Computer Science Canada Using php to generate an image |
Author: | ProgrammingFun [ Tue Feb 22, 2011 8:04 pm ] |
Post subject: | Using php to generate an image |
Hi, I have to create a voting system for my school for which I need to output an image version of the table shown at http://test.victoriaparkci.com/poll2/ Is there any way that PHP can do such a thing? If so, how? Online tutorials were of no help for a noob like me Thanks for the help. |
Author: | Sur_real [ Tue Feb 22, 2011 9:17 pm ] |
Post subject: | Re: Using php to generate an image |
Don't worry, I don't think there is such a thing. Although you can do some research on imagegrabscreen or imagegrabwindow. Personally, I never bothered with them so dunno if they work. I would just recommend doing it the old fashion way and create the image using PHP on-the-fly. |
Author: | Tony [ Tue Feb 22, 2011 10:00 pm ] |
Post subject: | Re: Using php to generate an image |
Sur_real @ Tue Feb 22, 2011 9:17 pm wrote: Don't worry, I don't think there is such a thing.
Sorry, here it is ImageMagick -- with bindings for just about everything, including PHP; http://www.imagemagick.org/script/api.php?ImageMagick=ea73rvnl8squ11fae2soiqitb2#php |
Author: | Sur_real [ Tue Feb 22, 2011 10:20 pm ] |
Post subject: | Re: Using php to generate an image |
O gawd how embarrassing never heard of imagick but it does seem more comprehensive than GD (if they're even comparable). I wonder why I never found this before or was ever taught it... |
Author: | ProgrammingFun [ Wed Feb 23, 2011 8:19 pm ] | ||
Post subject: | Re: Using php to generate an image | ||
Thanks...on a related note, I want the following script to run before the page is redirected buy I keep getting an error:
ERROR wrote: Warning: Cannot modify header information - headers already sent by (output started at /hsphere/local/home/victoria/test.victoriaparkci.com/poll2/process.php:10) in /hsphere/local/home/victoria/test.victoriaparkci.com/poll2/process.php on line 39 What am I doing wrong? I can't find any echos before the code so I do not think that that is the problem. |
Author: | Tony [ Wed Feb 23, 2011 9:06 pm ] | ||
Post subject: | RE:Using php to generate an image | ||
Quote: output started at ... [line]:10
whitespace is sending some response. |
Author: | ProgrammingFun [ Wed Feb 23, 2011 9:11 pm ] | ||
Post subject: | RE:Using php to generate an image | ||
Thanks! I now get the following error: ERROR wrote: Parse error: syntax error, unexpected $end in /hsphere/local/home/victoria/test.victoriaparkci.com/poll4/process.php on line 44
|
Author: | Tony [ Wed Feb 23, 2011 9:35 pm ] |
Post subject: | RE:Using php to generate an image |
You should probably start Quote: on line 44 and work backwards from there. |
Author: | Sur_real [ Wed Feb 23, 2011 9:50 pm ] |
Post subject: | RE:Using php to generate an image |
I hope those parameters of mysql_connect are not what I think they are... |
Author: | Tony [ Wed Feb 23, 2011 10:00 pm ] |
Post subject: | RE:Using php to generate an image |
Who cares about SQL injection vulnerabilities when the DB credentials are posted in plaintext |
Author: | ProgrammingFun [ Wed Feb 23, 2011 10:09 pm ] |
Post subject: | Re: RE:Using php to generate an image |
Tony @ Wed Feb 23, 2011 9:35 pm wrote: You should probably start
Quote: on line 44 and work backwards from there.I still don't understand...I am very new to PHP and this is my very fist time using it... Tony @ Wed Feb 23, 2011 10:00 pm wrote: Who cares about SQL injection vulnerabilities when the DB credentials are posted in plaintext
Is that a very big problem? Can all databases on the server be hacked thru that? Is there any way to make it more secure? |
Author: | Dan [ Wed Feb 23, 2011 10:20 pm ] | ||||||
Post subject: | Re: RE:Using php to generate an image | ||||||
Quote: Is that a very big problem? Can all databases on the server be hacked thru that? Is there any way to make it more secure? Thats a very big problem. For exmaple i was able to login and view your database:
I (or any one else who viewed this page) could delete everything in their, including the hole table or database. You need to change your password ASAP. Also consider limiting access to localhost (or where ever your site is hosted). Secondly their is a sql injection vunerablity in this line:
and possiblly
For more info on sql injections see http://en.wikipedia.org/wiki/SQL_injection |
Author: | Tony [ Wed Feb 23, 2011 10:30 pm ] |
Post subject: | Re: RE:Using php to generate an image |
Dan @ Wed Feb 23, 2011 10:20 pm wrote: Also consider limiting access to localhost
It appears the the database and php are running on different servers. |
Author: | Dan [ Wed Feb 23, 2011 11:53 pm ] |
Post subject: | Re: RE:Using php to generate an image |
Tony @ 23rd February 2011, 10:30 pm wrote: Dan @ Wed Feb 23, 2011 10:20 pm wrote: Also consider limiting access to localhost
It appears the the database and php are running on different servers. Quote: (or where ever your site is hosted). mySQL should let you limit access to a set of hosts by ip or hostname. |
Author: | ProgrammingFun [ Thu Feb 24, 2011 6:43 am ] |
Post subject: | RE:Using php to generate an image |
EDIT: NVM, I fixed everything to some extent. Thanks for the help! Thanks for telling me that! Can someone please edit my earlier posts to remove the sensitive information? I still don't understand how I can fix the problem with line 44, if I remove that block, it says error on line 41. What am I doing wrong? And how can I fix the SQL injection problem? Sorry for all the noob questions. |
Author: | Sur_real [ Thu Feb 24, 2011 9:25 am ] |
Post subject: | RE:Using php to generate an image |
To prevent SQL injections, for every query use mysql_real_escape_string(). As for the problem with line 41, look at your curly brackets |
Author: | 2goto1 [ Thu Feb 24, 2011 10:47 am ] |
Post subject: | RE:Using php to generate an image |
Another option to handle SQL injection attacks is to parameterize all of your queries. This approach works with all popular database platforms. To do so with PHP, see http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php |
Author: | ProgrammingFun [ Thu Feb 24, 2011 6:50 pm ] |
Post subject: | RE:Using php to generate an image |
Thanks for all the help! I am now in the final stages of the development. This poll is going to be used as a school-wide election. Please check it out at http://test.victoriaparkci.com/poll4/ (you are free to vote) and tell me what you think! My leader has some oppositions, please tell me if you agree with her or with my response. She says that results and voting should be on completely separate pages and that the user should go between them...but I point out that that is not user-friendly and tedious, and no professional poll does that. She says that the list should be ordered from most to least polls...I say that this will destroy a common order and will make it more confusing and biased. Please tell me what you think! |
Author: | Sur_real [ Thu Feb 24, 2011 7:31 pm ] |
Post subject: | RE:Using php to generate an image |
First of all, I think the song choices should be in alphabetical order. Also, you're right, the result should not be in descending order but in the order on the voting page. Secondly, I don't know how professional (read: accurate) you want it to be but it seems like anyone can vote any number of times. This also brings up the issue of botting...while this isn't a website like google or etc so the chances of botting are low, you still might want to look into how you are getting votes (from the .php you posted eariler, it uses GET, maybe you want to change that to POST) just in case. |
Author: | Tony [ Thu Feb 24, 2011 7:31 pm ] |
Post subject: | Re: RE:Using php to generate an image |
ProgrammingFun @ Thu Feb 24, 2011 6:50 pm wrote: tell me what you think
I'm never gonna give you up. |
Author: | Tony [ Thu Feb 24, 2011 7:33 pm ] |
Post subject: | Re: RE:Using php to generate an image |
Sur_real @ Thu Feb 24, 2011 7:31 pm wrote: it uses GET, maybe you want to change that to POST) just in case.
So then I'll just change my Rick.rb script to make a POST request instead of GET |
Author: | ProgrammingFun [ Thu Feb 24, 2011 7:35 pm ] |
Post subject: | RE:Using php to generate an image |
My leader wanted it to be bot-able...in other words, she wanted users to be able to vote multiple times...I was thinking of limiting how many votes can be submitted per IP address for a time period but then gave it up... @Tony: What do you mean? Is there another security bug? |
Author: | Sur_real [ Thu Feb 24, 2011 7:36 pm ] |
Post subject: | RE:Using php to generate an image |
sigh, so you're the one voting for rick LOL |
Author: | ProgrammingFun [ Thu Feb 24, 2011 7:38 pm ] |
Post subject: | Re: RE:Using php to generate an image |
Is there any way to limit an IP address to vote for a certain song only once? @Tony: Would you mind sending me the script? I could use it myself |
Author: | Sur_real [ Thu Feb 24, 2011 7:40 pm ] |
Post subject: | RE:Using php to generate an image |
You could try getting the IP of people who voted and put it in a SQL table. |
Author: | ProgrammingFun [ Thu Feb 24, 2011 7:48 pm ] |
Post subject: | RE:Using php to generate an image |
But then how would I re-allow that IP after the time limit has passed? Actually, this may not be a good idea because that might just block my school's IP for some time and that is where most people will access it from...What should I do? |
Author: | Tony [ Thu Feb 24, 2011 7:49 pm ] | ||
Post subject: | RE:Using php to generate an image | ||
|
Author: | Sur_real [ Thu Feb 24, 2011 7:52 pm ] |
Post subject: | RE:Using php to generate an image |
Hmmm...I guess you can also have a timestamp at the time they voted. So next time they vote, you check with the timestamp to allow/disallow and if allow, change timestamp to current again. |
Author: | ProgrammingFun [ Thu Feb 24, 2011 7:54 pm ] |
Post subject: | RE:Using php to generate an image |
Do you think that I should just remove the voting option from the results page? That way, you script will have to return to the other page to vote each time... |
Author: | Tony [ Thu Feb 24, 2011 7:55 pm ] |
Post subject: | RE:Using php to generate an image |
Nope, I never hit the results page. Or the form page. Sending requests directly to http://test.victoriaparkci.com/poll4/process.php?song[]=26&vote=Vote |
Author: | ProgrammingFun [ Thu Feb 24, 2011 7:59 pm ] |
Post subject: | RE:Using php to generate an image |
wow, how would I go about countering that? Perhaps I should just hope that no hacker happens to see the poll? |
Author: | Tony [ Thu Feb 24, 2011 9:31 pm ] |
Post subject: | RE:Using php to generate an image |
You can't really, unless you have a login system. But even then that only works if the cost of creating new user accounts is greater than the value of a casted vote. Re: any IP-based suggestions -- it's a school poll. All of the students will have the same IP, while at school. |
Author: | Sur_real [ Thu Feb 24, 2011 9:43 pm ] |
Post subject: | RE:Using php to generate an image |
oh...yeah, forgot about that lol what about creating sessions, so the only way would be to reopen browser? That can limit it to a certain extend... |
Author: | ProgrammingFun [ Thu Feb 24, 2011 10:03 pm ] |
Post subject: | Re: RE:Using php to generate an image |
Sur_real @ Thu Feb 24, 2011 9:43 pm wrote: oh...yeah, forgot about that lol
what about creating sessions, so the only way would be to reopen browser? That can limit it to a certain extend... How would I go about doing that? That sounds like a good solution.... Is there any way that I can hide the fact that there is a process.php? Would that protect it to some extent? |
Author: | Tony [ Thu Feb 24, 2011 10:24 pm ] |
Post subject: | RE:Using php to generate an image |
Sessions (cookies) are easily cleared. In fact, a lot of simple net libraries don't even keep track of cookies in the first place. Quote: hide process.php
A form must submit to some location, and I can do the same. As much as you can try to obfuscate the locations / redirects / whatever, the system is conceptually vulnerable to a Replay Attack -- http://en.wikipedia.org/wiki/Replay_attack |
Author: | DemonWasp [ Thu Feb 24, 2011 10:30 pm ] |
Post subject: | RE:Using php to generate an image |
Ultimately, no, there's no real way to hide which URL you're submitting vote data to. It's easy enough to figure that out with Firebug or equivalents. If the computer can figure it out, a malicious user can figure it out. The only real way to avoid multiple votes is to have an authentication system. If you don't want to make user accounts yourself, or correlate name-with-student-ID or similar, then you can't really do that. A simple measure would be to put a cookie on the user's system that says "I've already voted", but this could be trivially bypassed -- even accidentally -- by either a user who knows what they're doing, or by a user who has cookies disabled for whatever reason. See here: http://php.net/manual/en/features.cookies.php |
Author: | Dan [ Fri Feb 25, 2011 6:35 am ] |
Post subject: | RE:Using php to generate an image |
You could send an e-mail to each student who can vote with a link to the poll that cotains a unquie key in the url parameters that can be only used once. Bascily you keep a table of keys, and once some one votes with that key you remove it's row from the database. This would require that you have some means of giving the students their keys or a url with their key in it. Edit: Also keys should not be simple like: 1, 2, 3, 4, 5 but longer strings that are seemlingly random like: 5b19344e68b50229e839a07b0652fa71, eb0a7a912cdfced0b68808dc8a98ac8e, d58fb80e442e2644268475577e824ef6, etc But ensure that they are unique and have no obvious patter. For example you could take the hash of the students e-mail + a salt you never tell anyone. |
Author: | DemonWasp [ Fri Feb 25, 2011 8:29 am ] |
Post subject: | RE:Using php to generate an image |
If you have all the student email addresses, wouldn't it be simpler to build a system that only accepts one vote per registered email address (each student votes with their email address as ID)? |
Author: | Dan [ Fri Feb 25, 2011 9:18 am ] |
Post subject: | Re: RE:Using php to generate an image |
DemonWasp @ 25th February 2011, 8:29 am wrote: If you have all the student email addresses, wouldn't it be simpler to build a system that only accepts one vote per registered email address (each student votes with their email address as ID)?
You would still have to authenticate the e-mail some how, or students could use other students vote if they knew their e-mail. So either way you would have to send the e-mail some kind of key. |
Author: | DemonWasp [ Fri Feb 25, 2011 10:33 am ] |
Post subject: | RE:Using php to generate an image |
Fair point. Then again, though, is this poll worth the effort of mailing everyone in the school a key and dealing with the associated extra complexity? |
Author: | Dan [ Fri Feb 25, 2011 11:00 am ] |
Post subject: | Re: RE:Using php to generate an image |
DemonWasp @ 25th February 2011, 10:33 am wrote: Fair point. Then again, though, is this poll worth the effort of mailing everyone in the school a key and dealing with the associated extra complexity?
Well it depedns on how imporantant the poll is. If all the students have the same kind of e-mail, such as _somthing_@victoriaparkci.com he could have them create a poll acount which only allows acounts to be created with a valid @victoriaparkci.com e-mail (with an activation e-mail). My method was more for a one time poll, an account would be better if their will be many polls. Looking at the link ProgrammingFun posted, it seems that this is for some kind of student forum? If thats the case why not tie it into the fourms accounts? |
Author: | ProgrammingFun [ Fri Feb 25, 2011 1:15 pm ] |
Post subject: | Re: RE:Using php to generate an image |
Dan @ Fri Feb 25, 2011 11:00 am wrote: Looking at the link ProgrammingFun posted, it seems that this is for some kind of student forum? If thats the case why not tie it into the fourms accounts?
That is exactly what I was about to ask next! Is there any way that I can use the forum accounts to login into the poll for the user to vote (without compromising the forum database)? That way, would I be able to make a browser session with that login so to revote, they would have to login again? This is not actually a very important poll, it is designed as a promotion campaign for the forum...I guess you could call it important (in a way) |
Author: | ProgrammingFun [ Sun Mar 06, 2011 5:17 pm ] |
Post subject: | RE:Using php to generate an image |
The final poll is being launched this week...we tried to fix the script problem by adding sessions (and something else )... Please test it here: http://forum.victoriaparkci.com/v1/playlist/ ...and tell me what you think (+ any remaining bugs and errors) Thanks! |
Author: | Tony [ Sun Mar 06, 2011 5:44 pm ] |
Post subject: | Re: RE:Using php to generate an image |
ProgrammingFun @ Sun Mar 06, 2011 5:17 pm wrote: we tried to fix the script problem by adding sessions (and something else )...
clearing cookies still works for multiple votes. |
Author: | ProgrammingFun [ Sun Mar 06, 2011 6:55 pm ] |
Post subject: | RE:Using php to generate an image |
Yes...but is there a script that can do that? I hope not... |
Author: | Tony [ Sun Mar 06, 2011 7:52 pm ] |
Post subject: | RE:Using php to generate an image |
Are you asking if I can write a script where I _don't_ keep track of your cookies? Yes. In fact, that's less work than having to keep track of your cookies. |
Author: | ProgrammingFun [ Sun Mar 06, 2011 8:23 pm ] |
Post subject: | RE:Using php to generate an image |
Fail...so what do I do now? Or should I just hope that noone will think of hacking it in such a way? |
Author: | Amailer [ Sun Mar 06, 2011 9:10 pm ] |
Post subject: | RE:Using php to generate an image |
Why aren't you using the forum's login system as suggested, it will solve most of the issues (except people making multiple accounts to vote...). http://www.phpbb.com/community/viewtopic.php?f=64&t=709765#p4101675 A quick way would be to implement the login, force the user to login in order to vote and then when said user has voted, write their username to a file. This way if they attempt to vote again, check to see if its in the file. Or, simply make a "hasVoted" column in the user table and set it to 1 if they have voted. |
Author: | ProgrammingFun [ Sun Mar 06, 2011 9:18 pm ] |
Post subject: | RE:Using php to generate an image |
Thanks for the help....I'll try to implement that. |