Posts by cereal

I've checked event log etc. If this helps, some programs that run in the notification area have occasional animated icons; when I must restart the computer those notification icons stop animating they stick.

I was asking about the event log to understand if there is a report of something crashing while these processes are running, like a driver or a PCI resource conflict. Have you added or changed hardware since this issue raised?

When download a large file or backing up my computer, it's typical the computer restarts; if this information helps ?

It could be the network adapter, see if you can find a tool to make a specific diagnostic of it, as suggested before. However to be sure about the integrity of the card you should test another one or, if attached to a PCI interface, try to move it to another slot and see if it makes any difference (in case of resource conflict).

@downvoter
I don't know what to do with a downvote, downvote if you want, but explain me what's wrong with my answer, otherwise I cannot improve. Thank you!

I'm sorry but cannot help here, I don't have experience with Angular & co.

Hi,

probably putting the server offline, removing the disk and accessing it in readonly mode from an OS that will not execute any of the code in that disk could be a starting point to backup what is still available.

It's important to make sure it cannot spread in your lan, through wifi or shared folders.

For the removal and recovering it depends on the version that affected your server, see if this helps: https://www.pcrisk.com/removal-guides/11217-amnesia-ransomware

Bye.

Hi,

are you following his tutorial? https://www.9lessons.info/2017/06/ionic-angular-php-login-restful-api.html
The part in which he writes about how to "Create an Authentication Service Provider" explains how to connect to the api.

In addition, you may want to try the cli-tools package:

• https://github.com/wp-cli/php-cli-tools

It's great to send formatted output in command line environments.

In other words you want to return back the new name of the uploaded file? In the PHP script you can send a JSON response with the filename, so move line 12 to 11 and replace the echo with:

header('Content-type: application/json');
echo json_encode(['target_file' => $targetFile]);

and use the success event in DropzoneJS to get the response from the server:

• http://www.dropzonejs.com/#event-success

Then use javascript to parse JSON and compile a list of uploaded files as (hidden) inputs... but start with something easier: print the response.

By the way, time() will not prevent overwrites.

And have you checked the contents of the event log? If you're using Windows see: https://www.howtogeek.com/222730/how-to-find-out-why-your-windows-pc-crashed-or-froze/

The name is well defined, otherwise you would get an exception:

Route [navcolor] not defined.

The error message says Call to undefined function routes(), which in other words means that the function you are trying to call does not exists. Have you read the documentation? I posted the link for you in my previous message. You already have the solution, you could have solved this hours ago.

Hi,

supposing you are not trying to load a user defined function named routes(), have you read the documentation? https://laravel.com/docs/5.5/routing#named-routes and the source in which this function should be defined? Does exists?

Use an editor that can autocomplete the code, in SublimeText for example, when you hover a method/function it shows you in which files this is defined and you can click it to see the code. Also add a linter plugin to enlight obvious mistypes and forgotten operators.

You want to avoid:

1. overall repetition (i.e. if I connect I don't get your same questions) or
2. only for the current user (i.e. I never see the same questions anymore, but another user can repeat the path) or
3. only for the current user's session (i.e. if I logout and come back I can get the same questions again)?

The extra bytes could be source port and destination port, see this:

• https://www.pacificsimplicity.ca/blog/reading-packet-hex-dumps-manually-no-wireshark

bye!

Hi!

I remember reading that there was a failure point on SSL as antiviruses were performing a MITM against browsers to verify the contents of connected pages. In practice they used to replace certificates in the client machine. Is this still an issue? See: http://ieeexplore.ieee.org/document/6956558/

Anyway, just a drop in the ocean.

This board has been most helpful to me! I learned that the term "serial numbers", although not a big deal to me, can be taken very seriously by scammers and I need to simply change serial numbers to first and last names when asking for help, to weed out any potential scammers asking why, why, why, why and hiding behind XY problem. Of course they are going to ask why, they want to know if I am stupid enough to give out "real serial numbers".

uh :o are you sure it was not just too young and eager to help? A part Skype & co. I had few questions too about your task, because, for example, for me it was not clear enough how input was structured (basically type and size: alphanumeric, integer, with spaces, splitted in multiple files and to be considered as a whole or repetitions and uniqueness for each file...) and how to output. For example, depending on method awk, from command line could work fine to identify repetitions. Along with rproffitt's suggest about uniq.

Also, for which platform? And can you use something different from PHP?

It's a shared hosting, , so I don't have access to a server config file

Okay, then you may want to ask to their support. The AllowOverride property is not always enabled for security and performance purposes, as Apache needs to scan the contents of each .htaccess along the folder tree and reset the rules accordingly.

virtualhost then got the <Directory>

oh my «got» o_o

Hi!

If you have access to the configuration file for the virtualhost then got the <Directory> and set AllowOverride to All:

<Directory /path/to/www/public>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted
</Directory>

Remember to adjust the options to your needs, the above example will show directory contents and so on... If you can choose the web server, then try Caddy, the community version is free and works good. It supports HTTP/2 and LetsEncrypt by default: https://caddyserver.com/

Hi,

fadeIn() unhides the element, so it reverse what is done by hide(). Here you want to use hide() or fadeTo(), not both:

$("container").hide();          // <- method 1, immediate hide
$("container").fadeTo(250, 0);  // <- method 2, with transition

A part this your snippet works for me on jsfiddle:

• http://jsfiddle.net/wj4vmmef/

A question: what is <cont>? I don't find it in the HTML5 tag list.

Whoops, now I see , sorry I was distracted by the null values. The redirect does not solve the problem, it just overrides. The warning happens because in your view the loop starts anyway and you are suppling a string when instead it expects an array or an object:

foreach ($result as $record):

Instead of $query->result() from the model return the object:

function read($where, $length, $start) {
    $this->db->limit($length, $start);
    return $this->db->get_where('myguestbook', $where);
}

this way you can cache it, use the custom result object and, in your controller, use the attached methods like num_rows():

$li = [];
$int = 0;
$template = '<li>user: %s<br>email: %s<hr></li>';

if(0 < $result->num_rows())
{
    foreach ($result as $record)
    {
        $li[$int++] = sprintf($template, $record->user, $record->email);
    }
}

$data['result'] = $li;
$data['result_count'] = $result->num_rows();

And in the view just run:

if(0 < $result_count)
{
    echo implode(PHP_EOL, $result);
}

else
{
    echo '<p>No record exists</p>';
}

Thanks to you for your reply, bye!

Hi Andris,

you may want to use SELECT ... INTO OUTFILE 'file_name_here' and perhaps use CONCAT() to create the query, if you do:

set @file = concat('/tmp/file_', UNIX_TIMESTAMP(), '.log');
select 'hello' into outfile @file;

It will not work, so you have to do:

set @file := concat("/tmp/file_", UNIX_TIMESTAMP(), ".log");
set @query := concat("select 'hello' into outfile '", @file, "'");
prepare stmt from @query;
execute stmt;
deallocate prepare stmt;

As suggested here:

• https://stackoverflow.com/a/13549427
• https://dev.mysql.com/doc/refman/5.7/en/select-into.html

But it's mandatory that the destination file does not exists, otherwise the query will fail, this is done to avoid overwriting files with random content. The alternative, if you want to append results, for example, is to use mysqldump or something like this:

mysql -uVAR -pVAR -e "SELECT 'hello';" > /tmp/random.log

To execute, if using PHP, from exec().

// Edit
But looking at previous answers, now I'm not sure is this you where searching for.

Hi,

according to the source of the get_where() method in system/database/DB_query_builder.php, sending NULL is acceptable as it would skip to set the WHERE conditions. So looking at your code:

$data['result'] = $this->myguestbook_model->read(null, null, null);

It seems it should work fine. So, in order to debug, change the configuration so that it returns to you the last performed query: in application/config/database.php set save_queries to boolean TRUE, then go back to your model and right after line 3, i.e. where you perform the $query, write:

print $this->db->last_query();
die;

And see what you get. Then try to run the query into a MySQL client and see if you get results. Once you end the debugging process set save_queries to FALSE again, as it slows down the execution of the code. Also, for a better debug process I suggest you to add Kint:

• http://kint-php.github.io/kint/

Can I ask why you are using CodeIgniter? It's for a new project or just maintaining legacy?

In addition, see also: https://openai.com/

It happens because the POST request write is executed at the end of the script, in practice your write block (file_put_contents()) is placed after the reading block (file_get_contents()), so when a POST request is performed the script:

1. reads the contents of the file which has not still been modified
2. it prints the contents to the textarea
3. and then it saves the input to the file

Move all the PHP logic in top of the file and set only print variables inside the HTML:

<?php

// Initialize
$alert = '';

// Write
if(isset($_POST['submit']))
{
    $newtext = $_POST['PHP_testing']; // <- Sanitize! See filter_input()
    file_put_contents('filltext.txt', $newtext);
    $alert = '<p>The modified text has been saved.</p>';
}

// Read
$oldtext = file_get_contents('filltext.txt');

?>
<!DOCTYPE html>
<html>
<head>
    <title>Test</title>
</head>
<body>

<form name="for PHP" method="POST">
    <textarea name="PHP_testing" cols="60" rows="10" id="testing">
    <?php

    echo $oldtext;

    ?>
    </textarea>
    <input type="submit" name="submit" value="Save Text">
</form>

<?php

echo $alert;

?>

</body>
</html>

@RJ

most is still true, I read the same on forums for years, about people changing system every month like scarves, but I suspect it comes only from those which have time to waste. I have never had to put my hands on kernel, to be honest I don't even know from where to start. I use Ubuntu because it's different from other distros, which I agree are not friendly with new users, but Ubuntu is easy to install and configure, it's all graphical and supports a lot of hardware.

You can always open the terminal and compile a source if needed, most of the time it's easy, but not always because it happens that you have to find which library satisfies an obscure dependency but it's rare that an average user will ever need that software. I bought the laptop from which I'm writing in 2008, installed and never formatted. I do upgrades to follow the LTS (Long Time Support) versions which are supported for 5 years, now I'm on 16.04. Yes, I don't get the edgy versions of softwares but I gain in stability. I do reboots only because systemd, the new process manager, in practice an equivalent of your svchost.exe, sometimes requires to reboot the machine after an update (sigh), but otherwise I don't even need to do it for weeks.

It may be true that Linux offers a smaller surface attack with the default configuration, but as RJ states, it depends a lot more on how you use the system. Lately I read about a user hit by a ransomware on Linux, he was running Mozilla Firefox as root, who knows why, and got infected through an extension of the browser (seemingly Adobe Flash).

Disclaimer: I use Linux since 2001 and abandoned Microsoft OS since 2004.

The code seems to be okay, are you sure opcache is disabled? If you are using PHP 7.0 then it's enabled by default, so if you ran the delete.php script and this was cached by the engine, then even after changing the code you still hit the cached version, until expiration, so while developing you can get an unexpected result. If this is the case you should disable it.

Run:

print var_dump(opcache_get_status());
die;

To see the current status, it does not matter from which script you run it, if enabled, it will return the list of cached scripts

Also look at declension rules to apply specific syllables and make names look more natural.

Hi Fabiana_1,

if you have a question then, please, start a new thread by clicking on Contribute.

diafol! Why delete? Keep the account and allow us to keep a contact with you, I cannot imagine this forum without your posts :(

Hi, try to follow the other suggested steps on their site:

• https://malwarefixes.com/threats/pup-optional-ask-a/

Right now I would focus much on the storage size issue.

Right now I would NOT focus much on the storage size issue.

Pardon :p

You can use varbinary(16) to store IPV4 (4bytes) and IPV6 (16bytes), MySQL has some functions to convert the IP from a string representation to a blob and reverse, see for INET6_ATON() and INET6_NTOA(), which deals with both IP types:

• https://dev.mysql.com/doc/refman/5.7/en/miscellaneous-functions.html#function_inet6-aton

Note, the HEX() function in the documentation example is used only to show the hexadecimal value of the blob. When you want to store the IP just do, something like this:

INSERT INTO `log_table` (`ip_address`, `created_at`) VALUES(INET6_ATON(?), NOW());

Where ? is the IP to save.
When you want to search do:

SELECT INET6_NTOA(`ip_address`) AS `ip` FROM `log_table` WHERE `ip_address` = INET6_ATON(?);

This allows you to create an index on the ip_address column, which means fast access. So it's important, in the WHERE statement, to convert the IP to the binary representation, not reverse:

SELECT INET6_NTOA(`ip_address`) AS `ip` FROM `log_table` WHERE INET6_ATON(`ip_address`) = ?;

This would be very slow because it would convert each row into a string representation.

In the result set you could also return as blob, so:

SELECT `ip_address` FROM `log_table` WHERE `ip_address` = INET6_ATON(?);

and convert in PHP through inet_ntop():

• http://php.net/manual/en/function.inet-ntop.php

But this requires to compile PHP with IPV6 support, otherwise it will fail. I use the same storing method with file paths:

SELECT UNHEX(MD5(TRIM(TRAILING '/' FROM '/path/to/file')));

It's working fine with +2M rows. Right now I would focus much on the storage size issue.

The above would not be an inline code, which is defined by backticks. Here you should use a code block, when you want to do such and you have other text above, then hit Return two times, so that you go to a new line and set a line of space between the text and the code. Hit TAB (or hit 4 spaces) and paste the code. If you are copying from your editor, then you can tab there, just make sure it equals at least at 4 spaces.

This textarea does not act like you would expect, so using the TAB key here does not focus on the next form element.

When the code is under 4 spaces then it's parsed as simple text.

At the end of the code block, if you want to insert other text, then again hit Return two times, otherwise there could be a parsing issue with the following text.

In alternative use the CODE button above, it will open a modal to paste the code.

For the XAMPP issue, see if the Apache error log gives information. Also, make sure the file has the .php extension.

Hi,

see the recommendations made by the SANS Institute, pdf:

• https://www.sans.org/security-resources/policies/server-security/pdf/database-credentials-policy

it could help you, bye!

Hilarious & exhausting :)
Do you think it would possible to log the offending entry through Process Monitor, while running the update instance?

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

You can add parameters to the selectCommand property, see these examples:

• https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqldataadapter.selectcommand(v=vs.110).aspx
• https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx

In your case, in pseudo code, try something like:

sqlCommand.CommandText = "select StudentID from student  where print like '%' + @template + '%'"
sqlCommand.Parameters.Add("@template", SqlDbType.NVarChar, 40, "Value Here")

Follow the examples in the documentation.

Hi,

in addition, have you tried with SplFixedArray? It should be faster than standard arrays. Also if you want to open files from the script, than use fopen() instead of file_get_contents(), because the latter will load the entire file in memory before starting processing, while the former will read in chunks and start the execution immediately.

See: http://php.net/manual/en/class.splfixedarray.php

The error says:

Additional information: There is no row at position 0.

So the query is not returning results, I read that da.Fill() can return the number of rows found by the query statement, so you can get that value and use a conditional statement to verify if the result is bigger than 0, and only in that case you attempt to access Rows(0), something like this:

(int)numRows = (int)da.Fill(publictable)

if(0 < numRows)
{
    txtcasenumber.Text = publictable.Rows(0).Item(1)
}

And you could also define a default case to manage empty result sets. Please, note that I'm not confident with VB.Net, so my above code could be wrong.

Hi,

%bytes% must be surrounded by quotes, because it's a string search, so change this:

sqlCommand.CommandText = " select CaseFileNumber from ecms.fingerprint  where FingerP like %bytes% "

to:

sqlCommand.CommandText = " select CaseFileNumber from ecms.fingerprint  where FingerP like '%bytes%' "

and see if it works.

Hmm, no, here I'm not accepting passwords from users. It's a server side configuration step to connect Solr with MySQL. Solr is a search engine service developed by Apache. Here I'm setting the credentials into a configuration file, named data-config.xml to access the database. This file can store the database password in plain text or in an encrypted version.

I have an issue with the encrypted implementation. In practice it reads the value from the configuration file, but it does not decrypt and I wonder if it's caused by the IV value. I understand your point, but I cannot refactor this part, unless I'm missing something, also because resetting those values would mean to restart Solr, unless doing something like suggested (but not shown :D):

• http://grokbase.com/t/lucene/solr-user/131yxkzy6p/configuring-datasource-for-dynamic-password-and-user

I'm not sure it's doable with the current version. Anyway, the methods I'm showing above are from the Solr code, I seeked them from the source version, to understand the error log.

As far as I know it can be added the Data Encryption (SSL) to the JDBC driver to enhance security, which will happen as soon this works, but in order to make the connection to the database, Solr has to decrypt the password stored in the configuration file.

Hello,

I hope not to scare you with this long post. I'm testing Solr (read solar) and it works fine. I have an issue with the DataImport handler, it's set to get data from a MariaDB database, which works fine if I save the database credentials in plain text in the data-config.xml file for the Solr core:

<dataSource type="JdbcDataSource"
          driver="org.mariadb.jdbc.Driver"
          url="jdbc:mariadb://localhost:3306/DB_TO_QUERY_HERE"
          user="USER"
          password="PASSWORD"/>

Following the documentation at:

• https://lucene.apache.org/solr/guide/7_0/uploading-structured-data-store-data-with-the-data-import-handler.html#configuring-the-dih-configuration-file

I see I can encrypt the password, in order to do so I have to change the above configuration to this:

<dataSource type="JdbcDataSource"
      driver="org.mariadb.jdbc.Driver"
      url="jdbc:mariadb://localhost:3306/DB_TO_QUERY_HERE"
      user="USER"
      password="ENCRYPTED_PASSWORD"
      encryptKeyFile="/absolute/path/to/key.txt"/>

And run a command like this to get the encrypted password:

echo "hello" > pwd.txt
echo "onetestkey" > key.txt
openssl enc -p -aes-128-cbc -a -salt -in pwd.txt -pass file:./key.txt -out pwd.enc

The documentation says:

When the password is encrypted, you must provide an extra attribute encryptKeyFile="/location/of/encryptionkey". This file should a text file with a single line containing the encrypt/decrypt password.

so, for me key.txt is the same file loaded by Solr and by running the above command the pwd.enc file gets populated by:

U2FsdGVkX18xlQ6Mgtirfe7thJ3J17lUC9nWvDf9iU0=

Which is a base64 string, decoded it reveals a prefix Salted__ followed by the encrypted password binary blob. And it is the value for the password property in the dataSource tag. The command with enc -p returns more info:

salt=31950E8C82D8AB7D
key=6F489EE571236EC11CCD4ABB5A2DA3A3
iv =99907BAF93567BD934A03E9D720EE020

If I run the opposite command, to decrypt and verify the result, it works fine:

openssl enc -base64 -d -aes-128-cbc -in …

Just to support rproffitt's, on Ubuntu 16.04 it redirects to 127::1:

» ping -c 3 0.0.0.0                                                                                       
PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.055 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.048 ms

--- 0.0.0.0 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.029/0.044/0.055/0.011 ms

On Mac OS it fails:

$ ping -c 3 0.0.0.0
PING 0.0.0.0 (0.0.0.0): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: No route to host
Request timeout for icmp_seq 1
^C
--- 0.0.0.0 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

Ah, no. Okay for that you need variable variables:

• http://php.net/manual/en/language.variables.variable.php

For example:

<?php

$start_balance = 2;
$stop = 5;
$roi  = 5;
$sum  = 0;

for($i = 1; $i <= $stop; $i++)  
{
    if(1 == $i)
        $sum = $roi * $start_balance;

    elseif(2 == $i)
        ${'sum' . $i} = $roi * $sum;

    else
        ${'sum' . $i} = $roi * ${'sum' . ($i - 1)};
}

print_r(get_defined_vars()) . PHP_EOL;

Which prints, among the other variables:

[sum]  => 10
[sum2] => 50
[sum3] => 250
[sum4] => 1250
[sum5] => 6250

Which means the loop defined these variables $sum, $sum2, ..., $sum5. If you want to use a function, then keep in mind that the variables will be set in the function scope, so these won't be available outside, unless you set them global:

function _sum($start_balance = 0, $stop = 1, $roi = 1)
{
    for($i = 1; $i <= $stop; $i++)  
    {
        if(1 == $i)
        {
            global $sum;
            $sum = $roi * $start_balance;
        }

        elseif(2 == $i)
        {
            global ${'sum' . $i};
            ${'sum' . $i} = $roi * $sum;
        }

        else
        {
            global ${'sum' . $i};
            ${'sum' . $i} = $roi * ${'sum' . ($i - 1)};
        }
    }
}

_sum(2, 5, 5);

If you explain why you need it like this, maybe we can suggest a better solution.

Hi,

you can use a for() loop and the assignment operator *=, for example:

<?php

function _sum($start_balance = 0, $stop = 1, $roi = 1)
{
    for($i = 0, $sum = $start_balance * $roi; $i < $stop - 1; $sum *= $roi, $i++) { }
    return $sum;
}

print _sum(2, 5, 5);

But if you plan to use floats or to produce big numbers, then you have to change approach, use BCMath or GMP and read carefully about floating point quirks (which BCMath solves):

• http://php.net/manual/en/book.bc.php
• (just for integers) http://php.net/manual/en/book.gmp.php
• http://floating-point-gui.de/

Hi,

usually you define which column (or columns) mark a row as a duplicate and set a unique key index, so you have to alter your table schema. Once this is done add IGNORE to your insert query:

INSERT IGNORE into excel(excel_name, excel_email) values('name', 'email@address');

Then use:

$affected = mysqli_affected_rows($connect);

It will return an integer: 0 if the insert failed, 1 if it occurred, -1 means there was an error. For more information, read:

• https://dev.mysql.com/doc/refman/5.7/en/constraint-primary-key.html
• http://php.net/manual/en/mysqli.affected-rows.php

Also, use prepared statements, do not use PHP variables inside queries. And, please, make meaningful titles for your threads: "php" does not help anyone.

Hi,

in practice, your goal is to dynamically alter the crontab file? Or you're talking about something else?

Also try Meld, it should work also on Windows: http://meldmerge.org/

If implemented, IMO, it should be consistent through all code as jQuery does.

Using mutators and accessors, as described by jkon, can simplify because the naming suggests what to expect: setSomething(), getSomething(). Even if more verbose.

Anyway, I made a small research, this could be defined as dynamic dispatch which can be combined with traits, in the end you could create methods with similar names which are choosen by the reflection library basing on the signature (parameter types).

An example is here:

• https://laracasts.com/discuss/channels/tips/php-overloading-trait

Here's the source:

• https://gist.github.com/eckenroed/607bb62f569e7c00ced02002cfb19b39

Which however does not deal with empty methods, so I made few small changes to __candidateMatch() and to __resolveparameterTypes() which was not handling booleans correctly, now it seems to work fine (pasting outside, because the post is too long):

• https://pastebin.com/Xw6W8Nk7

Here's the test class:

<?php

require 'overloader.php';

class Test {

    use Overloader;

    private $_producers;
    private $_song;
    private $_songs;

    // Producers //

    public function producers_set(string $str)
    {
        $this->_producers = $str;
        return $this;
    }

    public function producers_get()
    {
        if(property_exists($this, '_producers'))
            return $this->_producers;

        return '';
    }

    public function producers_unset(bool $unset)
    {
        $this->_producers = NULL;
        return $this;
    }

    // Song //

    public function song_set(string $str)
    {
        $this->_song = $str;
        return $this;
    }

    public function song_get()
    {
        if(property_exists($this, '_song'))
            return $this->_song;

        return '';
    }

    public function song_unset(bool $unset)
    {
        $this->_song = NULL;
        return $this;
    }

    // Songs //

    public function songs_set(string $str)
    {
        $this->_songs[] = $str;
        return $this;
    }

    public function songs_get()
    {
        if(property_exists($this, '_songs'))
            return implode(', ', …

@Nicht

can you share your code? thank you :)

Hi all!

In addition: the aim is to be able to chain the methods while setting?

Hi,

you can create DOM nodes, see:

• https://developer.mozilla.org/en-US/docs/Web/API/Document/createElement

As example:

<button id="button">Add</button>
<div id="box"></div>

<script type="text/javascript">
    var btn = document.getElementById('button');
    var box = document.getElementById('box');

    btn.addEventListener('click', function(event) {
      event.preventDefault();

      // create elements
      let child_img = document.createElement('img');
      let div1 = document.createElement('div');
      let div1_text = document.createTextNode('$87.03');

      let div2 = document.createElement('div');
      let div2_text = document.createTextNode('Some text');

      // append attributes
      div1.classList.add('value');
      div2.classList.add('subtext');
      child_img.setAttribute('src', 'http://lorempixel.com/400/200/sports/');

      // append img to box
      box.appendChild(child_img);

      // append text node to div1 and div1 to box
      div1.appendChild(div1_text);
      box.appendChild(div1);

      // append text node to div2 and div2 to box
      div2.appendChild(div2_text);
      box.appendChild(div2);

    }, {
      passive: false
    });
</script>

The live example is here: https://jsfiddle.net/fmbe1yyd/

Obviously you have to change the code to insert dynamic data, so if you have difficulties to make it work, explain better your issue, for example from where you get the input used to populate the elements that you want to create?