Jump to content

gizmola

Administrators
  • Posts

    6,085
  • Joined

  • Last visited

  • Days Won

    156

Everything posted by gizmola

  1. Which is a bad fix. What you did was make your site dramatically less secure, by allowing people to create cookies without going through https:// which is a really bad idea. Is this an issue that only comes up in development, perhaps because you don't have a local cert installed? When you have a problem you really have to do a better job of describing the environment under which you had a problem. 99% of the time, if you had working code and it stops working, there is an explanation for that having to do with some environmental change. One tip: on your register/login script, as with any other pure PHP scripts, you should remove the ending PHP tag. I believe that someone else explained to you on another thread, that using session variables to handle bad login attempts and lockouts is another really bad idea. People wanting to brute force won't accept a session cookie, so all that logic will have no effect on those people or their automated brute force scripting. You have to log bad attempts using some sort of persistence (typically a table related to your user table) which include the datetime/timestamp and the IP address. You can then lock out an account for a period of time, as well as locking out IP addresses that might be trying a range of different email/password combinations. You want to prevent both.
  2. C++ OOP is more complicated, so you should not be having issues picking up PHP OOP. For example, PHP OOP doesn't have templates/ operator overloading or multiple inheritance. The best examples of how to apply OOP are those you find in some of the better known component libraries, and in particular those associated with Symfony and Laravel. For everyday use, you want to learn about the Design Patterns described in the Gang of Four book. You don't have to buy this book to learn about these OOP design patterns but many people do, and it's a common text book from my understanding. There are similar books specific to PHP, but I can't personally vouch for any of them. One of the most important OOP design patterns is the Dependency Injection pattern (sometimes called "Inversion of Control"). There are a number of well regarded frameworks that fundamentally are Dependency Injection frameworks. Spring (for Java) was one of the first I was aware of, and for PHP Symfony and Laravel are both DI frameworks, as are any number of other frameworks, given the advantages of the pattern. You want to read about Dependency Injection. There's an article here, that talks about DI and has some examples: https://php-di.org/doc/understanding-di.html Coming from C++, you should already have a good handle on inheritance, methods, constructors, variable scoping, static variables and methods, etc. You want to learn about PHP Interfaces and more recent PHP additions like traits. For free video material, there are any number of tutorials and free courses that cover PHP OOP. I have frequently recommended this channel, and many experienced PHP developers seem to agree with me, that he does a good job covering the syntax and providing examples.
  3. The main issue I see with AI coding tools is that you still need to be able to understand the syntax and code that the AI tools generate. As with anything that is changing rapidly, a significant investment in time is required. From what I've seen demonstrated (and beyond the simple things I have available to me when I'm using VSCode) there are some impressive demonstrations I've seen where new features can be added to existing well structured and formalized code (typically already built in a framework that provides a formalized base) and I could see how AI can be a very effective way of producing what many code generation and boilerplate tools do now, to various degrees of effectiveness. What I've seen in these demonstrations is that the people who are using the tools have spent a lot of time preparing them, determining what types of groundwork and templating is needed, understanding the most effective prompts to construct, and in general, spending a lot of time (and money) in the AI tools. There are also significant privacy and security concerns in sending all of your code up into an AI hive, which is also absorbing that for its own ongoing LLM training. I would also point out that the top practitioners in the PHP development world, employ a variety of tools, and practices, using their IDE and various plugins to produce better tested and more standardized code. Static analysis, unit testing and other automated testing tools, etc. In the world of object oriented programming there is an entire layer of sophistication in regards to the employment of OOP design patterns which are often used by those who have developed expertise and experience. As one quite simple but important example, more than a few PHP frameworks, including the community leading ones (Laravel and Symfony) are built upon the foundational design pattern of Dependency Injection. To be effective with either of these frameworks, a developer needs to know what DI is, what problems it solves, and how to use the pattern in their own code. You generate some AI code, and now you're looking at it, and an obvious question becomes: how is this generated code structured? Does it use a design pattern? If so, which one(s) and were those applied appropriately in regards to the requirements? Did the underlying architecture of the code come with limits or flaws that will only be obvious when the next feature needs to be added? How is a "vibe" coder who doesn't really understand any of these things, or for that matter the application code they generated going to figure this out?
  4. Great advice from mac_gyver. As it happens, there is another recent thread that overlaps here you should check out, as it includes advice on how to design the database structure you can add that will facilitate the type of server side login restriction mechanism.
  5. Absolutely, user's often don't logout intentionally, so you can't depend on that event being recorded. In general, you should be interested in any attempted change to their profile or other "escalation of privilege" or change to the core authentication mechanisms (password reset, password change). Many systems will also include and require a 2nd factor authentication at registration, which unless it's a mobile app, will typically be email. So that's another couple of event types you want to log (email authentication failure, email authentication re-request, email authentication success). Even if you are not prepared to make use of IP logging initially, I'd recommend creating the column in the table as analysis of most events you want to be concerned with (like brute force attacks) will necessitate IP logging if you want to understand where the attacks or coming from, or building in automatic countermeasures like time based IP bans.
  6. Done this for many systems: 100% agree with Barand. I will go one step further and make this an "event" table where the system can insert rows for other events. Off the top of my head other events (in an event_type table or enum) would be a list like this: login logout bad password attempt change password reset password request etc. A simple table like this is common, has and has the benefit (with proper indexing) of allowing for the types of analysis and controls Barand listed. It also allows for mitigating brute force password attempts, as you can use this table to limit the number of login attempts within a given time period for a specific user, and lock the account after a certain number of attempts. Beyond the relationship to the User table (by Id) and a timestamp, you also typically want to store the IP address of the client. If it's mysql, the best way to do this (and natively support both IPv4 and IPv6) is to store the IP as VARBINARY(16) and use the INET6_ATON() and INET6_NTOA() functions to convert the IP when storing and retrieving. Small tables like this, with a clear design scale very well, as MySQL/MariaDB (using the InnoDB engine) is tuned to maximize Select & Insert concurrency. Often people will attempt to use a column or 2 in the user table, which they repeatedly update (ie. "last_login") which reduces concurrency, and is also less valuable than having a full history.
  7. One thing that might be helpful is to use the declare to wrap the block of code you want to have evaluated for statement processing. $count = 0; function statements() { global $count; $count++; echo "Statement Count: $count\n"; } register_tick_function('statements'); declare(ticks=5) { for ($x = 0; $x < 10; $x++) { echo "\$x = $x \n"; } } And you get: $x = 0 $x = 1 $x = 2 $x = 3 $x = 4 Statement Count: 1 $x = 5 $x = 6 $x = 7 $x = 8 $x = 9 Statement Count: 2
  8. You might be able to use the after pseudo element. You set position: relative to the parent element, and then position: absolute on the pseudo element. That technique allows you to move the pseudo element relative to the parent.
  9. In every case, you are not passing an account #. You should have seen that already in the debugging. You need to pick a method (GET or POST) and stick with it. The most recent code you provided appears to be making a POST request. It appears to me that your bot code retrieves your account# from the system. Since this is not coming from a form, I would suggest you just use a GET request which will make it easier to just setup the URL. With an HTTP GET request, you just add parameters to the url as name=value pairs. Then in PHP, you can get the variable from the $_GET superglobal. As the problem is with your client, and that client is based on MQL4 language, I am just making an educated guess here, based on looking at the Manual page for the webRequest function. From what I read briefly, it's essentially C++ syntax, but something none of us who aren't using the trading product you are using could possibly debug for you. But as I said, I made a guess for you as to what I would change. string url = "https://johnnylai.me/license/customers.php?"; string headers; char post[]; int accountNumber = (int)AccountInfoInteger(ACCOUNT_LOGIN); string paramText = "account_no="+IntegerToString(accountNumber); StringToCharArray(postText, post, 0, WHOLE_ARRAY, CP_UTF8); char result[]; string resultHeaders; int response = WebRequest("GET", url+paramText, headers, 1000, post, result, resultHeaders); Print(__FUNCTION__," > Server response is ", response, " and the error is ", GetLastError()); Print(__FUNCTION__," > ", CharArrayToString(result)); return(INIT_SUCCEEDED); Then your first line of the PHP script would be: $account_no = $_GET['account_no'] ?? 0; If $account_no == 0 when running the script, then the parameter is not working, which so far has been the case in all your testing. If you use my code make sure you understand that the full url to be passed needs to be: https://johnny.../license/customers.php?account_no=274020340 (or whatever the account# is). If the client code works as expected that is what should be available to the php script. You can test that the backend script is working by just pasting the url to your server with the url parameter with one of your valid account #'s. I do have to warn you that you have posted your real url and if these are real account#'s that might be an issue for you.
  10. You didn't provide the form that targets this script, but often the issue with people new to PHP superglobals, is that $_POST only gets set to data that is in an actual POST request. <form action="url/to/yourscript.php" method="POST"> If the form includes a file input, you also need to set the enctype to multipart/form-data. <form method="post" action="url/to/yourscript.php" enctype="multipart/form-data"> Your code has this: $account_no = empty($_POST['account_no']) ? : $_POST['account_no']; A cleaner way to handle this would be to use the null coalescing operator "??" $account_no = $_POST['account_no'] ?? 0; One last piece of advice: Leave off the PHP end tag. You don't need it, and in some cases it can cause trouble. This and other formatting standards and advice can be reviewed in https://www.php-fig.org/per/coding-style/
  11. If you're using 3rd party email service, then you should be sending email through them. They also should provide you the SPF, DKIM and DMARC TXT records you would need to add to your DNS. Really this is a question for your hosting company, as the details of how they support email differ based on the hoster.
  12. It would be good to actually explain where you are using this regex. Looks like it's in a spreadsheet. Regex engines can have different syntax and capabilities. You also provided examples of strings that I guess don't work right, but you didn't include the output you expect. That is important information to include in a question like this. The core of this is very simple. [A-Z][a-z]+ Things inside a [] pair are called character classes. So this means: Match any uppercase character -> [A-Z]. This will be a single match. Then match any lowercase character [a-z]. The "+" following is a quantifier which means "1 or more times". So for a match to be made, it requires at least 1 lowercase letter. So the obvious problem with this example: Zentropa International SwedenCanal+Ciné+ Is that it has a plus sign. That could be fixed by this: [A-Z][a-z+]+ However, the non - obvious problem is that you have a non-ascii character in Ciné, which wlll also not match. I am going to make an assumption here that you're using excel, and that it supports .NET's regex library. So by substituting a unicode specific character class that matches any "lowercase" unicode character, as well as allowing a + sign to be part of a string this would work: [A-Z](\p{Ll}|[+])+ I don't know if these are the only strings you have that are problematic, as company names can have all sorts of other non-ascii characters you might have to deal with. Which brings us to this: Nordisk Film ProductionNadcon FilmZweites Deutsches Fernsehen (ZDF) I assume the problem is that nothing will match the (ZDF). This is really a weakness of the approach. A better approach for this would be: Parse original string into an array using the space as a delimitter For each element in the array, perform the regex replacement that finds capital letters and adds a space to break it up into multiple words Rejoin all the elements in the array using a space This would fix the problem with the ZDF as well as any similar issues, as the regex replacement would not affect existing "words" like the "(ZDF)". I hope this helps you. Vibe coding/copy paste only gets you so far when you aren't able to study and understand how the code works, and whether or not it is applicable to your problem.
  13. PHP will set the response code to be a 302, when it issues the Location header. If this same code was running, but it was sending a 200, that could be because either the webserver or something in the code has already set the response code. We have no context or information on what triggers this code. The only other thought I could contribute is that a 302 should not be used if the redirect is being issued in response to a POST request, you should not use the 302, but instead issue a 307. This is discussed here.
  14. Why? Do you expect everyone you send email to, to use PGP to decrypt your emails?
  15. There's been a name for this type of UI/window/panel effect for a while under the moniker of "glassmorphism". So if you do some googling for that with css, you'll find a lot of different examples. Here's one of many: https://codepen.io/kanishkkunal/pen/QWGzBwz One thing to note is that most implementations make use of backdrop-filter, and you want to check caniuse for support.
  16. It sounds like you aren't sure what the problem is. Either way, there is not much help we can provide with no specific diagnostics and no code to look at.
  17. @Barand gave you code and instructions for taking json and converting it into php. From what I read, you actually want to go the opposite direction -- take a php object or array (or some combination) and convert that into json. You do that using json_encode(). There are flags you might need that control how certain PHP types get converted to match what the api requires.
  18. It sounds like a simple database structure would likely be very helpful in maintaining and updating data, and rendering maps and links.
  19. Yes, you can rename index.html to index.php and it will work fine, with the following caveats: If your webserver is not set to treat index.php as the DirectoryIndex, then it won't serve index.php if it isn't specifically referenced. It does not automagically make html into PHP. You need to have PHP blocks or add PHP alternative syntax within your html markup. You've provided 6 static links here, and no explanation of what PHP is going to be doing for you. I'd also highly recommend you improve your markup, rather than using a bunch of wonky br's organize your internal structure, and use bootstrap's utility classes as well: <div class="col-xl-2"> <div class="fw-bolder fs-3"> Adams County </div> <ul class="list-group"> <li class="list-group-item"><a href="https://adamssheriff.org/ "> Sheriff</a></li> <li class="list-group-item"><a href="https://www.coloradojudicial.gov/courts/trial-courts/Adams-county ">Judicial</a></li> <li class="list-group-item"><a href="https://adcogov.org/">Government</a></li> <li class="list-group-item"><a href="https://www.brightonco.gov/">Brighton</a></li> <li class="list-group-item"><a href="https://www.brightonco.gov/203/City-Council">Council</a></li> <li class="list-group-item"><a href="https://en.wikipedia.org/wiki/Adams_County,_Colorado">Wiki</a></li> </ul> </div> If you have a more specific question, add a follow up.
  20. This is an old thread, but just in case, here are a few pieces of advice: Move your CSS into an external file Include a CSS Reset OR use a CSS framework that includes one. (for example "bootstrap css") Consider use of BEM for organization and better integration of markup and styling Investigate use of SASS (allows use of variables, nesting of css classes within source sass) Convert all pixel sizing to use REM (or EM inside of @Media queries) Make UI responsive using media queries Base colors on a color based theme. Sites like https://coolors.co/ are very useful in this regard. Here's an example color pallet: https://coolors.co/bcd4de-a5ccd1-a0b9bf-9dacb2-949ba0 You have a cool app, but I do think a simpler layout would make it simpler and more usable. The font use and coloring would be improved if labels and headings weren't the same color (black) as the inputs. It looks like you are trying to pack in multiple fields horizontally, with labels, which makes it busy. When you choose transparent background, the background input should be made read only. The "Preview" section should have the same section treatment (background, border, padding etc) as the other sections.
  21. There is no way for anyone to help you, when we have no information about the mail server you are trying to connect to. GoDaddy provides email servers for you to use: https://www.godaddy.com/en-in/help/mail-server-addresses-and-ports-for-business-email-24071 It appears you are using some other service. There's additional information here: https://www.godaddy.com/en-in/help/send-form-mail-using-an-smtp-relay-server-953 Ordinarily using an smtp client is a superior solution for sending mail, but with GoDaddy, using mail() is probably best, as they have already setup the MTA on the server to deposit your outbound mail into their mail system. For local development, the best practice these days is to use a local email testing tool. There's a number of these tools, but from what I've seen with Container wrapper tools like DDEV, Mailpit seems to be the preferred solution. You need some way of differentiating environments to make this type of thing work, as the configuration for a development or QA environment is not going to be the same for a production environment.
  22. How do you "get a script" that doesn't work without alteration of the the SQL code? Was it designed to use a different database? Yes GROUPS is a MySQL reserved/keyword You took care of this correctly by using the backtick character to quote the groups table name
  23. You need to get really familiar with the web development tools, inspect elements look at page source code, and figure out how to figure out these things for yourself. When you say "comes in like that, there are multiple things happening, but in general, these are all css animations. Do some learning in regards to how they work, and things like keyframes. This is an elementor hosted site, and thus it includes a bunch of styles that come in from the elementor.min.css file, that is part of their publishing platform. So if you look at the image in the top right, and the flex box it is contained within, you will notice a lot of different styles driving this functionality. I will hi-light a couple for you: <div class="elementor-container elementor-column-gap-no"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-af52a3e animated-slow alpha-entrance-reveal animated rotateInDownRight" data-id="af52a3e" data-element_type="column" data-settings="{&quot;animation&quot;:&quot;rotateInDownRight&quot;}"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-bca11ec animated-slow elementor-widget elementor-widget-image animated fadeInRightShorter" data-id="bca11ec" data-element_type="widget" data-settings="{&quot;_animation&quot;:&quot;fadeInRightShorter&quot;}" data-widget_type="image.default"> <img fetchpriority="high" decoding="async" width="945" height="763" src="https://d-themes.com/wordpress/udesign/corporate-4/wp-content/uploads/sites/74/2024/10/intro-banner-image.png" class="lazy-fade attachment-full size-full wp-image-3916" alt="Banner" srcset="https://d-themes.com/wordpress/udesign/corporate-4/wp-content/uploads/sites/74/2024/10/intro-banner-image.png 945w, https://d-themes.com/wordpress/udesign/corporate-4/wp-content/uploads/sites/74/2024/10/intro-banner-image-768x620.png 768w" sizes="(max-width: 945px) 100vw, 945px"> </div> <div class="elementor-element elementor-element-e4a20a1 elementor-widget__width-auto elementor-absolute animated-slow elementor-widget elementor-widget-image animated fadeIn" data-id="e4a20a1" data-element_type="widget" data-settings="{&quot;_position&quot;:&quot;absolute&quot;,&quot;_animation&quot;:&quot;fadeIn&quot;,&quot;_animation_delay&quot;:600}" data-widget_type="image.default"> <img decoding="async" width="279" height="623" src="https://d-themes.com/wordpress/udesign/corporate-4/wp-content/uploads/sites/74/2023/08/shape-1.png" class="lazy-fade attachment-large size-large wp-image-727" alt="shape"> </div> </div> </div> </div> Notice that this div that contains these other divs, has some styles like: alpha-entrance-reveal, animated, rotateInDownRight, etc. Figure out where these styles are defined. You can do this by clicking on the style names in dev tools. You will find that for "rotateInDownRight" there's this definition: .alpha-entrance-reveal.rotateInDownRight { animation-name: revealRotateInDownRight; } The dev tools even include a little paperclip icon that that will run the animation when clicked, so you can easily see the effect it produces. Look up the css definition of animation-name and what it does. CSS Animations like many similar packages utilize key frames. You set up a particular state and the animation calculates how to get from that initial state to future keyframes. So the definition of "revealRotateInDownRight" turns out to be this css animation: @keyframes revealRotateInDownRight { 0% { transform: rotate(25deg); transform-origin: right bottom } to { transform: rotate(0); transform-origin: right bottom } } It should be apparent that what is happening is that it is starting with the element rotated 25 degrees, using the bottom right corner as the "origin". You want to investigate what an "origin" is for in a grid or animation system. When the animation is complete, the element will no longer be rotated. What you can do, is make small tests to explore these effects. It should go without saying that there are many other styles that are contributing to the overall animation effects of the page, but individually you can understand them once you break them down and isolate them. If you investigate the "fadeInRightShorter" you will find a similar transformation that utilizes transform-origin. @keyframes fadeInRightShorter { 0% { opacity: 0; transform: translate(50px,0); transform-origin: 0 0 } to { opacity: 1; transform: none } } .fadeInRightShorter { animation-name: fadeInRightShorter } This page has an awful lot going on, including the use of Skrollr, which is a really old javascript scroll animation library.
  24. This is often the case with devops tools. Unless there is a company or core contributor behind it who wants to write one, there probably isn't going to be a book. Being written in Python, the better you understand Python, the more you'll understand Ansible basics, particularly in terms of the data types. You also want to feel pretty comfortable with Yaml, given your playbooks are yaml files. It's not my favorite way to try and learn a tool, but this is a really complete and well done video that covers Yaml (and probably some things that it allows for but you rarely see used) -> I will also say that for tools like this, I find you really want to have some ongoing problems you are trying to solve, because books or courses aren't guaranteed to match up with your particular needs. What I did at the time (and I didn't know Python at all at that point) was to go through this Udemy class: https://www.udemy.com/course/diveintoansible/ Just to be clear, I only buy Udemy courses during the times when they have their sales, and courses are $20 or less. That course was very good. The instructor provides a Docker based lab environment you work with, so you can follow along, experiment etc. As I was already using Docker quite a bit, that was easy for me to work with, and at the time struck me as a great way to tackle things. I also had a long history of unix system administration experience under my belt, and all of those fundamentals (things like ssh keys, and security, and how you set up servers etc), not to mention years of working with AWS, allowed me to absorb the material, discern how to start working with Ansible, and get things built with it. Even with all that being true, there were still many things that I had to figure out how to do on my own, but the course was really the dividing point for me of knowing Ansible existed (I'd used Puppet and a little bit of Chef previously) and believing it could be the basis of some automation tools I wanted to create, and actually writing/testing and using those playbooks. Just for the heck of it, here's one very simple playbook I wrote one day, that uses the yum package manager (used with redhat based distros) to update a group of servers. This is so generic I can share it. Obviously, most of it just comes from knowing I wanted to update server packages using yum, and googling "ansible yum module" seeing there was an existing module, and just scanning that. There's the boilerplate yaml file and comments I got from the course (which I have as a starter file I use when writing one), and you can see just the one task. --- # YAML documents begin with the document separator --- # The minus in YAML this indicates a list item. The playbook contains a list # of plays, with each play being a dictionary - # Hosts: where our play will run and options it will run with hosts: prod # Tasks: the list of tasks that will be executed within the playbook tasks: - name: Update installed packages become: yes become_method: sudo yum: name: '*' state: latest become_user: root # Three dots indicate the end of a YAML document ... So to conclude: the fundamentals of Yaml and Ansible are fairly simple. The power is in the modules, and you are going to read the module documentation at the point you already know that there's a particular tool you would otherwise be using to solve a problem.
  25. Based on your statements, the only thing I can think of, is that the new server might be restricting PHP from making socket connections of any type. Given that you are running this, I gather as page triggered within the web server (php running via the web server) then it might be something in the php.ini setting that is different and more restrictive. I would go through the php.ini for the new server in detail, starting with a basic phpinfo().
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.