Trying to get Authors ID

I m trying to show the user Score on a Quiz in their posts, I m adding this inside the Single.php loop:

    global $  wpdb;  $  user_id = the_author_ID(); $  table_name = "MYWP_quizresults"; $  sql = "SELECT * FROM ".$  table_name." WHERE user_id = ".intval($  user_id);  $  result = $  wpdb->get_results($  sql);     if(!empty($  result))                       {         foreach($  result as $  row){            echo "ID: ". $  row->user_id. " Name: ". $  row->user_name;     }  } 

Advice for first time DM/player with first time hero players trying the Lost Mine of Phandelver with an under-sized party

After listening to and enjoying some “actual play” podcasts I’m about to try DnD with my wife and children. None of us have played before, so after some research I’ve decided to go with the official DnD 5e starter set.

Due to a slight misunderstanding I thought that the set was fine for four players including the DM, it seems that actually it’s meant for a party of four or five plus the DM.

Given that the party will only be three strong, none of them have played before, and two of them are children I would expect them to not be hugely effective to begin with.

As DM I’m planning to help as much as I can with the rules and hints about what they can do (initially they won’t have read all the rules). But I’m concerned that as a small party they might struggle.

The kids have decided that they like the wizard and rogue and my wife is happy to play any of the remaining characters. From my research I’ve suggested the cleric for her so that they have someone with high AC and good healing.

As I haven’t played before either I’m looking for suggestions on what else I can do to get things off to a good start. Obviously I can do things like reduce the number of enemies in fights, but I assume that there are a lot of other tricks that I’m not aware of to help in this kind of situation.

Is trying to break a door considered a hostile action, as far as Sanctuary spell is concerned?

On page 366 of Pathfinder 2e Core Rulebook, for the Sanctuary spell it states:

You ward a creature with protective energy that deters enemy attacks. Creatures attempting to attack the target must attempt a Will save each time. If the target uses a hostile action, the spell ends.”

Does trying to break a door count as a hostile action? It does not specify if the action is considered hostile only if it is directed towards a creature.

Why do Invalid Host header errors exist, what are attackers trying to achieve?

I have recently launched a new django based api, and quite quickly, I started to receive INVALID_HOST_HEADER SOME RANDOM URL errors. My understanding is that this is caused by somebody manually changing the HOST header, or proxying my API through some other domain.

This is probably a basic question, but what is the point? What are they trying to achieve? Presumably it’s not a regular MITM attack, because it would be easy enough to correct the HOST header on its way out of the middle server, and they’re not doing so.

Blind Familiar trying to deliver a touch spell

Here’s the setup:

  • My familiar is adjacent to a target. My familiar is blinded.

  • I cast a touch spell. My familiar uses its reaction to deliver the spell.

Normally, being blinded causes you to attack at disadvantage, so I attack at disadvantage, right? I’m nearly certain about this, but wanted to confirm.

Background reading:

Casting while blinded in D&D 5e (mentions casting while blind, but not specifically the issue of a familiar delivering a touch spell)

Blinded + casting a spell with a bonus action + Find Familiar

Does an invisible familiar delivering a touch spell have advantage?

Does this iptables entry indicate someone’s trying to break in?

Two days ago I built a Debian 10 server in the United States for use as a file server for my web application. When I created the server, I installed the fail2ban package and configured a basic, minimal firewall using the following rules:

*filter  # Allow all loopback (lo0) traffic and reject traffic # to localhost that does not originate from lo0. -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT  # Allow ping. -A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT  # Allow SSH connections. -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT  # Allow inbound traffic from established connections. # This includes ICMP error returns. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  # Log what was incoming but denied (optional but useful). -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7  # Reject all other inbound. -A INPUT -j REJECT  # Log any traffic which was sent to you # for forwarding (optional but useful). -A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7  # Reject all traffic forwarding. -A FORWARD -j REJECT  COMMIT 

Today when I checked my firewall, I found the following:

Chain INPUT (policy ACCEPT) target     prot opt source               destination f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh ACCEPT     all  --  anywhere             anywhere REJECT     all  --  127.0.0.0/8          anywhere             reject-with icmp-port-unreachable ACCEPT     icmp --  anywhere             anywhere             state NEW icmp echo-request ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables_INPUT_denied: " REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable  Chain FORWARD (policy ACCEPT) target     prot opt source               destination LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables_FORWARD_denied: " REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable  Chain OUTPUT (policy ACCEPT) target     prot opt source               destination  Chain f2b-sshd (1 references) target     prot opt source               destination REJECT     all  --  49.88.112.114        anywhere             reject-with icmp-port-unreachable RETURN     all  --  anywhere             anywhere 

There are only two user accounts on the server, the root account and a personal account for myself. I’m not a firewall expert but the Chain f2b-sshd entry looks suspicious to me:

When I run whois on that IP address, I see that it originated somewhere in China.

I have other production servers that have been running for over a year that are built on Debian 9 and I’ve never seen entries like this ever.

  1. Does this entry indicate that someone at that IP address has tried to break into my server?
  2. If the answer is “yes”, is Debian 10 now recording all break-in attempts with entries like this?
  3. Are there additional steps I should take to secure my server?

Trying to get custom post of a custom taxonomy

I’m trying to get a link from a custom post with a custom taxonomy but I’m running into issues trying to get it. I’m wanting to send the user straight to the post if the taxonomy count is 1. If its greater than one post it goes to a page showing all the posts of the taxonomy. I have this second part working but I cant at the first bit to work, I cant get the taxonomy to return the post.

 <?php          $  taxonomy = 'treatment_type';         $  terms = get_terms($  taxonomy); // Get all terms of a taxonomy           //print_r($  terms );           if ( $  terms && !is_wp_error( $  terms ) ) :?>               <?php foreach ( $  terms as $  term ) {                    if('trending-treatment' !== $  term->slug  && 'skin-care' !== $  term->slug){ ?>                       <?php if($  term->count == 1){?>                          <?php                                      $  posts_array = get_posts(                                     array( 'showposts' => -1,                                         'post_type' => 'treatment',                                         'tax_query' => array(                                             array(                                             'taxonomy' => 'treatment_type',                                             'field' => 'term_id',                                             'terms' => $  term->slug,                                             )                                         )                                     )                                 );                                 print_r( $  posts_array );                            ?>                          <h1>only 1</h1>                        <?php print_r($  term); ?>                             <article class="portfolio-item pf-rejuv">                              <div class="portfolio-image">                                 <a href="POST LINK TO GO HERE">                                     <img src="<?php the_field('image', $  term); ?>" alt="<?php echo $  term->name; ?>">                                 </a>                             </div>                              <div class="portfolio-desc">                                 <div class="team-title"><h4><?php echo $  term->name; ?></h4><span> <?php the_field('types_of_treatments', $  term); ?></span></div>                             </div>                          </article>                       <?php }else{ ?>                  <article class="portfolio-item pf-rejuv">                      <div class="portfolio-image">                         <a href="<?php echo get_term_link($  term->slug, $  taxonomy); ?>">                             <img src="<?php the_field('image', $  term); ?>" alt="<?php echo $  term->name; ?>">                         </a>                     </div>                      <div class="portfolio-desc">                         <div class="team-title"><h4><?php echo $  term->name; ?></h4><span> <?php the_field('types_of_treatments', $  term); ?></span></div>                     </div>                  </article>                   <?php } ?>                   <?php }             } ?>          <?php endif;?> 

Trying to use HMAC to pass a string to be verified. Is this secure

I am working on a django project and trying to create a REST api to verify email without using any database.

My present server connection is HTTP and not HTTPS

So some one using the api end point POST his email.

REQUEST:  curl --location --request POST 'http://127.0.0.1:8000/api/openlogin' \ --header 'Content-Type: application/json' \ --data-raw '{ "email":"test13@test.com", }' 

Now i am generating a random 6 digit number eg: 435667 and an email will be sent to test13@test.com

send_mail('PIN TO VERIFY','ENTER THE PIN 435667',None,[test13@test.com]) 

Send the HMAC value of 435667 as a response to this api

    raw = '435667'.encode("utf-8")     key = 'SOME_SECRET_KEY'.encode('utf-8')     hashed = hmac.new(key, raw, hashlib.sha1)     pin_hmac_hash = base64.encodebytes(hashed.digest()).decode('utf-8')     eg: pin_hmac_hash = "SOME_HMAC_HASH_OF_PIN" 

So the response for /api/openlogin will be

{ 'email': 'test13@test.com' 'pin': "SOME_HMAC_HASH_OF_PIN" } 

Now the user sends me back the pin along with the HMAC hash in the response

curl --location --request POST 'http://127.0.0.1:8000/api/verifypin' \ --header 'Content-Type: application/json' \ --data-raw '{ 'pin': "SOME_HMAC_HASH_OF_PIN", 'email': 'test13@test.com', 'emailed_pin':'435667' }' 

Will someone guess the pin from SOME_HMAC_HASH_OF_PIN.

Ofcourse i will further try to autenticate the api using JWT token. So the email cannot be tampered

This is an example of PIN but it can be any string of sensitive information. Can i rely on hmac