Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I was just wondering if it was possible to add random characters to the variable I am passing to the second page. I want this because if the user changes the value in the url, then the system is gonna mess up because I am inserting data to database based on the message id. I can't use session because the first session is overriding the others.
If I have something like view_inbox.php?messageid=2 then the user can change it to something view_inbox.php?message=4.
So is it possible to have some random characters like
view_inbox.php?messageid=GXLSsd2sdcds? The id is coming from database.
echo"<a href='view_inbox.php?messageid=".$row['id']."'>".$row['from_user']."</a>";
view_inbox.php
$id = $_GET['messageid'];
There are a couple of approaches.
You should be checking security rules on which rows/entities the user is allowed to access. Put these rules in a common procedure/function in your code, so you can check them consistently.
You can also "obfuscate" or encrypt the ID, in a way the server can reverse but is not easy/obvious for the client. Operations could include multiplying by a prime number (say 23) modulo 2^32, XOR by a constant, outputting it in base-64, perhaps with a lowercase 'x' in front.
For the second approach:
function encodeKey ($key) {
$multiplied = $key * 23;
$packed = pack( "N", $multiplied);
$base64 = base64_encode( $packed);
return $base64;
}
function decodeKey ($text) {
$packed = base64_decode( $text);
// then unpack, divide etc.
return $key;
}
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I want to modify a binary file server side of aprox. 700kb to change an url in it than save it.
My first idea was to use bin to hex and preg_replace to replace url in binary.
The adress for the url in binary is always the same, but i need to change it every time my function is called.
Is there a better/faster way to do this ?
Example:
somesite.com/api***
I want to replace *** with some numbers from a var for example.
*** is between hex adress 00010edb-00010edd
Thanks!
If the string is at fixed position, you can write data directly:
$position=hexdec("00010edb"); // You have to pre-calculate it once
$data="some data"; // Replacement
if ($f=fopen("your_file", "r+")) {
fseek($f, $position);
fwrite($f, $data);
fclose($f);
} else {
echo "Can't open file";
}
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have float values in an array... Let's say one of my values is:
5.1234
How do I SWAP the integer in the float. So in the example above, I'd like to swap the 5 with 8. Therefore the new number would be:
8.1234
This needs to be a SWAP, not a mathematical addition as in 5.1234 + 3.
I basically need to split the number in two, the integer (5) and the float value following it (.1234), swap the 5 for the 8 and the recombine them to get 8.1234.
What is the fastest and most elegant way to do this in PHP since I'll be using this on a LOT of data?
To clarify WHY math cannot be used: This is because this is an obj file that's looking for an usemtl library title (Mudbox compliant) from which it extracts the UV space. Then it changes the vert U (or V) accordingly. Problem is these faces may come up more than once. This would make the operation cumulative, which it is NOT. All it needs to do is substituted the integer.
<?php
$number = 5.1234;
$array = explode(".", $number);
// $array[0] contains 5
$newNumber = 8;
$array[0] = $newNumber;
$finalString = $array[0] . '.' . $array[1];
$finalFloat = floatval($finalString); // String to float
echo $finalFloat;
?>
Here is how I would do this. This solution is relevant if you are sure the number will always be formated like followed :
[number].[decimals]
Else you will not be able to always replace the number before the dot.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I was wondering if you could give two values to a class and then acces to the second one by POST, something like this (part of the code):
echo "<select name='selecttsk' id='selecttsk'>";
while($w = $bd->obtener_fila($tasker, 0)){
echo "<option class='opcion1' value ='".$w[1]/$w[2]."'>".$w[0]."</option>";
}
echo "</select>";
?>
and then i need to do something like this in other file
$var = $_POST[selecttsk];
but i need $w[2]
thanks
I suppose your $_POST['selecttsk'] does have the values in the following format:
"foo/bar"
You could use "explode" in PHP to get the second part (bar), for example:
$postvar = $_POST['selecttsk'];
$vars = explode("/", $postvar);
// Then
$var = $vars[1]; // Will be the $w[2] from the form
Look into: http://php.net/explode
Beware that if $w[1] or $w[2] ever contains a "/" you might get unexpected results, you could use the limit function of explode to mitigate that issue.
However - I would generally not recommend this workflow.
Why do you need to send two variables with one select?
(could you show us som example of what $w contains)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
If I have a query string such as: http://mywebsite.co.uk/charge.php?val=5768
how can I validate this query string to throw an error with php if the user changes the value of the 'val' in the query string. Could I write some code on the charge.php page to do this?
It seems to me you're barking up the wrong tree. You cannot detect if someone "changes" something. All you get is a request for a URL, and that's it. You typically have no idea where that request came from or who provided the URL; you need to evaluate the request on its own merits.
I'm guessing you have some confidential action that's taking place when someone visits that URL. And the value changes some important part of that action. Then you need to create server-side checks and bounds that confirm whether the user is currently allowed to do whatever he requests to do there. You need to have enough information stored on the server to be able to confirm whether the action the user is about to make is allowed or not. You cannot simply trust the information in the URL, because anyone can tamper with it.
How to do this specifically in your case is not clear, since I have no concrete idea what's supposed to be happening there.
You can check if the val is an integer and if the val exists in the database. I use a function like following to check integer:
// CHECK IF VALID INTEGER
function valid_integer($str)
{
if (strlen($str) == strlen(preg_replace('#[^0-9]#i', '', $str) + 0) AND $str > 0 AND $str < 9999999999999)
{
return true;
}
}
so then I can check the val like following
if (valid_integer($_GET['val']))
{
echo 'valid int';
}
else
{
echo 'not valid int';
}
Then you have to check if the val exist in the database. If you use a db.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I'm finishing a script that converts a string and pass it as a link, but besides that, it also shortens the URL with an API. The problem is that I can not think how to get only the URL instead of the entire chain.
The function:
function findAndShort($string) {
$text = preg_replace("/(https?|ftps?|mailto):\/\/([-\w\p{L}\.]+)+(:\d+)?(\/([\w\p{L}\/_\.#]*(\?\S+)?)?)?/u", '$0', $string);
return $text;
}
Example:
$chk = findAndShort("Blahblah http://domain.tld");
echo $chk;
In this case, only need the http://domain.tld, i try with $chk[0], but ofcourse, print the first character on the line..
Just add ^.* at the begining of your regex and use $1 instead of $0:
$text = preg_replace("/^.*((https?|ftps?|mailto):\/\/([-\w\p{L}\.]+)+(:\d+)?(\/([\w\p{L}\/_\.#,]*(\?\S+)?)?)?)/u", '$1', $string);
You can also simplified a bit,
~^.*((https?|ftps?|mailto)://[-\p{L}\p{N}_.]+(:\d+)?(/([\p{L}\p{N}/_.#,]*(\?\S+)?)?)?)~u
The thing with functions is you can only return a single value that is under the return in the function, so in your case, after testing your function, the return value is the original input value.
If you want a function to return only the URL component I would use explode to separate the string then run preg_match on each part of the resulting array from the explode function looking for the https, ftp or mailto, once I know what part of the array I'm working with I would stop the process, define the var and as I believe you want to return code for a link, I would do is then do something like
return ''.$url.'';
Note that the var $url would be created from the above process.
I hope this helps.