Tag: development

How to show all errors in PHP 8

How to display all errors in PHP 8

By default, PHP 8 disables showing errors, so if there is a problem while executing a PHP script, nothing will be displayed on the screen. If an error in the program occurred before the output of the HTML code, then you will see a white screen of the web browser.

Where is the error output configured in PHP

Error output is configured in:

  • script code
  • .htaccess file
  • in the PHP configuration file (for example, in php.ini)

The settings in the script code only affect the behavior of the program in which the settings are made.

The settings in the .htaccess file affect all scripts in that directory and subdirectories.

The settings in the php.ini configuration file affect all PHP scripts that are run unless their error output settings are overridden.

Remember that error reporting is very useful while writing and debugging code, but on production servers, error reporting should be turned off to prevent sensitive data from being leaked and making it harder for an attacker to hack the site.

Configuring error output in PHP script

To display all errors, add the following lines to the beginning of the script:

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

These settings enable the output of all errors and warnings to the user's web browser.

Warnings about the use of deprecated constructs will be displayed.

Error output to the web server logs is configured separately.

Remember that if fatal errors occur, that is, when the script could not even run due to incorrect PHP syntax, then the rules specified in the php.ini or .htaccess file will be used to output errors. This is due to the fact that if the syntax is incorrect, the PHP interpreter does not understand the entire file, including the above directives. That is, if a semicolon or a curly brace is missing in the code, then errors will be displayed in accordance with the settings in the php.ini file.

Configuring PHP error output in .htaccess file

Enabling error output in the .htaccess file is done by the following directives:

php_flag display_startup_errors on
php_flag display_errors on

For them to work, the web server must have .htaccess files enabled.

Error output to the web server log is performed by the following directive:

php_value error_log logs/all_errors.log

Setting the output of all errors in the php.ini file

The php.ini file is the PHP configuration file.

PHP can use more than one configuration file during its operation.

Location of php.ini file:

  • In Debian and derivative distributions (Ubuntu, Linux Mint, Kali Linux and others), it depends on the PHP version, for example, for PHP 8.1 the path to the file is: /etc/php/8.1/apache2/php.ini
  • On Arch Linux and derivative distributions (Manjaro, BlackArch and others): /etc/php/php.ini

In the php.ini file you will find the following directives:

display_errors = Off
display_startup_errors = Off

To enable error reporting, replace them with:

display_errors = On
display_startup_errors = On

The default value of error_reporting is set to:

error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

This means that all errors are printed except for deprecation warnings and warnings caused by strict code checking.

To display all errors and warnings, set the following value:

error_reporting = E_ALL

Common Values:

  • E_ALL (Show all errors, warnings and notices including coding standards.)
  • E_ALL & ~E_NOTICE (Show all errors, except for notices)
  • E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
  • E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)

See the link for details: https://www.php.net/manual/errorfunc.constants.php

In order for the changes made in the php.ini file to take effect, a restart of the web server is required.

  • In Debian and derivative distributions (Ubuntu, Linux Mint, Kali Linux and others), this is done with the command:
sudo systemctl restart apache2.service
  • In Arch Linux and derivative distributions (Manjaro, BlackArch and others), this is done with the command:
sudo systemctl restart httpd.service

To check that the php.ini file settings are actually applied, create a file, for example, named info.php and copy into it:

<?php
phpinfo();

If you created the file in the root folder of the web server, in a web browser open http://localhost/info.php.

The following screenshot shows that error output is disabled in the php.ini file:

This screenshot shows that error output is enabled in the php.ini file:

Outputting errors to the web server log

Error output to the web server log is configured in the php.ini file.

The following directive is used for this:

log_errors = On

The location of the error file is configured in the web server configuration.

The “error_reporting('all');» и ошибка «Uncaught TypeError: error_reporting()”

When trying to use the following construct:

error_reporting('all');

You will encounter the Uncaught TypeError: error_reporting() error.

Full error log:

[Wed Jul 06 07:29:19.410966 2022] [php:error] [pid 14101] [client 127.0.0.1:58402] PHP Fatal error: Uncaught TypeError: error_reporting(): Argument #1 ($error_level) must be of type ?int, string given in /srv/http/suip/index.php:3\nStack trace:\n#0 /srv/http/suip/index.php(3): error_reporting('all')\n#1 {main}\n thrown in /srv/http/suip/index.php on line 3, referer: http://localhost/suip/

Instead of 'all' you need to provide a constant expressing the level of the error message. Valid values are provided on this page: https://www.php.net/manual/errorfunc.constants.php

The following entry is correct for PHP 8 and means to show all errors, notes, and recommendations:

error_reporting(E_ALL);

How to make images on a site (including WordPress) maintain the correct aspect ratio

How to maintain aspect ratio with HTML IMG tag

An image inserted into a page has the correct proportions by default unless you change it.

When viewing images on a mobile phone, the images are scaled, that is, resized to fit completely on the screen.

Web pages work in a similar way, including sites running WordPress.

But I noticed one issue of displaying large images for which the size is set. On larger screens, these images still display correctly, that is, they retain the correct aspect ratio. But on mobile phones, when the screen width is less than the image width, the image is displayed with distortion, it is stretched vertically, for example:

To fix this problem, add the following rule to the style file:

img{
	object-fit: contain;
}

How to fix wrong image aspect ratio in WordPress

You need to add the specified image style to your WordPress theme's stylesheet. To do this, go to WordPress Dashboard → Appearance → Theme File Editor.

Open the style.css file for editing (it is open by default when you switch to the Theme File Editor).

If you can't use the Theme File Editor, that's not a problem – below is how to edit the style.css file without using the Theme Editor.

Look in the style.css file for the tag:

img {
	……………..
}

In some themes it is already present, in some themes it is not.

If this tag is missing, then add to the style.css file

img {
	object-fit: contain;
}

Another site of mine already has an img tag with the following content:

img {
	max-width: 100%;
	height: auto;
}

In this case, I add a new style to the existing ones, it turned out:

img {
	max-width: 100%;
	height: auto;
	object-fit: contain;
}

After the changes made, images on small screens retain their aspect ratio, even if they do not fit the width of the screen.

Note: If the image is still stretched after making changes to the style file, you need to wait for the site cache to refresh or reset the cache manually. To redownload files from the web server without using the web browser cache, press Ctrl+F5 on the site page. If caching is enabled on your server or at the WordPress level, you need to flush this cache, or wait for it to be updated.

How to edit style.css file without Theme File Editor

If for some reason you cannot use the Theme Editor, then you can edit the style.css file in any other way.

You need access to your site's file system. The specific way to access site files depends on the host and usually webmasters know what to do.

The style.css file is located at the following address:

SITE_FOLDER/wp-content/themes/THEME_NAME/style.css

Error “remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead” (SOLVED)

The article “How to make and submit changes to source code on GitHub” shows you how to update files on GitHub after you have edited their local copies on your computer. The commands shown in the article are still valid, but due to changes on GitHub, now instead of a password, you need to use a token that you need to get on GitHub itself.

When trying to use a password for authentication, you will encounter an error:

remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: Authentication failed for 'https://github.com/Mi-Al/OpenVPNassistent/'

The essence of the error is that since August 13, 2021, support for password authentication has been removed and now you need to use a token.

There is also a link to read the details: https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/

From that link, you will need to go to another page, where they will still explain how to get a token: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal -access-token

You can check out these pages. But the gist is pretty simple, go to https://github.com/settings/tokens page and click on the “Generate new token” button.

Enter “Note”, the actual name, for the token.

Set the token expiration time.

It is highly recommended not to make perpetual tokens, but even if your perpetual token has been stolen, you can revoke it at any time, that is, invalidate it.

Select the scope of the token. For the “git push” command, you need to select “repo”, as stated in the description, this is “Full control of private repositories”.

Please note that the token will only be shown once – don't forget to copy it!

If you forgot to copy or lost it, it doesn't matter, you can always re-generate a token or create a new one.

Use the token in the same way as you used the password. That is, when prompted for a password when submitting changes to GitHub, enter the token, not the password.

How to make and submit changes to source code on GitHub

GitHub is an awesome collaborative software development tool. There is a lot of documentation on working with git: in the program's help and on the Internet.

Being very flexible and with many commands and options, git can be confusing when you first get to know it. The git options and commands should be studied carefully, but this post is a dirty and short guide that shows you step by step how to make changes to a program hosted on GitHub and how to submit your changes to the author.

Before sending your changes to the code to the author of the program, it is strongly recommended that you familiarize yourself with his wishes. They can be associated with both programming style (specifics of naming variables, for example) and formatting features (using the tab key or four spaces, for example). Even if the author did not write their wishes, it is highly recommended to follow the style of the code you are editing.

Source code edit permission on GitHub

The procedure for changing the source code on GitHub differs depending on whether you have the permission to change the source code of a repository or not.

You can directly edit a repository on GitHub in the following cases:

  • you are the owner of the repository
  • you are granted permissions to edit a specific repository by its owner

In this case, the editing procedure is as follows:

  • you clone the source code to your local computer
  • make changes to the source code
  • push changes to the repository

If you do not have permission to edit the repository, but want to suggest a change to the source code, then you need to Fork the original repository.

Next, you go through three familiar stages for your fork:

  • you clone the source code to your local computer
  • make changes to the source code
  • push changes to the repository

After that, you submit changes to the original repository, this is called “Pull request”.

How to edit source code on GitHub

I'll show you part of a real workflow on real code here.

Situation: in the airgeddon program in the EvilTwin branch, I need to make changes to some lines. I start by cloning the code to my local drive:

git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git -b EvilTwin

Note that I am using the -b switch, followed by the name of the EvilTwin branch. By default, the newest branch is cloned (the branch in which the most recent changes were made). Since the default name is master, this is usually the branch that is cloned.

The names of branches and features of the workflow can be different for each project – and they are discussed within the team or available in the form of public rules.

The source code can be edited in your favorite editor or IDE. After completing the edits, on the command line, go to the directory with the program and execute there:

git status

Information about the status (file changed) and tips on what to do next are displayed:

Add the file(s) in which the changes were made:

git add airgeddon.sh

And again we look at the status:

git status

We need to write a comment on what we did with the code:

git commit -m "Updating Russian translation (minor fixes)"

We get approximately the following information:

[EvilTwin 39b8960] Updating Russian translation (minor fixes)
 1 file changed, 8 insertions(+), 8 deletions(-)

If you're curious, you can see the status again:

git status

The information received and the hint indicate that everything is ready to send our changes to GitHub. To do this, I execute the command (EvilTwin in this case is the name of the branch to which I am committing):

git push origin EvilTwin

You will be asked for your username (e-mail) and password on GitHub and the following information will be displayed:

Подсчет объектов: 3, готово.
Delta compression using up to 3 threads.
Сжатие объектов: 100% (3/3), готово.
Запись объектов: 100% (3/3), 420 bytes | 0 bytes/s, готово.
Total 3 (delta 2), reused 0 (delta 0)
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
To https://github.com/v1s1t0r1sh3r3/airgeddon.git
   04d1fb4..39b8960  EvilTwin -> EvilTwin

PLEASE NOTE: Since August 13, 2021, support for password authentication has been removed and now you need to use a token. For details, see Error “remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead” (SOLVED).

Finally, you can check the status again:

git status

How to get web page content and cookies of .onion sites in Python

A program that receives data from the Tor network must work with cookies, for example, in the case of a parser, it can be cURL, PHP script, Python script, and so on.

In the article “Web site parsing in command line” there is an example of working with cookies in cURL, but how to get the content of a web page (HTML code) and cookies of a Tor network site whose names end in .onion?

For the parser to work with the Tor network, you need to specify the data of the local Tor service (port number and “localhost” as IP) as a proxy for accessing the network.

For normal operation with .onion sites, you need to use the Tor DNS servers.

In the Python script, to access .onion sites, you need to use the socks5h protocol to enable the use of remote DNS to resolve hostnames to IP if local DNS resolution fails.

The following code shows the .onion page of the site (URL http://hacking5xcj4mtc63mfjqbshn3c5oa2ns7xgpiyrg2fenl2jd4lgooad.onion) and cookies:

import requests
import json

proxies = {
	'http': 'socks5h://127.0.0.1:9050',
	'https': 'socks5h://127.0.0.1:9050'
}

session = requests.Session()

data = session.get("http://hacking5xcj4mtc63mfjqbshn3c5oa2ns7xgpiyrg2fenl2jd4lgooad.onion",proxies=proxies).text

print(data)

print(session.cookies)

A simple PHP script is used as a site that sends HTML code and cookies:

An example of how the code above works – you can see HTML and cookies:

Line

print(session.cookies)

Outputs:

< RequestsCookieJar[< Cookie HackWare-cookie=For%20testing%20purpose%20only for hacking5xcj4mtc63mfjqbshn3c5oa2ns7xgpiyrg2fenl2jd4lgooad.onion/ >] >

That is, the format is:

< RequestsCookieJar[< Cookie NAME=VALUE for SITE.onion/ >] >

If print (session.cookies) is changed to

print(session.cookies.get_dict())

then the format will be like this:

{'HackWare-cookie': 'For%20testing%20purpose%20only'}

Basically, sites can encrypt cookies. More precisely, in any case, cookies will be sent in the “NAME=VALUE” format. But the VALUE can be encrypted so that only the site will know what to do with it. But in general, the user does not need to think about it – what cookies were get, those are sent by the browser.

libpcap-dev for Cygwin

When compiling programs from source in Cygwin, an error may occur containing the line “when searching for -lwpcap”.

The essence of the error is that the headers of the pcap library are searched.

These header files are present in the libpcap-dev package (Debian and derivatives). This package may also be called libpcap (for example, on Arch Linux). There are no such packages in the Cygwin repositories, since their functioning is closely related to the operating system drivers and libpcap is intended for Linux, while Cygwin runs on Windows.

When traversing the file system looking for the correct header files, the following messages may be displayed:

/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /lib/../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /lib/../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /lib/../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/../lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: skipping incompatible /usr/lib/libwpcap.a when searching for -lwpcap
/usr/lib/gcc/x86_64-pc-cygwin/4.9.3/../../../../x86_64-pc-cygwin/bin/ld: cannot find -lwpcap
collect2: error: ld returned 1 exit status

As an alternative to libpcap for Windows (and therefore also for Cygwin) you can use:

  • WinPCAP – popular software, but no longer developed and maintained
  • Npcap – based on WinPCAP and is actively developing at the present time

To compile programs that require the libpcap library, you need source files, WinPCAP or Npcap headers.

The WinPCAP header files are in the Developer's Pack, and the Npcap header files can be found in the Npcap SDK.

WinPCAP for Cygwin

Follow the steps below to install WinPCAP headers in Cygwin.

Go to https://www.winpcap.org/devel.htm and download the developer pack.

Unpack the downloaded archive.

Copy the libraries:

  • WpdPack\Lib\libpacket.a in cygwin\lib\
  • WpdPack\Lib\libwpcap.a in cygwin\lib\

Copy headers from WpdPack\Include to cygwin\usr\include\.

Make sure you have the Winpcap libraries installed and that they are available in the PATH by running the commands:

which Packet.dll
which wpcap.dll

They should be in /cygdrive/c/WINDOWS/system32/.

Npcap for Cygwin

Go to https://nmap.org/npcap/ and download the Npcap SDK.

Unpack the downloaded archive.

Copy headers from Include to cygwin\usr\include\.

Make sure you have the Npcap libraries installed and that they are available in the PATH by running the commands:

which Packet.dll
which wpcap.dll

They should be in /cygdrive/c/WINDOWS/system32/.

Loading...
X