Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by gizmola

  1. These messages are all related to the open_basedir settings of your php installation. You need to locate the php.ini file for your system. Either a script that only has phpinfo(); in it, or use of cli php run with php -i will let you see where the configuration file(s) are located. On most systems, the base php.ini will load files in a subdirectory like /etc/php.d. You can ignore those files if they do exist, as the open_basedir configuration will be in the main php.ini script. The first place to look would be /etc/php.ini, but you need to be sure that you are editing the actual php.ini being loaded when you run your script. In some cases, there are different php.ini files so that php used with a web server can be configured differently from the cli version you use to run command line scripts with. Once you are sure you are changing the correct php.ini, edit it with a text editor and look for the line open_basedir = You can either add the directories in question to the list you find, or disable it entirely by adding a ; before the line like this: ;open_basedir = If this script is being run through a webserver, then you would want to restart the web server, or possibly php-fpm, if that is your web server configuration. If this is a cli script, running it again after you added the directories or disabled open_basedir should solve the issue.
  2. It would be helpful if you provided the version of libssh on the client server running php, as well as the php version. Likely this issue is that you have libssh2, and the message is telling you that the key exchange doesn't work. This is because libssh2 upon which the php routines were built, used diffie-hellman-group1-sha1, and the version of openssh no longer will accept that exchange, hence the error. To understand why this all came about, you can read about the Logjam exploit which attacked the SHA1 key exchange, as well as recommended configuration changes to a variety of commonly used services. While openssh was not specifically vulnerable to logjam, given its focus on openssl, there was still a concern that the key exchange had a weakness, so support for diffie-hellman-group1-sha1 was removed from openssh. This page has more specifics. So at this point, you should be able to remedy the problem with an upgrade of libssh2 to a more modern version (version >= 1.7) which supports newer key exchange methods. One alternative to the reliance on the php extension would be to modify your code to use phpseclib instead, which supports modern servers.
  3. I'm with @requinix -- Webalizer is pretty much a dead product. I believe that AWStats is the defacto standard FOSS web log reporting tool, being that it is typically bundled with CPanel. It's probably the closest thing to what Webalizer was, only it continues to be maintained and enhanced. It's a package of perl scripts, and is highly portable, as it mainly requires perl, and has documentation for installation, and in your case, has a windows installer. There are many log analysis systems that go far beyond the web, and for that reason, are often used instead of AWStats, and of course a lot of people just use google analytics or commercial alternatives. Most large commercial websites use multiple services to provide different types of analysis, including bug logging, which is not something traditional web analytics products try to track or categorize. With that said, there are numerous alternatives to awstats you might want to investigate. GoAccess is one that I'd recommend looking into. It also has to be said, that these products go through your http logs, and as the old saying goes, are subject to the possibility of GIGO (garbage in/garbage out), by which I mean, that they work with the data available to them in the http logs. In many cases, the default settings for apache or IIS are not sufficient to support accurate or enhanced reporting, depending on your environment. Often you need to modify the log format (as in for example, using enhanced log format) and/or creating a custom log format, that bakes in data specific to your system like specific cookies or non-default client IP settings. That's up to you, as well as automating ingestion of log files, or movement of log files from another server to an intranet or your workstation.
  4. Oracle database has been around a long time, and has a lot of features and extensions that are specific to it. If you are not going to use it immediately, or need a certification for a job, I wouldn't recommend going down that rabbit hole, even though I do think that Oracle database is a great RDBMS in many ways, but it is commercial and expensive. You often see it paired with java/enterprise java applications. For reasons I won't go into, besides cost, very few people pair PHP with Oracle database. The open source database closest in design and features to Oracle is Postgresql, so if anything, exploring postgresql would be a step in that direction. Since you use SQL Server, I would suggest getting certs in that, and in particular, learn about the specific things you listed, like transactions and concurrency (locking), and Views, stored procedures and triggers. Sprocs and Triggers are very important and highly used in SQL server development (Transact-SQL aka T-SQL), and in Oracle (which has an entirely different stored procedure language). MySQL also has stored procedures & triggers, but they are not commonly used, in comparison to the way that they are very often baked into applications that use sql server on the backend, as is the case with a lot of .NET applications. I don't think you can really say you are confident in your SQL knowledge until you are confident in the many ways you can use joins (including self joins), and the use of grouping and aggregation, as these are some of the primary reasons people use relational databases. It also helps to learn about the way rdbms's work in terms of datatypes, constraints and indexes. You want to have a good working understanding of the different types of indexes and the ways they overlap with primary key/unique constraints. You also really need to understand concurrency and locking, as it pertains to each database, and an understanding of transactions as well as "2 phase commit" support. While all the major relational database engines have configuration options that can be used to alter the concurrency/locking models, MySQL (and forks like MariaDB) is particularly different in that it allows for the use of different engines. For example, the original MySQL engine (myisam) is very different from the popular InnoDB engine that most companies use. It's a simple example, but MyISAM has no support for transactions, so you can write code that starts transactions and commits or does a rollback, and mysql will happily except that code, when in fact it actually ignores those statements entirely and doesn't support transactions whatsoever. You also want to understand how you install and configure these databases, and what options and tradeoffs might be involved in how you set them up. This affects how a database might/might not recover from a crash/ lose some data/transactions (or not), have backup options, or support replication in various flavors. With the existence of Docker, it's now much easier to experiment and learn about these databases, and create local test configurations. I think it helps to keep in mind, that there are categories of developers (DB Architects & Administrators & DB developers) who specialize in these products, and they have extensive levels of depth to them. There are some well known experts with books you might be interested in. A couple off the top of my head, are Joe Celko, who wrote some well known SQL books, and Tom Kyte, who authored many books on Oracle, and was well known for his "Ask Tom" column where he answered oracle questions and demonstrated ways certain problems could be solved. PHPFreaks is fortunate to have a number of developers who have consistently shared their expertise with relational database design and SQL, so this is still a great place to get advice and in many cases example code.
  5. One of the benefits of the PHP ecosystem is that it has not one, but 2 of the best web application MVC frameworks in existence, those being Laravel and Symfony. I've used both and either one is a great starting point for creating a web application. I have created or worked on large applications in both frameworks, although I will admit that I'm biased towards Symfony. Symfony is typically paired (and somewhat bundled) with the Doctrine ORM, but Doctrine can be used independently in a project. What is more, Doctrine has several components, including a "Database Abstraction Layer" aka DBAL, that provides a nice wrapper around PDO. Not too long ago, I created a little proof of concept app, based on a forum question, and I put this web application on github, and I reference it now, because it was made using DBAL. It's an example of a simple web app that only uses 3 components, with the primary one being the DBAL wrapper. It also illustrates some best practices, in terms of where to put custom classes, what sort of minimal directory structure your project(s) should have, an implementation with a quasi-front controller, and composer for downloading components and autoloading. I also used the CSS framework Bulma. I'd suggest git cloning it, and poking around in the code. You could also experiment with adding some components, or unit tests. With that said, once you consider what a larger projects would need, not to mention the lack of routing, or views, before long it becomes pretty apparent that you're just better off getting the MVC from Symfony or Laravel. Template engines like Twig or Laravel's Blade have some great features like partials, helpers and template overrides (which are sort of like child classes for templating) that go a long way for separating concerns. Certainly, you can create your own framework, as many others have done, but by the same token, most home grown frameworks, end up implementing some form of MVC anyways.
  6. This is usually simple. At this point I think people need to see all your code. Ideally you could put it in a github repo, but an alternative would be to post it to a pastebin like this one: https://forum.gizmola.com/pastebin
  7. It's been an ongoing process by Google to remove search terms from these reports for while now. They basically started replacing the actual keyword terms with "not provided". I guess I inadvertently necro'd this old topic, but at least when search engines index this thread, we'll have some discussion of it now. Google's documentation explicitly states that they stopped providing the keyword information, because it was a privacy issue, at the point that these searches were happening within the confines of SSL connections. I've also seen SEO people who have opined that this decision also helps Google obfuscate the value of search terms since they make money selling placement, but that's just conjecture.
  8. The column(s) you select will generate one row(group) per unique value of that column. Simple example of orders, assuming the order contained a column for the country_code of the customer that placed the order. You want a result with the "Total value of orders by country". So you would want to GROUP BY country_code. Your result set will then have 1 row for each country, but a SUM(amount), of course will provide you the total value of orders for that country. Let's say instead, you want a sum of orders by country, but you want the total for that country by year. SELECT country_code, YEAR(order_date) as year, SUM(amount) FROM ORDERS GROUP BY country_code, YEAR(order_date) ORDER BY country_code, year At that point you're going to get a row for every country_code/year combination, and the SUM(amount) is relative to that grouping.
  9. You won't get one answer because conventions vary by linux distribution can vary by shell bourne shell tends to be a base System scripts do things at boot time and runlevel changes bash is a backwards compatible with sh, but has many extra features Config works with sh/bash/ksh/csh, but anything you do should be bourne shell syntax Other shells have become popular, and are even the default on newer os's (as in OSX now defaulting to zsh) If you're using a newer shell like zsh or fish, then they typically have their own config files you need to research Long story short: Read the /etc/profile script and the /etc/bashrc script. Often one or both will include scripts in a directory like /etc/profile.d If that is already working, you should place scripts that customize things for all users in that directory rather than modifying the /etc/profile or /etc/bashrc script directly. Individual settings should be done in the user's home directory use ~/.profile or ~/.bashrc Aliases are not part of the bourne shell, so you are utilizing a shell specific extension Bash often supports other files like ~/.bash_aliases As for types of shells: Login shell facilitates login, and will run commands in the files mentioned previously An interactive shell is connected to a tty so that the user can interact with it. It will also have certain default settings like job control enabled A non-interactive shell is used for scripts, since the user will not be interacting This old serverfault thread provides a good summary of the configuration files loaded.
  10. Organic search keywords are not passed to GA, ostensibly for "privacy" reasons. In summary there is no way to get the keywords, nor the phrases used. You might have some luck using the google search console, after you register your site with it.
  11. Are you doing a session_start() in baglan.php? If you are, then you should not be doing it again in the scripts that have already included baglan.php.
  12. You can frequently achieve the same layout with flexbox or grid. If you are looking to implement a true grid, then grid is better suited to that. I feel like I have suggested this to you before, but this video does an excellent job showing the differences and suggesting when to use one vs the other.
  13. This type of use case is exactly why people use caching servers like redis or memcached, although you can also support the requirement, with in some cases, edge side includes or client side includes (using javascript). With something like redis, the basic idea is this: Code checks redis for existence of top 10 result. If not found, then query writes cached version with new TTL. You can use a cron job to regenerate the cache at whatever interval you want. Pretty much every site that has a massive userbase implements caching. For a single/monolithic server, PHP has long had options like the shared memory routines, or APC that can be used as well. It's also possible to generate a snippet of html in a file that you read off the file system, as a simple "roll your own" method of caching. All of these techniques reduce the load on your database, which is often the first and most difficult bottleneck to overcome when lack of scalability starts to limit performance.
  14. It's alright my friend, I don't disagree, but at the point someone admits they are a student, we have to expect novice code that will do all sorts of things in a way that no pro coder would ever do.
  15. I would suggest a simple name/password system, as is standard. What you can do is log the IP address in the database. The server gets access to the client IP address. The users have no way of knowing what you are logging or not in that regard. You can then write some reports that look for multiple logins from the same IP address, which should not happen from a mobile phone, unless the users are logging into the same wifi network. Another thing you could do is push a tracking cookie that doesn't expire. Generate a guid value or hash, and push this using some innocuous name, when a user logs in. Set the cookie so that it doesn't expire for 12 months or something like that. You can then check for the existence of this cookie and log it upon login. You can use that cookie, like IP address. In general these types of things require a login/audit table, that makes an entry for each user login. If the users don't understand what you're doing, you are likely to be able to find people logging into multiple accounts using the same cookie value, or missing the cookie on login. You 100% will know when a user logs in with the wrong cookie. What you choose to do in that circumstance is up to you, but I would not suggest that you make it an outright error, but rather something that is determined through reporting on the audit table. I would suggest that you employ both items (IP address and login cookie value), and perhaps a status code, you can set, when the code sees a user logging in with some other user's cookie.
  16. <?php require_once('kaynak/baglan.php'); session_start(); echo '<pre>' . print_r($_SESSION, true) . '</pre>'; ?> <!DOCTYPE html> <html lang="tr"> <head> <title>Sayfanız - Hoşgeldiniz</title> <meta charset="utf-8"> <link rel="stylesheet" type="text/css" href="kaynak/style.css"> </head> <body> <div id="ana"> <h1><?php echo $_SESSION['nik']; ?>Üye giriş sayfasına hoşgeldiniz</h1><br> </div> </body> </html> This is malformed -- you are outputting html before outputting a full html page. That is broken. If you want to do a debug statement like this with the <pre> make sure you move it inside your html page, in the body. <?php require_once('kaynak/baglan.php'); session_start(); ?> <!DOCTYPE html> <html lang="tr"> <head> <title>Sayfanız - Hoşgeldiniz</title> <meta charset="utf-8"> <link rel="stylesheet" type="text/css" href="kaynak/style.css"> </head> <body> <?php echo '<pre>' . print_r($_SESSION, true) . '</pre>'; ?> <div id="ana"> <h1><?php echo $_SESSION['nik']; ?>Üye giriş sayfasına hoşgeldiniz</h1><br> </div> </body> </html>
  17. It does appear this is intended to be a search so the where criteria needs to be implemented. Towards that goal, this is not going to work: <input type="text" name="search_query"><br> Followed by: $search = $_POST['search']; See the issue? (search_query is not search). This query is also not going to work as written: ...., date_stolen, location_stolen, found, date_found, location_found, other_information * Typically either enumerate the columns or use the wildcard '*', but certainly this syntax of 'other_information *' is invalid, as you would at very least need 'other_information, *'.
  18. Indeed, your pattern should be something like RewriteRule ^page/(.*) /page.php?slug=$1 [L,QSA] Take care with the ^ and $ anchors as they may be more restrictive than you actually want.
  19. @UmarFarooq Explain how that code in any way helps with what the user asked for. Where did you get this code from? Why didn't you put it in a code block? Where is the explanation of what the code does?
  20. Clearly you are floundering and unsure how to proceed. That is easy enough to see from the code you posted. The way to attack this (and to program in general) is to break things into smaller pieces. Those pieces are functions and/or methods. There is no way for anyone to help you at this point without writing the code for you. Start thinking about how to break your problem into smaller pieces. Those individual pieces can be turned into functions, which you can test individually. This is one of the reasons that people write unit tests with phpunit. The other problem with your code, is that you have no separation between the logic, html markup and organization of data. This problem of disorganization is so common, that the Model-View-Controller (MVC) pattern became widely adopted in order to solve it. One way you could start to see where you need functions or methods, would be to take the markup you have and mock up all the final data. Another issue with what you are asking for, is that it presupposes a lot of javascript. You essentially are presenting an input table, where you have a lot of cells, corresponding with your poorly designed database table, and you are asking how an html/javascript UI can be created to allow update of that. There isn't one answer to this, so again, people aren't going to just write you up a bunch of code. Personally, I refuse to work on questions where the underlying relational database structure is fundamentally incorrect, and yours falls into that category. Your revenuetarget table with it's 12 month columns is an example of a repeating group. Rather than having one row per year, you should have a table that has a "month" column, just as you have "year" column, and there should be a row for each month.
  21. No, it is telling you the exact opposite. Redirection was considered first, which explains why greetings.txt is not an argument counted or sent to the program (echo). @Kicken provided a really great explanation.
  22. Far better ways of learning PHP: https://phptherightway.com/ Learning PDO (Relational Database API) https://phpdelusions.net/pdo If you are a visual learner, who likes streaming video courseware:
  23. This begs the question of how well you understand binary/octal/hex and bitmasks. These are all fairly valuable computers science fundamentals, as they are certainly useful to understand not just for unix file and directory permissions, but for things like networking and in particular subnet masks. This also overlaps with boolean operators and bitwise operators, as well as floating point representation. It's also good to understand the way data is represented internally thorough defined datatypes used by persistence engines and relational databases. One command that is not commonly discussed is the stat command. Try using it on files and directories to get a summary of information and meta information about a file or directory. >stat ssl File: ‘ssl’ Size: 4096 Blocks: 8 IO Block: 4096 directory Device: ca01h/51713d Inode: 920958 Links: 2 Access: (0775/drwxrwxr-x) Uid: ( 500/ec2-user) Gid: ( 500/ec2-user) Access: 2023-05-20 20:23:29.770828847 +0000 Modify: 2023-05-20 20:50:30.995642112 +0000 Change: 2023-05-20 20:50:30.995642112 +0000 Birth: - If you are already confident in your knowledge of these fundamentals, the obvious answer, provided by requinix is that these commands use octal values for historic reasons, but are typically not as user friendly as the alternative versions that employ constants. For example, even though I fully understand the octal values, and the position of those values in these bitmasks, it's just easier to think about the matrix of user/group/other and Special,eXecute,Read,Write. Thus it's much easier in my opinion, to just think about what you want to set or search for with something like s=u (special bit = user, aka suid) than what the positional octal value of a bitmask are, even though you should be able to derive them yourself, as requinix showed.
  24. Simple subquery article: https://www.guru99.com/sub-queries.html A subquery is exactly what the name describes: An inner (sub) query that is run, with a result that is then used by an outer query. It is not complicated. In order for it to be used in a "WHERE column =" the subquery must return at most 1 value. If it can return multiple rows/values, then you need to use "where column IN" or possibly NOT IN. My 1st tip: a subquery can't possibly work as a subquery, if it doesn't run by itself in standalone fashion. You want to investigate, whether or not you can use a HAVING clause without a GROUP BY.
  25. Your code seems to be entirely variable driven dynamic sql, based on user input. What could possibly go wrong? 🤐 Add logging routines that log the actual SQL statements AND parameters to a file. I'm sure if this continues to happen, in short order you will see what is being done. Seeing these routines themselves, it's easy to see that anyone can essentially update any table they want, if they can get the variables to these routines set to be what they want. You haven't provided any of the UI code or table structure(s) information for context, so there's not much more we can do to help, when we don't have any idea what those things are or how these routines are called.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.