Jump to content


  • Posts

  • Joined

  • Last visited

Profile Information

  • Gender

colap's Achievements

Advanced Member

Advanced Member (4/5)



  1. Someone parses the html login form and gets the csrf token from hidden field. Now can he request with that csrf token to login through jquery ajax?
  2. I know, csrf token is like a random string. Does every form need a csrf token? Does every form need to have a different csrf token or all forms have a same csrf token for one logged in user? When an user logged in, I set $_SESSION['key']=$useremail; is it ok to set email for a logged in session? Do I have to set or add another $_SESSION with csrf token? How does csrf token add security for form submission? After form submission, what would PHP do with the hidden input field or with the csrf token?
  3. Do you suggest to use any php framework instead of raw/regular php? like zendframework?
  4. How can I update record in database for a specific tab of page loading? It's addform.php. there is a form to upload image through ajax into tmp_images table. this table has id,user_id,imagepath,post_id. post_id is irrelevant here. Everytime it inserts data with post_id=-1. What I tried at top of addform.php: $user_id = $_SESSION['id']; $dbh = getDbconn(); $stmt=$dbh->prepare("update tmp_images set mark=0 where user_id=:user_id and post_id=-1"); $stmt->bindParam(':user_id',$user_id); $stmt->execute(); this updates all records for that user when the page loads/reloads/refreshes, problem is: if there are multiple 'addform.php' openned and multiple images have been uploaded by same user in different tabs, then if I refresh one tab it updates all records uploaded in different tabs too.
  5. function updateTable($dbh, $table, $columns, $val, $conditions) { $set=""; for($i=0;$i<count($columns);$i++) { $t=$columns[$i] . "=:" . $columns[$i]; $set=$set . $t; if($i!=count($columns)-1) $set=$set . ","; } $cond=$conditions; $akeys=array_keys($conditions); $last_key=end($akeys); $where=""; foreach($conditions as $k=>$v) { $where=$where . "$k=:$k"; if($k != $last_key) $where=$where . " and "; } $sql="update $table set $set where $where"; $stmt=$dbh->prepare($sql); for($i=0;$i<count($columns);$i++) { $stmt->bindParam(":$columns[$i]",$val[$i]); } foreach($conditions as $k=>$v) { $stmt->bindParam(":$k",$v); } //exit; $stmt->execute(); $stmt=null; } updateTable($dbh, "wd", ["sentence","meaning"], [$sentence,$meaning], ["word"=>$wd,"id"=>"1"]); It's not updating table row and it's not showing any error too. Why is this? But updateTable($dbh, "wd", ["sentence","meaning"], [$sentence,$meaning], ["word"=>$wd,"id"=>"1"]); this works.
  6. What's wrong using php-captcha? Is it very easy to hack/break php-captcha?
  7. I wanted the phpcaptcha in this format: <div id='captcha_container_1'> <table> <tr> <td>Secure Image:</td> <td>that-securimage</td> </tr> <tr> <td>Type text:</td> <td>the-text-box</td> </tr> </table> </div> <div id='captcha_container_1'> <table> <tr> <td>Secure Image:</td> <td></td> </tr> <tr> <td>Type text:</td> <td><?php echo Securimage::getCaptchaHtml($options); ?></td> </tr> </table> </div> Output: http://imgur.com/a/e8vF8 Securimage::getCaptchaHtml($options); creates layout automatically.
  8. What does the obfuscator do? If someone gets the code, then he can easily run(steal) the website. Answer is: Protecting from other users, I didn't sell the code to, so that they can't run the website without buying that.
  9. If I don't give them the code, then how will they run the website?
  10. Suppose the code is given/sold to someone. Then he can give this code to someone else too. Then the 2nd person can also give it to 3rd person and so on. So everyone from person 1 to 3 can use the same code. Everyone has the source code. In c,c++ executable, we can't get the original source code. How can we hide/protect php code from others so that they can't use it?
  11. I tried this in .htaccess: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule "^(.+)" "/" It works when the url looks like "http://localhost/project/xyz" , it redirects to "http://localhost/project/". But the url can be "http://localhost/project/xyz?id=5&t=abc", then it redirects to index page but the parameter is still there in url "http://localhost/project/?id=5&t=abc" , how can I remove all those parameters after redirecting to index page?
  12. See the informations about me at left side of the post. Why is this? We can't read this. Also the phpfreaks logo is in reverse order at top left.
  13. 1) Can we use any router library to avoid apache configuration? I don't want to touch apache configuration files. 2) If I must edit apache configuration, what are those rules to edit? 3) Or can we just edit apache configuration and avoid using php router library(vice-versa)? 4) Or should we need to use a php router library and edit apache configuration file(both needed)?
  14. How would php website know /10/abcd is index.php?id=10&title=abcd ? How would php know if the parameters are id and title or something else?
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.