cssfreakie
-
Posts
1,674 -
Joined
-
Last visited
Posts posted by cssfreakie
-
-
jduke6, I am not hijacking your post.
cssfreakie, joel24
Can you give your comments about this article?
Thank you.
https://bugs.php.net/bug.php?id=49576 see comments...
-
your missing values (edit: as creata.physics already mentioned)
as far as that second query, I highly doubt that you can add a second query like that in php mysql ( $mysqli->query)
edit: ah it is possible, see: http://www.php.net/manual/en/mysqli.multi-query.php
-
if you just want to verify it's an emailaddress i would go for the native filter_var function. saves 52kb.
-
if you do what you just said, it should just work. If not, I doubt your server settings are correct. Too bad I know crap about that
Apart from looking in php.ini and see what you have there. You might want to post a thread in the server forum and mention that you can't get sessions to work. -
ohhhh if you dont hide it they can make a rainbow database, based off your salt. right?
exactly because than they just take the normal dictionary and append your salt to it, create the hashes and compare them again with your stored values.
-
That error (undefined index) means That the session variable with the index of username ($_SESSION['username']) is not yet set, so it needs to be set first. Otherwise you'll get the error.
As a working example, make 2 pages with the code below and run it and see how it works.
PAGE1.php
<?php //error reporting error_reporting(E_ALL); ini_set("display_errors", 1); //start session session_start(); $_SESSION['monkey'] = 'gorilla'; echo '<h3>THIS IS PAGE 1</h3>'; ?>PAGE2.php
<?php //error reporting error_reporting(E_ALL); ini_set("display_errors", 1); //start session session_start(); echo '<h3>THIS IS PAGE 2</h3>'; if(isset($_SESSION['monkey'])){ // check if $_SESSION['monkey'] is set echo $_SESSION['monkey'].'as you can see you went to page1 first and now it works'; }else{ echo '<p>it seems session monkeys is not yet set<br /> you are trying to access this page before page 1.</p>'; } ?>p.s. in the process of testing this session stuff notice your browser stores a cookie with the session id (probably starting with PHPSESSID ) IF you remove that cookie and access page 2 the session is again not set.
-
if you already md5-ed it, you are to late. Because the trick of a salt is what? (see above...)
And ofcourse you want to keep your salt secret. Because that is what makes:
the common word monkeys into a word that does not exist in the dictionary and after that you hash it.
if you use javascript (client side) it will be in plain site.
-
PLace this at the top of any script you have and report the error back to us.
<?php error_reporting(E_ALL); ini_set("display_errors", 1); ?>If you access the second code you showed directly you should get an error, since $_SESSION['username'] is not yet defined. If you first visit the first page and than the second it should work.
_edit: when developing use that little snippet above all your scripts, or alter your php.ini Don't use that in production btw.
-
What if you md5 the password and then send it to the server using Ajax, how do you md5+salt once it is already md5 once?
oh sorry i forgot to thank, lol im tired.
Thanks you 2 for the good replies.
There is no good reason to md5 (hash) something twice. in fact it makes your stuff less secure, (why? because of the fix length input for the second hash). Anyway the answer to your thread is given. Keep it to the point and mark it solved ones the answer is given. And above all this forum is flooded with questions and answers on this hashing stuff. try it out...
-
google is indeed a wicked tool.
in a nutshell:
when you use md5() or any other hashing (hashing is not encrypting) function. The string that got in, gets transformed into a fix length string that hides the original string. Opposed to encryption, that uses a key (to decrypt/ 'open'). You can't decrypt a hash, since there is no key. It;s one way.
for instance:
monkeys becomes HJJAUudfisiufa666547HGhHHd (I just made that up
)A rainbow table stores common words like monkey and most other words you find in a dictionary. So ones someone got into your database he sees those hashes you stored and just compares them with his rainbow table to maybe use those on your customers email, or paypal accounts. Most people use the same password for everything....
Now if you use a salt. for instance: *776**&DHuswu#@#@%^&^@!&*@&*^2112$%5~
The string isn't monkeys but monkeys + that weird salt, and than it gets hashed. And since that combination is very unlikely to end up in a dictionary (unless real monkeys took over the redaction). It's unlikely to exist in the attackers rainbow table, thus making it more secure.
That's it.
P.s. google is your friend!
-
You might want to explain a bit more what purpose of it this message is. From the way you describe it, you will allow a normal user to delete a system message. In a way that other members won't see that message any more since it got deleted.
Do you maybe want a system message to be shown to every user. and ones a specific users says "okay i read it" it will not be shown any more to that specific users but will be to other users that did not read it. Describe your wish a bit more and it will probably give you the solution when you think about it.
-
1)You will have to store the weight of each product.
2) than ideally (from my point of view) have a table with the various prices per weight range. (so you can easily add and adjust stuff)
Than when someone orders, say 10 banana's and 12 oranges you just do:
(10 banana's * weight of a banana) + (12 oranges * weight of an orange) = total_weight ;
than use that 'total_weight' to look up in your weight table. and output the price.
-
Yes, the markup is out-dated as the menu is about 2-3 years old which makes it a dinosaur in the tech world. I used your idea and it fixed the display. Thanks for those suggestions! I'll most likely be replacing that menu with a more modernized setup in the near future.
I marked your topic solved (we have a button for that...). interesting enough it took a month to reply....
-
Thanks, was it this one you were referring to?
http://www.phpfreaks.com/tutorial/php-security
Presumably, as I am only using a contact form, that just sends an e-mail, there aren't so many security concerns as when adding data to a database? With an e-mailing script, is there anything in particular I need to cover?
Thanks
yes that is the one.
As for emailscripts: 'email' header injection is certainly something to you want to have read about before you put it on a live server. Otherwise you are hosting a spam company.
-
Hi Guys
I am adding a short contact form to a site. All the fields are text fields. What do you think is the minimum validation I need to add to make the form safe against hacking etc.
Thanks
you might want to have a look at the tutorial section of this forum. The is a short guide there.
-
Well its a place to start, and thanks for the help. Is it the best way to do it do you think? Or is there a better way?
L == Learner
the use of the word 'best' is a bit tricky in any case. Sessions are designed to do exactly what you want in this case. There is no reason I can think of not to use it.
P.s. if your topic is solved, press the button in the left bottom corner
-
the easiest way would be to use session variables. After someone submitted a form you set a session variable and assign it the value of the $_POST value.
<?php if(isset($_POST['gorilla'])){ $_SESSION['gorilla'] = $_POST['gorilla']; } ?>As for security risks. Any data that is provided (or can be provided, such as $_SERVER['PHP_SELF']) by the end-user can not be trusted. So no matter what you always have to check whether the values are as expected.
-
just another thing, don't use breaks (<br />) to style your pages or tables it will get messy very fast. It's fine to use them inside a paragraph, but that is pretty much it in my opinion. Besides that if you have an online example or the actual html output (ctrl+u) so without the serverside code (php)
-
This topic has been moved to PHP Coding Help.
has nothing to do with html
-
Have you tried to write any php code? Or do you want people to write that for you? Keep in mind though php is a server side language. So any calculation you php do happens on the server and after that it outputs it to the browser. If you want stuff to be calculated client side, you require either something like javascript or flash or other fancy clientside stuff.
btw I Moved this forum to the php coding forum, instead of the html one
-
-
assuming you are not using a fluid width layout. A pretty common (min-)width is 960px. There is even a grid system named after it (http://960.gs). You might want to have a look at it.
Than again there are quite some sources out there that track what the common used resolutions are. So you might want to just google and decide what you want. Anyway I can tell you I use a min-width of 960px.
-
did you also had a look in the source. ctrl+U or right click view source.
Do you still see the < and the > as is or where they urlencoded?
-
Hi got this sorted now, thankyou for the explanation, it cleared things up for me.
I was wondering wether its worth looking into animating the pictures to give them a sliding effect.
Would I be best to look towards jquery opposed to css (webkits etc.) furthermore is it even possible using just CSS?
you would require javascript for that. So yes jquery can be an option.
Box-shadow and inset box-shadow possible conflict
in CSS Help
Posted
if multiple box-shadows are supported, you need to add a comma like so:
edit: more info can be found at http://css3.info