CSRF (Cross Site Request Forgery) verhindern

  1. Token generieren
  2. session_start();
    if (empty($_SESSION['csrf_token'])) {
        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
    }
  3. Token in den Meta-Tag generieren
  4. Token mit jQuery schicken
  5. $.ajaxSetup({
        headers : {
            'CsrfToken': $('meta[name="csrf-token"]').attr('content')
        }
    });
  6. Serverseitige Überprüfung
  7. session_start();
    if (empty($_SESSION['csrf_token'])) {
        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
    }
    
    header('Content-Type: application/json');
    
    $headers = apache_request_headers();
    if (isset($headers['CsrfToken'])) {
        if ($headers['CsrfToken'] !== $_SESSION['csrf_token']) {
            exit(json_encode(['error' => 'Wrong CSRF token.']));
        }
    } else {
        exit(json_encode(['error' => 'No CSRF token.']));
    }

    Quelle: Stackoverflow

SQL – Dump per PHP erstellen

/* backup the db OR just a table */
function backup_tables($host,$user,$pass,$name,$folder,$tables = '*')
{
    $return = '';
    $link = mysql_connect($host,$user,$pass);
    mysql_select_db($name,$link);
    
    //get all of the tables
    if($tables == '*')
    {
        $tables = array();
        $result = mysql_query('SHOW TABLES');
        while($row = mysql_fetch_row($result))
        {
            $tables[] = $row[0];
        }
    }
    else
    {
        $tables = is_array($tables) ? $tables : explode(',',$tables);
    }
    
    //cycle through
    foreach($tables as $table)
    {
        $result = mysql_query('SELECT * FROM '.$table);
        $num_fields = mysql_num_fields($result);
        
        $return.= 'DROP TABLE '.$table.';';
        $row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
        $return.= "\n\n".$row2[1].";\n\n";
        
        for ($i = 0; $i < $num_fields; $i++) 
        {
            while($row = mysql_fetch_row($result))
            {
                $return.= 'INSERT INTO '.$table.' VALUES(';
                for($j=0; $j<$num_fields; $j++) 
                {
                    if($row[$j] !== NULL){
                        $row[$j] = addslashes($row[$j]);
                        $row[$j] = ereg_replace("\n","\\n",$row[$j]);
                        if (isset($row[$j])) { $return.= '"'.$row[$j].'"' ; } else { $return.= '""'; }
                    }else{
                        $return .= "NULL";
                    }
                    if ($j<($num_fields-1)) { $return.= ','; }
                }
                $return.= ");\n";
            }
        }
        $return.="\n\n\n";
    }
    
    //save file
    $handle = fopen($folder . '/'.date('Y-m-d-H-i-s').'-db-backup-' . time() . '.sql','w+');
    fwrite($handle,$return);
    fclose($handle);
}

Terminexport als iCal

Folgendes Format muss rauskommen:

BEGIN:VCALENDAR
METHOD:PUBLISH
VERSION:2.0
PRODID:-//Thomas Multimedia//Clinic Time//EN
BEGIN:VEVENT
SUMMARY:Emily Henderson
UID:3097
STATUS:CONFIRMED
DTSTART:20120509T031500Z
DTEND:20120509T033000Z
LAST-MODIFIED:20120509T031500Z
LOCATION:Bundall Clinic Room 1
END:VEVENT
END:VCALENDAR

Mit PHP in einer Schleife folgendes bauen:

getProfileId())->getName();
     $output .=
"BEGIN:VEVENT
SUMMARY:" . $appointment->getProduction()->getHeadline() ."
UID:" . md5($appointment->getId() . $appointment->getDate()) ."
DTSTART:" . str_replace(array('-', ':'), array('',''), date(DATE_ICAL, strtotime($appointment->getDate('Y-m-d') . ' ' . $appointment->getStartTime()))) . "
DTEND:" . str_replace(array('-', ':'), array('',''), ($appointment->getEndTime() ? date(DATE_ICAL, strtotime($appointment->getDate('Y-m-d') . ' ' . $appointment->getEndTime())) : date(DATE_ICAL, strtotime($appointment->getDate('Y-m-d') . ' ' . $appointment->getStartTime()) + 3600))) . "
STATUS:CONFIRMED
LAST-MODIFIED:" . str_replace(array('-', ':'), array('',''), date(DATE_ICAL, strtotime($appointment->getLastModified()))) . "
LOCATION:$location
END:VEVENT\n";
}
$output .= "END:VCALENDAR";

header('Content-type: text/calendar; charset=utf-8');
header('Content-Disposition: inline; filename=spielplan.ics');
echo $output;
 
?>

Quelle