Jump to content

Err

Members
  • Posts

    1,009
  • Joined

  • Last visited

Everything posted by Err

  1. Err

    Password encryption

    If the database is compromised, then they probably already have access to sensitive information they were trying to access. Same thing with the web server, if someone gets access they can get to your include file.If you want to save salts in a include file you can use arrays.
  2. Err

    date range

    Your second example needs to follow the same date format. So try this: $startDate = $monday->format('d-m-Y');$endDate = $sunday->format('d-m-Y')'; Also, I don't know if you did this by accident but the for loop is missing the closing curly bracket }
  3. Err

    Password encryption

    I should note right now, there is no consensus on any number of methods used. But generally, for practical purposes, using sha1() and a randomly generated salt or two ensures good security. Obviously it's not the best method you can do, but I find it that doing that suites MY needs and level of protection just fine.I can help you with #3 at least. An example: $salt = uniqid(); $pass = sha1($pass.$salt); Then save $salt in the database so you can reference it again later.
  4. Yes. Using a database is faster. Because you didn't mention what you have tried I'm going to be general. If you're gonna edit values in the database directly, then all you need to do is setup a database and a table with the columns that you need. A very popular database is MySQL, and a very popular database manager is phpMyAdmin, both are free. You can setup and manage your database with phpMyAdmin if you have it. More than likely your webhost (if you have one) will have phpMyAdmin database manager together with a MySQL database, just look for the link.
  5. Err

    Shellcode

    Thanks, your explanations have been very helpful.
  6. Err

    Shellcode

    Shouldn't I be able to detect messages like that through a .htaccess file and prevent attacks that way? Or would it be too late by the time the messages reach the .htaccess file?
  7. Err

    Shellcode

    On an Apache server I have, been getting what I can only describe as attacks from different ips. My access logs have this: 68.91.91.177 - - [25/Apr/2012:17:13:40 -0500] "\xb2\xfdf\x1c/\xbf\x96z\x18\xce\xd8'\r?`\xle;\x0e@D\xed\xdd\x7f\x88\xdaB" 501 299 "-" "-" I did a bit of research and found that it may be linked to Shellcode. Shellcode as I've understood in this context is arbitrary code that can be run on the machine to give attackers control over the machine. Am I right about this? How can I prevent such attacks? Or, at the very least, protect against these type of attacks?
  8. Column 2 & 3 are the same column name. You mean ig_paragraph, right?
  9. Line 183: Instead of if (eregi($Match, $agent)) try to replace with this: if (preg_match("/$match/",$agent))Line 247: It's because there is no such variable as: $row["device"] you therefore cannot assign nothing to another variable.Maybe you mean: $row["anno_device"];
  10. Personally, I would either do more queries to narrow it down even more or create a script that processes the information outputed which then puts it into tabular data the way you want.
  11. Use arrays: $mths = array(1 => 'January', 2 => 'February', 3 => 'March', 4 => 'April', 5 => 'May', 6 => 'June', 7 => 'July', 8 => 'August', 9 => 'September', 10 => 'October' 11 => 'November', 12 => 'December'); $fromMonth = 5;$toMonth = 7; // After you set the array, then just add 1 to $fromMonth every time by counting up until it reaches $toMonth,// you can do this by using a while loop.// While it's counting up, it's referencing the current number in the array which also echos out the month name. while ($fromMonth <= $toMonth) { echo $mths[$fromMonth]."<br />"; $fromMonth++;} The above should work (I didn't test).
  12. Validating your website isn't a bad idea. http://validator.w3.org/check?uri=http%3A%2F%2Fwww.divinedesigns1.com%2F&charset=%28detect+automatically%29&doctype=Inline&group=0
  13. Edit: Never mind, I see that you've tried it.
  14. You can host the files yourself with WAMP. Also, new routers (you may have one of these kind) have a USB port attached to them for creating a temporary web directory for sharing files.
  15. What I usually do is: Make sure user cannot put username for a password.mysql_real_escape_string(); for sql injection protectionAdd a "salt" to password, then use sha1() BTW, sha1() is more secure than md5(). So something like this: $salt = "Salt makes a hash more secure.";if ($username !== $password) { $username = mysql_real_escape_string($username); $password = sha1($password.$salt);} I like to go overboard though. I save the hash of both the password and the username. This gives the login function more security as you don't have to worry about sql injection since it turns the username into a safe hash. I don't keep the plain-text username in the database unless I know I need to reference it. Instead I assign the username to the session. So as long as the user is logged in, they will have access to their own username in plain-text through the session.
  16. I think I may have figured it out. Also, can a moderator kindly move this thread to the PHP area?Edit: *2 hours later* Confirmed. I figured it out. html_decode() and htmlentities() had to have the charset set to UTF-8.
  17. I had wrote a lot of stuff and I lost it all messing my browser settings... lesson learned.Basically, I have a application where I can search. The problem is when I search for characters like ¶ ® Ø I get this back: ¶®Ã�I have made sure my encoding on the page is UTF-8, made sure accept-charset="utf-8" is on the form and finally made sure my browser was set to display UTF-8. Where am I going wrong?
  18. Err

    What's wrong with this?

    Yes. I only want the errors returned if it does not connect. I think the concept they were not getting was that even in IF.. ELSEIF statements code inside of it is executed. Also that fact that you can assign variables inside those statements coupled with the @ suppressor.I call it like this: $err = dbConnect('yourhost','user','pass','yourdb');if (!$err) { // do db stuff}echo $err;// echo other stuff, but if there is an error, it gets echo'd as well. Okay, that's all the feedback I needed. Thanks for assisting, everyone.
  19. Err

    What's wrong with this?

    Maybe. But then again they could of simply been wrong. Least it's now verified that my code is okay two other people.
  20. Err

    Web Address validation

    You may want to look into filter_var()
  21. Yeah, sorry about that, it was my fault for not refreshing a few times. I've been working on my project for so long that I've gotten used to changes showing up immediately.There is nothing else, right now.
  22. Ah, I see. It was my cache, I should of known better. It looks good.Go to: http://www.imgur.com/Put the direct link in img tags.
  23. Err

    I Tired...

    I would validate the page:http://validator.w3.orgIt will tell you any errors you have on that page. it won't validate PHP, only HTML.
  24. Err

    What's wrong with this?

    That I was connecting wrong.
×
×
  • Create New...