Jump to content

gizmola

Administrators
  • Posts

    5,869
  • Joined

  • Last visited

  • Days Won

    139

Everything posted by gizmola

  1. I will try and clarify a few things for you: PHP has the ability to integrate libraries known as extensions Many extensions can be installed directly via PECL, but there are cases when an extension isn't available via PECL Other extensions have been pre-compiled and packaged such that in a particular linux distro you can add one just by using a system package manager An extension can be enabled or not, by referencing the location of the extension library in the php.ini. The php.ini has an include that will search a directory for other files to include Often extensions not only have a shared library path that is required, but also have some settings that can be configured. For this reason, as Kicken stated previously, most packages and extensions include a config file in .ini format that will go into a typical location like /etc/php.d or similar. The benefit of this is that you don't touch the primary php.ini file. At the risk of overcomplicating, it is also not unusual for there to be multiple php.ini files (one for web integration and another for command line php (cli) settings. For example, some systems may have long lived cli programs they run from cron, and might want to allocate more memory and execution time to those than they would be comfortable with for php web processes. On many distros you have to trace where the actual current php.ini lives. Many distros handle php version updates by providing a base php.ini that they then symlink to a typical location like /etc/php.ini. You might need to investigate the server install and phpinfo() etc. to be sure you understand what config files are being loaded from where. Regardless of that, since you have a directory for extensions already, most people in your situation would: Create a cmark.ini file in that directory and put the extension statement in that file rather than editing the php.ini. You are in a situation where you can't install from an extension nor use pecl, so you're having to use option C, which is to build the extension yourself and enable it. This is what phpize does. It is simply setting up the environment so that the extension code can be configured,compiled, and installed. How to uninstall in this situation? There really is no uninstall. Once you are done with the compilation from source, you get the extension library. It will only be available to php if the extension is enabled. You no longer need the source code and can delete it entirely once you've made it. All the make install does is move it to the system extension directory (which is a convenience and not a requirement), and may add an entry enabling the extension in the php.ini. Commenting out the extension, and it will no longer be part of php If you don't need it, further, commenting out, or removing the line of extension.ini file (if you made one) will disable it. You can delete the extension or not, but it's not registered in the OS or anything like that. Depending on how you run PHP you probably will need to restart "php" which might be restarting the webserver, or restarting php-fpm if that's what you are using. There is nothing else to it.
  2. We do get these type of questions regularly. If you look at the code for this person it will give you a good idea of how you would utilize phpmailer. The basic mail() function -- I don't want to write up a manual on it, but it has a few different possible modes, although in general it's not what you want to use here. Probably it is dumping mail to GoDaddy's servers, which also aren't setup to be the MX for the customer's domain. So you have a few different options here: Change everything so GoDaddy is hosting email for the domain Use the current mail exchanger (assuming it's Microsoft right now). You may need to be able to modify/make changes to the customer's DNS entries for their domain, depending on how things currently work, and whether or not you want to change. Here is a fairly recent thread: So, again I'm still not clear on the moving parts here, but I can tell you what is feasible. Things you need to clarify: For the customer's domain, who is hosting mail? In DNS entries, this is the company/servers that are accepting mail for the domain Is this Outlook/aka Office365? Keep in mind these are different brand names for Microsoft hosted email. It also includes Hotmail or used to. This is not to be confused with the windows IMAP client "Outlook" that was/is part of what was microsoft office and is now rebranded as Office365 -> https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook When you say that the client uses Outlook, we need to be clear. Anyone can use outlook with any system. I can setup outlook to work with a domain I personally own, that is a fully functional self hosted email system if I want to, because outlook supports IMAP, and I provide IMAP services for my domain(s). With that said, as part of office, Outlook is very popular in a lot of corporate "all microsoft" shops because it has built in support for Active Directory, exchange, and microsoft networking and file services that many companies use. IMAP includes integration with things like calendering, which is another reason people tend to like it. I also understand if they don't want to change from (whatever they have now) because emails are stored on whatever server they are using now. Changing to use Godaddy's server could work with Outlook, but all the mail that was on the old server would be gone. Email could be moved in a variety of ways, but with only client access, it could be a time consuming and error prone process if they have a large number of emails being stored. Because I don't know the facts, I can only guess at the obstacles, and options. Again, *if* current business email for the customer's domain is being hosted by microsoft, then the path of least resistance is to determine the protocol and credentials needed to setup SMTP mail delivery into the customer's system. This involves something like: configuring the phpmailer configuration settings to use smtp, along with TLS, and a user name and password for the account(s) they pay for from microsoft as part of their email hosting. Once you set this in phpmailer, you make the to: be that account (ie. From: user@customerdomain.com, and then To: is customer. If this was working previously, as I said, any mail sent directly to the same user (same to/from) stays in microsoft's system and goes right into their box. Most of these systems also allow aliases to be created, so typically a different user alias like system@domain.com can be setup within the microsoft configuration for the hosted account, and you could instead have phpmailer configured to send mail from that address rather than person@domain.tld I think I'm going to leave it at this now, as I still have way too many frustrating questions about this, and the various branding of microsoft products and services with overlapping names doesn't help. Given everything I've written, there could be an entirely different set of factors at play here, and without detailed and specific information about the domain MX record as well as any other entries like SPF, there's really no way for us to help you further other than just guessing.
  3. ^^^^^^^^^^^^^^^^^^^^^^^ 100% This video is highly recommended. Try out some of the simple code he shows, and you should be able to figure out how to make it apply to your desired layout. The video does a great job describing which use cases are better suited to a particular layout.
  4. This seems like something GoDaddy should provide you support with, since they are apparently reselling office365 hosted email to your client. Roundcube is a web based IMAP client, so it's unclear from your description what that connects to. Is it bundled goddaddy email, or direct to office365? Here is what I can tell you about email delivery: it is exceedingly complicated and requires a lot of knowledge and complete administrative control for a domain and any related servers. You aren't going to get DKIM setup on a hosted server. You *might* be able to set it up on a virtualhost if you really know what you're doing. It's not unlike networking, for which you can have much general understanding, but still not enough to pull off what a network engineer does. SPF alone is not enough to get deliverability these days. With that said, we have no idea what sort of account you are using, nor did you explain what the mailing code is. For example, most people have been using phpmailer to handle the sending of emails. Is that what you are doing? What configuration did you utilize in your form? Who do the emails come from? In terms of SPF, again Godaddy should have provided the instructions you need, but this is complicated by the fact that it sounds like in this case your email service is coming from Office365. So what you typically need then, is configuration of an SPF record that essentially delegates the SPF to Office65 (since they would be the MX of record for your domain). You also would need to have phpmailer configured so that emails go directly from phpmailer (which will use some form of SMTP connection) to their server infrastructure. In other words, if your email is hosted by Microsoft, then you want to deliver it directly to microsoft (and it will use the credentials and security they support). In that case, it's basically dropping mail directly into Microsoft's email system. It's surprising to me that whatever you are currently doing doesn't get you to office365 but does get you to gmail, as they both are pretty rigorous in not accepting or spam filtering emails that don't qualify as doing everything that legitimate email servers expect these days.
  5. What you need really depends on what you are using java for. The first thing to do is try and run java rather than javac. That will help you get an idea of what was already installed, if anything. Since you are trying to run javac -- which is the java compiler, you want some version of the java sdk (aka the jdk). Typically, people don't need the jdk just to run java applications, but you do, if you're actually developing java apps that you need to compile with javac. I would suggest just installing Java v17 which is the LTS version, which you can get from this page: https://www.oracle.com/java/technologies/downloads/#java17 When you say you have a "fairly new" mac, it matters if it's an m1/m2 or intel based. Make sure you download the arm installer if you have an m1/m2 or the x64 version if you have a prior generation intel based mac. With that said, if you do install homebrew, which is useful for other things, then installing the openjdk is very simple (from the terminal). brew install openjdk@17
  6. Here's a version I created on Scrimba: https://scrimba.com/scrim/cWb9kLAJ
  7. Yes you are missing something obviously different, which is that you are including jquery and the magnific popup code in the wrong order AND loading it in the body rather than the head section. Try changing it to this: <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title> Document </title> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js"></script> <script src="jquery.magnific-popup.js"></script> <link rel="stylesheet" href="magnific-popup.css"> <script> $(document).ready(function() { $('.popup-youtube').magnificPopup({ type: 'iframe' }); }); </script> </head> <body> <div> <a class="popup-youtube" href="https://www.youtube.com/watch?v=Euy4Yu6B3nU">Air</a> </div> </body> </html>
  8. Let's assume it is ok for null to be passed sometimes, and you aren't able to hunt that down and fix it. A better fix would be: <?php function orderByDate(?array $items): array { $items = $items ?? []; $referenceArray = array(); foreach ($items as $item) { $referenceArray[] = strtotime($item['pubDate']); } array_multisort($referenceArray, SORT_DESC, $items); return $items; } This eliminates the need for a for loop and counter, adds the php7/8 typehints, and uses the null coalescing operator to handle a parameter when it's null. This will allow either a valid array or null, and the end result is that you will get an empty array returned if null was passed, which I assume was the way it used to function. A unit test would be better, but here's a little test script of the function demonstrating that it works as expected: $t = [ ['pubDate' => '10 September 2000', 'name' => 'apple'], ['pubDate' => 'now', 'name' => 'banana'], ['pubDate' => '+1 week', 'name' => 'coconut'] ]; var_dump($t); $t = orderByDate($t); var_dump($t); $t = orderByDate(null); var_dump($t); Output: array(3) { [0]=> array(2) { ["pubDate"]=> string(17) "10 September 2000" ["name"]=> string(5) "apple" } [1]=> array(2) { ["pubDate"]=> string(3) "now" ["name"]=> string(6) "banana" } [2]=> array(2) { ["pubDate"]=> string(7) "+1 week" ["name"]=> string(7) "coconut" } } array(3) { [0]=> array(2) { ["pubDate"]=> string(7) "+1 week" ["name"]=> string(7) "coconut" } [1]=> array(2) { ["pubDate"]=> string(3) "now" ["name"]=> string(6) "banana" } [2]=> array(2) { ["pubDate"]=> string(17) "10 September 2000" ["name"]=> string(5) "apple" } } array(0) { } array_multisort is a strange, non-intuitive function, but it does perform some magic in this case.
  9. Paul-D my friend, this is the way of the world. Many books are now published online, sometimes under a creative commons license. In today's world you have ereaders and kindle etc. I used to buy scores of technical books -- have an entire library of em, but they are mostly obsolete now. I'm sure you would agree that many books have a few really important chapters and then a lot of stuff that's not important. The phpdelusions site pretty much covers everything you need. The other thing about PDO is that it's akin to ODBC, and that makes it different than a server specific api. Unlike ODBC, it in general is very usable and performant regardless of the RDBMS you are using it with. I personally use Doctrine DBAL for projects, if I just need raw sql. It provides a nice wrapper around PDO. Since you haven't coded anything in a long time, and are having to try and upgrade code that was written in an antiquated and un-modular fashion, it's understandable that you are frustrated, but if you plan to stay in PHP for a while, there are many things that have improved in the PHP world in the last 10 years that have nothing to do with PDO. Learning about and adopting some of these things which include use of git, wide adoption of dependency injection, community standards, namespaces, component libraries, and use of the composer project dependency management tool, have raised the bar. PDO is such a small and minimal set of functions/methods and practices, it's honestly not hard to learn what you need in short order, but doesn't scratch the surface of the more important improvements that have come along with the changes to the PHP language and runtimes.
  10. You are clearly new to doing queries with the php mysqli extension. First of all, why are you including extraneous parens and punctuation in your query? What you are doing: $sql= "select * from cic_remus.contacts where (id='$id');"; What it should be: $sql = "select * from cic_remus.contacts where id=$id"; Your problem is likely a logic issue as Kicken has pointed out, but you should also address the underlying issue for debugging purposes: This is telling you that you have an uncaught exception, so try surround the code with a try..catch block for that and then display the actual exception message and query next time you do this. try{ // sql query code } catch(Exception $e) { echo "Error: " . $e->getMessage(); } I'm not sure why you are doing what you are doing, when instead you can just do a query: INSERT INTO cic_kenobi.contacts AS select * from cic_remus.contacts ON DUPLICATE KEY IGNORE If the tables don't exactly match (you can craft the individual values statement in the same way you already have been). You can run this from PHP but unless you are doing this frequently, having it scripted within php doesn't have a lot of value to it.
  11. Just as I posted, I saw your reply, however, the points I have made and sample code are still things you should consider.
  12. The answer is that you are always getting the last row in the result set. Consider your current code. You query, then in a loop fetch every row from the result set and assign the values from the row to various temporary variables of the same name and purpose. First off, not to fix your problem, but --- there is no reason to do this. You get an associative array with the values nicely indexed by column name. Don't make a bunch of temporary variables when you don't need to. Just use $row['field'] when you need to display the value. Yes, you absolutely need to change your query to take the id passed to the script. According to what you provided that should be $_GET['id']. I don't know why that hasn't worked for you yet, but that's the correct way to do this, although, you should be using a prepared statement and bind variable rather than trying to interpolate the variable. Do it the right way. Consider the interpolation example you provided: SELECT * FROM users WHERE id = '$id' " This is incorrect if id is an integer, which we have to assume it is, since this is a numeric id. So you should not put quotes around it, because it is not a string. With that said, the mysqli_ binding probably allow this but it's sloppy and incorrect SQL. In summary, there may be an issue with the id, so make sure you debug that you are getting the value you expect from the $_GET array. (This also assumes you reach this page via an anchor href). We don't have the code to know for sure what you are doing. if (empty($_GET['id']) { // this page shouldn't be entered, because no valid id was passed // maybe redirect? exit("invalid"); } $id = (int)$_GET['id']; $sql = "SELECT * FROM users WHERE id=?"; $stmt = $conn->prepare($sql); $stmt->bind_param("i", $id); $stmt->execute(); $result = $stmt->get_result(); $user = $result->fetch_assoc();
  13. So what people are trying to say is that something must run the submit_rating.php when a review is posted. The same script needs to be run when a page is loaded, as it returns the data you need for your page to update the numbers you want to see updated in a json structure. We can surmise that the way to do the ajax calls is with jquery, since jquery was included in the html you provided. Here is the jquery documentation. Read through that and try and adapt their examples. Just to simplify things for you you can focus on the $.ajax() method, as the other methods are just HTTP request type wrappers around $.ajax. The html page you provided needs some jquery code to: define the handler code you need that will submit the form data to submit_rating.php bind that handler to the submit button of the form define a function that takes the json results returned from submit_rating.php (which are the actual stored ratings) and using those to update the various places in the Dom where the relevant numbers are required. Doing that can also be done with jquery, which has various methods to select and then manipulate DOM elements. Currently there is no code to do these things, that you have presented. If you need to write that code yourself, then you now have a basic step by step guide as to what you need to do. It's also a pretty standard way of doing things, although jquery has fallen out of favor in recent years as javascript frameworks like vue and react have become popular. Neither of those frameworks are relevant to your code though. I will mention in closing, that it would be very helpful for you to understand submit_rating and it's dual purpose. That script is designed both to update the statistics if the review form was submitted, and to also get the statistics, and those 2 functions are not mutually exclusive. You must understand how to construct a POST structure in your function that is meant to handle a form submission, by getting the input from the field(s) needed and passing that in the post. Make sure you understand how to get that code to be triggered when the form is submitted, and not triggered when it's not needed (ie when it's just a GET request to load the page). Hope this helps you move forward.
  14. You provided 2 "php" files, neither of which have any php code in them. I'm going to guess that there are scripts that the UI might call via ajax, to make changes to UI elements, but I don't see references to likely candidates in the html you provided.
  15. I don't want to speak for Kicken, but I didn't interpret his reply as having any animus attached. It's not a personal attack, and I know he doesn't care whether or not you are a professional developer. He's been answering questions here for many years. Also, you are by definition a programmer, because you are programming He's just making the case that most libraries have a rigor to them that your code will not. In regards to efficiency, imagemagick and gd are written in c, so they are going to be many orders of magnitude more efficient than php code you might write to open a file and read it byte by byte. They both have literally millions of users using them, and they are part of countless websites, so they have been thoroughly tested, and in many cases, studied by researchers and students looking for bugs and exploits, which are all benefits of open source. I already expressed concern that a simple loop reading a file byte by byte is going to result in something very messy, because jpeg file structure isn't simple. The other issue, from my point of view, was also addressed by Kicken, which is that, data hidden in a jpeg file, in places where jpeg allows for data to be added, to his point does not weaponize the image, and is also valid. This is not unlike the way computer viruses work, and why antivirus companies exist. They must constantly identify new viruses, and fingerprint them, and this job is never complete, because virus writers keep changing them and finding new ways to hide them or exploit new vulnerabilities. Going further with this analogy, a big concern with images has been "stegosploits" where the payload is hidden in the actual image data. In this case it's a valid jpeg, so I don't think you will be able to detect any issues with image of those types. At any rate, I don't want to lose sight of what your actual problem(s) are at present. You can not have your cake and eat it too As you read through the file you can recognize the start of a structure You can continue to read until you get to the end of the structure Assuming you have now identified that structure, you can do analysis of it In all cases, aside from a simple scan to verify the existence of certain byte sequences, you will need to retain the structures in some form, if you intend to do further analysis of them. Preserving them, means that you will have to keep them in memory. I don't see any way around that, and again, I'd expect at very least to have functions or class structure to handle individual structures and do further analysis of them. I hope this helps, as beyond that, we are much better suited to specific problems than generalized/strategy based ones.
  16. Namecheap is a company I have used in the past to get domains, and are trustworthy. They have a relatively low cost email hosting service. Zoho mail is also a reputable company with low cost email hosting. If you already make use of google services, then you might consider Google Workspace. Obviously, the company is reliable, and access to their entire business suite might be worth the extra cost. I don't know who hosts you or what you pay, but after factoring in the additional costs, it might be worth looking at an alternative hosting company that isn't taking things away from you at this juncture.
  17. Just to be clear the getimagesize is mainly to prevent gigantic files you don't want to waste time rebuilding. You are absolutely correct that it can't be depended upon to detect a file with a hidden payload. That's why you have to rebuild the image from the stringified version of it using imagecreatefromstring. This of course does require enough memory to create the file, so there's no getting around that from a memory use standpoint.
  18. Yeah, this seems to be a prefix towards an attempt to mass generate registrations for free gifts from this site. Locking it.
  19. Also, this thread is probably interesting to consider....
  20. I'm all for academic exercises for the benefit of learning. I think you will find this page of some help in continuing to explore the jpeg and jfif standards. However if your goal is simply to verify if an image is valid or not, that is problematic, because jfif allows for sections of a file to be ignored, so that special data could be placed there when the file is created. You could look at exif as essentially being this type of extension, so using the exif check functions is valuable in combination with other techniques. Exif data doesn't have to be there, but if you decide that you will only accept images that also have exif, then that is another valuable and efficient check, as you can use an exif checking function to exclude images that don't have valid exif data. In general, the proven method of knocking down malicious images is to use a combination of getimagesize and imagecreatefromstring, or the imagemagick routines kicken referenced. You used getimagesize to knock down files you have already decided are too large, and then recreate the image from file data. Either of these failing should cause rejection. Trying to go through the files and decipher them is most certainly a block operation where you would want to read the binary values, looking for the segments, and have routines that can decipher those individual segments. A simple loop is not going to be maintainable in my opinion. If I was trying to do this, I'd also want to try and see what gd and/or imagemagick source is doing, as those are both open source libraries written in c/c++. For example, imagemagick has a component used to identify the internals of an image. It's available in their command line tool that allows analysis and modification of an image. The source is here. A very large and complicated bit of code it seems.
  21. In regards to prior code, while you should in general never interpolate variables directly into a sql statement and use prepared statements, in this case it doesn't matter because you are running md5 on both parameters, and it doesn't matter if someone tries to sql inject data, as the md5 function will convert the input and output an md5 string. This is one of very few cases where it doesn't matter what the input is. I'm not sure other than for testing why you are selecting the userkey. It's fine to have it in the criteria, but you wouldn't want or need that value to be returned in the result set.
  22. Is this a new problem? I'm not sure what you are trying to debug here. You didn't use password_hash() to make the encrypted password so you don't need to use password_verify() to check it. You stated that you used md5() to encrypt the passwords. I'm not going to go into why md5 (especially without a salt) is not recommended, because that decision was made by someone in the past, and it is what it is. Your query is already checking for a name AND password match. Perhaps that was what you had previously (or something similar). I'm not sure why you thought that needed to be changed for php7. Even if there are things that weren't recommended security practices, you can't "upgrade" a security scheme by changing a few functions. In your case, all you need do is something like: function LogMeX2($name, $pwd1) { $sql = "SELECT User, UserKey FROM LIBusersX WHERE UserKey = '" . md5($pwd1) . "' AND UserN = '" . md5($name) . "'"; $pdo = connectDB(); $stmt = $pdo->prepare($sql); $stmt->execute(); if(!$row = $stmt->fetch()) { return false; } // username and password matched, return user id return $row['User']; }
  23. You have to figure out where $pdo is being assigned. There must be some include or required where the database connection is initialized. Clearly there is already a $pdo variable being passed to that function.
  24. Yes it is end of life. Obviously they are behind because PHP 5.6 (which was the last release in the PHP 5 branch) was end of life over 4 years ago. There was no PHP 6.
  25. Aside from the interesting comments made by kicken and maxxd, it's hard to help you with a database problem when you provided us with no actual code that read from your database. I have a lot of questions, but it goes without saying that, if your css file is being generated dynamically with database variables interpolated, changing something in the database doesn't automagically cause the generated css file to change, nor will it make the source page reload, nor will it clear the browser cache of the css file. By default stylesheets will be cached, so it's common to have to use some sort of cache busting scheme to get around this behavior. For example, lets' asssume your script is named style.php. You might need the main html page to add a url parameter like: <link rel="stylesheet" href="style.php?v=something"> You could do something like generate a random string for the parameter like this: <link rel="stylesheet" href="style.php?v=<?= bin2hex(random_bytes(8)) ?>"> This would essentially defeat any caching of the css file, but also -- you get no css caching I'm not sure what your actual issue is, but this might be related to whatever you are experiencing, although you also may have database query and fetch issues we don't know about.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.