Jump to content

pizzaguy

Members
  • Content Count

    113
  • Joined

  • Last visited

Community Reputation

0 Neutral

About pizzaguy

  • Rank
    Member

Contact Methods

  • Website URL
    http://yesiwouldlikefrieswiththat.com/
  1. Alright, I think I understand. Thanks!
  2. Well the primary reason I want the authentication is to receive the User's blog URL; I don't want people to be able to impersonate others.
  3. Well, I'm certainly not going to be putting huge sums of money on the line; all I intend to do is basically include information from a blogging website. So, it's not critical information, but I certainly don't want people to feel that their accounts are vulnerable. Presently, I only really have the means for a single server set up; I would be very happy if the site actually got to the point were multiple servers were necessary.
  4. I'm not sure I understand you, but I think you're misinterpreting me. If I understand you, I think you believe I'm saying that site B is giving me the user's password. The Other website (which I'll now call "Website B"), has the API. I want users on my site (Website A), to provide their password for Site B, so that site A can login to B's API and retrieve the desired information for use on site A. An example of the API is a call with information that includes "email", "password", and "information" attributes, in which the user logs in with the email and password, and the "information" is retrieved for use in my site.
  5. I'm trying to create a website that integrates with the API of another website, so I need to be able to store the users' passwords for this other site. Naturally, I want to try to protect them as effectively as possible, but they need to be able to be decrypted so that the regular password can be sent to the other website. What's the best way to handle this situation? I could encrypt them using something like AES encryption—Actually, does PHP have support for high end encryption like AES, Serpent or Twofish?—but that would mean anyone with access to the database of encrypted values, and the means to figure out the encryption technique (viewing the PHP files), could discover the passwords. One method I thought of would be to base the encryption on the plain-text password for my website (as the encryption key) upon log-in, since that password would be encoded with one-way encryption like md5, and then store the plain-text password in a session. My only problem here is that I have no idea how secure sessions really are; since they're stored on the server, are they secure, or could someone (on either client or server side) easily view them?Anyone have any ideas of the most effective technique for this situation?
  6. pizzaguy

    Code not working

    PHP is a server-side programming language. You need to actually run it on a server to actually see the output; you can't simply open the file in a web browser. The simplest way to test your output, I believe, would be to pick up XAMPP, which is a distribution of the Apache web server bundled with PHP, MySQL and Perl. Once you set it up, you can just place your PHP files in the server's directory and point your browser to localhost to view the page.
  7. Thank you! mysql_insert_id is just what I was looking for.
  8. For a user registration page I'm making, I have this query to insert the new user's information into the database INSERT INTO users (email,password,public_url,first_name,last_name) VALUES ('$email','$encypted','$URL','$firstName','$lastName') LIMIT 1; Is it possible to also have the query response either return the whole row, or act as though I'm also including "SELECT uid"? Basically, "uid" is my auto_incrementing value, and I want to know if it's possible to access this without having to perform a separate SQL query? It just seems redundant to insert values, and then search for those values again.
  9. I'm trying to create my first real log in system and I want it to be as secure as I can possibly make it. Right now, I have a function I'm using to clean form input for things like a user's email address, password, username, etc. when he or she is registering. Here is a snippet: /* $value is the variable taken from $_POST after the user has submitted the form */$value = @urldecode($value);$value = @strip_tags($value); $value = @stripslashes($value);$value = @substr($value,$maxLenth); Right now, my main question is whether I should leave the substr function at the bottom, or move it to the top and use it as the first action. Since I don't know much about overflows and errors like that, I wasn't sure whether it'd be best to make sure the input was shortened first, or whether I should clean everything else out of the string and then trim any excess last? Also, given what I already have here, would I still want to call mysql_real_escape_string before entering the final $value into my database? Finally, is there any other recommended actions that I should include in order to make sure any input is acceptably clean?
  10. Really, unless you use headers (although I'm still not sure if it's possible), or javascript to modify the back/forward buttons, you can't do it. If you haven't noticed, when you press back and forward the page doesn't reload since it's coming from the memory, so a server side script won't be able to affect this. But also as said above, it's not really a security issue, since going back isn't actually logging you out. It's just taking you to the cached page you were at before you logged in. For example, if you go to a website and log in from the home page, then press back, it may look like you are once again logged out, but if you refresh the page, you will see that you're still actually logged in.Another example, would be these forums. Press back after you have posted a response. The response won't be shown because you just went back to when it didn't exist, but it's still there.
  11. Alright. I was able to figure out how to do it. This is the code I used (plus a little extra, just in case someone happens to be looking for something like this) # To stop apache from killing the scriptset_time_limit(0);# Sending the correct header# The boundary=ipcamera is important.# You will have to change "ipcamera" to whatever your camera uses to seperate the# images. Mine uses "--ipcamera" as seperator. You can omit the leading --, but have# to use the rest.header('Content-Type: multipart/x-mixed-replace;boundary=ThisRandomString');# Sending the images# You probably have to adapt the url to the video screen of your cam.//readfile('http://user:pass@ip_adresse_of_camera/video.cgi') //readfile('http://192.168.1.90/img/mjpeg.cgi');$fp = fopen("http://192.168.1.90/img/mjpeg.cgi", "r");$buffer = '';while(!feof($fp)){ $buffer = fgets($fp,300000); //just an arbitrary limit size which will be larger than any line given. if(!is_null($expiration) && time() > $expiration && trim($buffer) == "--ThisRandomString") break; //if the time has expired, and the stream has finished sending a frame echo $buffer;}if(!is_null($expiration) && time() > $expiration){ //if expiration has occurred echo "--ThisRandomString\n"; echo "Content-Type: image/jpeg\n"; echo "Content-Length: " . filesize("expired.jpg") . "\n"; echo "X-TimeStamp: 99999999999999\n\n"; //arbitary timestamp echo file_get_contents("expired.jpg"); echo "\n--ThisRandomString--\n";} The while loop successfully emulates the readfile. The if statement inside will stop the loop if this specific stream has expired, but it will only do so once the stream has finished sending a frame. Then afterwords, a final image containing a message is shown as the last frame which will remain shown, saying that the stream has expired.
  12. Well, that might work, unless Ingolme is correct and it won't block streams already running. However, I suppose I should have been more specific regarding what I wanted to do, because it only complicates things further. What I'm trying to do is set this up so there are temporary "users" so that the webcam can be viewed. Each of these users may have a specific time which it is set to expire (im saving it in a UNIX timestamp). So, the problem with this solution is that, even if it does work, what I am really looking for is a way to only stop one account's stream, but allow others if they have not yet expired.
  13. Hello. I'm making a script to stream an mjpeg image stream from my webcam. So far it's working quite well, but I was wondering if it was possible to interrupt the stream. Currently, this is the code which is responsible for streaming it (I got it off of another site) # To stop apache from killing the scriptset_time_limit(0);# Sending the correct header# The boundary=ipcamera is important.# You will have to change "ipcamera" to whatever your camera uses to seperate the# images. Mine uses "--ipcamera" as seperator. You can omit the leading --, but have# to use the rest.header('Content-Type: multipart/x-mixed-replace;boundary=ThisRandomString');# Sending the images# You probably have to adapt the url to the video screen of your cam.//readfile('http://user:pass@ip_adresse_of_camera/video.cgi') readfile('http://192.168.1.90/img/mjpeg.cgi'); What I want to know is, is it possible to interrupt the readfile stream? For example, I want to have the webcam stream be disabled and inaccessible if it's after 3 PM. (I could easily make it check before the page loads, but I want to know if I can actually stop anyone who may be currently viewing the stream).
×
×
  • Create New...