Jocka

I'm thinking about getting a PS3.. I just don't want to pay that money for it.. thats ALOT of money. My first car cost less than that (.. true story..).

Yea. I know. What I'm saying is that even if it DOES = 'that' it won't load it. I have to use the "LIKE" statement for it to work.

I have php5 and the latest mysql (forget) on my test server here at home. For some reason I CANNOT get simple queries to work. For example, this used to work just fine: [b]SELECT * FROM table WHERE this='that'[/b] But for whatever reason that SIMPLE query doesn't work. I have to do this to make it work: [b]SELECT * FROM table WHERE this LIKE '%that%'[/b] Which as I understand it can be a pretty bad security risk. Whats going on with this? I tried to find a way to make it work but it seems like there is no solution other than "like" ..

My code works for the most part but heres the problem with it. I tried to set it so if there's a "?" in the url then it adds a "&state=whatever" otherwise it'll say "?state=whatever". Well the problem lies here. It's NEVER "?state=whatever" and it wasn't until later that I realized I need to check to make sure "state" isn't in the url either and if it is to update the variables. .. this is so much easier in PHP lol.. Any help? this is what I have so far (which does about 30% of the task). (slashes added so I could post the code) [code] <//script language="javascript"//> <!-- function goto(){ var index=document.forms['search'].state.options[document.forms['search'].state.selectedIndex].value; var url=document.location.href; if(url.match("/\?/ ")){ window.location.href=url+"&"+"state="+index } else { window.location.href=url+"?"+"state="+index } } //--> <//script//> [/code]

I used to be VERY shy. I wouldn't even speak to my parents most of the time. I got a job at a local gas station (still work part time). That makes you open up very quick. After a while you begin to get comfortable with everyone. Like one of the others said, a job dealing with the public would be best. Anything with direct contact, not phone contact. Actually a job with both would probably be better.

Thats all of the code right there? Show us what $name is and $message is. This will help.

not possible. They'd have to have the information to get into your server first. FTP info. That was one of my first questions when I started PHP. If you'd like to see for yourself, then try to read index.php off of these forums on ur server. You might get the tables and such but no PHP code.

i take that back.. deleted the squares and still can't find a pattern I can read by.. jesus this is too much. Maybe I can find something to erase the symbols and all the b/s in there and just read the words and code.

there HAS to be a way to read it. Like monster.com can read doc files and create them. That's all I want done. If I can find a way to delete the freakin squares I can read this but my text editor won't let me..

lol. I just ripped open a .doc file I made and it's very simple.. then I ripped one open I made in openoffice.. .. long story short, WTF?! How can these two files be completely different? Same information and everything but completely different code.

lol well how I'm starting to understand (may be wrong) a .doc file is almost an HTML file. Same general idea. Thats what i've read so far. I have no problem MAKING the .doc file but reading it is a little trickier..

where? I looked all over it . I went to the download section then searched the site but I'm not finding anything. I'll keep looking though.

DOC TO HTML is my intentions.. no longer about php type libraries. I need a DOC file to become an HTML file. I can do the opposite quite easily but reading the doc files seems damn near impossible. I've found a couple of php scripts but they don't seem to do much really. I've tried them and they don't work so I'm not sure what's going wrong. One of them read the file based on hex values. I'm HEX retarded. I don't know how all that works. There has to be an easy way to do this without having to pay some other PHP programmer to do this for me.  Please help me..

Ok u wrote not to depend on IP's for identification. I know someone can use a proxy or change their ip, etc.. etc.. What methods would you recommend? I try to validate among layers. As in, creating multiple steps you have to take to actually log in under someone else's account. So you get their session id and IP? Then you still have to go through the other steps I have to get in (which I'm NOT going to post). I'm less worried about user accounts and more worried about my database information. If they get in an account they don't get much. If they get in my database, they have FAARRR too much. With that said, let's talk database security. The problem with database security is that it spreads upon more than just the database. It goes into FTP security, server security, file security, etc. Forgot all that though. lol. I was just ranting. I know with the database I need to protect against SQL attacks first. I ALWAYS break down any piece of code that goes in or comes out of the database (just incase they sneak some past me). Aside from SQL attacks, and the obvious hacking of the ftp and finding my mysql info, what else can I do to protect the database?

Hmm. Well maybe I missed something but all this does is saves files in particular directories assigned or files? I don't think I would need this. We're on a dedicated server so we don't share this server with anyone. To help figure out if I'm doing this right I'll give 1 of my validation methods (considered most useful to me). I assign the username in a session and/or cookie. My script then checks the username and compares it against 3 things saved in the database when logged in. 1. Username matches name used in 2 seperate tables (dont want to go into great detail). 2. IP must match IP saved in database 3. Session ID must match the assigned session id in the same table with username and IP. I thought this would work perfectly. However, if you took the session id and found the users IP address (could be used in one script) then this might not work either. You could spoof the IP and add the session ID to your cookie. However my script requires that the session id in the cookie and session match.. can you actually change your "session" information, not just cookies?

sessions are definatly one of my weaker points. Is it safer to store less info or more info in sessions and/or cookies? I only have like 3 things saved in my sessions. But according to that article, all they need is the session id? Well how the hell do I prevent that? I doesn't go into great detail. I thought you had to have everything... this whole time I had this huge security whole setting in my lap. .. with the sessions and cookies I compare against quite a few things in the database.. i thought it was safe but i'm kind of worried that it isn't now.. how can I check this by myself (just one computer?) BTW, hacker is a more commonly used word. I would've said "cracker, script kiddie, etc" but frankly hacker gets the point across faster even though it's not quite the same thing.

It's just the idea that people might hold back information doesn't work for me. If I pay someone and make them sign a contract, they legally have to inform me of any issues there are.. so i think i'm going to go the expensive ways. Just a question. I'm going back on one of my scripts because I forgot a "forgot password" area. Now I'm limited on what I can do from here. I can either reset the password in the database or put the password in the database non-hashed. Of course I could do that "security question" thing but to me, thats pointless. If you can get even the smallest piece of information on someone, you can usually find out the answer to those in a matter of minutes. I was thinking maybe I could do the "reset password" thing. What it will do is send an email out (only one a day or a week.. or something) and if the user requested the password be reset, they'd have to click this link with a generated and saved code in it. Otherwise, the password would stay the same and the IP would be logged and reported (or whatever). Is that a good idea?

[quote author=Crayon Violent link=topic=114906.msg467908#msg467908 date=1163523467] you could always buy a junk machine, setup wamp and your script and post an open invite here (or somewhere else) for people to try to bust it. I love invites like that :) [/quote] This is exactly what I had in mind at first. To throw a "fake" out there and ask people to try and hack it. I mean, thats the free alternative lol. The only problem with that is, some of those 'hackers' might not share how they hacked it. Most of them do if you give them permission to try to get in your site, but some don't. That scanalert.com site looks promising. But like ober said, since you have to call just to get information, it's probably expensive. .. i'm not sure which idea to go with here. Option 1, the wamp site, i have the satisfaction of getting [i]some[/i] answers but risk people not telling me potential security issues and hacking the site once it's online and running. Or option 2, spend god knows how much for a group of people to SAY they looked over my site and throw a sticker on my website.

FYI: I know I post in this particular forum too much Moving on. I take every step of precaution I can with security but sometimes I feel that isn't enough. I check everything that goes in and comes out. Dissecting each little piece of information that goes through each page and yet people still find ways through my site every so often. I'm not saying I'm the worlds worst at security. For the most part I keep sites very secure. Sometimes "too" secure. When working on big websites I get kind of nervous as far as the security. I wouldn't have posted this if I wasn't concerned with it. I'm in the early stages of building this from the ground up and I figure that it's best to start security from the start rather than going back. But of course if a hacker wants in bad enough he'll find his way in. What's the best idea on keeping security at it's best? Should this company hire a team to keep track of this? Should I daily search the pages and check for any "new" security holes? Is there companies that TRY to find security issues with your website?

Wow, I was thinking about doing that too. You've just changed my mind. Craigslist is a good place though (someone suggested that already). I put an ad up once and had a few calls. Then you could have your own site with as many keywords as you can throw in there and then pay google to put it at the top of the search. I KNOW that works.

Most of the people I've worked for always makes a run for the yellow pages. Get a big ad in there.

yea, very expensive. We're looking into all our possiblities right now. I'm not sure what SAN is so i'm going to look that up in just a second. We were thinking that it'd be easier if the servers were in our office building so that if there are problems it can be fixed without having to call a host and waiting on them.

I dunno, this usb adapter works fine. I'm planning on buying me a laptop anyway and this adapter will come in handy more than the card would anyway.

i don't know to be honest. I don't understand the differences. I got this computer for a family friend.

Yea I tried to put it in since it was the same length but it wouldn't fit. I'm not sure what my PCI card/port/whatever is but the card i got was a 32 bit.. only reason I know is cuz it said it on the box lol. I bought a USB adapter instead. It works but I have to say, it's kind of slow. It's somewhere between regular cable/dsl and dialup. Which isn't good but isn't bad either. My download speed is amazing but for some reason it takes a couple of seconds to load any websites. For example, for this page alone, it took 5 seconds to load everything.