Search found 24 matches

by scatty1985
Sat Dec 26, 2009 9:51 am
Forum: PHP - Security
Topic: Javascript PHP RSA
Replies: 4
Views: 1932

Re: Javascript PHP RSA

Haha I'll look into it. This is not for any kind of project which requires secure connections I am just playing about in order to learn a few things. The more I've thought about it the more I realise that to have proper security and prevent evesdropping the only thing you can do is use SSL. I need t...
by scatty1985
Sat Dec 26, 2009 4:23 am
Forum: PHP - Security
Topic: Javascript PHP RSA
Replies: 4
Views: 1932

Re: Javascript PHP RSA

To work the javascript uses this function which takes $key which is made up of 3 hex strings, 0 being the e exponent, 1 being the d exponent and 2 being the n exponent (modulus). $key = new RSAKeyPair(  "c84dd5b9fdfbdc0818473391980de1b",  "450d061a9d53336bfbb24681d43c453",  "...
by scatty1985
Thu Dec 24, 2009 8:02 am
Forum: PHP - Security
Topic: Javascript PHP RSA
Replies: 4
Views: 1932

Javascript PHP RSA

I've been playing about with javascript and php and wanted to try something out. I found this javascript app http://ohdave.com/rsa/ which can encrypt a string using an RSA exponents. I want to generate a key in PHP perhaps using something like openSSL, send the public key to Java to encrypt the stri...
by scatty1985
Wed Dec 23, 2009 7:40 am
Forum: PHP - Security
Topic: My novice attempt at making a secure login...
Replies: 33
Views: 12077

Re: My novice attempt at making a secure login...

I may well do that. Will I need to make any changes to my websites code if I use SSL?
by scatty1985
Wed Dec 23, 2009 5:26 am
Forum: PHP - Code
Topic: Something wrong with my code :(
Replies: 1
Views: 123

Re: Something wrong with my code :(

:banghead: :banghead: :banghead: :banghead: Sorted, I'm rubbish at debugging and finding errors!
by scatty1985
Wed Dec 23, 2009 4:59 am
Forum: PHP - Code
Topic: Something wrong with my code :(
Replies: 1
Views: 123

Something wrong with my code :(

I'm playing about with OOP trying to improve my projects code. I've created two classes, one that handles database access and querys and one that handles user information... Class user extends db_access so that when the signsubmit.php file creates a new instance of user it can be used to submit the ...
by scatty1985
Wed Dec 23, 2009 3:28 am
Forum: PHP - Security
Topic: My novice attempt at making a secure login...
Replies: 33
Views: 12077

Re: My novice attempt at making a secure login...

I dont really want to use SSL as it cost £££ and I'm only really doing this to learn about PHP and security in my spare time. So it looks like I've pretty much gone as far as I can go in terms of securing the system. I did find a free SSL but then couldnt get it to work with my hosting (using helioh...
by scatty1985
Tue Dec 22, 2009 5:08 pm
Forum: PHP - Security
Topic: My novice attempt at making a secure login...
Replies: 33
Views: 12077

Re: My novice attempt at making a secure login...

secret.php line 17 is vulnerable to XSS. It's also recommended to encode the IP coming from the session (line 15). Ah I didn’t notice that, that page came from another site which was using a challenge and response example. What's mysql_entities_fix_string() for? That’s a function from Building PHP,...
by scatty1985
Tue Dec 22, 2009 4:40 am
Forum: PHP - Security
Topic: My novice attempt at making a secure login...
Replies: 33
Views: 12077

Re: My novice attempt at making a secure login...

Resolved! Found another function that was being called which was resetting the data in the database! :crazy:
by scatty1985
Tue Dec 22, 2009 2:55 am
Forum: PHP - Security
Topic: My novice attempt at making a secure login...
Replies: 33
Views: 12077

Re: My novice attempt at making a secure login...

What is the thought process behind your session_regen function in "include/mysql_connect.php" as opposed to using php's session_regenerate_id()? The session regen function gets a more random string of data from /dev/urandom as I'd read that the one generated by session_regenerate_id() is ...
by scatty1985
Mon Dec 21, 2009 6:06 pm
Forum: PHP - Code
Topic: Somethings wrong but I cant see it!
Replies: 3
Views: 96

Re: Somethings wrong but I cant see it!

I've moved the whole bit of code in question to a test.php file and stripped out the code that is not needed when this function is called. When I run the test.php file it does what is expected, records the IP and the number of attempts to log in, after 3 attempts blocks the IP. This is so frustratin...
by scatty1985
Mon Dec 21, 2009 5:43 pm
Forum: PHP - Code
Topic: Somethings wrong but I cant see it!
Replies: 3
Views: 96

Re: Somethings wrong but I cant see it!

The query seems fine, it worked before I changed the code (I changed how the program accessed the db, now its done through an object). The query was the same before. Its like $db->q_rows() on line 14 is returning 0 or nothing yet my test (line 20 in the second block of code) it returns 1 from the sa...
by scatty1985
Mon Dec 21, 2009 3:39 pm
Forum: PHP - Code
Topic: Somethings wrong but I cant see it!
Replies: 3
Views: 96

Somethings wrong but I cant see it!

I have a problem but I can’t understand why it’s not working. I have a function which checks a db to see if an ip is registered on it, if it’s not then it logs the ip. If it is then it updates a count. Once the count goes over 3 the ip is 'blocked'. Now I know that my IP is stored in the db so the f...
by scatty1985
Mon Dec 21, 2009 12:51 pm
Forum: PHP - Code
Topic: Call to a member function query_db() on a non-object?
Replies: 2
Views: 157

Re: Call to a member function query_db() on a non-object?

Ah I understand...

Code: Select all

function e_Check($e,&$db) {
Instead ;-)
by scatty1985
Mon Dec 21, 2009 12:39 pm
Forum: PHP - Code
Topic: Call to a member function query_db() on a non-object?
Replies: 2
Views: 157

Call to a member function query_db() on a non-object?

Hi, Im getting the error Call to a member function query_db() on a non-object on the following line of code. $db->query_db($q); From function: function e_Check($e) {         $q = "SELECT email FROM users WHERE email='$e'";         $db->query_db($q);         return ($db->q_rows($db->q_resul...