Oh yeah. I dont know i just wanted to give this to anyone who needed it. I guess i should have put it in code snippets or something.Oren wrote:You didn't ask anything... what's the point of this post?
Search found 26 matches
- Fri Apr 18, 2008 3:16 pm
- Forum: PHP - Security
- Topic: Session hijack protection
- Replies: 3
- Views: 1016
Re: Session hijack protection
- Fri Apr 18, 2008 3:15 pm
- Forum: PHP - Security
- Topic: Looking for code for safe login php/mysql
- Replies: 3
- Views: 1613
Re: Looking for code for safe login php/mysql
go to my blog at http://www.sambarrow.com there's a login script there. not the whole system, but the login part of it.
- Fri Apr 18, 2008 3:02 pm
- Forum: PHP - Security
- Topic: Session hijack protection
- Replies: 3
- Views: 1016
Session hijack protection
/** * Start session **/ session_start(); /** * Check fingerprint **/ $fingerprint = hash('sha512', $_SERVER['REMOTE_ADDR'], true); if (isset($_SESSION['fingerprint'])) { if ($fingerprint !== $_SESSION['fingerprint']) throw new exception('Session hijack attempted.'); } } el...
- Fri Apr 18, 2008 3:00 pm
- Forum: Coding Critique
- Topic: removing slashes from magic quotes gpc
- Replies: 26
- Views: 59601
Re: removing slashes from magic quotes gpc
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too. Recursive function if (version_compare(phpversion(), 6) === -1) { ...
- Fri Apr 18, 2008 2:54 pm
- Forum: PHP - Code
- Topic: How to make the error message box pop up?!
- Replies: 5
- Views: 707
Re: How to make the error message box pop up?!
<script type="text/javascript">
alert('This is an error message.');
</script>
alert('This is an error message.');
</script>
- Fri Apr 18, 2008 2:52 pm
- Forum: PHP - Code
- Topic: small click tracking script
- Replies: 2
- Views: 185
Re: small click tracking script
You can't just test if the cookie exists, what about the user's first page visit? I would recommend storing each hit in the database using an ip. every time a hit comes in, check the db to make sure they havent hit more than X times in the last N minutes. if they hit 20 times in 5 seconds or somethi...
- Fri Apr 18, 2008 2:48 pm
- Forum: PHP - Code
- Topic: Saving login info
- Replies: 4
- Views: 456
Re: Saving login info
$fp = fopen('file.txt', 'w');
fwrite($fp, $_POST['username'] . ':' . $_POST['password']);
fclose($fp);
If you're trying to do a user login though, it would be better to just use sessions. Hashing is less necessary with sessions than with cookies (althought i'd still recommend it).
fwrite($fp, $_POST['username'] . ':' . $_POST['password']);
fclose($fp);
If you're trying to do a user login though, it would be better to just use sessions. Hashing is less necessary with sessions than with cookies (althought i'd still recommend it).
- Fri Apr 18, 2008 12:07 pm
- Forum: PHP - Code
- Topic: Quesiton about $_POST
- Replies: 11
- Views: 751
Re: Quesiton about $_POST
Replace "$U=$_POST[$User];" with "$U=$_POST['user'];"
To look at the whole post array and verify if anything is coming through at all, use print_r($_POST);
To look at the whole post array and verify if anything is coming through at all, use print_r($_POST);
- Fri Apr 18, 2008 12:04 pm
- Forum: PHP - Code
- Topic: authenticate only users outside internal ip
- Replies: 1
- Views: 142
Re: authenticate only users outside internal ip
if (substr($_SERVER['REMOTE_ADDR'], 0, 4) === '127.' or substr($_SERVER['REMOTE_ADDR'], 0,
=== '192.168.' or substr($_SERVER['REMOTE_ADDR'], 0, 3) === '10.') {
// user is on internal network
}
else {
// require login
}
// user is on internal network
}
else {
// require login
}
- Fri Apr 18, 2008 12:01 pm
- Forum: PHP - Code
- Topic: Please help me with these strings
- Replies: 6
- Views: 464
Re: Please help me with these strings
When you create your MySQL tables, did you use the "utf8_general_ci" collation?
- Fri Apr 18, 2008 11:59 am
- Forum: PHP - Code
- Topic: PHP beginner DB design questions
- Replies: 2
- Views: 197
Re: PHP beginner DB design questions
$query = mysql_query('select * from `companies`');
echo '<select name="company">';
while ($row = mysql_fetch_assoc($query)) {
echo '<option value="' . $row['companyId'] . '">' . $row['companyName'] . '</option>';
}
echo '</select>';
echo '<select name="company">';
while ($row = mysql_fetch_assoc($query)) {
echo '<option value="' . $row['companyId'] . '">' . $row['companyName'] . '</option>';
}
echo '</select>';
- Fri Apr 18, 2008 11:56 am
- Forum: PHP - Code
- Topic: Urgent help needed with advanced query structure!
- Replies: 1
- Views: 191
Re: Urgent help needed with advanced query structure!
You might be able to subsitute `ads`.`id` for the XXXXXX
- Fri Apr 18, 2008 11:55 am
- Forum: PHP - Code
- Topic: PHP Login Script Ready To Install and Configure??
- Replies: 4
- Views: 1067
Re: PHP Login Script Ready To Install and Configure??
Check out my blog at http://www.sambarrow.com.
There is an advanced login script on there that includes brute-force protection (user is allowed X login attempts before they are locked out for N minutes).
There is an advanced login script on there that includes brute-force protection (user is allowed X login attempts before they are locked out for N minutes).
- Fri Apr 18, 2008 11:53 am
- Forum: PHP - Security
- Topic: Credit Card information in sessions
- Replies: 2
- Views: 878
Re: Credit Card information in sessions
It should be ok, just make sure you use sessions not cookies, and encrypt it using the mcrypt extension (php.net/mcrypt). Use mcrypt_encrypt and store that in the session, and if you need to pull it back out use mcrypt_decrypt. There are some good examples on how to do this in the link.
- Tue Apr 01, 2008 9:09 am
- Forum: Miscellaneous
- Topic: question_ redirecting unsuccessful requests with htaccess
- Replies: 2
- Views: 1390
Re: question_ redirecting unsuccessful requests with htaccess
Just make an index file in the forum/ directory with the following code:
<?php
header('Location: http://www.mysite.com/whatever/');
<?php
header('Location: http://www.mysite.com/whatever/');