Richard_Grant

This is a simple permutation function that i was converting from php: string_gen(){ declare -a chars=('a' 'b') max=4 let length=${#chars[@]}-1 n=0 combination=" " for i in `seq 0 $max`; do let n=($n*($length))+($length) done remainder=0 for i in `seq 0 $n`; do current=$i combination=" " while [[ $current > 0 ]] do remainder=($current%$length) echo remainder if [ $remainder -eq 0 ]; then combination="$combination"${chars[$length]} else combination="$combination"${chars[$remainder]} current = $current/$length fi done done echo $combination } What is wrong with the syntax? Link to PHP version: http://stackoverflow.com/questions/12293870/algorithm-to-get-all-possible-string-combinations-from-array-up-to-certain-lengt

Tbh iv'e never had any issues with Godaddy at all, i think your just incapable of managing your own website. If you don't like basic webhosting then maybe you should get a VPS. Their job is only to make sure your SERVER is running not your WEBSITE.

Can someone dumb the function session_write_close() to me? Ive read this http://php.net/manual/en/function.session-write-close.php and i still don't understand!

Mysql is depreciated you should use mysqli or PDO in PHP.

The answer to this post describes my situation. http://stackoverflow.com/questions/4451398/is-it-safe-to-keep-the-user-password-hash-on-session-php

I have a login system Username and Password. My password is encrypted with bcrypt, if it okay to store that bcrypt in a session as $_SESSION["hash"] To verify that the user is who they say they are? Or do i only need to do $_SESSION["username"]

Works just like i needed!

I got these 2 rewrites: RewriteRule ^user/([0-9]+)/(.*)/(.*)/ ./board/user.php?ID=$1&FIRSTNAME=$2&LASTNAME=$3 [L,NC] RewriteRule ^user/([0-9]+)/(.*)/(.*) ./board/user.php?ID=$1&FIRSTNAME=$2&LASTNAME=$3 [L,NC] And i want to combine them but when i do this: RewriteRule ^user/([0-9]+)/(.*)/(.*)(/|$) ./board/user.php?ID=$1&FIRSTNAME=$2&LASTNAME=$3 [L,NC] It doesnt work.. when i type this in the url https://www.mysite/board/users.php?ID=1&FIRSTNAME=Richard&LASTNAME=Grant/ the variables are retrieved like this: (has trailing slash) ID="1" FIRSTNAME="Richard/Grant" LASTNAME="" when i type this in the url https://www.mysite/board/users.php?ID=1&FIRSTNAME=Richard&LASTNAME=Grant the variables are retrieved like this: (doesn't have trailing slash) ID="1" FIRSTNAME="Richard" LASTNAME="Grant"

Ahhh! i just found out that if i type https://www.mysite.com/user/RichardGrant/1 it doesnt recongnize the url because the trailing slash... but this works fine! https://www.mysite.com/user/RichardGrant/1/

im using this: RewriteCond %{REQUEST_URI} user/(.*)/(.*)/ RewriteRule user/(.*)/(.*)/ %{DOCUMET_ROOT}/board/profile.php?ID=$1&NAME=$2 Is that fine? its working fine but is it depreciated or anything?

Thank you im sure that will work exactly the way i need it to, i will let you know as soon as i finish making the user profile!

Okay so i have a URL like this.. https://www.mysite.com/board/profile.php?user=1 I want the URL to be like this.. https://www.mysite.com/user/1 .htaccess rewrites have always confused me.

oh so i can just put ? setcookie($name, '', NULL, "/", "", 0); Without any compatibility issues?

This is prob a stupid question.. but i've always wondered.. When deleting a cookie why do we use why do we use: setcookie($name, '', time() - 3600, "/", "", 0); when this works just fine: setcookie($name, '', 0, "/", "", 0); isn't the time() just a waste of space? I ask this because everywhere i look i see: setcookie($name, '', time() -3600 , "/", "", 0);

Because you can force when the user goes to https://www.mysite... to go to http://www.mysite

#closed

I stopped reading this at All log in and registration scripts should be in SSL, Which mine are. The data can still be grabbed from https.

I just realized that hashing the username is pointless because the session will just get the right username after. _ so instead _ Im not going to store the username in a session like i usually do, Im going to store the ID of the user and make the db get the information when needed.

Yes, now go back and reread it. The terminology is irrelevant

Data siphoning is becoming more common every day, Data siphoning is when you intercept the data and sniff between a client and a host, also known as sniffing a connection. ( i am focusing on session hijack) To protect clients I've decided to write an MD5 calculation function which changes a secure string (such as a password) to plain MD5 Then once the MD5_password reaches PHP i BCRYPT with cost 20 using password_hash _ MD5 is not ideal at all and i would like to write a better encryption but i only know how to do MD5 for java script, but i really don't need that much security here. the purpose is to not show sensitive information, that's going to be hashed on the server, during a data siphon attack. _ Data siphoning can not be protected against on the host server, the siphoning happens on the clients side usually when they don't have a strong firewall or such. What are some good techniques you would practice to protect from data siphoning? Before added security i was able to siphon this: Username: Richard Password: mypassword After added security i was able to siphon this: Username: 6ae199a93c381bf6d5de27491139d3f9 Password: 5f4dcc3b5aa765d61d8327deb882cf99 Now the only vulnerability between the client and server is if the hacker dns hacks the client which could redirect them to a website that looks like mine with the same EXACT url. which i can't help. The real username can be retrieved in a session on login. The real username and password can be found if a hacker injects js to remove the MD5 function, so if you know how to detect JavaScript injection i would like to know that as well. ______ Pretty much it looks like this.. Form -> Send md5(username) & md5(password) -> Server check if match in datbase -> If so login. ^ cypher ^cypher (session)

you need to be using a float datatype. 4.90205690308E-6 is exponential.

I was talking about not using prepared statements my bad about that.

. Its really spaghetti and if i didn't spend hours setting up my server to use PDO i would switch to mysqli

My table name and col are passed in as a string parameter so PDO::quote should work just fine for me