lanmind
-
Posts
13 -
Joined
-
Last visited
Never
lanmind's Achievements
Newbie (1/5)
0
Reputation
-
*bump*
-
I'm sorry, a session is declared at the very top of my homepage: http://www.dockhawk.com/ but you can't see it in the source.
-
Hello everybody, On my page here: http://www.dockhawk.com/ I referenced this article: http://phpsec.org/projects/guide/2.html I'm using a session variable to ensure a query sent to my database actually comes from my site. Problem is is that if you type something like: http://www.dockhawk.com/currentphp.php?name=houston into a URL bar data as valid XML is being returned. I'm assigning the session value to a javascript variable and sending it to the PHP inside the javascript function "getmarks();" using AJAX. The PHP queries the db then returns a new session value in XML to ensure each session var is used only once. The session value is then reassigned to the javascript var for the next query. Here is the relevant PHP: <?php session_start(); if ($_GET['token'] !== $_SESSION['token']) { die('Invalid token'); } $_SESSION['token'] = uniqid(md5(microtime()), true); $coin = $_SESSION['token']; ... I was hoping using sessions would ensure my data could only be queried from my page. Any ideas why this doesn't work? Thank you.
-
See this simple page: http://www.dockhawk.com/html.html To me it seems the session value isn't being passed (on my browser at least). Any idea why? PHP: <?php session_start(); // get token variables $token_session = $_SESSION['token']; $token_url = $_GET['token']; // compare them $comparison = $token_session == $token_url; // set the token to a new value to ensure it is only used once. $_SESSION['token'] = uniqid(md5(microtime()), true); echo 'Token in session [' . $token_session .']<br>'; echo 'Token from URL [' . $token_url . ']<br><br>'; echo 'Are they equal? ' . ($comparison ? 'Yes' : 'No') . '.<br>'; if (!$comparison) { die('Invalid token.'); } else { echo 'Valid token.'; } ?>
-
I also don't like the header images. The small map on the bottom showing visitor locations is irrelevant and makes me wonder: "Why would the designer put this here? It reminds me of those old clumsy page counters of years past". I thought about putting W3C's validation icons on my pages too, but the graphics are just too #$%^ big and ugly. They remind me of Shrek (the animated character) too offensively disgusting to like : ) I've never seen any mainstream site display them. Your layout is defiantly functional and clean but feels too "boxy" with all the sharp edges. This is something I need to work on too. You need more color, but less strong colors, light colors that are easy on the eyes. Like PHPfreaks light colors! Your wannafork.com graphics are ugly too, did you make them on MS Paint? I have no graphics on my site mainly because I'm afraid of the outcome! lol
-
Thank you
-
Hi drop faith, I am amateur at web design but I like to think I have an eye for "appealing functionality". Your site to me feels scatter-brained, I don't know where to look. To me there's too much in a small area, many things are too close together. Also my screen isn't optimal so I have to crank the brightness way up to see the dark blue against the dark black. Have you ever been on people's Myspace pages and it's almost unnavigable? It's not as bad as that of course but it reminds me of those poorly designed pages. You can critique mine anytime, it's the polar opposite of yours! seriously lol. http://dockhawk.com/
-
*bump*
-
There are no directions to marine terminals as they (most of the time) have no addresses. They are usually called something like "Los Angeles Berth 168", mariners are always having a hard time finding vessels. My database (not the one you see right now) is unique in that it has geo-locations that can provide directions. nrg_alpha, what is a gui? Many things I do revolve around "less is more". This is why my site is so bland right now, and I care for functionality the most.
-
Yes, you have eyes.
-
I've been thinking of having my site critiqued for a little while now, and I found this. So here is the basic layout (I'm always working on functionality so...): http://www.dockhawk.com/ Oh type anything into the search box about the water! berth, marina, boat etc.
-
Thanks for the fast replies! I'm sorry for not inserting code tags. Dark Water I removed the session_start(); from the PHP file because I assumed it shouldn't have been there. I thought it should have only been on the HTML page. I put it back into the PHP but I'm still having the same issue. The script is continuing even though the value of "token" should not be equal to the session_token. Here is the relevant PHP: <?php session_start(); if ($_GET['token'] !== $_SESSION['token']) { die('Invalid token'); } $keyword=$_GET["name"]; require("dockhawk_...
-
Hello everybody, My page: http://www.dockhawk.com/ I'm trying to implement some "session security" PHP script mentioned in the "Cross-site request forgery" section of this tutorials (pdf): http://daniel0.net/phpfreaks_tutorials/php_security/php_security.pdf I was trying to figure out if it was functioning by putting a value in the hidden input that won't be equal to the session token. The hidden input is in my default.html page inside the <div id="search_form">. So as the value is wrong the PHP should return "Invalid Token" but it's not. In earlier testing I had taken away the not "!" in the PHP and left the hidden input's value as "<?php echo $_SESSION['token'] ? >" and the PHP did return "Invalid Token" as it should have. It seems the "!" isn't working, I'm not sure. Thank you for your time, here is the PHP: <?php if ($_GET['token'] !== $_SESSION['token']) { die('Invalid token'); } $keyword=$_GET["name"]; require("dockhawk_dbinfo.php"); function parseToXML($htmlStr) { $xmlStr=str_replace('<','<',$htmlStr); $xmlStr=str_replace('>','>',$xmlStr); $xmlStr=str_replace('"','"',$xmlStr); $xmlStr=str_replace("'",''',$xmlStr); $xmlStr=str_replace("&",'&',$xmlStr); return $xmlStr; } // Opens a connection to a MySQL server $connection=mysql_connect ($hostname, $username, $password); if (!$connection) { die('Not connected : ' . mysql_error()); } // Set the active MySQL database $db_selected = mysql_select_db($database, $connection); if (!$db_selected) { die ('Can\'t use db : ' . mysql_error()); } // Select all the rows in the markers table $query = "SELECT * FROM markers WHERE MATCH(operator, name, waterway) AGAINST ('$keyword') LIMIT 0, 25"; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); } header("Content-type: text/xml"); // Start XML file, echo parent node echo '<markers>'; // Iterate through the rows, printing XML nodes for each while ($row = @mysql_fetch_assoc($result)){ // ADD TO XML DOCUMENT NODE echo '<marker '; echo 'operator="' . parseToXML($row['operator']) . '" '; echo 'name="' . parseToXML($row['name']) . '" '; echo 'waterway="' . parseToXML($row['waterway']) . '" '; echo 'mile="' . parseToXML($row['mile']) . '" '; echo 'address="' . parseToXML($row['address']) . '" '; echo 'town="' . parseToXML($row['town']) . '" '; echo 'state="' . parseToXML($row['state']) . '" '; echo 'lat="' . $row['lat'] . '" '; echo 'lng="' . $row['lng'] . '" '; echo 'county="' . parseToXML($row['county']) . '" '; echo '/>'; } // End XML file echo '</markers>'; ?>