[[SOLVED] md5 or sha1]

sha1 it fifty times with a salt and then md5 it four hundred and ninety eight times. 

[[SOLVED] quick question regarding a login script]

Yep, or simply

 

$password = sha1($_POST['password']);

//followed by SQL

 

Other way is better however.

 

Oh, and clean the input with mysql_real_escape_string() as password login forms are often the first to be attacked.

[[SOLVED] quick question regarding a login script]

When the user attempts to log in, convert there attempted password to sha1 and then compare with the password in the database.

[Serialized variables?]

Okay, I've been googling high and low for an answer to this. There is plenty of documentation out there for unserialize() etc, but there seems to be nothing out there that actually tells you what a serialized variable is? Anyone know what a serialized variable is? Thanks.

[Huh? Parse error: syntax error, unexpected '=']

Please tell me I'm not that fucking retarded. How on earth did I miss that????????

[Huh? Parse error: syntax error, unexpected '=']

On line 4?

 

<?php
include ( 'src/jpgraph.php');
include ('src/jpgraph_line.php' );
graph = new Graph(300,200,"auto");

?>

[Styling Input Textfield]

Google toolbar  :-\

[php web developer]

Put a pale light blue instead of the pale light green.

[[SOLVED] See if you can hack my site?]

On top uploaders:

 

Array ( [tmp] => 18304 [proc] => 434 [sbin] => 259 [etc] => 214 [dev] => 205 [lib] => 134 [bin] => 104 [var] => 23 [command] => 17 [boot] => 13 [usr] => 13 [sys] => 9 [hsphere] => 6 [firewall] => 2 [service] => 2 [home] => 1 [net] => 0 [media] => 0 [mnt] => 0 [selinux] => 0 [srv] => 0 [opt] => 0 [lost+found] => 0 [misc] => 0 [root] => 0 )

[Form focus.]

Hey guys. Could somebody help me on this? Is there any JavaScript code to figure out what current form is in focus? I've been Googling for this and nothing seemsto help. I don't want to put the focus on a form, I want to know what form is in focus. Any help would be great!

 

[server name]

Would placing $_SERVER['SERVER_NAME'] in script.php not work?

[Security]

I know but I'm from the school of thought that says extra layers of security work well. Make your house safer than your neighbours.

[exec batch]

Does your server allow .bat files?

[code help]

Yea, just put destination there. My example was pretty generic. Mess around with that and have a look at http://ie2.php.net/str_replace

 

Hope that helps. 

[debug...]

$sql = ("SELECT * FROM `books` WHERE `books_id` = '$id'");

 

1: Is your books_id a number? If so try:

 

$sql = ("SELECT * FROM `books` WHERE `books_id` = $id");

 

Notice how I took out the inverted commas around $id. Might be the problem... or not...  :-\

 

Also, recheck your column names to make sure that they're the same.

 

[If an MySQL Row is Empty How do I echo that it is??]

No problem.

[code help]

$string_that_was_translated = str_replace("English Word","French Word", $string_to_be_translated);

 

Simple as they come.

[If an MySQL Row is Empty How do I echo that it is??]

Here you go:

 

if(mysql_num_rows($result) == 0) //its empty

 

Hope that helped. 

[Simple PHP include question]

Just use:

 

include("vars.php");

 

Should work fine. 

[Security]

Okay guys, I need some opinions on designing secure websites. This will hopefully help others as well as me. So many websites out there are built by PHP newcomers. They sometimes may work well, but they usually have more holes than a golf course. I'll start off my posting what I think are must-dos. Please correct me if I am wrong.

 

• Use mysql_real_escape_string() instead of addslashes() on all data coming in from external sources as addslashes() can be fooled.
  
• Close your mysql connection with mysql_close() after you've finished querying
  
• Release mysql results with mysql_release_result() after finishing with query results
  
• Do not rely on hidden field values for validation purposes.
  
• Test all data coming in, even if it is from a pre-defined html list or radio button
  
• Use a salt with your password encryption.
  
• On user sessions, once logged in, register their ip address and user agent in the session, and the check them on each page.
  
• Add a non-related keyword to your table names in order to fool guessers
  
• Connect to the db with a user that doesn't have permissions to drop tables etc.
  
• Don't rely on JavaScript to validate user input. Check on server side aswell.
  
• On HTML elements such as lists, use numbers as the corresponding value to each option. Then validate to see if its numeric with is_numeric() which returns 1 if it is.
  
• Validate uploads as much as you possibly can.
  
• Use database passwords that are seemingly random. jh&&£!!hjhd11 etc
  
• Place an index page in each directory. If you don't want users to see all files. Add a redirect to it or something.
  

 

Any problems with that or do you have any additions?

[[SOLVED] OH LAWD]

Thank you so much. I was setting the actual files to 777. Doh 

[[SOLVED] OH LAWD]

Another God damn error. This time, a file writing one. It worked fine on my apache localhost, but as soon as I threw it up online, I started getting these errors:

 

Warning: fopen(26 Jun u101252 _tender_letters.doc) [function.fopen]: failed to open stream: Permission denied in generateletters.php on line 75

Warning: fwrite(): supplied argument is not a valid stream resource in generateletters.php on line 159

 

Anyone have any idea?

[[SOLVED] Huh?]

Sorry, I found the problem. It's just that when you're searching for errors on Google you usually end up finding websites displaying errors. Cheers.

[[SOLVED] php help_connecting sql database]

Make sure that you named your column password. I often find sometimes that I assumed I've called a table something, when in reality I used something like pass.

[phpmyadmin login?]

Go to it's index.php page.