|
PHP - What Does This Mean And How They Work, What About Security After Applying Them On The Page
ini_set('session.cache_limiter','public');
session_cache_limiter(false);
they give warning
Similar TutorialsHello I am having problems setting some security to a prize page on my website. What I need, is to make sure that a user cannot just refresh and get the price again. The price page is loaded in a frame so redirection is no good, and that doesn't stop the user from just hitting the "back" button and then refresh. Anyone have an idea how to do this the simple way? I have gold data being reported here goldprices.org.uk (scroll down near the bottom). Recently it broke for no apparent reason. I checked the scraper and everything seems to be OK. The issue is that the gold price in (troy) ounces is being scraped fine - however to work out the price in grams you must multiply by 0.0321 (grams in a troy ounce). The code looks like this: Code: [Select] $ounce_price = null; $grams_price = null; if(count($nodes) == 1 && $nodes[0][1]) { $ounce_price = $nodes[0][1]; $grams_price = $ounce_price * 0.0321; However $ounce_price * 0.0321 breaks the code and returns '0.0321'. I then tried the code: Code: [Select] $ounce_price = null; $grams_price = null; if(count($nodes) == 1 && $nodes[0][1]) { $ounce_price = $nodes[0][1]; $grams_price = $ounce_price + 1; And the code returned the value '2'. So it appears that when $ounce_price is being multiplied/subtracted etc it reverts to a value of '1'. However if I do $grams_price = $ounce_price the value is the correct ounce price. I'm so confused as to why when adding an equation to $ounce_price the value reverts to '1' as opposed to equalling the correct number. Any help here would be HUGELY appreciated - I've been stuck for several days and only just decided to ask online :s Nick Hi, I have a form that I am trying to get working. The page is named "reserv_test.php". Not sure if I am trying to do to much, but can anyone tell me if this will work? If so, what do I need to do to make it work? Here is the code... Code: [Select] <html> <head> <title>Booking Form</title> <script type="text/javascript"> function showMonth(str) { if (str=="") { document.getElementById("txtHint").innerHTML=""; return; } if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById("txtHint").innerHTML=xmlhttp.responseText; } } xmlhttp.open("GET","reserv_test.php?q="+str,true); xmlhttp.send(); } </script> </head> <body> <div> <p align="left"><font face="arial" size="4"><u>Booking Form</u></font></p> <form method="post" action="resersend.php"> <p><font face="arial" size="2" color="#336600">Reservation month:</font> <select name="months" onChange="showMonth(this.value)"> <option value="" selected="selected">Choose One</option> <option value="May 2011">May 2011</option> <option value="June 2011">June 2011</option> <option value="July 2011">July 2011</option> <option value="August 2011">August 2011</option> <option value="September 2011">September 2011</option> <option value="October 2011">October 2011</option> <option value="November 2011">November 2011</option> <option value="December 2011">December 2011</option> <option value="January 2012">January 2012</option> <option value="February 2012">February 2012</option> <option value="March 2012">March 2012</option> <option value="April 2012">April 2012</option> </select> </form></p><br /> <?php $q=$_GET["q"]; $con = mysql_connect('my_host', 'my_user', 'my_pwd'); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $sql="SELECT * FROM daterange WHERE DEND > DATE(NOW()) AND STATUS='A' AND MONTH = '".$q."' ORDER BY RID, DATE, SITE"; $result = mysql_query($sql); // Determine the number of reservation dates $number = mysql_numrows($result); // Create drop-down menu of reservation dates print "<font size=\"3\" face=\"Arial\"><b>Select Your Reservation:</b><br> <form action=\"resersend.php\" method=\"post\"> <select name=\"RID\"> <option value=\"\">Choose One</option>"; for ($i=0; $i<$number; $i++) { $RID = mysql_result($result,$i,"RID"); $DATE = mysql_result($result,$i,"DATE"); $SITE = mysql_result($result,$i, "SITE"); $PRICE = mysql_result($result,$i, "PRICE"); print "<option value=\"$RID\">$DATE, $SITE, $PRICE</option>"; } print "</select><p align=left><label><font size=\"3\" face=\"Arial\">First Name: <input type=\"text\" name=\"FNAME\" size=\"50\" maxlength=\"50\" tabindex=\"1\"<br>"; print "<p align=left><label>Last Name: <input type=\"text\" name=\"LNAME\" size=\"50\" maxlength=\"50\" tabindex=\"2\"<br>"; print "<p align=left><label>Address Line 1: <input type=\"text\" name=\"ADDR1\" size=\"50\" maxlength=\"50\" tabindex=\"3\"<br>"; print "<p align=left><label>Address Line 2: <input type=\"text\" name=\"ADDR2\" size=\"50\" maxlength=\"50\" tabindex=\"4\"<br>"; print "<p align=left><label>City: <input type=\"text\" name=\"CITY\" size=\"50\" maxlength=\"50\" tabindex=\"5\"<br>"; print "<p align=left><label>State (abbrev.): <input type=\"text\" name=\"STATE\" size=\"2\" maxlength=\"2\" tabindex=\"6\"<br>"; print "<p align=left><label>Zip Code: <input type=\"text\" name=\"ZIP\" size=\"5\" maxlength=\"5\" tabindex=\"7\"<br>"; print "<p align=left><label>Contact Phone Number: (<input type=\"text\" name=\"PHONE1\" size=\"3\" maxlength=\"3\" tabindex=\"8\""; print "<label>)<input type=\"text\" name=\"PHONE2\" size=\"3\" maxlength=\"3\" tabindex=\"9\""; print "<label>-<input type=\"text\" name=\"PHONE3\" size=\"4\" maxlength=\"4\" tabindex=\"10\"<br>"; print "<p align=left><label>Email: <input type=\"text\" name=\"EMAIL\" size=\"50\" maxlength=\"50\" tabindex=\"11\"<br>"; Any help would be appreciated. Thanks. Hi, I'm writing my own code for my website but have come across something I can't fathom and don't know what search terms I'd need to describe what I want, to allow me to Google it. I've got some code that retrieves the image names of pictures inside a directory, that then prints them on the screen as links. Then people can click whichever link to see that pic, and I can just upload new images to the images folder without needing to add the links to the code manually. All is working, but I want to use a table for neatness and put a certain number of the image links in each row. So, say I have 20 images in the folder, but want to display only 5 image links per row in the table, I need 4 rows to be created with 5 links in each one. I know I can use count() to count the number of images found in the folder, but I don't know how to use PHP to make a new row every 5 image links and put the 5 links in the row. This is my code so far: Code: [Select] <?php $dir = '/home/vol7/myhost.com/b12345678/htdocs/images/'; $files = scandir($dir); foreach ($files as $pic) { if (is_dir($dir.$pic)) { unset($pic);} else { echo "$pic"; }} ?> So, if I got it doing what I want, it'd end up outputting something like this if I had 7 image links: Code: [Select] <table> <tr> <td><a href=etc">image 1</a> - <a href=etc">image 2</a> - <a href=etc">image 3</a> - <a href=etc">image 4</a> - <a href=etc">image 5</a></td> </tr> <tr> <td><a href=etc">image 6</a> - <a href=etc">image 7</a></td> </tr> </table> Any help appreciated, even a link to a webpage explaining something similar that gives me enough information to alter it and make it work for what I want. Thanks. We are trying to get progress bar to place active class on the current page it one based on variable being set on page called "page", also the page is written into the <body class="page"> tag, once it is loading the page.
It is not working as we need can anyone, help us with script below to set progress bar to do prev and next?????
So variable is:
var page = "refundstep1";Body Class tage looks like: <body class="refunStep 1 main-layout">Progress bar is: <div class="tabContent progress-bar hidden-phone"> <div class="step active"> <h2>Step 1: Enter your Pin</h2> </div> <div class="step inactive"> <h2>Step 2: Tell us your address</h2> </div> <div class="step inactive"> <h2>Step 3: Confirm Your Details</h2> </div> </div>Code to actual set the other list next as class="inactive", list passed or compelted as class="active done", Current page as class="active" var progressClass = $('.progress-bar div.step');
$(progressClass).addClass(function(index, activeClass) {
var activeClass = 'done';
var activePage = 'active';
alert(page);
var currentPage = page;
var pageClass = $('body').hasClass(page);
console.log(pageClass);
if(pageClass === true) {
progressClass.addClass(activePage);
progressClass.prevAll().addClass(activeClass);
//To select all next elements of `.progressClass` element:
progressClass.nextAll().addClass(nopageClass);
}
return nopageClass;
});
Hi everyone,
I have just created this affiliate sub-page where I compare webhosting providers in Denmark.
Page: Sammenligning af webhoteller
All links for all hosting providers are affiliate links.
Do you think this is a good approach and is the text ok? (use google translate)
In other words, do you think people will click and possibly ean me a comission?
Thanks for the feedback!
Edited by Stiver112, 21 July 2014 - 03:30 PM. Hi, I'm just wondering if there's any way to use the Limit to limit a search to the first instance of multiple items in one column? Eg, in a table called news I might have: subject content general general news1 general generalnews2 faq faq1 faq faq2 general generalnew3 When I do Code: [Select] SELECT * FROM news ORDER BY content DESC LIMIT 0,1(same if I substitute the word subject for content in the line above) ...I get just the first item. Ie: subject content general generalnews1 How would I go about getting the first instance of each subject and its contents to appear? Ie: subject content general generalnews1 faq faq1 Thanks, Dave Hey guys,
Wordpress has the ability to recognize a custom page and make it available to select it and use when you are logged in in the pages section of the admin ui. To make it work you add this:
<?php /* * Template Name: My Custom Page * Description: A Page Template with a darker design. */ // Code to display Page goes here...My question is how does wordpress scan and find these files and then show them in a drop down menu on the pages tab of the admin? Is it done with regular expressions? Many thanks for any help! I have a black and white image dividing a city into zip codes. So a bunch of shapes and that's it.
I load it (imagecreatefrompng) and I'm filling the zipcodes with color based on coordinates of a spot in the zipcode and a color relevant to information about it.
If I use imagefill (or imagefilltoborder) to fill a zip code it works great.
But - I also need to apply text and lines to that image on top of those filled shapes.
My problem is it's always doing the fill last no matter what order I put it in the code - so anywhere a line crosses a zipcode it only gets half filled in.
For example I attached an image - if i turn off the lines the white box is filled in with a shade of red. Not a great example since I think the line is right on top of the coordinate of the fill but it does it all over the image.
What am I missing? Is there not a way to choose the order your draw to the image object? Is there a way to apply a change before doign the next one short of writing and reloading the file? I am developed a custom PHP page with filters, addto cart module, music playlist everything. How can i implement it into WordPress? I am a newbie, any help thanks. My custom PHP work directory structure : location : public_html/my_work website URL : website.com/my_work Everything working good, but my wordpress heaer and footer missing, thats what i am asking to how to implement my custom development multiple PHP page work into Wordpress. I have been working on a website for some time now. My work is now 95% finished and now I am starting to look at security, as I am using PHP. My webpage uses HTML FORMS. When most of these forms get send back to the server, 50% of the time PHP is inserting the value of the FORM inputs into MySQL. To give a basic run down, I have a newsletter sign up system. "Enter your e-mail address"... and then the user enters their e-mail and submits.. PHP runs a MySQL query to insert that FORM value into the database along the lines of this: Quote insert into newsletters (email) values ('.$POST['email'].') I fear this is very vulnerable to injection attack as it means a trouble maker can come along and enter anything they want into my database, potentially wiping it out. I believe I need to "sanitize" my input with a MySQL "real_escape_string" or something? Is there anything real obvious I should look out for when it comes to PHP security? Is there a way to forbid all strings/arguments except the few I need or something perhaps? Hi, I am looking to create a directory that can not be accessed using .htaccess and neither can files directly. But I want to make it so when you are signed into joomla you can access the files via a mp3 player on the sight. My mp3 extention is joomline player flplayer. And I heard that if I cange the name of the file in joomla fomr lovelove.com/audio/love/abc.mp3 to lovelove.com/audio/love/abc.php?name=abc and then that abc.php script (inside the script it checks if you are logged in) will retrieve the file name, and the joomline will play it it will work. is this possible? Also, if not what can I do for this to work? Right now my script is not working as the joomline looks up all the mp3 files as one big string. this is the abc.php which on my site its calld psp.php
<?php
define( '_JEXEC', 1 );
define( 'JPATH_BASE', realpath(dirname(__FILE__).'/../../' ));
require_once ( JPATH_BASE .'/includes/defines.php' );
require_once ( JPATH_BASE .'/includes/framework.php' );
$mainframe =& JFactory::getApplication('site');
if( !empty( $_GET['name'] ) )
{
// check if user is logged
if(JFactory::getUser()->guest) {
die( "ERROR: invalid song or you don't have permissions to download it." );
}
else {
$psp = preg_replace( '#[^-\w]#', '', $_GET['name'] );
$psp_file = "{$_SERVER['DOCUMENT_ROOT']}/audio/live/{$psp}.mp3";
if( file_exists( $psp_file ) )
{
header( 'Cache-Control: public' );
header( 'Content-Description: File Transfer' );
header( "Content-Disposition: attachment; filename={$psp_file}" );
header( 'Content-Type: application/mp3' );
header( 'Content-Transfer-Encoding: binary' );
readfile( $psp_file );
exit;
}
}
}
?>
then I have joomline player jlplayer
<?php
/**
* JoomLine mp3 player - Joomla mp3 player
*
* @version 1.5
* @package JoomLine mp3 player
* @author Anton Voynov (anton@joomline.ru), Sergii Gaievskiy (shturman.kh@gmail.com)
* @copyright (C) 2010 by Anton Voynov(http://www.joomline.ru)
* @license GNU/GPL: http://www.gnu.org/copyleft/gpl.html
*
* If you fork this to create your own project,
* please make a reference to JoomLine someplace in your code
* and provide a link to http://www.joomline.ru
**/
defined('_JEXEC') or die('Restricted access');
function ascii2hex($ascii, $reverse = false) {
$hex = array();
for ($i = 0; $i < strlen($ascii); $i++) {
$byte = strtoupper(dechex(ord($ascii{$i})));
$byte = str_repeat('0', 2 - strlen($byte)).$byte;
$hex[] = $byte;
}
if ($reverse) $hex = array_reverse($hex);
return implode(" ",$hex);
}
function read_frame (&$f, &$tagdata, $frame) {
$pos = strpos($tagdata,$frame);
if ( $pos !== FALSE) {
// frame found. read length of this frame
fseek($f, 10+$pos+4);
$frame2len = hexdec(ascii2hex(fread($f,4)));
if (($frame2len-1) > 0) {
// read frame data
fseek($f, 10+$pos+4+2+4+1);
$data = trim(fread($f,$frame2len-1));
$hexfdata = ascii2hex($data);
if ( substr($hexfdata,0,5) == 'FF FE' or substr($hexfdata,0,5) == 'FE FF' ) {
$data = iconv("UCS-2","UTF-8",$data);
} else {
if (!preg_match('//u', $data)) {
$data = iconv("cp1251", "UTF-8",$data);
}
}
return $data;
} else {
return false;
}
} else {
return false;
}
}
function readmp3tag($file) {
$f = fopen($file, 'rb');
rewind($f);
fseek($f, -128, SEEK_END);
$tmp = fread($f,128);
if ($tmp[125] == Chr(0) and $tmp[126] != Chr(0)) {
// ID3 v1.1
$format = 'a3TAG/a30NAME/a30ARTISTS/a30ALBUM/a4YEAR/a28COMMENT/x1/C1TRACK/C1GENRENO';
} else {
// ID3 v1
$format = 'a3TAG/a30NAME/a30ARTISTS/a30ALBUM/a4YEAR/a30COMMENT/C1GENRENO';
}
$id3v1tag = unpack($format, $tmp);
// read tag length
fseek($f, 8);
$tmp = fread($f,2);
$tmp = ascii2hex($tmp);
$taglen= hexdec($tmp);
$tagdata = "";
if ($taglen > 0) {
//read tag data
fseek($f, 10);
$tagdata = fread($f,$taglen);
}
// find song title frame
$title = read_frame ($f, $tagdata, "TIT2");
if (!$title) {
if ($id3v1tag['TAG']== 'TAG' && ascii2hex(substr($id3v1tag['NAME'],0,1)) != '00' ) {
$title = $id3v1tag['NAME'];
} else {
$title = explode(DS,$file);
$title = $title[count($title)-1];
$title = explode('.',$title);
$title=$title[0];
}
if (!preg_match('//u', $title)) $title = iconv("cp1251", "UTF-8",$title);
}
$artist = read_frame ($f, $tagdata, "TPE1");
if (!$artist) {
if ($id3v1tag['TAG']== 'TAG' && ascii2hex(substr($id3v1tag['ARTISTS'],0,1)) != '00') {
$artist = $id3v1tag['ARTISTS'];
} else {
$artist = "";
}
}
if (!preg_match('//u', $artist)) $artist = iconv("cp1251", "UTF-8//TRANSLIT",$artist);
$id3tag['NAME'] = $title;
$id3tag['ARTIST'] = $artist;
return $id3tag;
}
if (DS == "/")
$dir = str_replace("\\",DS,$music_dir);
else
$dir = str_replace("/",DS,$music_dir);
$dir = JPATH_ROOT.DS.$dir;
if (!is_dir($dir)) {
echo "Wrong dir in settings";
} else {
$files = glob($dir.DS."*.{mp3,MP3}",GLOB_BRACE);
if (count($files) > 0) {
sort($files);
$host = $base_uri;
foreach ($files as $file) {
$tags = readmp3tag($file);
$file = explode (DS, $file);
if ($server_utf8 == 1) {
$fname = rawurlencode($file[count($file)-1]);
} else {
$fname = rawurlencode($file[count($file)-1]);
}
$fname = substr($fname, 0, -4);
$file = $host."/".$music_dir."/psp.php?name=".$fname;
echo $file;
$artist = trim($tags['ARTIST']);
$artist = $artist == "" ? "" : "{$tags['ARTIST']} - ";
$playlist[] = '{name:"'.$artist.$tags['NAME'].'",mp3:"'.$file.'"}';
}
}
/*
*
//if(!window.jQuery) {
document.write(unescape('<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jq.js">%3C/script%3E'));
document.write(unescape('<script type="text/javascript">jQuery.noConflict();%3C/script%3E'));
//}
*
*/
?>
<script type="text/javascript">
var myPlayList = [
<?php
echo implode(",\n ",$playlist)."\n";
?>
];
Array.prototype.find=function(v){
for (i=0;i<this.length;i++){
if (this[i]==v) return i;
}
return 0;
}
var plIndex = [];
for (i=0;i<myPlayList.length;i++) {
plIndex[i] = i;
}
<?php if ($shfl == 1) : ?>
//shuffle
function randOrd(){
return (Math.round(Math.random())-0.5);
}
plIndex.sort(randOrd);
<?php endif; ?>
function setCookie (name, value) {
document.cookie = name + "=" + escape(value) + "; expires=Thu, 01-Jan-2055 00:00:01 GMT; path=/";
}
function getCookie(name) {
var cookie = " " + document.cookie;
var search = " " + name + "=";
var setStr = null;
var offset = 0;
var end = 0;
if (cookie.length > 0) {
offset = cookie.indexOf(search);
if (offset != -1) {
offset += search.length;
end = cookie.indexOf(";", offset)
if (end == -1) {
end = cookie.length;
}
setStr = unescape(cookie.substring(offset, end));
}
}
return(setStr);
}
function changeShflStatus(el) {
nowPlay = plIndex[playItem];
if (el.checked) {
setCookie("jlp_shfl","shuffle");
plIndex.sort(randOrd);
} else {
setCookie("jlp_shfl","notshuffle");
plIndex.sort();
}
playItem = plIndex.find(nowPlay);
}
</script>
<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jq.js"></script>
<script type="text/javascript">jQuery.noConflict();</script>
<link href="<?=$base_uri?>/modules/mod_jlplayer/skin/skin.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jquery.jplayer.min.js"></script>
<script type="text/javascript">
var playItem = 0;
jQuery(function(){
var jpPlayTime = jQuery("#jplayer_play_time");
var jpTotalTime = jQuery("#jplayer_total_time");
var jlp_shfl = getCookie("jlp_shfl");
if (jlp_shfl == "shuffle") {
document.getElementById('jlp_shfl').checked = true;
} else if (jlp_shfl == "notshuffle") {
document.getElementById('jlp_shfl').checked = false;
}
jsuri = baseuri+"/modules/mod_jlplayer/js/";
jQuery("#jquery_jplayer").jPlayer({
ready: function() {
displayPlayList();
playListInit(enable_autoplay); // Parameter is a boolean for autoplay.
},
errorAlerts:true,
warningAlerts:true,
swfPath: jsuri
})
.jPlayer("onProgressChange", function(loadPercent, playedPercentRelative, playedPercentAbsolute, playedTime, totalTime) {
jpPlayTime.text(jQuery.jPlayer.convertTime(playedTime));
jpTotalTime.text(jQuery.jPlayer.convertTime(totalTime));
})
.jPlayer("onSoundComplete", function() {
playListNext();
});
jQuery("#jplayer_previous").click( function() {
playListPrev();
return false;
});
jQuery("#jplayer_next").click( function() {
playListNext();
return false;
});
});
function displayPlayList() {
for (i=0; i < myPlayList.length; i++) {
jQuery("#jplayer_playlist").append("<div id='jplayer_playlist_item_"+i+"'>"+ myPlayList[i].name +"</div>");
jQuery("#jplayer_playlist_item_"+i).data( "index", i ).click( function() {
var index = jQuery(this).data("index");
if (plIndex[playItem] != index) {
_index = plIndex.find(index);
playListChange( _index, index );
} else {
jQuery("#jquery_jplayer").jPlayer("play");
}
});
}
}
function playListInit(autoplay) {
if(autoplay) {
playListChange(0, plIndex[0] );
} else {
playListConfig(0, plIndex[0] );
}
}
function playListConfig(_index, index ) {
jQuery("#jplayer_playlist_item_"+plIndex[playItem]).removeClass("jplayer_playlist_current");
jQuery("#jplayer_playlist_item_"+index).addClass("jplayer_playlist_current");
playItem = _index;
jQuery("#jquery_jplayer").jPlayer("setFile", myPlayList[plIndex[playItem]].mp3);
}
function playListChange(_index, index ) {
playListConfig(_index, index );
jQuery("#jquery_jplayer").jPlayer("play");
}
function playListNext() {
var _index = (playItem+1 < myPlayList.length) ? playItem+1 : 0;
var index = plIndex[_index];
playListChange(_index, index );
}
function playListPrev() {
var _index = (playItem-1 >= 0) ? playItem-1 : myPlayList.length-1;
var index = plIndex[_index];
playListChange(_index, index );
}
</script>
<?php include_once(JPATH_ROOT.DS.'modules/mod_jlplayer/skin/tpl.php'); ?>
<?php
}
I was messing around in there with $file
if ($server_utf8 == 1) {
$fname = rawurlencode($file[count($file)-1]);
} else {
$fname = rawurlencode($file[count($file)-1]);
}
$fname = substr($fname, 0, -4);
$file = $host."/".$music_dir."/psp.php?name=".$fname;
echo $file;
I am unsure how to retreive a file title only, with out the whole path, just the name and not even the file ext.It comes up with all the files names in the echo. Also I am not sure how joomline chooses just one file. I am not a php designer and I am quite confused lol Any help would be appreciated! Thank you. I have just made a couple of forms that submit data to a mysql database. I was wondering what measures I need to make to in order to keep the whole thing very secure. At the moment I have stripped the inputs of tags and forward slashes. Is there anything else I should do? Also some field in the form allow the user to enter a url. With these fields I have not stripped them of forward slashes. Is this a bad idea? Should I do something like replace the forward slashes with something else and then reverse this process every time I extract that data from the database? I'm building an e-commerce website using php and mysql and I'm a bit worried about security issues. The website is going to be handling personal information so I want to make sure that it's secure and that no-one can get hold of it. I don't really have any idea about and security issues or problems that I could run into and perhaps you could point me in the direction or some tutorials that would be really great. Also if anyone here has been in the same situation what did you do to make your site as secure as possible? Thanks for any help. Hi there, I'm in serious need to find a way to block people from a website I code for. The thing is, we have a jailing system, nice and simple, and IP/email ban system too. But with proxies, advertisers and repeated troublemakers keep coming back because we just get the new proxy IP each time and it's a losing battle. What I need is a way to ban them properly from the site, like somehow stopping the computer they use from accesing the site. someone once said you can use a cookie to stop a browser getting on the site, but I don't know how to set it up to give the cookies out upon login and find the one associated to an account we don't want (by "cookie" banning I guess?") and stop them from logging in. Hey, so basically this is what im trying to do: I'm writing an mp3 store, and want the user to be able to play the whole track before purchase. Currently all the music files are in a protected folder with permissions set so access isnt possible. The mp3 player calls play.php?fid=encryptedfileid rather than the direct music link. This is all working perfectly. The bit i am now stuck on is stopping the users going to play.php?fid=encryptedfileid directly and downloading the mp3 directly. How do I make it so the server can execute the play.php file, but the user cannot? I attempted to set a cookie in play.php and deny access if cookie was present, however the server also set the cookie, so this didnt work. See play.php code (in this example, fid is just the filename, but it will be more encrypted, calling to a special md5 hash, albumid and artistid). <?PHP // Define the path to file $filename=$_GET[fid]; $file = "music/$filename.mp3"; if(!$file) { // File doesn't exist, output error die('file not occupied'); } elseif(!file_exists($file)) { die('Error: File not found.'); } else { // Set headers header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=$file"); header("Content-Type: application/octet-stream"); header("Content-Transfer-Encoding: binary"); // Read the file from disk readfile($file); } ?> So to clarify, I need the server to access and execute this script with the mp3 player (simple javascript player) and the server not be able to visit play.php?fid=xxx directly to download. Thanks Hi everyone I'm kinda new to PHP and have a couple of questions; 1: How secure is PHP, is it very hackable? Are there things you recommend to make it more secure? 2: I am building a little employee system for staff at a friends company and they can view personal information when they login, as well as ordering stuff with online payment through WorldPay. What is therefore the best and most secure way of handling passwords, logins, data, insert statements etc. I basically want to make it as secure as possible and hopefully learn some new skills Any tips or help would be great Thanks hi php freaks I am using pdo as the driver for my new app the issue is I can't seem to find a clear answer. I want to sanise the vars that are coming into the database but pdo is suppose to fix all the issues. Is this true what other things do I need to watch for when using pdo they must have some flaws. Thanks |
|||||||