Jump to content

Zane

Administrators
  • Posts

    4,362
  • Joined

  • Last visited

  • Days Won

    11

Everything posted by Zane

  1. It is possible indeed. Create two columns in your user table: one for last attempt time, and another for fail count. When a user attempts to login perform the following logic. Check to see if the last attempt time is greater than 48 hours, if not, check the fail count for >= 5. If the logic passes and does show that there is no "lock", then reset fail count to 0. Then continue with your successful login script.
  2. oh yeah.. you're right 600M... ludicrous.
  3. So trim it down for us. Show us the relevant information.
  4. What do you mean it doesn't work?
  5. what is the output of your print_r statement? That would help
  6. Was just pointing out that it isn't uncommon for websites to block users with Javascript disabled. I provided the healthcare site because it is a government website; a site that should be accessible by all, on anything. Especially for $6M.
  7. There are also several plugins that more people are aware of than ... or disabling Javascript completely rather. I explained everything about how a developer can utilize the hundreds of different event handlers to achieve near optimal activity tracking. I tend to use extremities, hypothetical situations, and analogies to explain myself. While they indeed sound exaggerated and sometime pejorative of certain practices, I'm not the browser police. I'll agree and digress... catering to those with Javascript disabled isn't a bad idea at all, but is it worth all of that effort just to appease a very small percentage of users/sessions? Next you're probably going to bring the idea of catering to XP users, IE5.5 users, etcetera. I'm in no way advocating that people keep Javascript enabled. All that I'm implying is that, well, they're missing out; especially on legitimate websites. I DID mention that the events can be used as a marketing tool, as well as a decent way to phish. Ostracizing those unable to use JavaScript isn't exactly a new concept either. Just look at http://healthcare.gov This doesn't suggest that the programmers were drunk either. Although it was contracted out to a Canadian firm, so you never know. I would like to see your sources on why a developer would be drunk if he/she decided to ostracize JavaScript disablers. Is this a psychological detriment that you read about in Psych 101? Every application will have it's faults, and that's why you're here, to point out all the discrepancies, fallacies, faults and flaws with someone's idea or project in a tyrannical and demeaning tone.
  8. So problem solved? AdFender was the culprit?
  9. Why would you hope so? You looking to take some advantage? I know my rights!
  10. Yea, because answering a hypothetical question is like practicing to propose marriage; you never know what will be said and you can wonder about it for the rest of your days, or just do it.
  11. Where are you declaring $option. Either those properties do not exist, as the error suggests, or ... something else.
  12. That's just weird. Did you try clicking the little switch icon to turn off WYSIWYG mode? Try to edit something, turn it off, then cancel, and try to edit it again.
  13. Use Chrome and check your Debugger (F12).. something's bound to be red.
  14. Sorry, I can't seem to reproduce what you described. Anyone else experiencing this? Chime in.
  15. I moved it. Your question had nothing to do with code, I assume. You were asking a systematic question, in other words... application design.
  16. Zane

    Where Am i?

    wlcm tpo teh forms.
  17. Are you using the latest version of IE? Perhaps it was updated with a small bug?
  18. Speed is measured in meters per second; you will have to convert otherwise. You will also have to reverse your formula. speed = distance (meters) / time (seconds) CroNix is correct. This can all be calculated within the query, but you cannot subtract time without using the built-in MySQL functions for doing so. http://dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html In your case, i would go with cronix' idea of using TIME_TO_SEC()
  19. Probably a caching problem with your browser settings. Do problems similar to this occur on other websites? I can't recreate your error. Try pushing Ctrl+F5 to reload the cache, see if it works. If no one else is experiencing this then it is most likely on your end.
  20. Win8 systems are typically using UEFI http://www.howtogeek.com/175649/what-you-need-to-know-about-using-uefi-instead-of-the-bios/ So that may or may not be an issue. Let's find out. Turns out that UEFI is a big deal, but can be dealt with.
  21. You have to update the variable, not reassign it every loop. $site .= "The current loop";This will concatenate the $site variable instead of overwriting it. $site += 333If you are using numbers then this will increment the value. It's all in the manual.
  22. There are a plethora of GlobalEventHandlers that you can use to track activity using Javascript. https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers - Clicking - Scrolling - Window Resizing - Scrolling - and so on and so on. Javascript is a very powerful language and it will be your best bet for checking authentic activity. Unfortunately, all of these actions can be overridden, and fake instances of showing activity can be triggered with curl and other site scraping libraries as well as browser plugins. The idea of triggering an AJAX request on every single one of these actions though is a bit daunting. So you might end up tweaking the your heartbeat script to set Interval times. You can continue to detail and microengineer what you consider to be the perfect activity checker. Then there are those not using JavaScript. To hell with them. Unless you're just meandering your way through the dirtiest alleyways of the intertubes, there is no reason to keep Javascript disabled. For them, I would just set the session expiry time to something small. Log them out. Make their experience miserable. Read through the various event handlers provided in the link and you may get some ideas. https://developer.mozilla.org/en-US/docs/WindowEventHandlers.onbeforeunload Phishing enthusiast tend to take advantage of all of these events which is why I mentioned digging through the dark and lonely alleys of the internet. It's also the perfect marketing tool. You can tell where people are clicking, how many times, the standard deviation of scrolls and hovers over texts. The possibilities are endless. Technically, you could also grab the users permission to "view" through their webcams and "listen" through their microphones. Open up facebook, open the network inspector by pressing F12, scroll through the page, hit buttons, click around, chat with someone, you will instantly see all of the AJAX requests firing away. Keep in mind though that Facebook has a massive massive userbase and therefore an even more massive server infrastructure. In other words... Facebook's servers can handle that many requests while others may succomb to DDOS problems.
  23. TurboSMTP probably removes all of your headers and creates their own to use according to the headers you provided. Having just looked over their documentation http://www.serversmtp.com/sites/default/files/turbosmtp-dashboard-handbook.pdf [on Page 16] You will see that in order to send HTML emails, you must create your template from your online account. This is what led me to assume that they strip your headers; that, and the fact that Googlemail worked fine.
  24. My vehicle 'doesn't work' either. Try and guess why?
  25. You have to forward port 80 to 443; the secure port. Follow this tutorial http://wiki.centos.org/HowTos/Https
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.