PHP - How To Incorporate Attack Speed With Php + Websockets

Hello dear friends  ,

I'm under attack huge attack from spam bots and i need your help

1) i've a form with input text and input submit
2) no way to add html cause using js banned any < or > ..ect
3) the spam attack now post html code but it stored into database after automatically  < and > removed as i mention in (2) okay

add to your note i can't add captcha cuase my website for kids 

Now please allow me to explain this idea and let me know if it ture or there is another way else more simple

1) i will add hidden input with value shows "IP Number Of Poster"

2) by that way i will know the IP of the spammer

3) i will use php and mysql to create database table and store the IPs of spamming i collect so that when that spammer hit my website again , will not be able to view input form.

What do you think ! is it right or bad solution or is there any any way

the bad idea is that spam is not sure human cause it is stupid and post something meaningless and not ture and fake urls like this

Code: [Select]
theuzgfnpbmi, [url=http://gdtuaemvkpif.com/]gdtuaemvkpif[/url], [link=http://rsxtnszcpceq.com/]rsxtnszcpceq[/link], http://awpfgwtvqkdm.com/" theuzgfnpbmi, [url=http://gdtuaemvkpif.com/]gdtuaemvkpif[/url], [link=http://rsxtnszcpceq.com/]rsxtnszcpceq[/link], http://awpfgwtvqkdm.com/"
please help if you have any suggestion or method how to stop such spammers

thank you so much 

Well, I just want to know, if I add mysql_real_escape_string and strip_tags to a checkbox, does this mean it is 100% protected from SQL injection and XSS attack? For example:

Code: [Select]
<input type=checkbox' name="checkbox"/>

$checkbox = mysql_real_escape_string(stip_tags($_POST['checkbox']));

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=354848.0

Hi I need to test for XSS attack and aim is to break my own site.

I am using strip_tags to strip all the HTML and tags.

Is there any way for successful XSS  attack even if strip_tags is used.

I have a javascript code that displays a monster hitting my character via client side only. It runs every 2 seconds via a setTimeout function.   My problem is... A user could just disable javascript all together, or craft their own code to disable the monster attack function.     I want to detect serverside if anything is being altered.  If that makes sense.     This is EXTREMELY hard for me to explain, I have no idea but my game is essentially turn based at this point. THE MONSTER ONLY DOES DMG if a player HITS IT. That way, I can safely, and change the values serverside with MYSQL.   What I want is the monster to attack the player every 2 seconds or so (Which I have javascript code for already), but a user could just manipulate that code and then attack the mob and receive only that damage. I want it to be more of an action attack game, where the monster's attack automatically, but securely... If that makes sense, any idea?   Would I have to implement some type of timing mechanism or something serverside? Or once the player spawned that mob..? Not sure. (You only have XX Seconds to kill!), but that doesn't really fix the problem..   TLDR: Autoattack mob system serverside.
Edited by Monkuar, 19 January 2015 - 10:53 AM.

Hello All,

I am in desperate help here since my site was DDoS attacked by some one in turkey (Ips originate mostly from turkey, Germany, and some other Europe countries). I have installed the ddos deflation and most of the IPs are now blocked.


I have a php file in my server that I use to input data into my database and my streaming servers. This file is called connect.php and the hacker is basically created an automated script that repeatedly call the connect.php file from a botnet resulting in both apache and mysql dead. I use connect.php in the following way

http.open('get', "ajax/createchannel_1.php?channel=" + channelname + "&sitename=" + sitename + "&privateurl=" + privateurl + "&privateurlcheck=" + privateurlcheck);

How can i change the connect.php so that it only accept execution from my server/
Please your help is greatly appreciated.

I have this php page that based on what the user chooses shows them the appropriate photo galleria and i was wondering if their was any way i could speed this up this is the php code for selecting the galleria and I'm not showing the javascript that does the slide show because it s the galleriffic jquery plugin
Code: [Select]
<div id="Info">
<div id="page">
<div id="container">
            <?php
$g = mysql_real_escape_string($_GET['g']);
$query = "SELECT * FROM pinkpanther_games WHERE Gallery_no = '$g'";
$results = mysql_query($query) or die("Query failed ($_query) - " . mysql_error());
$row = mysql_fetch_assoc($results);
echo "<h1>" . $row['Day_Played'] . " vs " . $row['Opponent'] . "</h1>";
?>
<!-- Start Advanced Gallery Html Containers -->
<div id="gallery" class="content">
<div id="controls" class="controls"></div>
<div class="slideshow-container">
<div id="loading" class="loader"></div>
<div id="slideshow" class="slideshow"></div>
</div>
<div id="caption" class="caption-container"></div>
</div>
<div id="thumbs" class="navigation">
<ul class="thumbs noscript">
<?php
$x = $row['no_Pics'];
$y = 1;
$year = $row['Year_Played'];
$day = $row['Day_Played'];
$scheck = $row['Sessions'];
if ($scheck == 1){
$sessions = "Session1";
}else{
$sessions = "Session2";
}
if ($x == 0){
echo "<li> <a  class='thumb' href='../images/nopics.jpg' title=''><img src='../images/nopicsthumb.jpg ' /></a></li>";
}else if ($x == 10000){
echo "<li> <a  class='thumb' href='../images/coming.jpg' title=''><img src='../images/comingthumb.jpg ' /></a></li>";
}else{
while ($y <= $x){
echo "<li> <a  class='thumb' href='../images/Sections/pinkpanthers/" . $year . "/" . $sessions . "/" . $day . "/" . $y . ".jpg' title=''><img src='../images/Sections/pinkpanthers/" . $year . "/" . $sessions . "/" . $day . "/thumbs/" . $y . ".jpg ' /></a><div class='caption'><div class='download'><a href='../images/Sections/pinkpanthers/" . $year . "/" . $sessions . "/" . $day . "/big/" . $y . ".jpg ' target='_blank' />Download</a></div></div></li>";
$y ++  ;
}
}
?>
</ul>
</div>
<div style="clear: both;"></div>
</div>
</div>
<div id="footer"></div>

Hi everyone,

I was discussing this topic with one of my friends and both of us can't give a real answer to this.

Example:

class test {
    function a(){
      $obj = new DB_TableObject();
      
      //blabla bla
      
      $this->b($obj);
   }

   function b($object){
      $object->getResults();
   }
}



class test {
   function a(){
      $obj = new DB_TableObject();

      //blabla bla

      $this->b($obj);
   }

   function b(){
      $obj = new DB_TableObject();
      $object->getResults();
   }
}


Which one is better? The first or the second solution?

Im going to use a large array of arrays, each of one having a lot of values and some sub arrays. My question is...  is faster to use arrays or is better to have a object to acces using methods and all? i suppose objects are slower...

Also i was planing in use arrays with string keys in nearly all places, normally these are slower, but in php hashes and arrays are the same tipe  so i dont know...

this is pretty decent right?

Code: [Select]
mySQL_array SPEED TEST - [ 30,000 Numbers ] - SERIALIZED with BASE64 ENCODING AND GZ COMPRESSION

          52.8KiB WRITE ARRAY in: 0.15 seconds.
          52.8KiB READ ARRAY in: 0.03 seconds.
          52.8KiB ROUND TRIP in: 0.18 seconds. (approx: 3.41 milliseconds per KiB)

--- running on FIREFOX + EASY PHP 5.3.8.0 - ON ASUS G51VX -  2GHz dual core (x64) - 4GB RAM ---

When pulling exif data from an image I have pretty much everythiung nailed down except for the Shutter Speed value. When pulled from the image this is returned as:-

'Shutter' => string '0.0015625'

Now I know that the actual shutter speed at the time of shooting was 1/640 sec; does anyone have any ideas about how one would convert... 'Shutter' => string '0.0015625' to 1/640 sec... I have been scratching my head over this problem for a few days now and am stiull no wiser     

Is there any php function I can test how fast my server is performing, like how fast its carrying out a certain action so I can see its resource usage.

Iv'e been looking in to methods of scraping data from pages and has found several examples of using multi-curl to achieve this. But i am not used to curl and is not completely sure how it works and i need to find the fastest reliable (i do need all, or close to all, pages every run) method of getting the content of a number of pages (about 160).

Here is an example i got from searching the web which i managed to implement:
<?php 
/** 
 * 
 *@param $picsArr Array [0]=> [url], 
 *@$picsArr Array will filled with the image data &#65292; you can use the data as you want or just save it in the next step. 
 **/ 

function getAllPics(&$picsArr){ 

        if(count($picsArr)<=0) return false; 

        $hArr = array();//handle array 

        foreach($picsArr as $k=>$pic){ 

                $h = curl_init(); 
                curl_setopt($h,CURLOPT_URL,$pic['url']); 
                curl_setopt($h,CURLOPT_HEADER,0); 
                curl_setopt($h,CURLOPT_RETURNTRANSFER,1);//return the image value 

                array_push($hArr,$h); 
        } 

        $mh = curl_multi_init(); 
        foreach($hArr as $k => $h)      curl_multi_add_handle($mh,$h); 

        $running = null; 
        do{ 
                curl_multi_exec($mh,$running); 
        }while($running > 0); 

        // get the result and save it in the result ARRAY 
        foreach($hArr as $k => $h){ 
                $picsArr[$k]['data'] = curl_multi_getcontent($h); 
        } 

        //close all the connections 
        foreach($hArr as $k => $h){ 
                $info = curl_getinfo($h); 
                preg_match("/^image\/(.*)$/",$info['content_type'],$matches); 
                echo $tail = $matches[1]; 
                curl_multi_remove_handle($mh,$h); 
        } 
        curl_multi_close($mh); 

        return true; 
} 
?> 


Since time is critical in my script i would ask if you think this is a good implementation or if you can point me in the direction of one that will save me noticeable run-time.

I am currently using PHP 5.3.2 on IIS 7 and I am wondering how can I write a download script with resume and speed limit. After looking for a while, I found this script that works on speed limit:
Code: [Select]
<?php
$local_file = 'file.zip';
$download_file = 'name.zip';

// set the download rate limit (=> 20,5 kb/s)
$download_rate = 20.5;
if(file_exists($local_file) && is_file($local_file))
{
    header('Cache-control: private');
    header('Content-Type: application/octet-stream');
    header('Content-Length: '.filesize($local_file));
    header('Content-Disposition: filename='.$download_file);

    flush();
    $file = fopen($local_file, "r");
    while(!feof($file))
    {
        // send the current file part to the browser
        print fread($file, round($download_rate * 1024));
        // flush the content to the browser
        flush();
        // sleep one second
        sleep(1);
    }
    fclose($file);}
else {
    die('Error: The file '.$local_file.' does not exist!');
}

?>
Though there is a big problem that the download file comes without extension. For example if the original file is file.ext then the client will receive it as file without any extension. I just want to use octet-stream since I have no interest in streaming or other things, but I really want the client to have the extension also.

So could you please tell me what is wrong with the above script, and please show me a way to do resume download. Thank you very much for your help.

Complete beginner here so just really looking for pointers on where to start.

Been doing a bit of bug fixing on one of our sites because the past 3 programmers we've hired have disappeared on us. The big issue I'm looking to solve is the load time of a search. Our website (Love-Rugs) is taking about 6 or 7 seconds to perform a blank search (basically a quick browse) whereas out other site (Little-Persia) takes about a second. It wouldn't be so bad if it was just the initial search but going from one page (only 10 products listed per page) to the next takes the same amount of time.

There seems to be an awful lot of queries (around 130-150) on the searches - however - when using some of the search options e.g. type and fabric to refine the search the queries actually stay high but the time to process the results is reduced significantly. I don't really understand why if the queries are still high the search time is much lower unless it's to do with the number of results returned. However this does not explain why Little-Persia (which has far more products on it) takes less time as there would obviously be more results.

I realize that without code this isn't easy to answer so I'm just looking to see if someone can point me in the right direction to look at just now.