Jump to content

scootstah

Staff Alumni
 View Profile  See their activity

  • Posts

    3,858

  • Joined

  • Last visited

  • Days Won

    29

 Content Type 

Everything posted by scootstah

  1. scootstah
    For those interested, using the hash algorithm in the query like that means that your server is going to be storing plaintext passwords in log files. Not good. Also, after looking at OP's code again, wat That function escapes unsafe characters, it doesn't remove them outright. Given your example input, this would be the output: Php/freak+sistheb,est!@#$^*~(~`\\As far as entropy goes, it's exactly the same. If you're going to go off in a condescending way, at least know what you're talking about. EDIT: Formatting. Post went wonky.
  2. scootstah
    Anything that Javascript could give you can just be forged, so that is pointless. Though I can't think of anything useful it could give you anyway. What exactly are you trying to do? Why do you need this?
  3. scootstah
    It's because the error is occurring before that code is executed. I'm betting that errors are turned off in your php.ini.
  4. scootstah
    You don't have a closing bracket on your function. Please always develop with errors turned on to the strictest setting, so that you can avoid simple problems like this. At the top of your script put: ini_set('display_errors', 1); error_reporting(-1);Or find these directives in the php.ini and set them there, so that they are set globally.
  5. scootstah
    Typically if I run into something like this and I am unfamiliar with the code base, I will do a full project text search to try to figure out where the HTML is coming from. In this case try searching for something like "form-row legal terms" and see if you find anything.
  6. scootstah
    I'm not sure what you're looking for. The code you posted has what you need. $value = "'" . mysqli_real_escape_string($value, $handle) . "'";This is how you prevent SQL injection.
  7. scootstah
    There's nothing wrong with this approach for checking for a form submission. Why do you think it is not secure?
  8. scootstah
    To expand on mac_gyver's suggestions, please pop the two attached scripts onto your server. Afterwards, open test_login.php in your browser. It should create a new session with two keys, and print some session information. Then, in the same window, open test_refresh.php. The refresh should update the $_SESSION['last_access'] value and also print some session information. In your next reply, please post the output from both of these scripts. Also, try continually refreshing the test_refresh.php to see if the session still expires after 20 seconds. test_refresh.php test_login.php
  9. scootstah
    foreach ($searched as $skey -> $svalue) { $exists = ($exists && IsSet($parents[$key][$skey]) && $parents[$key][$skey] == $svalue); } if($exists){ return $key; } $exists is only ever going to be equal to the last iteration. So if your last iteration is true, it'll be true - otherwise if the last iteration is false, it'll be false. This will effectively ignore every other iteration. I'm not really sure what your logic is trying to do here, but I think you need to break from the foreach loop.
  10. scootstah
    It should have. Your error reporting settings are probably not set up properly on your production config.
  11. scootstah
    Can you be more specific? Not really sure what you're talking about.
  12. scootstah
    After putting your code in my IDE, it alerted me to the following: "Arbitrary expressions in empty are allowed in PHP 5.5 only". Until PHP 5.5, you cannot evaluate functions inside of empty(). You can only use a variable.
  13. scootstah
    If there was an error, you'd see it when you viewed the page. It's possible that it's not throwing an error, but also not starting. It should return false if it fails to start a session. Try: var_dump(session_start());
  14. scootstah
    Ah, I see you are doing $arr = [];. That syntax is new to PHP 5.4. What version are you running on your production?
  15. scootstah
    No worries! Glad you got it working.
  16. scootstah
    Put the error code before anything else in your script.
  17. scootstah
    Okay, so according to PHP the mail has been sent successfully. Let's go simple and try this out: var_dump(mail('[email protected]', 'test', 'test', 'From: [email protected]'));Are you trying this code out on a local development setup, or a live web server? Who is your hosting with? What kind of hosting is it?
  18. scootstah
    Yes, you're right. I missed that, sorry. Try changing the From header to a static email that comes from your server's domain. The problem might be that your mail is being rejected due to spam settings. Try this and see what $success is equal to: $success = mail($webMaster, $emailSubject, $body, $headers); var_dump($success);At this point I don't think recaptcha is to blame, I think that is working properly now.
  19. scootstah
    You've got two differently named variables here: $mailheaders .= "From: $emailaddress\r\n"; $headers .= "Content-type: text/html charset=iso-88590-lrn";Where are these being created? It's bad practice to concatenate a variable (the .=) without it first being initialized. Assuming it is not created further up in the code, I'm thinking you want:$headers = "From: $emailaddress\r\n"; $headers .= "Content-type: text/html charset=iso-88590-lrn";Also, make sure $emailaddress exists. I don't see that either. Finally, what is $success equal to?
  20. scootstah
    That's MySQL's SHA() function.
  21. scootstah
    White screen is generally a fatal error. Check the Apache error log.
  22. scootstah
    Yes I know, but what is its actual value? Are you getting rows returned? How many rows? SHA1 is not encryption, it's a very weak hashing algorithm meant to be used for checksums and such, not for storing passwords.
  23. scootstah
    The code in your original post had a call to mail(). I would assume you'd want the mail() in your else block.
  24. scootstah
    Not quite. ignace is using type hinting, which means that only a value of the specified type can be passed to that method. In this case self resolves to the class name of which it is used in, or, A. So he is saying that only a value of type A can be passed to that method.
  25. scootstah
    Typically that is all I do, but depending how you will be using the images you could still have problems. Check out this thread, where I determined it is still possible to embed code into an image and pass a MIME check: http://forums.phpfreaks.com/topic/294311-image-upload-and-risks-questions/?p=1504625
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.