Ninjakreborn

I didn't know whether to post this in here, or in website critique. I don't want a critique, just security advice. I have found substantial loopholes in hte coding ( variables not being cleaned at all, variables passed straight into queries unsanitized (on every page), I am getting started fixing that. I was wondering if someone can help me point out other security issues. The system was hacked, multiple times. People kept getting into user accounts, and emptying there banks, as well as other things. I am trying to beef up security as much as possible, also any advice on some good way's to really beef up security on this specific site would be appreciated. I have a few things I am goign to do (login limit (3 times before 24 hours banning), captcha's on login to help discourage brute force), those are some ideas I am entertaining right now. I am also cleaning all variables site wide (huge job), as well as some other stuff. {link removed at request of user} That is the url Thanks for the help, and security advice. If this should be in critique's, then please move it there, but this wasn't really a critique. it was more of a security test.

I am wondering, does anyone have a blog they have integrated before. Looking for something with multiple uer's that has some decent features. I am currently trying to integrate www.b2evolution.com but it's such a large program, with such a wierd structure, chances are the time spent changing the user table over to my own table that I am using, is goign to take a considerable amount of time, to fully perform the integration. I would rather have something easier to integrate, any advice?

Ok, that is very helpful. Thanks to both of you. I will start looking around for feed's then work with that code to get them to display. Thanks again SOLVED

Ok, I will message you today or monday with an offer. I wanted to ask you something, the design is good by the way.

Hmm, that is the thing. Needing to get together something quickly A simple system that is already built to handle it, if there is nothing I have no choice however.

Sorry * News Aggregator. However no, I don't know too much about what they are. I know a new's feed is an xml feed with new's, and an aggragator handles feed's. I just need "something" that handles what I asked, or atleast a good new's feed that I can rely on. I don't know exactly what is needed either, he just said he wanted hispanic news setup on his site, not sure what I am looking for, just looking. Any advice?

I need a new's feed * Universal reports * By zipcode (optional) * Can be viewed in spanish/english Any ideas on something php/mysql, something free/open source, or something in xml.

Sorry this is off topic, but Jcombs, what do you charge your clients hourly. I am very, very impressed with your graphic design work. I may send you a personal message today with an offer I have been wanting to ask you about. I am in need of another graphic designer, I am talking to a few, but I wanted to ask you about it too.

Perfect, thank you for the advice, I will bookmark this post for later, and try these idea's. Thanks again.

Nevermind, one = was suppose to be == Thanks.

I have a function that get's the extension of a file (it work's, it's been tested, it echo's out the extension when echod) however it's not working on the if-ifelse statement to test the extension against a variety of conditions. <h1>Audio/Video Viewing Section</h1> <?php $id = deepclean($_GET['id']); $select = "SELECT * FROM user_files WHERE id = '$id';"; $query = mysql_query($select); if ($row = mysql_fetch_array($query)) { $ext = getext($row['filename']); if ($ext == ".rm" || $ext = ".ram") { require_once($docroot . "/views/view_realmedia.php"); }elseif ($ext == ".mov") { require_once($docroot . "/views/viewwindowsmedia.php"); }elseif ($ext == ".wmv" || $ext == ".wma" || $ext == ".mp3") { require_once($docroot . "/views/view_quicktime.php"); }elseif ($ext == ".swf") { require_once($docroot . "/views/view_flash.php"); }else { echo "Match Not Found.<br />"; } } ?> That is pretty much all the relevant code, each include (triple checked) holds the information to embed a different type of player. It's suppose to (based on extension) send them to the right one. Right now, it's including the real player one, the file is wmv, I have it set to open quicktime, but it still keep's opening real player. Is something wrong with my conditional statement in some way.

When you code in Xhtml/css it's easy to mantain the formatting and keep everything need for when you go to view source. However when I put out a lot of dynamic xhtml here and there, it look's really messed up (as far as indentation on the view source). Not to say that I don't use /n which help's a lot. It put's the spacing in the source code, however I have my html formatted, with my php output fomatted left justified, everything work's out like this <html> <head> <title>Title Here</title> </head> <body> <form> </form> php out put here. <ul> whatever </ul> </body> </html> It alway's turned out malformed, hard to read, and not good to lookat. However that only happen's with my php output, is there a way to retain the indentation, and everything just as if it was straight xhtml?

I personally advice against using NVU. There is a reason. When I first started, I started on NVU. In my obsession (And thought) that you could build websites with a wysiwyg editor. However I feel that they are not for real developer's to developer with. Even if they are, I think that it should be a choice of the developer to alter the code if they want without the editor touching what they edit (why i hate front page, I code/program by hand and frontpage doesn't let me do that because it rewrite's any code you try and do by hand). That's the reason I use dreamweaver, I have the wys element if I want it, but I have code view that NEVER get's touched by dreamweaver if the settings are set right. NVU in my opinion is one of the worse one's. The reason is when I started using it, I was changing from wys to hand coding (after I realized I could code by hand), and NVU was a pain to try and hand code with. It wasn't as bad as frontpage, but it had it's own problems. Then I used notepad, and wanted the syntax highlighting, auto-complete and changed to dreamweaver, that's why I dislike NVU. Feel free to correct me, or offer opinions if I am wrong in some way.

Hmm, ok thanks. I just did that and found something that converts .txt file's into these types. It sounds like something that will serve my purpose. Thanks again. Solved

The "default" usename (the one it starts with) for mysql is "root". Try changing your username (in the php script) to root. If not then show up your login script (username/password blanked out) Your webhost (who is it, what is it) Version of php/mysql/apache With that we can help you narrow down the problem further from there.

Ok, I have a client (had a few actually) that want video/audio upload capabilities. Seeing that I didn't know what filetypes to allow, and what not, I did some searching. Found a link someone had given me awhile back. http://cit.ucsf.edu/embedmedia/step1.php That is the link. It has the realmedia, windows player, quicktime, and flash player. So each one plays it's own filetypes. Those are rm ram mov wmv wma swf Those are the one's that play, atleast. There are other filetypes but those are guaranteed to play. i can figure out the rest later. However I wanted to test each player to make sure it's working atleast. I need atleast 1 for realplayer, one for windows media player, one for quicktime, and one for the flash player. I needed to find some test file's that aren't so huge they take 30 minutes to upload (it's just testing), as well as being safe so I can trust them. I just want really small test file's of each time, I can load into the system to test everything out, make sure I don't need ot make adjustments/corrections where needed. The ultimate reason I need the test file's is to make sure the players are embedded correctly, and that I am dynamically passing the data into the players correctly. After this works out I want to form these players into functions, as a set of functions. Then I can replicate these functions later for other like system's when they want video/audio capabilities. The second time around won't require testing because the functions have been created and testing, however I still have to make it through the testing phase atleast.

Thanks.

I was hoping so. I have tried looking. Some of the extensions I can't trust. For instance, looking up .mov file's alone. Googling for it brings up nothing but questionable content. It's very easy to get a virus. Then when I search other extensions they are scarce to impossible to find, I was hoping of reliable sources so I can get ahold of testing file's. That are less likely to have viruses. I wasn't meaning someone to hand me the file's, but I assume everyone here who ever has to test whether something plays a file must have test file's. Maybe some url's or terms on google I could search for to find a good area to download these test file's would be appreciated.

http://safari.oreilly.com/ I just wanted to throw that out there. Every single book that is mentioned in this post is fully accessible on that site. If you pay for unlimited access, you can keep note's, bookmark's, save books in the bookshelves, get tokens monthly for downloading chapters. I use to buy hardback cover's of everything, however when I got htis (it actually has every oriely book created, plus one's from many other developers. Every language, every skill, pretty much any topic related to technology or any book about technology. All at one place, this is where I spend all my extra "study" time. Reading book after book here, or downloading chapters for my laptop to study in my spare time. Just advice for those looking for books.

www.google.com "Safari Bookshelf" 39.99 per month, for unlimited access. You will never be the same again, or will never need access to another book again.

Php, isn't really meant to be edited by a program. Now in the way you think of a wysiwyg editor. Dreamweaver would be your best bet, if you wanted the "program" to edit it for you. However you would be "a lot" better off, if you did it by hand. Even in dreamweaver you can go to code view (which is where I live), I only use design view occassionally. If you are the type of person that want's some of it automated, then you have code snippet's and other like things. If you are changing links they simply edit the anchor tags.

Check the mysql username/password combination. Double check that, if you are using "localhost", it depends on the server that is running it. If mysql is on the same system then "localhost" generally works. If it's in an entirely different area all together normally you have to put the actual information in, instead.

Yes, it saved me a lot of work. After 6 hours of digging through the file's trying to figure out how. I didn't realize about the default ip to tell it to come back on itself. I was trying to put the actual IP of the site, and it wouldn't connect, however my client was still connecting to it. Then when I went to that link I read about what ip to use, to make it come back on itself, that fixed it immediately and I was able to get in and change the password. Thanks again. Just wondering, what term's did you use to find it. I had tried googling filezilla, filezilla password changing, and I saw it all over the place, but nothing worked with the xxamp setup. what did you search to get the right url?

Thanks solved

Does anyone know of a site that has a group of file's with different extensions for a developer to test with. When you are trying to create, or work on a file management/handling system there has to be an easy way to test different file types into the system safely. If I start running around downloading random filetypes I will get virus's is there a place with very small, like less than 60k file's or something roughly along those lines so they load faster. With very little in them, just enough to see if the players you have embedded in the html will actually work. instead of my having to hunt down # rm # ram files for the real media, and .mov file's for the windows player, and swf for flash, I was wondering if there is a quicker way. A site with all these extensions as test file's or something. Once I get copies of the file's I can save them on the computer, and use the same file's to retest the new system's that are the same type? Any advice, links, or anything else? thanks.