KubeR

What I am trying to do is seperate functions and mysqli connection data into different files. mysqli.php $db = new mysqli(*,*,*,*); function safe_store($error) { global $db; if(!$db->store_result()) { redirect_error($error); } } full function above : function has_execeeded_max_login_fail($max,$times) { global $table_prefix,$db,$current_ip; if($result=$db->query("SELECT `times_failed` FROM `".$table_prefix."_failed_login` WHERE `ip`='$current_ip'")) { if($result->num_rows) { safe_store("2@".$result->num_rows."@".$db->errno."#:".$db->error."@SELECT `times_failed` FROM `".$table_prefix."_failed_login` WHERE `ip`='$current_ip'"); $assoc=$result->fetch_assoc(); if($assoc["times_failed"]==$max) { $return=1; }else{ $return=0; $times=$assoc["times_failed"]; } $db->free(); }else{ $return=0; $times=0; } }else{ redirect_error("1@".$db->error); } return $return; } redirect_error just outputs the error.

Hello, I am trying to send a query and receive data from it, the query is sent successfully and gets the neccessary data, the problem is that store_result returns false if($result=$db->query("SELECT `times_failed` FROM `".$table_prefix."_failed_login` WHERE `ip`='$current_ip' AND `ip2`='$current_ip2'")) { if($result->num_rows) { safe_store("There is an error in the store result'"); } } $result->num_rows returns 1 row I outputted the query using echo SELECT `times_failed` FROM `am_failed_login` WHERE `ip`='127.0.0.1' AND `ip2`='' and tried to send a query using phpMyAdmin and it returned the result as I wanted. The "safe_store" (don't mind the name, I just named it like it) function safe_store($error) { global $db; if(!$db->store_result()) { redirect_error($error); } } I tried to use just $db->store_result(); but it returned Fatal error: Call to undefined method mysqli::free() in C:\xamp\htdocs\projects\lib\functions\user.php on line 310 And fact, that the query returned a result and the num_rows found 1 line in the result. Kaperstone.

Hello, I'd like to know if there is any alternatives for cookies,session and ip for user identification ? As cookies aren't secure enough as they're easily compromised and untrustable. As for session, I haven't seen a website that uses session for user identification while still being told to use in several "Login/Registration" tutorials, but aren't secure/trustworthy in my opinion as they're editable. IP isn't the best idea because people use proxys and can change ip per page or interval. ( and VPN's ) User agents are editable by plugins and aren't unique as far as I know. Are there any trustworthy information that can be retrived from the user ? or combine a few into one ? (except evercookie) P.S. I am aware of OpenID, OAuth and social media authentication, but I am not interested in other websites identifying users for me. Appericiate any input.

I didn't intend to reverse it, nor build a crypto with a decrypt, but a hash so as you said "the result wil always be the same", the $key is a salt, I just named it like that for no reason .... I will look more into bcrypt, thank you.

Hi, Recently I've been trying writing a safe password hash and I wanted to know that if I use an MD5 hash at the end, just so it will be like some short of "packed",so instead of saving a 128 string, I'll use md5 to "pack" it into 32 characters and save up to 96 characters. I know MD5 isn't safe and all, but the question is, does it lower the security ? Also, would be happy for feedbacks about my password hash function hash_($input,$key) { $op=hash("whirlpool",hash("sha512",$key) . "$" . $input . "$" . hash("sha512",$key)); $h1=hash("sha512",$key);$h2=hash("sha512",$key); for($x=0;$x<24;$x++){$op=hash("whirlpool",$h1 . "$" . $op . "$" . $h2);} return $op;} Is it secured enough for saving high number of users or it can be improved somehow ? This might sound like I am a newbie, but I prefer sound like one instead of going the wrong way. - KubeR.

Okay,I managed to install mod_security and added the RewriteEngine in .htacces as extra. But it doesn't seem to work. error_log access_log looks the same... If it's normal then I think the best option will be to turn off the logging completely, because I waste lots of storage on just storing these logs.

Hello, Recently I put my websites up, but since then it constantly records entrys from domains which are trying to reach strange paths. Is there away to stop those fail path reach logs and only records what's else ? Or even completely stop it ? My operation system is CentOS 32bit.

Sorry for not answering that long, I solved the problem by adding more IP and attaching each domain to different IP. Before I tried to refer multiple domains through a single IP to multiple folders.

clearing the firewall settings didn't work. Can't ping the website it says "Ping request could not find host" /etc/resolv.conf - They're the default name servers, worked before, so I guess they are.

Well, it's not a cloud server but a basic VPS, it came with a VPS cp to manage the vps - SolusVM This. It points to a name server but doesn't return an IP.

One free control panel, the cheapest you can get. I personally, used zpanel and vestacp, but you can find more on Google. Free isn't always worse than paid.

Reachable through SSH,points to the proper IP and there is no FAQ as I purchased a VPS and I've changed the OS manually. As I said, the OS I switched to is very minimal, it almost don't have commands, only the basic for file operation(ls,cd,chmod etc.) and OS startup, else like the standard commands which you posted before it doesn't have. This is why I am asking, before, the Centos had all the packages on already installed, but now it doesn't have them (because the new OS is minimal), which in my opinion I am missing those packages which are in charge of the DNS process or relative which because of it, it doesn't work properly.

It worked before pointing to the same name server with different control panel and operation system.

Hello, I've installed a Debian x64 minimal package and a control panel on my VPS, but after I install the name servers, the domain doesn't reach my VPS's name servers for some reason. The minimal package comes only with the tools to run the Debian server which means it had no sudo and such. But previously when I had Centos on before switching to Debian, it did reach the name servers. Which in this case I suspect that it's a server-side problem, could there be any ? When I try to connect to the domain it says that the website is not available. I am using zpanel and the default DNS records that the zpanel generates. P.S. I tried to find the reason why it doesn't work but I couldn't find any solution, all I found is suggestions to add www A record which also didn't work. And yes, I did wait 24 hours and even more.

Thank you. works perfectly,about the rest. I tried to fix it by debugging and alerting the array values, found that I used slice instead of split,took the value that splice returned instead of just let it stand alone and named #output instead of #t_o. for those who are interested in the fixed code and/or in need of similar code : var t_t = 0; $("#t_i").keypress(function (e) { var key = e.which; if (key == 13 || key == 188) { e.preventDefault(); var tag = $(this).val(); if (tag.length > 0) { t_t++; $("<span class=\"tag\" id=\"tag_" + t_t + "\"><font>" + tag + "</font><span class=\"tagcan\" id=\"" + t_t + "\">X</span></span>").appendTo("#t_"); $(this).val(""); var output = $("#t_o").val(); $("#t_o").val(output + "," + tag); } } }); $("#t_").on('click', '.tagcan', function() { var d = $(this).attr("id"), c = $("#tag_" + d), a = $("#t_o").val(), b = c.text(),f; c.remove(); a = a.split(","); b=b.substr(0,b.length-1); var e = $.inArray(b, a); a.splice(e, 1); a = a.join(","); $("#t_o").val(a); });

Hello, I am trying to create a code which will add and remove tags. The problem is that the tags aren't being removed and the script isn't working at all. The browser doesn't return errors and neither JSHint. The code : var t_t = 0; $("#t_i").keypress(function (e) { var k = e.which; if (k == 13 || k == 188) { e.preventDefault(); var tag = $(this).val(); if (tag.length > 0) { t_t++; $("<span class=\"tag\" id=\"tag_" + t_t + "\"><font>" + tag + "</font><span class=\"tagcan\" id=\"" + t_t + "\">X</span></span>").insertBefore("#t_"); $(this).val(""); var output = $("#t_o").val(); $("#t_o").val(output + "," + tag); } } }); $(".tagcan").click(function () { var d = $(this).attr("id"), c = $("#tag_" + d), a = $("#output").val(), b = c.text(); c.remove(); a = a.slice(","); var e = $.inArray(b, a); a = a.splice(e, 1); a = a.join(","); $("#output").val(a); });Live preview : http://jsfiddle.net/rPABN/ It adds the HTML code of the tags whenever the user inputs content into the <input> tags and presses 'enter'. After it the script adds the tag name into hidden <input> which will later pass into the database after submit.

Make a place for all the arrays. So instead of having the arrays all over the code,they will be organized in one place. To make it even shorter,don't use tab and put all in one line. e.g. <script>var a,b,c,d,e=0,f,g,h,i,j,k,l,m,n,o,p,q,r,s=0;</script>

Because I believe it can be solved simply with MySQL. The main problem isn't in the display,but amount of data which is being passed from the database to PHP.

To split parts of the content,because the space on the website is too small for big content,and I want to split it into pages/parts. So instead of fetching the whole content,I want to fetch only the small part. Now of course I can just use comma to seperate,but if the content will contain comma's (which probably will),it will recognize the rest as another content. So as alternative,I want to encode the quatation marks in the content to HTML code(") and by this find the start and end of the content. But,after a little research,I found that I can encode commas too,to ‚ The problem is that I have no idea how to find these commas and/or skip and find the next.

Hi, I have no idea if there is a way to do it,but is it possible to make MySQL fetch only the data between the quotation marks in a specific place in the field ? for instance : if I have in the database - [/td][td] Column Row "This is content 1","This is content 2","This is content 3" And I want to fetch only "This is content 2",How do I fetch it ?

Fixed the issue by changing the z-index of the container from -1 to 0.

Hi, The problem is that I cannot click buttons,type text in input or textarea and cannot be hightlighted. I checked around the web files and didn't find a single user-select css function,neither using it with 'text' value didn't do the trick. I searched for anything containing the word "select" and found only jquery-1-9-1 and ::selection containing this word. Can anyone suggest anything else that can disable user selection/highlight ? Greetings, KubeR.

Well,actually I didn't want to store passwords in cookies,but - as you said,indentification of the user. I guess you cleared the mess of this part,however,I am still curious about the crypt : Because I want to keep the users data as safe as possible.

Sorry for the long delay,I was pretty busy with studying and stuff. Anyhow,is it apply's to session(s) as well ? I mean,are they also editable ? And about the crypting,how can I make sure that the crypt is safe enough ? and is crypt can be a solution to everything that requires an encryption ? And the most important,does it has collisions ? Sorry if I ask too much and I apperciate the time you dedicate to answer,I am just very curious and want to know things before I make any move in order to prevent future problems or mistakes.

Hello, I wanted to ask if cookies are editable and if they are trustable to be secured well enough to store sensetive data. As far as I know some websites are using cookies to store sensitive data such as passwords. Greetings, KubeR.