I set up a New Ghost Blog website for other activities on DigitalOcean VPS Hosting Droplet. After setting up and using it for a period of time, we need to add a new Staff user to help maintain the Blog, but when clicking "Invite", people always encounter the "Error sending email" problem.

First, I tried to set up Postfix to send invitations, but after setting up, I tried to send emails, and we received a new error.

This message does not have authentication information or fails to 550-5.7.26 pass authentication checks. To best protect our users from spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information.

It looks like on DigitalOcean server, use Postfix to send emails, need to set up SPF records for the target recipient, if recipient is use gmail.

Updating SPF records on DigitalOcean servers is easy. But this method seems to take some time to update SPF Record.
https://www.digitalocean.com/community/tutorials/how-to-create-a-spf-record-for-your-domain-with-google-apps

In our case, we needed a quick solution to solve, so we found a better way is to use Mailgun service, because we don't need to register many users, only need to add 2 users to maintain the blog. Mailgun free plan can accommodate up to 5 authorized recipients who have not keyed in a credit card, that is enough for our situation.

First, you need to go to https://www.mailgun.com to register an account, please remember to check your email to verify Mailgun.

After logging into Mailgun, you need to obtain SMTP credentials and add authorized recipients.
If you are a paying user or put a credit card on Mailgun, you can skill the "authorize recipient" step, otherwise you will need to perform this step because on the Free plan without credit card information present or using your sandbox domain for testing, you're restricted to sending just to Authorized Recipients.

1) Get SMTP credentials info

Go to "Sending" > "Overview" > Click on "SMTP" Select button. save the SMTP credentials info.

2) Add Authorized Recipients

On the same page, scroll down the "Authorized Recipients" section and add the destination email address. After adding the email, Mailgun will send a verification email to the email address, owner of the email needs to be verified to allow Mailgun to send the email, otherwise you will not be able to send the email to the target email address.

After completing the installation on Mailgun, now we need to configure Ghost CMS.

Go to your Ghost CMS folder on the server and find the file config.production.json, we need to add credentials.

3) Add Mailgun credentials on config.production.json

Add email credentials on config.production.json Replace the "user" and "pass" values with your Mailgun SMTP credential information.

"mail": {
    "transport": "SMTP",
    "options": {
      "service": "Mailgun",
      "host": "smtp.mailgun.org",
      "port": 587,
      "secureConnection": false,
      "auth": {
        "user": "postmaster@sandboxe123456789abcdefg.mailgun.org",
        "pass": "123456789abcdefghi"
      }
    }
  }

When finished, go to the server terminal and restart Ghost CMS with the following command.
ghost restart

You should able to send invitation emails now. enjoy.

Software version

DigitalOcean VPS Hosting
Ubuntu - 18.04.4 LTS
NodeJS - v12.18.0
Ghost CMS - 3.36

Signs up with below DigitalOcean referral link you will gets $100, 60-day credit now! Get a try on DigitalOcean to create your server or application. https://m.do.co/c/6ca3326e1aa6

Compared with MySql, Azure SQL database has some different things, especially queries.

Almost all tutorials are about MySQL, so I need to use MySQL knowledge and convert it to Azure SQL database version.

First we need to create the database structure , We need to thing what data we need to store and what we need to trace.
Database is very important if on beginning we don't make it better will cause many issue on the end.

So Today I will share my login system create by PHP and Azure SQL Database .

Azure SQL Database structure

You can easy using Azure Data Studio to create the database structure or management data, recommended get a try .

database.sql

--- Azure SQL Database login system structure by childofcode.com ---
CREATE TABLE dbo.Login  
   (UniqueID INT NOT NULL IDENTITY(1,1) PRIMARY KEY,
    LoginUsername text NULL,
    LoginPassword text NULL,
    IPAddress text NULL,
    Permission varchar(100) NULL,
    LastLoginTime datetime2 NULL
    )  
GO  

Microsoft Azure Database connection

conn.php

This is the Azure Database connection configuration file you can setup you own Database here.

<?php  
    // Microsoft Azure Database connection PHP script by childofcode.com
    $serverName = "tcp:servername.database.windows.net,1433";  
    $connectionOptions = array(
        "Database" => "YourDatabaseName",  
        "UID" => "YourDatabaseUserID",  
        "PWD" => "YourDatabasePassword"  
    );
    $conn = sqlsrv_connect($serverName, $connectionOptions);
?>

User Login Page

login.php

Create login page with bootstrap stylesheet.
PHP script Features include record user ip address, login time and some basic user validation function and regular expression remove all unnecessary special character on username input.

Remark: Don't return too many login errors information. Hackers can use this information to damage your system. you can check on my code all error will be show with the same error message "Login Error !".

<?php  
 /* Microsoft Azure Database PHP login page by childofcode.com */

session_start();

// SESSION check user login status 
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){  
    header("location: content.php");
    exit;
}

// require Database connection files  
require_once "conn.php";

// login error reminder
function FormatErrors( $errors )  
{
    echo "Error information: ";
    foreach ( $errors as $error )
    {
        echo "SQLSTATE: ".$error['SQLSTATE']."";
        echo "Code: ".$error['code']."";
        echo "Message: ".$error['message']."";
    }
}

// variables Declaring
$username = $password = "";
$username_err = $password_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Get login user current datetime
    $LoginTime = date('d-M-Y h:i:s');

    // Get login user IP address
    $UserIp = '127.0.0.1';
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ipInfo = $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ipInfo = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $ipInfo = $_SERVER['REMOTE_ADDR'];
    }
    $ipInfo = parse_url($ipInfo);
    $UserIp = $ipInfo['host'];

    // Check username input empty
    if(empty(trim($_POST["username"]))){
        $username_err = "Please enter username.";
    } else{
        $username = trim($_POST["username"]);
    }

    // Check password input empty
    if(empty(trim($_POST["password"]))){
        $password_err = "Please enter your password.";
    } else{
        $password = trim($_POST["password"]);
    }

    // Regular expression remove all unnecessary special character.
    $usernameInput = preg_replace('/[^A-Za-z0-9\-]/', '', (string)$username); 

    // Continue processing only when without error
    if(empty($username_err) && empty($password_err))
    {
        // SQL query for check is username valid and password correct
        $tsql= "SELECT * FROM Login WHERE LoginUsername LIKE '" . $usernameInput . "' ORDER BY UniqueID";
        $getResults= sqlsrv_query($conn, $tsql);
        $checkUsername = "";
        $hashedPassword = "";
        $validateUserInfo = true;

        // SQL query error and warning information handle
        if ($getResults == FALSE)
        {
            die(FormatErrors(sqlsrv_errors()));
        }

        # Returns available row of data as an associative array
        $row = sqlsrv_fetch_array($getResults);
        $checkUsername = $row['LoginUsername'];
        $hashedPassword = $row['LoginPassword'];

        # Check if the username is registered on database
        if($checkUsername == "")
        {
            $validateUserInfo = false;
            $login_err = "Login Error !";
        }

        # Check if the password is registered on database
        if($hashedPassword == "")
        {
            $validateUserInfo = false;
            $login_err = "Login Error !";
        }

        // Continue processing only is register user
        if($validateUserInfo)
        {
             // Verifies that the given hash matches the user input password.
            if(password_verify($password, $hashedPassword))
            {
                // SQL query for updated login user latest info
                $tsqlUpdate= "UPDATE Login SET IPAddress = ?, LastLoginTime = ? WHERE LoginUsername LIKE ? "; 
                $paramsUpdate = array($UserIp, $LoginTime, $checkUsername );
                $updatedResults= sqlsrv_query($conn, $tsqlUpdate, $paramsUpdate);
                $rowsAffected = sqlsrv_rows_affected($updatedResults);

                if ($updatedResults == FALSE or $rowsAffected == FALSE)
                {
                    // SQL query error and warning information handle
                    echo "error update user info" ;
                    die(FormatErrors(sqlsrv_errors()));
                }
                else
                {
                    //create a session after sucuess login 
                    session_start();
                    $_SESSION["loggedin"] = true;
                    $_SESSION["username"] = $row['LoginUsername'];      
                    $_SESSION["userpermission"] = $row['Permission'];      
                    //Go to secure content page and and terminate the current script
                    header("location: content.php");
                    exit;
                }
            }
            else
            {
                $login_err = "Login Error !";
            }
        }
        // Frees all resources after SQL query 
        sqlsrv_free_stmt($getResults);
    }
    // Closes the connection and releases resourses.
    sqlsrv_close( $conn );
}
?>

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">
    <meta charset="utf-8">
    <meta name=description content="PHP and Microsoft Azure Database Login by childofcode.com">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>PHP and Microsoft Azure Database Login by childofcode.com</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <style type="text/css">
        body{ 
            color: #666;
            font: 14px sans-serif; 
            background-color: #fafafa;
        }
        .login-block{ 
            padding: 20px; 
            display: flex;
            flex-direction: column;
            justify-content: center;
            align-items: center;
            text-align: center;
            min-height: 100vh;
        }
        .wrapper{ 
            width:300px;
            height:100%;
            padding: 20px; 
            display: flex;
            flex-direction: column;
            justify-content: center;
            align-items: center;
            text-align: center;
            background-color: white;
            border: 1px solid #eaeaea;
        }
        .login-button{ 
            color: #f9f9f9;
            background-color: #00bfff;
            border-color: #eaeaea;
        }
        .login-label{ 
            color: #666;
        }
        input[type="text"]::placeholder {  
                  text-align: center; 
        } 
        input[type="password"]::placeholder {  
                  text-align: center; 
        } 
    </style>
</head>  
<body>  
    <div class="login-block">
        <div class="wrapper">
            <h2>User login page</h2>
            </br>
            <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]."?page=".$_GET['page']."&data=".$_GET['data']) ; ?>" method="post">
                <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
                    <label  class="login-label" >Username</label>
                    <input type="text" name="username" class="form-control" value="<?php echo $username; ?>" placeholder="Enter username">
                </div>    
                <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
                    <label class="login-label" >Password</label>
                    <input type="password" name="password" class="form-control" placeholder="Enter password">
                </div>
                <div class="form-group <?php echo (!empty($username_err) || !empty($password_err) || !empty($login_err)) ? 'has-error' : ''; ?>">
                    <span class="help-block"><?php echo $username_err; ?></span>
                    <span class="help-block"><?php echo $password_err; ?></span>
                    <span class="help-block"><?php echo $login_err; ?></span>
                </div> 
                <div class="form-group">
                    <input type="submit" class="btn btn-primary login-button" value="Login">
                </div>
            </form>
            <a href="https://childofcode.com/">by childofcode.com</a>
        </div>    
    </div>
</body>  
</html>  

Protect Content Page

This is a secure content page that we need to protect.
You can simply reuse your own content by simply copying the php part at the top before you html or php code.

Copy the following PHP script to the page you need to protect

Copy the following PHP script to the page you need to protect

<?php  
/* Microsoft Azure Database PHP login protected page by childofcode.com */

// Initialize the session, Check if the user is logged in, if not then redirect him to login page
session_start();  
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){  
    header("location: login.php");
    exit;
}
?>

content.php

Simple content protect page

<?php  
/* Microsoft Azure Database PHP login protected page by childofcode.com */

// Initialize the session
session_start();  
// Check if the user is logged in, if not then redirect him to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){  
    header("location: login.php");
    exit;
}
?>

<!DOCTYPE html>  
<html lang="en">  
<head>  
<meta charset="UTF-8">  
    <meta charset="utf-8">
    <meta name=description content="PHP and Microsoft Azure Database Login by childofcode.comn">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Microsoft Azure Database PHP login page secure content page</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <script src="https://code.jquery.com/jquery-1.12.4.js"></script> 
    <style type="text/css">
         body{ 
            color: #666;
            font: 14px sans-serif; 
            background-color: #fafafa;
        }
        .login-block{ 
            padding: 20px; 
            display: flex;
            flex-direction: column;
            justify-content: center;
            align-items: center;
            text-align: center;
            min-height: 100vh;
        }
        .wrapper{ 
            width:100%;
            height:100%;
            padding: 20px; 
            display: flex;
            flex-direction: column;
            justify-content: center;
            align-items: center;
            text-align: center;
            background-color: white;
            border: 1px solid #eaeaea;
        }
        .logout-button{ 
            color: #f9f9f9;
            background-color: #00bfff;
            border-color: #eaeaea;
        }
    </style>
    <script>
        window.onload = function()
        {
            // logout function
            $(document).off("click", "#logout-button");
            $(document).on("click", "#logout-button", function()
            {
                window.location.href = "logout.php";
            });
        }
    </script>
</head>  
<body>  
    <div class="login-block">
        <div class="wrapper">
            <h2>secure content page</h2>
            </br>
            <h1>Hi, <b><?php echo htmlspecialchars($_SESSION["username"]); ?></b>. Welcome to secure content page.</h1>
            <input type="submit" class="btn btn-primary logout-button" value="Logout">
            <a href="https://childofcode.com/">by childofcode.com</a>
        </div>    
    </div>
</body>  
</html>  

Logout PHP script

User logout php script, frees and destroys all session and redirect user to login.php .

logout.php

<?php  
/* Microsoft Azure Database PHP logout script by childofcode.com */

session_start();  
$_SESSION = array(); // Frees all session variables
session_destroy(); // destroys all session data  
header("location: login.php"); // redirect back to login page  
exit;  
?>

Above is all the codes for login system.

However, if you want use for production mode, there are still some TODO parts that need to be completed. For example, the registered page, profile page (update profile or change password) and the forgotten password page.
For my purposes, we don’t allow people to register themselves, so in my case, I simply use a php script to generate password hashes and create user data through Azure Data Studio.

Below is the PHP script and SQL query I used to create a new user, First, I will use a PHP script to generate user password hash after that using Azure Data Studio to create user data on a Microsoft Azure database.

A simple PHP script to Creates a password hash.

hash.php

<?php  
/* PHP password hash generate script by childofcode.com */

// Add plain text password on 'pw' URL parameters to Creates a password hash, Example: hash.php?pw=passs1234
$password = $_GET['pw'];
$param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
echo $param_password ;  
?>

SQL query to create new user on database

insert.sql

INSERT INTO Login (LoginUsername,LoginPassword,Ip,LastLoginTime)  
VALUES ('username', 'The Password hash generate by hash.php', '127.0.0.1', '31-Aug-2020 18:39:50');  

You can simply use the php and query above to complete other TODO parts. It should not be difficult for you now.

Completed source can be found on GitHub repository
GitHub

Let me know if anyone really needs other parts, I will update them when I have time. If you find any security issues, errors, bugs, contact me anytime. thanks.

In fact, this is not the first time I noticed the problem. The first time I discovered this problem was when I purchased a game called "Children of Morta" from GOG, I downloaded the game and played. But I thought this may be a problem arising from the "Children of Morta", because inside the game there is no option to change the audio & sound output.

After searching on the Internet, it seems that many people are facing the same problem.

I tried some solutions delete "com.apple.Bluetooth.plist", reset PRAM, reset Bluetooth module, but no luck, just like others people, none of them able to solve the problem. But, except reinstall macOS solution, and I really don't want to do it. I have been searching again on the Internet to find a better solution.

Suddenly, I thought that since Audacity is audio editing software, inside the software must have some audio output to set up right?

Great, I found an option on Audacity Preferences that allows users to set the output device. After changing the playback device to a Bluetooth headphones, I can finally listen the audio and edit the soundtrack through the Bluetooth headphones.
And not only Audacity, the game "Children Of Morta" I bought and downloaded from GOG now also works well when using Bluetooth headsets!

Here are the steps to fix macOS audio from Bluetooth headphones to built-in speaker:

1)Download Audacity https://www.audacityteam.org/download/mac/

2)Install Audacity and connect your bluetooth headphones

3)Open Audacity and click on top bar and go to "Preferences..."

4)On Preferences pages Go to Devices page > On Playback section > Device change the "Build-in Output" to you bluetooth headphones

5)Done, You should can listen you audio from bluetooth headphones Now !

My hardware & software version

iMac (Retina 5K, 27-inch, 2019)
N8 Bluetooth 5.0 headphones
macOS Catalina version 10.15.7
Audacity 2.4.2

On React Native official sites there are provide two solution Terminating a process on port 8081 or Using a port other than 8081 .

Will the first solution Terminating a process is not work, even is work this is not a good solution since you will terminal you Anti virus protection on you machine. But when running McAfee antivirus the kill -9 <PID> command is not work.

Seconds solution using a port other than 8081 this is more better solution . But there are something unclear if you run on x-code their are still have the 8081 port on use error. And i can't find the node_modules/react-native/React/React.xcodeproj/project.pbxproj file to change the 8081.

After try and error finally found a solution.

For iOS Device

0) Start React Native Metro with port 8070

npx react-native start --port=8070

1) Open reactnativelearning.xcworkspace on project ios folder

2) Search and change 8081 on workspace replace 8081 to 8070 below is the files need to change

• RCTBridgeDelegate.h
• RTCDefines.h
• RCTInspectorDevServerHelper.mm
• RCTDevMenu.mm

3) Go to Signing & Capabilities On project target and test target Update you own developer detail Signing on Team > xxx(company)

4)Go to Build Phases Select "Start Packager"
Change the Shell script 8081 to 8070

5) Click run on x-code and launch apps on device

You apps should running on connected iOS device now.

6) Open apps and shake open React Native developer menu. Click "Reload" on first launch this will enable the Fast Refresh function if not the Fast Refresh will not working.

Command to debug on simulator
npx react-native run-ios --port 8070

Command to debug on Device
npx react-native run-ios --device "MyiPhoneDevice" --port 8070

For Android Device

Android is more easy than iOS, Just need change the port on command and reverse the tcp port.

0) Start React Native Metro with port 8070

npx react-native start --port=8070

1) Open an Existing Project > go to react native project > android folder

2) Reverse the tcp port by below command

adb reverse tcp:8081 tcp:8070

3) Build on Android Studio

You apps should working good on android device with Fast Refresh.

Command to debug on emulator
npx react-native run-android --port 8070

Command to debug on specific connect device
npx react-native run-android --deviceId=11AA22A3C --port 8070

You can find deviceId with below command
adb devices

Dependencies version

react 16.13.1
react-native 0.63.3

Developer IDE version

Xcode 12.0.1
Android Studio Version 4.1

Mobile device operating system

Android 11
iOS 14.0.1

This is weird because the URL is the internal server like 192.168.0.108. The target URL is a metro server running on my iMac and i can access on my android device. Metro Server is React Native development server.

At the times, I was start studying React Native， When debug on iOS device their are difficult to connect and debug on device i still think this is React Native issue.

I try to visit apple.com on browser also same issue. reconnect WiFi again but same result, Even restart the phone also same.
This iPhone is one of my developer device inside device are no any other apps install. Few day ago i have update the iOS to 14.0.1 So i thing the updated may cause some issue.

I can find many user also have same problem on apple developer forums almost can confirm is the 14.0.1 updated cause the WiFi Internet Issue.

So I check if any new updated to solve the issue. But currently is no any new version to updated and solve.

After some try i discovery a solution.
Removed WiFi profile and connect again

Settings > Wi-Fi > Select the Wi-Fi you connected > Click on Forget This Network > Reconnect the Wi-Fi Again.

There are many problems with recent iOS updates.Hopefully Apple can make the updates more stable and safe before release.

There are two way to compile and execute you java code. Compile and execute inside the Docker or compile and execute outside the Docker instance.

Compile your app and execute inside the Docker container

1. Let Create a Dockerfile with below configuration

FROM openjdk:8  
COPY . /usr/src/myapp  
WORKDIR /usr/src/myapp  
RUN javac Code.java  
CMD ["java", "Code"] 

FROM openjdk:8 Get the openjdk 8 Images from docker hub'

COPY . /usr/src/myapp Copy myapp folder inside docker

WORKDIR /usr/src/myapp Create a place to store the source code

RUN javac Code.java Compile the java code

CMD ["java", "Code"] Execute the Java application

2.Create a folder call myapp inside a folder create a java file

Create java file calling Code.java with code below.

public class Mycode {

    public static void main(String args[]){  

        System.out.println("Hello Docker");   

    }
}

3.Build the image by Dockerfile

docker build -t java_env .

4. Run the Docker container Image

docker run -it --rm java_env

you should see the 'Hello Docker' output on your terminal .

Compile and execute outside the Docker container

1. Let Create a Dockerfile with below configuration

FROM openjdk:8  
COPY . /usr/src/myapp  
WORKDIR /usr/src/myapp

2.Create a java file

Create java file calling Mycode.java with code below.

public class Mycode {

    public static void main(String args[]){  

        System.out.println("Hello Java");   

    }
}

3.Build the image by Dockerfile

docker build -t java_env .

4. Compile the Java source code

docker run --rm -v "$PWD":/usr/src/app -w /usr/src/app java_env javac Mycode.java

After run the command docker will compile and create a file name Mycode.class on you folder.

4. Execute the Java application

docker run --rm -v "$PWD":/usr/src/app -w /usr/src/app java_env java Mycode

Execute the java application outside Docker container, You will see the output message "Hello Java".

Before Learn and Play CTF event. byte, ASCII text, Decimal and Hex is difficult thing for me. But after learning CTF this become very easy . since this kind of numbers is very common on CTF event.

Android Java API android.bluetooth.le.ScanRecord return Service Data is Decimal (bytes) . And Hex (bytes) is Eddystone Beacon support Specification, So we need to convert the Decimal (bytes) to get the Hex (bytes).

Eddystone UID frame broadcasts an opaque, unique 16-byte Beacon ID composed of a 10-byte namespace and a 6-byte instance.

We can use ASCII text for more readable and useful. We just need to convert the ASCII text to Hex and insert on beacon Namespace or Instance.

But on this POST we not using ASCII text since we just need Namespace and Instance Hex (bytes) to identify the beacon.
But remember we only have total 16bytes to store the text.

We need to Convert Byte array to Decimal string because Android Java API toString() method is not working on some older android phone with older Android OS their will alway return byte array . For compatible with older device our code will get Byte array and convert it.

Example: We can directly get ServiceData by
result.getScanRecord().getServiceData().toString()

and will get the result like
{0000feaa-0000-1000-8000-00805f9b34fb=[0, -65, 17, 34, 51, 68, 85, 102, 119, -120, -103, 0, 49, 50, 51, 52, 53, 54]}

But some android device will return byte array like [B@ee2583d

Example:

On Eddystone Beacon hardware setting

Namespace ID : 6865656C6F776F726C64

Instance ID : 313233343536

We Will Get the following result on Android

Android Java return Decimal (bytes)
104, 101, 108, 108, 111, 119, 111, 114, 108, 100, 49, 50, 51, 52, 53, 54

Convert to Hex (10 bytes) this will match what we set on beacon Namespace + Instance
68 65 6C 6C 6F 77 6F 72 6C 64 31 32 33 34 35 36

Convert to ASCII text
helloworld123456

 /* Android Java code - Get and convert Eddystone Beacon Service Data by childofcode.com */


private void processResult(ScanResult result) {

    String BytesArray = "";
    String RawAdvData = "";   
    String ServiceData = "";
    String Namespace = "";
    String Instance = "";

    // Process if ScanResult have result
    if (result.getScanRecord().getServiceUuids() != null) 
    {         
        // Use Android default UUID to scan beacon
        ParcelUuid EDDYSTONE_SERVICE_UUID = ParcelUuid.fromString("0000FEAA-0000-1000-8000-00805F9B34FB");
        byte[] EncodedServiceData = result.getScanRecord().getServiceData(EDDYSTONE_SERVICE_UUID);

        if (EncodedServiceData != null) 
        {
             try
             {

                // Convert Byte Array to Decimal (bytes) string
                ByteBuffer byteBuffer = ByteBuffer.wrap(EncodedServiceData);                
                BytesArray = Arrays.toString(byteBuffer.array());

                RawAdvData = BytesArray.toString();

             }
             catch (NumberFormatException nfe)
             {
                System.out.println("byteBuffer Exception ");  
             }             

            // Process if beacon advertisement have Service Data
            if (RawAdvData.length() > 0)    
            {
                int counter = 1;
                ArrayList<String> bytes = new ArrayList<String>();

                String asubstring = RawAdvData.substring(1, RawAdvData.length()-1); 
                String[] dataBytes = asubstring.split(",");

                for (String abytes : dataBytes) 
                {        
                    /*       
                    Eddystone-UID frame Byte offset we only need 10-byte Namespace and 6-byte Instance
                    0 and 1 Byte is Frame Type and Ranging Data and 18 and 19 Byte is Reserved for future use.
                    */
                    if(counter > 2)
                    {
                        try
                        {
                            // Convert Decimal (bytes) to Hex (bytes)
                            int theByte = Integer.parseInt(abytes.trim());  
                            String findUUID = Integer.toHexString(theByte);
                            String replacedString = findUUID.replace("ffffff", "");

                            if(replacedString.length() == 1)
                            {
                                bytes.add("0"+replacedString);
                            }
                            else
                            {
                                bytes.add(replacedString);
                            }   
                        }
                        catch (NumberFormatException nfe)
                        { 
                            System.out.println("Number Format Exception ");   
                        }
                    }
                    counter+=1;
                }

                ServiceData = bytes.toString(); 
                Namespace = ServiceData.substring(1, 35); 
                Instance = ServiceData.substring(37, ServiceData.length()-1); 
                System.out.println("ServiceData "+ServiceData);
                System.out.println("Namespace : "+Namespace);
                System.out.println("Instance : "+Instance);
            }
            else
            {
                ServiceData = ""; 
                System.out.println("ServiceData Empty "); 
            }
        }

    }

  }

Note: if you don't have any Beacon you can download a apps call "Beacon Simulator" on Google Play Store to simulate using android device .

refer:
https://github.com/google/eddystone/tree/master/eddystone-uid

https://developer.android.com/reference/android/bluetooth/le/ScanRecord#getServiceData()

One of my team member build a backend system and discovery the backend system can explore all the data by wildcard.

So let analysis and investigate why change UserID to percent sign can cause SQL injection and explore all data.

Part 0: The impact

User or hacker can view/explore all other user data by percent sign wildcard SQL injection on the URL input.

SQL query percent sign on LIKE query can be use to search all results.
Let’s understand how SQL Wildcards (%, _) are a threat.

% are special solely in the context of LIKE-matching. % equivalent to any string of zero or more characters.

An application is vulnerable to this attack when it uses the LIKE operator with a user received parameter not filtering any of these wildcard.

Part 1: Describe the vulnerable bug

So the Main reason cause the vulnerable is the PHP never filter or checking $GET['userid'] collect data on the URL , SQL query directly use the $GET['userid'] data. Hacker can change the data on the URL to make SQL injection attack.

LIKE operator with wildcard percent sign actually is not a vulnerable because % are special solely in the context of LIKE-matching for some use case .

The PHP code for GET userid from URL without checking escaped and validation or filter

Part 2: Steps to Reproduce

$UserID = (string)$_GET['userid'];

The SQL Query

 $sqlQuery= "SELECT * FROM userTable WHERE UserID LIKE '" . $UserID . "' ORDER BY UniqueID";

The normal userid on the URL

https://dev.domain.com/userInfo.php?action=view&userid=AYqNWDcPioJSa1Y3

sql query will only return the user info when the userid is AYqNWDcPioJSa1Y3

The SQL injection attack

https://dev.domain.com/userInfo.php?action=view&userid=%

sql query will return all user data

Part 3: Solution

We should never trust what user input.

1) Use Regular expression to verify and filter malicious code in input values and parameters.

2) Restrict input character format and check input length.

How to prevent SQL Injection

    $TheUserID = preg_replace('/[^A-Za-z0-9\-]/', '', (string)$_GET['data']);

    if(strlen($TheUserID) == 16)
    {
        $TheUserID = $UserID;
    }
    else
    {
        $TheUserID = "";
    }

First use regular expression search and remove all the special character.
And Validate userID since we know the userID characters length must be 16 character we can check the userID characters length if 16 character than process else will return empty userID since if the userID is length is more or less than 16 character length that mean must have something wrong.

Priority
P1

Severity
Critical: Loss of data.

Weakness
SQL Injection

Platform/Environment
All browser
Microsoft Azure PHP App Service (windows platform)
Microsoft Azure Database
Microsoft SQL Azure 12.0.2000.8

Language/Version
PHP 5.6.40 🐘
T-SQL (Transact-SQL) 12.0

If you need to develop something related with GUI applications and input devices automation thing Docker is totally not suitable.

For Example using the PyAutoGUI to capture a screenshoot and control the input devices using a local script to control some application on host machine.

Error when run PyAutoGUI on Docker

Traceback (most recent call last):  
  File "app/control.py", line 3, in <module>
    import pyautogui
  File "/usr/local/lib/python3.8/site-packages/pyautogui/__init__.py", line 241, in <module>
    import mouseinfo
  File "/usr/local/lib/python3.8/site-packages/mouseinfo/__init__.py", line 223, in <module>
    _display = Display(os.environ['DISPLAY'])
  File "/usr/local/lib/python3.8/os.py", line 675, in __getitem__
    raise KeyError(key) from None
KeyError: 'DISPLAY'  

Is look like the Docker can't get the correct Display for the GUI part and I can't find any solution solve this issue.

Maybe we can using the Ubuntu docker images but even if working also is very difficult for development since their are no GUI for fast and accurate to find the position and images information.

I have try using VM (VirtualBox).
Yes is working without any error the script is able get the screenshoot and control the input devices but actually is quite slow performance is difficult keep coding and try and error.

I running the Ubuntu20.04 VM on iMac (Retina 5K, 27-inch, 2019) with 16 GB 2667 MHz DDR4 Memory and Radeon Pro 570X 4 GB Graphics machine.
No idea why running Ubuntu20.04 VM on macOS Catalina is really slow, compare with running VM on my Windows 10 laptop.

More faster and better solution is look like using Python3 virtual environment for our request.
Our Principal is we need a faster, easy, safe, allow remove module files after finish and not cause any issue with current system environment .

1. Create a Project Folder and build the virtual environment

mkdir /project-folder

cd /project-folder

2. Create virtual environment

python3 -m venv ./venv

Installing a new virtual environment and define the env folder for the virtual environment dependent files

2. activate virtual environment

source ./venv/bin/activate

After activate we should see the terminal will change and start with (venv)

3. Check the binary on the venv

(venv) $ which pip

(venv) $ which python3

we can found all the pip and python3 is using inside the virtual environment.

4. Install Python Module

(venv) $ pip install numpy

Is quite easy and same with we install module on main machine.
Now we have a Python3 virtual environment to development and test our script.

5. Install Python Module with requirements.txt

(venv) $ pip freeze > requirements.txt

we can use pip freeze to find what module is install on current virtual environment this is very useful for source control and we send our project to other.

(venv) $ pip install -r requirements.txt

install the Module dependencies with requirements.txt

6. Deactivate after finish work

(venv) $ deactivate

1. First let Create a folder call docker_dev_php.

2. Create a Dockerfile with below configuration

FROM php:7.3.0-apache  
COPY src/ /var/www/html  
EXPOSE 80  

FROM php:7.3.0-apache Download official php 7.3.0 version Images with Apache HTTP Server from docker hub'

COPY src/ /var/www/html Create a main working directory inside docker container '

EXPOSE 80 Used to expose port 80 (HTTP) from the docker container to the host machine.

2. Create local folder for our PHP script folder name let call it src.

3. Create a PHP script

index.php

<?php  
    echo 'Hello World';
?>

Let print put the php info to verify PHP and Apache.

4.Build the image by Dockerfile

docker build -t php_env .

6 Run the Docker container Image

docker run -p 8080:80 php_env

Run Docker container and map a port 8080 from the host computer to container port 80.

7 Check on Browser

Open a browser and with URL http://localhost:8080 ,
You should see the Hello World message on the browser.

Is cool right! Setup and configuration a PHP development environment
less than 10 minutes.

8. Create a PHP script for Mount a local directory

info.php

<?php  
   phpinfo();
?>

9 Run the PHP script on local directory

docker run -p 8080:80 -v /Users/jack/Desktop/code/docker/docker_dev_php/src/:/var/www/html php_env

Open a browser with URL http://localhost:8080 ,

You should see the php info function print out all the PHP configuration information on the page

This is extreme Fast to build-up a PHP Apache environment on any platform. And less painful and happy! If you have install a PHP apache on a local machine experience.

Wonderful Life ~

After using Docker to build the development environment that make me feel more happy and less painful.

Be happy use Docker 🐳.

Same with Python Node.js also can running Node.js on local volume or build all the source code inside the container image.

1. Create a folder call docker_dev_nodejs.

2. Create package.json

{
  "name": "docker_web_app",
  "version": "1.0.0",
  "description": "Node.js on Docker",
  "author": "childofcode <docker@childofcode.com>",
  "main": "app.js",
  "scripts": {
    "start": "node app.js"
  },
  "dependencies": {
    "axios": "^0.20.0"
  }
}

We can use npm command on local machine to generate the package.json. If you local machine does't install Node.js and npm you can manually create a package.json.

3. Create a Dockerfile with below configuration

FROM node:14

WORKDIR /node  
COPY package.json ./

RUN npm install  
WORKDIR /node/app

COPY . .

CMD ["npm", "start"]  

FROM node:14 Download Node.js 14 version Images from docker hub'

WORKDIR /node Create a main working directory inside docker container '

If you get Module not found issue probably is module directory issue.
we can either modify project structure moving every editable code inside a folder let's say src, or update your Dockerfile to move node_modules a directory upper.

COPY package.json ./ Copy package.json inside docker main working directory'

RUN npm install Install npm package Module on main working directory.

WORKDIR /node/app Create a place to store the source code

COPY . . Copy the entire project to build

CMD ["npm", "start"] Execute npm command to install package module

4.Build the image by Dockerfile

docker build -t node_env .

-t is give a tag name call node_env

. don't miss the dot is mean the current location

5.Create a Node.js Scripts

Create a node.js script calling app.js with code below. We will using a axios module to GET the nodejs.org page.

const axios = require('axios');

 axios.get('https://nodejs.org/en/')
  .then(function (response) {
    // handle success
    console.log(response.status);
    console.log(response.data);
  })
  .catch(function (error) {
    // handle error
    console.log(error);
  })
  .then(function () {
    // always executed
    console.log("Done");
  }); 

6 Run the Docker container Image

docker run -it --rm node_env

you will see '200' and nodejs.org HTML return on the terminal.
We can copy all our script on build Docker images and just run the images .

7.Running Node.js Script Using Docker with Mount a local directory

For development stage more flexible method is running our code on local directory and only using the Node.js and module on the Docker container image.

docker run --rm -v /Users/jack/Desktop/code/docker/docker_dev_nodejs/:/node/app node_env  node app.js  

--rm option will clean up your container after use.

-v flag Use volumes by Docker containers.

/Users/YourWorkSpace/docker_dev_nodejs/ is the local directory

/usr/src/app is the docker container directory

node app.js execute the Node.js script

Run the command on terminal you should see status code 200 and HTML return if success.

I have been using Request module very long times. Almost every NodeJS developer have use using this popular module.

request is also the first package on npm package and is the also first module use on my NodeJS production module.

The main reason Request module is deprecated because the request module code structure is older many latest javascript feature is not supported For example, async/await feature and the main reason is the vulnerability threats will cause many security .

Update the whole new structure of module will take a longer times and on npm have many other module can replace request module so the module author is not longer maintenance the module.

First let take a long how the request module working.

request module

var request = require('request');

function requestModule()  
{
    request('https://nodejs.org/en/', function (error, response, body) {
      console.log('statusCode:', response && response.statusCode);
      console.log('error:', error );
      console.log('body:', body );
    });
}

requestModule();

Let try the most popular HTTP module axios

axios module

const axios = require('axios');

function axiosModule()  
{
  axios.get('https://nodejs.org/en/')
  .then(function (response) {
    // handle success
    console.log(response.status);
    console.log(response.data);
  })
  .catch(function (error) {
    // handle error
    console.log(error);
  })
  .then(function () {
    // always executed
    console.log("Done");
  }); 
}

axiosModule(); 

Also let have a look the Human-friendly and powerful HTTP request library for Node.js

got module

const got = require('got');

function gotModule()  
{
  (async () => {
      try {
          const response = await got('https://nodejs.org/en/');
          console.log(response.body);
          console.log(response.statusCode)
      } catch (error) {
          console.log(error.response.body);
      }
  })();
}

gotModule();

After some test axios Module is more suitable for my current project.
axios module not only available on NodeJS also available on frontend Browser support.
On new project maybe will try to use got module regarding got module have more feature support compare with axios.

Want to try and learning Docker but alway drag until now.

After get back my new iMac need to re-setup all my development environment but I don't want too install too many package and module on the iMac system since is difficult to clean and this is not a good practice and this will cause the current MacOS system also.

Node.JS is more simple we can control the project Module inside a folder but Python is more different and many thing need to link with the system.

of course we can use the Python virtual environment but this also will cause the system and storage messy .

I want a Clean and Clear and consistent same system enviroment for my R&D and project so is time's to learn Docker.

Compare with Virtual Machine, Docker is more Light, Fast and easy way.
I try Virtual Machine with Ubuntu 20.04-desktop-amd64 on the latest macOS Catalina their have a-lot a issue when installing and I feel is slow when using the VirtualBox to development code.

Their are two way to using a Docker

1) Mount a local directory as a volume execute a script on local directory without rebuild.
2) Copy the script into the Docker container and rebuild the container image.

First method is more suitable for me since on development alway need to code and run.
Seconds method is more suitable for production.

Method 1 : Mount a local directory as a volume

1. Create a folder call "docker_dev"

2. Create a Dockerfile with below configuration

FROM python:3.8.5-slim  
WORKDIR /usr/src/app  
RUN python -m pip install \  
         parse \
         requests

FROM python:3.8.5-slim

Download the Python 3.8.5 slim version Images from docker hub

WORKDIR /usr/src/app

Set a working directory inside docker container

RUN python -m pip install \ parse \ requests

Install python module we need.

3.Build the image by Dockerfile

docker build -t python_env .

-t is give a tag name call python_env

. don't miss the dot is mean the current location

4.Create a source directory

create a folder calling app

5.Create a Python Scripts

create a python script call dev.py with the code

import requests

x = requests.get('https://www.python.org')  
print(x.status_code)

6 Confirm that parse module has been installed in the container

docker run -it --rm python_env

>>> import parse

>>> parse.__version__

you will see version like '1.16.0' return on the terminal.

7.Running Python Script Using Docker with Mount a local directory

Execute below command

docker run --rm -v /Users/YourWorkSpace/docker_dev/:/usr/src/app python_env python app/dev.py  

--rm option will clean up your container after use.

/Users/YourWorkSpace/docker_dev/ is the local directory

/usr/src/app is the docker container directory

python app/dev.py execute the python script

Run the command on terminal you should see status code 200 return if work.

Method 2 : Build everything inside Docker container image

1. Create a folder call "docker_dev"

2. Create a Dockerfile with below configuration

FROM python:3.8.5-slim  
WORKDIR /usr/src/app  
RUN python -m pip install \  
         parse \
         requests
COPY app/dev.py .  
CMD ["python", "dev.py"]

COPY app/dev.py .

Copy the dev.py to that working directory inside the container

CMD ["python", "dev.py"]

Download the Python 3.7.5 slim version Images from docker hub

3.Build the image by Dockerfile

docker build -t python_env .

*3.Running the Docker Images *

docker run --rm python_env

You should see status code 200 return on terminal when success.

Docker command

docker images Check all Docker images

docker images -a Check all Docker images
-a flag will show all images including intermediate image layers

docker build -t ImageName . Docker Build Images container

docker run --rm ImageName Run DockerImages container

docker run -it --rm ImageName Run Docker Images container with commands

docker rmi ImageName Delete a docker images

docker system prune Purging All Unused or Dangling Images, Containers, Volumes, and Networks

docker system prune -a To additionally remove any stopped containers and all unused images (not just dangling images), add the -a flag to the command: (Delete everything)

docker ps -a Show both running and stopped containers

refer:
https://realpython.com/python-versions-docker/

https://www.digitalocean.com/community/tutorials/how-to-remove-docker-images-containers-and-volumes

https://docs.docker.com/engine/reference/commandline/container_ls/

https://hub.docker.com/

Regarding certbot is not longer support on ubuntu 14.04 LTS this will cause we can't renew the Let's Encrypt Certificates on our wordpress server this will cause our domain become unsecure mark on all browser.

The current server host is almost running 6 years and more . Is time to update due the security issue .
I try to Upgrade to current server from Ubuntu 14.04 LTS to Ubuntu 16.04 LTS because the certbot software tool minimum support version is Ubuntu is 16.04 LTS . But i have no luck since update the current running server is difficult and painful.

So the better solution is Migrate Wordpress to New server.

Any Migrate action first step always is backup all the related files, content and the most important thing The database.

1) Export Wordpress MySQL database

Export Wordpress MYSQL database by phpMyAdmin

Go to Wordpress Tables > Export Section > Choose the Export Format SQL and click the Go button.

You should download a files like YouWordpressTablesName.sql

This sql file is all data not include Media files (images, video, audio) on Wordpress MySql database is only store the Media files URL path only.
After download please make sure this files is secure.

We can Migrate our Wordpress to any New server using this sql file.

2) Backup Whole Wordpress CMS or Backup Content Files only

To backup server files we need Connect server host with FileZilla software. FileZilla software is most quick and easy way and it support all OS platform.

2a) You can only backup wp-content and replace this on latest version Wordpress

You can do this when you new server or host already include or build-in with Wordpress . Example like Digital Ocean One-Click Droplet

Login You Server host on FileZilla and go to Wordpress location find the wp-content folder and backup it
default location is /var/www/html/wp-content

2b) Backup Whole Wordpress CMS files

Login You Server host on FileZilla and go to the Wordpress main location and backup all the files
default location is /var/www/html/

3)Change phpMyAdmin PHP Import Max file size

By Default phpMyAdmin Import Max file size is set to 2MB if you sql file size is more than 2MB you will need to modified the php.ini for increase Import Max file size.

Method to find correct PHP.ini files location is create a php files with phpinfo function and check on it.

3a)Find PHP.ini files location

PHP Code for check the PHP.ini, Upload this to you new server.

<?php

phpinfo();

?>

check on the Loaded Configuration File you will get the PHP.ini location. Digital Ocean Server Default location is
/etc/php/7.2/apache2/php.ini

After find php.ini file location, Delete the phpinfo php file immediately on you server due the Security issue.

3b)Modify PHP.ini files to increase upload size

Open the php.ini with nano

nano /etc/php/7.2/apache2/php.ini  

search for post_max_size and upload_max_filesize increase the size.save the change .

Restart Apache Server

sudo systemctl restart apache2  

4) Import Wordpress MySQL database on new Server Host

You will new create a database before import data.

4a) Create databas

Go to Databases > Create database

Database Name is the Export sql file name

Collation need to match with Export sql files collation you can open the sql file and check or use utf8_general_ci for most general case.

4b) Import database

Import Wordpress MYSQL database by phpMyAdmin

Go to Wordpress Tables > Import Section > Choose the sql file we download just now and click the Go button.

4) Update Wordpress and Plug-in

Update the Wordpress and Plug-in to the latest version on you new server host.

Normally you can update this on Wordpress Dashboard but i will strongly recommend don't use this FTP method to download ,
The better way is download the files and upload by FileZilla .

for Wordpress you can download latest version on here

https://wordpress.org/download/
download unzip and replace all the files on except wp-content folder
Beware don't replace your wp-content folder

for Wordpress plugin

https://wordpress.org/plugins/jetpack/
you can replace on wp-content > plugins folder

5) Upload The WordPress Files Or wp-content To Your New Server Host

for wp-content
Copy the wp-content and replace it on
/var/www/html/wp-content

for Backup whole WordPress site just copy and replace all the files on public html folder
/var/www/html/

6) Update Domain DNS records

Update you Domain name with the New Server Host IP address , for Digital Ocean you just need go to Networking > Domain > select you domain name > More > Manage domain
Edit A record directs to new IP address

Done the Migrate.

For New user you can use my referral link to register Digital Ocean and get Free credit active: Get started on DigitalOcean with a $100, 60-day credit for new users.

my DigitalOcean referral link
https://m.do.co/c/6ca3326e1aa6

Long time never login COC to write any POST until forget my login password.

Normally i will just click forget password and reset the password but unfortunately my server can't send email. oh No how to I reset my password?

At first i will think about maybe i can view the database for the password but on latest CMS system will not store plain text so this is not work.

Ok than the only solution is fixed the send email issue.start to figure up what issue cause this problem i guess is because last time i update the OS system and setup the SSL cause something wrong since i have reset password before .

After investigate is look like the Mail software missing ok than we just need to reinstall the mail software on Linux Ubuntu send Mail software must is Postfix , Is a free and open-source mail transfer agent that routes and delivers electronic mail.

The most efficient and easy way to install Postfix and mail programs needed for testing email is

1)Install mailutils

sudo apt-get install mailutils

we need to setup some configuration on install
General type of email configuration is "Internet Site."
and the System mail name: YourSiteDomainName.com

2)Configure Postfix

sudo nano /etc/postfix/main.cf

Change the line that reads inetinterfaces = all to inetinterfaces = loopback-only

inet_interfaces = loopback-only  

restart Postfix :

sudo service postfix restart  

3) Test SMTP Server Send Emails funtion

Testing send a email using the mail command.

echo "This is the  SMTP Server email testing content " | mail -s "SMTP Server send mail test" YouEmail@mail.com  

Now you should send and receive you email.

But please check you email on the spam or junk if the mail is not receive on mailbox possibility when using Gmail the mail will be send to junk mail or spam.

refer:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-14-04