[& in PHP - It's not the AND operator]

Thanks for the prompt reply I'd looked at those and disregarded them! Found an article that makes sense of it all for me now - so thanks again.  In case anyone reads this and needs to know more http://www.litfuel.net/tutorials/bitwise.htm explains everything nicely

[& in PHP - It's not the AND operator]

I've been looking through the Joomla docs trying to understand how everything works and I've seen something that I don't understand and cannot find an answer to anywhere on the net.

 

The basic question is what is the ampersand used for in this conditional here:

 

if (!($mask & 1) && is_string($var)) {

 

The two in the middle are obviously the AND part of the conditional.  I know it can be used for creating references to variables but I don't think this is what is happening here.  I've seen people using it to test for odd and even numbers too but with no explanation of how it works/what it does.  The full code is below:

 

 

function _cleanVar($var, $mask = 0, $type=null)    {        // Static input filters for specific settings        static $noHtmlFilter    = null;        static $safeHtmlFilter    = null;        // If the no trim flag is not set, trim the variable                if (!($mask & 1) && is_string($var)) {            $var = trim($var);        }        // Now we handle input filtering                if ($mask & 2)        {            // If the allow raw flag is set, do not modify the variable                        $var = $var;        }        elseif ($mask & 4)        {            // If the allow html flag is set, apply a safe html filter to the variable                        if (is_null($safeHtmlFilter)) {                $safeHtmlFilter = & JFilterInput::getInstance(null, null, 1, 1);            }            $var = $safeHtmlFilter->clean($var, $type);        }        else        {            // Since no allow flags were set, we will apply the most strict filter to the variable                        if (is_null($noHtmlFilter)) {                $noHtmlFilter = & JFilterInput::getInstance(/* $tags, $attr, $tag_method, $attr_method, $xss_auto */);            }            $var = $noHtmlFilter->clean($var, $type);        }        return $var;    }

 

 

[File Downloads CSV]

Thanks for the replies looking at the second post I see my stupid mistake!  For some reason I thought specifiying the filename in this line here:

 

header('Content-Disposition: attachment; filename="'. $filename .'"');

 

Long and short I wasn't sending any data and simply needed to add:

 

readfile($filename);

 

Rather embarrassing but thanks for the replies guys

[File Downloads CSV]

I'm creating a CSV file on the fly for download in the backend - a stock management function.

 

The script works fine extracting from the database fine and creates the CSV. But the next step of the script is to download the file using:

 

header('Content-type: application/octet-stream');

header('Content-Disposition: attachment; filename="' . $filename . '"');

 

This works, in as much as it downloads the file specified by $filename but when I open the file it's empty and the File Size in properties is 0.

 

But if I go into my FTP and download the file it contains all the data as expected?

 

 

Anyone have any ideas whats wrong? Thoughts I've had:

File size too large would using ob_start('ob_gzhandler'); help? Or is there an INI setting?

File encoding needs to be set? UTF8?

Content Type should be text/csv?

 

Thanks

[How to get the last characters of a URL?]

Use the parse url function: http://uk3.php.net/manual/en/function.parse-url.php

 

Would look like this:

 

// To print
echo parse_url($url, PHP_URL_QUERY );

// To assign
$query = parse_url($url, PHP_URL_QUERY );

[Simple question with selectbox value....]

You need to construct the select options using an array then loop through checking for a match...

 

$categories = array('Restaurant', 'Salon de coiffure', 'Sale de bronzage', 'Magasin de vetements', 'Magasin de détai', 'Centre commercial', 'Location Immobilier', 'Autre');

foreach ($categories as $value) {

echo '<option value="' . $value . '"';

if ($value == $info['categorie']){

echo ' selected';

}

echo '>' . $value . '</option>';

}

 

Enjoy!

[Explanation of file upload code]

$max_size = '2097152';

 

Simply defines a variable holding a value for the maximum size of any uploaded file.

 

if ($_FILES["filename"]["size"] > $max_size) die ("<b>File too big!  Try again...</b>");

 

Conditional to check if the size of the uploaded file is greater than the maximum allowed filesize defined in step 1

 

copy($_FILES["picone"]["tmp_name"],$imagelocation.$_FILES["picone"]["name"]) or die("<b>Unknown error!</b>");

 

This takes the uploaded file and copies it from the tmp file where uploads are stored into the destination you define.  However this is poor coding.  You should not use the copy function in this way as it represents a security risk.  A malicious user could simply forge a HTTP request and force your script to move files on your server to the uploads directory.  Instead you should use move_uploaded_file:

 

This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination.

 

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

 

[How to add extra blank space to the bottom of an image?]

Well the simply solution would be to do it using CSS so simply add a 25px margin to the bottom of the image.  You wouldn't actually want to add the style inline but is simpler as a demo:

 

<img src="pathtoimage.jpg" style="margin-bottom: 25px;">

 

However if you actually want to add blank space to the image itself then you'd have to utilise GD Library using a combination of the imagecreate function and the imagecopy function - but this in 99% of cases is surely an overkill.

[Dynamic meta description and title]

With meta-tags always a good idea to set default options because as your website grows there's a good chance they will get over looked.  So use a conditional like:

 

if (!isset($title)){
echo '<title>Default Page Title</title>';
} else {
echo '<title>' . $title . '</title>';
}

 

You might also want to consider using the database to drive the meta tags - particularly if you have any form of catalogue.

[Prevent excess login attempts?]

You can't really use sessions to prevent excess login attempts because ultimately anyone remotely serious about mounting a brute force attack will simply disable cookies which will render your defences useless.  You really need to have a table in your database for invalid logins and then prevent people attempting once a threshold level has been reached.  You could do this based up account username and/or IP address... although again IP addresses can be spoofed and/or dynamically altered.

 

One method we often employ with our clients is to utilise php's sleep() function to implement a random delay... it won't have any impact upon a manual intruder but plays havoc with automated attacks.  And no answer on security would be complete without simply enforcing your users to have strong passwords in the first place.

 

Brute force attacks are often the least of your concerns when securing php applications.

[small pagination issue]

Hi,

 

It's because the query you're running to calculate the total number of results - and consequently the number of pages to display links to is different to the query you're actually running.

 

Both queries; the one to determine number of pages and the one with the dynamic limit options need to be the same.  I.E:

 

SELECT COUNT(*) FROM locations

 

Should become something like:

 

SELECT COUNT(*) FROM locations WHERE location_state='$state' ORDER BY location_city