wooo!
making notes on de la php
we can aslways cat to see derricks code in examples...
arrays and functions maybe?
$arr = array(ham,cheese,sauce,bread);
$c =count($arr);//wont return range of indexes
for($i=0;$i<$c; i++)
echo $arr[$i]."
\n"; //possible to have holes, watch out//
$arr = array ('0'=>1, '1'=>2, '2'=>3);
//growing the array//array_push($holes,123);
//might return boolean values goes to end
$holes[] = "new val";//addto an array
////////////////////////////////////////////
2/12/18
validate forms in php
super global $_POST['fname'] unsanitaized'
if(isset($_POST) && !empty($_POST));
echo "recived a post
//has the user atemped to fill out the form get is visting, post is reciveing data
diffent kinds of validation, eamnil, username? certian ammount of sepcial chars in passwrd?
match to see if name = all chars
if can add
in a name field browser followed instructions
BUT!: can add code alert docu.cooky)
steling stuff alert xxs ;
how to sanitize data
validate requierments
form completely filled out
sanatize user data, create temp to store user input
$fname = $_POST['fname];
$fname = trim($fname); trim the space
$fname = strip_tags($fname);
$fname = htmlspecialchars($fname); // turns special signs into html coding verison
$fname = $db->mysql_real_escape($fname);
THEN PROCESS
echo "Thank you $fname";
make a function to do all the sanitization
3/5/18
OOP
in php? wow!
ask questions afterclass you damn dingle!
programing with respect to an object
nested variables and such...
class definitions
class Person {
//contructer
deconstructor
accessor
mutator
only one per class
privat $name;
private $age;
public function __contruct(){//assign default values
//instantitate a new object
echo" Im in the person constructor";
}
public function __destruct(){ // destroy the obj
}
:w
:q
public function __get($membervar){
return($this.->$membervar);
}
//always the arrow, never the dot
}
3/12/18
security vulnerability
form enctype='multipart/form-data" action =' ' method='post'>
input type = file name = ufile
input type = sumbit" value = upload
through the wire there is a stream
the server is making a connectio between you and the server
php.ini
check to see if file was downloaded completely
see if file size is too big, put a limit
takes up your space
check for file extentions
.jpeg, .txt etc..
methodologys
file upload
if download php could be malisioucs,
10240 10kb{
//error, too big, throw exception,exit,redirect
dont say why failed
}
such a thing as double extentions.. file.php.jpg
command
move_uploaded_file 1st param file to be uploaded, 2nd param is destination
once file is uploaded
use php to echo an image tage
access file via get request
file will be exectued as owner, the owner
as entity you are hacking
what ever you upload it will belong to the server
email
mail($to//where its going, $subject// ,$content//body of message, [aditional headers $addParamas
contact form -> name email text message
$to = 'contactus@website.come//owner
$subj = "contact us .Date().name
$headers = from cc bcc
if (!mail ($to
error
else
EMIAL INJECTION HEADER ARWE THE RISK!
disallow
sensetive data stored in cookies
setcookie hye, i did this...
crossside request forgery