Jump to content

hiprakhar

Members
  • Posts

    21
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

hiprakhar's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. I dont think so thats the problem as I myself use gmail address in From: and mails are sent without fail. @andrej13 if this is not working then maybe something is wrong with your hosting server which you are using to send mails, as this is a working code and I am using it to send mails myself. Ensure that mail() is enabled by your server. use phpinfo() to find that.
  2. Try this: $to = "something@something.com"; $subject = "Your subject line"; $message = "<html> <head> <title>Email Confirmation</title> </head> <body> your message which may be HTML. Remember to use single quotes '' in your HTML text otherwise they will conflict with outer double quotes. Or escape quotes. </body>"; // Always set content-type when sending HTML email $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n"; // More headers $headers .= 'From: "your email address" <sendersemail@something.com>' . "\r\n"; //$headers .= 'Cc: ' . "\r\n"; mail($to,$subject,$message,$headers); Do not use session values directly in mail function. Sanitise the values before using them. If in doubt use echo to figure out what values are actually going inside the mail function. Hope that helps
  3. Hi, I have a database and I need to generate xls file selecting only few columns. The following should happen on click of a trigger like button/link: 1) 6 columns from mysql database table are selected. The first row of xls is the field name which is NOT the same as mysql table column name (xls columns are explicitly defined) 2) This file is generated and saved inside filesystem on remote server. 3) Link to this file is displayed which can be downloaded from server. Please help how to do this. I have the code for creating csv files but that doesnt save the file on server, just shoots it to browser to download. function createCSV() { include("dbconnect.php"); $query = "SELECT `EmailAddress` , `Name` , `FirstName` , `LastName` FROM directtable;"; $rsSearchResults = mysql_query($query) or die(mysql_error()); $out = ''; $fields = mysql_list_fields($dbDatabase,'directtable'); $columns = mysql_num_fields($fields); // Put the name of all fields for ($i = 0; $i < $columns; $i++) { $l=mysql_field_name($fields, $i); $out .= '"'.$l.'",'; } $out .="\n"; // Add all values in the table while ($l = mysql_fetch_array($rsSearchResults)) { for ($i = 0; $i < $columns; $i++) { $out .='"'.$l["$i"].'",'; } $out .="\n"; } // Output to browser with appropriate mime type, you choose header("Content-type: text/x-csv"); //header("Content-type: text/csv"); //header("Content-type: application/csv"); $now=date("d-m-Y,H:i:s", time()); header("Content-Disposition: attachment; filename=emails_".$now.".csv"); echo $out; }
  4. Thanks for the reply. 1) mysql_real_escape_string() is already implemented. Earlier I used the function to escape quotes and other special chars 2) No the user input is not used in linux commands. 3) Yes I have sanitized all incoming data from user via POST/GET according to its type. 4) Same as above 5) I will work on this. Many SQL statements are not hardcoded. thanks! 6) Its a LAN based application so I know all users are real and not bots floating on net. Hence I have not implemented captcha. 7) POST is always the preferred option I will work on session variables too. thanks! @trink Thanks for the suggestion I will implement it. Although sha1 has been breached but thats still remote in without specialized equipments. I think I will make some innovative $key based on some distinct and creative values for each user to further strengthen hash. Thanks! Any more suggestions for php website security? I was reading joomla and wordpress pages and I liked the idea of using die() at slightest hacking doubts. Please share more vulnerabilities that are encountered in other php projects. ps: Inadvertently I made a smiley while typing "8 )" !!
  5. Hi, I am using this thread to create a captive portal: http://www.andybev.com/index.php/Using_iptables_and_PHP_to_create_a_captive_portal I am running Ubuntu using VMWare on win 7 in unity mode which is all working cool, including networking. I have installed all packages to run apache2, php5, mysql and phpmyadmin and also other packages as listed in by andybev- (which are also working cool) # conntrack # sudo # psmisc # PHP # squid The flat file used to store details of all registered users is /var/lib/users. Now I have to create the iptables rules, where I am having problem. Andybev just says the following iptables rules are required without elaborating "HOW TO CREATE THESE RULES"
  6. No passwords are only encrypted via SHA1. Before saving to the database, the sha1 is calculated from the POST data. For authentication, the sha1 passwords from db is matched with the sha1 of the entered password at runtime. I think sha1s are sufficiently difficult for anyone trying to hack and untangle the passwords. Given that sha1 is one sided function.
  7. hi, Hi have a web application www.prakhargoel.com/projects/lms/ that is used by students for logging and requesting a computer system in the internet lab. There is a corresponding labadmin at www.prakhargoel.com/projects/lms/labadmin. Though I tried to make this web app as secure as possible, there might be some shortcomings in the security which could be used by hackers. Please analyse the vulnerabilities and tell where I need to improve. If anyone needs, I can provide the php code for further testing. I have: 1) applied sha1 encryption to all passwords. 2) timeout sessions 3) sql injection filters, etc
  8. Try: <iframe name="CiFrame" width="727" height="805" src="<?php echo isset ($_GET['CiFrame'])?$_GET['CiFrame']:'/NonMembersFeatured.php' ?>" scrolling="auto" frameborder="0"></iframe> do tell if that worked
  9. Hello andrewgauger! Sorry for the late reply. Was off board for the past few months. Thanks for the nice suggestion about captive portals. I have: 1) Installed ubuntu fresh version 2) apt-get all utilities required like apache, php5, mysql and phpmyadmin 3) Now I am going towards building the captive portal flat. I am using your pointer: http://www.andybev.com/index.php/Setting_up_a_captive_portal_from_scratch_using_Debian (Thanks for the link!). But here, the description is too specific. Like "Speedtouch firmware" etc. Can you please provide me some more pointers to the captive portals? Most of the CP I checked out on the Internet are for wi-fi. However I need it for LAN. I need it simple- Create captive portal > test it using a sample php-mysql login page and ip tables > deploy my own php solution that you said you tested. ps: I really appreciate your help for leading me to the right direction! I always want to add nice people my network where we can share part of our gray matter and spread sunshine. I would love to be your friend. Please drop me an email at hiprakhar @ gmail . com or give me your email id or drop me a PM.
  10. Thanks anyways for suggesting the query. Your help is deeply appreciated
  11. Thanks Mchl!! The query works perfect in MySQL! One problem though in MS ACCESS it says "syntax error in update statement" and the cursor goes over "USING". Is there any alias for this that works in MS ACCESS Thanks for the support!
  12. Hi, I have to update tempqty of all available products in the productlist. For this I have to calculate the difference of the Sums of each product purchased and sold. I am writing this query for the same in MySql and MS access but they are not working. In Ms Access it says "must be an updateable query", in MySQL the sum of all the qty is update in the tempqty. This is the query. UPDATE CopyProductBatch AS p SET p.tempqty = (SELECT (a.total - b.total) FROM (SELECT SUM(qty) AS total FROM Inventory AS i, CopyProductBatch AS p WHERE type = 'p' AND i.productbatchcode = p.productbatchcode) a, (SELECT SUM(qty) AS total FROM Inventory AS i, CopyProductBatch AS p WHERE type = 's' AND i.productbatchcode = p.productbatchcode) b) Please help
  13. Hi With respect to the example suggested by@andrewgauger http://wiki.squid-cache.org/ConfigExamples/Authenticate/Mysql Let me explain the requirements of the internet: 1) The student comes and sits on a computer. 2) Type www.google.com in address bar 3) The proxy server checks if the xyz ip (from where request is coming) is logged or not. 4) if its logged then it fetches www.google.com 5) If the ip is not logged then it redirects to 192.168.0.36/lms/index.php 6) So the unlogged student is forced to view 192.168.0.36/lms/index.php by typing www.google.com (or any other url) I am very new to Squid and Linux. Can I make the SQUID work the way suggested above?! That would be great!!! Suggest help on these lines. Once again thanks @andrewgauger for the example.
  14. Please do visit http://prakhargoel.com/projects/lms/ This is the login authentication system that I have prepared as part of my college project. I cannot afford to start from scratch and loose the legacy of hours of labor. So please suggest solutions keeping in mind this page. You can login using student number as "0710040" and password as "demo". The corresponding labadmin panel is at http://prakhargoel.com/projects/lms/labadmin/ Login here with "demo" and "demo"
  15. Hi andrewgauger Thanks for the reply. I could not understand the first 2 lines of your post. Probably what you mean is that I can do what I want to do with Microsoft but its not the best idea because php mysql combo wont work. (is that what you mean?) Great! So I will install Ubuntu (is it fine?) on a core2Duo, 1GB ram computer and run Squid on it. This will work as proxy server in the internet lab itself. Such that all the computers will negotiate with this server before accessing the internet (right?). This machine WILL have 2 NICs. Your example clearly shows how MYSQL is used for logging ips. I will bind it with my php mysql solution (Thanks!!). If possible, guide on the Squid and Ubuntu thing... how to get going with it. You are right, I will have to play with Linux to get going at the first place... What is meant by that? which box do you refer to in "onto this box" Is it Microsoft or Linux. Well Squid does have a Windows instance. Should I go with that or stick to the Linux Squid combo.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.