PHP Quiz

[Blunderboy]

Why do I get the following error when I run this snippet:

<?php
****$i = 'Z';
****echo ++$i;
?>


Parse error: parse error, unexpected T_VARIABLE in C:\Inetpub\wwwroot\drip.php on line 2

[Blunderboy]

where did all those stars come from?

[Phil.Roberts]

I dont think you can do this:

PHP Code:

echo ++$i; 


Just do

PHP Code:

++$i;
echo $i; 


[seanf]

Works for me

Sean

[samsm]

where did all those stars come from?

(It used to be underscores)
Here's the answer: http://www.sitepointforums.com/showt...threadid=91924

[samsm]

Now, your job is to make $array only contain unique arrays, in such a way that neither the key one or two may be the same.
So for example, array[4] and array [5] are not valid, because one is 13 on both arrays.

Once we identify the bogus array, what should we do with it?
Alter it? Delete it?
Which of two that match should be deleted?

[datune]

Once we identify the bogus array, what should we do with it?
Alter it? Delete it?
Which of two that match should be deleted?

Alright, i understand my question might be too difficult (or not written well), so let me try to explain in an easier way.

Let's use smilies for this example.

Each smilie consists of three elements

code, url, and descr.

Now, as we all know, smilies may have different codes, but yet have the same url and descr.

For example, ; ) and ; - ) are both the same smilies.

Now you have an array as follows (note, im using wrong smilie codes, or otherwise the board would interpret them)

PHP Code:

$smilies = array();

$smilies[1] = array('code' => '-smile-', 'url' => 'smile.gif', 'descr' => 'smile');
$smilies[2] = array('code' => '*smile*', 'url' => 'smile.gif', 'descr' => 'smile');
$smilies[3] = array('code' => '-grin-', 'url' => 'grin.gif', 'descr' => 'grin');
$smilies[4] = array('code' => '*grin*', 'url' => 'grin.gif', 'descr' => 'grin'); 


Now, let's say you wanted to print out the smilies, in the same way as vBulletin does, in a table. Now you don't really want to have two identical smilies displayed just because there are 2 or more different smilie codes existing.

So, again, your job is to return a smilie array which only holds each smilie once, no matter the code. That's the only rule. it doesn't matter which array get#s removed etc...just make sure that FOR EXAMPLE this would be the outcome

PHP Code:

$smilies[1] = array('code' => '-smile-', 'url' => 'smile.gif', 'descr' => 'smile');
$smilies[2] = array('code' => '-grin-', 'url' => 'grin.gif', 'descr' => 'grin'); 


There, this should make things much more understandable images/smilies/wink.gif

[Jeff Lange]

PHP Code:

echo ++$i; 


is valid.

[samsm]

Gotcha!
I have a feeling that there's room for improvment here. Any ideas?

PHP Code:

$smilies = array();
$smilies[0] = array('code' => '-smile-', 'url' => 'smile.gif', 'descr' => 'smile');
$smilies[1] = array('code' => '*smile*', 'url' => 'smile.gif', 'descr' => 'smile');
$smilies[2] = array('code' => '-grin-', 'url' => 'grin.gif', 'descr' => 'grin');
$smilies[3] = array('code' => '*grin*', 'url' => 'smile.gif', 'descr' => 'grin');
$urls = array();
$c = count($smilies);
for ($i=0; $i<$c; $i++ )
{
   if (in_array($smilies[$i]['url'], $urls))
   {
      array_splice($smilies, $i, 1);
   }
   else
   {
      $urls[] = $smilies[$i]['url'];
   }
} 


[datune]

Have a good look at smilies[3] ['url']

Correct it, and run your script again

nice try though :P

[samsm]

Hmmm, not sure what you mean. This is the result I get from my attempt without any changes... the array came from cut and pasting your data. I did alter the array so that it began with 0 but that's it.
[code]
Array
(
[0] => Array
(
[code] => -smile-
[url] => smile.gif
[descr] => smile
)

[1] => Array
(

Code:

 => -grin-
            [url] => grin.gif
            [descr] => grin
        )

)

[datune]

Damn, im sorry. My mistake, i corrected it. Have a look and you will see. Sorry bout that...

[samsm]

Ha! I had a lot more trouble with that than I expected!

The second time I went at it, I didn't change the array[1] numbers to create an array beginning with [0]. However, as soon as array_splice got its hands on the $smilies array, it rewrote the array to begin with [0]! Took me a little while to notice.

Something else silly:

PHP Code:

$c = count($array);
for ($i=0; $i<=$c; i++) { //etc } 


One big thing wrong with this: for doesn't work on a copy of the array like foreach. Therefore it is obivious to rather crucial factors, like the array getting shrunk by array_splice. Also there is no need to advance a number (i++) if an array element was removed. Therefore, I shifted that to the else part of the code.

Anyway, I think everything is fixed up in this version. Instead of explicitly renumbering the array, I threw in shuffle, which both changed the array to begin at [0] and go to [3] and allowed me to check the script with many different orders. Anyway, hopefully this does the job. :)

PHP Code:

shuffle($smilies);
for ($i=0; $i<=count($smilies);)
{
   if (in_array($smilies[$i]['url'], $urls))
   {
      array_splice($smilies, $i, 1);
   }
   else
   {
      $urls[] = $smilies[$i]['url'];
      $i++;
   }
} 


[cyngon]

The previous question seems to be solved so I am jumping in. I hope no one minds. Here is the question, as inspired by an article I read a while ago:

I have a database table to store a user's name, password, and credit card number. Only the user who owns the credit card should be able to decrypt and view their CC number. This means that even someone with full access to the database should never be able to read any credit card numbers unless they know a user's password.

Like in most PHP authentication schemes, passwords are stored in the database as md5 hashes so they cannot ever be decoded.

You need to write two snippets of code:

1. Given a user's name, actual (not md5()ed) password, and credit card number store it in the database using strong encryption.

2. Given a user's name, actual (not md5()ed) password, retrive their credit card number from the databse and decrypt it.

It must be absolutely impossible to decrypt a credit card number without that user's actual password. Also, since the md5() hashed passwords are stored in the database along with the credit card numbers, it must be impossible to decrypt a credit card number with just the md5() hash of the password and not the password itself.

If the credit card number could be decrypted with just the md5() hash then anyone with full read access to the databse could decrypt the credit card numbers.

[datune]

Ha! I had a lot more trouble with that than I expected!

The second time I went at it, I didn't change the array[1] numbers to create an array beginning with [0]. However, as soon as array_splice got its hands on the $smilies array, it rewrote the array to begin with [0]! Took me a little while to notice.

Something else silly:

PHP Code:

$c = count($array);
for ($i=0; $i<=$c; i++) { //etc } 


One big thing wrong with this: for doesn't work on a copy of the array like foreach. Therefore it is obivious to rather crucial factors, like the array getting shrunk by array_splice. Also there is no need to advance a number (i++) if an array element was removed. Therefore, I shifted that to the else part of the code.

Anyway, I think everything is fixed up in this version. Instead of explicitly renumbering the array, I threw in shuffle, which both changed the array to begin at [0] and go to [3] and allowed me to check the script with many different orders. Anyway, hopefully this does the job. [img]images/smilies/smile.gif[/img]

PHP Code:

shuffle($smilies);
for ($i=0; $i<=count($smilies)[img]images/smilies/wink.gif[/img]
{
if (in_array($smilies[$i]['url'], $urls))
{
array_splice($smilies, $i, 1);
}
else
{
$urls[] = $smilies[$i]['url'];
$i++;
}
} 


Very nice. Only two things. You don't need shuffle, and this

PHP Code:

for ($i=0; $i<=count($smilies))
 
//should be
 
for ($i=0; $i<count($smilies)) 


Cause PHP will otherwise spit out Notices saying that there is an undefined index.
Otherwise, brilliant. Your turn to ask a question

[samsm]

Shuffle isn't nessesary, you are right.

However, I declare a foul on the array that begins with [1]. What's up with that? Begin your array's with [0] and everything will work more predictably.

Interesting about the <= vs. < , I should have checked that with a higher error level, I wasn't getting any warnings.

Anyway, I hand my question over to cyngon. His question is two up from this post and I think I can produce an accurate answer tomorrow so the rest of you have about 8-10 hours!

[pootergeist]

something like

$username = 'username';
$password = 'password';
$key = $password.$username;
$cc_number = '1234-5678-9012-3456';
$cc_crypt = mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $cc_number, MCRYPT_MODE_ECB);
$passwordhash = MD5($password);
$quizit = mysql_query("INSERT INTO `cards` (user,pass,card) VALUES ('$username','$passwordhash','$cc_crypt')");

------------------------------

$username = 'username';
$password = 'password';
$passwordhash = MD5($password);
$quizit = mysql_query("SELECT card, user, pass FROM `cards` WHERE user='$username' AND pass='$passwordhash'");
// assumes $row['card'] as returned variable for card
$key = $password.$username;
$cc_decrypt = mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $key, $row['card'], MCRYPT_MODE_ECB);

------------------------------

you could also maybe set and store an initialization vector and sling that into both the encrypt and decrypt calls as the last param.
$init_vector = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),MCRYPT_RAND);

furthering that basic exaample would be dependent upon the server you are on.

[anode]

What happens when they need to reset their password? Wouldn't they need to re-enter their CC details?

[pootergeist]

you'd just retrieve it, re-encrypt it with the new key and then re-insert it

[anode]

You can't retrieve it if they've forgotten their password - to decrypt it you need their password in cleartext, which is only available through user input.

[pootergeist]

when have you ever let a user change their password without knowing the old one?

doing that is like saying 'hey just ask nice and we'll give away the cc numbers'

you'd have to create a rand password and maybe mail them that, get them to input that before changing to their new choice

[anode]

Based on secret-question or e-mail validation (or both); the whole point is that they would need to reset it since they forgot it.

In any case, since at that point, nobody has the password in cleartext, your 'card' field is line noise.

[pootergeist]

so - how do you script something so that no-one (user, cracker or even system-admin) can recreate the credit card number without knowing the cleartext password --- and allow resetting of that password for when people forget.

all the ways I can see would require storing the encryption key as plaintext which defeats the security entirely.

anyone?

[samsm]

Anode is correct, no one is going to be able to unencrypt the credit card number without the password. However, retrieval through alternate means is not applicable for this particular question.

It must be absolutely impossible to decrypt a credit card number without that user's actual password.

In cyngon's scenario, even the database admin must be ignorant of the actual credit card numbers. If any alternate method for retrieving the credit card number was available, that solution would not be acceptable this challenge.

[anode]

Sorry guys, I was stuck in "practical mode" for some reason

This does lead me to wonder what Authorize.net and the rest use.