Categorization of eight articles in summer

In this period of time, we were trying to drum up the tars framework, and went to vultr to open a 3.5 knife machine. Why should we use their home? Because the 50 knives used before were not used up.

His home machine is very unfriendly to Hubei Telecom. BBR Otherwise, if you lose your package, you will be able to accept it.

These two skies are idle, landing on line and finding a violent landing of 1w+!!!

WTF!

 Network-attacks.png

The first time I felt such a flood of cyber attacks, I would like to introduce briefly the modification of sshd listening port to prevent violence.

Here I began to turn off SELinux. You can choose to shut down SELinux because there will be a lot less trouble. Of course, there will also be hidden problems, but the advantages outweigh the disadvantages.

- reading the remainder part -

Doubt

If you had done WeChat jssdk before, you would find nothing in the first look at the document. The process is nothing more than a back-end signature, which is returned to the front end.

But I think carefully that there is no value information of the goods, and the H5 page on the public address only returns the signature.

Looking back at the request parameter, I found the clue.

 WeChat order ID

At first, I looked at an arbitrary number of examples that I understood. Prepay_id by Unified order interface Returns the parameters in the result

Resume writing logic

Here we are using H5 payment, and the result is returned. Https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb? Prepay_id=wx151809054027204613d0ca330422xxxxxx&package=287231xxxx

You can only intercept URL and get it. Prepay_id by Wx151809054027204613d0ca330422xxxxxx

take Prepay_id Send back to the back to sign and return.

 {"code": "1", "MSG"): "get WeChat browser payment signature successfully", "data": {appId ":" wx54c4e3c9a7xxxxxx "," timeStamp ":" 1537007685 "," nonceStr ":" 5b9ce0458db30 "," package ":" prepay_id= wx151809054027204613d0ca330422xxxxxx "," "prepay_id=", "" "," "" ":"

Now the front end can be used happily. WeixinJSBridge and JSSDK


Related links:

WeChat H5 tune up payment
WeChat unified order

Appear Invalid signature The wrong situation is really fascinating.

  1. At the very beginning, the document did not need to escape. Later, I saw the error related. EncodeURIComponent (location.href.split ("[0]"))
  2. Wx.config () Medium NonceStr When signing with the backend Noncestr Dissimilarity
  3. It is very fascinating to get the description of the URL dynamically. It is not clear whether it is necessary to use the interface provided by the back end to provide the signature or the URL when the front-end initiates the request.

In short, we need to use it. AJAX Signature, front-end needs EncodeURIComponent (location.href.split ("[0]")) The current URL is passed as the parameter to the back-end signature interface. If the backend is PHP, it needs. URLDecode ($_GET['url']) And get it again. Jsapi_ticket Signature, return parameter

It looks like the finance of Lian Bi is going to fall. More than 1000 of the K3 cars on last year did not come out.

I hope not to sell more than 700 million for 618, and run away with my sister-in-law.

2018.06.26 150 is still in cash. It's not very hopeful.
2018.07.20 APP can also open...

No more.

A few days ago, salon bug, I believe a lot of people have gone to rub, but geese, I was watching you roll over quietly.

Today, I tell you the new activities on the front page, the cloud database mysql entry model has been purchased for 3 years, and the purchase time is 6 months at most.

Checked the order submission information and successfully purchased it for 3 years.
 Purchase success

Copy the following code, save it as HTML file, open the page, click the link to jump, and then you can purchase it.

 <a id="get-mysql" href="#">点我领取</a>
<form action="https://buy.cloud.tencent.com/order/check" method="post" style="display:none">
    <textarea name="itemDetails">{"raw_goodsData":[{"type":"cdb","goodsCategoryId":"100016","regionId":4,"projectId":0,"zoneId":200001,"goodsDetail":{"pid":12074,"timeSpan":36,"timeUnit":"m","subType":"CUSTOM","payType":0,"mem":256,"disk":50,"cdbMem":256,"cdbVolume":50,"vpcId":0,"subnetId":0,"zoneId":200001,"type":"cdb","cdbInstanceType":"CUSTOM","mysqlVersion":"5.6","devClass":"Z3","action":"applyCdb","curDeadline":"0000-00-00","instanceRole":"master","projectId":0,"goodsNum":1,"payMode":1,"saleByZone":1,"productInfo":[{"name":"实例类型","value":"主实例"},{"name":"计费模式","value":"包年包月"},{"name":"配置类型","value":"高IO版"},{"name":"配置","value":"256MB内存,50GB存储空间,MySQL5.6"},{"name":"地域","value":"华东地区(上海)"},{"name":"可用区","value":"上海一区"},{"name":"所属网络","value":"基础网络"},{"name":" The item "," value ":" default item "}, {" name ":" data copy mode "," value ":" asynchronous copy "}", "protectMode": 0 "," deployMode ": 0," slaveZone ": 0," backupZone ": 0," originate ":"}, "goodsNum" 1 "," payMode ": 1}]}</textarea>
</form>
<script" 1}]}</textarea>
</form>
<script "," (") (()) ((()) {($) (()) ((})})

It was really a cry of wow.

At the GIT station, I spent Q on a content censorship system. It was really dropped by Ban!!!

I quickly checked the machine IP. It was very nice not to be seated.

But the ten year short domain I bought was so ban that I was not resigned to it.

Google took a big look, and the solution probably was. Four Kind of, if the big guy knows what rescue measures he can tell him, too.

Resolvent

  1. Switching domain names to domestic DNS analysis
  2. Go to the file (prepare for nmlgb case).
  3. Change domain name (go away)
  4. Find a big factory IP to make A record for the domain name, then follow your fate.

The first solution is not effective, pass

Second and third are not allowed, pass

With hope, you can only use fourth alternatives and leave your life to death.

Timeline

  • 2018.3.2 begins to be walled
  • 2018.3.3 continues...
  • 2018.3.4 continues...
  • 2018.3.5 continues...
  • 2018.3.6 is improving.
  • 2018.3.7 has 4 nodes resolved to penguin's father's IP (3).
  • 2018.3.8, I have 13 nodes back.
  • 2018.3.9 became the 9, the fourth day of expectation.
  • 2018.3.10 is half cool.
  • 2018.3.11, a cool cool to me.

Learning the use of laravel in the near future

I've heard of it before, when I didn't know why I was possessed by ThinkPHP, and I couldn't stop it. Chinese documents were written so well that Chinese people could understand it. I was also a member of this country. At that time, thinkphp5 was still in the testing stage. It was a little bit concerned. It was found that the gap with the original use was a little big, and I didn't continue to read it (because I was lazy).

Before using ThinkPHP, there was a period of time learning CodeIgniter, commonly known as CI, which is really very small, small to awkward, specific.

Of course, because it is small enough to implement some micro projects, it is still very convenient to use, and there is nothing to use. Basically, it is uploading.

Because I was lazy, I had to give up the historical traces of CI using ThinkPHP.

There are other reasons for the recent elegance of laravel.

  1. Use composer to manage dependency and discard manual require
  2. Combining PHP command line operation
  3. Clear and orderly routing management
  4. The purpose of directory naming is clear at a glance.
  5. Eloquent ORM
  6. Query Builder
  7. Combine bootstrap to make small demo very fast (5.4 modify source code can use bootstrap4 related)
  8. There are many features that I have not yet touched upon when I use them.

In these learning processes, I feel that I can develop a certain ability.

But!!! Deeply feel that their basic knowledge is fragile, the theoretical system is very imperfect, and the gap is huge.

For example, there is a long string of characters in the content of her previous article. Because it is mixed with Chinese and English, the interception can not use substr (), and mb_substr () is used, but here bug is Chinese character is 3 characters (UTF-8 encoding), English only occupies 1 characters, and the mixed input of Chinese and English will inevitably have garbled.

 "This is a ABC string 123 trench".

Using strlen () and mb_strlen () results

 Echo strlen ("this is a ABC string 123 trench"); / / output 36
echo mb_strlen ("this is a ABC string 123 trench"); / / output 16

Use mb_substr () to intercept the first 6 characters.

 Echo mb_substr ("this is a ABC string 123 trench", 0, 6);

Of course, you will say, this is OK, substr () is to *3 each word.

Yes, there is nothing wrong, but all of these are the coding sets of UTF-8.

 Echo mb_substr ("this is a ABC string 123 trench", 0, 6, "GBK");

The realization of this small example made me think briefly about the next learning progress, slow down the pace, learn deeply about the characteristics brought about by the language, and make full use of the function of self bringing. Why should I build my own wheels? (I think the wheels I built should not be used well).

Concentrate on, calm down, think.

Dividing line

In addition, mb_strcut () compares mb_substr () to feel good use point, accurate to byte operation.

This page loaded in 0.000960 seconds