Jump to content


  • Posts

  • Joined

  • Last visited

phpzer's Achievements


Newbie (1/5)



  1. you could use console.log and the object is written in the console (for example firebug in firefox). if you really need to write the values in the document you could use this: /* repeatString() returns a string which has been repeated a set number of times */ function repeatString(str, num) { out = ''; for (var i = 0; i < num; i++) { out += str; } return out; } /* dump() displays the contents of a variable like var_dump() does in PHP. dump() is better than typeof, because it can distinguish between array, null and object. Parameters: v: The variable recursionLevel: Number of times the function has recursed when entering nested objects or arrays. Each level of recursion adds extra space to the output to indicate level. Set to 0 by default. Return Value: A string of the variable's contents Limitations: Can't pass an undefined variable to dump(). dump() can't distinguish between int and float. dump() can't tell the original variable type of a member variable of an object. These limitations can't be fixed because these are *features* of JS. However, dump() */ function dump(v, recursionLevel) { recursionLevel = (typeof recursionLevel !== 'number') ? 0 : recursionLevel; var vType = typeof v; var out = vType; switch (vType) { case "number": /* there is absolutely no way in JS to distinguish 2 from 2.0 so 'number' is the best that you can do. The following doesn't work: var er = /^[0-9]+$/; if (!isNaN(v) && v % 1 === 0 && er.test(3.0)) out = 'int';*/ case "boolean": out += ": " + v; break; case "string": out += "(" + v.length + '): "' + v + '"'; break; case "object": //check if null if (v === null) { out = "null"; } //If using jQuery: if ($.isArray(v)) //If using IE: if (isArray(v)) //this should work for all browsers according to the ECMAScript standard: else if (Object.prototype.toString.call(v) === '[object Array]') { out = 'array(' + v.length + '): {\n'; for (var i = 0; i < v.length; i++) { out += repeatString(' ', recursionLevel) + " [" + i + "]: " + dump(v[i], recursionLevel + 1) + "\n"; } out += repeatString(' ', recursionLevel) + "}"; } else { //if object sContents = "{\n"; cnt = 0; for (var member in v) { //No way to know the original data type of member, since JS //always converts it to a string and no other way to parse objects. sContents += repeatString(' ', recursionLevel) + " " + member + ": " + dump(v[member], recursionLevel + 1) + "\n"; cnt++; } sContents += repeatString(' ', recursionLevel) + "}"; out += "(" + cnt + "): " + sContents; } break; } var pre = document.createElement('pre'); pre.innerHTML = out; document.body.appendChild(pre) return out; } (edited version of http://stackoverflow.com/a/11315561) Then you can use it with just dump(yourVariable)
  2. that's not javascript... :-/ that's simply html... and by the way you forgot a quote.
  3. Exactly, that's why it's bad to use ajax Yes could you please post the php scripts here so I can help you rewrite them with a socket? (If you don't want to publish your scripts with the whole world send me a private message)
  4. I don't think ajax is a good option for this, the user shouldn't wait for the server to load for moving and so on. The server should always be connected, wait for the user to send information and continue waiting for the next information so the user has technically no wait time (just like with online multiplayer games). How to do it? Easy: websockets! If you want you can read this it explains how to use sockets in javascript and for the server side you can use this php library. If you REALLY need ajax this is an improved version of your script (a bit more organized): function getRequest(page, callback) { if(!callback) callback = function() {}; var ajaxRequest; try { ajaxRequest = new XMLHttpRequest(); }catch(e) { try { ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP"); }catch(e) { try { ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP"); }catch(e) { alert("Your browser doesn't support ajax"); return false; } } } ajaxRequest.onreadystatechange = function() { if(ajaxRequest.readyState == 4) return callback(); } ajaxRequest.open("GET", page, true); ajaxRequest.send(null); } function move(direction) { getRequest("move.php?direction="+direction, function() { clearatk(); create(); getmob(); getname(); }); } function create() { getRequest("create.php?ajax=1", function() { document.getElementById("create").innerHTML = ""; document.getElementById("create").innerHTML = ajaxRequest.responseText; }); } BTW: I think that the lag comes out on how you generate your map! PHP should return a json array containing the map and not the actual HTML, the HTML should be generated by the client.
  5. Use those functions <?php function is_valid_name($name) { return preg_replace("/[^A-Za-z\s]/", "", $name) == $name; } function is_valid_phone_number($phone) { // you need only digits, right? return preg_replace("/[^0-9]/", "", $phone) == $phone; }
  6. If I understood correctly <?php error_reporting(E_ALL); ini_set("display_errors", 1); ?>
  7. I think you are right. I thought that maybe doing all that encryption and encoding and string editing then it would be safe enough but now I think I was wrong... Sure I am always open to constructive critique Will take a look at it, thank you
  8. Ok this was an epic fail Of course, I never said I'm qualified in cryptography or anything! I know AES is not magic or anything. My idea of keeping the password (for AES) was some kind of calculated password that would have been changed every time a user logs in. The password would not be stored in plaintext, it would be encrypted with some kind of "master password" (there are hardware things that are done just for holding password, I forgot how they're named) but the comes what you told me, security through obscurity. Even if I would be able to build an unbreakable PHP code, some hacker would still be able to get through the system somehow, for example through a bug in Apache (or nginx or whatever I will use as webserver) or even a bug in the linux kernel. I mean there is no 100% secure system. PS: sorry if this post contains grammar errors or isn't understandable or is unredable but it's 3AM here and I'm falling asleep
  9. @Jacques1 That's the answer I was expecting, something that explains why it's good and why it's not. Sure, that's why I built the computation cost (variable $times). A brute force would be difficult to be done, the hacker must know my hashing class. Yes, and? He can even have the world's best supercomputer that hashes all the combinations of 256 characters passwords in half a second (I doubt something like that exists) but if he doesn't know what part of the string he got is the actual user password, then he did nothing!!. Good point... To be honest I didn't really think about that... It's AES encrypted, it's unbreakable with the computers we have right now. You know, it has been quite a while since MD5 was cracked... you should probably NOT use it.
  10. my class is safer then php's password_hash
  11. it's more a css thing in my opinion. @media print { .your_div { min-height: 100%; width: 100%; } }
  12. Hello, I don't know if it's the right section. I wrote an advanced password hashing system with support of many salts (encrypted using AES) and count on how many times the password should be hashes. I would like to hear your opinion about this and maybe you can give me some ideas on how to improve it, make it more safe or maybe add some kind of function. PS: If you like the class you are free to use it in your projects. <?php /** * Password class. * * Class for hashing passwords in a safe way. * * @version 1.2 */ class password { /** * The encryption system to use in place of sha2 * @var string */ private $sha2; /** * The encryption system to use in place of md5 * @var string */ private $md5; /** * The hash function hashes a password in the most safe way. * @param string $pass, the password you want to hash * @param array[string] $saltArray, an array of strings of the salts you want to use * @param (optional) int $times, the times your password must be hashed * @return string, the hashed password. */ function hash($pass, $saltArray, $times = 5) { if(is_string($saltArray)) $saltArray = [$saltArray]; $password = implode(chr($times), str_split($pass)); /* SHA1 has been cracked so it's NOT SAFE, same thing for MD5. MD2 is OFF-LIMITS as it can be cracked with timing-attack */ $this->sha2 = $this->___chooseBest("sha512", "sha384", "sha256", "ripemd320", "ripmed256", "gost"); $this->md5 = $this->___chooseBest("whirlpool", "haval256,5", "haval256,3", "snefru", "gost"); $saltArray[] = chr(0).__FILE__; foreach($saltArray as $salt) { $password = strrev($password); $password = $this->__encrypt($password, $salt, $times); $password = base64_encode($password); } return $password; } /** * The function __encrypt is an internal function to encrypt a password with the given hash and the given salt * @param string $password, the password to crypt * @param string $salt, the salt to use * @param int $times, how many tiems should the encryption be done? */ function __encrypt($password, $salt, $times) { $salt = chr($times).$salt.chr($times); $salt = hash($this->sha2, $salt); $salt = base64_encode($salt); $salt = $this->split_str($salt); for($i = 0; $i < $times; $i++) { $passord = hash($this->md5, $salt[0].$password.$salt[1]); $password = implode(chr($times), str_split($password)); $password = hash($this->sha2, $salt[1].$password.$salt[0]); } return $password; } /** * The fucntion __choseBest is an internal function to choose the best hash function from a given list * @param string [...] All the hash functions you want to check for. First = best, last = worst * @return (bool|string), returns the best hash algo or false in case of failure */ function ___chooseBest() { $algos = hash_algos(); $functions = func_get_args(); foreach($functions as $f) if(in_array($f, $algos)) return $f; return false; } /** * Use this function to generate n CSPRNG salts * @param int $count, how many Salts should be generated? * @param int $len, the length of the generated salts * @return array[string], the generated salts */ function generateSalt($count = 5, $len = 32) { $salts = []; for($i = 0; $i < $count; $i++) $salts[] = bin2hex(openssl_random_pseudo_bytes($len)); return $salts; } /** * The function split_str is an internal function for splitting a string in half * @param string $string, the string to be splitte in half * @return array[string], the two parts of the string */ function split_str($string) { $len = ceil(strlen($string) / 2); $ret = [substr($string, 0, $len), substr($string, $len)]; return $ret; } /** * The function decodeSalts is used for decoding the salts * The salts are encrypted using Advanced Encryption System (AES). * The password should be different for all the users * @param string $salts, the encoded salts loaded from the database * @param string $password, the password for those salts * @return array[string], the decoded salts */ function decodeSalts($salts, $password) { if(strlen($password) != 32) $password = hash("sha256", $password, true); $salts = base64_decode($salts); $salts = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, $salts, MCRYPT_MODE_CBC, str_repeat("\0", 16)); $padding = ord($salts[strlen($salts) -1]); $salts = substr($salts, 0, -$padding); return json_decode($salts); } /** * This function is used for encoding the salts * The salts are encoded using Advanced Encryption System (AES). * The password should be different for all the users * @param array[string] $salts, the strings that must be encoded * @param string $password, the password for encoding those salts * @return string, the encrypted salts */ function encodeSalts($salts, $password) { if(strlen($password) != 32) // 32 = 256 bit $password = hash($this->sha2, $password, true); $salts = json_encode($salts); $padding = 16 - (strlen($salts) % 16); $salts .= str_repeat(chr($padding), $padding); return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $password, $salts, MCRYPT_MODE_CBC, str_repeat("\0", 16))); } /** * The function string_check checks if two strings are the same in a way that prevents timing attacks * @param string $a, the first string * @param string $b, the second string * @return int, the differences beetween the string, check with === 0 for seeing if the passwords are the same */ function string_check($a, $b) { $diff = strlen($a) ^ strlen($b); for($i = 0; $i < strlen($a) && $i < strlen($b); $i++) $diff |= ord($a[$i]) ^ ord($b[$i]); return $diff; } }
  13. Hello, the function fetch_row() takes all the collumns in the database and puts them in an idexed array. In PHP arrays start with index 0, your query generates a mysql output like this (output might be different depending on your mysql version): +--------------------+ | Database | +--------------------+ | information_schema | | database_one | | database_two | +--------------------+ As you can see the only column in there is "Database", so column number one (index 0) is the only column you can access. If you try to access the value 1 you are asking PHP to do something it can't do so it's why it shows an error. The function fetch_assoc() returns an associative array, an associative array it's something like this: array( "key" => "value", "key2" => "value2", "key3" => "value3" // and so on ) Fetch_assoc is really useful when you don't know on what index the column are but you know the names of them. Hope I explained myself, if you didn't understand just say it, I will explain it differently.
  14. Hello, I'm a PHP developer and have been for a while. I hope to find a good community of PHP developers, got here because I hated Stack Overflow users and their arrogancy.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.