Secure GET-based remote API access via PHP

I am programming a way in PHP for my users to be able to access a remote API though my website. I was wondering if any of you had some input on whether or not this was secure (NOT considering any vulnerabilities that may be on the remote system)

$  url = sprintf("https://website.com/?uid=%s", $  _GET["uid"]; $  data = null; $  data = file_get_contents($  url); echo $  data; 

Is this secure? if not, can you explain why?

Note: The site does not return any value that is sent using the uid parameter.

Is this homebrew race, Agias, balanced?

I made the below D&D 5e race, just wondering if it’s balanced compared to the other race options.

Agias

“It was stunning, I was just seconds away from a death by the goblin’s spear, when he saved me, a man without a face, clad in blue with a shield and flaming sword. I owe my life to him.” -Zhong, Elf Warlock

The Agias are spiritual holy guardians without bodies, protecting poor innocent lives from death. They often wear heavy armor and shields. Often surround with a blue aura.

Ability Score Increases: Charisma, Wisdom, and Constitution all increase by one.

History: The first Agias was created when a wizard, monk, priest, and shaman got together to create an arcane and divine warrior to protect the men at war, They succeeded, but not how they wanted to, the warrior had no body, and had become little more than arcane animated armor, until put on the battle field, where it unleashed the true power of the Agias.

Age: Agias are created by magic and divine rituals, they do not age.

Alignment: Almost all are Lawful Good or Lawful Neutral.

Size: You stand about 6 feet tall; your size is medium.

Speed: You hover at a speed of 40 ft.

Senses: You have true sight for 200 feet and are blind beyond that.

Holy Guard: Stand in front of an ally about to be attacked and absorb all of the damage dealt. You have 10 charges with this trait and the number resets when you finish a long or short break.

Life Drain: As an action, your target makes a constitution save, if failed they take 1d10 damage and you gain health points equal to the damage you did.

Godly Aura: All of your melee attacks add 3d6 radiant damage or 3d6 force damage.

Booming Voice: You have access the Healing Word and Power Word Stun Spells. Charisma is your spellcasting ability for these.

Languages: You can speak read and write Common and Abyssal and have telepathy at up to 150ft.

Is it lazy or inconvenient not to distinguish between password reset use cases in the UI?

I was recently asked to reset a password due to the fact that the security requirements for the website had been upgraded, and the users have been asked to change their passwords (for those that don’t meet the current standards).

Although the user interface simply asked you to provide an email address (to verify that it is an active account) with a call-to-action to change the password, when the email link is sent to my inbox, it was in the format of a ‘Forgotten Email’ page that had the same flow as if you clicked on the ‘Forgotten Email?’ link commonly seen at the sign-in page.

Is it simply more convenient to use exactly the same process, or is it simply lazy design or development not to make this distinction as it clearly has some effect on the user experience? Is this a common practice and if so why?

Generating number sequence

I am very new to mathematica. I am trying to generate list of number sequence. I want to make 6 sequences. 1 – 10, 10 – 100, 100 – 1 000, 1 000 – 10 000, 10 000 – 100 000. All reversed. Is there any elegant to way how to approach that? I am trying to figure it out using documentation, but I can’t. Thanks

How do I program a function to generate a secure Block Cipher Encryption-Key?

I am currently studying the most widely known encryption algorithms and methodologies. For practice purposes, I am currently pursuing a project where I just implement everything from ECB to RSA as some kind of a C crypto library.
I wanted to ask, how I would generate a more or less secure key in a C program (i know, that writing a crypto library on my own is not secure at all but I just want to learn basic principles from key generating to key exchanging to encryption mechanisms).
So, how could I approach the problem of implementing an algorithm for a secure key generation? Which main issues need to be considered to reach an at least mediocre key security?

How are the skeletons in the Tresendar Manor created? And by whom?

I am returning to D&D after many years, and it looks like animate dead only works for 24 hours at a time, so who made the skeletal guards in the Manor, and how were they constructed? Glasstaff isn’t nearly high enough level/ doesn’t have the spells. The skeletons are not “free-roaming”, they are working for the Redbrands. Someone walk me through this, please.

How to check rapidly if an element is present in a large set of data

I am trying to harvest scientific publications data from different online sources like Core, PMC, arXiv etc. From these sources I keep the metadata of the articles (title, authors, abstract etc.) and the fulltext (only from the sources that provide it).

However, I dont want to harvest the same article’s data from different sources. That is, I want to create a mechanism that will tell if an article that I am trying to harvest is present in the dataset of the articles that I already harvested.

The first thing I’ve tried was to see if the article (which I want to harvest) has a DOI and search in the collection of metadatas (that I already harvested) for that that DOI. If it is found there then this article was already harvested. This approach, though, is very time expensive given that I should do a serial search in a collection of ~10 millions articles metadata (in XML format) and the time would increase much more for the articles that don’t have a DOI and I will have to compare other metadatas (like title, authors and date of publication).

def core_pmc_sim(core_article):     if core_article.doi is not None:      #if the core article has a doi         for xml_file in listdir('path_of_the_metadata_files'):  #parse all PMC xml metadata files             for event, elem in ET.iterparse('path_of_the_metadata_files'+xml_file): #iterate through every tag in the xml                 if (elem.tag == 'hasDOI'):                     print(xml_file, elem.text, core_article.doi)                     if elem.text == core_article.doi:  # if PMC doi is equal to the core doi then the articles are the same                         return True                 elem.clear()     return False 

What is the most rapid and memory-efficient way to achieve this?

(Whould a bloom filter be a good approach for this problem?)

Which, if any, parts of the Locate City Bomb are dubious by RAW?

The “locate city bomb” is a somewhat-notorious example of theoretical optimization, turning a minor 1st-level divination into something quite similar to a nuclear blast that kills everything for miles around.

The typical process:

Typical process:

  1. Cast locate city from Races of Destiny.

  2. Use the Snowcasting feat from Frostburn to add the Cold descriptor to locate city.

  3. Use the Flash Frost feat from Player’s Handbook II, which can only be applied to cold spells, to add 2 cold damage to all creatures within the area of the Snowcasted locate city.

  4. Use the Energy Substitution feat from Complete Arcane, which can only be applied to a spell that have the acid, cold, electricity, or fire descriptor, to turn the cold damage to electricity damage, and change the descriptor to the corresponding one.

  5. Use the Born of the Three Thunders feat from Complete Arcane, which can only be applied to an area spell with the electricity or sonic descriptor that deals hit point damage. Among other things, this forces creatures within locate city’s area to make a Reflex save.

  6. Use the Explosive Spell feat from Complete Arcane, which can only be applied to a cone-, cylinder-, line-, or burst-area spell that allows a Reflex save, to force those within who fail the Reflex save to the edge of the effect, taking 1d6 damage for every 10 feet moved.

Which, if any, of these steps are dubious per the rules as written?

Do any desktop PC motherboards require hardware token authentication?

Scenario: I am assembling a desktop computer. I buy an ASUS XYZ motherboard because it will not run — or, even better, its running state cannot be altered, short of pulling the plug — without hardware token authentication. The XYZ motherboard comes with two YubiKeys. If I lose those, I can buy additional copies from ASUS, after posting bond and passing a DNA test.

I’m kidding about the DNA test. Or maybe not. The question is, does anything like the ASUS XYZ motherboard exist?

A prior question initially appeared to be seeking the same information, but its focus on laptops seems to explain its apparent satisfaction with a software solution oriented toward data encryption (e.g., Sophos SafeGuard Easy).

Command action for strike summons/minion

Wonder if someone could help. I have created a pathfinder 2e Druid character with an animal companion (Bear) and a Summon Fey spell (Sprite). Can the bear only attack my enemy when commanded (Your animal companion has the minion trait, and it gains 2 actions during your turn if you use the Command an Animal action to command it p214) while the summoned Sprite does not require the command (generally attacks your enemies to the best of its abilities p637)

Thanks