Php

This is a discussion on Php within the Tech Board forums, part of the Community Boards category; You could always just send them to a login error page. Otherwise, the only ways to transfer information between different ...

  1. #16
    Cat Lover
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    109
    You could always just send them to a login error page.

    Otherwise, the only ways to transfer information between different php pages that I know of are POST, GET, cookies, and write it to a db/file.

    You don't want cookies, writing it to a file/db is not needed, so looks like either post or get.

  2. #17
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    the only problem with using post or get is that all pages in your site will have to keep forwarding the variables, otherwise if they go back a page they will no longer be logged in. So you have to use at least session cookies to determine whether a person is still logged in or not.
    PHP and XML
    Let's talk about SAX

  3. #18
    They Call me Mister Sako
    Join Date
    Jul 2004
    Posts
    169
    yeh i use cookies to keep track if their logged in or out. but im trying to avoid cookies becasue not everyone has them enabled and you can just edit your cookie file to do stuff that maybe your not supposed to etc.

    i decided to use the assiging variables at the end of the address way for the error reporting. my only slight concern is some browsers might trip up wth stuff like ! : and , being in the address
    AIM: MisterSako | MSN: sakotheinsane@hotmail.com | E-mail: klinerr1@nc.rr.com
    The goal of computer science is to be lazy

  4. #19
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    >>wth stuff like ! : and , being in the address

    so don't put them in the address bar...why would you need to use those characters?


    ::edit::
    Yes quite a few people disable or block cookies, but gmail and other sites for email make you use them. So if people need to log into your site then they need to use cookies, it's not uncommon.

    also, cookies can be very safe for this type of thing. You just need to store the info in a hash of some kind, something unreadable. That way they can't just change a 0 to a 1 and get access, know what I mean?
    Last edited by Waldo2k2; 02-21-2006 at 11:34 PM.
    PHP and XML
    Let's talk about SAX

  5. #20
    They Call me Mister Sako
    Join Date
    Jul 2004
    Posts
    169
    php has that md5(); function. which im kind of thinking is a good idea, but if someone wanted to get in theres probally some kind of md5 reading programs out there
    AIM: MisterSako | MSN: sakotheinsane@hotmail.com | E-mail: klinerr1@nc.rr.com
    The goal of computer science is to be lazy

  6. #21
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    21,781
    also, cookies can be very safe for this type of thing. You just need to store the info in a hash of some kind, something unreadable. That way they can't just change a 0 to a 1 and get access, know what I mean?
    It may be better to use sessions, or something that simulates sessions. With sessions, the attacker has to get the session key, which would often be a MD5 or SHA1 hash, and so would be difficult (aside from 'social engineering' and carelessness). Another (but potentially slow) way would be to store the user id and some hashed key that changes on each page load, and then validate the user on each page load.

    php has that md5(); function. which im kind of thinking is a good idea, but if someone wanted to get in theres probally some kind of md5 reading programs out there
    MD5 is a cryptographic hash algorithm, and while there are rainbow tables that allow people to 'reverse' the hashing for pre-computed values, no method other than brute force is known to get the original message given only the hash. Of course, I suggest using SHA1 with sha1() instead of MD5 anyway.
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  7. #22
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    php has that md5(); function. which im kind of thinking is a good idea, but if someone wanted to get in theres probally some kind of md5 reading programs out there
    Cain & Abel.

    As, laserlight said, there is no real way of "undoing" a hash other than brute force hashing a dictionary file until you get a match. Though, doing so is actually surprisingly fast, these days.

    *Note: SlyMaelstrom does not condone hacking.
    Sent from my iPadŽ

  8. #23
    They Call me Mister Sako
    Join Date
    Jul 2004
    Posts
    169
    Quote Originally Posted by SlyMaelstrom
    Cain & Abel.

    As, laserlight said, there is no real way of "undoing" a hash other than brute force hashing a dictionary file until you get a match. Though, doing so is actually surprisingly fast, these days.

    *Note: SlyMaelstrom does not condone hacking.
    yeh thats how i would do it. create a genourmous loop that puts in every character possibility in every order and check its md5 with the target md5
    AIM: MisterSako | MSN: sakotheinsane@hotmail.com | E-mail: klinerr1@nc.rr.com
    The goal of computer science is to be lazy

  9. #24
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    Why would you put every character in every possible order? That's not what a dictionary file is, at all. Dictionary files consist of real word, combinations of real words, predictable usage of dates and initials (ie. gb1964). Most of which is compiled from other successful attempts of cracking. If all the passwords were just completely random combinations, what would be the point of hashing them in the first place?
    Sent from my iPadŽ

  10. #25
    They Call me Mister Sako
    Join Date
    Jul 2004
    Posts
    169
    Quote Originally Posted by SlyMaelstrom
    Why would you put every character in every possible order? That's not what a dictionary file is, at all. Dictionary files consist of real word, combinations of real words, predictable usage of dates and initials (ie. gb1964). Most of which is compiled from other successful attempts of cracking. If all the passwords were just completely random combinations, what would be the point of hashing them in the first place?
    some people do make random passwords. my passwords never form words, it would be more fool proof. but none of that is important

    whats the command in php to check a string variable for a certain string of text within it.

    ie i have a this variable $dir which is a location to the directory your browsing (im making a online web site control panel thing like alot of free web hosts have) and i want to say like

    if in $dir theres the string "hosted/../" (spelled like that in that order) to change $dir to = "hosted"

    i searched the php website i cant find the command for this. im using the latest version of php (im trying to make it so the user cant browse into directories hes not supposed to be in)
    AIM: MisterSako | MSN: sakotheinsane@hotmail.com | E-mail: klinerr1@nc.rr.com
    The goal of computer science is to be lazy

  11. #26
    They Call me Mister Sako
    Join Date
    Jul 2004
    Posts
    169
    also is there a command to remove the last certain amount of characters from a string

    ie
    PHP Code:
    $oldstring="tenletters";

    $newstring=takeofflast($oldstring7);

    if(
    $newstring=="ten")
    {
    echo(
    "it worked");

    actualy does the double quotes make it an array of characters not a string?
    Last edited by MisterSako; 02-25-2006 at 02:44 PM.
    AIM: MisterSako | MSN: sakotheinsane@hotmail.com | E-mail: klinerr1@nc.rr.com
    The goal of computer science is to be lazy

  12. #27
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    What you have to understand is when people bruteforce, they aren't looking for *your* password, they're looking for *any* password.

    Here is your string function

    http://us2.php.net/manual/en/function.strpos.php

    ...and your other question

    PHP Code:
    $foo substr("Hello World!"0, -7);  // returns "Hello"
     
    $foo substr("Hello World!"0, -8);  // returns "Hell"
     
    $foo substr("Hello World!"0, -1);  // returns "Hello World" 
    Last edited by SlyMaelstrom; 02-25-2006 at 02:51 PM.
    Sent from my iPadŽ

  13. #28
    They Call me Mister Sako
    Join Date
    Jul 2004
    Posts
    169
    ok another command question

    i know stristr(); can find the first occurance of a character within a string. but how about the last occurance?

    ie i have $dir=hosted/blah/blah2

    i need it to seperate off blah2 by only looking at the string starting after the last /
    AIM: MisterSako | MSN: sakotheinsane@hotmail.com | E-mail: klinerr1@nc.rr.com
    The goal of computer science is to be lazy

  14. #29
    They Call me Mister Sako
    Join Date
    Jul 2004
    Posts
    169
    nevermind, i should of done this before. typicg in stuff like

    last occrance of string "php" in google usualy finds the command as the first result

    im being dumb
    AIM: MisterSako | MSN: sakotheinsane@hotmail.com | E-mail: klinerr1@nc.rr.com
    The goal of computer science is to be lazy

  15. #30
    pwns nooblars
    Join Date
    Oct 2005
    Location
    Portland, Or
    Posts
    1,094
    2 things that you will need if you want to make a secure login system, beyond what you have, and also to be a decent PHP programmer:

    Prepared statements, learn them, love them, thank your deity of choice for them, if you want to know why they are needed, look up SQL injection.

    PHP Documentation, download that, and you will solve 90% of your problems, PHP has horid error reporting, but that documentation makes up for it because everything is laid out and every PHP command is in there.

    Another thing for when you move to multiple files, consider making the seperate files classes, then you can just call them and use them at your discretion. Who ever said putting the form post to the same file makes for ugly stuff, it is really simple with well placed comments and using the format:
    Code:
    if($_POST['HAX']){
    // do stuff
    exit (0); //So that you don't go farther into the file
    }
    I picked up PHP programming because I was given the task of reworking the security and adding a bunch of features to the site. I had about 30 pages of PHP dumped on me and not one day in my life scripting with it. Luckly it is a lot like Perl (so simular it ........es me off sometimes when I try to use a function that is in one, and not the other) so it was a quick learning process.

    Wikipedia and Google will be your friends if you can't find the type of command or usage of a command you are looking for in the documentation.

Page 2 of 5 FirstFirst 12345 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. combining c php and mysql
    By Thoth in forum C Programming
    Replies: 2
    Last Post: 01-30-2009, 09:55 AM
  2. PHP installation
    By ssharish2005 in forum Tech Board
    Replies: 8
    Last Post: 11-23-2007, 08:42 PM
  3. PHP on my Computer!
    By xxxrugby in forum Tech Board
    Replies: 4
    Last Post: 03-15-2005, 08:34 AM
  4. C++ and PHP communication
    By Korhedron in forum Game Programming
    Replies: 4
    Last Post: 01-12-2004, 05:37 AM
  5. PHP 4.3.0 released
    By codingmaster in forum A Brief History of Cprogramming.com
    Replies: 5
    Last Post: 12-30-2002, 06:40 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21