Jump to content

23.12.2012

Members
  • Posts

    246
  • Joined

  • Last visited

Everything posted by 23.12.2012

  1. I was thinking the other day about website defacement and I was struck by this idea. What if we manually generated the MD5 for the index file and checked it against the MD5 of the file to be loaded by the browser? This way, if someone uploaded a hacked file to the server, we would have a way to prevent it from being displayed to the users. So the code would look like this // ...if(md5_file('index.php') == GEN_MD5) { // GEN_MD5 is the manually generated MD5 require_once 'index.php';} else { require_once 'backup_index.php';}// ... Would it be a good way to protect a website against this type of vulnerability? The only downside I see is that if you forget to generate a new MD5 after altering the index file, the application breaks. Let me know what you think! Thank you in advance!
  2. They are dynamically generated, I have just written a fast example in the code above. So would this be a good practice?
  3. I've been teaching myself C for quite some time and now I'm trying to write a new PHP application, just to catch up a little bit. So I was thinking of actually creating a PHP file containing all the function declarations and definitions and including it in the header.php file, like I'm doing below. Would this be a good idea, or would there be a better way to go about it? Thanks in advance!libirr.php function irr_title_display();function irr_header_display();/* Some other prototypes */function irr_title_display() { echo 'Title';}function irr_header_display() { echo 'Header';}/* The rest of the definitions */ header.php <?php require_once "libirr.php" ?><?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > <head> <title><?php irr_title_display(); ?></title> </head> <body> <div id="header"> <div id="title"> <h1><?php irr_header_display(); ?></h1> <h4><?php irr_subheader_display(); ?></h4> </div> <div id="login"> <p>Welcome, <strong><?php irr_user_display(); ?></strong>!</p> </div> <div id="nav"> <ul> <li>Item 1</li> <li>Item 2</li> <li>Item 3</li> <li>Item 4</li> <li>Item 5</li> </ul> </div> </div>
  4. Thanks a lot for your responses! I've given Zend a try (not the first one), but it simply doesn't suit me (or I don't suit it, I can't say for sure). And that's how I've got to Kohana. The documentation sucks big time, but I've found this tutorial which seems to have me up and running quite efficiently.
  5. I'm about to start working on a new project, and I was thinking of actually using a framework this time around. Although most online resources agree that a framework is the better way of doing things, some book authors said that they preferred writing all the code from scratch. So how would you go about this? Do you recommend me to use a framework (I'm thinking Kohana right now), or is writing everything from the ground up just as good? Thanks in advance!
  6. Did you try restarting the web server?
  7. 23.12.2012

    download page

    Are you sure it's a MINE type and not MIME type?
  8. What's wrong with ctype_alnum()?
  9. Use a Firebug-like software for your web browser for testing out the JS. Code with PHP error level set to E_ALL | E_STRICT, displaying the errors on screen. If you get no errors in either tests, there is a problem with your PHP installation.Anyway, you haven't given us any code or setup information. No one will be able to help without these.
  10. I think you want to do something like $db_query = "SELECT * FROM table WHERE condition is met"; # Create the query$db_result = mysql_query($db_query); # Query the database$db_row = mysql_fetch_assoc($db_result); # Get the row from the database/* Display the info */echo $db_row['column1'] . "\n<br />";echo $db_row['column2'] . "\n<br />";echo $db_row['column3'] . "\n<br />"; For more information, check the official PHP manual for mysql_fetch_assoc().
  11. 23.12.2012

    gmp code

    Since I'm not a Windows user and WAMP's site does not show what comes with it (or makes it too hard for me to find), I can't tell for sure, but you could read this entire thread, and, if it still doesn't solve your problem, keep digging. XAMPP does not support GMP by default, as far as I can tell.
  12. 23.12.2012

    gmp code

    Has PHP 5.3 been compiled with GMP support? What you want to do will not be possible if the PHP development team have committed any changes to the dlls.
  13. I agree with Sami. Is The Website yours, or an external one, from which you'd like to fetch information?If it's external, you'll want to look for an API of theirs. Otherwise, I'm afraid it's hardly possible. If it's local, you'll want to use the GET request.
  14. This is all you can do with PHP by default.
  15. 23.12.2012

    Order by Date

    Yes, it would first order by day, and, if two dates are on the same day, they get ordered by time. I don't see anything wrong with this approach.
  16. I think Blah Blah was a placeholder <-- LOL
  17. You're not putting the " and ' correctly. Try the following piece of code $value = $_POST['delete'];$db_query = "DELETE FROM gigs WHERE date='$value'";mysql_query($db_query);
  18. Ok, it is, but... why would you do that? I'm quite sure there is a more elegant solution.
  19. You are right about the chances, it should be if($attack_chance <= 75) {} I also suggest you use mt_rand() instead of rand(). The code is fine, though, but try using this one and see what number is displayed. It is possible there were no numbers above 75 picked up, and so the condition was never true. $attack_chance = mt_rand(0, 100); # 0% is also possibleif($attack_chance <= 75) { # Raise the chances header('Location: attack.php'); echo $attack_chance . "\n"; # Display the chances} As for your other question, I'm not sure I get it, but I think you should be able to store all the equipment in the game in an array. For every player, mark the piece of equipment with either 1 (true) or 0 (false). If all the equipment required for traveling on water is TRUE, let the player pass. Otherwise, display a message.
  20. It would help to firstly get familiarized with most if not all of the attacks (XSS, CSRF and SQLi are the very basics), and then start researching on what you could do to prevent them.End User's ha.ckers.org link is a very good place to research on XSS, while HTML Purifier passes all the tests in there.
  21. The best solution, in my opinion, is to create a very basic application, which is easily and powerfully extensible. As an example, both Opera and Chrome have their developer tools built-in, which are basically just like Firefox's Firebug. But they're bloated and inefficient. Firefox, on the other hand, doesn't have anything built-in, Firebug is just a powerful plug-in, independently developed by someone. And the examples are, to use another marketing stereotype, unlimited.The plug-ins, which are functionalities developed by one who focused on that small thing, are what makes Firefox my browser of choice.
  22. 23.12.2012

    Validate?

    One error in your code: you do not put a semi-colon after a curly brace. Of course the curly braces are used in PHP, but they are only required in compound statements. Yours wasn't one. Although not uploading the file would throw an error, the specified one is not related to this. Do check the manual for date.
  23. I think this line is wrong <meta http-equiv="charset" lang="en" /> I'd get rid of it and the other one <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> and write, above the DTD <?xml version="1.0" encoding="utf-8" ?> I think /jaasp is a typo in here <script type="text/javascript" src="/includes/scripts/jsasp.js" id="/jaasp"></script> And all of the above.
  24. Thing is... you can't just "blindly copy techniques" people suggest in here. Coming with a piece of code and asking what's wrong is not the best way to learn. As I said earlier, download an AMP stack and run the code in the first post. It will surely generate errors. Fatal or warnings, or notices. It doesn't matter. Read the errors, understand them, and then come up with a fix. Make them disappear. Debugging is where you're going to spend most of your time when writing an application, so you don't have to get everything right at first.For example, when I first learnt PHP, I was presented the concept of sticky forms. The code there was something like <input type="text" name="username" id="username" value="<?php echo $username; ?>" /> and I was running it locally, without having PHP print warnings on screen. Some day, I switched to E_ALL | E_STRICT, displaying all the illegalities on screen and saw that my field was already filled with a warning. I read the error and figured out that, when you first display the page, $username is not set. So it was easy to fix that by writing a condition. <input type="text" name="username" id="username" value="<?php if(isset($username)) echo $username; ?>" />
×
×
  • Create New...