geeks

I think so, I am going to double check them all again to be sure.

basically it is a non-profit organisation and they have different branches, these branches are stored in a database. sorry my bad, everything being edited by the hacker is stored in the database. code seems to stay in place. Thanks again, I am not a hacker or a security specialist, and this was my first project (the code is not the best).

Strictly database hacks, nothing serious, the hacker keeps putting a "fix your security fail" message on the home page, and changing branch names. all that information is stored in the database, so it would appear to be an sql attack of some sort. Thanks for the help so far, it is much appreciated

Thanks, how do I check if it's code or server, I am on a shared hosting server.

Please help, this site keeps getting hacked, I have escaped all my sql input, as well as applying intval() to almost all input variable, I have hit a brick wall, I can always use PDO, but that would be a monumental task, and it may be something simple that I am missing. link to my verifying txt file : http://www.apdec.org.za/phpfreaks.txt link to the site : http://www.apdec.org.za/ specifically I have been hacked on the branch names and page content. I have a full backup of code as well as the database. I would really appreciate any help. thanks Craig

shouldn't $url = $node->field_buy_at[0]['url']; be : $url = $item;

I am writing this in an effort to teach myself OOP, as well as to save myself constantly writing some basic log in functionality. Mostly it is just for fun and to learn. please can you crit it for me a little, give me the negative and the positive(if there are any) points please. 1) is the security okay ? 2) is the OOP okay ? I am still adding "access level" support and a backup facilty Cheers thanks [attachment deleted by admin]

how is this now ? thanks for your input so far [attachment deleted by admin]

oh my Gosh !! I can't believe that I overlooked that hahah thanks !!

I am probably overlooking something simple here, please can you lend me your eyes and tell me what is wrong here , if I call addSessions("user","127.0.0.1" I am getting in the code snippet it is line 27 --- $this->__userDao->newGoodlogin($username,$this->__ip) here is a snippet of the code : class userData { public function newGoodlogin($userName,$ip) { $date = date("Y-m-d"); $time = date("H:i:s"); return $this->__dao->insert("goodlogs","`ID` , `user_ID` , `date` , `time_start` , `time_end` ,`ip_address`"," NULL , '$userName', '$date', '$time', '', '$ip'"); } } class sessionCookie { private $__ip, $__userDao; public function __construct($ip) { $this->__ip = $ip; $__userDao = new userData(); } public function addSessions ($username,$token) { $_SESSION["loggedin"] = true; $_SESSION["ID"] = $username; $date = date("Y-m-d"); $time = date("H:i:s"); $_SESSION["securetoken"] = $token; $this->__userDao->newGoodlogin($username,$this->__ip); $_SESSION["goodlogID"] = mysql_insert_id(); } } Thanks for any help

Ignace - okay okay take it easy and read - I can only hope [/color]that when it it complete others would actually want to use it - I am not writing it for others, the notes are there for myself. but hey should it ever get there I certainly would not stop others from using it. - I just added the version history etc for the heck of it. I have totally rewritten my class. ( I understand what you mean - implementing it is something else though ) please let me know if the structure is better and if the code is okay. [attachment deleted by admin]

Thanks to all replies, Ignace - thank you for the time you have taken and the tactless to the point approach (I actually prefer it). I will re-look at the design I have used and break it up a little more. Yes I did write the class, I can only hope that when it it complete others would actually want to use it

This would work but you are storing the password in plain text - not a good idea, at least do $password = md5($_POST['Password']); setcookie('Username', $_POST['Username'], time()+60*60*24*365); setcookie('Password', password , time()+60*60*24*365); This is still not a very secure solution but it is better than plain text[/code]

Thanks, just trying to teach myself OOP so any input, is the script secure ? is the OOP okay ? - Clearly Ignace does not think so. thank you for your very harsh reply, clearly tact is not your strong point but I'm a big boy I can handle it I find this critique very confusing. This class performs one larger function, to keep a site secure, to break it up into a million classes makes no sense so I must have a class to create a table that is only ever used from the secure_this class a class to perform Cryptography that is only ever used from the secure_this class a class to generate a unique ID that is only ever used from the secure_this class that seems to be very counter productive. All of these are part of a single function that is being performed these are all functions that I would never use anywhere else

Hi guys, My first real post here I wrote this it is my first attempt at OO. please be harsh. I am not looking for pats on the back here I know that sessions are not the best option and as the class grows I will move over to database session handling but for now it seems over my head ! thanks for any input good or bad please just be constructive (I want to learn not break down sorry ) Looking forward to your input [attachment deleted by admin]