ffd6 0x000446D3 (280275) ffd7 0x00045D4C (286028) ffd0 0x0004725A (291418) ffd1 0x000486B4 (296628) ffd2 0x00049BDA (302042) ffd3 0x0004B056 (307286) ffd4 0x0004C554 (312660) ffd5 0x0004DB3B (318267) ffd6 0x0004F0E7 (323815) ffd7 0x000506E2 (329442) ffd0 0x00051EA4 (335524) ffd1 0x000535E4 (341476) ffd2 0x00054DBE (347582) ffd3 0x0005657B (353659) ffd4 0x00057CED (359661) ffd5 0x00059477 (365687) ffd6 0x0005AD39 (372025) ffd7 0x0005C9C3 (379331) ffd0 0x0005E7F8 (387064) ffd1 0x000606AD (394925) ffd2 0x000628A8 (403624) ffd3 0x00064D67 (413031) ffd4 0x0006733E (422718) ffd5 0x00069A78 (432760) ffd6 0x0006C461 (443489) ffd7 0x0006EFAA (454570) ffd0 0x000718D7 (465111) ffd1 0x00073FF1 (475121) ffd2 0x00076644 (484932) ffd3 0x00078CF9 (494841) ffd4 0x0007B2A9 (504489) ffd5 0x0007D426 (513062) ffd6 0x0007F3E8 (521192) ffd7 0x000813E5 (529381) ffd0 0x0008341D (537629) ffd1 0x00085447 (545863) ffd2 0x000875B0 (554416) ffd3 0x000896E0 (562912) ffd4 0x0008B959 (571737) ffd5 0x0008DB57 (580439) ffd6 0x0008FDA6 (589222) ffd7 0x00091F2E (597806) ffd0 0x0009402B (606251) ffd1 0x0009603A (614458) ffd2 0x00097F5D (622429) ffd3 0x00099D30 (630064) ffd4 0x0009B79D (636829) ffd5 0x0009D0B8 (643256) ffd6 0x0009E7FB (649211) ffd7 0x0009FE20 (654880) ffd0 0x000A13FA (660474) ffd1 0x000A2908 (665864) ffd2 0x000A3E2C (671276) ffd3 0x000A541E (676894) ffd4 0x000A692F (682287) ffd5 0x000A7E5E (687710) ffd6 0x000A9425 (693285) ffd7 0x000AA79E (698270) ffd0 0x000ABA70 (703088) ffd1 0x000ACDE5 (708069) ffd2 0x000ADFB9 (712633) ffd3 0x000AF1B3 (717235) ffd4 0x000B0422 (721954) ffd5 0x000B153C (726332) ffd6 0x000B2632 (730674) ffd7 0x000B37DC (735196) ffd0 0x000B4917 (739607) ffd1 0x000B59DD (743901) ffd2 0x000B6BA0 (748448) ffd3 0x000B7C95 (752789) ffd4 0x000B8D4F (757071) ffd5 0x000B9EBD (761533) ffd6 0x000BAFB5 (765877) ffd7 0x000BC03C (770108) ffd0 0x000BD152 (774482) ffd1 0x000BE20A (778762) ffd2 0x000BF29C (783004) ffd3 0x000C035D (787293) ffd4 0x000C1444 (791620) ffd5 0x000C24F4 (795892) ffd6 0x000C35D0 (800208) ffd7 0x000C4699 (804505) ffd0 0x000C57AE (808878) ffd1 0x000C688F (813199) ffd2 0x000C7906 (817414) ffd3 0x000C89A3 (821667) ffd4 0x000C9A7E (825982) ffd5 0x000CAB50 (830288) ffd9 0x000CBC23 (834595) Array ( [0] => Array ( [d8] => 1 ) [1] => Array ( [e1] => 4 ) [2] => Array ( [db] => 320 ) [3] => Array ( [dd] => 454 ) [4] => Array ( [ee] => 460 ) [5] => Array ( [c0] => 476 ) [6] => Array ( [c4] => 495 ) [7] => Array ( [da] => 659 ) [8] => Array ( [d0] => 1103 ) [9] => Array ( [d1] => 1502 ) [10] => Array ( [d2] => 1932 ) [11] => Array ( [d3] => 2336 ) [12] => Array ( [d4] => 2746 ) [13] => Array ( [d5] => 3091 ) [14] => Array ( [d6] => 3520 ) [15] => Array ( [d7] => 4020 ) [16] => Array ( [d0] => 4750 ) [17] => Array ( [d1] => 5610 ) [18] => Array ( [d2] => 6404 ) [19] => Array ( [d3] => 7091 ) [20] => Array ( [d4] => 7597 ) [21] => Array ( [d5] => 8017 ) [22] => Array ( [d6] => 8271 ) [23] => Array ( [d7] => 8477 ) [24] => Array ( [d0] => 8700 ) [25] => Array ( [ed] => 8923 ) [26] => Array ( [d8] => 9509 ) [27] => Array ( [db] => 9511 ) [28] => Array ( [dd] => 9645 ) [29] => Array ( [ee] => 9651 ) [30] => Array ( [c0] => 9667 ) [31] => Array ( [c4] => 9686 ) [32] => Array ( [da] => 9850 ) [33] => Array ( [d0] => 10294 ) [34] => Array ( [d1] => 10693 ) [35] => Array ( [d2] => 11123 ) [36] => Array ( [d3] => 11527 ) [37] => Array ( [d4] => 11937 ) [38] => Array ( [d5] => 12282 ) [39] => Array ( [d6] => 12711 ) [40] => Array ( [d7] => 13211 ) [41] => Array ( [d0] => 13941 ) [42] => Array ( [d1] => 14801 ) [43] => Array ( [d2] => 15595 ) [44] => Array ( [d3] => 16282 ) [45] => Array ( [d4] => 16788 ) [46] => Array ( [d5] => 17208 ) [47] => Array ( [d6] => 17462 ) [48] => Array ( [d7] => 17668 ) [49] => Array ( [d0] => 17891 ) [50] => Array ( [e2] => 18143 ) [51] => Array ( [e1] => 18721 ) [52] => Array ( [db] => 30023 ) [53] => Array ( [dd] => 30157 ) [54] => Array ( [ee] => 30163 ) [55] => Array ( [c0] => 30179 ) [56] => Array ( [c4] => 30198 ) [57] => Array ( [da] => 30398 ) [58] => Array ( [d0] => 36284 ) [59] => Array ( [d1] => 42028 ) [60] => Array ( [d2] => 47789 ) [61] => Array ( [d3] => 53657 ) [62] => Array ( [d4] => 59376 ) [63] => Array ( [d5] => 65003 ) [64] => Array ( [d6] => 70669 ) [65] => Array ( [d7] => 76112 ) [66] => Array ( [d0] => 81616 ) [67] => Array ( [d1] => 87209 ) [68] => Array ( [d2] => 92642 ) [69] => Array ( [d3] => 98107 ) [70] => Array ( [d4] => 103418 ) [71] => Array ( [d5] => 108691 ) [72] => Array ( [d6] => 114056 ) [73] => Array ( [d7] => 119311 ) [74] => Array ( [d0] => 124508 ) [75] => Array ( [d1] => 129632 ) [76] => Array ( [d2] => 134865 ) [77] => Array ( [d3] => 140170 ) [78] => Array ( [d4] => 145712 ) [79] => Array ( [d5] => 151076 ) [80] => Array ( [d6] => 156290 ) [81] => Array ( [d7] => 161510 ) [82] => Array ( [d0] => 166613 ) [83] => Array ( [d1] => 171684 ) [84] => Array ( [d2] => 176824 ) [85] => Array ( [d3] => 181808 ) [86] => Array ( [d4] => 186817 ) [87] => Array ( [d5] => 191933 ) [88] => Array ( [d6] => 197028 ) [89] => Array ( [d7] => 202088 ) [90] => Array ( [d0] => 207444 ) [91] => Array ( [d1] => 212610 ) [92] => Array ( [d2] => 217825 ) [93] => Array ( [d3] => 223311 ) [94] => Array ( [d4] => 228462 ) [95] => Array ( [d5] => 233510 ) [96] => Array ( [d6] => 238737 ) [97] => Array ( [d7] => 243706 ) [98] => Array ( [d0] => 248708 ) [99] => Array ( [d1] => 253989 ) [100] => Array ( [d2] => 259035 ) [101] => Array ( [d3] => 264220 ) [102] => Array ( [d4] => 269591 ) [103] => Array ( [d5] => 274856 ) [104] => Array ( [d6] => 280275 ) [105] => Array ( [d7] => 286028 ) [106] => Array ( [d0] => 291418 ) [107] => Array ( [d1] => 296628 ) [108] => Array ( [d2] => 302042 ) [109] => Array ( [d3] => 307286 ) [110] => Array ( [d4] => 312660 ) [111] => Array ( [d5] => 318267 ) [112] => Array ( [d6] => 323815 ) [113] => Array ( [d7] => 329442 ) [114] => Array ( [d0] => 335524 ) [115] => Array ( [d1] => 341476 ) [116] => Array ( [d2] => 347582 ) [117] => Array ( [d3] => 353659 ) [118] => Array ( [d4] => 359661 ) [119] => Array ( [d5] => 365687 ) [120] => Array ( [d6] => 372025 ) [121] => Array ( [d7] => 379331 ) [122] => Array ( [d0] => 387064 ) [123] => Array ( [d1] => 394925 ) [124] => Array ( [d2] => 403624 ) [125] => Array ( [d3] => 413031 ) [126] => Array ( [d4] => 422718 ) [127] => Array ( [d5] => 432760 ) [128] => Array ( [d6] => 443489 ) [129] => Array ( [d7] => 454570 ) [130] => Array ( [d0] => 465111 ) [131] => Array ( [d1] => 475121 ) [132] => Array ( [d2] => 484932 ) [133] => Array ( [d3] => 494841 ) [134] => Array ( [d4] => 504489 ) [135] => Array ( [d5] => 513062 ) [136] => Array ( [d6] => 521192 ) [137] => Array ( [d7] => 529381 ) [138] => Array ( [d0] => 537629 ) [139] => Array ( [d1] => 545863 ) [140] => Array ( [d2] => 554416 ) [141] => Array ( [d3] => 562912 ) [142] => Array ( [d4] => 571737 ) [143] => Array ( [d5] => 580439 ) [144] => Array ( [d6] => 589222 ) [145] => Array ( [d7] => 597806 ) [146] => Array ( [d0] => 606251 ) [147] => Array ( [d1] => 614458 ) [148] => Array ( [d2] => 622429 ) [149] => Array ( [d3] => 630064 ) [150] => Array ( [d4] => 636829 ) [151] => Array ( [d5] => 643256 ) [152] => Array ( [d6] => 649211 ) [153] => Array ( [d7] => 654880 ) [154] => Array ( [d0] => 660474 ) [155] => Array ( [d1] => 665864 ) [156] => Array ( [d2] => 671276 ) [157] => Array ( [d3] => 676894 ) [158] => Array ( [d4] => 682287 ) [159] => Array ( [d5] => 687710 ) [160] => Array ( [d6] => 693285 ) [161] => Array ( [d7] => 698270 ) [162] => Array ( [d0] => 703088 ) [163] => Array ( [d1] => 708069 ) [164] => Array ( [d2] => 712633 ) [165] => Array ( [d3] => 717235 ) [166] => Array ( [d4] => 721954 ) [167] => Array ( [d5] => 726332 ) [168] => Array ( [d6] => 730674 ) [169] => Array ( [d7] => 735196 ) [170] => Array ( [d0] => 739607 ) [171] => Array ( [d1] => 743901 ) [172] => Array ( [d2] => 748448 ) [173] => Array ( [d3] => 752789 ) [174] => Array ( [d4] => 757071 ) [175] => Array ( [d5] => 761533 ) [176] => Array ( [d6] => 765877 ) [177] => Array ( [d7] => 770108 ) [178] => Array ( [d0] => 774482 ) [179] => Array ( [d1] => 778762 ) [180] => Array ( [d2] => 783004 ) [181] => Array ( [d3] => 787293 ) [182] => Array ( [d4] => 791620 ) [183] => Array ( [d5] => 795892 ) [184] => Array ( [d6] => 800208 ) [185] => Array ( [d7] => 804505 ) [186] => Array ( [d0] => 808878 ) [187] => Array ( [d1] => 813199 ) [188] => Array ( [d2] => 817414 ) [189] => Array ( [d3] => 821667 ) [190] => Array ( [d4] => 825982 ) [191] => Array ( [d5] => 830288 ) [192] => Array ( [d9] => 834595 ) ) 95136 bytes so i guess that a restart marker is being read.
-
if you tweak my code it reads the thumbnails. hello? i am not interested in these markers. My algorithm for enforcing maximum 96% on the jpeg quality will block images with overloaded data (thumbnails, exif and comments). I am not interested in that but i yweaked my code and i read them and much faster than your code. Here is a comparison of output: your script (copy and paste) blacksmith Found marker D3 Found marker D4 Found marker D7 Found marker D6 Found marker D6 Found marker D7 Found marker D7 Found marker D3 Found marker D6 Found marker D1 Found marker D4 Found marker D0 Found marker DA Found marker C4 Found marker C0 Found marker EE Found marker DD Found marker DB Found marker E1 Found marker E2 Found marker ED Found marker E1 362888 bytes of memory usage my script: ffe1 4 ffd8 318 ffdb 320 ffdd 454 ffee 460 ffc0 476 ffc4 495 ffda 659 ffd0 1103 ffd1 1502 ffd2 1932 ffd3 2336 ffd4 2746 ffd5 3091 ffd6 3520 ffd7 4020 ffd0 4750 ffd1 5610 ffd2 6404 ffd3 7091 ffd4 7597 ffd5 8017 ffd6 8271 ffd7 8477 ffd0 8700 Array ( [0] => Array ( [d8] => 1 ) [1] => Array ( [e1] => 4 ) [2] => Array ( [d8] => 318 ) [3] => Array ( [db] => 320 ) [4] => Array ( [dd] => 454 ) [5] => Array ( [ee] => 460 ) [6] => Array ( [c0] => 476 ) [7] => Array ( [c4] => 495 ) [8] => Array ( [da] => 659 ) [9] => Array ( [d0] => 1103 ) [10] => Array ( [d1] => 1502 ) [11] => Array ( [d2] => 1932 ) [12] => Array ( [d3] => 2336 ) [13] => Array ( [d4] => 2746 ) [14] => Array ( [d5] => 3091 ) [15] => Array ( [d6] => 3520 ) [16] => Array ( [d7] => 4020 ) [17] => Array ( [d0] => 4750 ) [18] => Array ( [d1] => 5610 ) [19] => Array ( [d2] => 6404 ) [20] => Array ( [d3] => 7091 ) [21] => Array ( [d4] => 7597 ) [22] => Array ( [d5] => 8017 ) [23] => Array ( [d6] => 8271 ) [24] => Array ( [d7] => 8477 ) [25] => Array ( [d0] => 8700 ) [26] => Array ( [d9] => 1 ) ) 1 1736 bytes of memory usage also, i tried your script on a 4mb photo of mine and php choked with the following information: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 67108872 bytes) in parseJpeg.php on line 78 [$imageData[] = $c;] my script scanned the file no problem and here is the results (including the tweaked code markers) Array ( [0] => Array ( [d8] => 1 ) [1] => Array ( [e1] => 4 ) [2] => Array ( [fe] => 6 ) [3] => Array ( [ff] => 1813 ) [4] => Array ( [8a] => 3038 ) [5] => Array ( [c7] => 3341 ) [6] => Array ( [cd] => 3899 ) [7] => Array ( [5e] => 4016 ) [8] => Array ( [cd] => 4411 ) [9] => Array ( [5e] => 4528 ) [10] => Array ( [8a] => 4574 ) [11] => Array ( [47] => 4877 ) [12] => Array ( [8a] => 5086 ) [13] => Array ( [6e] => 5443 ) [14] => Array ( [8a] => 5598 ) [15] => Array ( [47] => 5901 ) [16] => Array ( [cd] => 6459 ) [17] => Array ( [5e] => 6576 ) [18] => Array ( [cd] => 6971 ) [19] => Array ( [5e] => 7088 ) [20] => Array ( [cd] => 7483 ) [21] => Array ( [5e] => 7600 ) [22] => Array ( [5e] => 8624 ) [23] => Array ( [cd] => 9019 ) [24] => Array ( [5e] => 9136 ) [25] => Array ( [cd] => 9531 ) [26] => Array ( [5e] => 9648 ) [27] => Array ( [cd] => 10043 ) [28] => Array ( [5e] => 10160 ) [29] => Array ( [cd] => 10555 ) [30] => Array ( [5e] => 10672 ) [31] => Array ( [5e] => 11184 ) [32] => Array ( [cd] => 11579 ) [33] => Array ( [df] => 11642 ) [34] => Array ( [5e] => 11696 ) [35] => Array ( [cd] => 12091 ) [36] => Array ( [5e] => 12208 ) [37] => Array ( [5e] => 12720 ) [38] => Array ( [cf] => 13115 ) [39] => Array ( [4c] => 13581 ) [40] => Array ( [59] => 14425 ) [41] => Array ( [39] => 14613 ) [42] => Array ( [8a] => 14634 ) [43] => Array ( [ff] => 15050 ) [44] => Array ( [d8] => 15362 ) [45] => Array ( [db] => 15364 ) [46] => Array ( [c0] => 15498 ) [47] => Array ( [c4] => 15517 ) [48] => Array ( [da] => 15937 ) [49] => Array ( [d9] => 1 ) ) 22384 bytes memory usage !!! i also compared a 1mb photo. 1.06mb image: 6298016 bytes memory usage ! = not good 1.06mb image: 4568 bytes i like my script and i can easily include the useless data if i so choose to do so but my script doesn't crash. And when i analyze the data, i will yield it to the script to prevent a crash.
-
By design i am skipping those markers. I can easily add a function to check each character for code and base64 encoded code, which will include those markers. I can also add them if it is perceived as being a complete scan but correct is dependent upon what one is seeking and for what purpose. Comments are not defined in the specification as being a valid jpeg, they are optional markers. I know that the data lengths exist but if you trust the data in the file, then you are essentially trusting user input. The app0/signature is 16 bytes according to every document that i have read: FF E0 0 10, followed by the 10 byte signature. It is good to check the data in the image but the overall acceptance should be ruled by the code and not the image, since it should not be more than 16 bytes total as a valid app0 signature. The same can be said of c0 only it is mentioned in the specification as being 17bytes. DB and C4 are variable size. I am aware of it but i am not willing to allow the image to control the size or i will blindly accept an invalid header. I have yet to see any arbitrary data scanning for markers even with a simple script like the one that i posted to begin this thread. In fact, when i use a function with if 0xFF return next marker, there is 16 zeroes after the app0 marker and 17 zeroes after the C0 marker etc. I have only seen arbitrary data when i overused functions and if blocks to force discovery of markers. I will check all of my photos using both of our scripts to compare the output this weekend. I will see if there is something missing in my markers. I'll tweak the code to look for other markers but my final website code will exclude comments. I have alot of work to do on my code as it is only in early creation stages. I have alot of testing, tweaking and hacking to do with this code. I want to make it better, faster, smarter and stronger. I have a long way to go. I will offer two modes and a flag now: search for all markers or search for select markers. That should satisfy complete parsing. Also, i have added the mime types and extensions for the missing jpeg possibilities in my file upload script. I read over the rfc for jpeg200 today. Good lord, i am missing 6 extensions and three mime types. I have a ways to go to get this script polished and ready for useage. Thank you for all of the help and tips, Kicken. You're a good person to take time to help an amateur. I truly appreciate you and this forum. I cannot say Thank You enough times. Best wishes, John
-
I'm sorry but i do not see the difference between 0xFFx?? and checking it in the array. Do recall that the word specific is in the word specification. The markers are known. We are not implementing an algebraic expression seeking an unknown number. I am getting marker data, so i am not understanding what is the matter. Is the marker data different using my code than the output using your code? Maybe i am tired from a long week. I am missing data that indicates my markers are incorrect. I also do not know what you mean about ftell. ftell is telling me the position of the marker, therefore we can use that to collect the data, no? I haven't verified the data yet compared to yours. C0 is supposed to hold 17bytes of data. Then let us examine my thoughts in code (to be placed after the while loop to find the markers and before the fclose statement. fseek($SID_filePointer, $ftellPositions[2]); $c0 = str_split(fread($SID_filePointer, ($ftellPositions[3] - 2) - $ftellPositions[2])); foreach ($c0 as $key => $data) { echo dechex(ord($data)) . ' | '; } echo ' => ' . count($c0); one fast pass through the characters yields marker positions. A dump of the position (ftell) yields the marker data. I am done coding for today, my head is in vertigo.
-
well that was stupid! i forgot to check for the 0xD9 EOI marker. so here is my collect the markers code. I will look at your code after you critique mine. I'm sure it lackluster to your code since i am a hobbyist for now but it works. The code is missing security and failure checks because it is test/in dev code. <?php $SID_filePointer = fopen('Canon_PowerShot_S40.jpg', 'rb'); //DSC_0001 $SID_JPEGmarkers = (array) ["\xFF\xD8" => 0, "\xFF\xE0" => '', "\xFF\xE1" => '', "\xFF\xDB" => '', "\xFF\xC0" => '', "\xFF\xC4" => '', "\xFF\xDA" => '', "\xFF\xD9" => 0]; function checkMarker($fileCharacter) { return in_array($fileCharacter, ["\xE0", "\xE1", "\xDB", "\xC0", "\xC4", "\xDA", "\xD9"], true) ? true : false; } switch (fread($SID_filePointer, 2)) { case "\xFF\xD8": // SOI found $SID_JPEGmarkers["\xFF\xD8"] = 1; while (!feof($SID_filePointer)/*.*/) { $SID_marker = fread($SID_filePointer, 1); switch ($SID_marker) { case "\xFF": if (checkMarker($nextMarker = fread($SID_filePointer, 1)) === false) { break; } echo dechex(ord($SID_marker)) . dechex(ord($nextMarker)) . ' ' . ftell($SID_filePointer) . '<br><br>'; // i figure that i can mark the markers with ftell then collect the data with a seek and dump read for a speedy process if ($nextMarker === "\xD9") { $SID_JPEGmarkers["\xFF\xD9"] = 1; break(2); } break; } } break; default: echo 'The file is not readable.'; } fclose($SID_filePointer); By the way, my cameras produce EXIF Jpeg images which lack the JFIF signature.
-
Hello Kicken, I wanted to work on my code today since it is Friday. I can stay awake late tonight (shaBang!) However, i have to rewrite my code because it wasn't reading the jpeg images that come from my camera. Now i know what you mean about being too specific. Anyway, i have rewritten my code and it is reading all of the markers (as it should do so). However, the photos that come from my camera have multiple entries of the same markers. What is that supposed to be? is it possible that it is reading scan data or restart data? i have not dumped the data yet to compare it. I had to research online how to tell where the pointer is at in the file. I found the ftell function, which is pretty cool if you ask me. I'm sure you already know this function as you are a PROgrammer. I am a hobbysist for now, so i was unaware of this function. Anyway, i used ftell to show the position in the read and the positions are different. How should i handle this? Maybe a better question is why are two entries for all of the markers? i don't want to look at your code. I want to do it myself and get a working script. Then i will look at your code. Best wishes, John
-
Hi Kicken, I worked on my code for 1.5 hours today after my course (I am enrolled in a German language course, since i live in Germany. I am not German. My Wife was born here, so i am here to be with her and live happily ever after.) I collected all of the data in the main loop and i placed it in an array to verify it. My array is 560 something keys. I do not plan to store the data in an array. I plan to use a single array to store a single marker's data for analysis, then release it (a temp array). Our code is clearly different. I only had four hours of sleep last night. I had a migraine when i logged off. I am so tired. I had trouble processing German language today. I am going to relax today. I am too tired to code. I will work on it this weekend, then i will post my code for critique. Then i will look at your code and see how i could make my code better, faster, smarter, stronger ☺️ I will definitely have to see what you are doing with unpack but i will not look at your code until my code is complete. I will, however, read about unpack a bit more online. Best wishes, John
-
well, it's a bit more than pseudo-code that i am used to seeing. I always see if var then do something. Anyway, point is obviously destroyed by your code since you check it in the function. I made a similar function today and i had to add the null byte check because my page was filled with null bytes in addition to the markers. I looked at your pseudo code again but i cannot see your function. Honestly, i didn't expect you to write a complete scanner. I thought that you were jotting barebones code. My apologies to you. I actually uploaded a small photo to peak at the output. I hope it's ok. I edited the photo to a smaller size and saved it at 96%. I had to find one of my nature photos on this laprop because my pc is shutdown already. After i found the photo i wanted to upload it but the link to the page was gone. I had to look through my fiddler proxy to find the uri again. LOL Thank you for the link. My code is similar to your in certain ways but i am missing several useful aspects. I also do not know the unpack parameters. Actually, i have not used unpack until today. I have no experience with it, so this code is beyond my understanding at this time. I have to go to bed soon, i have a course in the morning and i need to sleep. I will look over your code only after i finish mine. I do not seek code written for me so i will keep working on my own code until i have a final version. Then we will see how bad it is. I am an honest man, so i promise no more peeking at your code. I have not memorized anything. I just remember a strange unpack parameter but i forget what it was because memorizing it is cheating. I am not a cheater. I will get back to my code tomorrow after my course. Goodnight and Best wishes, John.
-
I want to open a JPEG JFIF photo and find the markers. It is the end goal? that is ridiculous. I have looked at pseudo code that matches your pseudo code and i notice several things: 1. your code checks for any instance of 0xFF, which using my sample photo equates to 84 unnecessary evaluations. The markers need to be defined by the code that is seeking them. For example, i have an array of markers with empty values. If empty marker[] then continue, which leaves me with 11 passes through my marker analysis code. Image data has 256 byte markers followed by a null byte. 0xFF 0x00. Why do you check these bytes? 2. by skipping the soi and eoi, you're not checking file integrity. Your code has no way of telling one if those bytes exist or not. 3. you're dangerously placing unknown marker data into a string. Hopefully you are not planning on using functions that may execute code. I prefer to store the data in an array where i can analyze the single characters of the array before doing anything with them collectively. 4. I'm not stripping any data from the image (removing unwanted stuff). I am checking the file for code injection (excluding stenography of pixels). 5. If you only use a function with an 0xFF fgetc check, all of the return data of the marker will be counted. I have already done this today. I print the return value of the function and all 16 bytes appear with the marker, e.g. E0. all 17 bytes appear with the C0 marker. I don't see why you are not grabbing the data immediately. It is nice that you have made your own version but i find it too far away from the path for my liking. I already have the data and i only make 11 passes through my code to get the data. Best wishes, John
-
but i want to be specific. I'm trying to target the useful markers. useful being verification of structure and existence. data integrity and analysis is beyond my skills at this point-in-time. The goal is to check that the header is present and valid (alot of bypass images inject code after the signature and lack the trailing xDB.) I think that you mean it is too specific in that i am not grabbing the entire marker. I have attempted to build a function but i am not sure if you are using fgetc or not. I decided to use fgetc and simply unpack a word into an array for clarification. <?php $SID_openFile = fopen('photo1200-96pc.jpg', 'rb'); function findNextMarker($file) { if (fgetc($file) === "\xFF") { return fgetc($file); } return; } while (!feof($SID_openFile)/*.*/) { $SID_marker = findNextMarker($SID_openFile); if (!empty($SID_marker) && $SID_marker !== "\xD8" && $SID_marker !== "\xD9") { $word = unpack("H*", fread($SID_openFile, 16)); echo dechex(ord($SID_marker)) . ' : '; print_r($word); echo '<br>'; } } fclose($SID_openFile); ?> so is the function what you are suggesting?
-
So, Kicken, is this code better to your eyes (but the dang HH is still showing): <?php $SID_fileLines = ''; $SID_openFile = fopen('photo1200-96pc.jpg', 'rb'); //DSC_0001 $SID_bytes = ''; $position = 0; $SOI = 0; $signature = []; $dataBytes = 0; $trailer = ''; while (!feof($SID_openFile)/*.*/) { $SID_char1 = fgetc($SID_openFile); $SID_char2 = fgetc($SID_openFile); $SID_marker = $SID_char1 . $SID_char2; if (empty($SOI) && "\xFF\xD8" === $SID_marker) { $SOI = 1; continue; } if ("\xFF\xE0" === $SID_marker) { array_push($signature, utf8_encode($SID_char1)/*.*/); array_push($signature, utf8_encode($SID_char2)/*.*/); while ($dataBytes < 16) { $SID_header = fgetc($SID_openFile); if (ctype_cntrl($SID_header)) { $dataBytes += 1; continue; } array_push($signature, utf8_encode($SID_header)); $dataBytes += 1; } } if ("\xFF\xDB" === $SID_marker) { $trailer .= utf8_encode($SID_char1) . utf8_encode($SID_char2); break; //just a test to see how i could use fgetc } } fclose($SID_openFile); if (!empty($signature)) { foreach ($signature as $char) { $SID_bytes .= $char; } } if (!empty($SID_bytes)) { echo 'header: ' . $SID_bytes . ' : length = ' . strlen($SID_bytes) . '<br><br>'; } if (!empty($trailer)) { echo 'trailer: ' . $trailer . '<br><br>'; } ?> the only thing that i can think of at this time is to store two characters plus a marker for checking. I've never read a file before the last line code project. I think that it rolls smoother than the last one but it is a bit more complex. i really need to slep soon. My eyes are burning. Goodnight and Thanks for the tips, John
-
i have isolated the 16 byte JFIF header including the trailer and also the JFIF EXIF header. I leave the II and MM in the EXIF header. I have successfully isolated JFIF and EXIF headers from over twenty different test images. I have also tried most of the images found at an exif test images github page. foreach ($SID_fileLines() as $SID_currentLine) { if ($pos = strpos($SID_currentLine, "\xFF\xE0") || $pos = strpos($SID_currentLine, "\xFF\xE1")) { foreach(str_split($SID_currentLine) as $byte) { if (dechex(ord($byte)) === '2a') { break; } if (ctype_cntrl($byte) || dechex(ord($byte)) === '2c' || utf8_encode($byte) === 'H'/*.*/) { continue; } else { array_push($SID_c0, ord($byte)); array_push($SID_cc, dechex(ord($byte))); array_push($SID_cf, utf8_encode($byte)); } if (dechex(ord($byte)) === 'db') { break; } } if (!empty($SID_cf)) { foreach ($SID_cf as $char) { $SID_bytes .= $char; } } if (!empty($SID_bytes)) { echo 'header: ' . $SID_bytes . ' : length = ' . strlen($SID_bytes) . '<br><br>'; } This process has been a pain but i am enjoying the fact that i have accomplished this task without a programming background. The code is amateur but it is working. Microsoft built an empire off of 'working' code, so it doesn't matter to me right now. I was hoping that someone could offer code examples of a better method. For example, i have no idea where this H comes from. I guess that it has something to do with the bytes of the utf-8 encode process. I have alot to learn but atleast i was able to pull this off. Now to read and figure out a better method. I have mentioned that i have done alot of research on this subject including stenography. Fascinating subject and i have examples of stenography (sample images.) Isolating the actual image data is quite easy (i accomplished this feat today with a large array), recognizing the stenography is not so easy. i am tired today, so i am going to call it a day. Thank you all for the tips and advice. Best wishes to you, honestly.
-
Dear gizmola, getimagesize is great for detecting those php files saved as jpeg. I use the following code and display a message that the file may be corrupted upon any of the if blocks being true. $SID_dimensions = (array) getimagesize($_FILES['Upload']['tmp_name']); if (empty($SID_dimensions) || !is_array($SID_dimensions)/*.*/) { if (empty($SID_dimensions[2]) || !in_array($SID_dimensions[2], [1, 2, 3], true)/*.*/) { if (empty($SID_dimensions['mime']) || !in_array($SID_dimensions['mime'], ['image/jpeg', 'image/png', 'image/gif'], true)/*.*/) { if (empty($SID_dimensions[0]) || empty($SID_dimensions[1])/*.*/) { however, the properly injected images pass right through (for obvious reasons.) PHP lacks any functions for image scanning so thus begins my journey. Dear Kicken, i am aware of the linux strings utility but i downloaded a strings.exe file from a hacking site many many years ago. It runs on Windows as a console app. I suppose it is a port of the strings utility. a simple string split dechex ord conversion will reveal all of the necessary markers for a jpeg. Try it yourself using a small image. The array is very large (but you should understand this concept). foreach(str_split($SID_currentLine) as $byte) { array_push($SID_bytes, dechex(ord($byte))); } output reveals the data that i am seeking. print_r($SID_bytes); Array ( [0] => ff [1] => d8 [2] => ff [3] => e0 [4] => 0 [5] => 10 [6] => 4a [7] => 46 [8] => 49 [9] => 46 [10] => 0 [11] => 1 [12] => 1 [13] => 1 [14] => 0 [15] => 48 [16] => 0 [20] => ff [21] => db [85] => ff [86] => db [154] => ff [155] => c0 [173] => ff [174] => c4 [203] => ff [204] => c4 [384] => ff [385] => c4 [414] => ff [415] => c4 [596] => ff [597] => da, [1118] => ff [1119] => 0, [1171] => ff [1172] => 0 etc. [226976] => ff [226977] => d9 ) SOI 0xFF, 0xD8 header = found/located [[6] => 4a [7] => 46 [8] => 49 [9] => 46 = JFIF] DQT 0xFF, 0xDB, Define Quantization Table = found/located SOF0 0xFF, 0xC0, Variable size , Start Of Frame = found/located DHT 0xFF, 0xC4 , Variable size , Define Huffman Table(s) = found/located SOS 0xFF, 0xDA , Variable size , Start Of Scan = found/located et cetera EOI 0xFF, 0xD9, End Of Image = found/located it is not rocket science. The results are easy to obtain. You are looking at the jpeg markers. maybe you are mad that i am able to do this and i'm not a programmer or something. I don't need libraries to read a jpeg. php is capable of doing it. what i have asked has yet to be answered. How am i supposed to get only the bytes that are of use to me pushed into an array? i have tried strpos but i cannot get it to id these bytes and push them to an array with a stopping position. i guess that i have to play with the code to figure it out myself. Best wishes, John
-
Dear gizmola, Thank you for taking time to post. I appreciate you and your expertise. I really enjoy that link to the github corkami formats page. This page summarizes alot of data that i have read over the past three weeks and even adds some data that i find most useful. Fantastic! I have a spaghetti code handler that i've been working on and i'm almost finished. I would like to add my own file scanning code since i already have the file open. I use both filesize and getimagesize directly on the temp file (via try catch because a corrupted file causes an exception on both functions.) The getimagesize has knocked down several bypass files but 12 out of 12 properly injected files pass through the check. I have two old executables from early 200s named 'strings' and 'binary text scan'. I opened all 12 code injected images in these programs and the code is quickly spotted. I thought, "how could i do this in php?" i searched for opening image files and came to fopen. A simple read into lines allows me to foreach loop over an array of php code then use if str_contains to see if the line has code. Sure enough, all 12 files no longer pass through my upload script. I suppose that it may not be foolproof but atleast i am able to catch weak injections. Meantime, i have a copy of phpbb3 and i uploaded these 12 images into my xampp installed forum. All 12 images pass into the forum. I think that phpbb also uses gd and imagemagick. Anyway, i figure that as long as i have a jpeg open, then i may as well learn how to scan it myself. I will continue reading and see if i can conjure up a tighter scanning segment. Then i will post it for you to test. I like my script but this scanning segment needs some work and i need to follow the specification precisely in order to produce a better scanning segment. I go to be now. Long day. Best wishes to you and thanks again!
-
Thans for the tip. I appreciate it very much. I assumed that this code read every line into memory (without checking memory myself). Thus, i aimed for a generator method. I'll go back to the method that you have specified. Thanks, Kicken. I have to disagree that the libraries mentioned are the best way. Simply searching Google for these libraries plus hacks yields a ton of security vulnerabilities, particularly gd. But, honestly, I don't find JPEG format very complicated at all. The markers are the same in every image. The header always begins at the SOI marker xFF XD8 followed by xFF xEO. Open jpeg images in Notepadpp and you can see it yourself. The only change is from JFIF to EXIF. Meantime, the Huffman tables have been documented even in php. smashingmagazine.com/2019/08/faster-image-loading-embedded-previews/ dev.exiv2.org/projects/exiv2/wiki/The_Metadata_in_JPEG_files#2-The-metadata-structure-in-JPEG I am just a php hobbyist, so reading the bytes is a bit perplexing. I suppose that i just need to use an offset and increase the position by 2 until i find the second null byte, which should be x00 in hex. I am having trouble with the position moving part, since i lack the experience. I have read a ton of documents about jpeg and even downloaded some cpp examples. I will keep playing with the code in sparetime. Eventually i will find a proper way to traverse the necessary bytes according to the specification. The current code is garbage, so i will start over tomorrow. I will read about getting chunks instead of lines. Thank you very much for your time and expertise. I hope that you have a pleasant day.
-
Paul, if you are looking for someone to program for you, then you've come to the wrong place. You spend more time posting insullts and antagonizing members than you spend trying to fix your highschool programming. Take a break from the keyboard and focus on your code or get out your checkbook and post in the job offer forum. The php specialists here have tried to help you but your eyes and ears are closed. I agree that this thread should reach its end-of-life soon if you don't stop antagonizing. Try to fix your code and the emphasis is on your, id est, y-o-u-r code. I have spent half an hour loading my xampp, building a db and coding a basic (do not use in reality) php file to illustrate that the tips provided to you work. I even implemented the misuse of a function and i have no problem logging in with my code. You need to look over your files and track down your errors. page 1 example with no function. <?php //first we make a password for use in a db sans form input //$formPass = "MicroSh1t.N3t"; //$showHash = password_hash($formPass, PASSWORD_BCRYPT); //echo $showHash . '<br>'; $error = 0; switch ($_SERVER['REQUEST_METHOD']) { case 'POST': if (empty($_POST['password'])) { $error = 'login failed.'; break; } $dbhost = '127.0.0.1'; $dbname = 'usertest'; $dbusername = 'root'; $dbpassword = ''; $attributes = array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC); $pdo = new PDO("mysql:host=$dbhost; dbname=$dbname; charset=utf8mb4", $dbusername, $dbpassword, $attributes); $query = 'SELECT passphrase, id FROM users WHERE username = :user'; $stmt = $pdo->prepare($query); $stmt->execute(array(':user' => $_POST['username'])); $field = $stmt->fetch(); if (password_verify($_POST['password'], $field['passphrase']) === true) { session_start(); $SESSION['user']['id'] = $field['id']; $loggedin = 1; } else { $error = 'login failed.'; break; } break; } if (empty($loggedin)) { if (!empty($error)) { echo $error . '<br>'; } echo "\r\n"; echo ' <form autocomplete="off" method="post" enctype="multipart/form-data" accept-charset="ISO-8859-1">' . "\r\n"; echo ' <input type="text" name="username" placeholder="username"><br>' . "\r\n"; // required echo ' <input type="password" name="password" placeholder="password"><br>' . "\r\n"; // required echo ' <input type="submit" value="Log In">' . "\r\n"; echo ' </form>' . "\r\n"; echo "\r\n"; } else { echo 'Paul, when does the back-to-school sale begin?'; } ?> page example 2 using a function 0.0 (use a class file instead) <?php //first we make a password for use in a db sans form input //$formPass = "MicroSh1t.N3t"; //$showHash = password_hash($formPass, PASSWORD_BCRYPT); //echo $showHash . '<br>'; $error = 0; switch ($_SERVER['REQUEST_METHOD']) { case 'POST': if (empty($_POST['password'])) { $error = 'login failed.'; break; } $dbhost = '127.0.0.1'; $dbname = 'usertest'; $dbusername = 'root'; $dbpassword = ''; $attributes = array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC); $pdo = new PDO("mysql:host=$dbhost; dbname=$dbname; charset=utf8mb4", $dbusername, $dbpassword, $attributes); function Misuse_of_Functions_Exemplified($pdo, $nescient) { $query = 'SELECT passphrase, id FROM users WHERE username = :user'; $stmt = $pdo->prepare($query); $stmt->execute(array(':user' => $nescient)); $paul_ution = $stmt->fetch(); return $paul_ution; } $paul_ution = Misuse_of_Functions_Exemplified($pdo, $_POST['username']); if (password_verify($_POST['password'], $paul_ution['passphrase']) === true) { session_start(); $SESSION['user']['id'] = $paul_ution['id']; $loggedin = 1; } else { $error = 'login failed.'; break; } break; } if (empty($loggedin)) { if (!empty($error)) { echo $error . '<br>'; } echo "\r\n"; echo ' <form autocomplete="off" method="post" enctype="multipart/form-data" accept-charset="ISO-8859-1">' . "\r\n"; echo ' <input type="text" name="username" placeholder="username"><br>' . "\r\n"; // required echo ' <input type="password" name="password" placeholder="password"><br>' . "\r\n"; // required echo ' <input type="submit" value="Log In">' . "\r\n"; echo ' </form>' . "\r\n"; echo "\r\n"; } else { echo 'Paul, when does the back-to-school sale begin?'; } ?> i have successfully logged in using both pages. You are doing something wrong. Go back to work and give it a rest today. The specialists here devote their free time helping others. Please show some respect. Best of luck to you but the rest is up to you...
-
I think that local development using xampp is the best route for you, Paul-D. Alot of php specialists have tried to help you but you must help yourself along the way. Go back over all of the tips and advice that you have received, maybe you will find a way to get your code working.
-
Hello php Freaks and Freakazoids I'm still working on a file upload script and i'm at the point of code scanning. I have opened the temp file using fopen and i am using a generator to yield each line of code (save on memory). Imperative is to yield the lines, yet i am trying to accomplish two concepts with one open file. I am trying to check if each line (string) contains php code or javascript code (string contains and foreach loop.) I have no prblem with this code. It is working and i am able to catch all of those weak filtering bypass images with php code (i have tested with 12 code injected images.) What i want to do is scan the jpeg (since it is already opened) and verify the image as having valid jpeg components. So i managed to get the markers of the Huffman table, which helps me stop those weak code injection bypass images since they lack the Huffman table data. However, it seems as though i will need to use if blocks in the lines loop, which is counter productive (they are evaluated on each loop.) I can easily change the bytes progressively as i verify them with a variable but i will still need to use an if block. Also, i could only think to check for the null bytes in order to stop the inner loop at the position that i am seeking. so for the header, i need the 74 70 73 70 JFIF bytes, then i can verify that the header exists. Now i can jump to FF C4 to get the Huffman table if it present. et cetera. I have added a passes variable to count the array and the second null byte seems to be at array index 11. I suppose that i could just use the passes variable to cut off the byte scan. However, i would like to know a better way to read bytes x to y only. How could i accomplish the scan of the bytes containing JFIF only and move on? Is there a better way to code this image scanner? I am not a programmer and i this project is the first time that i have used fopen. here is the code that i am referring to: $SID_fileLines = function (): Generator { $SID_openFile = fopen('image.jpg', 'rb'); while (!feof($SID_openFile)/*.*/) { yield trim(fgets($SID_openFile)); } fclose($SID_openFile); return; }; foreach ($SID_fileLines() as $SID_currentLine) { $SID_pos = strpos($SID_currentLine, "\xFF\xDB", 0); $SID_header = []; $nullByte = 0; $passes = 0; if ($SID_pos) { foreach(str_split($SID_currentLine) as $byte) { array_push($SID_header, ord($byte)); $passes += 1; /* passes = 11 (non-zero 12) seems to work as 2nd nullbyte. */ if (ord($byte) === 0) { $nullByte += 1; } if ($nullByte === 2) { unset($byte); break; } } } I hate to have an if block but i have no idea how i can scan the image for code injection and check the metadata at the same time. I don't want to open the image multiple times and i only want to yield each line to spare memory. Any tips?
-
yes! that is a fantastic idea. I am sometimes stupid and miss the obvious. Thank you for the wondeful suggestion. you know, i have been trying to find ways to stop my website programming from having memory problems. Thus i have recently searched for ways to limit my php code memory usage. I discovered generators but i see no way to yield array values. I found a way to use a generator to yield arrays but then i realize that it doesn't prevent the array from being loaded into memory. Now i think about the keys on a keyboard and character mapping. aha! it is possible to map numbers to names, thus it is possible to use a generator of numbers to loop over a nonexistent array (names are now mathematical numbers). Yet the problem of number naming for a loop is a problem. The dewey decimal system plus character mapping might be the answer! Thank you, Barand. You are brilliant! I'm off to look at this system and work on some ideas... very exciting ...
-
Hello everyone, i recently played with some code which uses a number delimited hyperlink reference to traverse the weeks of a year. Please see this thread to follow along with my question. Honestly, run my code in xampp to make the picture clearer if it isn't clear enough. link to my code example: imagine that clicking through the numbers 1 to 52 loaded 52 different webpages from a site. One could traverse the content of an entire website with one navigation system. Then i realize that we already play this numbers game: zipcode, street address (also has a string name). So when i imagine php pages named using numbers instead of words, such as 110 for index page of the domain, i realize how easily we could use math formulas and statistics to quickly add power to our web apps. I started jotting down some ideas but i wonder if this concept is already being used behind the scenes. I really wonder if it is the engine to sites like Google. The url string names are just string representations of the actual number system used to design the app and its pages. As it stands, i've always been influenced to name my pages with language strings (index.php, news.php, shinynewproducts.php, et cetera) i hate the idea of trying to develop my own system when one may already exist. I just cannot find examples of such a system. I imagine that math could be used to traverse a category by range with previous and next buttons et cetera. random pages would be easier to load. The ideas are endless when we switch from language and strings to numbers. I wonder if anyone has some links to material covering this subject? i cannot find the right search words in Google...