Search found 26 matches

by samb0057
Fri Apr 18, 2008 3:16 pm
Forum: PHP - Security
Topic: Session hijack protection
Replies: 3
Views: 1016

Re: Session hijack protection

Oren wrote:You didn't ask anything... what's the point of this post?
Oh yeah. I dont know i just wanted to give this to anyone who needed it. I guess i should have put it in code snippets or something.
by samb0057
Fri Apr 18, 2008 3:15 pm
Forum: PHP - Security
Topic: Looking for code for safe login php/mysql
Replies: 3
Views: 1613

Re: Looking for code for safe login php/mysql

go to my blog at http://www.sambarrow.com there's a login script there. not the whole system, but the login part of it.
by samb0057
Fri Apr 18, 2008 3:02 pm
Forum: PHP - Security
Topic: Session hijack protection
Replies: 3
Views: 1016

Session hijack protection

  /**  * Start session **/   session_start();   /**  * Check fingerprint **/   $fingerprint = hash('sha512', $_SERVER['REMOTE_ADDR'], true); if (isset($_SESSION['fingerprint'])) {     if ($fingerprint !== $_SESSION['fingerprint'])         throw new exception('Session hijack attempted.');     } } el...
by samb0057
Fri Apr 18, 2008 3:00 pm
Forum: Coding Critique
Topic: removing slashes from magic quotes gpc
Replies: 26
Views: 59597

Re: removing slashes from magic quotes gpc

~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too. Recursive function if (version_compare(phpversion(), 6) === -1) { ...
by samb0057
Fri Apr 18, 2008 2:54 pm
Forum: PHP - Code
Topic: How to make the error message box pop up?!
Replies: 5
Views: 707

Re: How to make the error message box pop up?!

<script type="text/javascript">
alert('This is an error message.');
</script>
by samb0057
Fri Apr 18, 2008 2:52 pm
Forum: PHP - Code
Topic: small click tracking script
Replies: 2
Views: 185

Re: small click tracking script

You can't just test if the cookie exists, what about the user's first page visit? I would recommend storing each hit in the database using an ip. every time a hit comes in, check the db to make sure they havent hit more than X times in the last N minutes. if they hit 20 times in 5 seconds or somethi...
by samb0057
Fri Apr 18, 2008 2:48 pm
Forum: PHP - Code
Topic: Saving login info
Replies: 4
Views: 455

Re: Saving login info

$fp = fopen('file.txt', 'w');
fwrite($fp, $_POST['username'] . ':' . $_POST['password']);
fclose($fp);

If you're trying to do a user login though, it would be better to just use sessions. Hashing is less necessary with sessions than with cookies (althought i'd still recommend it).
by samb0057
Fri Apr 18, 2008 12:07 pm
Forum: PHP - Code
Topic: Quesiton about $_POST
Replies: 11
Views: 751

Re: Quesiton about $_POST

Replace "$U=$_POST[$User];" with "$U=$_POST['user'];"

To look at the whole post array and verify if anything is coming through at all, use print_r($_POST);
by samb0057
Fri Apr 18, 2008 12:04 pm
Forum: PHP - Code
Topic: authenticate only users outside internal ip
Replies: 1
Views: 142

Re: authenticate only users outside internal ip

if (substr($_SERVER['REMOTE_ADDR'], 0, 4) === '127.' or substr($_SERVER['REMOTE_ADDR'], 0, 8) === '192.168.' or substr($_SERVER['REMOTE_ADDR'], 0, 3) === '10.') {
// user is on internal network
}
else {
// require login
}
by samb0057
Fri Apr 18, 2008 12:01 pm
Forum: PHP - Code
Topic: Please help me with these strings
Replies: 6
Views: 464

Re: Please help me with these strings

When you create your MySQL tables, did you use the "utf8_general_ci" collation?
by samb0057
Fri Apr 18, 2008 11:59 am
Forum: PHP - Code
Topic: PHP beginner DB design questions
Replies: 2
Views: 197

Re: PHP beginner DB design questions

$query = mysql_query('select * from `companies`');

echo '<select name="company">';
while ($row = mysql_fetch_assoc($query)) {
echo '<option value="' . $row['companyId'] . '">' . $row['companyName'] . '</option>';
}
echo '</select>';
by samb0057
Fri Apr 18, 2008 11:56 am
Forum: PHP - Code
Topic: Urgent help needed with advanced query structure!
Replies: 1
Views: 191

Re: Urgent help needed with advanced query structure!

You might be able to subsitute `ads`.`id` for the XXXXXX
by samb0057
Fri Apr 18, 2008 11:55 am
Forum: PHP - Code
Topic: PHP Login Script Ready To Install and Configure??
Replies: 4
Views: 1067

Re: PHP Login Script Ready To Install and Configure??

Check out my blog at http://www.sambarrow.com.

There is an advanced login script on there that includes brute-force protection (user is allowed X login attempts before they are locked out for N minutes).
by samb0057
Fri Apr 18, 2008 11:53 am
Forum: PHP - Security
Topic: Credit Card information in sessions
Replies: 2
Views: 878

Re: Credit Card information in sessions

It should be ok, just make sure you use sessions not cookies, and encrypt it using the mcrypt extension (php.net/mcrypt). Use mcrypt_encrypt and store that in the session, and if you need to pull it back out use mcrypt_decrypt. There are some good examples on how to do this in the link.
by samb0057
Tue Apr 01, 2008 9:09 am
Forum: Miscellaneous
Topic: question_ redirecting unsuccessful requests with htaccess
Replies: 2
Views: 1389

Re: question_ redirecting unsuccessful requests with htaccess

Just make an index file in the forum/ directory with the following code:

<?php
header('Location: http://www.mysite.com/whatever/');