Octarine

Solved in full and PM'd

An interesting gotcha that has to the best of my knowledge caught out at least two MWG regulars today... Source [octarine@jas ~/tmp]$ cat test.php <?php $translate = array ( 'a' => 'a', 'b' => 'f', 'c' => 'k', 'd' => 'o', 'e' => 's', 'f' => 'w', 'g' => 'b', 'h' => 'g', 'i' => 'l', 'j' => 'p', 'k' => 't', 'l' => 'x', 'm' => 'c', 'n' => 'h', 'o' => 'm', 'p' => 'q', 'q' => 'u', 'r' => 'y', 's' => 'd', 't' => 'i', 'u' => 'n', 'v' => 'r', 'w' => 'v', 'x' => 'z', 'y' => 'e', 'z' => 'i', ); // split into two parts and cache $search = array_keys($translate); $replace = array_values($translate); $plain_text = 'hello world'; $crypt_text = str_replace($search, $replace, $plain_text); $final_text = str_replace($replace, $search, $crypt_text); echo "plain text : $plain_text \n"; echo "crypt text : $crypt_text \n"; echo "final text : $final_text \n"; Usage [octarine@jas ~/tmp]$ php -f test.php plain text : hello world crypt text : gdiim vmeim final text : ustto woyto Huh? The code looks okay, until you actually read the docs (RTFM for all you luddites) - which clearly states Which shows that it pays to read the manual in detail for each and every function you encounter. Using a for loop however would work, although in reality there is nothing to beat strtr() simply as it is written in C and thus operates at full machine speed. strtr() itself could be optimized a little, but the gain in speed is negligible and not worth considering.

Only insecure in-as-much as the resulting crypt text is prone to very basic frequency analysis. There is one unusual problem that does arise if the input is a multi-byte/binary string that is used to produce crypt text that is either stored without suitable escaping in a database or displayed again without correct escaping onto a web-page. Carefully selected inputs can therefore result in SQLi or XSS attack vectors, however as you all correctly escape everything this problem will of course never arise. For storing passwords, this type of substitution is *not* recommended even on localhost setups. It is simply a character substitution function which does have its uses. Saying that, a quick look at my own rather code, I can't find anywhere I've used it so perhaps it's not that common a function. As for what language it can be done in - all current commercial languages to my knowledge. There are a few like whitespace where it would seem unlikely though I will stand corrected if somebody cares to waste their time.

Source: [octarine@jas ~/tmp]$ cat test.php <?php $alphabet = 'abcdefghijklmnopqrstuvwxyz'; $key = 'vwxyzutsrqponmlkjihgfabcde'; $plain_text = 'hello world'; /** * Encode a string by simple letter substitution **/ $cipher_text = strtr($plain_text, $alphabet, $key); /** * Decode a string by simple letter substitution **/ $final_text = strtr($cipher_text, $key, $alphabet); echo "plain_text : $plain_text\n"; echo "cipher_text : $cipher_text\n"; echo "final_text : $final_text\n";   Usage: [octarine@jas ~/tmp]$ php -f test.php plain_text : hello world cipher_text : szool blioy final_text : hello world   strtr() is the key to making extremely simple (but ultimately highly insecure) substitutions like this.

lmao That's 1 all I believe? ;)

He [sRB] was never that good anyway ;)

And exactly what are these so called non-commercial activities?   Oh sorry, we retain intellectual property but have to ask you for the privilege to delete? You jest of course.   So you'll be providing us with a search engine that actually works then? Come on, you expect us to follow ""your"" rules, yet provide no facilities? Sheesh.   Unless you are a mod/op in which case it's fair game... Good one   I guess Alain's half-baked attempt at an ""engine"" is allowed, by this, odd that since its splattered all over the front end of the forums... Doesn't seem all-together fair to me.   So do something about it...   ie. staff can do what they want, when they want, no holds barred.   ... And if you have a problem with staff, tough.   What makes you think you are even remotely qualified to adjudicate products? Looking at existing products, you really fail rather badly on this. I speak from experience here, I've had my account deleted, yet I've provided more public facing mods than anyone I'm aware of, I've found and patched more bugs in any number of engines include the venerable mccodes toy, and I've produced more viable code than the collective nuggets here can hope to produce in a month of Sundays, yet I'm questioned at every turn as to my motives, skills, and comments. I'm sorry Nickson, but these rules have as usual not been properly thought out. Yes, I know your heart in the right place, god knows I've probably instigated a few of them, but for heavens sake think about what you are doing. If I post something, *I* should have the ability to delete/revoke it If I want to find things here, for heavens sake, employ a search engine that is actually usable rather than the sh*te that is currently in place Off topic... Don't go there, since you yourself are guilty ;) Promoting... Advertising... adblock plus aside :D, just look around will you. Either say its allowed or its not. Don't make rules for us or them... Yes, I'm looking at you Alain; the "I want to help the community .. yet charge for it"; sheesh, sorry, 6K sloc is an afterthought; get over it. User sigs - dam right I'm with you there. 10/10 to the man in the corner. Of course... I think we (I use the term loosely, however I'm sure you understand me at this stage) tried this before - it failed - it will continue to fail. Enforce it or use GreaseMonkey. Staff rights... over my content.... Sorry. Perhaps you have me confused with a 13y/o spotty nosed teenager. Personally I see no point in posting ""content"" here, since a the staff/mods are incapable of dealing with situations as they arise and b) the users are .. shall we say, a little lacking. Okay the latter I fully admit to being part of the problem, however I've manage to get more than one person from here onto a completely different level of programming, but that is perhaps ""off-topic"". Issues with staff - sure, but whats the point? Dabs/CB don't appear to be around that much unfortunately, the remainder are either interested only in promoting their own *ahem* engine or doing bugger all. I removed a lot of my own posts from here a while back due to the ineptitude of the users and staff at the time and really, if I am to document the ins and outs of a particular algorithm / infrastructure - then with the current rules, sorry, I'll have to link to it since there is no way I'm prepared to do it here. Certain users notwithstanding, there really is no point outside of serving to promote MGW and (presumably) its adverseness. As for providing a fully featured product; honestly, what part of that is even remotely realistic? I've personally had the privilege of working with some of the big-guns in the industry, and really, as a forum you don't come anywhere near close. That's not to say that I'm an arrogant soab (probably breaking various rules), I've learned a lot from my peers of late; yes, that's people from these very forums. I'm still constantly amazed and delighted at some of the ideas they manage to come up with and it's what makes this place and interesting environment for me. Fell free to reply in public; private messages will be ignored.   E&OA

And this surprises you ... how? :D I don't remember your account actually being destroyed however .. unlike mine

Apparently, it's now against certain members' policy to point out: a) Critical errors that may affect people's projects. b) Obvious syntax errors. (even if they be forum generated) Well thanks due to H4x0r666's stance on this, though also in part due to the collective lack of tolerance shown for anybody with a higher than the average ""McCodes"" knowledge (something that really should have been put out of its misery several years ago), I see no further benefit in wasting further time here. Key topics and posts have been moved elsewhere, the remainder deleted. Those who know how to get in touch with me can via the usual channels, anybody wishing to retain me as a guest writer, consultant, programmer, or similar, will simply have to look elsewhere. Existing contracts will be completed as discussed with the relevant parties; however no further discussion will be entered into via these forums. (Private messaging has been disabled, and my email address points to a spam-only account). Those wishing a copy of the final "Can you spot the Bugs?" series of articles may find them in a book due to be published sometime later this year.

Bugger it... Somebody get me a and a

Back on: There are certainly multiple ways of doing this; a little time spent researching front-end controllers will easily yield profitable results; a few sites sadly do suggest the use of the switch() statement, something that McCodes (Redux) incorporated imo mistakenly, a sanitized controller name and file_exists() is often all that is needed. I'm pretty sure I've even seen a half decent example here, from a while back; if not my mistake. Easy enough to rustle one up though. Assuming the ability to access and write a .htaccess file, the mod_rewrite extension will give you the ability to direct every request through to a single dispatcher; (Caveat) Static/Media files really should be served by something like nginx or similar high speed front-end; you don't want every little request for css, ico, gif, png, jpg, js etc going through there!

Mmmm, topic....   [ATTACH=CONFIG]256[/ATTACH]

Topic Moved

Topic Moved

Topic Moved

Topic Moved

Topic Moved

Topic moved

Topic Moved

Post Moved

[ATTACH=CONFIG]240[/ATTACH] -------------------------

Finally, somebody plucks up the courage to state the bleeding obvious.

Topic Moved