Search the Community

Hi, I'm using the code below to retrieve a file into a microcontroller running micropython. I understand I'm open for easy attacks so, I appreciate some inputs. TIA <?php $file = $_GET['file']; $dir = getcwd(); $file = $dir.'/'.$file; $myfile = fopen($file, "r") or die("FAIL"); echo file_get_contents($file); fclose($myfile); ?>

Hi, My ISP doesn't allow direct access to mysql Server so I created a bridge and stored the PHP code in the main web folder (https://www.mydomain.com/post.php). The bridge works fine and is used mainly for my IOT projects. In the same web folder, is located the conn.php code containing the server's credentials. The question is, how safe is the PHP code at that location? I can create a subfolder but not sure if it matters as far as security is concerned. TIA

I'm curious to get opinions on using strip_tags() for fields that will be encrypted in a database. I often see websites that say "choose a password that contains X certain characters but not Z other characters." And I got curious. Let's say there's a registration form where a new user creates a username and password, and the server will store the password as ... sha1( $user_entered_value ) ... or some other sort of hashed/encrypted string. In this case, why would it ever matter that a user had entered <div> or some other such text in their password? The password will only ever be hashed into something before it is matched... so why would you bother stripping tags? Why bother preventing any "special" characters? Thoughts?

Hi all, I am sorry if I am posting this in the wrong place. If so, kindly transfer it to the appropriate section. I was using code that used recaptcha and that worked perfectly well. Now it has stopped working. The recaptcha dialog box simply does not display. Does anyone have any clue what could be going on? Has someone else also faced this similar problem recently Thanks all.

Hi all ! I would have liked to continue this question on my previous post but since it became too long I thought I'ld post a new one. I would like to add the following bit of code on my reset page $current = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; if(isset($_SERVER['HTTP_REFERER'])) $referrer = $_SERVER['HTTP_REFERER']; if ( $referrer === $current ) { }else { } to ensure that the page is being called from where it should be called. Is this OK or is there a better ( read more secure ) way to do it? (I think I read in one of the posts, quite some time ago, that this was not altogether secure). Since the password reset page is publicly accessible what other security concerns can turn up because of that and what care should be taken. Thanks all !

Hi Guys, I've got xampp running on my machine with wordpress, and had 2 security related questions: A) I was constantly running into issues with wordpress and trying to find includes. I'm building a plugin, so on the plugin's main file, I just added a 'set_include_path' function equal to the root directory of my website. Then, the require_once, and include functions that are also on that page seem to have stopped having issues. Are there any security issues with using the set_include_path, and setting it to say 'C:/htdocs/home'? B) I used Xampp to install apache, mysql, and php. Until recently, I had no idea what PEAR was. I'm curious though...is PEAR installed by default with PHP or Xampp? Thanks for any help guys

Hello I am receiving a huge amount of spam emails, now I am trying to implement Google Recaptcha V3 in my custom PHP From, I implemented all the steps for G-Recaptcha, but I receive error invalid-input-secret And I am sure that the secret code shout be copied right I added the below to the head tag <script src="https://www.google.com/recaptcha/api.js?render=6LfyPF0pAAAAAHLxp3315RTN7jrRvBe6kLdHGAiT"></script> <script> grecaptcha.ready(function() { grecaptcha.execute('6LfyPF0pAAAAAHLxp3315RTN7jrRvBe6kLdHGAiT', {action: 'submit'}).then(function(token) { let recaptchaResponse = document.getElementById("recaptchaResponse"); console.log(recaptchaResponse); recaptchaResponse.value = token; }); }); </script> Then added hidden input before the submit button in the Form <input type="hidden" name="recaptcha_response" id="recaptchaResponse"> <input class="contactInput no-border cursorPointer buttonStyle" name="submitContact" value="Submit" type="submit"> And finally, I implemented the PHP code if(isset($_POST['submitContact']) && $_SERVER['REQUEST_METHOD'] == 'POST'){ $recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify'; $recaptcha_secret = '6LfyPF0pAAAAAEsS5lfN_WL3wKHh1XfGo0oE_PYU'; $recaptcha_response = $_POST['recaptcha_response']; $recaptcha = file_get_contents($recaptcha_url."?secret=".$recaptcha_secret."?response=".$recaptcha_response); $recaptcha = json_decode($recaptcha); if($recaptcha->success ==true){ if($recaptcha->score >= 0.5){ echo "Recaptcha Success"; }else{ echo"<pre>"; print_r("Recaptcha Not Verified"); echo"</pre>"; } }else{ echo"<pre>"; print_r($recaptcha); echo"</pre>"; } } But receiving the below error stdClass Object ( [success] => [error-codes] => Array ( [0] => invalid-input-secret ) )