Jump to content

WesleyA

Members
  • Posts

    172
  • Joined

  • Last visited

Posts posted by WesleyA

  1. Sorry it's an old question. I had the topic put aside for a while but I want to go on with it.

     

    I found this script online, it recommends to use SSL, but the whole setup is done with javascript encryption.

     

    http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

     

    My issue is that I dont know if I can trust a script developed by a third party. I can undestand a part of the script, but encryption is really complicated. (thouhg i have not tested or practiced any javascript encryption yet).

     

    What does this encryption do in the example used in the link above and what does the author know about how it is done? How safe is javascript encryption of a third party anyway?

     

    I hope people here can help me and explain these things in a more clear way to me.

  2. I have a table which is either empty or has 1 record

     

    If the table is empty i cant retrieve info from the database and get an error message.

     

    my code:

        $sql = "SELECT id FROM users WHERE id = (SELECT MAX(id)FROM users)";
        $result = $conn->query($sql);
        foreach ( $conn->query($sql) as $row ) {
        $id = $row['id'];
    

    the for each line gives an error message:

     

     

     

     

    Warning: Invalid argument supplied for foreach() in

     

    how to solve this?

  3. For these query (if exists) I am searching.

     

    If you want to select the last added record I use this query

         	$hi_val = mysqli_insert_id($conn);	
    

    Above code works but only if I have just added with INSERT, but I want to use it with SELECT.

     

     

     

    I also have a php part in combination with COUNT ROWS and then determine the highest record value.

     

    But I am looking for MYSQL query that counts and determines the last added record and select it.

     

    what solutions do you know?

  4. My code doesnt work the way I want it.

     

    The goal is a gradient background.

     

    I made an external style sheet.

     

    Like this:

        .grad{
    	height: 1020px;
    	width: 1900px;
    	/* Permalink - use to edit and share this gradient: http://colorzilla.com/gradient-editor/#feffff+0,ddf1f9+35,a0d8ef+100;Blue+3D+%2318 */
        background: #feffff; /* Old browsers */
        background: -moz-linear-gradient(top,  #feffff 0%, #ddf1f9 35%, #a0d8ef 100%); /* FF3.6-15 */
        background: -webkit-linear-gradient(top,  #feffff 0%,#ddf1f9 35%,#a0d8ef 100%); /* Chrome10-25,Safari5.1-6 */
        background: linear-gradient(to bottom,  #feffff 0%,#ddf1f9 35%,#a0d8ef 100%); /* W3C, IE10+, FF16+, Chrome26+, Opera12+, Safari7+ */
        filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#feffff', endColorstr='#a0d8ef',GradientType=0 ); /* IE6-9 */
    
        }
    
    
        .maincell
    
        { text-align: left; 
        width: 1900px; 
    
    
         }
    
        .topcell {
    	
    	horizontal-align: left; 
    	height: 100px; 
    	
         }
    
         .downcell {
    	
    	horizontal-align: left; 
    	height: 600px;
    	
           }
    

    The html code

        <html>
        <head>
        <link rel="stylesheet" type="text/css" href="style3.css">
        </head>
    
        <body class="grad">
    
         <FRAMESET ROWS="15%,85%" frameBorder="0" border="0">
         <FRAME SRC="carn_head.php" name="navigatie"   scrolling="no">
         <FRAME SRC="carn_bottom.html" bordercolor="#CBEDF1" name="main">
         </FRAMESET>
    
        </body>
        </html>
    

    The error is that I get to see a gradient background but not the code put in the pages. It used to when I hadnt add the .grad class.

     

    How can I have a gradient background and over it a frame showing the pages intended in the frame src?

  5. hello

     

    I have some questions about IIS. Is it possible to use IIS for developing html/javascript/css ?

     

    I am just totally new to the subject, I'm looking for good tuts about it, and then especially if you know it works like WAMP so being able to control the httpd file and create virtual hosts and makes web pages here.

     

    Please help

  6. And, no, Javascript encryption is pointless. When you either hash or encrypt data that you're saving in a database that should only be done on the server, not in the browser.

     

    I see.

     

    For me the entire matter is still a bit perilous.

     

    But if I use html and the password attribute and have that sent by SSL/TSL towards the server and store the password encrypted in the database then it is safe?

     

    I'm asking this because I'm looking for the right method. If there is one; at least. (there could be more namly)

  7. Hi all

     

    I would like to know whether it is possible or not to build a secure inlog script. The script I have as example is mainly in php.

     

    I read a couple of tuts online and watched some youtube video's and discovered that both javascript and php are used.

     

    I dont know much about encryption but more and more questions are rising .....

     

    Is it true that it is possible to add javascript encryption wen you want a user to login ?

     

    My own idea is that this looks quite insecure as anybody can see the encryption code.

     

     

    I have more questions but first i would like to know this if possible.

  8. You can use test email tool instead, it check for email from port sent through php file from wamp, and sends result to you default mail program.

     

    Never hear of it.

     

    Is that a Test Mail Server Tool? And should I install that / is there a download link?

    Or can it be activated in WAMP?

  9. I have WAMP installed and the goal is to create a script that sends emails.

     

    I checked the php.ini file and found no smtp is installed.

     

     

    But how does this work with WAMP? I need a mailserver I assume?

     

    Is there a default one in WAMP and how to install it?

     

    If not then how can I install a good one? And how to configure it?

  10. How should I validate 'wrong' or 'fake' protocols? Not sure how to explain this.

     

     

    I mean type mismatches like gttps : // but also random chars like qwerty : // should be validated. So chars before : //

     

    ( placed spaces in the protocols above else I wasnt possible to post it here)

     

    How to do this with regex php?

  11. In PHPmyadmin I can't move the position of the columns.

     

    So when I go to change/modify (not sure how it's called in English) I get the possibility to move column and the place it after another column then where its placed now.

     

    Though, it does print the query it goes like

    
         ALTER TABLE `my_tab` CHANGE `col1` `col1` TINYINT(1) NULL DEFAULT NULL AFTER `col5`;
    

    I have not tested in the mysql console, but in PHP the columns don't move (anymore) like they did do beforehand.

  12. hello

     

    my programming is focused at the image processing library GD and FREE TYPE.

    I tried , amongst others, the script at this page : http://code.tutsplus.com/tutorials/build-your-own-captcha-and-contact-form--net-5362

    but I cant get it working.

     

    I placed the true type font *.ttf file in the right directory but still get an error message saying: The image 'http://localhost/mydirectory/captcha.php' can't be displayed because it contains errors. (not sure this is the correct translation of the errormessage as it was displayed in my own language).

     

    I tried many things. like placing it in another directory. I checked phpinfo() to see if GD was installed which it was.

     

    Firefox gives an error message, IE and Chrome just dont show anything.

     

    This is the code:

        <?php
        session_start();
     
        $string = '';
     
        for ($i = 0; $i < 5; $i++) {
        // this numbers refer to numbers of the ascii table (lower case)
        $string .= chr(rand(97, 122));
        }
     
        $_SESSION['rand_code'] = $string;
     
        // $dir = 'fonts/';
        $dir = 'http://localhost/mydir/fonts/';
     
        $image = imagecreatetruecolor(170, 60);
        $black = imagecolorallocate($image, 0, 0, 0);
        $color = imagecolorallocate($image, 200, 100, 90); // red
        $white = imagecolorallocate($image, 255, 255, 255);
     
        imagefilledrectangle($image,0,0,399,99,$white);
    
        // imagettftext ($image, 30, 0, 10, 40, $color, $dir."arial.ttf", $_SESSION['rand_code']); 
    
         imagettftext ($image, 30, 0, 10, 40, $color, "arial.ttf", $_SESSION['rand_code']);
         header("Content-type: image/png");
         imagepng($image);
     
    ?>
    

    What I want to know first is if I understand fully how it should be done. Maybe the tut I'm working with is not complete.

     

    Online I found a few topics with the same error report, they solved it by saving it as another file format (not utf-8).

     

    I would like to try that but dont know how. Notepad doesnt seem to have that feature of another file format like UTF-8 NO NOM.

     

    And besides that: WHY is file format so important?

     

    Please help !

  13. SSL is client side encryption, except that you're letting the browser handle it which leaves no room for error. You should have an SSL certificate if you're sending sensitive data. Javascript is not always available and there's a lot of room for error if you attempted to do encryption with it.

     

    SHA 256 is not encryption, it's a hashing algorithm, which means the original data is lost. You should be doing that on the server-side right before saving the password to the database.

     

    So when using SSL; other encryption or hashing methods are not necessary?

  14. I'm trying to create a secure inlog script in php/mysql.

     

    I'm faced with many subjects I absolutely know nothing about so I was looking for some help.

     

    I'm want to understand the route of a password from the browser to the database.

     

    One thing that is very hazy to me is the difference between SSL and encryption.

     

    My idea is that I could use javascript SHA 256 encryption at the client side.

     

     

     

    But other sources online recommend SSL.

     

    I was thinking, would it be possible to both use SSL as well as SHA encryption.

     

    Now, I asked questions before here moslty solving script issues, but now, I look for an advice about what the possibilities are.

     

    I have no script yet, because first I want to determine in which way the chances for security leaks are minimized.

     

    is there anyone who can give more clarity about it?

×
×
  • Create New...