typefreak

[PHP] On Log Referer, Excluding...

2007-12-14T19:12:37-08:00

Keep in mind that the 'http_referer' can't be fully trusted, as it is send by the client.
If you follow the above suggestion (about the db), make sure you escape the information properly.

[PHP] On Thumbnail generator

2007-11-02T09:47:23-07:00

It is called a ternary operator: (scroll down to the 'ternary operator' heading.)
http://nl2.php.net/operators.comparison

In short:
if the part before the ? is true, then the part between ? and : is executed. otherwise, the part after : is executed.

The line you copied is functional equivilant to:

if ( isset($_REQUEST['width']) ) {
    $maxwidth = $_REQUEST['width'];
}
else {
    $maxwidth = 160;
}

[PHP] On Thumbnail generator

2007-11-01T12:17:17-07:00

Personally, I would rather use $_POST or $_GET then $_REQUEST

Either way, you're not even trying to prevent notices. Bad idea. Especially if you're trying to send headers after that.

The statement ($getimg[2] < 1 && $getimg[2] > 3) alway returns false, as a number can't be smaller then 1, and bigger then 3 at the same time.

The use of the while-loop doensn't make any sense to me.

Function names are supposed to be case-sensitive, better use lowercase where appropriate.

$imgA and $imgB aren't really describing names. Rather use $smallimg and $bigimg instead.

<?
// requiered argument
if ( empty($_REQUEST["pic"]) ) {
    die('You haven\'t specified a picture');
}
$pic = $_REQUEST["pic"];

// optional parameters
$maxwidth = (isset($_REQUEST['width']) ? $_REQUEST['width'] : 160);
$maxheight = (isset($_REQUEST['height']) ? $_REQUEST['height'] : 120);

$getimg = getimagesize($pic);
// 0. width
// 1. height
// 2. Type: 1=GIF, 2=JPEG, 3=PNG
// 3. size html tags (e.g. 'width="111" height="24"')

// preventing from accessing non gfx files.
if ( $getimg[2] < 1 || $getimg[2] > 3 || $getimg[2] == "" ) {
    die("No valid gfx-source.");
}

$oldwidth = $getimg[0];
$oldheight = $getimg[1];

// If original is smaller then or equal to new image
if ( $oldwidth <= $maxwidth && $oldheight <= $maxheight ) {
    switch ($getimg[2]) {
        case 1:
            // Gif image
            $img = imagecreatefromgif($pic);
            header("Content-Type: image/gif");
            imagegif($img);
            break;
        case 2:
            // Jpeg image
            $img = imagecreatefromjpeg($pic);
            header("Content-Type: image/jpeg");
            imagejpeg($img);
            break;
        case 3:
            // Png image
            $img = imagecreatefrompng($pic);
            header("Content-Type: image/png");
            imagepng($img);
            break;
    }
}
else {
    // Image should be rezised
    $widthdif = $oldwidth / $maxwidth;
    $heightdif = $oldheight / $maxheight;
    $maxdif = max($widthdif, $heightdif);
    $newwidth = floor($oldwidth / $maxdif);
    $newheight = floor($oldheight / $maxdif);

    $smallimg = imagecreatetruecolor($newwidth,$newheight);    //alte gdlib --> imagecreate()
    switch ($getimg[2]) {
        case 1:
            // Gif image
            $bigimg = imagecreatefromgif($pic);    
            imagecopyresized($smallimg, $bigimg, 0,0, 0,0, $newwidth, $newheight, $oldwidth, $oldheight);        
            header("Content-Type: image/gif");
            imagegif($smallimg);
            break;
        case 2:
            // Jpeg image
            $bigimg = imagecreatefromjpeg($pic);
            imagecopyresized($smallimg, $bigimg, 0,0, 0,0, $newwidth, $newheight, $oldwidth, $oldheight);
            header("Content-Type: image/jpeg");
            imagejpeg($smallimg);
            break;
        case 3:
            // Png image
            $imgB = imagecreatefrompng($pic);
            imagecopyresized($smallimg, $bigimg, 0,0, 0,0, $newwidth, $newheight, $oldwidth, $oldheight);
            header("Content-Type: image/png");
            imagepng($smallimg);
            break;
    }
}
?>

[PHP] On Robots Reader

2007-10-28T16:12:04-07:00

I'm not currently refactoring, but I have a few comments:

1: You don't check for user agent * (Only for $my_user_agent)
2: You don't check for allow lines (sometimes a exception for disallowed pages is given in 'allow: ' lines)
3: At the end of the main function, you're using $forbidden a bit strange: (You want a boolean answer, so use true/false. And in this case, as the function is robots_allowed(), I would rather call the variable $allowed instead of $forbidden.)
4: Why is this line?
$disallow_line=str_replace("/", "" ,$disallow_line);
What if a site has
Disallow: /info/secret in its list?
Currently, you'r checking if the requested url contains infosecret, instead of info/secret
5: (related to 4), When checking url's, It isn't wise to use '/' as the delimiter, as the url itself can contain these caracters. Better use # instead.
6: In Read_Content(), if fopen fails, you'll probably get a notice at the return, because $contents isn't set. (Please, don't suppress, but solve)

[PHP] On image upload script

2007-10-26T13:40:23-07:00

A bit of rewriting:

Comment behinde lines is telling what i've changed

Why are you using the database? Is there anything else using it? Just storing the name is useless, you can also use 'file_exists' or simmilar functions.

<?php
// check to see if image has been uploaded

if (empty($_FILES['image']) OR $_FILES['image']['error'] != UPLOAD_ERR_OK) {
        die ('<strong>Invalid image uploaded.  Please go back and try again.</strong>');
}    else {
    $uploaded_image = $_FILES['image']['tmp_name'];
    $uploaded_image_name = $_FILES['image']['name']; // Added name var
}    


//function to view any type of image
function open_image ($file, $name) { // Request another paramater, containing original filename
        // Get extension
        $extension = strtolower(strrchr($name, '.')); // 2 lines to 1, using the new parameter

        switch($extension) {
                case '.jpg':
                case '.jpeg': // .jpg and .jpeg can be treated the same
                        $im = @imagecreatefromjpeg($file);
                        $image_type = ".jpeg";
                        break;
                case '.gif':
                        $im = @imagecreatefromgif($file);
                        $image_type = ".gif";
                        break;                        
                case '.png':
                        $im = @imagecreatefrompng($file); // Create from png instead of gif (whe have png, don't we?)
                        $image_type = ".png";
                        break;
                default:
                        $im = false;
                        break;
        }
        return $im;
    }
        
        

        
        
// Load image
$image = open_image($uploaded_image, $uploaded_image_name); // Also pass second parameter
if ($image === false) { die ('that file type is not allowed'); } // die if theres no image


// get original image width and height
$width = imagesx($image);
$height = imagesy($image);

// resized image width
$resize_width = 1020;
$resize_height = intval($height * ($resize_width/$width)); // Make sure $resize_height is an int

// thumbnail image width
$thumb_width = 150;
$thumb_height = intval($height * ($thumb_width/$width)); // Make sure $thumb_height is an int

// Resample resized image
$image_resized = imagecreatetruecolor($resize_width, $resize_height);
imagecopyresampled($image_resized, $image, 0, 0, 0, 0, $resize_width, $resize_height, $width, $height);

// Resample thumbnail image
$image_resized = imagecreatetruecolor($thumbnail_width, $thumbnail_height);
imagecopyresampled($image_thumbnail, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);

///////////////////////////////// check image name and rename it ///////////////////////////////
$db_safe_name = mysql_real_escape_string($uploaded_image_name); // Better safe then sorry
  $result_check = mysql_query("SELECT photo_file_name FROM album WHERE photo_file_name='{$db_safe_name}'") or die(mysql_error()); // You sure you want to show that error?

$number = mysql_num_rows($result_check); // Why use a while if you can see if there are results directly?
if ( $number > 0 ) { // Perhaps checking again after renaming, the new name might already by in use.
    $ext = explode($uploaded_image_name);
    $ext = array_pop($ext);
    $uploaded_image_name = str_replace("." . $ext, "", $uploaded_image_name);
    $uploaded_image_name = $uploaded_image_name . "1.". $ext;
}
  
  
/////////////////////////////////////// insert to directory ///////////////////////////////

  $filedir = '/upload/user_album/'; // the directory for the original image
  $thumbdir = '/upload/user_album/thumb/'; // the directory for the thumbnail image
  $prod_img = $filedir.$uploaded_image_name;
  $prod_img_thumb = $thumbdir.$uploaded_image_name;
         



    if( !empty($HTTP_POST_FILES['song_image']['tmp_name']) )
        {
        $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';

        if ( @$ini_val('open_basedir') != '' )
        {
            if ( @phpversion() < '4.0.3' )
            {
            message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file<br /><br />Please contact your server admin', '', __LINE__, __FILE__);
            }

            $move_file = 'move_uploaded_file';
        }
        else
        {
            $move_file = 'copy';
        }
}

        
        // moved resized image into directory
        $move_file($uploaded_image, $prod_img);
        @chmod($prod_img, 0777);
        
        // moved thumb image into directory
        $move_file($uploaded_image, $prod_img_thumb);
        @chmod($prod_img_thumb, 0777);
        
        }
        
/////////////////////////////////////// insert to database///////////////////////////////
        $db_safe_name = mysql_real_escape_string($uploaded_image_name);
        mysql_query("INSERT INTO album ('photo_file_name') VALUES('$db_safe_name') ") or die(mysql_error());

[PHP] On image upload script

2007-10-26T13:21:59-07:00

The wrong filetype is easy to understand: You're using $_FILES['image']['tmp_name'] to check the extension, while you should use $_FILES['image']['name'] For that purpose.
http://nl2.php.net/manual/nl/features.file-upload.php

[PHP] On making user html input secure

2007-10-14T10:00:35-07:00

Overdoing it.
After the lines of code I posted (including the $_POST = secure_input($_POST); line), all $_POST['xxx'] are secured. You don't need to call the function for each var again.

[PHP] On making user html input secure

2007-10-13T15:42:01-07:00

I don't know why you're using the str_replace function, but if you need it, put in on the line containing
return htmlspecialchars(trim($v));

Using this method, you can also automatically handle/secure any submitted array, regardless of its dimensions.

function secure_input($v) {
    if ( is_array($v) ) {
        return array_map('secure_input', $v);
    }
    else {
        return htmlspecialchars(trim($v));
    }
}
$_POST = secure_input($_POST);

[PHP] On makeSafe Content Filter

2007-10-03T03:47:26-07:00

if ($escape==true) equals if ($escape)

What if the input uses "\n" instead of "\r\n" ? (won't be replaced)

Also, if you use htmlentities, < and > are translated to < and >, so strip-tags won't be of any use. (As far As I know)

<?php
function makeSafe($variable, $escape=true) {
  if (get_magic_quotes_gpc()) { 
    $variable = stripslashes($variable); 
  }

  $variable = htmlentities($variable, ENT_QUOTES);
  $variable = str_replace("\r\n", "", $variable);

  if ($escape) {
    $variable = mysql_escape_string(trim($variable));
  }
  return $variable;
}
?>

[JavaScript] On Beautify JS Date to how recently the event occured.

2007-10-01T13:56:14-07:00

/***
* Beautify date to how recent the event occurred compared to now.
* Some examples:  1 second, 4 hours, 10 days, 1 year.
*	Example:
*   var oneFiftyMin = new Date(new Date().getTime() - 60000 * 150);
*   alert(oneFiftyMin.when()); // will display "2 hours"
*
*  Handy for things like "Item posted " + someDate.when() + " ago."
*/
Date.prototype.when = function() {

	var diff = new Date().getTime() - this.getTime();
	var when; // our return value

	//TODO:  what if the time is in the future? 
	//if (diff < 0) throw new Error ("Date is in future, check timezone?";

	//one or more of these will be non-zero, but we only care about the biggest one (in scale of time)
  if (diff > (2592000000 * 12) ) {
    when = Math.floor(diff/(2592000000 * 12)) + " Year";
  }
  else if (diff > 2592000000) {
    when = Math.floor(diff/2592000000) + " Month";
  }
  else if (diff > 86400000) {
    when = Math.floor(diff/86400000) + " Day";
  }
  else if (diff > 3600000) {
    when = Math.floor(diff/3600000) + " Hour";
  }
  else if (diff > 60000) {
    when = Math.floor(diff/60000) + " Minute";
  }
  else if (diff > 1000) {
    when = Math.floor(diff/1000) + " Second";
  }

  //add plural if necessary
  return (0 == when.indexOf("1 ")) ? when : when + "s";
}

[Java] On Get a random number within a given interval

2007-10-01T05:35:36-07:00

Why do you return a 'long', if the range is only specified by ints? The result always fits in an integer.
This is more or less the standard method for generating a random number. The only (usefull) change I can think of is:

public static int randomNumber(int min, int max) {
	return min + (int)(Math.random() * (max - min));
}

[Ruby] On compound interest

2007-09-30T14:05:36-07:00

Why don't you use a loop?
(Untested)

cap_growth = 5
v += (@property.current_value / 100 * cap_growth)

for i in (0..7)
  puts v
  v +=  v / 100 * cap_growth
end