Pentru a loga in aplicatia wiki fara a intra in pagina de login, din alta aplicatia trebuie setat cookie cu username si parola care exista in wiki, si path URL catre wiki.

ex:
$expire = time() + 30*24*60*60;
$credentials = serialize(array(“test”,”test”));
setcookie(“gloobal_user”, $credentials, $expire, “/wiki/”);

in pagina \inc\auth.php
functia auth_login

dupa instructiunea list($user,$sticky,$pass) = auth_getCookie();
citim din cookie username si parola utilizatorului care exista deja in wiki

$credentials = unserialize(str_replace(“\\”,”",$_COOKIE["gloobal_user"]));
$user = $credentials[0];
$pass = PMA_blowfish_encrypt($credentials[1],auth_cookiesalt());

Data security is important and often undervalued by designers, developers, and clients alike. Since PHP 5.2.0, data sanitization and validation has been made significantly easier with the introduction of data filtering. Today, we’re going to take a closer look at these filters, how to use them, and build a few custom functions.

Source : here

In this article I will explain how to create a PHP Class that will encrypt and decrypt any data with a given password. It is object programmed and uses existing PHP algorithms.

Excerpt :

Think about what we might need a class like this for? We want to encrypt important data with a password for security reasons. We also want, as already mentioned, to be able to decrypt that data when necessary. Why should you use symmetric algorithms? It’s easy; when you’re offering a password sent via email or something like that, you need the password to be sent in plaintext. The hash algorithms are not reversible. Once you have hashed a string you can’t decipher the original text from the hash.

Source : here

One crucial part of PHP development practice is always keeping in mind that security is not something you can simply buy off the shelf at your local convenient store. Ensuring the security of your web applications is a process, which over time, needs to be constantly evaluated, monitored, and hardened.

Source : here

HTML Regex Data Extractor

This extension is useful for those who want to test the regular expression on the live HTML content.
They can also use their custom content.

Usage :
- Press Alt-R to test with your custom content
- Press Ctrl-U or right-click and choose “View Page Source” to test with HTML source of current page
- When you are viewing the source code, to show/hide the Regular Expression Bar, on Toolbar, choose View -> RegexHTML

Source : here

How does it work?

Rather than creating a SWFUpload instance and assigning handlers directly, it associates the SWFUpload instance with an element in the DOM, and all events handlers are bound to that DOM element.

Live Examples

Here are some live examples you can pull apart. Although the UI is not pretty, it demonstrates how you listen to events, and from there you can create whatever UI you want.

• Single Uploader
• Multiple Uploaders

Download source here

The line-layering technique uses no images and no javascript, only display: block bold tags layered on top of each other. We simply create lines with decreasing side margins, stick them on top of each other and we have a well-emulated round corner.

.b1f, .b2f, .b3f, .b4f{font-size:1px; overflow:hidden; display:block;}
.b1f {height:1px; background:#ddd; margin:0 5px;}
.b2f {height:1px; background:#ddd; margin:0 3px;}
.b3f {height:1px; background:#ddd; margin:0 2px;}
.b4f {height:2px; background:#ddd; margin:0 1px;}
.contentf {background: #ddd;}
.contentf div {margin-left: 5px;}

<b class="b1f"></b><b class="b2f"></b><b class="b3f"></b><b class="b4f"></b>
    <div class="contentf">

        <div>Round FILL!!</div>
    </div>
<b class="b4f"></b><b class="b3f"></b><b class="b2f"></b><b class="b1f"></b>

Din cauza framework-ului wordpress se injecteaza tag-urile HTML in editor, de acea nu pot sa afisez corect exemple, le puteti vedea [ aici ]

La un moment dat am avut nevoie de a accesa un serviciu ssl din php folosind cURL. NU intentionam sa folosesc cURL, dar asta folosea PEAR : SOAP. Dupa mai mutle incercari, gaseam eroarea de ssl, de certificat invalid.

Rezolvarea e una simpla : Dezactivam din cURL verificarea PEER (CURLOPT_SSL_VERIFYPEER), insa nu e elegant.
Metoda eleganta presupune insa, salvarea certificatului si trimiterea lui in requestul cURL.

Trimiterea se face astfel :

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, 'fisierul in care se tine certificatul salvat in format PEM');


Fisierul trebuie sa fie salvat in format X.509 Certificate (PEM). Asta se paote face din browser, la view certificate/export.

Ce facem insa cand aplicatia ruleaza si se depaseste expire date ?
Folosind functiile php stream, putem accesa certificatul. Cu ajutorul extensiei openssl il putem salva.


$url = 'url'; //url-ul care necesita certificatul ,fara protocol.
$context = stream_context_create();
$res = stream_context_set_option($context, 'ssl', 'capture_peer_cert', true);
$res = stream_context_set_option($context, 'ssl', 'verify_host', true);
if ($socket = stream_socket_client("tls://$url:443/", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context))
{
    if ($options = stream_context_get_options($context))
    {
      if ( isset ($options['ssl']) && isset ($options['ssl']['peer_certificate']))
      {
        $keyinfo = openssl_x509_export_to_file($options['ssl']['peer_certificate'], 'file to save to');
      }
    }
}


Data de expirare a certificatului curent se poate lua astfel :

$keyinfo = openssl_x509_parse(file_get_contents($filename));
var_dump($keyinfo['validTo']);

Data este in format YYMMDDHHMMSS.

Spor la conectare SSL.

Va propun o metoda de a pune un watermark pe o imagine in PHP. In principiu functia primeste ca parametrii imaginea sursa (locatie), locatia destinatie, watermarkul (locatie imagine), si calitatea jpeg.

Va returna Boolean, iar in cazul TRUE va salva un jpeg cu watermark din imaginea initiala. Functia se foloseste de libraria GD inclusa in php si accepta orice fel de tip de imagine pe care o poate recunoaste aceasta.

Watermarkul este pus in coltul din dreapta jos, dar asta se paote modifica dupa bunul plac.

function set_watermark($source, $dest, $watermark, $quality = 80)
{
  if (func_num_args() < 3)
  {
    $set_watermark_error = "Insufficient parameters supplied!";
  }
  else
  {
    if (file_exists($source))
    {
      if ($src = imagecreatefromstring(file_get_contents($source)))
      {
        $info = getimagesize($source);
        imageantialias($src, true);
        if ($wm = imagecreatefromstring(file_get_contents($watermark)))
        {
          $wm_info = getimagesize($watermark);
          imagealphablending($src, true);
          imagecopy($src, $wm, $info[0]-$wm_info[0]-5, $info[1]-$wm_info[1]-5, 0, 0, $wm_info[0], $wm_info[1]);
          if (imagejpeg($src, $dest, $quality))
          {
            if (file_exists($dest))
            {
              chmod($dest, 0777);
              return true;
            }
            else
            {
              $set_watermark_error = 'Unable tosaveimage! ';
            }
          }
          else
          {
            $set_watermark_error = 'Unable tosaveimage! ';
          }
        }
      }
      else
      {
        $set_watermark_error = 'Unrecognized imageformat! ';
      }
    }
    else
    {
      $set_watermark_error = 'Source filedoesnotexist! ';
    }
  }
  return false;
}