Jump to content

gizmola

Administrators
  • Posts

    5,980
  • Joined

  • Last visited

  • Days Won

    148

Everything posted by gizmola

  1. Controllers are not models. Having a controller that handles CRUD for Categories is irrelevant to controller built for products (that happen to include Categories. In your product controller, you should use eloquent to query for the categories. I'd expect to see something like this: $categories = Categories::all(); return view('products.create', ['categories' => $categories]); Then in your product blade template you will build the category drop down in the list using something like: <select name="category" id="category"> @foreach ($categories as $category) <option value="{{ $category->id }}">{{ $category->name }}</option> @endforeach </select> It's good to put this into its own partial template and include it, if you expect to use this type of code in multiple places. That way any style classes you might add or changes, will be reflected throughout the system, rather than having to go through and change the same code multiple times. So you will want to put code similar to what I have shown in it's own blade file, which you might name category.blade.php. Make sure you understand where you need to put templates and how you will reference them when including. So your product.blade.php template would include category.blade.php using something like this: <form method="POST" action="{{ route('product.new') }}"> // whatever other stuff @include(category) <button name="submit" type="submit">Submit</button> </form> This assumes that you have a method in your product controller that has a named route setup for it, pointing to product.new. Hopefully you get the idea.
  2. You really have to use an editor with indentation and make sure that you are matching braces. The code you provided is missing a matching bracket. There's also an obvious problem which is that you output errors, before you've started the html section of the page (in cases where there is an error). This will at best malform your html document. The other issue is that you don't have a form, nor does that form set the method to make a POST, so there's no way that the code can work as you intended. You also don't have a form element to test against Here's something more likely to work, based on what you provided: <?php $errors = array(); if (!empty($_POST["submit"])) { $fullName = $_POST["fullname"]; if (empty($fullName)) { array_push($errors, "Fullname is empty"); } } ?> <!DOCTYPE html> <html> <head> <title>Help</title> </head> <body> <?php if (count($errors)>0): ?> <ul> <?php foreach($errors as $error): ?> <li><?= $error ?></li> <?php endforeach ?> </ul> <?php endif ?> <form method="POST"> <input name="fullname" type="text"> <input class="submit-btn" name="submit" type="submit" value="Register"> </form> </body> </html>
  3. Just looking at the way the world has gone, the interest in having issue tracking systems that aren't integrated into source code management, which is something you get from Github, Bitbucket, Gitlab and Launchpad to name a few of the better known options, means that there is isn't much incentive for anything new to appear. MantisBT has a large and active userbase, so I think you are in good shape going with that project, and it has been around for over 20 years. I'm not sure what you are using Issue tracking for, but there are also any number of free hosted solutions beyond the ones I mentioned, all of which have some level of free use. Atlassian for example, which has the well known Jira and Confluence products, offers free hosted cloud accounts, for up to 10 users. Last but not least, you can always fork Flyspray on github and maintain it yourself if it works for you. It's LGPL 2 licensed, so the worst case scenario is that someone might need to takeover the project, if the current maintainers have given up on it. That doesn't seem to be the case from what I can see, but it does seem that their project flyspray base has lost hosting, and they haven't figured out a new solution. Arch Linux (which has really gotten a boost with the popularity of docker and the many container images that start with it) continues to use Flyspray as their bugtracker, so I don't think there's an emergency. If you're using a packaged version, and support for a new package is lagging or non-existant, you can always just git clone the project repo: https://github.com/flyspray/flyspray Assuming your workstation can support Docker, you can run a PHP container pretty easily with a prior version that supports your Flyspray version. *update* Just looked at github and the main contributor Peterdd made some commits as recently as february, so certainly not a ton of new activity, but not dead either.
  4. He hasn't been on in a few weeks. Hopefully he is doing fine, and just taking a break or a vacation.
  5. Older versions of java that were created before the Apple Arm (M series) chips will not work with the M1 macs. The only builds they have are for Intel based macs. In order to get support for the newer ones you need a newer version of Java. Your older apps should work with newer versions of Java and Tomcat. You might also consider trying to use Docker. Here's the official Tomcat docker image: https://hub.docker.com/_/tomcat If you want to try it out (assuming you installed Docker) scroll down the page to the section that says "How to use this image." and follow those instructions. I would 100% be using Docker to run a local tomcat for development.
  6. I would take a look at the NFSen project, which is written in PHP and Perl. You are also able to extend it with modules written in either of those languages. https://nfsen.sourceforge.net/
  7. Conceptually, static methods are part of a class, given how they are called, but the reality is that there is a magic object created, so that for example, static variables have a place to live. This code works, and you can consider it, if you would like. There are also several alternatives like return new self() or return new static() as well as return __CLASS__. I'm fairly sure all these actually work with PHP 8. Consider this code: <?php class Foo { private static $callCount = 0; private $previousCallCount = 0; public static function addCount() { self::$callCount++; return self::class; } public function setPrevious() { $this->previousCallCount = self::$callCount; } public static function getCount() { return self::$callCount; } public function getObj() { return $this; } public function getPreviousCallCount() { return $this->previousCallCount; } public static function getCurrentCallCountStatic() { return self::$currentCallCount; } } echo "start " . Foo::getCount() . PHP_EOL; Foo::addCount()::addCount(); $foo = new Foo(); $foo->setPrevious(); $foo->addCount(); echo "addCount was called, now " . Foo::getCount() . PHP_EOL; $fooObj = $foo->getObj(); $fooObj->setPrevious(); $fooObj->addCount(); echo "addcount was called, now " . Foo::getCount() . PHP_EOL; echo "What is fooObj's addCount? " . $fooObj->getCount() . PHP_EOL; echo "Previous: " . $foo->getPreviousCallCount() . PHP_EOL; echo "Next: " . $fooObj->getPreviousCallCount() . PHP_EOL; echo $foo === $fooObj ? 'Same objects' : 'Different Objects'; So I like to think of it as "there's this one object that exists to support static class use. It's actually kind of a mess, but this code works, and even has some surprises in my opinion as in how $previousCallCount is handled. I'm not sure what problem this solves, or why this is a good sensible solution. If you want a fluent interface you can return the magical static object and use it fluently if you have a bunch of non static methods you would call. From time to time I've seen people utilize this feature, but I don't recall where I last saw it, or if I understood the motivation. A lot of your questions seem to be missing clear obvious context, so I'm never quite sure if I get why you want to explore this stuff, but I commend your consistent interest in exploring ideas within what php allows.
  8. It kinda depends on how you set things up. For example, you are referring to Laragon. Did you use that to install PHP on your new computer? If so, are you able to open up a command terminal, and type php -v and get the cli client? If so, I don't think you need anything that you are currently trying to do, so you're making a mess. Also I would recommend this: Install the intelephense plugin or the php tools plugin from devsense Follow the instructions carefully to configure either one The default php extension is borked and basically doesn't work right. Setting you are making aren't relevant to either intelephense or to php tools. These instructions include disabling the default extension that will conflict with intelephense if you don't disable it see https://marketplace.visualstudio.com/items?itemName=bmewburn.vscode-intelephense-client This videos is the most complete coverage of setup of a PHP environment on windows i've seen. He demonstrates and advocates for many extensions he finds useful for php web development and what he uses them for. He also shows you how to use WSL integration as an alternative to local php on windows dependence, which has some advantages.
  9. Hmm, what do you think about the messages it provided? Manual says: https://www.php.net/manual/en/function.spl-autoload-register.php Assuming you identified the offending line of code as being error_log(......) one of the parameters you are passing is actually an array, and you are treating everything as a string. If I were to guess, it's probably whatever is being passed in $context. Again, see the php manual for the function error_log: https://www.php.net/manual/en/function.error-log.php
  10. Perfect approach. If you would like me to answer some of the domain questions for you, feel free to PM me the domain and I'll search the DNS and determine what services are being used, if you are having trouble figuring that out. Either way I think you are on the right track. With that said you need to understand how to install and require the phpmailer libraries. Typically people will use composer to install the library. It can be downloaded and specified manually, but you will notice in that code namespaces, which if you are new to PHP maybe over your head. They are very important these days, and you'll see looking at that other thread, that the libraries are referenced at the top with use statements. Those are not magic without either include/requiring the individual files, or using an autoloader script (which is part of what composer will do for you --- generate an autoload.php script you can include. If you use the autoloader, then you don't need anything other than the use statements, as PHP understands how to look for and locate the library source scripts. You might already know all this, but if you don't, this is why the php composer tool is pretty much essential to professional php development these days. It provides dependency management and location and setup of 3rd party/component libraries like phpmailer. I would highly recommend that at least for this script, this is how you integrate phpmailer into your script.
  11. I will try and clarify a few things for you: PHP has the ability to integrate libraries known as extensions Many extensions can be installed directly via PECL, but there are cases when an extension isn't available via PECL Other extensions have been pre-compiled and packaged such that in a particular linux distro you can add one just by using a system package manager An extension can be enabled or not, by referencing the location of the extension library in the php.ini. The php.ini has an include that will search a directory for other files to include Often extensions not only have a shared library path that is required, but also have some settings that can be configured. For this reason, as Kicken stated previously, most packages and extensions include a config file in .ini format that will go into a typical location like /etc/php.d or similar. The benefit of this is that you don't touch the primary php.ini file. At the risk of overcomplicating, it is also not unusual for there to be multiple php.ini files (one for web integration and another for command line php (cli) settings. For example, some systems may have long lived cli programs they run from cron, and might want to allocate more memory and execution time to those than they would be comfortable with for php web processes. On many distros you have to trace where the actual current php.ini lives. Many distros handle php version updates by providing a base php.ini that they then symlink to a typical location like /etc/php.ini. You might need to investigate the server install and phpinfo() etc. to be sure you understand what config files are being loaded from where. Regardless of that, since you have a directory for extensions already, most people in your situation would: Create a cmark.ini file in that directory and put the extension statement in that file rather than editing the php.ini. You are in a situation where you can't install from an extension nor use pecl, so you're having to use option C, which is to build the extension yourself and enable it. This is what phpize does. It is simply setting up the environment so that the extension code can be configured,compiled, and installed. How to uninstall in this situation? There really is no uninstall. Once you are done with the compilation from source, you get the extension library. It will only be available to php if the extension is enabled. You no longer need the source code and can delete it entirely once you've made it. All the make install does is move it to the system extension directory (which is a convenience and not a requirement), and may add an entry enabling the extension in the php.ini. Commenting out the extension, and it will no longer be part of php If you don't need it, further, commenting out, or removing the line of extension.ini file (if you made one) will disable it. You can delete the extension or not, but it's not registered in the OS or anything like that. Depending on how you run PHP you probably will need to restart "php" which might be restarting the webserver, or restarting php-fpm if that's what you are using. There is nothing else to it.
  12. We do get these type of questions regularly. If you look at the code for this person it will give you a good idea of how you would utilize phpmailer. The basic mail() function -- I don't want to write up a manual on it, but it has a few different possible modes, although in general it's not what you want to use here. Probably it is dumping mail to GoDaddy's servers, which also aren't setup to be the MX for the customer's domain. So you have a few different options here: Change everything so GoDaddy is hosting email for the domain Use the current mail exchanger (assuming it's Microsoft right now). You may need to be able to modify/make changes to the customer's DNS entries for their domain, depending on how things currently work, and whether or not you want to change. Here is a fairly recent thread: So, again I'm still not clear on the moving parts here, but I can tell you what is feasible. Things you need to clarify: For the customer's domain, who is hosting mail? In DNS entries, this is the company/servers that are accepting mail for the domain Is this Outlook/aka Office365? Keep in mind these are different brand names for Microsoft hosted email. It also includes Hotmail or used to. This is not to be confused with the windows IMAP client "Outlook" that was/is part of what was microsoft office and is now rebranded as Office365 -> https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook When you say that the client uses Outlook, we need to be clear. Anyone can use outlook with any system. I can setup outlook to work with a domain I personally own, that is a fully functional self hosted email system if I want to, because outlook supports IMAP, and I provide IMAP services for my domain(s). With that said, as part of office, Outlook is very popular in a lot of corporate "all microsoft" shops because it has built in support for Active Directory, exchange, and microsoft networking and file services that many companies use. IMAP includes integration with things like calendering, which is another reason people tend to like it. I also understand if they don't want to change from (whatever they have now) because emails are stored on whatever server they are using now. Changing to use Godaddy's server could work with Outlook, but all the mail that was on the old server would be gone. Email could be moved in a variety of ways, but with only client access, it could be a time consuming and error prone process if they have a large number of emails being stored. Because I don't know the facts, I can only guess at the obstacles, and options. Again, *if* current business email for the customer's domain is being hosted by microsoft, then the path of least resistance is to determine the protocol and credentials needed to setup SMTP mail delivery into the customer's system. This involves something like: configuring the phpmailer configuration settings to use smtp, along with TLS, and a user name and password for the account(s) they pay for from microsoft as part of their email hosting. Once you set this in phpmailer, you make the to: be that account (ie. From: [email protected], and then To: is customer. If this was working previously, as I said, any mail sent directly to the same user (same to/from) stays in microsoft's system and goes right into their box. Most of these systems also allow aliases to be created, so typically a different user alias like [email protected] can be setup within the microsoft configuration for the hosted account, and you could instead have phpmailer configured to send mail from that address rather than [email protected] I think I'm going to leave it at this now, as I still have way too many frustrating questions about this, and the various branding of microsoft products and services with overlapping names doesn't help. Given everything I've written, there could be an entirely different set of factors at play here, and without detailed and specific information about the domain MX record as well as any other entries like SPF, there's really no way for us to help you further other than just guessing.
  13. ^^^^^^^^^^^^^^^^^^^^^^^ 100% This video is highly recommended. Try out some of the simple code he shows, and you should be able to figure out how to make it apply to your desired layout. The video does a great job describing which use cases are better suited to a particular layout.
  14. This seems like something GoDaddy should provide you support with, since they are apparently reselling office365 hosted email to your client. Roundcube is a web based IMAP client, so it's unclear from your description what that connects to. Is it bundled goddaddy email, or direct to office365? Here is what I can tell you about email delivery: it is exceedingly complicated and requires a lot of knowledge and complete administrative control for a domain and any related servers. You aren't going to get DKIM setup on a hosted server. You *might* be able to set it up on a virtualhost if you really know what you're doing. It's not unlike networking, for which you can have much general understanding, but still not enough to pull off what a network engineer does. SPF alone is not enough to get deliverability these days. With that said, we have no idea what sort of account you are using, nor did you explain what the mailing code is. For example, most people have been using phpmailer to handle the sending of emails. Is that what you are doing? What configuration did you utilize in your form? Who do the emails come from? In terms of SPF, again Godaddy should have provided the instructions you need, but this is complicated by the fact that it sounds like in this case your email service is coming from Office365. So what you typically need then, is configuration of an SPF record that essentially delegates the SPF to Office65 (since they would be the MX of record for your domain). You also would need to have phpmailer configured so that emails go directly from phpmailer (which will use some form of SMTP connection) to their server infrastructure. In other words, if your email is hosted by Microsoft, then you want to deliver it directly to microsoft (and it will use the credentials and security they support). In that case, it's basically dropping mail directly into Microsoft's email system. It's surprising to me that whatever you are currently doing doesn't get you to office365 but does get you to gmail, as they both are pretty rigorous in not accepting or spam filtering emails that don't qualify as doing everything that legitimate email servers expect these days.
  15. What you need really depends on what you are using java for. The first thing to do is try and run java rather than javac. That will help you get an idea of what was already installed, if anything. Since you are trying to run javac -- which is the java compiler, you want some version of the java sdk (aka the jdk). Typically, people don't need the jdk just to run java applications, but you do, if you're actually developing java apps that you need to compile with javac. I would suggest just installing Java v17 which is the LTS version, which you can get from this page: https://www.oracle.com/java/technologies/downloads/#java17 When you say you have a "fairly new" mac, it matters if it's an m1/m2 or intel based. Make sure you download the arm installer if you have an m1/m2 or the x64 version if you have a prior generation intel based mac. With that said, if you do install homebrew, which is useful for other things, then installing the openjdk is very simple (from the terminal). brew install openjdk@17
  16. Here's a version I created on Scrimba: https://scrimba.com/scrim/cWb9kLAJ
  17. Yes you are missing something obviously different, which is that you are including jquery and the magnific popup code in the wrong order AND loading it in the body rather than the head section. Try changing it to this: <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title> Document </title> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js"></script> <script src="jquery.magnific-popup.js"></script> <link rel="stylesheet" href="magnific-popup.css"> <script> $(document).ready(function() { $('.popup-youtube').magnificPopup({ type: 'iframe' }); }); </script> </head> <body> <div> <a class="popup-youtube" href="https://www.youtube.com/watch?v=Euy4Yu6B3nU">Air</a> </div> </body> </html>
  18. Let's assume it is ok for null to be passed sometimes, and you aren't able to hunt that down and fix it. A better fix would be: <?php function orderByDate(?array $items): array { $items = $items ?? []; $referenceArray = array(); foreach ($items as $item) { $referenceArray[] = strtotime($item['pubDate']); } array_multisort($referenceArray, SORT_DESC, $items); return $items; } This eliminates the need for a for loop and counter, adds the php7/8 typehints, and uses the null coalescing operator to handle a parameter when it's null. This will allow either a valid array or null, and the end result is that you will get an empty array returned if null was passed, which I assume was the way it used to function. A unit test would be better, but here's a little test script of the function demonstrating that it works as expected: $t = [ ['pubDate' => '10 September 2000', 'name' => 'apple'], ['pubDate' => 'now', 'name' => 'banana'], ['pubDate' => '+1 week', 'name' => 'coconut'] ]; var_dump($t); $t = orderByDate($t); var_dump($t); $t = orderByDate(null); var_dump($t); Output: array(3) { [0]=> array(2) { ["pubDate"]=> string(17) "10 September 2000" ["name"]=> string(5) "apple" } [1]=> array(2) { ["pubDate"]=> string(3) "now" ["name"]=> string(6) "banana" } [2]=> array(2) { ["pubDate"]=> string(7) "+1 week" ["name"]=> string(7) "coconut" } } array(3) { [0]=> array(2) { ["pubDate"]=> string(7) "+1 week" ["name"]=> string(7) "coconut" } [1]=> array(2) { ["pubDate"]=> string(3) "now" ["name"]=> string(6) "banana" } [2]=> array(2) { ["pubDate"]=> string(17) "10 September 2000" ["name"]=> string(5) "apple" } } array(0) { } array_multisort is a strange, non-intuitive function, but it does perform some magic in this case.
  19. Paul-D my friend, this is the way of the world. Many books are now published online, sometimes under a creative commons license. In today's world you have ereaders and kindle etc. I used to buy scores of technical books -- have an entire library of em, but they are mostly obsolete now. I'm sure you would agree that many books have a few really important chapters and then a lot of stuff that's not important. The phpdelusions site pretty much covers everything you need. The other thing about PDO is that it's akin to ODBC, and that makes it different than a server specific api. Unlike ODBC, it in general is very usable and performant regardless of the RDBMS you are using it with. I personally use Doctrine DBAL for projects, if I just need raw sql. It provides a nice wrapper around PDO. Since you haven't coded anything in a long time, and are having to try and upgrade code that was written in an antiquated and un-modular fashion, it's understandable that you are frustrated, but if you plan to stay in PHP for a while, there are many things that have improved in the PHP world in the last 10 years that have nothing to do with PDO. Learning about and adopting some of these things which include use of git, wide adoption of dependency injection, community standards, namespaces, component libraries, and use of the composer project dependency management tool, have raised the bar. PDO is such a small and minimal set of functions/methods and practices, it's honestly not hard to learn what you need in short order, but doesn't scratch the surface of the more important improvements that have come along with the changes to the PHP language and runtimes.
  20. You are clearly new to doing queries with the php mysqli extension. First of all, why are you including extraneous parens and punctuation in your query? What you are doing: $sql= "select * from cic_remus.contacts where (id='$id');"; What it should be: $sql = "select * from cic_remus.contacts where id=$id"; Your problem is likely a logic issue as Kicken has pointed out, but you should also address the underlying issue for debugging purposes: This is telling you that you have an uncaught exception, so try surround the code with a try..catch block for that and then display the actual exception message and query next time you do this. try{ // sql query code } catch(Exception $e) { echo "Error: " . $e->getMessage(); } I'm not sure why you are doing what you are doing, when instead you can just do a query: INSERT INTO cic_kenobi.contacts AS select * from cic_remus.contacts ON DUPLICATE KEY IGNORE If the tables don't exactly match (you can craft the individual values statement in the same way you already have been). You can run this from PHP but unless you are doing this frequently, having it scripted within php doesn't have a lot of value to it.
  21. Just as I posted, I saw your reply, however, the points I have made and sample code are still things you should consider.
  22. The answer is that you are always getting the last row in the result set. Consider your current code. You query, then in a loop fetch every row from the result set and assign the values from the row to various temporary variables of the same name and purpose. First off, not to fix your problem, but --- there is no reason to do this. You get an associative array with the values nicely indexed by column name. Don't make a bunch of temporary variables when you don't need to. Just use $row['field'] when you need to display the value. Yes, you absolutely need to change your query to take the id passed to the script. According to what you provided that should be $_GET['id']. I don't know why that hasn't worked for you yet, but that's the correct way to do this, although, you should be using a prepared statement and bind variable rather than trying to interpolate the variable. Do it the right way. Consider the interpolation example you provided: SELECT * FROM users WHERE id = '$id' " This is incorrect if id is an integer, which we have to assume it is, since this is a numeric id. So you should not put quotes around it, because it is not a string. With that said, the mysqli_ binding probably allow this but it's sloppy and incorrect SQL. In summary, there may be an issue with the id, so make sure you debug that you are getting the value you expect from the $_GET array. (This also assumes you reach this page via an anchor href). We don't have the code to know for sure what you are doing. if (empty($_GET['id']) { // this page shouldn't be entered, because no valid id was passed // maybe redirect? exit("invalid"); } $id = (int)$_GET['id']; $sql = "SELECT * FROM users WHERE id=?"; $stmt = $conn->prepare($sql); $stmt->bind_param("i", $id); $stmt->execute(); $result = $stmt->get_result(); $user = $result->fetch_assoc();
  23. So what people are trying to say is that something must run the submit_rating.php when a review is posted. The same script needs to be run when a page is loaded, as it returns the data you need for your page to update the numbers you want to see updated in a json structure. We can surmise that the way to do the ajax calls is with jquery, since jquery was included in the html you provided. Here is the jquery documentation. Read through that and try and adapt their examples. Just to simplify things for you you can focus on the $.ajax() method, as the other methods are just HTTP request type wrappers around $.ajax. The html page you provided needs some jquery code to: define the handler code you need that will submit the form data to submit_rating.php bind that handler to the submit button of the form define a function that takes the json results returned from submit_rating.php (which are the actual stored ratings) and using those to update the various places in the Dom where the relevant numbers are required. Doing that can also be done with jquery, which has various methods to select and then manipulate DOM elements. Currently there is no code to do these things, that you have presented. If you need to write that code yourself, then you now have a basic step by step guide as to what you need to do. It's also a pretty standard way of doing things, although jquery has fallen out of favor in recent years as javascript frameworks like vue and react have become popular. Neither of those frameworks are relevant to your code though. I will mention in closing, that it would be very helpful for you to understand submit_rating and it's dual purpose. That script is designed both to update the statistics if the review form was submitted, and to also get the statistics, and those 2 functions are not mutually exclusive. You must understand how to construct a POST structure in your function that is meant to handle a form submission, by getting the input from the field(s) needed and passing that in the post. Make sure you understand how to get that code to be triggered when the form is submitted, and not triggered when it's not needed (ie when it's just a GET request to load the page). Hope this helps you move forward.
  24. You provided 2 "php" files, neither of which have any php code in them. I'm going to guess that there are scripts that the UI might call via ajax, to make changes to UI elements, but I don't see references to likely candidates in the html you provided.
  25. I don't want to speak for Kicken, but I didn't interpret his reply as having any animus attached. It's not a personal attack, and I know he doesn't care whether or not you are a professional developer. He's been answering questions here for many years. Also, you are by definition a programmer, because you are programming He's just making the case that most libraries have a rigor to them that your code will not. In regards to efficiency, imagemagick and gd are written in c, so they are going to be many orders of magnitude more efficient than php code you might write to open a file and read it byte by byte. They both have literally millions of users using them, and they are part of countless websites, so they have been thoroughly tested, and in many cases, studied by researchers and students looking for bugs and exploits, which are all benefits of open source. I already expressed concern that a simple loop reading a file byte by byte is going to result in something very messy, because jpeg file structure isn't simple. The other issue, from my point of view, was also addressed by Kicken, which is that, data hidden in a jpeg file, in places where jpeg allows for data to be added, to his point does not weaponize the image, and is also valid. This is not unlike the way computer viruses work, and why antivirus companies exist. They must constantly identify new viruses, and fingerprint them, and this job is never complete, because virus writers keep changing them and finding new ways to hide them or exploit new vulnerabilities. Going further with this analogy, a big concern with images has been "stegosploits" where the payload is hidden in the actual image data. In this case it's a valid jpeg, so I don't think you will be able to detect any issues with image of those types. At any rate, I don't want to lose sight of what your actual problem(s) are at present. You can not have your cake and eat it too As you read through the file you can recognize the start of a structure You can continue to read until you get to the end of the structure Assuming you have now identified that structure, you can do analysis of it In all cases, aside from a simple scan to verify the existence of certain byte sequences, you will need to retain the structures in some form, if you intend to do further analysis of them. Preserving them, means that you will have to keep them in memory. I don't see any way around that, and again, I'd expect at very least to have functions or class structure to handle individual structures and do further analysis of them. I hope this helps, as beyond that, we are much better suited to specific problems than generalized/strategy based ones.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.