Jump to content

Kryptix

Members
  • Posts

    283
  • Joined

  • Last visited

    Never

About Kryptix

  • Birthday 03/16/1988

Contact Methods

  • MSN
    luke@xa0s.com
  • Website URL
    http://www.rscemulation.net

Profile Information

  • Gender
    Male
  • Location
    London, UK

Kryptix's Achievements

Regular Member

Regular Member (3/5)

0

Reputation

  1. Kryptix

    CSRF

    How much work do you to stop CSRF? Like, I've made sure when changing passwords/e-mails (or anything related to account security) they have to confirm their own password so CSRF can't really do much. I've got a header referral check on everything but this is really easy to spoof so without putting hidden tokens in each form is there any easier way? I can't really be bothered and the worst thing they can do is get a user to post a spam post on my forum or something trivial. How far do you take it?
  2. Is there a way to get what page included it? For example, if index.php includes header.php, how can header.php display 'index.php' automatically?
  3. What's the best way to display when a page was last edited/modified?
  4. It's causing my layout to mess up slightly and after 4 hours of messing around with it I still can't figure out why. In the end I've just ripped it out. Plus it's so difficult to read.
  5. I want a really sleek captcha on my site that's easy to implement. Any ideas?
  6. Can someone please give me 3 #COLOR codes for a pale green, yellow and red? I need them to be the same lightness and contrast so they all match each other in colour depth whilst being 3 different colours if that makes sense? I'm not sure how to calculate them so they're even.
  7. Hi, I have this JavaScript/jQuery regex: var username_regex = /^[A-Za-z0-9 ]{2,12}$/; It's perfect except: I want it to return false if the username starts or ends with a space. I want it to turn false if there's more than 1 space in a row. Can anyone help me please? Cheers
  8. Yeah it's the lack of parameter I'm talking about. Is using Apache's mod_rewrite the only way to do this? Is there no way to do it solely using PHP? What if you loop through all $_GET variables for example?
  9. As title really... viewthead.php?385784 How does the ID relate? How do you use it? Can you give me a code snippet please?
  10. So if I have the following columns in the users table: username password password_salt ident last_ip last_visit In the cookie if I store their ident hash and if their IP is different to the last_ip entry it simply logs everyone out by clearing the ident. When a user logs in successfully a new ident hash is generated and their IP is added as the last IP. If the user returns 2 weeks after the the last visit time it also logs everyone out by clearing the ident. Will that work OK?
  11. Hi, For the last few years on my website I have been using FluxBB/PunBB's login script which basically just stores a cookie with their user ID and their password hash. This is fine except if the database got leaked anyone can login as anyone else providing they have their hash. I'm trying to be more secure about this now. Can someone explain a better process to me please? I was thinking of storing sessions with a unique hash in an 'active_sessions' table and providing they have a cookie with that hash they are granted that session? If someone uses a different IP to what that session was created with it's deleted? I'm new to all of this so any advice would be great. I want this to be secure.
  12. Which would be better to use in your opinion?
  13. So I have a friend system, it's just a table with 2 columns: user (int), friend (int) Now it currently has over 2 million rows and seems pretty pointless having a row per entry because the data doesn't need to be searched in any way. The data doesn't need to be joined or anything. I'm considering adding a new column to the users table called 'friends' and just store the data like: <FRIEND ID>;<FRIEND ID>;<FRIEND ID>;<FRIEND ID>;<FRIEND ID>;<FRIEND ID>;<FRIEND ID>; Is this a bad idea? Which would use less disc space and/or be more efficient? When you login to the game all it currently does is: result = db.getQuery("SELECT * FROM `friends` WHERE `user`= '" + userID + "'"); while (result.next()) player.addFriend(result.getInt("friend")); So instead of that I'd just use Java's equivalent of PHP's explode() looping through the ID's and adding them. If there's no problem in doing this, which data type is the best to use for this kind of stuff? As I said there's literally no other usage, I will never need to use the friend system for anything else except from the above code.
  14. Kryptix

    HTML5

    I'm doing all those too but on a large site I'm sure the names add up to a few kB of data. If I can cope with using singular letter names there's no negatives in doing so, right?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.