Posts Tagged ‘php’
Posted on September 27, 2008 - by snipe
Planning Your Facebook Application
This is part one of a series - the technical how-to of creating the application will be discussed in a separate article. This article is intended to help you plan out your application to best prepare for coding and best leverage the new aspects of Facebook for exposure and social interaction.
(No Ratings Yet)
Loading ...Posted on July 1, 2008 - by snipe
Identify and Fix SQL Injection Vulnerabilities in Web Applications
Scrawlr is a free software for scanning SQL injection vulnerabilities on your web applications, developed by HP Web Security Research Group in coordination with Microsoft Security Response Center.
Scrawlr crawls a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
After the scanning process, if it can find vulnerabilities, it will display your database table names as a proof of the possible SQL injection vulnerabilities.
From the HP Scrawlr website:
Technical details for Scrawlr
- Identify Verbose SQL Injection vulnerabilities in URL parameters
- Can be configured to use a Proxy to access the web site
- Will identify the type of SQL server in use
- Will extract table names (verbose only) to guarantee no false positives
Scrawlr does have some limitations versus our professional solutions and our fully functional SQL Injector tool
- Will only crawls up to 1500 pages
- Does not support sites requiring authentication
- Does not perform Blind SQL injection
- Cannot retrieve database contents
- Does not support JavaScript or flash parsing
- Will not test forms for SQL Injection (POST Parameters)
There are some limitations, as noted in the above bulleted list, however this is certainly a good start to help web developers find and correct vulnerabilities in their applications. Download Scrawlr now - Windows Only.
(1 votes, average: 4 out of 5) Loading ...Posted on June 19, 2006 - by snipe
Creating a Multi-Level Listbox in PHP/mySQL
This lets you create a nested multi-level category menu through PHP and mySQL:
Database:
This code is assuming that you have a database table containing your menu options that looks something like this:
Table categories: +--------+----------------------+-----------+ | id | name | parent_id | +--------+----------------------+-----------+ | 0 | Main Category 1 | 0 | | 1 | Main category 2 | 0 | | 2 | Subcategory 1 | 1 | | 3 | Subcategory 2 | 1 | | 4 | Main category 3 | 0 | +--------+----------------------+-----------+
It is also assuming that the name of your listbox is “cat_id”. This is easily changed, mind you - you just have to change the select code down at the bottom and the “$categories = $_POST['cat_id'];” line to reflect whatever you’re naming it.
<?php
/* ———————————————- */
/* ———— BEGIN PHP SNIPPET —————-*/
/* ———————————————- */
// $current_cat_id: the current category id number
// $count: just a counter, call it as 0 in your function call and forget about it
/* GET THE DROP DOWN LIST OF CATEGORIES */
function get_cat_selectlist($current_cat_id, $count) {
static $option_results;
// if there is no current category id set, start off at the top level (zero)
if (!isset($current_cat_id)) {
$current_cat_id =0;
}
// increment the counter by 1
$count = $count+1;
// query the database for the sub-categories of whatever the parent category is
$sql = “SELECT id, name from categories where parent_id = ‘$current_cat_id’ “;
$sql .= “order by name asc”;
$get_options = mysql_query($sql);
$num_options = mysql_num_rows($get_options);
// our category is apparently valid, so go ahead…
if ($num_options > 0) {
while (list($cat_id, $cat_name) = mysql_fetch_row($get_options)) {
// if its not a top-level category, indent it to show that its a child category
if ($current_cat_id!=0) {
$indent_flag = “ ”;
for ($x=2; $x<=$count; $x++) {
$indent_flag .= “–> ”;
}
}
$cat_name = $indent_flag.$cat_name;
$option_results[$cat_id] = $cat_name;
// now call the function again, to recurse through the child categories
get_cat_selectlist($cat_id, $count );
}
}
return $option_results;
}
?>
You would call the function using something like this:
<select name=”cat_id”>
<option value=”">– Select — </option>
<?php
$get_options = get_cat_selectlist(0, 0);
if (count($get_options) > 0){
$categories = $_POST['cat_id'];
foreach ($get_options as $key => $value) {
$options .=“<option value=\”$key\”";
// show the selected items as selected in the listbox
if ($_POST['cat_id'] == “$key”) {
$options .=” selected=\”selected\”";
}
$options .=“>$value</option>\n”;
}
}
echo $options;
?> </select>
(No Ratings Yet) Loading ...Posted on June 19, 2006 - by snipe
Checkboxes/Multiple Select Boxes in PHP
For the PHP newbie, checkboxes and/or multiple select listboxes can be baffling in the beginning. It’s actually not very hard at all, and is often one of the PHP newbie’s first experience with arrays.
The logic behind checkboxes and multiple select listboxes is identical. Because of this, we’ll get the HTML bit of it done for both:
A. Checkboxes
<input type=”checkbox” name=”foo[]” value=”1″>
<input type=”checkbox” name=”foo[]” value=”2″>
<input type=”checkbox” name=”foo[]” value=”3″>
(etc….)
B. Multiple Select Listboxes
<select name=”foo[]” size=”4″ multiple>
<option value=”apples”>Apples</option>
<option value=”oranges”>Oranges</option>
<option value=”pears”>Pears</option>
<option value=”grapes”>Grapes</option>
<option value=”mangos”>Mangos</option>
</select>
Getting the data out
Now we just have to write the PHP code that will be able to extract the data the user selected from the array we created ($foo[])
<?php
// check to be sure at least one option was selected
$foo = $_POST['foo'];
if (count($foo) > 0) {
// loop through the array
for ($i=0;$i<count($foo);$i++) {
// do something - this can be a SQL query,
// echoing data to the browser, or whatever
echo “<li>$foo[$i] \n”;
} // end “for” loop
} // endif
?>
(2 votes, average: 3.5 out of 5) Loading ...Posted on June 23, 2005 - by snipe
More About register_globals
If you’ve been directed to this page, that means that you’re complaining about how your variables in a POST or GET aren’t being carried over to the next page. You’ve been sent here because its an *extremely* common pitfall, and yet one that is exceptionally easy to work around if you know what to do - and also aggravating to explain over and over, hence this page.
What it probably is
99.9% of the time, the webserver you’re running your script on has a configuration option called register_globals turned off.
How to find out
Create a blank document and type the following:
<?php phpinfo(); ?>
Save it as something you’ll remember, and upload it to your webserver. That will print out all your configuration settings for your PHP install. On that page somewhere, find the setting register_globals. I bet you ten bucks it says “Off”.
“Aww crap - it says they are off - what do I do?”
Easy… you have one of a few choices… We’ll start with the most recommended way first. Pay attention. This isn’t difficult, but you need to see what’s going on.
We’ll call the variable in question (you know, the one that isn’t showing up, which is why you’re here) $snipevar just for demonstration purposes. You were likely trying to print out or use your variable by just using $snipevar, which is understandable.
However when register_globals are turned off, you’ll have to call your variable as such:
$_POST['snipevar'], $_GET['snipevar'], or $_REQUEST['snipevar']
You can read more about how each of the predefined variables work by going to the php manual page, located here: http://www.php.net/manual/en/language.variables.predefined.php
The super groovy thing about these reserved variables is that they are superglobal - meaning if you use them in functions, you don’t need to specify global $snipevar; in order for the function to be able to see it anymore. Just use the handy dandy superglobal variables, and it will know their value from anywhere in your scripts.
“Okay - I’ll do that, but just so I know, what are my other options?”
You only have a few options… one is to edit your php.ini file and turn register_globals back on. However if you didn’t know what they did in the first place (if you did, why would you be *here* after all) - I *strongly* suggest you not do that.
Your other possible choice - and this one depends on your server setup - is to stick an .htaccess file in the directory you need to turn globals back on in. Your .htaccess file would look like this:
<IfModule mod_php4.c>
php_flag register_globals on
</IfModule>
IF your server is set up to allow htaccess files to override your main settings, this may work for you. If not, youre shit outa luck, so get used to the superglobals!
(1 votes, average: 5 out of 5) Loading ...Posted on June 28, 2004 - by snipe
Cropped Thumbnails using PHP and the GD Library
This code will allow you to create a thumbnail from a segment of the image. In some situations, you want to thumbnail an entire image - but other times, you may want only a piece - for example if you wish to generate square thumbnail images regardless of whether or not the original image is landscape or portrait style.
The basics are as follows:
- Resize the image, using the $newthumb size value as the SMALLEST measurement (height in the case of landscape images, width in the case or portrait images). So if you had an original image that is 400 pixels wide and 200 pixels tall, it would set the height to 60 (since 60 is the $newthumb height we’ve used in the example below) and then resize the width down according to whatever ratio is that will contrain the proportions.
- Trim off the extra so that the end thumb is 60×60.
<?php
$orig_path = ‘/path/to/original/file/’;
$micro_path = ‘/path/to/cropped/file/’;
$imagefilename = ‘myimage.jpg’;
$size = getimagesize($orig_path.$imagefilename);
/**
* new cropped thumbnail sizes
*/
$newthumb_width = 60;
$newthumb_height = 60;
/**
* assign friendlier values to getimagesize data
*/
$orig_width = $size[0];
$orig_height= $size[1];
$width_ratio = ($newthumb_width / $orig_width );
$height_ratio = ($newthumb_height / $orig_height);
if ($orig_width > $orig_height ) {
// this is a landscape image
$crop_width = round($orig_width * $height_ratio);
$crop_height = $newthumb_height;
} elseif ($orig_width < $orig_height ) {
// this is a portrait image
$crop_height = round($orig_height * $width_ratio);
$crop_width = $newthumb_width;
} else {
// this is a square image
$crop_width = $newthumb_width;
$crop_height = $newthumb_height;
}
$source_img = imagecreatefromjpeg($orig_path.$imagefilename);
$dest_img = imagecreatetruecolor($newthumb_width,$newthumb_height);
/**
* if you want to crop from a specific area, for example, if you
* want to crop the image from the middle instead of the top left,
* you’ll need to do some more math to replace the 0,0,0,0 bits here.
*/
imagecopyresampled($dest_img, $source_img, 0 , 0 , 0, 0, $crop_width, $crop_height, $orig_width, $orig_height);
imagejpeg($dest_img, $micro_path.$imagefilename);
imagedestroy($dest_img);
?>
(No Ratings Yet) Loading ...Posted on June 27, 2004 - by snipe
Dynamic Watermarks/Text Overlay on Images in PHP
This code can be useful for a number of things, such as making dynamic banners or for adding a copyright type of watermark to photographs or artwork (as we do in snipe gallery). As usual, this will not work for gifs unless you have a version of gd that lets you do that (cuz the folks at Unisys are a bunch of mo-mos).
The example here is taken from the Godsmack sig generator, so it’s designed to create white text with a black drop shadow on a preformatted blank banner.
Note: Remember that PHP must be compiled with jpeg/png/gd support, AND that the font file must be uploaded to the server for this to work. For our purposes, we’ll assume you’re going to take this snippet and make it into its own file, which we’ll call “mkwatermark.php”.
<?php
/* ———————————————- */
/* ———— BEGIN PHP SNIPPET —————-*/
/* ———————————————- */
// specify the file name - you can use a full path, or “../../” type stuff here
// if the image is not in the same directory as this code file
$image = imagecreatefrompng(“gs-banner-sm.png”);
// specify the font size
$font_size = 14;
// in this case, the color is white, but you can replace the numbers with the RGB values
// of any color you want
$color = imagecolorallocate($image, 255,255,255);
// make our drop shadow color
$black = imagecolorallocate($image, 0,0,0);
// and now we do the overlay - the layers of text start top to bottom, so
// the drop shadow comes first
// $image - the base image file we specified above
// $font_size - Well duh. Its the size of the font
// 0 - the angle of the text - we don’t want an angle, so we leave it at 0
// 55 - pixels to the right from the leftmost part of the image
// 35 - pixels down from the top of the image
// $black - the color we defined above
// “../fonts/ARIALBD.TTF” - the location on the server that the font can be found
// “Test Text” - the text we’re overlaying - you can also use a variable here
ImageTTFText ($image, $font_size, 0, 56, 36, $black, “../fonts/ARIALBD.TTF”,“Test Text”);
// Now add the actual white text “on top”
ImageTTFText ($image, $font_size, 0, 55, 35, $color, “../fonts/ARIALBD.TTF”,“Test Text”);
header(“Content-type: image/png”);
imagepng($image);
imagedestroy($image);
}
?>
To print out the image, we would just have to wite the html as:
<img src="mkwatermark.php">
Note about Variables - If you are using any variables outside the file to determine what the code does (for example, making the text a variable as we do with the Godsmack sig generator), be sure to secure your code and check to be sure the user can’t do any damage to your system by entering harmful values.
(No Ratings Yet) Loading ...Posted on June 27, 2004 - by snipe
Dynamic thumbnailing with PHP and the GD library
Although there are loads of ways you can do this, for this example, we’re assuming that the fullsize image is located in a directory called “images”, and the thumbnails will have the same name as the fullsize, but will be copied into a directory called “thumbs”.
<?php
// find out the current size info
$photo_filename = “myimage.jpg”
$path = “/home/snipe/www/images/”;
$image_stats = GetImageSize($path.$photo_filename);
$imagewidth = $image_stats[0];
$imageheight = $image_stats[1];
$img_type = $image_stats[2];
$new_w = 100; $ratio = ($imagewidth / $new_w);
$new_h = round($imageheight / $ratio);
// Find out if we need to resize it by checking to
// see if the original image is larger than the
// defined new width, and making sure the
// resized version does not exist yet
if (($imagewidth > $new_w)&& (!file_exists($path.$photo_filename))) {
// if this is a jpeg, resize as a jpeg
if ($img_type==2) {
$src_img = imagecreatefromjpeg($path.$photo_filename);
$dst_img = imagecreate($new_w,$new_h);
imagecopyresized($dst_img,$src_img,0,0,0,0,$new_w,$new_h,imagesx($src_img),imagesy($src_img));
imagejpeg($dst_img, $path.$photo_filename);
} elseif ($img_type==3) {
// if image is a png, copy it
$dst_img=ImageCreate($new_w,$new_h);
$src_img=ImageCreateFrompng($path.$photo_filename);
ImageCopyResized($dst_img,$src_img,0,0,0,0,$new_w,$new_h,ImageSX($src_img),ImageSY($src_img));
Imagepng($dst_img, $path.$photo_filename);
// Normally if image is neither png nor jpeg
// (ie, invalid image or a gif file), I use
// the fullsize as the thumbnail and just
// resize it through the html size tags. For this
// example tho, we’ll pretend we have a version of
// Gdlib that can handle gif resizing
} elseif ($img_type==1) {
$dst_img=ImageCreate($new_w,$new_h);
$src_img=ImageCreateFromGif($path.$photo_filename);
ImageCopyResized($dst_img,$src_img,0,0,0,0,$new_w,$new_h,ImageSX($src_img),ImageSY($src_img));
ImageGif($dst_img, $path.$photo_filename);
} else {
// if it doesn’t show up as any of the valid formats, give an error
echo ‘error’;
} // endif img_type sequence
}
?>
(No Ratings Yet) Loading ...Posted on June 27, 2004 - by snipe
Dynamic thumbnailing with PHP and Imagemagick
This code formatting is a little off, since the WYSIWG editor seems to have eaten part of it. Sorry.
<?php
/* ———————————————- */
/* ———— BEGIN PHP SNIPPET —————-*/
/* ———————————————- */
// specify your file details
$current_file = “image.jpg”;
$max_width = “150″;
// get the current info on the file
$current_size = getimagesize($current_file);
$current_img_width = $current_size[0];
$current_img_height = $current_size[1];
$image_base = explode(“.”, $current_file);
// this part gets the new thumbnail name
$image_basename = $image_base[0];
$image_ext = $image_base[1];
$thumb_name = $image_basename.“-th.”.$image_ext;
// determine if the image actually needs to be resized
// and if it does, get the new height for it
if ($current_img_width > $max_width) {
$too_big_diff_ratio = $current_img_width/$max_width;
$new_img_width = $max_width;
$new_img_height = round($current_img_height/$too_big_diff_ratio);
// presto chango alacazam
$make_magick = system(“convert -geometry $new_img_width x $new_img_height $current_file $thumb_name”, $retval);
// let us know if it worked or not
if (!($retval)) {
echo “Thumbnail created -”.$thumb_name;
} else {
echo “Oops - no dice! Script failed cuz your momma doesn’t love you.”;
}
} else {
echo “No need to resize! You’re perfect just the way you are.”;
}
?>
(1 votes, average: 5 out of 5) Loading ...Posted on June 29, 2002 - by snipe
Sending HTML/Plain Text Mail Simultaneously using PHP
Although I expect this article to cause a few ruffled feathers amongst the programming community (since most of them are against HTML email), there are times when the client will ask for it anyway, so you have to know how to do it. We had run into difficulty finding a straight answer on this topic, and many of the articles we had found on it gave us bizarre results in the HTML mail… so once we figured out what worked, we decided to post it.
We have tested this on several different email clients (including but not limited to: Hotmail, Yahoo, AOL, Outlook Express, Outlook, and various text-only email clients such as Mutt).
In the email clients that render HTML (ie - not text-only) the only real difference we found was that Outlook (regular Outlook, not Express) showed the background color from the BODY tags, but not the background image. Yahoo and Hotmail stripped out the background color and images, but if your HTML mail is designed with this in mind, you can easily design around that.
Make sure the email will still look nice if the background color and/or images are stripped out of it.
Obviously, you would change the email addresses and messages to fit your own needs.
NOTE: PEAR has some libraries that make this even easier. (This article is old.)
<?php
/* ———————————————- */
/* ———— BEGIN PHP SNIPPET —————-*/
/* ———————————————- */
$headers .= “FROM: invites@yourbigevents.com\n”;
$headers .= “Reply-To: invites@yourbigevents.com\n”;
// This is the important part!
// This content type identifies the content of the message.
// The boundary delimits the plain text and html sections.
// The value of the boundary can be anything - you can even
// use the same one we used here
$headers .= “Content-Type: multipart/alternative; boundary=\”—-=_NextPart_000_002C_01BFABBF.4A7D6BA0\”\n\n”;
// Now begin your message, starting with the delimiter we specified in the boundary
// Notice that two extra dashes (–) are added to the delimiters when
// They are actually being used.
$message = ‘——=_NextPart_000_002C_01BFABBF.4A7D6BA0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Your plaintext email content here.’;
// Now begin your HTML message, starting with the delimiter
// Also notice that we add another content-type line which
// lets the mail client know to render it in HTML
$message .= ‘——=_NextPart_000_002C_01BFABBF.4A7D6BA0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Your HTML email here
——=_NextPart_000_002C_01BFABBF.4A7D6BA0–’;
// Now send the mail.
// The additional header, “-f invites@yourbigevents.com” is
// only required by certain server configurations.
mail($v, “2002 Winter Games Invitation”, $message ,$headers,“-f invites@yourbigevents.com”);
?>
(No Ratings Yet) Loading ...