Search Results

Search found 106 results on 5 pages for 'htmlspecialchars'.

Page 1/5 | 1 2 3 4 5 | Next Page >

XSS attack to bypass htmlspecialchars() function in value attribute

- by Setzer

Let's say we have this form, and the possible part for a user to inject malicious code is this below ... <input type=text name=username value=<?php echo htmlspecialchars($_POST['username']); ? ... We can't simply put a tag, or a javascript:alert(); call, because value will be interpreted as a string, and htmlspecialchars filters out the <,,',", so We can't close off the value with quotations. We can use String.fromCode(.....) to get around the quotes, but I still unable to get a simple alert box to pop up. Any ideas?

Read the article
Why is htmlspecialchars adding slashes to my webpage?

- by Cortopasta

I have my input placed into mySQL through a PDO prepared statement, and have it placed in my website with PHP using htmlspecialchars() to protect against XSS. Only problem is now I get slashes, before any quotes, that are visible on the webpage to the user it only happens when I upload it to the server. Never happens on my localhost. Why is this happening?

Read the article
[CakePHP] htmlspecialchars

- by user198003

hi all, if i submit data like my string using form on insert/edit view, on a list view i'll get my string as italic (like here). how can i avoid that, and to have my string (with visible all html tags) on all forms? tnx in adv!

Read the article
Do i need to apply htmlspecialchars / htmlentites on json array?

- by Imran Omar Bukhsh

I wanted to ask that in a php script of mine which I am accessing through an ajax request, I am returning json data ( converted from an array ) as such echo json_encode($row_array); I get this data in jquery and display it in a form. Do i need to apply htmlspecialchars / htmlentites before returning the data? Is do then whats the correct way to do it? The following code gives me an error: echo htmlentities(json_encode($row_array)); Thanking you Imran

Read the article
htmlspecialchars() - How and when to use and avoid multiple use

- by naescent

Hi, I'm building a PHP intranet for my boss. A simple customer, order, quote system. It will be denied access from the Internet and only used by 3 people. I'm not so concerned with security as I am with validation. Javascript is disables on all machines. The problem I have is this: Employee enters valid data into a form containing any of the following :;[]"' etc. Form $_POSTS this data to a validationAndProcessing.php page, and determines whether the employee entered data or not in to the fields. If they didn't they are redirected back to the data input page and the field they missed out is highlighted in red. htmlspecialchars() is applied to all data being re-populated to the form from what they entered earlier. Form is then resubmitted to validationAndProcessing.php page, if successful data is entered into the database and employee is taken to display data page. My question is this: If an employee repeatedly enters no data in step 1, they will keep moving between step 1 and 4 each time having htmlspecialchars() applied to the data. So that:- & becomes:- & becomes:- &amp; becomes:- &amp;amp; etc.. How can I stop htmlspecialchars() being applied multiple times to data that is already cleaned? Thanks, Adam

Read the article
Why htmlspecialchars_decode in PHP does not have the charset parameter as in its counterpart?

- by Lawrence Lau

There is a charset parameter in htmlspecialchars but the decode version does not have it. In comparison to the similar htmlentities, the encode and decode functions both have the charset parameter. So I can't choose what charset I am decoding back to?

Read the article
How to Remove Html Tags in PHP ?

- by TeknoSeyfo

I use htmlspecialchars function in my string. But, I don't want to clean them; <b>, <br>, <p> <ul>,<li> bla bla... Example: Mystring = "<script>.....</script><br><b>test</b><p>aaaa</p>"; I want to; = ..... test aaaaa

Read the article
is it possible to decode special HTML entities in Objective C (for iPhone)?

- by RAGOpoR

could you show me algorithm for implement htmlspecialchars_decode? is it have any open source ?

Read the article
php XML DOM translates special chars to &#xYY;

- by ZiTAL

I send this with AJAX POST: <li><ul class "zone zCentral ui-sortable"><li><ul class="region rCol3 ui-sortable"><li class="" style=""><div><span class="tc tc_video">574081</span> <span>video: 'Mundo.Hoy': ¿Dónde habré olvidado... mi memoria?</span></div></li></ul></li></ul></li> I do this to create XML: header('Content-type: text/html; charset=utf-8'); if(isset($_POST) && isset($_POST['data'])) { $data = '<ul id="zone_container" class="ui-sortable">'; $data .= $_POST['data']; $data .= '</ul>'; $dom = new DOMDocument('1.0', 'utf-8'); $dom->loadXML($data); echo $dom->saveXML(); exit(); } and i get this: <?xml version="1.0"?> <ul id="zone_container" class="ui-sortable"> <li><ul class="zone zCentral ui-sortable"><li><ul class="region rCol3 ui-sortable"><li class="" style=""><div><span class="tc tc_video">574081</span> <span>video: 'Mundo.Hoy': ¿Dónde habré olvidado... mi memoria?</span></div> </li></ul></li></ul></li></ul> ¿Dónde habré olvidado... mi memoria? translates to: ¿Dónde habr&#xE9 ; olvidado... mi memoria? Y need original chars in the XML, these are utf-8 valid i don't know the reason for this encode :(

Read the article
How to retrieve an input's value without the browser interpreting html special entities?

- by CaptainQwyx

Is there a way in JavaScript or MooTools to retrieve the actual text in the value from an input element without the browser interpreting any html special entites? Please see the example included below. My desired outcome is: <div id="output"> <p>Your text is: <b>[<script>alert('scrubbed');</script>]</b></p> </div> Note that it works if I type/copy <script>alert('scrubbed');</script> directly into the text input box, but fails if I insert right after loading the page. <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <title>scrubtest</title> </head> <body id="scrubtest" onload=""> <script type="text/javascript" language="JavaScript" src="/js/mootools-core.js"></script> <input type="text" name="scrubtext" value="<script>alert('scrubbed');</script>" id="scrubtext"/><br /> <input type="button" value="Insert" onclick="insertText();"/><br /> <input type="button" value="Get via MooTools" onclick="alert($('scrubtext').get('value'));"/><br /> <input type="button" value="Get via JavaScript" onclick="alert(document.getElementById('scrubtext').value);"/><br /> <div id="output"> </div> <script type="text/javascript" charset="utf-8"> function insertText() { var stext = $('scrubtext').get('value'); var result = new Element( 'p', {html: "Your text is: <b>["+stext+"]</b>"} ); result.inject($('output')); } </script> </body> </html>

Read the article
Jquery ajax function working in IE but not in FF

- by booota

Okay I have this ajax call $('.updatecom .registercomplaint').click(function(){ updatecomplaints(); }); This calls the function updatecomplaints() function updatecomplaints() { var tno = $(".updatecom #tno").val(); var status = $(".updatecom #status").val(); if(status=='DONE') { $(".updatecom #con").val(''); } var tname = $(".updatecom #tname").val(); var rg11 = $(".updatecom #crg11").val(); var rg06 = $(".updatecom #crg06").val(); var tvpins = $(".updatecom #tvpins").val(); var jointer = $(".updatecom #jointer").val(); var cquantity = $(".updatecom #conqty").val(); var nooftv = $(".updatecom #tvno").val(); var misc = $(".updatecom #misc").val(); var tcomments = $(".updatecom #tcomments").val(); var con = $(".updatecom #con").val(); //alert(tno+status+tname+rg11+rg06+tvpins+jointer+cquantity+nooftv+misc+tcomments+con); $.ajax( { type: "POST", url: "up_functions.php", data: "ticket="+ tno +"& opt=upcom" +"& status="+ status +"& tname="+ tname +"& rg11="+ rg11 +"& rg06="+ rg06 +"& tvpins="+ tvpins +"& jointer="+ jointer +"& cquantity="+ cquantity +"& nooftv="+ nooftv +"& misc="+ misc +"& tcomments="+ tcomments +"& con="+ con, success: function(response) { alert(response); } }); } here is my up_functions.php $tno = htmlspecialchars(trim($_REQUEST['ticket'])); $status = htmlspecialchars(trim($_REQUEST['status'])); $tname = htmlspecialchars(trim($_REQUEST['tname'])); $rg11 = htmlspecialchars(trim($_REQUEST['rg11'])); $rg06 = htmlspecialchars(trim($_REQUEST['rg06'])); $tvpins = htmlspecialchars(trim($_REQUEST['tvpins'])); $jointer = htmlspecialchars(trim($_REQUEST['jointer'])); $cquantity = htmlspecialchars(trim($_REQUEST['cquantity'])); $nooftv = htmlspecialchars(trim($_REQUEST['nooftv'])); $misc = htmlspecialchars(trim($_REQUEST['misc'])); $tcomments = htmlspecialchars(trim($_REQUEST['tcomments'])); $con = htmlspecialchars(trim($_REQUEST['con'])); $result=$ptr->upcomticketinfo($tno,$status,$tname,$rg11,$rg06,$tvpins,$jointer,$cquantity,$nooftv,$misc,$tcomments,$con); echo $result; and here is my upconticketinfo() php function function upcomticketinfo($tno,$status,$tname,$rg11,$rg06,$tvpins,$jointer,$cquantity,$nooftv,$misc,$tcomments,$con) { if($con!='' || $con!=NULL) { $this->query = "update `booking discription` set `STATUS`='$status',`CLOSED ON`='$con' where `TICKET NO`='$tno'"; $this->q_result = mysql_query($this->query,$this->conn) or die(mysql_error()); if($this->q_result) { $query = "update `tech detail` set `TECH NAME`='$tname',`CABLE RG11`='$rg11',`CABLE RG06`='$rg06',`TV PINS USED`='$tvpins',`JOINTER USED`='$jointer',`CONNECTOR QTY`='$cquantity',`NO OF TV`='$nooftv',`MISC`='$misc',`TECH COMMENTS`='$tcomments' where `BOOKING`='$tno'"; $q_result = mysql_query($query,$this->conn) or die(mysql_error()); if($q_result) { $response = "updated"; } else { $response = "error"; } } else { $response = "error"; } } else { $this->query = "update `booking discription` set `STATUS`='$status' where `TICKET NO`='$tno'"; $this->q_result = mysql_query($this->query,$this->conn) or die(mysql_error()); if($this->q_result) { $query = "update `tech detail` set `TECH NAME`='$tname',`CABLE RG11`='$rg11',`CABLE RG06`='$rg06',`TV PINS USED`='$tvpins',`JOINTER USED`='$jointer',`CONNECTOR QTY`='$cquantity',`NO OF TV`='$nooftv',`MISC`='$misc',`TECH COMMENTS`='$tcomments' where `BOOKING`='$tno'"; $q_result = mysql_query($query,$this->conn) or die(mysql_error()); if($q_result) { $response = "updated"; } else { $response = "error"; } } else { $response = "error"; } } return $response; } Question is that, this code is working just fine in IE8 i.e i am using... but it is not working in FF 3.6.3... I have checked each n everything... One thing is that the code works fine on FF too only when i activate the firebug debugger. Otherwise the alert in ajax success shows itself with nothing in it... Help me...

Read the article
Still cant find a solution... about ajax call

- by booota

Okay I have this ajax call $('.updatecom .registercomplaint').click(function(){ updatecomplaints(); }); This calls the function updatecomplaints() function updatecomplaints() { var tno = $(".updatecom #tno").val(); var status = $(".updatecom #status").val(); if(status=='DONE') { $(".updatecom #con").val(''); } var tname = $(".updatecom #tname").val(); var rg11 = $(".updatecom #crg11").val(); var rg06 = $(".updatecom #crg06").val(); var tvpins = $(".updatecom #tvpins").val(); var jointer = $(".updatecom #jointer").val(); var cquantity = $(".updatecom #conqty").val(); var nooftv = $(".updatecom #tvno").val(); var misc = $(".updatecom #misc").val(); var tcomments = $(".updatecom #tcomments").val(); var con = $(".updatecom #con").val(); //alert(tno+status+tname+rg11+rg06+tvpins+jointer+cquantity+nooftv+misc+tcomments+con); $.ajax( { type: "POST", url: "up_functions.php", data: "ticket="+ tno +"& opt=upcom" +"& status="+ status +"& tname="+ tname +"& rg11="+ rg11 +"& rg06="+ rg06 +"& tvpins="+ tvpins +"& jointer="+ jointer +"& cquantity="+ cquantity +"& nooftv="+ nooftv +"& misc="+ misc +"& tcomments="+ tcomments +"& con="+ con, success: function(response) { alert(response); } }); } here is my up_functions.php $tno = htmlspecialchars(trim($_REQUEST['ticket'])); $status = htmlspecialchars(trim($_REQUEST['status'])); $tname = htmlspecialchars(trim($_REQUEST['tname'])); $rg11 = htmlspecialchars(trim($_REQUEST['rg11'])); $rg06 = htmlspecialchars(trim($_REQUEST['rg06'])); $tvpins = htmlspecialchars(trim($_REQUEST['tvpins'])); $jointer = htmlspecialchars(trim($_REQUEST['jointer'])); $cquantity = htmlspecialchars(trim($_REQUEST['cquantity'])); $nooftv = htmlspecialchars(trim($_REQUEST['nooftv'])); $misc = htmlspecialchars(trim($_REQUEST['misc'])); $tcomments = htmlspecialchars(trim($_REQUEST['tcomments'])); $con = htmlspecialchars(trim($_REQUEST['con'])); $result=$ptr->upcomticketinfo($tno,$status,$tname,$rg11,$rg06,$tvpins,$jointer,$cquantity,$nooftv,$misc,$tcomments,$con); echo $result; and here is my upconticketinfo() php function function upcomticketinfo($tno,$status,$tname,$rg11,$rg06,$tvpins,$jointer,$cquantity,$nooftv,$misc,$tcomments,$con) { if($con!='' || $con!=NULL) { $this->query = "update `booking discription` set `STATUS`='$status',`CLOSED ON`='$con' where `TICKET NO`='$tno'"; $this->q_result = mysql_query($this->query,$this->conn) or die(mysql_error()); if($this->q_result) { $query = "update `tech detail` set `TECH NAME`='$tname',`CABLE RG11`='$rg11',`CABLE RG06`='$rg06',`TV PINS USED`='$tvpins',`JOINTER USED`='$jointer',`CONNECTOR QTY`='$cquantity',`NO OF TV`='$nooftv',`MISC`='$misc',`TECH COMMENTS`='$tcomments' where `BOOKING`='$tno'"; $q_result = mysql_query($query,$this->conn) or die(mysql_error()); if($q_result) { $response = "updated"; } else { $response = "error"; } } else { $response = "error"; } } else { $this->query = "update `booking discription` set `STATUS`='$status' where `TICKET NO`='$tno'"; $this->q_result = mysql_query($this->query,$this->conn) or die(mysql_error()); if($this->q_result) { $query = "update `tech detail` set `TECH NAME`='$tname',`CABLE RG11`='$rg11',`CABLE RG06`='$rg06',`TV PINS USED`='$tvpins',`JOINTER USED`='$jointer',`CONNECTOR QTY`='$cquantity',`NO OF TV`='$nooftv',`MISC`='$misc',`TECH COMMENTS`='$tcomments' where `BOOKING`='$tno'"; $q_result = mysql_query($query,$this->conn) or die(mysql_error()); if($q_result) { $response = "updated"; } else { $response = "error"; } } else { $response = "error"; } } return $response; } Question is that, this code is working just fine in IE8 i.e i am using... but it is not working in FF 3.6.3... I have checked each n everything... One thing is that the code works fine on FF too only when i debug the page with firebug debugger. Otherwise the alert in ajax success shows itself with nothing in it... Help me...

Read the article
May be my example site may answer my question about ajax call... Help me

- by booota

Okay I have this ajax call $('.updatecom .registercomplaint').click(function(){ updatecomplaints(); }); This calls the function updatecomplaints() function updatecomplaints() { var tno = $(".updatecom #tno").val(); var status = $(".updatecom #status").val(); if(status=='DONE') { $(".updatecom #con").val(''); } var tname = $(".updatecom #tname").val(); var rg11 = $(".updatecom #crg11").val(); var rg06 = $(".updatecom #crg06").val(); var tvpins = $(".updatecom #tvpins").val(); var jointer = $(".updatecom #jointer").val(); var cquantity = $(".updatecom #conqty").val(); var nooftv = $(".updatecom #tvno").val(); var misc = $(".updatecom #misc").val(); var tcomments = $(".updatecom #tcomments").val(); var con = $(".updatecom #con").val(); //alert(tno+status+tname+rg11+rg06+tvpins+jointer+cquantity+nooftv+misc+tcomments+con); $.ajax( { type: "POST", url: "up_functions.php", data: "ticket="+ tno +"& opt=upcom" +"& status="+ status +"& tname="+ tname +"& rg11="+ rg11 +"& rg06="+ rg06 +"& tvpins="+ tvpins +"& jointer="+ jointer +"& cquantity="+ cquantity +"& nooftv="+ nooftv +"& misc="+ misc +"& tcomments="+ tcomments +"& con="+ con, success: function(response) { alert(response); } }); } here is my up_functions.php $tno = htmlspecialchars(trim($_REQUEST['ticket'])); $status = htmlspecialchars(trim($_REQUEST['status'])); $tname = htmlspecialchars(trim($_REQUEST['tname'])); $rg11 = htmlspecialchars(trim($_REQUEST['rg11'])); $rg06 = htmlspecialchars(trim($_REQUEST['rg06'])); $tvpins = htmlspecialchars(trim($_REQUEST['tvpins'])); $jointer = htmlspecialchars(trim($_REQUEST['jointer'])); $cquantity = htmlspecialchars(trim($_REQUEST['cquantity'])); $nooftv = htmlspecialchars(trim($_REQUEST['nooftv'])); $misc = htmlspecialchars(trim($_REQUEST['misc'])); $tcomments = htmlspecialchars(trim($_REQUEST['tcomments'])); $con = htmlspecialchars(trim($_REQUEST['con'])); $result=$ptr-upcomticketinfo($tno,$status,$tname,$rg11,$rg06,$tvpins,$jointer,$cquantity,$nooftv,$misc,$tcomments,$con); echo $result; and here is my upconticketinfo() php function function upcomticketinfo($tno,$status,$tname,$rg11,$rg06,$tvpins,$jointer,$cquantity,$nooftv,$misc,$tcomments,$con) { if($con!='' || $con!=NULL) { $this-query = "update booking discription set STATUS='$status',CLOSED ON='$con' where TICKET NO='$tno'"; $this-q_result = mysql_query($this-query,$this-conn) or die(mysql_error()); if($this-q_result) { $query = "update tech detail set TECH NAME='$tname',CABLE RG11='$rg11',CABLE RG06='$rg06',TV PINS USED='$tvpins',JOINTER USED='$jointer',CONNECTOR QTY='$cquantity',NO OF TV='$nooftv',MISC='$misc',TECH COMMENTS='$tcomments' where BOOKING='$tno'"; $q_result = mysql_query($query,$this-conn) or die(mysql_error()); if($q_result) { $response = "updated"; } else { $response = "error"; } } else { $response = "error"; } } else { $this-query = "update booking discription set STATUS='$status' where TICKET NO='$tno'"; $this-q_result = mysql_query($this-query,$this-conn) or die(mysql_error()); if($this-q_result) { $query = "update tech detail set TECH NAME='$tname',CABLE RG11='$rg11',CABLE RG06='$rg06',TV PINS USED='$tvpins',JOINTER USED='$jointer',CONNECTOR QTY='$cquantity',NO OF TV='$nooftv',MISC='$misc',TECH COMMENTS='$tcomments' where BOOKING='$tno'"; $q_result = mysql_query($query,$this-conn) or die(mysql_error()); if($q_result) { $response = "updated"; } else { $response = "error"; } } else { $response = "error"; } } return $response; } Question is that, this code is working just fine in IE8 i.e i am using... but it is not working in FF 3.6.3... I have checked each n everything... One thing is that the code works fine on FF too only when i debug the page with firebug debugger. Otherwise the alert in ajax success shows itself with nothing in it... Help me... Goto link text Enter 6628 in the Ticket No. box under Update Complaint Status section... A new form will open. In that form press update... Try it in FF and IE... IE8 shows the results as needed but FF does not...

Read the article
enclosing double quotes in array

- by Jared

Hi all I might be looking at this the wrong way, but I have a form that does its thing (sends emails etc etc) but I also put in some code to make a simple flatfile csv log with some of the user entered details. If a user accidentally puts in for instance 'himynameis","bob' this would either break the csv row (because the quotes weren't encapsulated) or if I use htmlspecialchars() and stripslashes() on the data, I end up with a ugly data value of 'himynameis","bob'. My question is, how can I handle the incoming data to cater for '"' being put in the form without breaking my csv file? this is my code for creating the csv log file. @$name = htmlspecialchars(trim($_POST['name'])); @$emailCheck = htmlspecialchars(trim($_POST['email'])); @$title = htmlspecialchars(trim($_POST['title'])); @$phone = htmlspecialchars(trim($_POST['phone'])); function logFile($logText) { $path = 'D:\logs'; $filename = '\Log-' . date('Ym', time()) . '.csv'; $file = $path . $filename; if(!file_exists($file)) { $logHeader = array('Date', 'IP_Address', 'Title', 'Name', 'Customer_Email', 'Customer_Phone', 'file'); $fp = fopen($file, 'a'); fputcsv($fp, $line); } $fp = fopen($file, 'a'); foreach ($logText as $record) { fputcsv($fp, $record); } } //Log submission to file $date = date("Y/m/d H:i:s"); $clientIp = getIpAddress(); //get clients IP address $nameLog = stripslashes($name); $titleLog = stripslashes($title); if($_FILES['uploadedfile']['error'] == 4) $filename = "No file attached."; //check if file uploaded and return $logText = array(array("$date", "$clientIp", "$titleLog", "$nameLog", "$emailCheck", "$phone", "$filename")); logFile($logText); //write form details to log Here is a sample of the incoming array data: Array ( [0] => Array ( [0] => 2010/05/17 10:22:27 [1] => xxx.xxx.xxx.xxx [2] => title [3] => """"himynameis","bob" [4] => [email protected] [5] => 346346 [6] => No file attached. ) ) TIA Jared

Read the article
Checking form input data on submit with pure PHP [migrated]

- by Leron

I have some experience with PHP but I have never even try to do this wit pure PHP, but now a friend of mine asked me to help him with this task so I sat down and write some code. What I'm asking is for opinion if this is the right way to do this when you want to use only PHP and is there anything I can change to make the code better. Besides that I think the code is working at least with the few test I made with it. Here it is: <?php session_start(); // define variables and initialize with empty values $name = $address = $email = ""; $nameErr = $addrErr = $emailErr = ""; $_SESSION["name"] = $_SESSION["address"] = $_SESSION["email"] = ""; $_SESSION["first_page"] = false; if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["name"])) { $nameErr = "Missing"; } else { $_SESSION["name"] = $_POST["name"]; $name = $_POST["name"]; } if (empty($_POST["address"])) { $addrErr = "Missing"; } else { $_SESSION["address"] = $_POST["address"]; $address = $_POST["address"]; } if (empty($_POST["email"])) { $emailErr = "Missing"; } else { $_SESSION["email"] = $_POST["email"]; $email = $_POST["email"]; } } if ($_SESSION["name"] != "" && $_SESSION["address"] != "" && $_SESSION["email"] != "") { $_SESSION["first_page"] = true; header('Location: http://localhost/formProcessing2.php'); //echo $_SESSION["name"]. " " .$_SESSION["address"]. " " .$_SESSION["email"]; } ?> <DCTYPE! html> <head> <style> .error { color: #FF0000; } </style> </head> <body> <form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> Name <input type="text" name="name" value="<?php echo htmlspecialchars($name);?>"> <span class="error"><?php echo $nameErr;?></span> <br /> Address <input type="text" name="address" value="<?php echo htmlspecialchars($address);?>"> <span class="error"><?php echo $addrErr;?></span> <br /> Email <input type="text" name="email" value="<?php echo htmlspecialchars($email);?>"> <span class="error"><?php echo $emailErr;?></span> <br /> <input type="submit" name="submit" value="Submit"> </form> </body> </html>

Read the article
Unnecessary Error Message Being Displayed

- by ThatMacLad

I've set up a form to update my blog and it was working fine up until about this morning. It keeps on turning up with an Invalid Entry ID error on the edit post page when I click the update button despite the fact that it updates the homepage. All help is seriously appreciated. <html> <head> <title>Ultan's Blog | New Post</title> <link rel="stylesheet" href="css/editpost.css" type="text/css" /> </head> <body> <div class="new-form"> <div class="header"> </div> <div class="form-bg"> <?php mysql_connect ('localhost', 'root', 'root') ; mysql_select_db ('tmlblog'); if (isset($_POST['update'])) { $id = htmlspecialchars(strip_tags($_POST['id'])); $month = htmlspecialchars(strip_tags($_POST['month'])); $date = htmlspecialchars(strip_tags($_POST['date'])); $year = htmlspecialchars(strip_tags($_POST['year'])); $time = htmlspecialchars(strip_tags($_POST['time'])); $entry = $_POST['entry']; $title = htmlspecialchars(strip_tags($_POST['title'])); if (isset($_POST['password'])) $password = htmlspecialchars(strip_tags($_POST['password'])); else $password = ""; $entry = nl2br($entry); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $entry = addslashes($entry); } $timestamp = strtotime ($month . " " . $date . " " . $year . " " . $time); $result = mysql_query("UPDATE php_blog SET timestamp='$timestamp', title='$title', entry='$entry', password='$password' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error()); header("Location: post.php?id=" . $id); } if (isset($_POST['delete'])) { $id = (int)$_POST['id']; $result = mysql_query("DELETE FROM php_blog WHERE id='$id'") or print ("Can't delete entry.<br />" . mysql_error()); if ($result != false) { print "The entry has been successfully deleted from the database."; exit; } } if (!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])) { die("Invalid entry ID."); } else { $id = (int)$_GET['id']; } $result = mysql_query ("SELECT * FROM php_blog WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error()); while ($row = mysql_fetch_array($result)) { $old_timestamp = $row['timestamp']; $old_title = stripslashes($row['title']); $old_entry = stripslashes($row['entry']); $old_password = $row['password']; $old_title = str_replace('"','\'',$old_title); $old_entry = str_replace('<br />', '', $old_entry); $old_month = date("F",$old_timestamp); $old_date = date("d",$old_timestamp); $old_year = date("Y",$old_timestamp); $old_time = date("H:i",$old_timestamp); } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <p><input type="hidden" name="id" value="<?php echo $id; ?>" /> <strong><label for="month">Date (month, day, year):</label></strong> <select name="month" id="month"> <option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option> <option value="January">January</option> <option value="February">February</option> <option value="March">March</option> <option value="April">April</option> <option value="May">May</option> <option value="June">June</option> <option value="July">July</option> <option value="August">August</option> <option value="September">September</option> <option value="October">October</option> <option value="November">November</option> <option value="December">December</option> </select> <input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" /> <select name="year" id="year"> <option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option> <option value="2004">2004</option> <option value="2005">2005</option> <option value="2006">2006</option> <option value="2007">2007</option> <option value="2008">2008</option> <option value="2009">2009</option> <option value="2010">2010</option> </select> <strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p> <p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /> </p> <p><strong><label for="password">Password protect?</label></strong> <input type="checkbox" name="password" id="password" value="1"<?php if($old_password == 1) echo " checked=\"checked\""; ?> /></p> <p><textarea cols="80" rows="20" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p> <p><input type="submit" name="update" id="update" value="Update"></p> </form> <p><strong>Be absolutely sure that this is the post that you wish to remove from the blog!</strong><br /> </p> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <input type="hidden" name="id" id="id" value="<?php echo $id; ?>" /> <input type="submit" name="delete" id="delete" value="Delete" /> </form> </div> </div> </div> <div class="bottom"></div> </body> </html>

Read the article
question about php decode JSON

- by cj333

Hi, I still have some question about php decode JSON. the JSON return like this. all({"Total":30,"Debug":null,"Documents":[ { "DocTitle":"Image: A municipal police officer takes positio", "Docmultimedia":[ { "DocExpire":"2/7/2011 1:39:02 PM" } ] } ...] }); this is my php code: foreach ($data->Documents as $result) { echo htmlspecialchars($result->DocTitle).'<br />'; if(!empty($result->Docmultimedia)){ echo htmlspecialchars($result->Docmultimedia->DocExpire).'<br />'; } } It return Warning: Invalid argument supplied for foreach(). and echo htmlspecialchars($result->Docmultimedia->DocExpire), is it write right? Thanks all.

Read the article
JavaScript accessing form elements using document.forms[].elements[]

- by thecoshman

var loc_name = document.forms['create_<?php echo(htmlspecialchars($window_ID)); ?>'].elements['location_name']; alert(loc_name); This just gives me the message 'undefined' where as... var loc_name = document.forms['create_<?php echo(htmlspecialchars($window_ID)); ?>']; alert(loc_name); Gives me the object form business. Have I just got this all wrong? What is the 'proper' way to access this form element. The form element has the correct name and it has an id, the id is similar but not the same. ** HTML - as reuqested ** <form action="javascript:void(0)" name="create_<?php echo(htmlspecialchars($window_ID)); ?>" method="GET" onsubmit="return false"> <td> <input type="text" id="location_name_<?php echo($window_ID); ?>" name="location_name" value="Enter a name" onfocus="if(this.value == 'Enter a name'){this.value = ''}" onblur="if(this.value == ''){ this.value = 'Enter a name' }" /> </td> <td colspan="2"> <input type="button" name="create_location" value="Create" onclick="var pre_row_was = $('#pre_form_row_<?php echo($window_ID); ?>').innerHTML; $('#pre_form_row_<?php echo($window_ID); ?>').innerHTML = '<td colspan=\'3\'>Validating...</td>'; var loc_name = document.forms['create_<?php echo(htmlspecialchars($window_ID)); ?>'].elements['location_name']; alert(loc_name); if(loc_name.value == '') { alert('You can\'t leave the room name blank'); loc_name.focus(); loc_name.value = 'Enter a name'; $('#pre_form_row_<?php echo($window_ID); ?>').innerHTML = pre_row_was; return false; } if(loc_name.value == 'Enter a name') { alert('You must enter a room name first'); loc_name.focus(); $('#pre_form_row_<?php echo($window_ID); ?>').innerHTML = pre_row_was; return false; } $('#pre_form_row_<?php echo($window_ID); ?>').innerHTML = pre_row_was; Window_manager.new_window().load_xml('location/create.php?location_name=' + loc_name.value).display();" /> </td> </form> ugly as sin that is...

Read the article
foreach: how to iterate this

- by ilnur777

object(stdClass)[1] public 'inbox' => array 0 => object(stdClass)[2] public 'from' => string '55512351' (length=8) public 'date' => string '29/03/2010' (length=10) public 'time' => string '21:24:10' (length=8) public 'utcOffsetSeconds' => int 3600 public 'recipients' => array 0 => object(stdClass)[3] public 'address' => string '55512351' (length=8) public 'name' => string '55512351' (length=8) public 'deliveryStatus' => string 'notRequested' (length=12) public 'body' => string 'This is message text.' (length=21) 1 => object(stdClass)[4] public 'from' => string '55512351' (length=8) public 'date' => string '29/03/2010' (length=10) public 'time' => string '21:24:12' (length=8) public 'utcOffsetSeconds' => int 3600 public 'recipients' => array 0 => object(stdClass)[5] public 'address' => string '55512351' (length=8) public 'name' => string '55512351' (length=8) public 'deliveryStatus' => string 'notRequested' (length=12) public 'body' => string 'This is message text.' (length=21) .... .... I have this foreach, but it does not iterate address, name, deliveryStatus! Could you show how to get this data? foreach ($data->inbox as $note) { echo '<p>'; echo 'From : ' . htmlspecialchars($note->from) . '<br />'; echo 'Date : ' . htmlspecialchars($note->date) . '<br />'; echo 'Time : ' . htmlspecialchars($note->time) . '<br />'; echo 'Body : ' . htmlspecialchars($note->body) . '<br />'; }

Read the article
Escaping textarea content

- by user198729

<textarea><?php echo htmlspecialchars($content)?></textarea> Does content inside <textarea need to be converted into HTML entities? Is htmlspecialchars necessary here? I tried with and without it, and both work for the content I used.

Read the article
$_POST data returns empty when headers are > POST_MAX_SIZE

- by Jared

Hi Hopefully someone here might have an answer to my question. I have a basic form that contains simple fields, like name, number, email address etc and 1 file upload field. I am trying to add some validation into my script that detects if the file is too large and then rejects the user back to the form to select/upload a smaller file. My problem is, if a user selects a file that is bigger than my validation file size rule and larger than php.ini POST_MAX_SIZE/UPLOAD_MAX_FILESIZE and pushes submit, then PHP seems to try process the form only to fail on the POST_MAX_SIZE settings and then clears the entire $_POST array and returns nothing back to the form. Is there a way around this? Surely if someone uploads something than the max size configured in the php.ini then you can still get the rest of the $_POST data??? Here is my code. <?php function validEmail($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } } return $isValid; } //setup post variables @$name = htmlspecialchars(trim($_REQUEST['name'])); @$emailCheck = htmlspecialchars(trim($_REQUEST['email'])); @$organisation = htmlspecialchars(trim($_REQUEST['organisation'])); @$title = htmlspecialchars(trim($_REQUEST['title'])); @$phone = htmlspecialchars(trim($_REQUEST['phone'])); @$location = htmlspecialchars(trim($_REQUEST['location'])); @$description = htmlspecialchars(trim($_REQUEST['description'])); @$fileError = 0; @$phoneError = ""; //setup file upload handler $target_path = 'uploads/'; $filename = basename( @$_FILES['uploadedfile']['name']); $max_size = 8000000; // maximum file size (8mb in bytes) NB: php.ini max filesize upload is 10MB on test environment. $allowed_filetypes = Array(".pdf", ".doc", ".zip", ".txt", ".xls", ".docx", ".csv", ".rtf"); //put extensions in here that should be uploaded only. $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename. if(!is_writable($target_path)) die('You cannot upload to the specified directory, please CHMOD it to 777.'); //Check if we can upload to the specified upload folder. //display form function function displayForm($name, $emailCheck, $organisation, $phone, $title, $location, $description, $phoneError, $allowed_filetypes, $ext, $filename, $fileError) { //make $emailCheck global so function can get value from global scope. global $emailCheck; global $max_size; echo '<form action="geodetic_form.php" method="post" name="contact" id="contact" enctype="multipart/form-data">'."\n". '<fieldset>'."\n".'<div>'."\n"; //name echo '<label for="name"><span class="mandatory">*</span>Your name:</label>'."\n". '<input type="text" name="name" id="name" class="inputText required" value="'. $name .'" />'."\n"; //check if name field is filled out if (isset($_REQUEST['submit']) && empty($name)) { echo '<label for="name" class="error">Please enter your name.</label>'."\n"; } echo '</div>'."\n". '<div>'."\n"; //Email echo '<label for="email"><span class="mandatory">*</span>Your email:</label>'."\n". '<input type="text" name="email" id="email" class="inputText required email" value="'. $emailCheck .'" />'."\n"; // check if email field is filled out and proper format if (isset($_REQUEST['submit']) && validEmail($emailCheck) == false) { echo '<label for="email" class="error">Invalid email address entered.</label>'."\n"; } echo '</div>'."\n". '<div>'."\n"; //organisation echo '<label for="phone">Organisation:</label>'."\n". '<input type="text" name="organisation" id="organisation" class="inputText" value="'. $organisation .'" />'."\n"; echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n"; //title echo '<label for="phone">Title:</label>'."\n". '<input type="text" name="title" id="title" class="inputText" value="'. $title .'" />'."\n"; echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n"; //phone echo '<label for="phone"><span class="mandatory">*</span>Phone <br /><span class="small">(include area code)</span>:</label>'."\n". '<input type="text" name="phone" id="phone" class="inputText required" value="'. $phone .'" />'."\n"; // check if phone field is filled out that it has numbers and not characters if (isset($_REQUEST['submit']) && $phoneError == "true" && empty($phone)) echo '<label for="email" class="error">Please enter a valid phone number.</label>'."\n"; echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n"; //Location echo '<label class="location" for="location"><span class="mandatory">*</span>Location:</label>'."\n". '<textarea name="location" id="location" class="required">'. $location .'</textarea>'."\n"; //check if message field is filled out if (isset($_REQUEST['submit']) && empty($_REQUEST['location'])) echo '<label for="location" class="error">This field is required.</label>'."\n"; echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n"; //description echo '<label class="description" for="description">Description:</label>'."\n". '<textarea name="description" id="queryComments">'. $description .'</textarea>'."\n"; echo '</div>'."\n". '</fieldset>'."\n".'<fieldset>'. "\n" . '<div>'."\n"; //file upload echo '<label class="uploadedfile" for="uploadedfile">File:</label>'."\n". '<input type="file" name="uploadedfile" id="uploadedfile" value="'. $filename .'" />'."\n"; // Check if the filetype is allowed, if not DIE and inform the user. switch ($fileError) { case "1": echo '<label for="uploadedfile" class="error">The file you attempted to upload is not allowed.</label>'; break; case "2": echo '<label for="uploadedfile" class="error">The file you attempted to upload is too large.</label>'; break; } echo '</div>'."\n". '</fieldset>'; //end of form echo '<div class="submit"><input type="submit" name="submit" value="Submit" id="submit" /></div>'. '<div class="clear"><p><br /></p></div>'; } //end function //setup error validations if (isset($_REQUEST['submit']) && !empty($_REQUEST['phone']) && !is_numeric($_REQUEST['phone'])) $phoneError = "true"; if (isset($_REQUEST['submit']) && $_FILES['uploadedfile']['error'] != 4 && !in_array($ext, $allowed_filetypes)) $fileError = 1; if (isset($_REQUEST['submit']) && $_FILES["uploadedfile"]["size"] > $max_size) $fileError = 2; echo "this condition " . $fileError; $POST_MAX_SIZE = ini_get('post_max_size'); $mul = substr($POST_MAX_SIZE, -1); $mul = ($mul == 'M' ? 1048576 : ($mul == 'K' ? 1024 : ($mul == 'G' ? 1073741824 : 1))); if ($_SERVER['CONTENT_LENGTH'] > $mul*(int)$POST_MAX_SIZE && $POST_MAX_SIZE) echo "too big!!"; echo $POST_MAX_SIZE; if(empty($name) || empty($phone) || empty($location) || validEmail($emailCheck) == false || $phoneError == "true" || $fileError != 0) { displayForm($name, $emailCheck, $organisation, $phone, $title, $location, $description, $phoneError, $allowed_filetypes, $ext, $filename, $fileError); echo $fileError; echo "max size is: " .$max_size; echo "and file size is: " . $_FILES["uploadedfile"]["size"]; exit; } else { //copy file from temp to upload directory $path_of_uploaded_file = $target_path . $filename; $tmp_path = $_FILES["uploadedfile"]["tmp_name"]; echo $tmp_path; echo "and file size is: " . filesize($_FILES["uploadedfile"]["tmp_name"]); exit; if(is_uploaded_file($tmp_path)) { if(!copy($tmp_path,$path_of_uploaded_file)) { echo 'error while copying the uploaded file'; } } //test debug stuff echo "sending email..."; exit; } ?> PHP is returning this error in the log: [29-Apr-2010 10:32:47] PHP Warning: POST Content-Length of 57885895 bytes exceeds the limit of 10485760 bytes in Unknown on line 0 Excuse all the debug stuff :) FTR, I am running PHP 5.1.2 on IIS. TIA Jared

Read the article
Can this PHP version of SPICE be improved?

- by Noctis Skytower

I do not know much about PHP's standard library of functions and was wondering if the following code can be improved in any way. The implementation should yield the same results, the API should remain as it is, but ways to make is more PHP-ish would be greatly appreciated. This is a custom encryption library. Code <?php /*************************************** Create random major and minor SPICE key. ***************************************/ function crypt_major() { $all = range("\x00", "\xFF"); shuffle($all); $major_key = implode("", $all); return $major_key; } function crypt_minor() { $sample = array(); do { array_push($sample, 0, 1, 2, 3); } while (count($sample) != 256); shuffle($sample); $list = array(); for ($index = 0; $index < 64; $index++) { $b12 = $sample[$index * 4] << 6; $b34 = $sample[$index * 4 + 1] << 4; $b56 = $sample[$index * 4 + 2] << 2; $b78 = $sample[$index * 4 + 3]; array_push($list, $b12 + $b34 + $b56 + $b78); } $minor_key = implode("", array_map("chr", $list)); return $minor_key; } /*************************************** Create the SPICE key via the given name. ***************************************/ function named_major($name) { srand(crc32($name)); return crypt_major(); } function named_minor($name) { srand(crc32($name)); return crypt_minor(); } /*************************************** Check validity for major and minor keys. ***************************************/ function _check_major($key) { if (is_string($key) && strlen($key) == 256) { foreach (range("\x00", "\xFF") as $char) { if (substr_count($key, $char) == 0) { return FALSE; } } return TRUE; } return FALSE; } function _check_minor($key) { if (is_string($key) && strlen($key) == 64) { $indexs = array(); foreach (array_map("ord", str_split($key)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($indexs, ($byte >> $shift) & 3); } } $dict = array_count_values($indexs); foreach (range(0, 3) as $index) { if ($dict[$index] != 64) { return FALSE; } } return TRUE; } return FALSE; } /*************************************** Create encode maps for encode functions. ***************************************/ function _encode_map_1($major) { return array_map("ord", str_split($major)); } function _encode_map_2($minor) { $map_2 = array(array(), array(), array(), array()); $list = array(); foreach (array_map("ord", str_split($minor)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($list, ($byte >> $shift) & 3); } } for ($byte = 0; $byte < 256; $byte++) { array_push($map_2[$list[$byte]], chr($byte)); } return $map_2; } /*************************************** Create decode maps for decode functions. ***************************************/ function _decode_map_1($minor) { $map_1 = array(); foreach (array_map("ord", str_split($minor)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($map_1, ($byte >> $shift) & 3); } } return $map_1; }function _decode_map_2($major) { $map_2 = array(); $temp = array_map("ord", str_split($major)); for ($byte = 0; $byte < 256; $byte++) { $map_2[$temp[$byte]] = chr($byte); } return $map_2; } /*************************************** Encrypt or decrypt the string with maps. ***************************************/ function _encode($string, $map_1, $map_2) { $cache = ""; foreach (str_split($string) as $char) { $byte = $map_1[ord($char)]; foreach (range(6, 0, 2) as $shift) { $cache .= $map_2[($byte >> $shift) & 3][mt_rand(0, 63)]; } } return $cache; } function _decode($string, $map_1, $map_2) { $cache = ""; $temp = str_split($string); for ($iter = 0; $iter < strlen($string) / 4; $iter++) { $b12 = $map_1[ord($temp[$iter * 4])] << 6; $b34 = $map_1[ord($temp[$iter * 4 + 1])] << 4; $b56 = $map_1[ord($temp[$iter * 4 + 2])] << 2; $b78 = $map_1[ord($temp[$iter * 4 + 3])]; $cache .= $map_2[$b12 + $b34 + $b56 + $b78]; } return $cache; } /*************************************** This is the public interface for coding. ***************************************/ function encode_string($string, $major, $minor) { if (is_string($string)) { if (_check_major($major) && _check_minor($minor)) { $map_1 = _encode_map_1($major); $map_2 = _encode_map_2($minor); return _encode($string, $map_1, $map_2); } } return FALSE; } function decode_string($string, $major, $minor) { if (is_string($string) && strlen($string) % 4 == 0) { if (_check_major($major) && _check_minor($minor)) { $map_1 = _decode_map_1($minor); $map_2 = _decode_map_2($major); return _decode($string, $map_1, $map_2); } } return FALSE; } ?> This is a sample showing how the code is being used. Hex editors may be of help with the input / output. Example <?php # get and process all of the form data @ $input = htmlspecialchars($_POST["input"]); @ $majorname = htmlspecialchars($_POST["majorname"]); @ $minorname = htmlspecialchars($_POST["minorname"]); @ $majorkey = htmlspecialchars($_POST["majorkey"]); @ $minorkey = htmlspecialchars($_POST["minorkey"]); @ $output = htmlspecialchars($_POST["output"]); # process the submissions by operation # CREATE @ $operation = $_POST["operation"]; if ($operation == "Create") { if (strlen($_POST["majorname"]) == 0) { $majorkey = bin2hex(crypt_major()); } if (strlen($_POST["minorname"]) == 0) { $minorkey = bin2hex(crypt_minor()); } if (strlen($_POST["majorname"]) != 0) { $majorkey = bin2hex(named_major($_POST["majorname"])); } if (strlen($_POST["minorname"]) != 0) { $minorkey = bin2hex(named_minor($_POST["minorname"])); } } # ENCRYPT or DECRYPT function is_hex($char) { if ($char == "0"): return TRUE; elseif ($char == "1"): return TRUE; elseif ($char == "2"): return TRUE; elseif ($char == "3"): return TRUE; elseif ($char == "4"): return TRUE; elseif ($char == "5"): return TRUE; elseif ($char == "6"): return TRUE; elseif ($char == "7"): return TRUE; elseif ($char == "8"): return TRUE; elseif ($char == "9"): return TRUE; elseif ($char == "a"): return TRUE; elseif ($char == "b"): return TRUE; elseif ($char == "c"): return TRUE; elseif ($char == "d"): return TRUE; elseif ($char == "e"): return TRUE; elseif ($char == "f"): return TRUE; else: return FALSE; endif; } function hex2bin($str) { if (strlen($str) % 2 == 0): $string = strtolower($str); else: $string = strtolower("0" . $str); endif; $cache = ""; $temp = str_split($str); for ($index = 0; $index < count($temp) / 2; $index++) { $h1 = $temp[$index * 2]; if (is_hex($h1)) { $h2 = $temp[$index * 2 + 1]; if (is_hex($h2)) { $cache .= chr(hexdec($h1 . $h2)); } else { return FALSE; } } else { return FALSE; } } return $cache; } if ($operation == "Encrypt" || $operation == "Decrypt") { # CHECK FOR ANY ERROR $errors = array(); if (strlen($_POST["input"]) == 0) { $output = ""; } $binmajor = hex2bin($_POST["majorkey"]); if (strlen($_POST["majorkey"]) == 0) { array_push($errors, "There must be a major key."); } elseif ($binmajor == FALSE) { array_push($errors, "The major key must be in hex."); } elseif (_check_major($binmajor) == FALSE) { array_push($errors, "The major key is corrupt."); } $binminor = hex2bin($_POST["minorkey"]); if (strlen($_POST["minorkey"]) == 0) { array_push($errors, "There must be a minor key."); } elseif ($binminor == FALSE) { array_push($errors, "The minor key must be in hex."); } elseif (_check_minor($binminor) == FALSE) { array_push($errors, "The minor key is corrupt."); } if ($_POST["operation"] == "Decrypt") { $bininput = hex2bin(str_replace("\r", "", str_replace("\n", "", $_POST["input"]))); if ($bininput == FALSE) { if (strlen($_POST["input"]) != 0) { array_push($errors, "The input data must be in hex."); } } elseif (strlen($bininput) % 4 != 0) { array_push($errors, "The input data is corrupt."); } } if (count($errors) != 0) { # ERRORS ARE FOUND $output = "ERROR:"; foreach ($errors as $error) { $output .= "\n" . $error; } } elseif (strlen($_POST["input"]) != 0) { # CONTINUE WORKING if ($_POST["operation"] == "Encrypt") { # ENCRYPT $output = substr(chunk_split(bin2hex(encode_string($_POST["input"], $binmajor, $binminor)), 58), 0, -2); } else { # DECRYPT $output = htmlspecialchars(decode_string($bininput, $binmajor, $binminor)); } } } # echo the form with the values filled echo "<P><TEXTAREA class=maintextarea name=input rows=25 cols=25>" . $input . "</TEXTAREA></P>\n"; echo "<P>Major Name:</P>\n"; echo "<P><INPUT id=textbox1 name=majorname value=\"" . $majorname . "\"></P>\n"; echo "<P>Minor Name:</P>\n"; echo "<P><INPUT id=textbox1 name=minorname value=\"" . $minorname . "\"></P>\n"; echo "<DIV style=\"TEXT-ALIGN: center\"><INPUT class=submit type=submit value=Create name=operation>\n"; echo "</DIV>\n"; echo "<P>Major Key:</P>\n"; echo "<P><INPUT id=textbox1 name=majorkey value=\"" . $majorkey . "\"></P>\n"; echo "<P>Minor Key:</P>\n"; echo "<P><INPUT id=textbox1 name=minorkey value=\"" . $minorkey . "\"></P>\n"; echo "<DIV style=\"TEXT-ALIGN: center\"><INPUT class=submit type=submit value=Encrypt name=operation> \n"; echo "<INPUT class=submit type=submit value=Decrypt name=operation> </DIV>\n"; echo "<P>Result:</P>\n"; echo "<P><TEXTAREA class=maintextarea name=output rows=25 readOnly cols=25>" . $output . "</TEXTAREA></P></DIV></FORM>\n"; ?>

Read the article
How can this PHP code be improved? What should change?

- by Noctis Skytower

This is a custom encryption library. I do not know much about PHP's standard library of functions and was wondering if the following code can be improved in any way. The implementation should yield the same results, the API should remain as it is, but ways to make is more PHP-ish would be greatly appreciated. Code <?php /*************************************** Create random major and minor SPICE key. ***************************************/ function crypt_major() { $all = range("\x00", "\xFF"); shuffle($all); $major_key = implode("", $all); return $major_key; } function crypt_minor() { $sample = array(); do { array_push($sample, 0, 1, 2, 3); } while (count($sample) != 256); shuffle($sample); $list = array(); for ($index = 0; $index < 64; $index++) { $b12 = $sample[$index * 4] << 6; $b34 = $sample[$index * 4 + 1] << 4; $b56 = $sample[$index * 4 + 2] << 2; $b78 = $sample[$index * 4 + 3]; array_push($list, $b12 + $b34 + $b56 + $b78); } $minor_key = implode("", array_map("chr", $list)); return $minor_key; } /*************************************** Create the SPICE key via the given name. ***************************************/ function named_major($name) { srand(crc32($name)); return crypt_major(); } function named_minor($name) { srand(crc32($name)); return crypt_minor(); } /*************************************** Check validity for major and minor keys. ***************************************/ function _check_major($key) { if (is_string($key) && strlen($key) == 256) { foreach (range("\x00", "\xFF") as $char) { if (substr_count($key, $char) == 0) { return FALSE; } } return TRUE; } return FALSE; } function _check_minor($key) { if (is_string($key) && strlen($key) == 64) { $indexs = array(); foreach (array_map("ord", str_split($key)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($indexs, ($byte >> $shift) & 3); } } $dict = array_count_values($indexs); foreach (range(0, 3) as $index) { if ($dict[$index] != 64) { return FALSE; } } return TRUE; } return FALSE; } /*************************************** Create encode maps for encode functions. ***************************************/ function _encode_map_1($major) { return array_map("ord", str_split($major)); } function _encode_map_2($minor) { $map_2 = array(array(), array(), array(), array()); $list = array(); foreach (array_map("ord", str_split($minor)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($list, ($byte >> $shift) & 3); } } for ($byte = 0; $byte < 256; $byte++) { array_push($map_2[$list[$byte]], chr($byte)); } return $map_2; } /*************************************** Create decode maps for decode functions. ***************************************/ function _decode_map_1($minor) { $map_1 = array(); foreach (array_map("ord", str_split($minor)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($map_1, ($byte >> $shift) & 3); } } return $map_1; }function _decode_map_2($major) { $map_2 = array(); $temp = array_map("ord", str_split($major)); for ($byte = 0; $byte < 256; $byte++) { $map_2[$temp[$byte]] = chr($byte); } return $map_2; } /*************************************** Encrypt or decrypt the string with maps. ***************************************/ function _encode($string, $map_1, $map_2) { $cache = ""; foreach (str_split($string) as $char) { $byte = $map_1[ord($char)]; foreach (range(6, 0, 2) as $shift) { $cache .= $map_2[($byte >> $shift) & 3][mt_rand(0, 63)]; } } return $cache; } function _decode($string, $map_1, $map_2) { $cache = ""; $temp = str_split($string); for ($iter = 0; $iter < strlen($string) / 4; $iter++) { $b12 = $map_1[ord($temp[$iter * 4])] << 6; $b34 = $map_1[ord($temp[$iter * 4 + 1])] << 4; $b56 = $map_1[ord($temp[$iter * 4 + 2])] << 2; $b78 = $map_1[ord($temp[$iter * 4 + 3])]; $cache .= $map_2[$b12 + $b34 + $b56 + $b78]; } return $cache; } /*************************************** This is the public interface for coding. ***************************************/ function encode_string($string, $major, $minor) { if (is_string($string)) { if (_check_major($major) && _check_minor($minor)) { $map_1 = _encode_map_1($major); $map_2 = _encode_map_2($minor); return _encode($string, $map_1, $map_2); } } return FALSE; } function decode_string($string, $major, $minor) { if (is_string($string) && strlen($string) % 4 == 0) { if (_check_major($major) && _check_minor($minor)) { $map_1 = _decode_map_1($minor); $map_2 = _decode_map_2($major); return _decode($string, $map_1, $map_2); } } return FALSE; } ?> This is a sample showing how the code is being used. Hex editors may be of help with the input / output. Example <?php # get and process all of the form data @ $input = htmlspecialchars($_POST["input"]); @ $majorname = htmlspecialchars($_POST["majorname"]); @ $minorname = htmlspecialchars($_POST["minorname"]); @ $majorkey = htmlspecialchars($_POST["majorkey"]); @ $minorkey = htmlspecialchars($_POST["minorkey"]); @ $output = htmlspecialchars($_POST["output"]); # process the submissions by operation # CREATE @ $operation = $_POST["operation"]; if ($operation == "Create") { if (strlen($_POST["majorname"]) == 0) { $majorkey = bin2hex(crypt_major()); } if (strlen($_POST["minorname"]) == 0) { $minorkey = bin2hex(crypt_minor()); } if (strlen($_POST["majorname"]) != 0) { $majorkey = bin2hex(named_major($_POST["majorname"])); } if (strlen($_POST["minorname"]) != 0) { $minorkey = bin2hex(named_minor($_POST["minorname"])); } } # ENCRYPT or DECRYPT function is_hex($char) { if ($char == "0"): return TRUE; elseif ($char == "1"): return TRUE; elseif ($char == "2"): return TRUE; elseif ($char == "3"): return TRUE; elseif ($char == "4"): return TRUE; elseif ($char == "5"): return TRUE; elseif ($char == "6"): return TRUE; elseif ($char == "7"): return TRUE; elseif ($char == "8"): return TRUE; elseif ($char == "9"): return TRUE; elseif ($char == "a"): return TRUE; elseif ($char == "b"): return TRUE; elseif ($char == "c"): return TRUE; elseif ($char == "d"): return TRUE; elseif ($char == "e"): return TRUE; elseif ($char == "f"): return TRUE; else: return FALSE; endif; } function hex2bin($str) { if (strlen($str) % 2 == 0): $string = strtolower($str); else: $string = strtolower("0" . $str); endif; $cache = ""; $temp = str_split($str); for ($index = 0; $index < count($temp) / 2; $index++) { $h1 = $temp[$index * 2]; if (is_hex($h1)) { $h2 = $temp[$index * 2 + 1]; if (is_hex($h2)) { $cache .= chr(hexdec($h1 . $h2)); } else { return FALSE; } } else { return FALSE; } } return $cache; } if ($operation == "Encrypt" || $operation == "Decrypt") { # CHECK FOR ANY ERROR $errors = array(); if (strlen($_POST["input"]) == 0) { $output = ""; } $binmajor = hex2bin($_POST["majorkey"]); if (strlen($_POST["majorkey"]) == 0) { array_push($errors, "There must be a major key."); } elseif ($binmajor == FALSE) { array_push($errors, "The major key must be in hex."); } elseif (_check_major($binmajor) == FALSE) { array_push($errors, "The major key is corrupt."); } $binminor = hex2bin($_POST["minorkey"]); if (strlen($_POST["minorkey"]) == 0) { array_push($errors, "There must be a minor key."); } elseif ($binminor == FALSE) { array_push($errors, "The minor key must be in hex."); } elseif (_check_minor($binminor) == FALSE) { array_push($errors, "The minor key is corrupt."); } if ($_POST["operation"] == "Decrypt") { $bininput = hex2bin(str_replace("\r", "", str_replace("\n", "", $_POST["input"]))); if ($bininput == FALSE) { if (strlen($_POST["input"]) != 0) { array_push($errors, "The input data must be in hex."); } } elseif (strlen($bininput) % 4 != 0) { array_push($errors, "The input data is corrupt."); } } if (count($errors) != 0) { # ERRORS ARE FOUND $output = "ERROR:"; foreach ($errors as $error) { $output .= "\n" . $error; } } elseif (strlen($_POST["input"]) != 0) { # CONTINUE WORKING if ($_POST["operation"] == "Encrypt") { # ENCRYPT $output = substr(chunk_split(bin2hex(encode_string($_POST["input"], $binmajor, $binminor)), 58), 0, -2); } else { # DECRYPT $output = htmlspecialchars(decode_string($bininput, $binmajor, $binminor)); } } } # echo the form with the values filled echo "<P><TEXTAREA class=maintextarea name=input rows=25 cols=25>" . $input . "</TEXTAREA></P>\n"; echo "<P>Major Name:</P>\n"; echo "<P><INPUT id=textbox1 name=majorname value=\"" . $majorname . "\"></P>\n"; echo "<P>Minor Name:</P>\n"; echo "<P><INPUT id=textbox1 name=minorname value=\"" . $minorname . "\"></P>\n"; echo "<DIV style=\"TEXT-ALIGN: center\"><INPUT class=submit type=submit value=Create name=operation>\n"; echo "</DIV>\n"; echo "<P>Major Key:</P>\n"; echo "<P><INPUT id=textbox1 name=majorkey value=\"" . $majorkey . "\"></P>\n"; echo "<P>Minor Key:</P>\n"; echo "<P><INPUT id=textbox1 name=minorkey value=\"" . $minorkey . "\"></P>\n"; echo "<DIV style=\"TEXT-ALIGN: center\"><INPUT class=submit type=submit value=Encrypt name=operation> \n"; echo "<INPUT class=submit type=submit value=Decrypt name=operation> </DIV>\n"; echo "<P>Result:</P>\n"; echo "<P><TEXTAREA class=maintextarea name=output rows=25 readOnly cols=25>" . $output . "</TEXTAREA></P></DIV></FORM>\n"; ?> What should be editted for better memory efficiency or faster execution?

Read the article
How can this PHP code be improved? What should be changed?

- by Noctis Skytower

This is a custom encryption library. I do not know much about PHP's standard library of functions and was wondering if the following code can be improved in any way. The implementation should yield the same results, the API should remain as it is, but ways to make is more PHP-ish would be greatly appreciated. Code <?php /*************************************** Create random major and minor SPICE key. ***************************************/ function crypt_major() { $all = range("\x00", "\xFF"); shuffle($all); $major_key = implode("", $all); return $major_key; } function crypt_minor() { $sample = array(); do { array_push($sample, 0, 1, 2, 3); } while (count($sample) != 256); shuffle($sample); $list = array(); for ($index = 0; $index < 64; $index++) { $b12 = $sample[$index * 4] << 6; $b34 = $sample[$index * 4 + 1] << 4; $b56 = $sample[$index * 4 + 2] << 2; $b78 = $sample[$index * 4 + 3]; array_push($list, $b12 + $b34 + $b56 + $b78); } $minor_key = implode("", array_map("chr", $list)); return $minor_key; } /*************************************** Create the SPICE key via the given name. ***************************************/ function named_major($name) { srand(crc32($name)); return crypt_major(); } function named_minor($name) { srand(crc32($name)); return crypt_minor(); } /*************************************** Check validity for major and minor keys. ***************************************/ function _check_major($key) { if (is_string($key) && strlen($key) == 256) { foreach (range("\x00", "\xFF") as $char) { if (substr_count($key, $char) == 0) { return FALSE; } } return TRUE; } return FALSE; } function _check_minor($key) { if (is_string($key) && strlen($key) == 64) { $indexs = array(); foreach (array_map("ord", str_split($key)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($indexs, ($byte >> $shift) & 3); } } $dict = array_count_values($indexs); foreach (range(0, 3) as $index) { if ($dict[$index] != 64) { return FALSE; } } return TRUE; } return FALSE; } /*************************************** Create encode maps for encode functions. ***************************************/ function _encode_map_1($major) { return array_map("ord", str_split($major)); } function _encode_map_2($minor) { $map_2 = array(array(), array(), array(), array()); $list = array(); foreach (array_map("ord", str_split($minor)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($list, ($byte >> $shift) & 3); } } for ($byte = 0; $byte < 256; $byte++) { array_push($map_2[$list[$byte]], chr($byte)); } return $map_2; } /*************************************** Create decode maps for decode functions. ***************************************/ function _decode_map_1($minor) { $map_1 = array(); foreach (array_map("ord", str_split($minor)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($map_1, ($byte >> $shift) & 3); } } return $map_1; }function _decode_map_2($major) { $map_2 = array(); $temp = array_map("ord", str_split($major)); for ($byte = 0; $byte < 256; $byte++) { $map_2[$temp[$byte]] = chr($byte); } return $map_2; } /*************************************** Encrypt or decrypt the string with maps. ***************************************/ function _encode($string, $map_1, $map_2) { $cache = ""; foreach (str_split($string) as $char) { $byte = $map_1[ord($char)]; foreach (range(6, 0, 2) as $shift) { $cache .= $map_2[($byte >> $shift) & 3][mt_rand(0, 63)]; } } return $cache; } function _decode($string, $map_1, $map_2) { $cache = ""; $temp = str_split($string); for ($iter = 0; $iter < strlen($string) / 4; $iter++) { $b12 = $map_1[ord($temp[$iter * 4])] << 6; $b34 = $map_1[ord($temp[$iter * 4 + 1])] << 4; $b56 = $map_1[ord($temp[$iter * 4 + 2])] << 2; $b78 = $map_1[ord($temp[$iter * 4 + 3])]; $cache .= $map_2[$b12 + $b34 + $b56 + $b78]; } return $cache; } /*************************************** This is the public interface for coding. ***************************************/ function encode_string($string, $major, $minor) { if (is_string($string)) { if (_check_major($major) && _check_minor($minor)) { $map_1 = _encode_map_1($major); $map_2 = _encode_map_2($minor); return _encode($string, $map_1, $map_2); } } return FALSE; } function decode_string($string, $major, $minor) { if (is_string($string) && strlen($string) % 4 == 0) { if (_check_major($major) && _check_minor($minor)) { $map_1 = _decode_map_1($minor); $map_2 = _decode_map_2($major); return _decode($string, $map_1, $map_2); } } return FALSE; } ?> This is a sample showing how the code is being used. Hex editors may be of help with the input / output. Example <?php # get and process all of the form data @ $input = htmlspecialchars($_POST["input"]); @ $majorname = htmlspecialchars($_POST["majorname"]); @ $minorname = htmlspecialchars($_POST["minorname"]); @ $majorkey = htmlspecialchars($_POST["majorkey"]); @ $minorkey = htmlspecialchars($_POST["minorkey"]); @ $output = htmlspecialchars($_POST["output"]); # process the submissions by operation # CREATE @ $operation = $_POST["operation"]; if ($operation == "Create") { if (strlen($_POST["majorname"]) == 0) { $majorkey = bin2hex(crypt_major()); } if (strlen($_POST["minorname"]) == 0) { $minorkey = bin2hex(crypt_minor()); } if (strlen($_POST["majorname"]) != 0) { $majorkey = bin2hex(named_major($_POST["majorname"])); } if (strlen($_POST["minorname"]) != 0) { $minorkey = bin2hex(named_minor($_POST["minorname"])); } } # ENCRYPT or DECRYPT function is_hex($char) { if ($char == "0"): return TRUE; elseif ($char == "1"): return TRUE; elseif ($char == "2"): return TRUE; elseif ($char == "3"): return TRUE; elseif ($char == "4"): return TRUE; elseif ($char == "5"): return TRUE; elseif ($char == "6"): return TRUE; elseif ($char == "7"): return TRUE; elseif ($char == "8"): return TRUE; elseif ($char == "9"): return TRUE; elseif ($char == "a"): return TRUE; elseif ($char == "b"): return TRUE; elseif ($char == "c"): return TRUE; elseif ($char == "d"): return TRUE; elseif ($char == "e"): return TRUE; elseif ($char == "f"): return TRUE; else: return FALSE; endif; } function hex2bin($str) { if (strlen($str) % 2 == 0): $string = strtolower($str); else: $string = strtolower("0" . $str); endif; $cache = ""; $temp = str_split($str); for ($index = 0; $index < count($temp) / 2; $index++) { $h1 = $temp[$index * 2]; if (is_hex($h1)) { $h2 = $temp[$index * 2 + 1]; if (is_hex($h2)) { $cache .= chr(hexdec($h1 . $h2)); } else { return FALSE; } } else { return FALSE; } } return $cache; } if ($operation == "Encrypt" || $operation == "Decrypt") { # CHECK FOR ANY ERROR $errors = array(); if (strlen($_POST["input"]) == 0) { $output = ""; } $binmajor = hex2bin($_POST["majorkey"]); if (strlen($_POST["majorkey"]) == 0) { array_push($errors, "There must be a major key."); } elseif ($binmajor == FALSE) { array_push($errors, "The major key must be in hex."); } elseif (_check_major($binmajor) == FALSE) { array_push($errors, "The major key is corrupt."); } $binminor = hex2bin($_POST["minorkey"]); if (strlen($_POST["minorkey"]) == 0) { array_push($errors, "There must be a minor key."); } elseif ($binminor == FALSE) { array_push($errors, "The minor key must be in hex."); } elseif (_check_minor($binminor) == FALSE) { array_push($errors, "The minor key is corrupt."); } if ($_POST["operation"] == "Decrypt") { $bininput = hex2bin(str_replace("\r", "", str_replace("\n", "", $_POST["input"]))); if ($bininput == FALSE) { if (strlen($_POST["input"]) != 0) { array_push($errors, "The input data must be in hex."); } } elseif (strlen($bininput) % 4 != 0) { array_push($errors, "The input data is corrupt."); } } if (count($errors) != 0) { # ERRORS ARE FOUND $output = "ERROR:"; foreach ($errors as $error) { $output .= "\n" . $error; } } elseif (strlen($_POST["input"]) != 0) { # CONTINUE WORKING if ($_POST["operation"] == "Encrypt") { # ENCRYPT $output = substr(chunk_split(bin2hex(encode_string($_POST["input"], $binmajor, $binminor)), 58), 0, -2); } else { # DECRYPT $output = htmlspecialchars(decode_string($bininput, $binmajor, $binminor)); } } } # echo the form with the values filled echo "<P><TEXTAREA class=maintextarea name=input rows=25 cols=25>" . $input . "</TEXTAREA></P>\n"; echo "<P>Major Name:</P>\n"; echo "<P><INPUT id=textbox1 name=majorname value=\"" . $majorname . "\"></P>\n"; echo "<P>Minor Name:</P>\n"; echo "<P><INPUT id=textbox1 name=minorname value=\"" . $minorname . "\"></P>\n"; echo "<DIV style=\"TEXT-ALIGN: center\"><INPUT class=submit type=submit value=Create name=operation>\n"; echo "</DIV>\n"; echo "<P>Major Key:</P>\n"; echo "<P><INPUT id=textbox1 name=majorkey value=\"" . $majorkey . "\"></P>\n"; echo "<P>Minor Key:</P>\n"; echo "<P><INPUT id=textbox1 name=minorkey value=\"" . $minorkey . "\"></P>\n"; echo "<DIV style=\"TEXT-ALIGN: center\"><INPUT class=submit type=submit value=Encrypt name=operation> \n"; echo "<INPUT class=submit type=submit value=Decrypt name=operation> </DIV>\n"; echo "<P>Result:</P>\n"; echo "<P><TEXTAREA class=maintextarea name=output rows=25 readOnly cols=25>" . $output . "</TEXTAREA></P></DIV></FORM>\n"; ?> What should be editted for better memory efficiency or faster execution?

Read the article
What can be improved in this PHP code?

- by Noctis Skytower

This is a custom encryption library. I do not know much about PHP's standard library of functions and was wondering if the following code can be improved in any way. The implementation should yield the same results, the API should remain as it is, but ways to make is more PHP-ish would be greatly appreciated. Code <?php /*************************************** Create random major and minor SPICE key. ***************************************/ function crypt_major() { $all = range("\x00", "\xFF"); shuffle($all); $major_key = implode("", $all); return $major_key; } function crypt_minor() { $sample = array(); do { array_push($sample, 0, 1, 2, 3); } while (count($sample) != 256); shuffle($sample); $list = array(); for ($index = 0; $index < 64; $index++) { $b12 = $sample[$index * 4] << 6; $b34 = $sample[$index * 4 + 1] << 4; $b56 = $sample[$index * 4 + 2] << 2; $b78 = $sample[$index * 4 + 3]; array_push($list, $b12 + $b34 + $b56 + $b78); } $minor_key = implode("", array_map("chr", $list)); return $minor_key; } /*************************************** Create the SPICE key via the given name. ***************************************/ function named_major($name) { srand(crc32($name)); return crypt_major(); } function named_minor($name) { srand(crc32($name)); return crypt_minor(); } /*************************************** Check validity for major and minor keys. ***************************************/ function _check_major($key) { if (is_string($key) && strlen($key) == 256) { foreach (range("\x00", "\xFF") as $char) { if (substr_count($key, $char) == 0) { return FALSE; } } return TRUE; } return FALSE; } function _check_minor($key) { if (is_string($key) && strlen($key) == 64) { $indexs = array(); foreach (array_map("ord", str_split($key)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($indexs, ($byte >> $shift) & 3); } } $dict = array_count_values($indexs); foreach (range(0, 3) as $index) { if ($dict[$index] != 64) { return FALSE; } } return TRUE; } return FALSE; } /*************************************** Create encode maps for encode functions. ***************************************/ function _encode_map_1($major) { return array_map("ord", str_split($major)); } function _encode_map_2($minor) { $map_2 = array(array(), array(), array(), array()); $list = array(); foreach (array_map("ord", str_split($minor)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($list, ($byte >> $shift) & 3); } } for ($byte = 0; $byte < 256; $byte++) { array_push($map_2[$list[$byte]], chr($byte)); } return $map_2; } /*************************************** Create decode maps for decode functions. ***************************************/ function _decode_map_1($minor) { $map_1 = array(); foreach (array_map("ord", str_split($minor)) as $byte) { foreach (range(6, 0, 2) as $shift) { array_push($map_1, ($byte >> $shift) & 3); } } return $map_1; }function _decode_map_2($major) { $map_2 = array(); $temp = array_map("ord", str_split($major)); for ($byte = 0; $byte < 256; $byte++) { $map_2[$temp[$byte]] = chr($byte); } return $map_2; } /*************************************** Encrypt or decrypt the string with maps. ***************************************/ function _encode($string, $map_1, $map_2) { $cache = ""; foreach (str_split($string) as $char) { $byte = $map_1[ord($char)]; foreach (range(6, 0, 2) as $shift) { $cache .= $map_2[($byte >> $shift) & 3][mt_rand(0, 63)]; } } return $cache; } function _decode($string, $map_1, $map_2) { $cache = ""; $temp = str_split($string); for ($iter = 0; $iter < strlen($string) / 4; $iter++) { $b12 = $map_1[ord($temp[$iter * 4])] << 6; $b34 = $map_1[ord($temp[$iter * 4 + 1])] << 4; $b56 = $map_1[ord($temp[$iter * 4 + 2])] << 2; $b78 = $map_1[ord($temp[$iter * 4 + 3])]; $cache .= $map_2[$b12 + $b34 + $b56 + $b78]; } return $cache; } /*************************************** This is the public interface for coding. ***************************************/ function encode_string($string, $major, $minor) { if (is_string($string)) { if (_check_major($major) && _check_minor($minor)) { $map_1 = _encode_map_1($major); $map_2 = _encode_map_2($minor); return _encode($string, $map_1, $map_2); } } return FALSE; } function decode_string($string, $major, $minor) { if (is_string($string) && strlen($string) % 4 == 0) { if (_check_major($major) && _check_minor($minor)) { $map_1 = _decode_map_1($minor); $map_2 = _decode_map_2($major); return _decode($string, $map_1, $map_2); } } return FALSE; } ?> This is a sample showing how the code is being used. Hex editors may be of help with the input / output. Example <?php # get and process all of the form data @ $input = htmlspecialchars($_POST["input"]); @ $majorname = htmlspecialchars($_POST["majorname"]); @ $minorname = htmlspecialchars($_POST["minorname"]); @ $majorkey = htmlspecialchars($_POST["majorkey"]); @ $minorkey = htmlspecialchars($_POST["minorkey"]); @ $output = htmlspecialchars($_POST["output"]); # process the submissions by operation # CREATE @ $operation = $_POST["operation"]; if ($operation == "Create") { if (strlen($_POST["majorname"]) == 0) { $majorkey = bin2hex(crypt_major()); } if (strlen($_POST["minorname"]) == 0) { $minorkey = bin2hex(crypt_minor()); } if (strlen($_POST["majorname"]) != 0) { $majorkey = bin2hex(named_major($_POST["majorname"])); } if (strlen($_POST["minorname"]) != 0) { $minorkey = bin2hex(named_minor($_POST["minorname"])); } } # ENCRYPT or DECRYPT function is_hex($char) { if ($char == "0"): return TRUE; elseif ($char == "1"): return TRUE; elseif ($char == "2"): return TRUE; elseif ($char == "3"): return TRUE; elseif ($char == "4"): return TRUE; elseif ($char == "5"): return TRUE; elseif ($char == "6"): return TRUE; elseif ($char == "7"): return TRUE; elseif ($char == "8"): return TRUE; elseif ($char == "9"): return TRUE; elseif ($char == "a"): return TRUE; elseif ($char == "b"): return TRUE; elseif ($char == "c"): return TRUE; elseif ($char == "d"): return TRUE; elseif ($char == "e"): return TRUE; elseif ($char == "f"): return TRUE; else: return FALSE; endif; } function hex2bin($str) { if (strlen($str) % 2 == 0): $string = strtolower($str); else: $string = strtolower("0" . $str); endif; $cache = ""; $temp = str_split($str); for ($index = 0; $index < count($temp) / 2; $index++) { $h1 = $temp[$index * 2]; if (is_hex($h1)) { $h2 = $temp[$index * 2 + 1]; if (is_hex($h2)) { $cache .= chr(hexdec($h1 . $h2)); } else { return FALSE; } } else { return FALSE; } } return $cache; } if ($operation == "Encrypt" || $operation == "Decrypt") { # CHECK FOR ANY ERROR $errors = array(); if (strlen($_POST["input"]) == 0) { $output = ""; } $binmajor = hex2bin($_POST["majorkey"]); if (strlen($_POST["majorkey"]) == 0) { array_push($errors, "There must be a major key."); } elseif ($binmajor == FALSE) { array_push($errors, "The major key must be in hex."); } elseif (_check_major($binmajor) == FALSE) { array_push($errors, "The major key is corrupt."); } $binminor = hex2bin($_POST["minorkey"]); if (strlen($_POST["minorkey"]) == 0) { array_push($errors, "There must be a minor key."); } elseif ($binminor == FALSE) { array_push($errors, "The minor key must be in hex."); } elseif (_check_minor($binminor) == FALSE) { array_push($errors, "The minor key is corrupt."); } if ($_POST["operation"] == "Decrypt") { $bininput = hex2bin(str_replace("\r", "", str_replace("\n", "", $_POST["input"]))); if ($bininput == FALSE) { if (strlen($_POST["input"]) != 0) { array_push($errors, "The input data must be in hex."); } } elseif (strlen($bininput) % 4 != 0) { array_push($errors, "The input data is corrupt."); } } if (count($errors) != 0) { # ERRORS ARE FOUND $output = "ERROR:"; foreach ($errors as $error) { $output .= "\n" . $error; } } elseif (strlen($_POST["input"]) != 0) { # CONTINUE WORKING if ($_POST["operation"] == "Encrypt") { # ENCRYPT $output = substr(chunk_split(bin2hex(encode_string($_POST["input"], $binmajor, $binminor)), 58), 0, -2); } else { # DECRYPT $output = htmlspecialchars(decode_string($bininput, $binmajor, $binminor)); } } } # echo the form with the values filled echo "<P><TEXTAREA class=maintextarea name=input rows=25 cols=25>" . $input . "</TEXTAREA></P>\n"; echo "<P>Major Name:</P>\n"; echo "<P><INPUT id=textbox1 name=majorname value=\"" . $majorname . "\"></P>\n"; echo "<P>Minor Name:</P>\n"; echo "<P><INPUT id=textbox1 name=minorname value=\"" . $minorname . "\"></P>\n"; echo "<DIV style=\"TEXT-ALIGN: center\"><INPUT class=submit type=submit value=Create name=operation>\n"; echo "</DIV>\n"; echo "<P>Major Key:</P>\n"; echo "<P><INPUT id=textbox1 name=majorkey value=\"" . $majorkey . "\"></P>\n"; echo "<P>Minor Key:</P>\n"; echo "<P><INPUT id=textbox1 name=minorkey value=\"" . $minorkey . "\"></P>\n"; echo "<DIV style=\"TEXT-ALIGN: center\"><INPUT class=submit type=submit value=Encrypt name=operation> \n"; echo "<INPUT class=submit type=submit value=Decrypt name=operation> </DIV>\n"; echo "<P>Result:</P>\n"; echo "<P><TEXTAREA class=maintextarea name=output rows=25 readOnly cols=25>" . $output . "</TEXTAREA></P></DIV></FORM>\n"; ?> What should be editted for better memory efficiency or faster execution?

Read the article

Search Results

Search found 106 results on 5 pages for 'htmlspecialchars'.

Page 1/5 | 1 2 3 4 5 | Next Page >

- by Setzer

- by Cortopasta

- by user198003

- by Imran Omar Bukhsh

- by naescent

- by Lawrence Lau

- by TeknoSeyfo

- by RAGOpoR

- by ZiTAL

- by CaptainQwyx

- by booota

- by booota

- by booota

- by Jared

- by Leron

- by ThatMacLad

- by cj333

- by thecoshman

- by ilnur777

- by user198729

- by Jared

- by Noctis Skytower

- by Noctis Skytower

- by Noctis Skytower

- by Noctis Skytower

1 2 3 4 5 | Next Page >