abazoskib
-
Posts
548 -
Joined
-
Last visited
Never
Posts posted by abazoskib
-
-
my mistake!! it must have had you going nuts. glad you got it sorted.
-
Good Lord did I misinterpret on the allocation bit! That was NOT intentional!
So, I have everything I need?
Also, I hope you are escaping all user input properly, to avoid an injection attack.I don't know the first thing about what you are saying. I'm on my first site and have only been using PHP for a couple of weeks, and was in web development for a couple more than that. My affinity is more in MS Native C++98.
Thank you for the input so far!
I just crunched the numbers, and the number you were allowing to join (99,999,999,999,999,999,999) is an estimated 939,351,982 times the total of people who have ever lived (106,456,367,669).It was a mistake. I got you the first time, and I would appreciate it if you didn't rub it in my face.
zyrolasting: he was kidding! lol this community is actually pretty cool so don't worry.
read up on mysql_real_escape_string() in the php manual online. sql injection attack is when someone enters SQL into a user input(like a username field, or password field) to exploit your database, and may view a list of all the records in your table. mysql_real_escape_string() will escape all harmful characters in any user input and you'll be much happier with it. if you need help with any of the stuff, id advise you to read up on it, try it out, then come back..its the best way to learn!
-
This usually happens to me when the widths and heights are off even by a pixel. Another thing you might want to check is whitespace in your html. Older email clients can render whitespace within an element such as : <td> <img.../> </td> and a literal space. Go with something like <td><img.../></td> instead.
-
Hello.
I'm taking someone's advice and making a comments section. I want to only allow registered users to leave comments, but I don't know everything I need or how secure I need to be. There's no checklist as far as I can tell. I want to be more future proof with this, as I plan to make a forum one day. Because of this I am using the following MySQL table.
CREATE TABLE `users` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL, `pass` varchar(255) NOT NULL, `email` varchar(255) NOT NULL, `rank` varchar(255) NOT NULL DEFAULT 'Newcomer', `posts` mediumint(9) DEFAULT '0', PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
I felt kind of dirty having a table where everyone's passwords were visible on table access. I used a TOS generator to get some Terms of Service and a privacy policy and I am now working on a form to allow login/registration.
Is there anything I'm missing I should know about? Should I include myself in this table?
For one, do you really need an unsigned bigint for your user id? Thats a hell of a lot of users and not realistic. Unisgned int should be more than enough. 255 characters is way too long for your string columns.
You will need a separate table for comments(I hope that is what you are planning).
In terms of what you already have, instead of storing the user's actual password, you should implement an encrypted password. A lot of people find use of the MD5() function. Using it, you would compare the user inputted password's MD5 hash value to the one in the database, if it matches, the user can proceed as logged in. Else they are not logged in. Since MD5 has been shown to be prone to collision in rare cases, an even more secure way of encrypting the passwords would be using SHA1(). I find that SHA1() alone is enough security for me. Others find that they need to include what's called a "salt" in addition to the encryption. A salt is a randomly generated string of characters (5-12 characters long usually), generated when the user first registers, that is also stored for each user. This salt is then concatenated with the user inputted password before calculating the SHA1() or MD5(). It does add difficulty to a brute force attack, but its not required in my opinion.
Also, I hope you are escaping all user input properly, to avoid an injection attack.
Other things to consider are limiting the amount of times a user can try to login to help fight brute force attacks. You might also want to start logging IP addresses at least at the time of registration. If you are looking for the most security possible, you can alert the user when they are not logged in from the same IP and ask them a few security questions about their account.
That should be more than enough to keep you busy for a while, but hopefully I covered most of the important stuff. Good luck!
edit: jonsjava said some of the stuff i said, except tinyint will not allow for a million people. stick with unsigned int.
-
move your PHP block to the top of your document
-
I dunno about books, but for emailing, look up mail() in the online php manual.
Also look up $_POST variables. They will help you out in what you are looking to do.
-
Its telling you what's wrong. Do you find that it doesn't work after editing the file? Maybe you have misplace single or double quotes, or you are missing a semi colon.
-
It could be that "date" is a mysql keyword? Did you try the backticks like kinsito said? Try echoing mysql_error()?
-
well if its a DIV you are trying to modify you need to use innerHTML, not src. If you were altering an anchor i.e.<a href....></a> you would use src
-
maybe this will help: http://www.google.com/support/forum/p/blogger/thread?tid=0d6dbe12fc52a7cf&hl=en
I couldnt reads through the whole thing but seems worthy of a try.
-
$dates = array(); $query = mysql_query("SELECT date_column FROM speaking_engagements"); while($result = mysql_fetch_array($query)){ $date = $result['date']; $date_parts = explode('-',$dates); $dates[] = $date_parts[2]; }
You should never use SELECT * in an application. It's trouble, besides, it looks like you only need one column anyway. Why waste the resources? Replace "date_column" with the name of your date column.
-
maybe its xml? I know some hosts add code to your pages, for example GoDaddy adds a Doctype, head, and body tags to html if they are missing.
-
Well, I hope you havent assigned 'BigOne' to more than one element. I would assign dynamic 'BigOne's if that is the case. 'BigOne_xxx' for example, then pass that along to your function as well.
-
What error are you getting? If you dont know how to check, use Tools >> Error Console or Firebug in Firefox, else post it!
-
Modernvox, surprisingly the best resources I've found in learning PHP include my background with C++, the php manual online, and actually having tasks to accomplish. It's hard to learn the more complicated side of PHP without having specific goals you need to achieve. For example, someone may want to build a CMS, or another may want to build a web app, and each of these will bring about their own unique problems. PHP is so vast that you wouldnt be able to learn everything just by completing one assignment. My best advice would be to build yourself some tools you can use, ex. ftp client, email client, one of the mob wars type of games, etc etc. Just pick something that interests you/ you can use. You'll be more motivated to finish it.
-
Why not do a simple check for a session variable? At the start of your page you may choose to check for a session id, and if it exists, the user is logged in and you can show the links. If it doesn't, display a log in form.
-
isnt preg match all a function? try adding parenthesis aka preg_match_all()
-
try echo mysql_error();
or post the code
-
I was hoping for a more direct method without surrendering to shell_exec(). Thanks.
-
How would I run this little Perl script through my PHP script?
-
post the code where you assign those links
-
try this:
mysql_query("INSERT INTO table2 (username,password,name) VALUES('$field2','$field3','$field4')");
-
what a mess of a thread. Dorky, sorry to break it to you, but criticism is supposed to sting. Saying 'whatever' to a clear flaw in your code proves that you don't care for criticism of any kind. To each his own. I would suggest not asking people to "fire away" and then complain about it when they do.
-
server performance can suffer if you echo too much html. try to keep it to a minimum.
[SOLVED] PHP arrays into arrays need help
in PHP Coding Help
Posted
You can either use ltrim: $number = ltrim($number, '0');
Or you can just cast your $number variable as (int) and the zero will be removed. Your choice.