waynewex
-
Posts
2,405 -
Joined
-
Last visited
Posts posted by waynewex
-
-
Yep, or simply
$password = sha1($_POST['password']); //followed by SQL
Other way is better however.
Oh, and clean the input with mysql_real_escape_string() as password login forms are often the first to be attacked.
-
When the user attempts to log in, convert there attempted password to sha1 and then compare with the password in the database.
-
Okay, I've been googling high and low for an answer to this. There is plenty of documentation out there for unserialize() etc, but there seems to be nothing out there that actually tells you what a serialized variable is? Anyone know what a serialized variable is? Thanks.
-
Please tell me I'm not that fucking retarded. How on earth did I miss that????????
-
On line 4?
<?php include ( 'src/jpgraph.php'); include ('src/jpgraph_line.php' ); graph = new Graph(300,200,"auto"); ?>
-
Google toolbar :-\
-
Put a pale light blue instead of the pale light green.
-
On top uploaders:
Array ( [tmp] => 18304 [proc] => 434 [sbin] => 259 [etc] => 214 [dev] => 205 [lib] => 134 [bin] => 104 [var] => 23 [command] => 17 [boot] => 13 [usr] => 13 [sys] => 9 [hsphere] => 6 [firewall] => 2 [service] => 2 [home] => 1 [net] => 0 [media] => 0 [mnt] => 0 [selinux] => 0 [srv] => 0 [opt] => 0 [lost+found] => 0 [misc] => 0 [root] => 0 )
-
Hey guys. Could somebody help me on this? Is there any JavaScript code to figure out what current form is in focus? I've been Googling for this and nothing seemsto help. I don't want to put the focus on a form, I want to know what form is in focus. Any help would be great!
-
Would placing $_SERVER['SERVER_NAME'] in script.php not work?
-
I know but I'm from the school of thought that says extra layers of security work well. Make your house safer than your neighbours.
-
Does your server allow .bat files?
-
Yea, just put destination there. My example was pretty generic. Mess around with that and have a look at http://ie2.php.net/str_replace
Hope that helps.
-
$sql = ("SELECT * FROM `books` WHERE `books_id` = '$id'");
1: Is your books_id a number? If so try:
$sql = ("SELECT * FROM `books` WHERE `books_id` = $id");
Notice how I took out the inverted commas around $id. Might be the problem... or not... :-\
Also, recheck your column names to make sure that they're the same.
-
-
$string_that_was_translated = str_replace("English Word","French Word", $string_to_be_translated);
Simple as they come.
-
Here you go:
if(mysql_num_rows($result) == 0) //its empty
Hope that helped.
-
Just use:
include("vars.php");
Should work fine.
-
Okay guys, I need some opinions on designing secure websites. This will hopefully help others as well as me. So many websites out there are built by PHP newcomers. They sometimes may work well, but they usually have more holes than a golf course. I'll start off my posting what I think are must-dos. Please correct me if I am wrong.
- Use mysql_real_escape_string() instead of addslashes() on all data coming in from external sources as addslashes() can be fooled.
- Close your mysql connection with mysql_close() after you've finished querying
- Release mysql results with mysql_release_result() after finishing with query results
- Do not rely on hidden field values for validation purposes.
- Test all data coming in, even if it is from a pre-defined html list or radio button
- Use a salt with your password encryption.
- On user sessions, once logged in, register their ip address and user agent in the session, and the check them on each page.
- Add a non-related keyword to your table names in order to fool guessers
- Connect to the db with a user that doesn't have permissions to drop tables etc.
- Don't rely on JavaScript to validate user input. Check on server side aswell.
- On HTML elements such as lists, use numbers as the corresponding value to each option. Then validate to see if its numeric with is_numeric() which returns 1 if it is.
- Validate uploads as much as you possibly can.
- Use database passwords that are seemingly random. jh&&£!!hjhd11 etc
- Place an index page in each directory. If you don't want users to see all files. Add a redirect to it or something.
Any problems with that or do you have any additions?
- Use mysql_real_escape_string() instead of addslashes() on all data coming in from external sources as addslashes() can be fooled.
-
Thank you so much. I was setting the actual files to 777. Doh
-
Another God damn error. This time, a file writing one. It worked fine on my apache localhost, but as soon as I threw it up online, I started getting these errors:
Warning: fopen(26 Jun u101252 _tender_letters.doc) [function.fopen]: failed to open stream: Permission denied in generateletters.php on line 75 Warning: fwrite(): supplied argument is not a valid stream resource in generateletters.php on line 159
Anyone have any idea?
-
Sorry, I found the problem. It's just that when you're searching for errors on Google you usually end up finding websites displaying errors. Cheers.
-
Make sure that you named your column password. I often find sometimes that I assumed I've called a table something, when in reality I used something like pass.
-
Go to it's index.php page.
[SOLVED] md5 or sha1
in PHP Coding Help
Posted
sha1 it fifty times with a salt and then md5 it four hundred and ninety eight times.