PHP - Securing Video Links

Hello,  I am quite new to the php and website scene and i am trying to find the best way to validate and sterilize my $_post the way i have come up with is 

$id = filter_var(mysql_real_escape_string($_POST['id']),FILTER_SANITIZE_NUMBER_INT);

or

$id = mysql_real_escape_string($_POST['id']);
$id1 = filter_var($id,FILTER_SANITIZE_NUMBER_INT);

which will be the best way to do it or is there a better way.   Thanks 
Edited by AdamHull12, 04 October 2014 - 11:15 AM.

Hey everyone,

I am new to PHP and I want to learn how to secure a PHP session properly.

I wrote a few lines, but I don't know if it's secure enough.

Code: [Select]
<?php
session_start();

if (isset($_SESSION['exists'])) {
    if ($agent != $_SERVER['HTTP_USER_AGENT']) {
        session_unset();
        session_destroy();
        session_regenerate_id(True);
}
}
else {
    $_SESSION['exists']=1;
    $agent=$_SERVER['HTTP_USER_AGENT'];
    session_regenerate_id();
}
?>

Can anybody help me correct or improve my code?

Thanks in advance.

Hello everyone, this is my first post. This isn't just a simple post and leave, I'm looking to expand into this community and learn as much as I can. Well on to the problem at hand!

I decided to start with something simple as a login page and now want to expand it to make it fully functional.

Code: (index.html) [Select]
<html>
<head>
 <title>Deadnode.com</title>
 <LINK href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div style=width:150px;height:80px;position:absolute;left:40%;top:35%;
margin-left:-135px;margin-top:-50px;">

<div class="sidebox">
<div class="boxhead"><h2>Login Required</h2></div>
<div class="boxbody">
<form method="post" action="check.php">
<center><table>

<tr><td><font face="verdana,arial" size=-1>User:</td><td><input type="text" name="user"></td></tr>
<tr><td><font face="verdana,arial" size=-1>Pass:</td><td><input type="text" name="pwd"></td></tr>
<tr><td><font face="verdana,arial" size=-1>&nbsp;</td><td><font face="verdana,arial" size=-1><input type="submit" value="Login"></td></tr>
</table></center>
</form>
</div>

</div>
</body>
</html>

Code: (function.php) [Select]
<?php
function check() {
$admin="test";
$pass="test";
if ( $_POST["user"] == $admin & $_POST["pwd"] == $pass) {
  header('Location: output.php'); }
else {
  header('Location: index.html'); }
}
?>

Code: (check.php) [Select]
<?php
require('function.php');
check();
?>

This is just the code in it originally form; completely functional. I tried to use start_session() in my check() function. I know I should be using cookies, but I haven't gotten that far yet. Is it possible to use my check function as a way to block pages? I tried inserting the same code that is in check.php onto a html page, but I've had no luck with it redirecting back to my index.html page.

I am building an e-commerce site and have a security question.

My Payment Gateway has given me "Log-In ID" and "Transaction Key" that I use to log in to their server to submit payments.

What is a *reasonable* way to protect this information?

I have a VPS with root access, although I'm relying on using sFTP and the Plesk Control Panel since I don't know SSH yet.

Can I just store my "Log-In ID" and "Transaction Key" in a php file outside of my Web Root and include it?

Would that be secure enough for now?

Thanks,



Debbie

I tried searching but came up empty handed, hoping you guys can give me some assistance.

I have a login script that I would like to lock down a little from flooding. What is the easiest way to do this? Something that will restrict the IP if the script encounters x amount of failed attempts in x amount of minutes.

Thanks!

I've just gotten back into re learning web development, I have created a contact form however my server is forcing me to use SMTP which will require me to have a config include with my details inside. How do I ensure nobody can open the files in the browser? I have heard of putting the files outside of the webroot or using htaccess files however the passive aggressive answers I got from stack over flow didn't tell me HOW to implement them.

The files are
Form.HTML
Bin/config.php
Bin/mail.php

Any help is appreciated.

Hello, I wish to secure the PayPal form button. As my button is used on a subscription website, I don't want people changing the parameters and code needs to be hidden from peering eyes with firebug for instance.


I have heard that you can pass the data to PayPal be given a CMD URL in return and you simply forward the user to such URL.


Anyone know of this? - or another method?


The button manager is not acceptable as the values will change in the hidden fields.


George.

Hi,

I want to secure my AJAX routines which use the POST method. I want to prevent people from posting to my method with their own program/script.

I have read about making a random seed that the server knows to expect from authorized AJAX sources.

What is the basic code for doing this?

If I store a value in a hidden form control, and then use that as a means to pass the value to another PHP script, could that cause any security issues?

 

 

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=346762.0

This topic has been moved to Ajax Help.

http://www.phpfreaks.com/forums/index.php?topic=358932.0

<html>
<?php




$id = $_GET['id'];

$dbusername="web148-matt";
   $dbpassword="matt";
   $dbdatabase="web148-matt";
   mysql_connect(localhost,$dbusername,$dbpassword);
   @mysql_select_db($dbdatabase) or die( "Unable to select database");      
   
mysql_query("UPDATE count SET clicks=clicks+1 WHERE id='$id'");

$sql = mysql_query("SELECT link FROM count WHERE id='$id'");
$fetch = mysql_fetch_row($sql);


$result = mysql_query("SELECT * FROM count");

while($row = mysql_fetch_array($result))
  {
 
  echo "<a href=" .$row['link'].   ">Link</a>";

  }


?>


<a href='http://www.google.com'>Google</a>
<a href='/index.php?id=2'>link2</a>
</html>

So I have been working on my website for a while which all is php&mysql based, now working on the social networking part building in similar functions like Facebook has. I encountered a difficulty with getting information back from a link. I've checked several sources how it is possible, with title 'Facebook Like URL data Extract Using jQuery PHP and Ajax' was the most popular answer, I get the scripts but all of these scripts work with html links only. My site all with php extensions and copy&paste my site links into these demos do not return anything . I checked the code and all of them using file_get_contents(), parsing through the html file so if i pass 'filename.php' it returns nothing supposing that php has not processed yet and the function gets the content of the php script with no data of course. So my question is that how it is possible to extract data from a link with php extension (on Facebook it works) or how to get php file executed for file_get_contents() to get back the html? here is the link with code&demo iamusing: http://www.sanwebe.c...-php-and-jquery thanks in advance.

Hello, i just joined the forums, nice forum .

Well im looking for a solution. I want download the videos from a site, but i cant find a solution how to get the location of the video, cause its dynamic.

Here is a sample video: http://www.collegehumor.com/video:1946215

And here is the link to the video: http://8.media.collegehumor.cvcdn.com/21/12/a8cc907f5e150fe77ce7c0c47b1b9d31.mp4

That link i got via a FIREFOX Addon called "DownloadHelper" this addon finds the location with help of http headers. So is it possible way to find the videos with php?

Thanks for help.

hi all
How we can read the id of an element tag on the html page to use it in a sql query for selecting a particular record.

or else how we can simply connect a link to jwplayer to play in the specific area defined for it. That we just click that link and it will play a
video in that area.
how it is implement in php