Jump to content

gizmola

Administrators
  • Posts

    5,871
  • Joined

  • Last visited

  • Days Won

    139

Everything posted by gizmola

  1. Yes this idea is DOA. First of all, people are loathe in the modern era to provide identifying information. The less information you require to establish an account the better, if you want people to sign up. People provide information when they have an incentive to do so. A "community" where people won't join because it's too much of an annoyance to join will be a ghost town. In my experience it's hard enough to get people to pay for a service, even a well executed one that people use everyday. Before stackoverflow, there was experts exchange. It was once a thriving tech expertise community, then they tried to monetize it by obfuscating the content unless you paid. This really pissed a lot of people off, and the site went rapidly down hill until it eventually went bankrupt. SO was started partially in response to EE's poorly executed paywalling scheme, and the rest as they say is history. Candidly I have been asked many times over the years to come up with ways to prevent people from getting access to a system or to content. This goes back to days I worked in the gaming and entertainment industry. There are some interesting case studies as to the effects of over emphasizing piracy or restricting access to content they have paid for, and in every case the employ of those technologies harmed or hampered the business over time. Meanwhile competitors that wrote off the concern thrived and often overtook competitors that at one time were the market leaders with a huge competitive advantage. The harder you make things for your users/customers, the worse off the business will be over time.
  2. Yes the code is equivalent, but as ob_gzhandler() is a simplified shortcut, that would be preferred by just about anyone. Yes you can specify mod_deflate in an htaccess. <IfModule mod_deflate.c> <FilesMatch "\\.(js|css|html|htm|php|xml)$"> SetOutputFilter DEFLATE </FilesMatch> </IfModule> There are various analysis sites you can use to examine the output from your server like https://webpagetest.org/
  3. Session variables are stored (by default) in files on the server. PHP automagically (re)connects you to that data via a cookie with the name PHPSESSID. It is an extremely simple and effective mechanism. The actual contents of the data in the session file(s) is the $_SESSION array that has been serialized by the php serialize() function. I hope that helps clarify what is going on. I did notice that you mentioned the word "select" in one of your replies, suggesting that there is some database involved. Simply stated, when you start a session, any changes you make to the the $_SESSION array in terms of adding or removing elements, is stored in the session file, and will be available upon session_start() on any future visits to the server where the browser presents the same cookie. If things aren't working on page #3 AND you are not overwriting or removing the value from the $_SESSION array, then you probably have a problem somewhere else. If you just wanted a simple example system, then I would steer clear of introducing a database into it, although I understand that a typical next step for people is often to make a login system. Not sure if this is the case for you, but your use of the word "select" made me curious as to what you are actually doing, and whether or not this has anything at all to do with sessions.
  4. What does too long mean? You will more than likely have better luck with a maintained component based package, than trying to get one working that was originally in pear and has long ago been abandoned.
  5. The exec/system/passthru/shell_exec calls will allow you to run external programs or shell/os commands. So yes, it should be possible.
  6. I think you have to answer some questions that perhaps you have not even thought through: When Linda uploads 4 pictures, followed by John uploading 20 pictures, while at the same time Fred is uploading 40 pictures, how does the system know the difference between these 3 users? Most gallery systems just deal with the date the picture was taken in terms of keeping them together in groups, as they naturally can store them based on the date/time the picture was taken. Obviously you can have multiple pictures take at the same date/time but you really only need to add to the name a small randomly generated piece to be able to store multiples, and the chances of 2 pictures (in a small gallery) being taken at the exact same second is usually an edge case. Databases have thought through a lot of the issues with concurrency (multiple users trying to manipulate the database at the same moment while perhaps others are trying to read out information) as well as ways to provide fast access to a subset of the information. With that said, you could also develop this entirely without a database by using a meta file. Xml, yaml, ini and json are all popular file formats that can be read and written to via php. Without a database, you could store a meta file of the same name, only with a different extension, to store the information about the file (original filename, user etc) which could then be read to service display of the gallery or whatever you are engineering. A big advantage of that is that those files will be very small compared to the actual images and can act (as a database row would also act) as a standin for the actual images when you are displaying or sorting the gallery. The other thing to keep in mind about images is that php also can read the exif data from an image, so that opens up some interesting features that might let you introspect the information from the picture. For example, the FileDateTime timestamp of the photo maintained by the camera or phone.
  7. You need to get the original files from source and replace that file if it pre-existed, not just edit it. The name seems odd to me. If it did pre-exist then you need to replace it, but otherwise it should be deleted. This is a big reason why you need an off server backup of the filesystem and database (I use dropbox), especially for a package like wordpress. Any popular application like wordpress is a target for crackers, as there are so many potential sites out there they can exploit using worms. As Requinix already advised, there could be a lot of issues with your server at this point that go beyond wordpress. They want to use wordpress to get enough access to install a rootkit where ultimately they have complete root access to your server. Often this is done to make your server a node on their botnet they can control to do things like send spam, launch DDoS attacks, store files on darkweb servers, and all sorts of other things many of which are criminal in nature. You really have to be concerned as to how badly your server has been modified. A rootkit replaces many of the essential operating system files -- things like the login program, ps, ls, ssh_d etc. Are you competent enough as a sysadmin to be able to determine the overall state of your server?
  8. The other thing this tells you is that the permissions on your wordpress install are overly permissive. This is an unfortunate issue with wordpress in general in that it is certainly easier to allow it to have write permissions to be able to update wordpress through the admin console, but really those directories should be read but not write. Any small mistake in any of the components of wordpress, and you get these type of exploits. Once a cracker can get an exploit script to be written to the tree and included, it typically has the same permissions as the effective webserver user, and as requinix stated, at that point they probably also have the ability to get into your database. That's another mistake that people make with database users. Your wordpress should only have a user created in order to run wordpress, that only has permissions for the wordpress database, but all too often people do stupid things like using the mysql root user or a user that is shared across applications and multiple databases.
  9. One other more general comment, but the way you have named your script implies you are either currently or planning to load data via ajax. Ajax will be a lot easier to work with if you return your data as json, and generate your markup code for the options in your clientside scripts, rather than echoing partial html.
  10. I will admit I'm somewhat mystified as to what you are going for here. You have these queries separated via a chained if - then elseif which is somewhat odd. With that said, we don't have the markup for the select attribute, which is where I would guess the problem lies. I don't know if you are rendering it with javascript, but it's a pretty good guess that you have a naming issue for the 3rd query, where the name of the select is not named correctly. Your diagnostic at the bottom should have revealed that. $query = "SELECT * FROM platforms WHERE version_id = ".$_POST['version_id'].""; Another possible issue is that the table structure is incorrect or there is no data in the platforms table that matches the criteria. Again, we don't know what your database class actually does, or if it has any error checking for SQL errors since all we have is wrapper code like this: $result = $db->query($query);
  11. I think it might be good to really read about the functions you are utilizing. The ob_* functions, like their name are there to buffer output which I'm sure you know. It's clear you are wanting to do this to gzip output, so why not use ob_gzhandler()? Better yet, let Apache use mod_deflate to do this for you? Tasking PHP to do the compression is less efficient than having the webserver do it, and again depending on your web server stack, is going to increase the memory footprint of your individual php processes. Delivering the html is really the job of the webserver, not php. I would always start_session() first.
  12. Also there's DBAL which is part of Doctrine2. Well to each their own.
  13. I agree with Barand and requinix -- either use the functions in MySQL or use a DateTime. With that said, your code didn't work because you inexplicably added a line to turn a perfectly valid timestamp number back into a string, and then tried to subtract it from the timestamp number. If you hadn't done that your code would have worked! <?php $row['date_ts'] = '2019-08-01'; $date_ts = strtotime($row['date_ts']); //Timestamp $totalTime = floor((time() - $date_ts)/(60*60*24)) . ' days';//Total in days echo $totalTime; // Outputs 259 days
  14. Excellent question, with great answer from Kicken. As a rule of thumb this is a way to allow for optional parameters, so to directly answer your question, typically you just have the parameter and not a default value. More importantly PHP now has support for scalar type hinting, which is an important upgrade in 7.1. It had class type hinting since php 5. //PHP5 class typehint class Student { private firstName; private lastName; public function __construct($firstName, $lastName) { $this->firstName = $firstName; $this->lastName = $lastName; } public function getFirstName() { return $this->firstName; } public function getLastName() { return $this->lastName; } } class SchoolClass { private $name; private $year; private $students = array(); public function __construct($name, $year) { $this->name = $name; $this->year = $year; } public function enrollStudent(Student $student) { $this->students[] = $student; } public function listStudents() { $output = ''; foreach($this->students as $student) { $output .= $student->getLastName() . ', ' . $student->getFirstName() . PHP_EOL; } return $output; } } // Example $historyClass = new SchoolClass('AP History', 2020); $student = new Student('Mike', 'Smith'); $historyClass->enrollStudent($student); // This will throw a Catchable fatal error $historyClass->enrollStudent(array('Bob', 'Jones')); With PHP 7, you actually have scalar type hinting. So for example <?php declare(strict_types=1); // has to be 1st line of file class SchoolClass { private $name; private $year; private $students = array(); public function __construct(string $name, integer $year) { $this->name = $name; $this->year = $year; } } // Ok $geometry = new SchoolClass('Geometry 1', 2020); // This produces an error because $year must be an integer value and not a string $bio = new SchoolClass('Biology 1', '2020-02-01'); The declare(strict_types=1) call turns on strict mode, so that type coercion won't happen on parameters. Without it, passing parameters like this won't cause an error. It's up to you as to whether you want the types to be strictly checked or not. Without strict_mode, this would work. $bio = new SchoolClass('Biology 1', '2020'); This is a nice feature as well: class SchoolClass { /* assume previous definition */ public function listStudents(): string { $output = ''; foreach($this->students as $student) { $output .= $student->getLastName() . ', ' . $student->getFirstName() . PHP_EOL; } return $output; } } This hints that the return value of listStudents() has to be string, which can help with autosense in editors, and will throw a runtime error if something malfunctions such that $obj->listStudents() either doesn't return a string as it is suppossed to, or if the function is used as a input to a function that expects a parameter that is NOT a string. These seem like simple examples in a small project, but as a project grows in size and complexity, these small improvements can help you catch logic errors sooner than later and also make smart editors better at their job of helping you code using an extensive class library.
  15. First question: did you do an rtsp OPTIONS request? OPTIONS rtsp://IP:554 RTSP/1.0 What is the reply? As for Digest authentication, just interpreting this page, I would start with: HA1 = MD5(username:realm:password) HA2 = MD5(method:digestURI) response = MD5(HA1:nonce:HA2) Assuming you have set username and password as variables: $ha1 = md5($username . ':' . $realm . ':' . $password); $ha2 = md5('rtsp://IP:554'); $response = md5($ha1 . ':' $nonce . ':' . $ha2);
  16. Your variable naming could use some work. Don't name variables other than for loop counters with meaningless letter names like 'a', 'b' etc. The other thing that's not great is that you have hardcoded string length into your function. None of that is actually needed. It's best practice to just have functions perform a single task, and then to combine/compose functionality from other more focused functions. Here's a real simple first letter uppercase function: const capitalize = (s) => { if (typeof s !== 'string') return '' return s.charAt(0).toUpperCase() + s.slice(1) } Now makeUsername becomes much simpler: function makeUsername() { let username = capitalize($("#firstname").val()) + ' ' + capitalize($("#surname").val()); $("#username").val(username); }
  17. Based on your description: include "../config.php"; If that is not working, then there is something else going wrong besides the path issue. What error do you get?
  18. It looks like you really didn't try and understand what Barand's code did. The for loop simulated your data. You do not need nor want to simulate data, but rather, you want to use the data from your query instead of the for loop. You need a counter variable (I used $i) if you want to display a number for each row, and you need to increment that variable each time. Your code wasn't even syntactically correct from what I could see. Does this look like valid code to you? $output .= $row['Game_Name']; $i; You have to actually understand the operators you are using and what they do. Do you understand what the .= operator does? What do you think this code does then, which is what you had? $output .= $row['Game_Name']; $i; The reason you are only getting the data for one row is that you are re-initializing $output inside your while clause. Also you didn't wrap the data for each row in a div. If you don't do that how do you expect that the grid elements would appear? Last but not least, you don't need to keep going in and out of php blocks. You start with a PHP block and stay with that until you need to output the HTML. Here is your code fixed. It probably works but I make no guarantees. <?php include('dbh.php'); $sql= "SELECT * FROM games WHERE completed=1 ORDER BY Game_Name;"; $result = mysqli_query($conn, $sql) or die("Bad Query: $sql"); $output = ''; $i = 1; while ($row = mysqli_fetch_assoc($result)) $output .= "<div class='entry'>$i. {$row['Game_Name']}</div>\n"; $i++; } ?> <!DOCTYPE html> <html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <link rel="stylesheet" type="text/css" href="https://unpkg.com/purecss@1.0.1/build/base-min.css"> <link rel="stylesheet" type="text/css" href="table.css"> <title>My Collection</title> </head> <body> <h1 align:center>#</h1> <div class="grid"> <?= $output ?> </div> </body> </html> I hope this helps you but honestly I'm concerned that it won't. When there's an example provided like the one you got from Barand, and then the version I provided, you have to go through the code and make sure you understand every line. If you don't you won't ever be able to program things adequately for yourself.
  19. I thought I would present a modern solution based on Barand's that uses css grid. Same basic idea however, you need to replace the test output with your output loop. index.php <?php $output = ''; for ($i=1; $i<=28; $i++) { $output .= "<div class='entry'>Entry $i</div>\n"; } ?> <!DOCTYPE html> <html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <link rel="stylesheet" type="text/css" href="https://unpkg.com/purecss@1.0.1/build/base-min.css"> <link rel="stylesheet" type="text/css" href="styles.css"> <title>Grid Layout</title> </head> <body> <h1>CSS Grid Table</h1> <div class="grid"> <?= $output ?> </div> </body> </html> styles.css body { margin: 1em; } .grid { display: grid; padding 1em; grid-template-columns: repeat(5, 1fr); grid-column-gap: 1em; grid-row-gap: 1em; /* Start at 100px height, stretch if content in a cell exceeds the 100px; */ grid-auto-rows: minmax(100px, auto); } .entry { background: #eee; padding: 1em; } Here's the rendered html and css moved to a codepen if you want to experiment.
  20. Yes. Essentially you re-think the way your app is constructed from a data point of view. You write routines that take whatever parameters are required and just return json data. The UI is all html and javascript that loads the data from ajax calls to your php api script(s). What the script returns is entirely up to you.
  21. To be fair to Saaima, I did not provide any code until posting of the attempts. I am sure the message was delivered as to what we expect in the future.
  22. We would need more information. From what I can see, these are 2 woo-commerce plugins. Do they NOT work together? And if so, what errors are you seeing? The 2nd plugin has a warning stating that it hasn't been updated in the last 3 WP releases.
  23. What distro is the NAS server based on? Do you have a package management tool you can use to add/update packages?
  24. Only SO can add something to their share function, and they can't share to "generic phpBB" so you will never see that. SO has a rest API that could be used to build a "shared" widget within a particular piece of software. See the documentation: https://api.stackexchange.com/docs. Ideally this would work by pasting a link in, and phpBB would need a component that interpreted the SO link, pulled the data for the question and presented it within the post.
  25. Seems you are overthinking/ developing this. The first year is a parameter you will be passing. You don't need any fancy math. If you want to consider possible problems with the parameter, these come to mind: what if string parameter doesn't equate to a valid year? what if string parameter is missing or empty? what if string parameter is in the future? what if the string parameter is a year equal to the current year? Here's a solution that handles all these possibilities: <?php function getCopyrightRange($startYear) { $currentYear = date('Y'); if (((int)$startYear == 0) || ($startYear > $currentYear)) { $startYear = $currentYear; } return ($startYear == $currentYear) ? "&copy;$startYear" : "&copy;$startYear - $currentYear"; } echo getCopyrightRange('1985') . PHP_EOL; echo getCopyrightRange('2025') . PHP_EOL; echo getCopyrightRange('') . PHP_EOL; echo getCopyrightRange('2020') . PHP_EOL; The tests are setup just for command line php testing, so obviously since this is intended to be html markup using an htmlentity, you wouldn't want or need that. Here's the results: &copy;1985 - 2020 &copy;2020 &copy;2020 &copy;2020 If you were writing some test cases, you'd likely have a case for each of these potential issues, assuming you were concerned about them.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.