Jump to content

pioneerx01

Members
  • Content Count

    162
  • Joined

  • Last visited

Community Reputation

0 Neutral

About pioneerx01

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling
  1. For past 8 years, I design and host custom registration pages for small(er) events where users can submit their registration, upload paperwork if needed, look up their registration status, ... There are no accounts for users, only handful of admins, no credit cards, no social security numbers, no anything critical. Admins can log in and review/edit submitted information, export them in various ways, see the paperwork,... Code and databases are hosted on shared HostGator servers with dedicated IP. I have SSL on all registration pages and log ins. Passwords for admin accounts are salted and encrypted. All registration fields are checked for malicious codes and scripts. Organization interested in my services has asked for "cyber security plan" and I am not exactly sure how to put that together and what to include. Any ideas? Thanks
  2. I have been using SwiftMailer for few years now to sent confirmation emails upon registration and password recovery emails is requested; with great success. I have first stared to code the page and manually triggering it by going to the URL directly with my browser. Entire thing runs in little under one second, completes in full, no error and all intended people get emails as they should. Here is the relevant code: require '../../scripts/swift-mailer/lib/swift_required.php'; require '../../scripts/swift-mailer/confirmation_smtp.php'; // Create the Mailer using your created Transport $mailer = Swift_Mailer::newInstance($transport); $message = Swift_Message::newInstance() ->setFrom(array("confirmation@mydomain.com")) ->setTo("me@gmail.com") ->setBcc(array("archive@mydomain.com")) ->setReplyTo(array("confirmation@mydomain.com")) ->setSubject("Daily Update") ->setBody($body, 'text/html'); // Send the Message $result = $mailer->send($message); And the confirmation_smtp.php file is: $transport = Swift_SmtpTransport::newInstance('www.mydomain.com', 465, 'ssl') ->setUsername('confirmation@mydomain.com') ->setPassword('password'); My "send to" email address is currently set to my gmail address for testing purposes. Right now I am trying to use CRON jobs to send handful of emails to few people every 24 hours if certain conditions are met. I have added the command line in "php /home/username/../../../emails.php" and it runs as scheduled, I get no errors in the logs. As you can see I send a BCC to my local email, archive@mydomain.com. With CRON job I get the BCC email to my local email address (archive@mydomain.com) with the email structure as it should be, as well as "To" address showing as my gmail account in headers. However, my gmail account gets no messages with my code being triggered by CRON job itself (I have checked spam). If, however, I manually type in the URL where the same code is stored, it runs, and only then I do get the email to gmail (or yahoo, or any other external email). I am not sure why CRON job is not sending emails to outside domains, just local ones. I have shared business hosting with HostGator, with dedicated IP address, cPanel control, and correctly configured Email Authentication records for mailing. Any thoughts? Thanks
  3. The session script above is called every time an admin page loads. Rest of the code does not handle any session information. But I have figured it out. When initially logging in, with history and cookies cleared, I was going to https://domain.com/... which when logged in took me to that page, however the admin menus are going to https://www.domain.com/. I guess https://domain.com/ and https://www.domain.com/ are seen differently when logging in. I learned new thing today
  4. I am working on log-in script, but I am having some issues. Here is what's happening. With history and cookies cleared on browser, I go to my admin page that require log-in and I am presented with my log-in page. I enter my valid credentials and system logs me in and shows me what I should see when logged in as an admin, like admin menu. When I want to navigate to another admin only page via admin menu, I am kicked back to log-in page as if I were not logged in. When I do log-in again, I am back in the admin only pages. After this second log-in I am free to browse around admin pages without having to log-in again. When I log-out and what to go to another admin page I am asked to log-in, as I should. When I do log-in, I am free to move around without having to log-in second time. I get this "two time" log-in issue when the history and cookies are cleared on the browser. I have same problem in Chrome and Firefox. Coincidentally, Explorer does not seem to have this problem. All of my admin pages are structured like this: require_once ("../system_specific/database_connect.php"); require_once ("log-in/session.php"); require_once ("../support_files/admin_header.php"); echo "something here for admins"; require_once ("../support_files/admin_footer.php"); My session.php file is structured like this: session_start(); if ($_POST['log_in_attempt'] != "") { require_once (__DIR__.'../../../support_files/functions.php'); $email = trim(mysqli_real_escape_string($dbc, "$_POST[email]")); $entered_password = trim(mysqli_real_escape_string($dbc, "$_POST[password]")); $encrypted_password = encrypted_password($entered_password); if ($email == "" or $entered_password == "") $missing_log_in_field = 1; else { $query_user_accounts = "SELECT * FROM user_accounts WHERE `email` = '$email' AND `password` = '$encrypted_password' "; $result_user_accounts = $dbc->query($query_user_accounts); $num_rows = $result_user_accounts->num_rows; if ($num_rows == 0) $no_accounts_found = 1; else if ($num_rows == 1) { $row_user_account = mysqli_fetch_array($result_user_accounts); $_SESSION['active_admin_session'] = 1; $_SESSION['user_account_id'] = $row_user_account[ID]; $_SESSION['email'] = $email; $_SESSION['password'] = $encrypted_password; } else $multiple_accounts_found = 1; $result_user_accounts->close(); } } if ($_SESSION['active_admin_session'] != 1) { require_once (__DIR__."../../../support_files/admin_header.php"); echo "<div id='form_container'>"; echo "<div id='left_form_container'>"; echo "<form action='' method='post'>"; $form_variables = array("in","text","Email:","email","required"); require (__DIR__."../../../support_files/form_fields.php"); $form_variables = array("in","password","Password:","password","required"); require (__DIR__."../../../support_files/form_fields.php"); echo "<br/><br/>"; echo "<input name='log_in_attempt' type='submit' value='Log In'>"; echo "</form>"; echo "</div>"; // Left Form Container echo "<div id='right_form_container'>"; if ($missing_log_in_field == 1) { echo "<h6 class='red_text'>Log In Error</h6>"; echo "Both <strong>email</strong> and valid <strong>password</strong> are required for administrative log in."; } else if ($no_accounts_found == 1) { echo "<h6 class='red_text'>Log In Error</h6>"; echo "Log in credentials that were provided are not valid, Please check your credentials and try again. If the problem persists, please contact the system administrator. "; } else if ($multiple_accounts_found == 1) { echo "<h6 class='red_text'>Log In Error</h6>"; echo "There has been a log in error. Please contact the system administrator to resolve this issue."; } else { echo "<h6>Creating Account</h6>"; echo "If you have received an email from system administrator in regards to creating an account and you have valid authorization code, you can <a href='../new_account'>create your account now</a>. "; } echo "</div>"; // Right Form Container echo "</div>"; // Form Container echo "</form>"; die(); } Any ideas?
  5. Well, that is going to be problematic. I have many of files that were modified in last month by me alone. Going through all of them will take time. I do have SiteLock on the server and so far it came up empty. Side note: I have gone through raw FTP access logs and there are only my IP addresses listed. Also I have refreshed the Spamhaus blacklist and I am no longer listed as blocked. I did not click to have my IP removed (whitelisted). Could it be that it was somehow done automatically? As far as I know it does not. I was paying around with setting on the server though. Well, I am going to table this, for now. Maybe I will re-visit in two weeks if I get blacklisted again Thanks for the info. Have nice holidays.
  6. This is where I show how new I am to this. How would I go about doing that?
  7. Here is the way I have it set up: Registration needs to be submitted to the database first. All user (POST) info is checked, screened and validated. I have not received "fake" registration in years. If the registration is submitted successfully, email script gets called and a registration ID (last id) gets passed to it. Email scripts queries the registration record based on the ID provided, if one is found, it executes the email to the email addresses that have been submitted with the registration only. Every time when email is sent, it is also BCC to "archive" account at the same time. I have been scanning through the archive email account and there is no funny business going on. No fake info, no fake emails, no duplicate email, all looks clean.
  8. I am running a registration website where users receive email confirmation after successful registrations. About 4000 registrations/emails per year. Only after real "human" registration is submitted, a confirmation email goes out. I receive 0 spam/bot registrations. Nowhere on my site you will find a page where anyone can just enter email address and receive email without email and "human" verification. I have a Business Plan from HostGator and a dedicated IP address. I am using swiftmailer, and I had been using it for years with no issues until now. Emails are send from email address under my domain (confirmation@my_domain.com) and not through third party email client. On Dec, 1st 2015 I have gotten first email bounce stating that my IP in on Spamhaus list. I did some research and found that my HostGator account did not have SPF enabled, so I enabled it (DKIM was on). I have removed the IP address from the Spamhaus list, but 12 days later I got another bounced email and I am on the list again. CBL utility states: "It (IP) shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. This IP is infected (or NATting for a computer that is infected) with the kelihos spambot. In other words, it's participating in a botnet." I am not sure what to do about this as this is a web hosting server. All the results I got in regards to " kelihos" were related to business network, and individual computers being compromised. Any ideas on how I can go about fixing this would be appreciated. I am relatively new at all this, so use small words Thanks -Peter
  9. See attached images on how it looks in IE vs everywhere else (how I would like it to look). I know it is the issues with the <form> tags. When I take them out it all looks good, but the forms don't work then. What's interesting that IE screws up only on the first loop, then second+ are styled correctly. Why? How can I fix that? Thanks All the other CSS that is not written directly to the code (but is in .css file) relates to corners and button styling and they are not causing issues as when I disable them, I am still having position issues. echo "<div class='corners_top_5' style='border-bottom:1px solid black; border-top:2px solid black; border-right:2px solid black; border-left:2px solid black; padding:0px 5px 0px 5px; background-color:#DDDDDD;'>"; echo "<div style='overflow:hidden; '>"; echo "<strong>Teacher/Chaperone:</strong> $row_group[last_name], $row_group[first_name]"; echo "<div style='float:right'><strong>Group</strong>: $row_group[ID]</div>"; echo "</div>"; echo "<div style='overflow:hidden; '>"; echo "<strong>Preferred Schedule: </strong>"; if (trim($row_group['preferred_schedule']) == "") echo "<em class='red_text'>none selected</em>"; else echo "<em>$row_group[preferred_schedule]</em>"; echo "<div style='float:right'>edit group info</div>"; echo "</div>"; echo "<div style='overflow:hidden; '>"; echo "<strong>Group Special Needs: </strong>"; if (trim($row_group['special_needs']) == "") echo "<em class='gray_text'>none listed</em>"; else echo "<em>$row_group[special_needs]</em>"; echo "</div>"; echo "</div>"; echo "<div class='corners_bottom_5' style='border:1px solid black; padding:3px 5px 0px 5px; margin-bottom:10px'>"; $query_students = "SELECT * FROM `student_registrations` WHERE `teacher_no` = '$row_group[ID]' ORDER BY `last_name` "; $result_students = $dbc->query($query_students); $num_rows_students = $result_students->num_rows; $row_count = 0; if ($num_rows_students != 0) while ($row_student = mysqli_fetch_array($result_students)) { $row_count++; if ($row_count %2 == 0) $style = "background-color:#EEEEEE"; else unset ($style); echo "<div style='overflow:hidden; $style'>"; echo "<div style='float:left; overflow:hidden; width:200px; '>"; echo "$row_student[first_name] $row_student[last_name]"; echo "</div>"; echo "<div style='float:left; overflow:hidden; width:200px; '>"; if ($row_student['pr'] == "") echo "<span class='red_text'>Media release not submitted</span>"; else echo "<span>Media release submitted</span>"; echo "</div>"; echo "<div style='float:right; overflow:hidden; width:40px; '>"; echo "<form action='' method='post'>"; echo "<input name='student_edit' type='hidden' value='$row_student[ID]'>"; echo "<input name='teacher_no' type='hidden' value='$row_group[ID]'>"; echo "<input name='email' type='hidden' value='$_POST[email]'>"; echo "<input name='registration_id' type='hidden' value='$_POST[registration_id]'>"; echo "<input name='delete' type='submit' value='delete' id='hyperlink_button' style='padding-top:5px'>"; echo "</form>"; echo "</div>"; echo "<div style='float:right; overflow:hidden; width:35px; '>"; echo "<form action='' method='post'>"; echo "<input name='student_edit' type='hidden' value='$row_student[ID]'>"; echo "<input name='teacher_no' type='hidden' value='$row_group[ID]'>"; echo "<input name='email' type='hidden' value='$_POST[email]'>"; echo "<input name='registration_id' type='hidden' value='$_POST[registration_id]'>"; echo "<input name='edit' type='submit' value='edit' id='hyperlink_button' style='padding-top:5px'>"; echo "</form>"; echo "</div>"; echo "</div>"; } if ($num_rows_students == 1) $ordinal = "is $num_rows_students student"; else $ordinal = "are $num_rows_students students"; echo "<div style='overflow:hidden; padding-top:3px'>"; echo "<em>Currently there $ordinal registered with this teacher/group</em>"; echo "<div style='float:right'>"; echo "<form action='' method='post'>"; echo "<input name='student_edit' type='hidden' value='0'>"; echo "<input name='teacher_no' type='hidden' value='$row_group[ID]'>"; echo "<input name='email' type='hidden' value='$_POST[email]'>"; echo "<input name='registration_id' type='hidden' value='$_POST[registration_id]'>"; echo "<input name='add_student' type='submit' value='add new student' id='hyperlink_button_primary' style='padding-top:3px'>"; echo "</form>"; echo "</div>"; echo "</div>"; echo "</div>";
  10. OK, the title is bit confusing. Lets say that I have a table with three columns (name, no1, no2) with following rows: (Mike, 5, 7), (Julie, 6, 2) and (Jack, 8, 3). Is there a query that will allow me to sort the results in such way that it will sort them by the lowest number from either no1 or no2, depending on which one is the lowest? So, the query would look at no1 and no2 and pick only the lowest one, do the same for rest of the rows and then order them by lowest resulting numbers? So the results should be: (Julie, 6, 2) (Jack, 8, 3) (Mike, 5, 7) Thanks
  11. I have two domains both running SSL. Let's call them old-domain and new-domain. old-domain is permanently redirecting traffic to new-domain. There are still a lot of links out there to old-domain with https://. If I were to remove SSL from old-domain but keep SSL on new-domain, I am betting that users will be getting some sort of certificate error. Right? Any way around that if I want to remove SSL from old-domain?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.