But please do not use cookies to store a password as code! Cookies are human
readable with some add-ons
Check like this:
if someone registers, insert it into a table:
Then, if someone wants to log in, use like this:
If you want to store something into cookies, use a name which is not
well,what is the problem with these manuals :) ?
google these ones:
security exploits that are SQL injection, Cross Site Scripting(xss) and
Cross Site Request Forgery
many security issues you can find
also
for your code problems try this site:
stackoverflow.com
previous times when I had thes
lol wow ok thanks, Im very new to coding, started html about 2 months ago, so ty for letting me know the security of the language! is there any place where i can read (other than the php manual), about a tutorial on security?On Aug 04, 2011, at 10:49 PM, Negin Nickparsa wrote:it is better to use t
On 8/5/2011 9:49 PM, wil prim wrote:
Ok so I have tried to create a sort of messaging system on my website and I have
run into some problems storing who the message is from, ill try to take you
through step by step what I am trying to do.
*step #1 *(messages.php):<--This is where the member w
it is better to use this one:
http://www.php.net/mysql_real_escape_string
if you don't use this by inputting just a qoute or this input '--'
a hacker can easily hack your syntax
in another steps your site will send a message like:
error in mysql on this line lob lob ..
in this part he will fin
I think Ill just use the better secured one, thanks!On Aug 04, 2011, at 10:41 PM, Negin Nickparsa wrote:or if you want to do this risky and none secure thing try this:$query="select * from members where user='"$_POST['user']."'and pass=password('$pas')";
well first you must check errors in mysql
t
well I wonder!
with error syntaxes now it is working? or without them?
or if you want to do this risky and none secure thing try this:
$query="select * from members where user='".$_POST['user']."'and
pass=password('$pas')";
well first you must check errors in mysql
then storing in session
also it is better to use:
$user=mysql_real_escape_string($_POST['user']);
th
Woot! Got it! There was a page in between that stored $_SESSION['user']=$user rather than other way around! Thank you! and yea I will secure it!On Aug 04, 2011, at 10:37 PM, David Holmes wrote:Your code is full of security errors .. You should use mysql escape string(google it ) to protect your da
Your code is full of security errors .. You should use mysql escape
string(google it ) to protect your database from beiÿng hacked
David Holmes
twitter @mrstanfan
owner of the exclusive StanFan.com
Whats Your StanFan?
-Original Message-
From: wil prim
Date: Sat, 06 Aug 2011 04:49:32
To
well,sorry change it to password=$pass (better)
also check your errors by php yourpage.php
it is more better to not stock in errors like this one
in this line password='$_POST[pass]'";
you have error change it to password='$_POST['pass']'";
did you set the
?
This is the login.php which checks the form on the login page.session_start();include('connect.php');$user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql, $con);$count=mysql_num_rows($result);if ($c
you must check setting your session with this one:
if(isset($_SESSION['user']))
{
// Identifying the user
$user = $_SESSION['user'];
// Information for the user.
}
tell me what you have done in login page?
Well my problem is when i click submit, the $_SESSION['user'] ('from' part of the table in my db) is blank, so im guessing the $_SESSION variable didnt pass through. On Aug 04, 2011, at 10:11 PM, Negin Nickparsa wrote:in previous pages you must have a login page and in login page you must
store th
in previous pages you must have a login page and in login page you must
store the username and then in next steps you have username in
$_SESSION['user']
now if it is not your problem then what is the problem?
Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do.step #1 (messages.php): <--This is where the member will view the recent messages that have been p
>
> // This part makes no sense they are not logged in and they have a
> level of 1 or 2 ?
Yes. It might not be the best approach, but I am assigning the user a
value: 1, 2, or 3 while they create an account. This will limit what
they will be able to post. For example I only want users with
> -Original Message-
> From: Chris Stinemetz [mailto:chrisstinem...@gmail.com]
> Sent: Thursday, August 04, 2011 11:34 PM
> To: PHP General
> Subject: [PHP] control structure
>
> I have a php script with a simple condition. If it is not satisfied I
> want to exit the script otherwise I wan
Hi
PHP 5.4 alpha 3 is now included in a the Wamp package EasyPHP 5.4 alpha3.
Enjoy!
Website : www.easyphp.org
Screenshots : www.easyphp.org/screenshots.php
Facebook page : www.facebook.com/easywamp
Twitter : www.twitter.com/easyphp
--
PHP General Mailing List (http://www.php.net/)
To unsubscri
On Sat, Aug 6, 2011 at 7:56 AM, wil prim wrote:
> Hello, im new to the whole storing sessions thing and I really dont know
> how to ask this question, but here it goes. So on my site when someone logs
> in the login.php file checks for a the username and password in the table i
> created, then i
Hello, im new to the whole storing sessions thing and I really dont know how to ask this question, but here it goes. So on my site when someone logs in the login.php file checks for a the username and password in the table i created, then if it finds a match it will store a $_SESSION [] variable.
hi i can't see anything wrong that will cause memory problem
but parsing 1gb memory limit doesn't come enough for just parsing a 50 kb
file
but when i try to parse another file that is 24 kb 24 mb becomes enough
memory
here is the script
http://pastebin.com/H9mG7ucU
if you go to
rss.php?id=17
On Aug 4, 2011, at 10:21 AM, Jim Giner wrote:
Because I'm lazy. I LIKE the newsgroup method - all my mail in one
place:
email, newsgroups together yet separate so that I can read the news
postings
when I have time, and the email is purely mine.
"Tim Streater" wrote in message
news:08.87.1
On 08/04/2011 01:56 PM, Andrew Ballard wrote:
> On Thu, Aug 4, 2011 at 2:04 PM, Jamie Krasnoo wrote:
>> Thanks. I think what I got hung up on was that I was trying this:
>>
>> name="addresses[][id]"
>> name="addresses[][address1]"
>> name="addresses[][address2]"
>> name="addresses[][city]"
>> name
On Thu, Aug 4, 2011 at 2:04 PM, Jamie Krasnoo wrote:
> Thanks. I think what I got hung up on was that I was trying this:
>
> name="addresses[][id]"
> name="addresses[][address1]"
> name="addresses[][address2]"
> name="addresses[][city]"
> name="addresses[][state]"
> name="addresses[][zip]"
>
> Whi
Alex Nikitin wrote:
[snip]
It's never a good idea to store all your keys in code,
True, but in the system I was referring to, only the closed source
app knows how to "see" the key in the encrypted templates and there is
no way for another to know how to decrypt the encrypted templates to se
On Thu, 2011-08-04 at 17:02 +0100, jean-baptiste verrey wrote:
> if you want to force the browser to not be able to have this behaviour you
> need the name tag to always change
> a quick example would be that
> $_SESSION['formRandomName']=time();
> ?>
>
>
>
> 2011/8/4 Bálint Horváth
>
> > Hi
Thanks. I think what I got hung up on was that I was trying this:
name="addresses[][id]"
name="addresses[][address1]"
name="addresses[][address2]"
name="addresses[][city]"
name="addresses[][state]"
name="addresses[][zip]"
Which wouldn't have given the end result I sought, I don't think. Clear cas
On Thu, Aug 4, 2011 at 1:18 PM, Jamie Krasnoo wrote:
>
> Hey all,
>
> I get the basics of submitting a form and organizing the $_POST data within
> arrays (name[], name[key], etc). But if I wanted to submit something like
> multiple addresses and have it end up organized in array form like this fr
Hey all,
I get the basics of submitting a form and organizing the $_POST data within
arrays (name[], name[key], etc). But if I wanted to submit something like
multiple addresses and have it end up organized in array form like this from
submission is this possible?
$addresses = array(
0 => arr
On Thu, Aug 4, 2011 at 12:23 PM, Donovan Brooke wrote:
> Alex Nikitin wrote:
> [snip]
>
> There is code obfuscation with PHP, and you can compile it into C++ with
>> HipHop for php for example...
>>
> [snip]
>
>
> Of course, obfuscation is never a great security solution. Compiling it
> into C++
Alex Nikitin wrote:
[snip]
There is code obfuscation with PHP, and you can compile it into C++ with
HipHop for php for example...
[snip]
Of course, obfuscation is never a great security solution. Compiling it
into C++ is interesting... the question would be if the code could be
de-compiled..
Alex Nikitin wrote:
[snip]
What makes your local system any less vulnerable of a point than your
server, of anything, its more vulnerable and failure-prone, so unless i'm
not getting something, that seems like a poor design decision (i'm sorry)
[snip]
In the model I profiled, it is a system de
hello everyone.
thanks for the email re keyword constructor.
but what exactly does it do? i.e its function.
warmest regards
Andreea
-Original Message-
From: Ren [mailto:lobbyjo...@gmail.com]
Sent: 02 August 2011 06:29
To: php-general@lists.php.net
Subject: [PHP] Keyword Constr
if you want to force the browser to not be able to have this behaviour you
need the name tag to always change
a quick example would be that
2011/8/4 Bálint Horváth
> Hi,
> Use value="$_POST['user']" or sg like that because:
> before send value eq null, after if returned -cause of a fail- the
Because I'm lazy. I LIKE the newsgroup method - all my mail in one place:
email, newsgroups together yet separate so that I can read the news postings
when I have time, and the email is purely mine.
"Tim Streater" wrote in message
news:08.87.13433.b57ba...@pb1.pair.com...
On 04 Aug 2011 at 15:
On 04 Aug 2011 at 15:48, Jim Giner wrote:
> Sounds like time for me to move on.
> Thanks for the info Dan.
Say Jim,
Why don't you pick it up as mail like the rest of us?
--
Cheers -- Tim
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Thu, Aug 4, 2011 at 10:31 AM, Donovan Brooke wrote:
> Alex Nikitin wrote:
> [snip]
>
> Also you shouldn't actually encrypt passwords, the proper way to store
>> them
>> is hashed, so that if someone grabs your database, they dont have your
>> passwords, even if they have the "key".
>>
>
>
> H
On Thu, Aug 4, 2011 at 10:48, Jim Giner wrote:
> Sounds like time for me to move on.
> Thanks for the info Dan.
>
> All the talent on this group, and a bug like this (according to posts I've
> read) has been going on for years?
Yeah, it's always been low-priority. I've started to add a
dedic
Sounds like time for me to move on.
Thanks for the info Dan.
All the talent on this group, and a bug like this (according to posts I've
read) has been going on for years?
"Daniel Brown" wrote in message
news:CAD9cneMicUmusc9Er7kOmLZKL_r-QORoYcMzGH5hQL=e4er...@mail.gmail.com...
On Thu, Aug 4, 2
On Thu, Aug 4, 2011 at 10:39, Jim Giner wrote:
>
> Mailing list, newsgroup, either one - something's changed in the last week
> or so to interrupt the smooth (or semi-smooth) functioning of it. The only
> messages I'm seeing currently are the ones in this single topic. Why is
> that???
Actu
>> Al wrote:
>>
>>>
>>>
>>> On 8/2/2011 5:18 PM, Jim Giner wrote:
Don't seem to be getting any feeds thru the newsgroup mirror(?).
>>>
>>> This newsgroup has been a mess for almost a year now.
>>>
>>> One big problem is that the server only accepts a small number of
>>> connections,
""Jim Giner"" wrote in message
news:6d.60.30104.5b968...@pb1.pair.com...
> Don't seem to be getting any feeds thru the newsgroup mirror(?).
>
Something's wrong. My OE still cannot connect to the news server for this
list, it continues to show unread messages are available, but it cannot
downl
Alex Nikitin wrote:
[snip]
Also you shouldn't actually encrypt passwords, the proper way to store them
is hashed, so that if someone grabs your database, they dont have your
passwords, even if they have the "key".
Hello, since this thread is about "studying mcrypt"...
In another language, for
Matty Sarro wrote:
Hey everyone,
I am a super newbie..
in the spirit of the "super newbie"..
:-)
http://interrobang.jwgh.org/songs/editors.mp3
--
D Brooke
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
NuSOAP
Hi, I am learning “SOAP web services” using “NuSOAP” I tried to
execute hello world program, but it didn’t work. When I execute the
server script It generate the wsdl without giving any warning or
error. But when I execute the client it gives following message.
” Warnin
Dear list,
I've tried Google, php.net and the list's archives, but I can't find
what I'm looking for. Maybe it's obvious, or maybe nobody wonders about
this...
For years, I've used microtime() to get the current time including the
microseconds. However, somebody pointed me at a sentence in the ma
Hi,
Use value="$_POST['user']" or sg like that because:
before send value eq null, after if returned -cause of a fail- the inputs
remain
also set *autocomplete="off"* (at form) and if it doesn't work use js
to set null values to input boxes (add a name for ur form...)
Another way, use Google: "ja
On 3 Aug 2011, at 21:07, Daevid Vincent wrote:
> I'm working on a mobile site and from the various searches and reading (and
> even code fragments I've inherited for the project), they make reference to:
>
> $_SERVER['HTTP_X_WAP_PROFILE'] and a fallback $_SERVER['HTTP_PROFILE']
>
> However, when
51 matches
Mail list logo
