PHP - Securing Information

Hey everyone,

I am trying to secure php includes and I wrote the following lines:

Code: [Select]
<?php
$dir=scandir('.');

if (in_array('copyright.php',$dir)) {
include('copyright.php');
}
else {
echo 'That page could not be found';
}
?>

Is this code secure enough, can anyone help me improve it?

Thanks in advance.

Hello everyone, this is my first post. This isn't just a simple post and leave, I'm looking to expand into this community and learn as much as I can. Well on to the problem at hand!

I decided to start with something simple as a login page and now want to expand it to make it fully functional.

Code: (index.html) [Select]
<html>
<head>
 <title>Deadnode.com</title>
 <LINK href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div style=width:150px;height:80px;position:absolute;left:40%;top:35%;
margin-left:-135px;margin-top:-50px;">

<div class="sidebox">
<div class="boxhead"><h2>Login Required</h2></div>
<div class="boxbody">
<form method="post" action="check.php">
<center><table>

<tr><td><font face="verdana,arial" size=-1>User:</td><td><input type="text" name="user"></td></tr>
<tr><td><font face="verdana,arial" size=-1>Pass:</td><td><input type="text" name="pwd"></td></tr>
<tr><td><font face="verdana,arial" size=-1>&nbsp;</td><td><font face="verdana,arial" size=-1><input type="submit" value="Login"></td></tr>
</table></center>
</form>
</div>

</div>
</body>
</html>

Code: (function.php) [Select]
<?php
function check() {
$admin="test";
$pass="test";
if ( $_POST["user"] == $admin & $_POST["pwd"] == $pass) {
  header('Location: output.php'); }
else {
  header('Location: index.html'); }
}
?>

Code: (check.php) [Select]
<?php
require('function.php');
check();
?>

This is just the code in it originally form; completely functional. I tried to use start_session() in my check() function. I know I should be using cookies, but I haven't gotten that far yet. Is it possible to use my check function as a way to block pages? I tried inserting the same code that is in check.php onto a html page, but I've had no luck with it redirecting back to my index.html page.

I've just gotten back into re learning web development, I have created a contact form however my server is forcing me to use SMTP which will require me to have a config include with my details inside. How do I ensure nobody can open the files in the browser? I have heard of putting the files outside of the webroot or using htaccess files however the passive aggressive answers I got from stack over flow didn't tell me HOW to implement them.

The files are
Form.HTML
Bin/config.php
Bin/mail.php

Any help is appreciated.

Hi my website offers the users to buy the videos. But the hackers are stealing my video links through view source. So there any option to hide my video links in view source and firebug etc..My videos are comign from amazon. and we are using JW  Players to play the videos
    The methods i have tried..
    1)Encode and decode the urls still the embed tag displays the complete path in firebug.
    2)Amazon provide signed url(temporary url)-Still have some problem in this..
    3)call the video through ajax call. Still the complete HTML code will be displayed in the firebug.
   
    please check here i have attached the firebug sample how it displays the code. Here we can find the complete video path in file: attribute in embed tag
   
    Is there any to hide the urls

I tried searching but came up empty handed, hoping you guys can give me some assistance.

I have a login script that I would like to lock down a little from flooding. What is the easiest way to do this? Something that will restrict the IP if the script encounters x amount of failed attempts in x amount of minutes.

Thanks!

I am building an e-commerce site and have a security question.

My Payment Gateway has given me "Log-In ID" and "Transaction Key" that I use to log in to their server to submit payments.

What is a *reasonable* way to protect this information?

I have a VPS with root access, although I'm relying on using sFTP and the Plesk Control Panel since I don't know SSH yet.

Can I just store my "Log-In ID" and "Transaction Key" in a php file outside of my Web Root and include it?

Would that be secure enough for now?

Thanks,



Debbie

Hello, I wish to secure the PayPal form button. As my button is used on a subscription website, I don't want people changing the parameters and code needs to be hidden from peering eyes with firebug for instance.


I have heard that you can pass the data to PayPal be given a CMD URL in return and you simply forward the user to such URL.


Anyone know of this? - or another method?


The button manager is not acceptable as the values will change in the hidden fields.


George.

Hi,

I want to secure my AJAX routines which use the POST method. I want to prevent people from posting to my method with their own program/script.

I have read about making a random seed that the server knows to expect from authorized AJAX sources.

What is the basic code for doing this?

If I store a value in a hidden form control, and then use that as a means to pass the value to another PHP script, could that cause any security issues?

 

 

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=346762.0

This topic has been moved to Ajax Help.

http://www.phpfreaks.com/forums/index.php?topic=358932.0

Not so much of a programming problem as such but if I add the ability to recover accounts via IP address, is it possible to spoof an IP address? Is it a bad idea to automatically allow a user to reset a password if their IP (according to PHP) matches the IP that created the account?

This is my school project "tv-info" that uses simple_html_dom.   My tv.php

// scrape a tag
$html = file_get_html("http://www.ampparit.com/tv-opas?g=peruskanavat-1");
foreach($html->find($tag) as $e)
$main = $e->plaintext . '<br />';
	
//plain
	
$html = file_get_html("http://www.ampparit.com/tv-opas?g=peruskanavat-1");
echo $html->find('[table class="fullwidth"]', 1)->innertext.'</table>';

So my problem is how I can remove some tags in this page? It shows too much things and what I want it is show only tv-table..    There is inside this this tv table like this:

<table class="content-layout">
                <tr>
                    <td id="content" class="content"><div class="submenu-top-container">
    <form action="haku" class="right" style="margin-top: 5px;">
        <div class="input-wrapper">
            <input type="text" name="q" placeholder="Kirjoita hakusana..." style="width: 165px;"><input type="hidden" name="t" value="tv"><button>Hae</button>
        </div>
    </form>

    
    <div class="submenu-top-item selected">
        <a href="/tv-opas" class="submenu-top-item-link">Ohjelmaopas</a>
    </div>

    
    <div class="submenu-top-item ">
        <a href="/tv-opas?g=suosikkikanavat" class="submenu-top-item-link">Suosikkikanavat</a>
    </div>

    <div class="submenu-top-item ">
        <a href="/tv-opas?g=peruskanavat-1&amp;ss=movies" class="submenu-top-item-link">Elokuvat</a>
    </div>

    <div class="submenu-top-item ">
        <a href="/tv-opas?g=peruskanavat-1&amp;ss=sports" class="submenu-top-item-link">Urheilu</a>
    </div>

    <div class="submenu-top-item ">
        <a href="/tv-opas?g=peruskanavat-1&amp;ss=favorites" class="submenu-top-item-link">Suosikit</a>
    </div>
</div>

Thank you if someone can help me! And if someone ask me to use tvrage, I don't because I'm from Finland and there is no support for Finnish tv-series etc..

Can someone help me send a value in a form to another page...(value=$emailhim)
 

This is the sending page
Code: [Select]
    <?php
  $emailit = $_GET['emailusr'];
echo"
            <table width='602' height='283' border='0'>
               <form action='emailuser.php' method='POST'>
              <tr>
                <td width='210' height='13'>You Are Contacting:</td>
                <td width='382' align='left'><input type='text' name='emailnow' value='$emailit' disabled='disabled'/></td>
                </tr>
              <tr>
                <td width='210' height='14'>Book Title:</td>
                <td width='382' align='left'><input type='text' name='book' maxlength='25'/></td>
                </tr>
              <tr>
                <td width='210' height='14'>ISBN Number: </td>
                <td align='left'><input type='text' name='isbn' maxlength='25'/></td>
              </tr>
              <tr>
                <td width='210' height='15'>My Email:</td>
                <td align='left'><input type='text' name='myemail' maxlength='25'/></td>
              </tr>
              <tr>
                <td height='123' align='left'>Question/Comment:</td>
                <td><textarea name='question' cols='60' rows='5'></textarea></td>
                </tr>
              <tr>
                <td colspan='2' align='center'><input type='submit' name='submit' value='Send' /></td>
                </tr>
                 </form>
            </table>"
?>


This is the receiving page
Code: [Select]


$book = $_POST['book'];
$isbn = $_POST['isbn'];
$myemail = $_POST['myemail'];



if ($_POST['submit'])
{


//existance check
if ($book)
{
if ($isbn)
{
if ($myemail)
{
$question = $_POST['question'];
$username = $_SESSION['username'];
$emailhim = $_POST['emailnow'];

//connect to database
$connect = mysql_connect("db","user","pass") or die("Not connected");
mysql_select_db("user") or die("could not log in");

//grab email from database
$query = "SELECT * FROM desiredusers WHERE username='$emailhim'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result))

//set email to variable name
$person = $row['email'];

//set SMTP
//$server = "smtp.gmail.com";
//ini_set("SMTP",$server);

//setup variables
$to = "butters4life24@gmail.com";
$subject = "$username has a question";
$body = "This is an email from $username\n\n
Their question regarding $book, ISBN#: $isbn\n
is $question\n\n\n
This is the email address $username would like you to contact him on: $myemail\n\n\n";
$headers = "From: $myemail";
mail($to, $subject, $body, $headers);
echo "$person";
echo "$emailhim";

}
else
die('Please fill in My Email. This will be the email address that the user that you are contacting will email you back on.  (*note if you do not put in your correct email the person that you emailed will have no way of emailing you back)');
}
else
die('Please fill in ISBN Number.');
}
else
die('Please fill in Book Title.');
}

?>

i need someone tohelp me  build a script that will fetch infomration on a website, and automatically input it into a database. I know its possible i have reaserached it, and it can be done by using the $curl php technique.
it is not a coplicated job i just dont have time for it.

i need the script to access diffrent website, at a specific time of day.

i want the sript to automaticlly fetch the data from each site at a spesific time during the day.

i really dont know where to start... any help will be apprecited.
I managed to come up with this, but it does not do what i want

Code: [Select]
<?php

class tagSpider
{

var $crl; // this will hold our curl instance
var $html; // this is where we dump the html we get
var $binary; // set for binary type transfer
var $url; // this is the url we are going to do a pass on



function tagSpider()
{
$this->html = "";
$this->binary = 0;
$this->url = "";
}


function fetchPage($url)
{


$this->url = $url;
if (isset($this->url)) {

$this->ch = curl_init (); // start cURL instance
curl_setopt ($this->ch, CURLOPT_RETURNTRANSFER, 1); // this tells cUrl to return the data
curl_setopt ($this->ch, CURLOPT_URL, $this->url); // set the url to download
curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, true); // follow redirects if any
curl_setopt($this->ch, CURLOPT_BINARYTRANSFER, $this->binary); // tell cURL if the data is binary data or not
$this->html = curl_exec($this->ch); // grabs the webpage from the internet
curl_close ($this->ch); // closes the connection
}
}


function parse_array($beg_tag, $close_tag) // this function takes the grabbed html and picked out the pieces we want
{
preg_match_all("($beg_tag.*$close_tag)siU", $this->html, $matching_data); // match data between specificed tags
return $matching_data[0];
}


}
?>