Jump to content

Werezwolf

Members
  • Content Count

    22
  • Joined

  • Last visited

  • Days Won

    1

Werezwolf last won the day on February 21 2015

Werezwolf had the most liked content!

Community Reputation

1 Neutral

About Werezwolf

  • Rank
    Member

Profile Information

  • Gender
    Not Telling
  1. So i was looking around and found that the contacts book (address book for Outlook) has the potential to store allot of data, and i mean more then what anyone would properly put in. Here is the list (100 Columns): Full_Name, Title, First_Name, Middle_Name, Surname, Initals, Suffix, Job_Title, Department, Organization, Email, Street_Address, City, State/Province/County, Postal_Code, Country, Telephone, Home_Tel., Fax, Other_Fax, Other_Email, Mobile, Pager, Info, Home_Post_Address, Home_Street_Address, Postal_Address, SMR_Address, Web_Site, Business_Street_2, Business_Street_3, Home_Street_2, Home_Street_3, Home_City, Home_State, Home_Postal_Code, Home_Country, Other_Street, Other_Street_2, Other_Street_3, Other_City, Other_State, Other_Postal_Code, Other_Country, Assistant's_Phone, Business_Fax, Business_Phone_2, Callback, Car_Phone, Company_Main_Phone, Home_Fax, Home_Phone_2, ISDN, Other_Phone, Primary_Phone, Radio_Phone, Telex, Account, Anniversary, Assistant's_Name_, Billing_Information, Birthday, Business_Address_PO_Box, Categories, Children, Company_Yomi, Directory_Server, E-mail_Type, E-mail_Display_Name, E-mail_2_Address, E-mail_2_Type, E-mail_Display_Name, E-mail_3_Address, E-mail_3_Type, E-mail_3_Display_Name, Gender, Government_ID_Number, Hobby, Home_Address_PO_Box, Internet_Free_Busy, Keywords, Language, Location, Manager's_Name, Mileage, Office_Location, Organizational_ID_Number, Other_Address_PO_Box, Prioity, Private, Profession, Referred_By, Sensitivity, Spouse, Surname_Yomi, User_1, User_2, User_3, User_4, Nickname I particularly like: Government_ID_Number (this could be handy) Language (I don't think that most of us would be Multi-Lingal) Mileage (Because i like the car and i want to by it at 300,000 KM) So what would you want to put in your database?
  2. That's what i get for not typing in a syntax highlighter and on my phone couldn't fix it up when i got home.
  3. Wordpress has a few options.php files one in WP-includes and one in WP-admin I haven't drilled into the word-press directories but there might be a number of them If your including or requiring a page from a wordpress functions page you might very well be inheriting it from somewhere else in these directories this may help https://www.google.com.au/search?q=option.php%20options.php%20site:https://github.com/WordPress/
  4. I completely agree with Psyco in most cases but if your typing mostly the same output you'll want to nest I have a general rule of of nesting at max is 3 if i go over i check if i can do the logic differently. Basically the flip side of the coin if(!isset($_POST["submit"])){// if there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form: if(!empty($_SESSION["MSG"])){echo '<div class="MSG">' . $_SESSION["MSG"] . '</div><br /><br />';}//easyer to nest this echo '<form name="LoginForm" class="formbox" id="LoginForm" action="index.php" method="post" /> Username: <input type="text" name="username" id="username"/><br /> Password: <input type="password" name="password"><br /> <input type="submit" name="submit" id="submit" value="submit" /> </form>'; unset($_SESSION["MSG"]); }//elseif do more stuff VS if(!isset($_POST["submit"]) && !empty($_SESSION["MSG"])){//There was a session message and if there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form: echo '<div class="MSG">' . $_SESSION["MSG"] . '</div><br /><br />'; echo '<form name="LoginForm" class="formbox" id="LoginForm" action="index.php" method="post" /> Username: <input type="text" name="username" id="username"/><br /> Password: <input type="password" name="password"><br /> <input type="submit" name="submit" id="submit" value="submit" /> </form>'; unset($_SESSION["MSG"]); }elseif(!isset($_POST["submit"])){// if there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form: echo '<form name="LoginForm" class="formbox" id="LoginForm" action="index.php" method="post" /> Username: <input type="text" name="username" id="username"/><br /> Password: <input type="password" name="password"><br /> <input type="submit" name="submit" id="submit" value="submit" /> </form>'; }//elseif do more stuff
  5. On member.php Your not checking if the values are set or not change if ($username && $userid) { To if(!isempty($username) && !isempty($userid){ echo "Welcome <b>$username</b>, <a href='./logout.php'>Logout</a>"; }else{ echo "Please login to access this page. <a href='./login.php'>Login here</a>"; } Depending on what you want to check you should look at this site. https://www.virendrachandak.com/techtalk/php-isset-vs-empty-vs-is_null/ On Login.php if ($_POST['loginbtn']) { should be if(isset($_POST['loginbtn'])) { and are $user and $pass ment to be $_POST['user'] and $_POST['pass] if thats the case you then should be useing if(isset($_POST['user']) && isset($_POST['pass'])) { //perform database query }else{ //user failed to provide username or password } Hope it helps you allot
  6. Just a suggestion You may want to send the userid after authentication to $_SESSION and have a script like this on your testes.php http://php.net/manual/en/reserved.variables.session.php <?php error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); if(!session_id()){session_start();} require_once("./include/membersite_config.php"); if($_SESSION['userid'] != 1261){die(header('refresh:0; ../index.php', false));} //Do not pass Go, Do not collect $200 if userid is not equal to 1261 //Insert more code ?>
  7. This is basically a Show off your Logging, Error Reporting and/or Honeypot scripts for Web servers. Summary This is a php version that includes various features including randomized fake error reporting to the client and detailed logging (that is part of an ongoing project and is inspired by a few online resources). Useful for slowing down scanners, and generally seeing what happens to your server while your away. You will probably will need to change example.com to something. ./global.php <?php if(!session_id()){session_start();} $_SERVER['logdate'] = date('Dd_M_Y'); Function TarPit() { /* Send to Tarpit */ $responce = array(204,300,301,302,303,304,404,406,409,410,418,500); $array_select = array_rand($responce,1); http_response_code($responce[$array_select]); Exit(Require_once './custerr/en.php'); } Function Logging($state,$name,$message,$script){ //Int,String,String,Bool if(isset($_SERVER['HTTP_USER_AGENT'])){$_SERVER['HTTP_USER_AGENT'] = 'UserAgent Not Set';} //Logging Method $logstr = "=========================================================\r\n"; //Other,Success, Failed, Error If($state = 0){$logstr .= $name . "\r\n";}//Other elseif($state = 1){$logstr .= 'Success: '. $name . "\r\n";}//Success elseif($state = 2){$logstr .= 'Failed: '. $name . "\r\n";}//Failed elseif($state = 3){$logstr .= 'Error: '. $name . "\r\n";}//Error $logstr .= "=========================================================\r\n"; $logstr .= $_SERVER['REQUEST_TIME_FLOAT'] . "\r\n"; $logstr .= $_SERVER['date'] . "\r\n"; $logstr .= $_SERVER['HTTP_USER_AGENT'] . "\r\n"; if(isset($username)){ $logstr .= "---- User Authenticating ---- \r\n"; $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $username .": Attempted Login result \r\n";} elseif(isset($_SESSION['username'])){ $logstr .= "---- User Authenticated ---- \r\n"; $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $_SESSION['username']. "\r\n";} else{$logstr .= $_SERVER['REMOTE_ADDR'] . "\r\n";} if($script !== 0){ $logstr .= "---- Powershell ---- \r\n"; $logstr .= 'powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL'."\r\n";} if(!empty($GLOBALS['php_errormsg'])){ $logstr .= "---- php_errormsg ---- \r\n"; $logstr .= $GLOBALS['php_errormsg']."\r\n";} if(!isset($message)){ $logstr .= "---- Additional Information ----\r\n"; $logstr .= $message."\r\n";} $logstr .= "---- Session ----\r\n"; foreach ($_SESSION as $key => $value) { if(is_array($_SESSION[$key])){ foreach ($_SESSION[$key] as $key2 => $value2) { $logstr .= '$_SESSION['.$key.']['.$key2.'] = '.print_r($_SESSION[$key][$key2],true)."\r\n";} }else{$logstr .= '$_SESSION[\'' . $key . '\'] = ' . $value ."\r\n";} } $logstr .= "\r\n"; // '../Logging/'.$_SERVER['logdate'].'.txt' should preferably be outside the website root or protected by .htaccess or cmod file_put_contents('../Logging/'.$_SERVER['logdate'].'.txt', $logstr, FILE_APPEND | LOCK_EX); RETURN $logstr; } Function ErrorHandle($message,$tarpit){ //Critical Error //EXIT(ErrorHandle(Logging($state,$name,$message,$script),$tarpit)); Is Suggested //String, bool, Int //Report to Administration $headers = "From: webmaster@example.com \r\n" . "Reply-To: webmaster@example.com \r\n" . "X-Mailer: PHP/" . phpversion(); mail('webmaster@example.com', "Error Handle" . $message, $headers); $_SESSION['MSG'] = NULL; if($tarpit == 1){exit(TarPit());} else{exit(/*Destroy Session Data maybe*/);} } ?> ./custerr/en.php <?php $http_response_code = array(204,300,301,302,303,304,404,406,409,410,418,500); $http_response_name = array('No Content','Multiple Choices','Moved Permanently','Found','See Other','Not Modified','Not Found','Not Acceptable','Conflict','Gone','I am a Teapot','Internal Server Error'); $http_response_discription = array('','Just letting you know this is actually a questionnaire?','Moved permanently somewhere else. Definitely not here although','Don\'t Panic! The monkeys have found it','Go see the other guy.','This page is Definitely not modified in anyway.',' The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found by the monkeys on this server.','This is Unacceptable','Just couldn\'t decide on what to give you','It\'s Gone. Just Gone?','I am a Teapot','Internal Server Error'); $key = array_search(http_response_code(),$http_response_code); Print('<!DOCTYPE html> <html><head> <title>' . http_response_code() .' '. $http_response_name[$key] .'</title> <h1>' . http_response_code() .' '. $http_response_name[$key] .'</h1> <p>' . $http_response_discription[$key] . '</p> </body></html>'); ?> ./Test.php <?php require_once 'global.php'; $serverarray = array($_SERVER['SERVER_ADDR'],'example.com'); if(!array_search($_SERVER['SERVER_NAME'],$serverarray)){EXIT(ErrorHandle(Logging(0,'Other Server Request','Requested Server'.$_SERVER['SERVER_NAME'],0),1));} ?>
  8. Right just had to make sure. I'm unable to because it is Active Directory.
  9. I was trying to keep my post short and on topic that is all. But ill post a revision here just for you. if(!isset($_POST["submit"])){// if there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form: if(!empty($_SESSION["MSG"])){echo '<div class="MSG">' . $_SESSION["MSG"] . '</div><br /><br />';} echo '<form name="LoginForm" class="formbox" id="LoginForm" action="index.php" method="post" /> Username: <input type="text" name="username" id="username"/><br /> Password: <input type="password" name="password"><br /> <input type="submit" name="submit" id="submit" value="submit" /> </form>'; unset($_SESSION["MSG"]); }elseif(!empty($_POST["username"]) && !empty($_POST["password"])){//do stuff }else{// Else the user hit submit without all required fields being filled out: $_SESSION['MSG'] = '</br>Please Complete all fields</br>'; exit(header('Location: ./index.php', false)); }
  10. $YourName = $_REQUEST['YourName'] ; $FavoriteWord = $_REQUEST['FavoriteWord'] ; I would try replacing $_REQUEST with $_POST. See http://php.net/manual/en/reserved.variables.request.php http://php.net/manual/en/reserved.variables.post.php
  11. As all previous posters above have stated make sure that you start your session <?php if(!session_id()){session_start();} ?> EDIT: Actually you might not of installed PHP-Login Advanced correctly. As i have not used it myself of the installation options, you may want to try reinstalling that before you move on to my next suggestion. If there was anything about session cookies or directories you may want to keep them at default. If that dose not work you php.ini may not be configured correctly i would edit that first or if you cant your Last option is. <?php session_set_cookie_params (0,'/','mywebsite.com',0,0); if(!session_id()){session_start();} ?> For more information on session_set_cookie_params http://php.net/manual/en/function.session-set-cookie-params.php --OffTopic Dose anyone have a problem with $_SERVER['SERVER_NAME'] as a catch all ? As it may be a better suggestion session_set_cookie_params (0,'/',$_SERVER['SERVER_NAME'],0,0);
  12. I think the title is very clear but i have a site that has 2 user databases, one for web mail (Round cube) and one for a directory of content that the user has to be authenticated for. I was wondering if i should throw the password in $_SESSION and authenticate web mail if the user is logged in? Obviously i should not send that password back to the client if it be encrypted or not but i would inject the username and password into the web mail authentication handler as if the user had already filled in the form. Due to certain circumstances i am unable to merge the user databases. If there are any other possibilities do recommend them instead.
  13. I have always prefer this method of outputting HTML in blocks of echo [or print_r() ] personally, my reasoning is "mostly" everyone should know what HTML is and not much need for it to be highlighted in syntax. But it dose boil down to personal preference. if(!isset($_POST["submit"])){// if there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form: if(!empty($_SESSION["MSG"])){echo '<div class="MSG">' . $_SESSION["MSG"] . '</div><br /><br />';} echo '<form name="LoginForm" class="formbox" id="LoginForm" action="index.php" method="post" /> Username: <input type="text" name="username" id="username"/><br /> Password: <input type="password" name="password"><br /> <input type="submit" name="submit" id="submit" value="submit" /> </form>'; unset($_SESSION["MSG"]); }elseif(isset($_POST["submit"]){//do stuff }
  14. Ran through the old code once more and checked it. There was an old script that was meant to be removed but it essentially set $_SESSION = ''; Now i feel stooped for not commenting it out, As many people state "We learn from our mistakes".
  15. $_DIR['ROOT'] = $_SERVER['DOCUMENT_ROOT'] .'/..';//Outside the scope of WWW root $_DIR['LOG'] = $_DIR['ROOT'] .'/logs/LogFiles/' . $_SERVER['SERVER_NAME']; if (!is_dir($_DIR['LOG'])){Mkdir($_DIR['LOG'],0700,TRUE);} I created a directory to log with on my Dev server assigning all sorts of values to these logs but i got some resolving DNS names that are not associated with my website at all. Why would $_SERVER['SERVER_NAME'] be resolving other names that are not related to my server? Expected Posiblities 127.0.0.1 Internal IP Address External IP Address test.example.com (My Website URI) Unexpected Results www.baidu.com www.epochtimes.jp www.ly.com
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.