v1

Open Innovation Spring 2017 | Projects | Laser Cutter Efficency | Updates

v1

Quinn Brown

https://github.com/real-laser-hours/the-real-queue

XP compatibility status: questionable at best.

 

All the b̶u̶g̶s alternative features known:

  • Error reporting is set to 0, no matter what happens, the FTP server will return no file uploaded, but the file will upload

  • Security flaws out the wazoo -- not gonna sugar coat this -- all the connections are handled in the same file as the script. So…

The ‘it works, but’:

  • To access /old/ it goes straight into the apache file interface, causing the user to need to hit the back button twice

  • You can’t submit the same filename twice, more into that later

  • It’s total spaghetti

Ways and means:

Naming syntax

$name-$filename

SQL & FTP syntax

INSERT INTO current (UUID, NAME, CUT, MATERIAL) VALUES ('$UUID', '$name', '$rad', '$material')

  • Appending will come later

  • It is sanitized, so there should be no way to inject. But they could literally inspect element and get the db password(fixing this later).
  • The FTP server should always be set to: ftp_pasv($conn_id, true);
  • Passive mode (ftp_pasv) fixes the need for forwarding rules in most instances

Renaming syntax

$destination_file = "/ftp". $_FILES["file"]["name"];

Dumps the uploaded file into the /ftp/ folder

$source_file = $_FILES["file"]["tmp_name"];

$fileInfo = pathinfo($_FILES["file"]["name"]);

Nabs the path info of the uploaded file (sorta redundant)

move_uploaded_file($_FILES["file"]["tmp_name"],

           "ftp/" . $_REQUEST['name'] . '-' . $_FILES["file"]["name"]);

Renames the file by moving it to the same location (linux anyone?)

Printing out the speed and power

This is just a long if else statement

if($material==”X or Y”){ etc.