Distant_storm

Hey im looking to ban some Ips, But I know effectivly just banning 192.168.1.1. or whatever will not work that well. Does anyone know what changes within an Ip address so I can effectivly ban the same person but not accidently ban any other users by breaking up the ip address and using a range for some items. for example 192 168 1 - 68 1 - 68 or something ? any ideas?

I get this Call to undefined function ebcdic2ascii() when trying to use that function ?

It is a result from a sh1 encryption.

Is checking a string such as ´æÐ:ܾ,y·Ù’O3¾#é× using == or != going to work as I have tried it and put if != then echo the two values out and even after trimming it still returns that they are not the same ? any ideas

The images already do have a watermark on them, I guess even if they can't right click and save as they can always screen shot the water mark image. hmmm

Iam half way trhough making an admin panel. Admin panels for me need to be. 1) User friendly 2) secure 3) easy to navigate 4) supported by you Firstly start of with what you need the user to be able to do such as... Upload files Edit/change files Block ip's The main idea I tend to use is templates for the main site. Think simple for your admin panel because by time you get round to it you will have a list as long as your arm that you need to impliment and it will be slow and not time effective. Templated main site the user to create new pages which can then be integrated into the main design. so data could be stored in a database or files. I suggest a database. Admin panel step one: Make graphical interface with menu options (baring in mind any menu changes and other pages you may want to make) 2) make a secure login. - Login using sessions as data holders. The path of your sessions are usually default to tmp although there are disadvantages as if on a shared host it will be accessable from other users too so not majorly secure. Although if you move the session path to something above your servers http folder the garbage collection will not happen and you can be left with again unsecure sessions. Choice is yours though. -encrypt data such as passwords using md5 or sha1 for example. -make sessions time-out after say 30 minutes. -don't use obvious names such as password or username, although it helps to navigate your code it is potential window. -Once you have session securty and such set up check the user is authorised to view everytime they go to a new page or carry out a new routine. - once you have done basic security and your happy with your administration set up more security such as captcha's to stop automated scripted attacks once thats done its pretty much easy from there

Ok I have a captcha which stored the word in a session, although it is to be md5'vd but becuase i was having errors i took that out. so anyway i do this if ($_POST['cap'] != $_SESSION['cap_stored']) { echo "The input did not match<Br />Captcha word entered: " . $_POST['cap'] . "capatcha word stored: " . $_SESSION['cap_stored']; } now the session is started correctly and the output values are identical no leading or trailing spaces. What could be the error here

i know->$this a fair bit of object orientated programming, but bleh, i guess im going to have to learn abit more of it to get a grasp. seeming as facebook is the in thing these days

Lol ive programmed in php for like 3 years but I looked at facebooks platform and was like :S HUH its all weird app keys and blah blah if anyone has a tutorial ?

Ok i am looking to make a gallery, I know the basics of it basicly just reload an imagine within an I-frame, ok so its not pre-loaded or anything but I don't know how to use flash at all if im honest. I need to stop right click save as. I thought of renaming the files after they have been sent to the browser but with the amount of visitors this would kill the server lol . I already have hotlink protection although I need it somehow to stop save as. Any ideas would be apreciated

at the top of your first page put if (isset($_POST['submit'])) { /do the processing of logincheck.php exit(); } That says if the value of $_POST which is the form method value of submit which is your button is sent then process the data

I am looking to make my own escaping system, although i don't know the major characters to escape? Is there any really bad characters that must at all times be escaped.

Thanks for that advice, Ive always been server security conscious. I didn't figure that anyone would go to the that much trouble to get someones name. But these days theres are alot of php wiz kids out there. Again thanks for the advice saves me some code.

Im using a Host and its linux based. I believed that SSL would protect sessions as it stops network eavesdropping for potential threats looking for PHPSESSID. ?? Or im i totaaly of the chart lol. This is just incase someone put their network card into promiscuous mode which means they recieve all packets of data regardless of if their addressed to them ? What is the best session protection ? apart from checking the session file using sh1 to check if it has changed at all and the path of session and timeout of the session ? I also read alot about reverse proxy and proxy usage to fixate or hijack sessions ? how do protect against this ? Thanks

So I have to delve intp parsing and that i can't just do this <?xml version="1.0" encoding="utf-8" standalone="yes"?> <images> <pic> <image>http://www.kazphotos.co.uk/1.jpg</image> <caption>Beach Scene</caption> </pic> <pic> <image>http://www.kazphotos.co.uk/2.jpg</image> <caption>Home site</caption> </pic> </images> and write that to a xml file :S ? god help me if i have to parsing i don't even know what that is

I am soon going to be looking to write XML files with php, I think it has to be written in a certain encoding or would the simple writing functions do ? such as touch() fputs fgets all that jazz or do i need to use some special function which will write in a certain encoding ?

Ok got a few questions here. a) With sessions is it worth the code hastle to hash the session file before any writing or reading to be done. to check that the data is valid ? b) Does anyone know any basic introductions to SSL as I want to use it as its most effective against session hijacking and other attacks.

you need to have session_start() somewhere before you refer to the session.

Its always best to make validaiton as a function / universal that way you could do something like. validate_data('TYPE','string'); example validate_data('Email',$string); within the function you could have a switch case between different forms of validation. such as email,numbers only,letters only,single digits,dates. You could then output a flag and do this if (validate_data('email',$string) { echo "your data is corrrect"; } This makes the function re-usable. Takes less code, less space, less effort of typing it out for every form u need to validate. and if any changes are needed to your code to check something else you only have to change one bit of code and not loadz.

gd gd glad it worked for you mate. Although method two tends to be best but if you prefer the rename method thats ok.

for example you can redirect if any php file is accessed within a paticular folder. keywords to look for with htaccess hotlink,modrewrite

Nope in this case you set the session save path before you call the session http://uk3.php.net/session_save_path

Id try HTaccess ?

Method one rename("FILECURRENTDIRECTORYHERE/file.txt", "THEFILESNEWDIRECTORYHERE"); So at the end of the upload into whatever directory ur currently uploading into use that as the first parameter and then the value from dropdown menu as the second with the filename on the end of that. Method two move_uploaded_file ( string $filename , string $destination ) That will a) check to see if the file is correct from uploading via the post mechanism and then the destination is where you want it to be moved too. $filename as the temporary filename given by the upload process.You already have this in your code you just need to change part of it to send it to the path you require via the dropdown menu Remember to make sure your folderss have the right CHMOD or (permissions to be written to)

don't know if im 100% but shouldn't, don't know if im being stupid but if the variable value for $session_save_path is in _def.php it would need the file to required before you set the session_save_path?? no session_save_path($SESSION_SAVE_PATH); // from _def.php require_once("_def.php"); be require_once("_def.php"); session_save_path($SESSION_SAVE_PATH); // from _def.php