Categorization of eight articles in summer

In this period of time, we were trying to drum up the tars framework and went to vultr to open a 3.5 knife machine. Why should we use their home, because the 50 knives used before were not used up??

His home machine is very unfriendly to Hubei Telecom. BBR Otherwise, if you lose your package, you will be able to accept it.

These two skies are idle, landing on line and finding a violent landing of 1w+!!!

WTF!

 Network- Attacks.png

The first time I felt such a flood of cyber attacks, I would like to introduce briefly the modification of sshd listening port to prevent violence.

Here I began to turn off SELinux. You can choose to shut down SELinux because there will be a lot less trouble. Of course, there will also be hidden problems, but the advantages outweigh the disadvantages.

- reading the remainder part -

Doubt

If you had done WeChat jssdk before, you would find nothing in the first look at the document. The process is nothing more than a back-end signature, which is returned to the front end.

But I think carefully that there is no value information of the goods, and the H5 page on the public address only returns the signature.

Looking back at the request parameter, I found the clue.

 WeChat order ID

At first, I looked at an arbitrary number of examples that I understood. Prepay_ ID by Unified order interface Returns the parameters in the result

Resume writing logic

Here we are using H5 payment, and the result is returned. Https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb? Prepay_ Id=wx151809054027204613d0ca330422xxxxxx&package=287231xxxx

You can only intercept URL and get it. Prepay_ ID by Wx151809054027204613d0ca330422xxxxxx

take Prepay_ ID Send back to the back to sign and return.

 {"code": 1, "MSG": "get WeChat browser payment signature successfully", "data": {"appId": "wx54c4e3c9a7xxxxxx", "timeStamp": "1537007685", "nonceStr": "5b9ce0458db30", "package": "prepay_": "prepay_") Id=wx151809054027204613d0ca330422xxxxxx "," "signType": "MD5", "paySign": "A819D6551E9E3FE62BE612FA96000000", "}}}

Now the front end can be used happily. WeixinJSBridge and JSSDK


Related links:

WeChat H5 tune up payment
WeChat unified order

Appear Invalid signature The wrong situation is really fascinating.

  1. At the very beginning, the document did not need to escape. Later, I saw the error related. EncodeURIComponent ( Location.href.split ([0])
  2. Wx.config () Medium NonceStr When signing with the backend Noncestr Dissimilarity
  3. It is very fascinating to get the description of the URL dynamically. It is not clear whether it is necessary to use the interface provided by the back end to provide the signature or the URL when the front-end initiates the request.

In short, we need to use it. AJAX Signature, front-end needs EncodeURIComponent ( Location.href.split ([0]) The current URL is passed as the parameter to the back-end signature interface. If the backend is PHP, it needs. URLDecode ($) GET['url']) And get it again. Jsapi_ Ticket Signature, return parameter

It looks like the finance of Lian Bi is going to fall. More than 1000 of the K3 cars on last year did not come out.

I hope not to sell more than 700 million for 618, and run away with my sister-in-law.

2018.06.26 150 is still in cash. It's not very hopeful.
2018.07.20 APP can also open...

No more.

A few days ago, salon bug, I believe a lot of people have gone to rub, but geese, I was watching you roll over quietly.

Today, I tell you the new activities on the front page, the cloud database mysql entry model has been purchased for 3 years, and the purchase time is 6 months at most.

Checked the order submission information and successfully purchased it for 3 years.
 Purchase success

Copy the following code, save it as HTML file, open the page, click the link to jump, and then you can purchase it.

 <a id= "get-mysql" href= "href=" > I pick up </a>
<form action=. Https://buy.cloud.tencent.com/order/check "Method=" post "style=" Display:none ">
<textarea name=" itemDetails "> raw_" "Type": "CDB", "goodsCategoryId": "100016", "regionId": "4", "projectId": "0", "zoneId": "200001", "goodsDetail": "PID": "12074", "timeSpan": 36 "," timeUnit ":" timeUnit ":" timeUnit ":" "," "," "", "", "", "" 0 "," ": 256," ":" 50 "," ":" 256 "," "256", "": "50". GoodsData: "Action": "applyCdb", "curDeadline": "0000-00-00", "instanceRole": "master", "projectId": 0, "goodsNum": 1, "payMode": 1, "saleByZone": 1, "productInfo": [{"saleByZone": "instance type", "" "}", "{" "}", "{" ":" "charging mode" "," "{" "{" "{" "{" ":" "configuration" "," "Gao": "high edition"}, {"" ":" configuration "" "" ":" "Area", "value": "East China (Shanghai)"}, {name ":" usable area "," value ": {" Shanghai area "}, {" name ":" network "," value ":" basic network "}, {" name ":" project "," value ":" default project "}, {" name ":" data replication mode "," value ":" asynchronous replication "}]," protectMode ": 0," value ": 0," 0 "," "": "0", "" "", "}," ":": 1, {"name" "PayMode": 1}]}</textarea>
</form>
<script src= " Https://cdn.bootcss.com/jquery/3.3.1/jquery.min.js "></script>
<script>
$('#get-mysql').Click (function ()) {$('form').Submit ()}) 
</script>

It was really a cry of wow.

At the GIT station, I spent Q on a content censorship system. It was really dropped by Ban!!!

I quickly checked the machine IP. It was very nice not to be seated. ""

But the ten year short domain I bought was so ban that I was not resigned to it.

Google took a big look, and the solution probably was. Four Kind of, if the big guy knows what rescue measures he can tell him, too.

Resolvent

  1. Switching domain names to domestic DNS analysis
  2. Go to the file (prepare for nmlgb case).
  3. Change domain name (go away)
  4. Find a big factory IP to make A record for the domain name, then follow your fate.

The first solution is not effective, pass

Second and third are not allowed, pass

With hope, you can only use fourth alternatives and leave your life to death.

Timeline

  • 2018.3.2 begins to be walled
  • 2018.3.3 continues...
  • 2018.3.4 continues...
  • 2018.3.5 continues...
  • 2018.3.6 is improving.
  • 2018.3.7 has 4 nodes resolved to penguin dad's IP. (3)
  • 2018.3.8, I have 13 nodes back.
  • 2018.3.9 became the 9, the fourth day of expectation.
  • 2018.3.10 is half cool.
  • 2018.3.11, a cool cool to me.

Learning the use of laravel in the near future

I've heard of it before, when I didn't know why I was possessed by ThinkPHP, and I couldn't stop it. Chinese documents were written so well that Chinese people could understand it. I was also a member of this country. At that time, thinkphp5 was still in the testing stage. It was a little bit concerned. It was found that the gap with the original use was a little big, and I didn't continue to read it (because I was lazy).

Before using ThinkPHP, there was a period of time learning CodeIgniter, commonly known as CI, which is really very small, small to awkward, specific.

Of course, because it is small enough to implement some micro projects, it is still very convenient to use, and there is nothing to use. Basically, it is uploading.

Because I was lazy, I had to give up the historical traces of CI using ThinkPHP.

There are other reasons for the recent elegance of laravel.

  1. Use composer to manage dependency and discard manual require
  2. Combining PHP command line operation
  3. Clear and orderly routing management
  4. The purpose of directory naming is clear at a glance.
  5. Eloquent ORM
  6. Query Builder
  7. Combine bootstrap to make small demo very fast (5.4 modify source code can use bootstrap4 related)
  8. There are many features that I have not yet touched upon when I use them.

In these learning processes, I feel that I can develop a certain ability.

But!!! Deeply feel that their basic knowledge is fragile, the theoretical system is very imperfect, and the gap is huge.

For example, there is a long string of characters in the content of his previous article, because it is intermingled with Chinese and English, so the interception can not use substr (), and mb_ is used. Substr (), but the bug here is 3 characters in Chinese (the UTF-8 code is used), English only occupies 1 characters, and the mixed input bug in Chinese and English is bound to be garbled.

 "This is a ABC string 123 trench".

Using strlen () and mb_ Strlen () result

 Echo strlen ("this is a ABC string 123 trench"); / / output 36
echo mb_ Strlen ("this is a ABC string 123 trench"); / / output 16

Using mb_ Substr () intercepts the first 6 characters.

 Echo mb_ Substr ("this is a ABC string 123 trench", 0, 6);

Of course, you will say, this is OK, substr () is to *3 each word.

Yes, there is nothing wrong, but all of these are the coding sets of UTF-8.

 Echo mb_ Substr ("this is a ABC string 123 trench", 0, 6, "GBK");

The realization of this small example made me think briefly about the next learning progress, slow down the pace, learn deeply about the characteristics brought about by the language, and make full use of the function of self bringing. Why should I build my own wheels? (I think the wheels I built should not be used well).

Concentrate on, calm down, think.

Dividing line

Another mb_ Strcut () contrast mb_ Substr () still feels good, accurate to byte operation.