php


PHP: Convert JavaScript-escaped Unicode characters to HTML hex references

There are cases where one might receive in PHP, escaped Unicode characters from the client side JavaScript. According to the RFC it is normal for JavaScript to convert characters to that format and in effect that we receive any character in the escaped format of \uXXXX in PHP.

Any character may be escaped.
If the character is in the Basic Multilingual Plane (U+0000 through U+FFFF),
then it may be represented as a six-character sequence:
a reverse solidus, followed by the lowercase letter u, followed by four hexadecimal digits that encode the character's code point.
The hexadecimal letters A though F can be upper or lowercase.

A sample input you might receive could look like this George\u2019s treasure box instead of George’s treasure box.

This kind of input should not be stored as is as it does not make sense to the HTML language, instead we should fix it up using preg_replace.

$decoded = preg_replace('/\\\\u([a-fA-F0-9]{4})/', '&#x\\1;', $input);

The above command will look for all instances of \uXXXX in the $input and it will replace each one with the appropriate character using the XXXX value that it will match.

What this part '/\\\\u([a-fA-F0-9]{4})/' of the code do is the following:

  • \\\\ – Find the character \ in the string, the reason we have four \ instead of one, is because it has special meaning in the regular expression and we have to escape it. For that reason we need to use two of them and get \\. After that, we need to escape each of them again due to the special meaning they have in PHP and we end up with four of them.
  • u – The previous step must be followed by a u character.
  • ([a-fA-F0-9]{4}) – After the previous step has matched, we need to match 4 characters. Each of them must be either a character from A-Z or a-z or 0-9.

This part '&#x\\1;' will:

  • &#x – Is a constant string that will print the characters &#x. These characters will instruct HTML to print the character that will occur using hexadecimal entity reference that will follow.
  • \\1 – Contains the reference of the 1st parenthesized pattern. In this case we only have a parenthesis around the XXXX part of the \uXXXX so \\1 will be replaced with the XXXX value.

PHP: Functions that check passwords if they are strong enough

Following you will find a function that checks a string if it matches certain limitations that are usually applied on passwords.

Specifically, in the following code we check that the input contains at least one small Latin letter, a caps Latin letter, a number and a special character.

//Function that checks if string has at least one small Latin letter, one caps Latin letter, a number and a special character
function validString($string) {
  $containsSmallLetter = preg_match('/[a-z]/', $string);
  $containsCapsLetter = preg_match('/[A-Z]/', $string);
  $containsDigit = preg_match('/\d/', $string);
  $containsSpecial = preg_match('/[^a-zA-Z\d]/', $string);
  return ($containsSmallLetter && containsCapsLetter && $containsDigit && $containsSpecial);
}

In case you do not want to check for the case of the Latin characters and you just want to see if there is any of them we can merge the two checks as follows

//Function that checks if string has at least one Latin letter, a number and a special character
function validString($string) {
  $containsLetter = preg_match('/[a-zA-Z]/', $string);
  $containsDigit = preg_match('/\d/', $string);
  $containsSpecial = preg_match('/[^a-zA-Z\d]/', $string);
  return ($containsLetter && $containsDigit && $containsSpecial);
}

Ubuntu Linux: How to register machine IPs and domain name to web-server using php

First of all you will need a page the will keep record of the registrations.

To do the paste the following code in a *.php file on a php-enabled webserver:

<html>
<body>

<?php
if (isset($_GET["ip"]) && isset($_GET["name"]))
{
  echo "Current Time " . gmdate("d/m/Y H:i:s e", $_SERVER['REQUEST_TIME']) . " IP " . $_GET["ip"] . " Hostname " . $_GET["name"] . "!<br/>"; 
  $file=fopen("cookies.txt","a") or $file=fopen("log.txt","x");
  fwrite($file,"Time " . gmdate("d/m/Y H:i:s e", $_SERVER['REQUEST_TIME']) . " IP " . $_GET["ip"] . " Hostname " . $_GET["name"] . "\n" );
  fclose($file);
}
else
{
  echo "Welcome Murloc!<br />";
  echo "Following the SSH Login Log File:<br /><br />";
  $file=fopen("log.txt","r") or $file=fopen("cookies.txt","x");
  while(!feof($file))
  {
    echo fgets($file). "<br />";
  }
  fclose($file);
  echo "Your IP is ".$_SERVER['REMOTE_ADDR']. "<br />Current Time " . gmdate("d/m/Y H:i:s e", $_SERVER['REQUEST_TIME']) . "<br /><br />";
  echo "Bye Bye Bob<br />";
}
?>
</body>
</html>

The above php script will store your IP and Hostname if you provide them on the URL along with the time that the event happened and if you do not then it will list the registered IPs.

NOTE:Not sure how safe this code is

In order to invoke it / send you IP and hostname, issue form bash the following:

IPs=`ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`
wget "http://www.example.com/ip.php?ip=$IPs&name=$HOSTNAME" -o /dev/null