This is a known issue, and there is a known solution, but it's hard to find when you really need it.

When you're sending an e-mail from php mail() to a Hotmail account, most of the times it will a) never arrive or b) get marked as spam. There is a fix though: you need to send some extra headers with the request, make it look like it was sent from a real mail client.

<?php

$to = "I Ron <iron@hotmail.com>";
$subject = "It arrived on Hotmail?";
$message = "Yes it did! :o";
$headers = "From: RandomBase <iron@randombase.com>\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "Reply-To: RandomBase <iron@randombase.com>\n";
$headers .= "X-Priority: 1\n";
$headers .= "X-MSMail-Priority: High\n";
$headers .= "X-Mailer: RandomBaseMailer";
mail ($to, $subject, $message, $headers)

?>

It's that simple. It would be even more simple if people stopped using this piece of AJAX based spyware that filters everything but spam messages.

Hello my few readers, been a while since I last updated my blog so I felt like posting something so I didn't disappoint any of you.

I've been mainly busy with this Dutch Battlefield Heroes forum and playing the game (in beta), the addiction continues. But I've did a little coding too and I'll share the idea with you guys, not the code since it's not functional like I want it.

The very basic concept, and also the only thing it does now, is to start off with one keyword (say "php") and end up with a longer string with few results (say "php tutorial about creating games with mysql and javascript and all other things"). The point of finding these is of course to find less competitive niches that should convert well for marketers. The code uses a part of Google search.

The idea was fun, but it didn't work out very well, I'll put some more time in it later. Here are some examples:

Start: php

27200000 => php split
3920 => php split REG_EMPTY

Start: work

1030000 => worksource
173000 => worksource WA
165000 => worksource wage subsidy

Start: health

23900000 => health card
748000 => health cards ontario

I'm still trying to tweak it, I guess I should be breaking down the keywords and try to reorder them etc to reach the point of a niche with < 10000 results.

Perl has these tiny little functions that make me use it more for small, personal one-time use things. PHP has support for some of them but often it feels just wrong and not supposed to be there. My favourite example is unless() (should I even add those ()?). Perl has the most awesome function ever:

print 'Hello world.' unless $world eq 'Destroyed';

That all, in one line. PHP has (together with Javascript) a good but too long and confusing option for, the shorter version of if(), I use it all the time. It would look like this in PHP:

print ($world == 'Destroyed') ? '' : 'Hello world';

Ok, that's a pretty sweet function but it requires me to type too much special characters.

The second function I would like to talk about is ... well it has no name, it's just something you can do. In short, it is this:

($arrayOptionOne,$arrayOptionTwo) = @array;

That is the Perl version, PHP has this one too but they really had to add a specific named function for it:

list($arrayOptionOne,$arrayOptionTwo) = $array;

And then one of the functions I use all the time for things that involve editing files:

open(FileHandle,"<fileName");

print join("",<FileHandle>");

That's it! That's just it, we have read a complete file in two lines of code. The PHP version is horrifying here:

$fileHandle = fopen('fileName', 'r');

$data = fread($fileHandle, filesize('fileName'));

fclose($fileHandle);
print $data;

Now I hear some people say: what's wrong with file_get_contents() then? Nothing, except it doesn't allow you to change the mode parameters (you know: read, write, append, ..) which is quite useful.

After all, anything that I need to write quickly for a task is written in Perl, but in the end PHP is the most powerful language for websites so don't get all mad on me for not mentioning that before.

The people I had testing it shared the same question: "what the hell is its purpose?". Well; surprise, it doesn't have one. The idea was born when r0bin and me were playing Bomberman (sweet game by the way), and I wondered if it was possible to recreate such a thing in Javascript (+AJAX for multiplayer).

The problem with Javascript is the lag you automatically have, you can't get around the headers you're sending each time. At the best moment until now, I noted down a latency around 200. That means you would be able to send five actions each second. In a normal multiplayer game you should have a latency < 75 to keep it playable and fair for the other players.

So, the plan on recreating Bomberman faded but a new one was born, creating something where you can walk around and chat, that's it, nothing more. It is working now (but can be very buggy), but will most likely stay where in the stage it is now, I don't see any bright future for it.

The code isn't magical either, it is the typical result of working on it in seperated sessions spread over a couple of days, not commenting the code and my extreme lack of knowledge from Javascript. I only know the very basics which seems to be leading to a lot of bugs in attempts to advanced applications. The serverside synchronisation is managed through a PHP script that returns an array to the Javascript application of the location of the different players. The game supports virtually an unlimited amount of players.

Even though I'm not going to "finish" this code, doesn't mean I'm not going to create more of these things in the future, I actually quite enjoyed creating this.

Details

http://iron.randombase.com/multi/

Arrow keys to move, "enter" (return) to chat.

Solver is invalid actually, guesser is more correct. It just randomly puts words in place of the letters.

For example, it "solved" laser into:

lack anniversary slave enormous regard

And /dev/iron became:

/ distribution experiment vehicle / insist racism overnight nation

I wrote this code for fun but it has turned out to be maybe the most efficient piece of code I have ever written, which is kind of annoying since it doesn't have any real purpose. The magic link:

http://iron.randombase.com/acronym

It's funny how some people couldn't bend their minds around this exploit challenge. Well, if you don't know how the function works, it's hard to see. But as the post title said already, str_replace() isn't recursive, so isn't very safe all the time.

When protecting from LFI, sometimes a programmer decides to try to block access to upper directories, by using:

function removeDouble($str)

{

return str_replace('..','.',$str);

}

Assuming there are only two dots in $str, this would work, but the moment you enter "...", and pass it through the string, you get: .., which is excellent for reaching higher directories from the PHP script.

Example:

<?php
function removeDouble($str)
{
return str_replace('..','.',$str);
}
if(file_exists('./'.removeDouble($_GET['page'])))
{
include('./'.removeDouble($_GET['page']));
}
?>

Exploit: index.php?page=.../.../etc/passwd

It's comparing apples to oranges, I know. But still, this is quite interesting. When you look at the PHP functions list, you see three filled columns. I took the time to count it all (copy, paste in document, count lines) and got to the result of... 5250. That's right, PHP has 5250 documented functions.

Now, let's take a look at the Perl function list. I could have counted this one almost without a text editor, 209 functions.

So, can PHP do a lot more than Perl? Hell no, Perl was smart enough to divide its detailed functions into modules and extensions. PHP has extensions too (a lot of them are included in that 5250, I know), but a lot of them come with the distribution already.

An example: PHP has the built-in function "parse_url()", I'm not kidding. If anyone ever asks me what I believe is the single most useless function in PHP, it's parse_url(). You're not learning anyone to code by spoon-feeding this junk, in Perl you have to write your own functions atleast.

I do agree that writing a complex script is a lot less work in PHP than it is in Perl, but I think they really could miss some of the functions they have now...

I have finished a new project of RandomBase, movStream.com. This cute little search engine can find direct music links, streaming tv shows and movies. I hope to add eBooks and maybe even torrents soon, but am already quite satisfied with the way it works now.

As you might notice, the domain name suggests a more "peekvid"-like approach, but for a number of reasons we didn't continue with this plan. I hope however, to start some new websites on subdomains, like familyguy.movstream.com and add Family Guy streams here. These subsites would focus on the most popular shows only probally, or what'd you expect?

I don't feel like writing an exploit but I want to point out these lines in validate.php in AV Arcade v3 script:

$userid = $_REQUEST['id'];
$code = $_REQUEST['code'];

$sql = mysql_query("UPDATE ava_users SET activate='1' WHERE id='$userid' AND password='$code'");

So far for awesome security.

A free thing, isn't it awesome? This little widget shows the total time spent by your users on your blog, with a precision of about two seconds. Your users also get to see how much time they have spent themselves. A demo + download can be found here.

Tested on Internet Explorer 6 and Firefox 3 (RC1).

(before anyone asks: yes, it is based on my previous posts' code)