Jump to content

oaass

Members
  • Posts

    29
  • Joined

  • Last visited

About oaass

  • Birthday 01/09/1984

Profile Information

  • Gender
    Male
  • Location
    Nøtterøy, Vestfold, Norway

oaass's Achievements

Newbie

Newbie (1/5)

1

Reputation

  1. In addition to what's already been suggested you can add PHPIDS (www.phpids.org) to your application. If you are able to install things on the server (VPS / Dedicated) you could also install mod_security - detects and blocks suspicious requests. (Some of the core rules in mod_security is taken from PHPIDS) mod_evasive - blocks automated tools (not 100% but at least it blocks 99% of the skids out there)
  2. Your user creates an account on your site, and from there the user can connect to his/her's Facebook, Google+, Twitter, etc, account. When the user logs on to your site the connected apps will then pull the feeds from these services.
  3. You have $_GET['edit'] holding the car_id value when selecting but then when updating you have $_GET['car_id']. From what I can see these two needs to be the same
  4. You have commented out the input field for update_taxrate, this will result in that $_POST['update_taxrate'] does not exist
  5. There's no need to use multiple log-ins. You should instead just let the user connect his/her account with the different sites, and then when the user signs in (s)he will see the merged feed from the linked accounts.
  6. Thanks mac_gyver! Really helped me understand what was going on
  7. So why is it that this actually works? What is it that it actually compared the first username against?
  8. I saw an SQL injection vector today to bypass auth which makes the vulnerable query look like this SELECT * FROM table WHERE username=''-0||username='' AND password='' I understand everything except the -0 part
  9. jazzman1, no need for a mail server on localhost when using the gmail smtp bumpn, Before you send the mail, var_dump the $mail->Body variable..
  10. I would say that 12 rounds of blowfish with a salt generated by openssl_pseudo_random_bytes or mcrypt_create_iv for strong entropy should work fine... But remember. Nothing is stronger than its weakest link. So don't forget to enforce good password rules as well
  11. It does not "still display"... That is a completely new error message.. You've gone from undefined index to undefined variable. Read the error message again.. It tells you everything you need to know.. You're trying to use a variable that does not exist... Are you actually reading the error messages or are you just copying it over here for us to solve it?
  12. what if you remove the + signs? '% $word %'
  13. $answers = $_POST['selected_answers$questionNr']; you can start with looking at that line of code
  14. Strings in single quotes will be treated as nothing but pure text. If you need a variable to work in a string you need to either end the single quote or use double quotes
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.