[QUOTE=hdalv;21972017]Why isn't it working?
Additionally:
[url]http://bellminator.com/viewpost.php?post=5%20OR%20%3C/title%3E%3C/head%3E%3Ch1%20style=color:white%3EESCAPING%20FAIL%3C/h1%3E%3Cplaintext%3E[/url]
:saddowns:
Oh and
[url]http://bellminator.com/viewpost.php?post=5%20OR%201[/url]
Also you don't have to specify the path and domain unless you want something special done with it, it fills it out automatically.[/QUOTE]
The problem is if I try to move my login.php function to a subdirectory and have it set cookies in that subdirectory, all the directories outside of the subdirectory (how many times have I said directory?) don't register the cookies I set.
Also as you can tell my blog isn't the best on "security features". I havn't really messed with the base code for a while, I've mostly been working on PBA :frown:
Set up a filter, all the URLs you've given me that have fucked with the page don't work anymore. Also set up a system where you can only post a comment every hour. Pretty easy to bypass though.
I'll probably set up a CAPTCHA for the comment system later.
[QUOTE=nick10510;21977151]Set up a filter, all the URLs you've given me that have fucked with the page don't work anymore.[/quote]
[img]http://ahb.me/1Kq[/img]
User-friendly to the max.
[quote]Also set up a system where you can only post a comment every hour. Pretty easy to bypass though.[/quote]
That's pretty restrictive don't you think?
[quote]I'll probably set up a CAPTCHA for the comment system later.[/QUOTE]
Have fun.
Setting up reCAPTCHA is very very easy... Dunno why you said "Have fun" reall.y
[img]http://i40.tinypic.com/24e46c5.png[/img]
Anybody remembers this :v:, it's alive again.
[QUOTE=hdalv;21979224][img]http://ahb.me/1Kq[/img]
User-friendly to the max.
[/QUOTE]
[b]Place Holder[/b]
[QUOTE=ddrl46;21982317]Anybody remembers this :v:, it's alive again.[/QUOTE]
Is that your's because I cant choose a domain, there's no drop down list for the domain endings.
Well, I started working on a Steam API last night in PHP. I have authentication working at the moment, I just finished getting all of the user's information from their profile update page, and I'll add profile updating later. Off to work on my game engine in Java though. :3:
[url=http://www.costeira.com/victi/edit.php]Please test my poor coding for sql injection by logging in with [b]facepunch[/b]/[b]demo[/b][/url].
I don't think anything bad will happen because I think I've escaped everything, though.
Do you protect against spam?
:raise:
[editline]09:27PM[/editline]
Also:
[url]http://www.costeira.com/victi/[/url]
[QUOTE=cas97;21994859][url=http://www.costeira.com/victi/edit.php]Please test my poor coding for sql injection by logging in with [b]facepunch[/b]/[b]demo[/b][/url].
I don't think anything bad will happen because I think I've escaped everything, though.[/QUOTE]
Whoops
[img]http://ahb.me/1MV[/img]
I love how it just ends abruptly.
[b]Edit:[/b]
Much better
[img]http://ahb.me/1MW[/img]
but I didn't filter HTML, because I only wanted to see if the login could be broken :saddowns:
Edit: PHPMYADMIN TIME!
Just wanted to say I hope I can learn something from you guys because I'm getting started in web development :smile:
Things to always remember:
[list]
[*]ALWAYS ESCAPE INPUT
[list]
[*]EXCEPT FOR PASSWORDS, JUST MD5 IT OR SOMETHING AND COMPARE
[/list]
[*]DO NOT STORE PASSWORDS IN PLAIN TEXT
[*]Edit: Don't edit posts to include things that other people have said
[/list]
else bad things will happen
Unless it's a password and the only thing you're going to do with it is take it, apply a hashing algorithm to it, and test if it's equal. v:v:v
[editline]09:55PM[/editline]
Hey cas97, don't edit your post and include things I post.
[QUOTE=nullsquared;21995336]Just wanted to say I hope I can learn something from you guys because I'm getting started in web development :smile:[/QUOTE]
You're an experienced coder so you won't run into trouble if you use common sense. Hope you end up liking it.
[highlight](User was permabanned for this post ("VladH" - cosmic duck))[/highlight]
[QUOTE=hdalv;21995541]You're an experienced coder so you won't run into trouble if you use common sense. Hope you end up liking it.[/QUOTE]
wait a sec
oh hey vlad
[QUOTE=cas97;21995383]Things to always remember:
[list]
[*]ALWAYS ESCAPE INPUT
[list]
[*]EXCEPT FOR PASSWORDS, JUST [b]MD5[/b] IT OR SOMETHING AND COMPARE
[/list]
[*]DO NOT STORE PASSWORDS IN PLAIN TEXT
[*]Edit: Don't edit posts to include things that other people have said
[/list]
else bad things will happen[/QUOTE]
MD5 has collisions. Sha1 is possibly cracked, use sha256/sha512 for the best security.
[QUOTE='-[ Fizzadar ]-;21995638']MD5 has collisions. Sha1 is possibly cracked, use sha256/sha512 for the best security.[/QUOTE]
Fuck that, I use blowfish. :mmmsmug:
I don't have any content now because I just decided to possibly try this out; but forum software called Carajillo (Spanish slang for 'Nothing'; it's espresso with a dash of brandy pretty much according to Wikipedia :P). It's hopefully going to be completely Ajax powered and reaaaally lightweight (hint: barely nothing.). I can't start until I get a new MacBook charger though D;
Just redid the whole layout/look of my website with some help from Vladh.
[url]http://tf.reager.org/sprays/[/url]
Warning: NSFW, its all user content from the FPTF2 server, I have no control over what people use as their sprays.
:neckbeard:
[QUOTE=ifaux;21997496]I don't have any content now because I just decided to possibly try this out; but forum software called Carajillo (Spanish slang for 'Nothing'; it's espresso with a dash of brandy pretty much according to Wikipedia :P). It's hopefully going to be completely Ajax powered and reaaaally lightweight (hint: barely nothing.). I can't start until I get a new MacBook charger though D;[/QUOTE]
Why would you ever need something to be completely AJAX. Talk about usability down the shitter.
[QUOTE=andersonmat;22000901]Why would you ever need something to be completely AJAX. Talk about usability down the shitter.[/QUOTE]
That's impossible too, you'll always need some kind of API for JS to talk to.
What is a good Javascript syntax higher for C++?
[QUOTE=hdalv;21995541]You're an experienced coder so you won't run into trouble if you use common sense. Hope you end up liking it.
[highlight](User was permabanned for this post ("VladH" - cosmic duck))[/highlight][/QUOTE]
Thanks :smile:
Now, do we have a "getting started" sticky in here just like "New to programming? Come here! (What language is easiest, where should I learn)" in the Programming forum? It seems not. I'm looking to get a background on what editors people use for writing HTML and CSS. I'm also looking for an explanation on where ASP.NET, PHP, and Javascript come into play.
(I'm assuming they're for the logic of the website. So do you only use one of them, or do you need some sort of combination? Which one(s) do you guys recommend?)
Most people use Notepad++ for whatever they're coding (HTML, CSS, ASP.NET, PHP, Javascript, etc.)
:)
HTML is always nessesary, and so is CSS (somewhat, unless you want a style free website)
Best code practises are to not use inline styles so none of this
<div style="width: 100px;">blah</div>
but rather this
[code]
<head>
..
<style type="text/css">
#blahtxt {
width: 100px;
}
</style>
..
</head>
<body>
<div id="blahtxt">blah</div>
</body>
[/code]
What language to go for (PHP/ASP.NET) is a lot of personal opinion. If you ask turb_ he'd say ASP.NET any time due to its speed, however most people prefer PHP due to its easiness and "out of the box" functionality.
PHP is all about ifs and whiles and what not. It's a very simple language, but it does require a bit of logical thinking (unlike HTML, but that's not a programming language...).
Okay so it is as I thought - HTML and CSS are for the actual interface of the website, and then one of ASP.NET/PHP are for the website logic. I'll look into those two, thanks :smile:
Sorry, you need to Log In to post a reply to this thread.
