Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by colap

  1. Someone parses the html login form and gets the csrf token from hidden field. Now can he request with that csrf token to login through jquery ajax?
  2. I know, csrf token is like a random string. Does every form need a csrf token? Does every form need to have a different csrf token or all forms have a same csrf token for one logged in user? When an user logged in, I set $_SESSION['key']=$useremail; is it ok to set email for a logged in session? Do I have to set or add another $_SESSION with csrf token? How does csrf token add security for form submission? After form submission, what would PHP do with the hidden input field or with the csrf token?
  3. Do you suggest to use any php framework instead of raw/regular php? like zendframework?
  4. How can I update record in database for a specific tab of page loading? It's addform.php. there is a form to upload image through ajax into tmp_images table. this table has id,user_id,imagepath,post_id. post_id is irrelevant here. Everytime it inserts data with post_id=-1. What I tried at top of addform.php: $user_id = $_SESSION['id']; $dbh = getDbconn(); $stmt=$dbh->prepare("update tmp_images set mark=0 where user_id=:user_id and post_id=-1"); $stmt->bindParam(':user_id',$user_id); $stmt->execute(); this updates all records for that user when the page loads/reloads/refreshes, problem is: if there are multiple 'addform.php' openned and multiple images have been uploaded by same user in different tabs, then if I refresh one tab it updates all records uploaded in different tabs too.
  5. function updateTable($dbh, $table, $columns, $val, $conditions) { $set=""; for($i=0;$i<count($columns);$i++) { $t=$columns[$i] . "=:" . $columns[$i]; $set=$set . $t; if($i!=count($columns)-1) $set=$set . ","; } $cond=$conditions; $akeys=array_keys($conditions); $last_key=end($akeys); $where=""; foreach($conditions as $k=>$v) { $where=$where . "$k=:$k"; if($k != $last_key) $where=$where . " and "; } $sql="update $table set $set where $where"; $stmt=$dbh->prepare($sql); for($i=0;$i<count($columns);$i++) { $stmt->bindParam(":$columns[$i]",$val[$i]); } foreach($conditions as $k=>$v) { $stmt->bindParam(":$k",$v); } //exit; $stmt->execute(); $stmt=null; } updateTable($dbh, "wd", ["sentence","meaning"], [$sentence,$meaning], ["word"=>$wd,"id"=>"1"]); It's not updating table row and it's not showing any error too. Why is this? But updateTable($dbh, "wd", ["sentence","meaning"], [$sentence,$meaning], ["word"=>$wd,"id"=>"1"]); this works.
  6. What's wrong using php-captcha? Is it very easy to hack/break php-captcha?
  7. I wanted the phpcaptcha in this format: <div id='captcha_container_1'> <table> <tr> <td>Secure Image:</td> <td>that-securimage</td> </tr> <tr> <td>Type text:</td> <td>the-text-box</td> </tr> </table> </div> <div id='captcha_container_1'> <table> <tr> <td>Secure Image:</td> <td></td> </tr> <tr> <td>Type text:</td> <td><?php echo Securimage::getCaptchaHtml($options); ?></td> </tr> </table> </div> Output: http://imgur.com/a/e8vF8 Securimage::getCaptchaHtml($options); creates layout automatically.
  8. What does the obfuscator do? If someone gets the code, then he can easily run(steal) the website. Answer is: Protecting from other users, I didn't sell the code to, so that they can't run the website without buying that.
  9. If I don't give them the code, then how will they run the website?
  10. Suppose the code is given/sold to someone. Then he can give this code to someone else too. Then the 2nd person can also give it to 3rd person and so on. So everyone from person 1 to 3 can use the same code. Everyone has the source code. In c,c++ executable, we can't get the original source code. How can we hide/protect php code from others so that they can't use it?
  11. I tried this in .htaccess: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule "^(.+)" "/" It works when the url looks like "http://localhost/project/xyz" , it redirects to "http://localhost/project/". But the url can be "http://localhost/project/xyz?id=5&t=abc", then it redirects to index page but the parameter is still there in url "http://localhost/project/?id=5&t=abc" , how can I remove all those parameters after redirecting to index page?
  12. See the informations about me at left side of the post. Why is this? We can't read this. Also the phpfreaks logo is in reverse order at top left.
  13. 1) Can we use any router library to avoid apache configuration? I don't want to touch apache configuration files. 2) If I must edit apache configuration, what are those rules to edit? 3) Or can we just edit apache configuration and avoid using php router library(vice-versa)? 4) Or should we need to use a php router library and edit apache configuration file(both needed)?
  14. How would php website know /10/abcd is index.php?id=10&title=abcd ? How would php know if the parameters are id and title or something else?
  15. But when we use any php framework we don't configure or change anything in apache. But the url looks like http://myproject.com/10/abcd . How do php frameowrks do that? https://laravel.com/docs/5.0/configuration#pretty-urls , Also I copied these in .htaccess and put this .htaccess in myproject/ root directory, rewrite module is enabled, then tried http://localhost/myproject/list/a , but it doesn't work. Options +FollowSymLinks RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] apache2.conf => <Directory /var/www/> Options Indexes FollowSymLinks Options +SymLinksIfOwnerMatch AllowOverride All Require all granted </Directory> http://localhost/myproject/list.php?id=a works.
  16. https://www.phpcaptcha.org/documentation/quickstart-guide/ This is to add secure image and refresh image. <img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" /> <input type="text" name="captcha_code" size="10" maxlength="6" /> <a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a> How can I add the audio icon? Like this: https://www.phpcaptcha.org/try-securimage/
  17. When we use a php framework, we don't change the webserver to make such urls. The php framework automatically changes that index.php?id=5 to index/5. How do they do it internally?
  18. I want to unset session variable from inside function which is passed as function parameter. In this way: [codeunset($_SESSION['msg']); [/code]
  19. <?php if(session_id() == '') { session_start(); } $_SESSION['msg']="Updated."; psession($_SESSION['msg']); function psession($msg){ echo $msg; unset($msg); } ?> This doesn't unset $_SESSION['msg']. How can I unset it?
  20. @Jacques1, Why do you need to require_once(); before session_start();? <?php require_once(''h.php"); session_start(); ?> We can use htmlspecialchars() for escaping and can skip using twig for escaping.
  21. @Jacques1, Some say twig is slower than php. How true is it? http://stackoverflow.com/questions/9363215/pure-php-html-views-vs-template-engines-views Regardless, the use of PHP is still the fastest and most versatile way of templating.
  22. Normally I make url in this format: http://project.com?id=10&title=abcd Then get the value in this way: $id=$_GET['id']; $title=$_GET['title']; But I see some websites with url in this format: http://project.com/10/abcd How can I make the url in this above format? How do those websites make their url in this format? After that how can I get the value of id and title with php?
  23. @Jacques1, We do with twig: echo $twig->render('page.php', array('vr' => constant('Twig_Environment::VERSION') )); Isn't it similar to: require_once('page.php'); What does twig do inside echo $twig->render(...);?
  24. How do php mvc frameworks output html form with php? Do they use template engine like twig internally? They have a form class to output html form and other html input or widges.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.