xc0n

yea but sometimes the most basic way is best, usb security is bad think off all the n00bs getting a usb not recognised msg n not being able to view there data, an ip is like a finger print u can spoof it but u cant make it a number u desire! untill then my system is ok, i did post a demo link to a login that knowbody even saw, i got logs of over 7 people trying to get in since i last posed on here, now considering this is a big forum with alot of tallent i think i done well nobody cracked my hash! didnt even see a ss of my login page let alone a hack of any kind these guys would have just seen red so give me a lil credit ey?

psycho a user above said its bad to create your own hash & that his buddy could easily crack it, not me i know a hash cant be undone hence my attitude to n00bs that try diss me i guess i was very over reactive and should settle down i have just been working on this for a while and take offense easily my bad. id love to gather some files together of the previous version so you can all have a look? maby then u can give me some tips on improvement

i dont know why i bother... why would i post my source here lol its real smart to build a hash an then give the source :/ im not trying to market anything lol forget the website guys the link i posted was to a demo see demo.php so tell ur ####%#%%% to brake it u have the link i wan see a screenshot of my login page lets see how good u guys are??? or r u all jus full of it? also did use get time to crack the above hash??? thought it would be easy ??? only 5 letters ?? lmfao id love to show my code but not when i get this reaction for wanting to try sumfin new & yea im a s#it speller im truely sorry for this lol sorry for over reacting to the crap thats been posted here i just cant stand f#ckheads that try diss ppl that wana share new ideas, nothing is impossible my system is secure and u can all get f#cked use are all like sheep anyway weather any1 agrees wif me of not they wont say it cause all the douchb@gs would diss them, hahahaha lmao at the w@nkers with quotes in there sig's from a site mod or admin hahahahahaha sucking up much?? lol ehhhhh maby i should visit this forum when i need a spell check done or marketing tips & tips on how to suck up to admin accounts i could really learn alot !!

jeez did i ask u to look at my about page ? this place is full of ####heads seriously ppl come to try expand tere knowlegde n learn more get help with projects and all u get is smartass ppl sayin u have a spelling mistake ehhhhhh... help... talk about my actual script or ##%% off!

Ahh so nice to have support from this "helping forum" lol Well yes its easy to spoof your ip, but you would need to know what ip u need to spoof, and im pretty sure u can spoof a SPECIFIC ip address so unless my system decides to allow random spoofed ip's then ur out of luck. tell your friend to give it a go, I have this software running on http://www.ipsecure.com.au/demo.php if he can send me a screenshot of just the login page ill be VERY surprised LOL. The only way to compromise this would be to attack the server, its on a basic server without ssl so hooray if he manages to attack it. Remember u think my script is the problem so tell him to attack the script. And for any users that don't have windows i feel sorry for you and u will have to purchase a static ip off your isp also ill hash a basic word using my hash and u get him to crack it :/ just a basic 5 letter plain word jcrypT Hash: ^[EMa3v_Km=)_@S)EM[3t)CH@oX6=3@P have fun.

thank you! let me have a try to implement this.

well its been a year and i have successfully finished my project!! i built a exe to update the mysql database every time the users dynamic ip changes and it works 100% also built a nice hash to protect ip addresses in the database if you want to read more and see some screenshots have a look at the website >> ipsecure.com.au anyone interested on working on this project with me send me a pm!

hey guys i have a small script below i have commented what i need help with if anyone has any ideas ill be very gratefull ive tryed but cannot get it to work at all. This is a small fraction of a large script i'm writing but the easy way to get help with my problem was to section it into below code so don't worry if the script looks pointless as long as it works thats all im after! <?php $bad_directory = 'home/username/public_html/'; // I need help to convert the following orange text into PHP please // search $bad_directory & list all files created within last hour of current day (file names as a array eg: 'blah.txt','ttl.gif') // search $bad_directory & list all folders created within last hour of current day (folder names as a array eg: 'blah','ttl') // get list of last hour created files from above and rename all files with _NEW at end EG: "just_added.php" to "just_added.php_NEW" // get list of last hour created folders from above and add a .htaccess file to each folder EG on how to create file ,htaccess below // Create the .htaccess file i need added to each newly added folder ^^^ $filename = '.htaccess'; $contents = 'AuthUserFile '.$htpass_dir.'.htpasswd AuthName "THIS AREA HAS BEEN LOCKED FOR SECURITY REASONS" AuthType Basic require user Admin'; $handle = fopen($filename, 'x+'); fwrite($handle, $contents); fclose($handle); ?>

hey i have a basic bit of code ill post below, at the moment it works fine, but im sure it is very unsecure, what i need to know is how to apply the PDO function to it so its a safe script and also if there are any other things i can do to tidy it up / make it more secure please let me know. <?php require ("auth.php"); // Checks to see if user is valid // If User is valid then below will function // Connect To Database $dbhost = 'localhost'; $dbuser = ''; $dbpass = ''; $dbname = ''; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error Connecting to MYSQL'); mysql_select_db($dbname); // End //Get Data $sql = mysql_query("SELECT * FROM `allowed_ips` WHERE `host_noip` = '$host_noip' limit 0, 30"); $result = mysql_fetch_assoc($sql); //End // Show Companys key $show_secKey = $result['company_secKey']; echo "<form method='post' action=''>enter key here: <input name='secKey' type='text'> <input type='submit' value='Submit'></form>"; $checksecKey = $_POST['secKey']; if($checksecKey == $show_secKey) { mysql_query("UPDATE allowed_ips SET ip_address = '$ip' WHERE host_noip = '$host_noip'"); mysql_query("UPDATE allowed_ips SET ip_host = '$ip_host' WHERE host_noip = '$host_noip'"); $result = mysql_query; if($result) { echo "<meta HTTP-EQUIV='REFRESH' content='0; url=index.php'>"; }} else { echo 'Error Wrong Key'; } ?> Ive tryed to apply the PDO myself but cant seem to get it to work! thanks in advance

Yea i understand, but thanks alot for taking to time to help me!

@everyone: Thanks for your reply's, I like having other people opinions! Even though you have all disagreed, I will still try to complete my system, I have a very open mind so hopefully I can come up with something great! Im on the level at the moment where my system is working & it can also update a users IP when it notices a dynamic IP has changed via a method i have used. Once i have it running how i want ill post it here for you guys to look at and im sure you will be surprised at how i have got it to work and also be able to help me fix any vulnerabilities / messy code etc.. thanks again!

@AyKay47: hey thanks alot for the help but that code gave me white page saying: There Was A Error @jcbones: that script works great and does everything i need it to do! thanks alot, it can even email me the backup zipped or send it to a remote ftp server! very nice!!

hey i want a php file to backup my mysql database into a .sql file for me im using the code below, I save this code as backup.php and when i visit backup it says "Database Backup Completed" but the database backup folder is empty it doesnt create or write to the sql file.. ive also tryed giving the file and folder permissions 755, 775 & 777 and still none worked! not sure whats wrong? <?php // Connect To Database $dbhost = 'localhost'; $dbuser = 'database_user'; $dbpass = '***********'; $dbname = 'database_name'; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error Connecting to MYSQL'); mysql_select_db($dbname); // End $backupFile = 'backup_folder/backup_file.sql'; mysql_query("SELECT * FROM '$dbname' -> INTO OUTFILE '$backupFile'"); $result = mysql_query; if($result) { echo "Database Backup Completed"; } else { echo "There Was A Error"; } ?>

ok i figured it out i used the code below: <?php define('ABSPATH',dirname(dirname(__FILE__)) . '/'); require(ABSPATH . 'hidden_files/config.php'); ?>

ok kool ill have a look thanks, any idea why code below doesnt work anyone? <?php require($_SERVER['DOCUMENT_ROOT'] . '/../hidden_files/config.php'); ?>

@Pikachu2000: exactly why i want to make it nothing is impossible and not everything has already been done.

index.php runs include($_SERVER['DOCUMENT_ROOT'].'/hidden_files/config.php'); but index.php in in the public_html folder so the code you gave me aboce will be looking in /home/user/public_html/hidden_files instead of /home/user/hidden_files any other ideas?

Ok so i want to stop my config file from being accessed directly through a browser, the best way to do this is to not have config.php in my public_html folder, that way i can include it in a file but its not accessible directly. eg below: /home/esecure/public_html/index.php /home/esecure/hidden_files/config.php now index.php requires config.php to run so ive used the codes: <?php require($_SERVER['DOCUMENT_ROOT'] . '/../hidden_files/config.php'); ?> But it wont work. It wont go back past public_html folder i just get an error. Warning: require(/home/esecure/public_html/../config.php) [function.require]: failed to open stream: No such file or directory in /home/esecure/public_html/config.php on line 13 The code below works, but i dont want to link to config this way i want the above way to work. What am i missing? <?php require '/home/esecure/hidden_files/config.php' ?> thanks in advance

@mjdamato: You're right, an exe wont do the trick, but this system will mainly be used by company's that need extra security, that i meet in person, not just the average person with a login script, the system would be installed by me to each of my clients that request it so i guess the only 100% way it will work as i want it too for now is for each client that use's my system to have a static ip address, if they are concerned enough about there admin security im sure they wont mind getting a static ip. Otherwise ill still try to implement a way for the system to work with dynamic ips i just think it will take alot of time & help!

@businessman332211: Yes i agree, but my system is only for wrapping an existing secure login system. I would'nt just use just my system to vertify the user itself, all my system will do is wrap around other logins and make them just a bit more harder to hack. I have actually got my system working great now "as long as the user has a static ip address" but once i make the system work with dynamic ip's i think it will be an essential addon for any login system, it can help because if your ip isnt valid in the database and your login system is wrapped with my system then the hacker wont even see your login page, before it loads my system will boot him, i guess it help with less chance of sql injection and people guessing passwords etc!!

i was worried id get that answer!! lol

you will need a basic mysql database to hold the embed data the users add, then you will neeed a php page eg: add_videos.php for users to add the embed tag, and then another php page eg: list_videos.php to display the embed code.

Ok i have a system that wraps around login systems, it calls a users ip address(md5 encrypted) and then asks a database if the users ip address(md5 encrypted) is acceptable to view/use the login/admin panel, this just adds a tiny bit more security for admin back-ends by not even letting the user view the login page unless there ip is allowed. My only problem is that for the system to work each user needs to have a statip ip, otherwise the database will notice the users dynamic ip changing and not let them into the admin/login page. My question is, would it be possible to some how update the database automatically each time a users dynamic ip changes? I wouldn't have a clue on how to do this, but if some how it is possible i will try to learn and implement it with my system. Maby a .exe file could be installed on each users pc to constantly check the users ip and if a change occours it will send the new ip to the database? Any Ideas? Thanks in advance.

@admin i agree with you... maby i went a bit overboard, in the end i guess i got the code mixed up a bit due to multiple people trying to help me, and also in the end i got my script working thanks to you guys so yea i cant complain! This has been my favorite first topic in a forum ever!! lol

@teynon: here is MY code u knob <?php $dbhost = 'localhost'; $dbuser = 'blah'; $dbpass = 'blah'; $dbname = 'blah'; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error Connecting to MYSQL'); mysql_select_db($dbname); $user_ip = md5($_SERVER['REMOTE_ADDR']); $q = mysql_query("select `id` from `allowed_ips` where `ips` = '$user_ip' limit 1"); $r = mysql_fetch_assoc($q); @mysql_close($conn); if(!empty($r)){ ?> u happy now??? see i did fix it your wrong go press up as a army guy and shoot bb guns