Search found 60 matches

by murlopaz
Thu Mar 15, 2007 11:02 am
Forum: Javascript
Topic: ajax update problem
Replies: 5
Views: 824

This works fine in firefox, but doesn't update the temp value in internet explorer. Does anybody have any ideas why? <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/...
by murlopaz
Wed Mar 14, 2007 12:31 pm
Forum: Javascript
Topic: ajax update problem
Replies: 5
Views: 824

got it.
Thanks
by murlopaz
Wed Mar 14, 2007 12:18 pm
Forum: Javascript
Topic: ajax update problem
Replies: 5
Views: 824

so what's the problem?
I am pulling the temperature file from a text file (only the temp value is in there).
Why isn't the new value shown when I manually update the temperature file?

Thanks
by murlopaz
Wed Mar 14, 2007 12:07 pm
Forum: Javascript
Topic: ajax update problem
Replies: 5
Views: 824

ajax update problem

I am trying to retrieve temperature data from a txt file on the serve + update it every 3 seconds. I do get the updates, but the value is the same even when I go and change the temperature value manually from the txt file. What I mean is that, looks like ie chaches the temperature value or something...
by murlopaz
Thu Mar 01, 2007 3:40 pm
Forum: PHP - Code
Topic: check if a url exists.
Replies: 5
Views: 1004

mikeq, i tried the function before.
It does not work within my scripts... did it work for you?
by murlopaz
Thu Mar 01, 2007 3:35 pm
Forum: PHP - Security
Topic: unsubscribe/subscribe/forgotpassword security
Replies: 19
Views: 4465

yes the id is selected from the database when the user provides the correct credentials... My concern was, that there would be a way to change a value of the session i.e. ID, after the user is logged in already. Suppose that the id is kept in a cookie. The user can easily modify the id of the cookie...
by murlopaz
Thu Mar 01, 2007 2:10 pm
Forum: PHP - Security
Topic: unsubscribe/subscribe/forgotpassword security
Replies: 19
Views: 4465

I am sorry. By session id i meant the id of the user that is stored in the session.
Like:

Code: Select all

$_session["id"]=23;
Whenever there is a need to change some information about the user, the session["id"] is user for that purpose.
by murlopaz
Thu Mar 01, 2007 1:55 pm
Forum: PHP - Code
Topic: check if a url exists.
Replies: 5
Views: 1004

I don't think using the ip is a good idea...
does anybody have other ideas?
by murlopaz
Thu Mar 01, 2007 10:18 am
Forum: PHP - Code
Topic: check if a url exists.
Replies: 5
Views: 1004

check if a url exists.

Is there a faster way of doing this? This method is really slow. function url_exists($url) { $a_url = parse_url($url); if (!isset($a_url['port'])) $a_url['port'] = 80; $errno = 0; $errstr = ''; $timeout = 30; if(isset($a_url['host']) && $a_url['host']!=gethostbyname($a_url['host'])){ $fid = ...
by murlopaz
Thu Mar 01, 2007 10:16 am
Forum: PHP - Security
Topic: unsubscribe/subscribe/forgotpassword security
Replies: 19
Views: 4465

I have a security concern. Throughout my system i keep the user's id in the session, and every modification to the database is based on the session. Know the session id is not even encrypted. Is this a bad practice? I would suppose that a hacker could inject sombody esle's id in the session(say the ...
by murlopaz
Fri Feb 23, 2007 8:06 am
Forum: PHP - Security
Topic: hidden values vs sessions.
Replies: 3
Views: 1633

hidden values vs sessions.

Are sessions more secure then hidden values passed through post?

In my opinion yes, since a hacker that knows the name of the variable that is passed can spoof the form submition.

What do you think?
by murlopaz
Wed Feb 21, 2007 10:45 am
Forum: PHP - Security
Topic: unsubscribe/subscribe/forgotpassword security
Replies: 19
Views: 4465

well there is a slight possibility that two users would get the same confirmation number...
by murlopaz
Wed Feb 21, 2007 10:28 am
Forum: PHP - Security
Topic: unsubscribe/subscribe/forgotpassword security
Replies: 19
Views: 4465

what would be a good confirmation token?
hash of (username+time+salt).

Is that good enough?
by murlopaz
Wed Feb 21, 2007 9:49 am
Forum: PHP - Security
Topic: unsubscribe/subscribe/forgotpassword security
Replies: 19
Views: 4465

Thanks Mordred for your help. sms_email is validated + escaped when the user subscribes... There is one more concern I have. I use the confirmation for unsubscribe, subscription confirmation as well as when somebody forgets their password. This approach seems clumsy to me... Also can anybody illustr...
by murlopaz
Wed Feb 21, 2007 9:20 am
Forum: PHP - Security
Topic: unsubscribe/subscribe/forgotpassword security
Replies: 19
Views: 4465

Code: Select all

function quote_smart($value) {
   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value) || $value[0] == '0') {
       $value = "'" . mysql_real_escape_string($value) . "'";
   }
   return $value;
}