Destramic
-
Posts
969 -
Joined
-
Last visited
Posts posted by Destramic
-
-
hey guys i wish to make a simple form for users/guest to share my wesbite to friends etc.
i'm mostly concerned that this will allow people to spam address from my site...should i be concerned?...if so what is the best approach please?
i was thinking about collecting the shared email's to a db? ensuring only 1 ever gets sent...is this enough
thank you
-
please use the code tags so it makes things easier for people to read.
i can see an error here:
if (isset($_REQUEST ["flavour"]) ) { //<input name = "flavor" type = "text">which should be
if (isset($_REQUEST["flavour"])) { //<input name = "flavour" type = "text">why don't you try something like this?
<html> <head> <title> using one page to accept and process data. </title> </head> <body> <h1> using one page to accept and process data. </h1> <?php if ($_SERVER['REQUEST_METHOD'] === 'POST') { print_r($_POST); } else { ?> <form method="post"> what is your favourite ice cream flavor? <input name = "flavor" type = "text"> <br> <br> what is your name? <input type = "text" name = "name" > <br> <br> <input type = submit value = submit > </form> <?php } ?> </body> </html> -
what errors have you got?...also if your storing in the database you want to be using DATE field type
-
Your age in years (must be manually maintained. This is an alternative to IPB only showing your full birthday)
sorry i after a second glance i saw this...sorry! (no0b)
embarrassing
-
my age is displaying as 29 although i'm 30...not complaining but something isn't right.
also my dob is correct on my profile
thank you
-
check out fgetcsv
http://www.php.net/manual/de/function.fgetcsv.php
why are you exporting database table, then reading from a csv?...why not read directly from the database?
-
the script isn't fully functional but something like this...i guess you have a list of news or whatever it is your listing form the database, which you want to be able to delete but also keep the list in view with successful/error messages.
jquery
$(document).ready(function(){ $('span[data-delete-news-id]').click(function(event) { var data = { id: $(this).data('delete-news-id') csfr: 'token here' }; $.ajax({ url: 'http://domain/delete', type: 'POST', data: data, dataType: 'text', success: function(result) { //check result and remove for list }, error: function(jqXHR, satus, error){ console.log(status, error); } }); }); });html
news article - php is the best - <span data-delete-news-id="5">delete</span>
no need for a form or to reload page...hope this helps...also you going to want to look at stopping cross site forgery attacks hence the csfr: 'token here' parameter
-
There is probably a much easier way but why don't you check the phone make is apple and image is portrait then just rotate?
Wouldn't be a bad solution if the script is only for your personal use...although would be nice to make the script universal
-
i'd check the orginal image orientation before uploading...as i can't see anything obvious that would rotate the image before saving
the image may have embedded image rotation infomation set by your phone.
check for orientation key
print_r(exif_read_data($filename));
i come across this function also which may help.
function image_fix_orientation(&$image, $filename) { $exif = exif_read_data($filename); if (!empty($exif['Orientation'])) { switch ($exif['Orientation']) { case 3: $image = imagerotate($image, 180, 0); break; case 6: $image = imagerotate($image, -90, 0); break; case 8: $image = imagerotate($image, 90, 0); break; } } } -
Check $_GET['xmax'] value as i would say it's empty
-
also what i forgot to mention is that if your using user inputted data ie. $_POST then you need to escape it using
$_POST['email'] = htmlspecialchars($_POST['email'], ENT_QUOTES, 'UTF-8');
your code is vulnerable to cross site scripting attacks (XXS)
-
you should be able to read this better...also using the echo where it is, is incorrect.
$form_output = '<p><label for="email">Notification email (IMPORTANT!) <span>*</span><br><input type="text" name="email" value="' . $_POST["email"] . '"></label></p>';this should do the trick
-
i had a brain storm last night and sent the email via phpmailer and viewed what was actually being sent to the server...this format works perfectly now for alternative mail with embedded images.
Content-Type: multipart/alternative; boundary="fae15ab6820aee7cab838cf3b8f5ef37" Content-Transfer-Encoding: 8bit This is a multi-part message in MIME format. --fae15ab6820aee7cab838cf3b8f5ef37 Content-Type: text/plain; charset="utf-8" plain email here --fae15ab6820aee7cab838cf3b8f5ef37 Content-Type: multipart/related; boundary="aaf2651d4917027cd4c6a335082910a5" --aaf2651d4917027cd4c6a335082910a5 Content-Type: text/html; charset="utf-8" Sever: <span>here is our logo</span> <img src="cid:[email protected]" width=" 192" height="50" title="Logo" alt="Logo"> --aaf2651d4917027cd4c6a335082910a5 Content-Type: image/png; name="logo8.png" Content-Transfer-Encoding: base64 Content-ID: <[email protected]> Content-Disposition: inline; name="logo8.png" iVBORw0KGgoAAAANSUhEU.........b0vX7fAAAAAElFTkSuQmCC --aaf2651d4917027cd4c6a335082910a5-- --fae15ab6820aee7cab838cf3b8f5ef37--
i hope this can help other people out...thank you
-
According to the specification the content-id is supposed to follow the addr-spec format which is defined as
addr-spec = local-part "@" domain. Examples I can find in my email seem to follow that pattern, so I'd suggest you try the same.i tried what you said kicken and still have no joy...i also tried cid:[email protected]
here is my altered code
[7] => SUBJECT: test email [8] => FROM: mydomain.co.uk<****> [9] => TO: ***** [10] => MIME-Version: 1.0 [11] => Organization: mydomain.co.uk [12] => X-Priority: 3 [13] => X-Mailer: PHP7.0.10 [14] => Message-ID: <[email protected]> [15] => Date: Wed, 04 Jan 2017 17:39:27 +0000 [16] => Return-Path: ****@mydomain.co.uk [17] => Content-Type: multipart/related; boundary="f81c1c99aa6cb085a26b84813c0a2fd6" [18] => This is a multi-part message in MIME format. [19] => --f81c1c99aa6cb085a26b84813c0a2fd6 [20] => Content-Type: multipart/alternative; boundary="1f04e7b81c18373984b26f1e64f9b83e" [21] => --1f04e7b81c18373984b26f1e64f9b83e [22] => Content-Type: text/plain; charset="utf-8" [23] => Content-Transfer-Encoding: quoted-printable [24] => Content-Transfer-Encoding: 7bit [25] => plain email here [26] => --1f04e7b81c18373984b26f1e64f9b83e [27] => Content-Type: text/html; charset="utf-8" [28] => Content-Transfer-Encoding: quoted-printable [29] => Content-Transfer-Encoding: 7bit [30] => <!DOCTYPE html> <head> <title>Account</title> </head> <body> <span>here is our logo</span> <img src="cid:[email protected]" width="192" heigh t="50" title="Logo" alt="Logo"> </body> </html> [31] => --1f04e7b81c18373984b26f1e64f9b83e-- [32] => --f81c1c99aa6cb085a26b84813c0a2fd6 [33] => Content-Type: image/png; name="logo8.png" [34] => Content-Transfer-Encoding: base64 [35] => Content-ID: <[email protected]> [36] => X-Attachment-Id: [email protected] [37] => Content-Disposition: inline; filename="logo8.png" [38] => iVBORw0KGgoA....gABI1QMAACD1AZpW [39] => --f81c1c99aa6cb085a26b84813c0a2fd6--any other suggestion would be great...i've looked a so much regarding embedded inline images and i can't see nothing else that i may be missing...i'm feeling there's something else that needs to be added to my headers though.
i even sent myself an email from my gmail account with an embedded image and tried to cross reference but all formats i saved we're barely readable.
thank you
-
Thank you...first time I've seen that...also I've seen examples without the content-disposition in line header.
I'll give it whirl when I'm home and post my results
Thanks again
-
sorry i couldn't edit the message above here is the correct headers etc from my debug array
[17] => Content-Type: multipart/related; boundary="60a7083d603d0f8a9d35a0776030d8e5" [18] => This is a multi-part message in MIME format. [19] => --60a7083d603d0f8a9d35a0776030d8e5 [20] => Content-Type: multipart/alternative; boundary="acabb8838a7d2b2a9ec0661d699c96bc" [21] => --acabb8838a7d2b2a9ec0661d699c96bc [22] => Content-Type: text/plain; charset="utf-8" [23] => Content-Transfer-Encoding: quoted-printable [24] => Content-Transfer-Encoding: 7bit [25] => plain email here [26] => --acabb8838a7d2b2a9ec0661d699c96bc [27] => Content-Type: text/html; charset="utf-8" [28] => Content-Transfer-Encoding: quoted-printable [29] => Content-Transfer-Encoding: 7bit [30] => <!DOCTYPE html> <head> <title>Account</title> </head> <body> <span>here is our logo</span> <img src="cid:logo" width="192" title="Logo" alt="Logo" > </body> </html> [31] => --acabb8838a7d2b2a9ec0661d699c96bc-- [32] => --60a7083d603d0f8a9d35a0776030d8e5 [33] => Content-Type: image/png; name="logo8.png" [34] => Content-Transfer-Encoding: base64 [35] => Content-ID: <logo> [36] => X-Attachment-Id: logo [37] => Content-Disposition: inline; filename="logo8.png" [38] => iVBORw0KGgoAAAANSUhEUgAAArUAAAC7CAYAAAB7NWYYAAAACXBIWXMAAAsSAAALEgHS3X78AAA.....Zb0vX7fAAAAAElFTkSuQmCC [39] => --60a7083d603d0f8a9d35a0776030d8e5-- [40] => Array ( [command] => . [response] => 250 Queued (0.192 seconds) ) -
hey guys i'm having problems with gmail showing inline images when sending a email from my server...for some strange reason it shows as an attachment, but works prefectly for hotmail.
here is what i'm getting..
hotmail
gmail
i can't find nothing obvious about inline image problems with gmail so i wondered if any of you guys have come across this problem and what i could do to solve it.
here is my headers and boundarys set for the email...
Content-Type: multipart/related; boundary="e3b811c438657c9d0f9ae45330038d29" This is a multi-part message in MIME format. --e3b811c438657c9d0f9ae45330038d29 Content-Type: multipart/alternative; boundary="23d529da6bbc0c660362bf9a39c6b994" --23d529da6bbc0c660362bf9a39c6b994 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: 7bit plain email here --23d529da6bbc0c660362bf9a39c6b994 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: 7bit <!DOCTYPE html> <head> <title>Account</title> </head> <body> <span>here is our logo</span> <img src="cid:logo" width="192" title="Logo" alt="Logo"> </body> </html> --23d529da6bbc0c660362bf9a39c6b994-- Content-Type: image/png; name="logo8.png" Content-Transfer-Encoding: base64 Content-ID: <logo> X-Attachment-Id: logo Content-Disposition: inline; filename="logo8.png" iVBORw0KGgoAAAANSUhEUgAAArUAA...AgFQ9AAAAUvUAAABI1QMAACD1AZpW uZb0vX7fAAAAAElFTkSuQmCC --e3b811c438657c9d0f9ae45330038d29--
any help would be great,,,thank you
-
ok thank you i made the changes that you said
In any case, you should definitely think your permission model through before jumping to the implementation. Some parts of the concept don't seem to be clear yet.could you elaborate on this a little please jacques?
thank you for your help
-
the reason i have the extra user_permissions table was so that i was able to give extra permissions out of the given role...but after thinking on what you said i deleted the table...in fact i'm going to role with all you suggestions.
note i changed names on some tables to make more sense.
here is how i'm getting my permissions
SELECT p.permission FROM permissions p LEFT JOIN role_permission_mappings rpm ON rpm.permission_id = p.permission_id LEFT JOIN roles r ON r.role_id = rpm.role_id LEFT JOIN user_role_mappings urm ON urm.role_id = r.role_id AND urm.user_id = 3
and my roles
SELECT role FROM roles r LEFT JOIN user_role_mappings urm ON urm.role_id = r.role_id WHERE urm.user_id = 3
say when checking if a user has permission to edit news is checking permission for edit_news enough? or should i be checking if the user is admin too?
if ($user->has_role('admin') && $user->has_permission_to('edit news')) { // yes! } vs if ($user->has_permission_to('edit news')) { // yes! }thank you for your help
-
my main concern was knowing if the user is a client or employee...here is my database diagram
i think im on the right track here...a user has a specific roles give to he/her but also able to give addition permissions out of the role.
i'm able to detect if the user is a client by his/her role (ie. client)...and the same with an employess (ie. client_employee) and also linking the client user_id to the emplyee user account via the client_id in the users table
regarding my concern of clients adding user accounts for employees, and giving that employee specific permissions, i was thinking that the client role permissions could be displayed on the employee register form...that way the client can choose specifically what permission that employee has based on his own permissions?
thank you
-
Could I get some help with this design please guys?
-
i so over thought the whole process and the answer was right infront of me!
...sorry jacques.i can see clearly how this works now
thank you for your time, patience and help
-
ok i think i may have made some progress here after a lot of hard thinking and detemination...
i read about mysql sha2() and had a little play about with it
SELECT SHA2('abc', 256) > '936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb944412bb6f8f8f07af'i stored the hash into my hashed column and ran this:
SELECT * FROM development.hash_test WHERE hashed = SHA2('abc', 256);which brings up the correct row....so i though if i create a hmac and save it in a row it should work also...but no
i used the following and turned removed true on the raw parameter
public function seal(string $message) { $hmac = hash_hmac( $this->algo, $message, $this->private_key ); return $hmac; } $hmac = new HMAC($hmac_private_key, 'sha256'); echo $seal = $hmac->seal('helloworld');which gave me a string like so:
1b3e0c20a197aa3bd20460dedc81033cac47581e7d8e1c0ba18872a3c5bfc4de
but it returns 0 rows when executing the following:
SELECT * FROM development.hash_test WHERE hashed = SHA2('helloworld', 256);please tell me i'm close to what i'm trying to achieve and what it is i'm doing wrong?
thank you
-
i'm finding it really hard to keep up as most of this is going over my head...although i think i've made some progress after some reading about...also the reason i base64 encode is so thats easy to store in db as a blob
here is what i got as it stands, but i'm stuck now and i'm strugging to see how this is going to work.
<?php class Encryption { private $private_key; public function __construct(string $private_key) { if (!extension_loaded('libsodium')) { throw new Exception('Encryption: PHP libsodium extension not loaded.'); } $private_key = trim($private_key); if (!preg_match('/^[a-z\d+\/]{43}=$/i', $private_key)) { throw new Exception('Encryption: Unrecognized key.'); } $this->private_key = base64_decode($private_key); } public function encrypt(string $data) { $nonce = \Sodium\randombytes_buf(\Sodium\CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES); $ciphertext = \Sodium\crypto_aead_chacha20poly1305_encrypt( $data, null, $nonce, $this->private_key ); return base64_encode($nonce) . ':' . base64_encode($ciphertext); } public function decrypt(string $ciphertext) { $ciphertext = $this->parse_ciphertext($ciphertext); list($nonce, $ciphertext) = $ciphertext; $decrypted = \Sodium\crypto_aead_chacha20poly1305_decrypt( $ciphertext, null, $nonce, $this->private_key ); if ($decrypted === false) { throw new Exception('Encryption: Decryption Failed.'); } return $decrypted; } private function parse_ciphertext(string $ciphertext) { if (!preg_match('/^(?:[a-z\d+\/]{11}=)?:[a-z\d+\/]+)(=|==)?$/i', $ciphertext)) { throw new Exception('Encryption: Unrecognized ciphertext.'); } $ciphertext = explode(':', $ciphertext); return array( base64_decode($ciphertext[0]), base64_decode($ciphertext[1]) ); } } class HMAC { private $private_key; private $algo; public function __construct(string $private_key, string $algo = 'sha512') { $private_key = trim($private_key); if (!preg_match('/^[a-z\d+\/]{43}=$/i', $private_key)) { throw new Exception('Encryption: Unrecognized key.'); } else if (!in_array(strtolower($algo), hash_algos())) { throw new Exception(sprintf('HMAC: Algo %s unsupported.', $algo)); } $this->private_key = bin2hex($private_key); $this->algo = $algo; $this->length = strlen(hash($algo, null, true)); } public function seal(string $message) { $hmac = hash_hmac( $this->algo, $message, $this->private_key, true ); return base64_encode($hmac . $message); } public function sign(string $seal) { if (!preg_match('/^(?:[a-z\d+\/]+)(=|==)?$/i', $seal)) { throw new Exception('HMAC: Unrecognized seal.'); } $seal = base64_decode($seal); $message = mb_substr($seal, $this->length, null, '8bit'); $seal = mb_substr($seal, 0, $this->length, '8bit'); $signed = hash_hmac( $this->algo, $message, $this->private_key, true ); if (!hash_equals($seal, $signed)) { throw new Exception('HMAC: Seal corrupted.'); } return true; } } $hmac_private_key = 'ZZtJVgUu2fRz+c4o6QHj6v/mAqGAgyowlUxs3xoMHuw='; $encryption_private_key = 'qB2fZkseI4ccJ45Y1/VzoHARA6Sft6IVkeS4r2Z+YYM='; $encryption = new Encryption($encryption_private_key); $email_address = $encryption->encrypt('[email protected]'); $hmac = new HMAC($hmac_private_key, 'sha256'); echo $seal = $hmac->seal($email_address); var_dump($hmac->sign($seal));could i get some more help on this please?
thank you
PHP help mysqli_query ()expects at least 2 parameters, 1 given
in PHP Coding Help
Posted
as seen here http://php.net/manual/en/mysqli.query.php