Web Development Questions That Don't Need Their Own Thread v2
3,079 replies, posted
Ok, so, I've got 4 bitmasks here (1, 2, 4, 8). Let's say I have a value of 15. I want to load a file based on the bitmasks a person has, but I can't figure out how to do that. So basically I want to load 4 files with a value of 15..any help? :3
I'm trying to stop people from using VPS's on my site. Is it safe to say if the person's hostname is the same as their IP address (like this guy [url]http://whatismyipaddress.com/ip/108.76.233.145[/url]) that they are on a VPS? Should I just automatically block anyone whose IP is the same as their hostname?
[editline]14th August 2011[/editline]
Also are there any other ways to detect proxies/VPN's/VPS's using PHP?
[QUOTE=ken188;31722095]I'm trying to stop people from using VPS's on my site. Is it safe to say if the person's hostname is the same as their IP address (like this guy [url]http://whatismyipaddress.com/ip/108.76.233.145[/url]) that they are on a VPS? Should I just automatically block anyone whose IP is the same as their hostname?
[editline]14th August 2011[/editline]
Also are there any other ways to detect proxies/VPN's/VPS's using PHP?[/QUOTE]
Why would you want to do that? If you're wanting to stop scrapers, just block the HostAgent. There's no sure-fire way to do it really. What if someone's proxying?
[QUOTE=anton2;31716837]The OS has been reinstalled and the server should be running fine now, there should not be any other issues, but if there are, send a tweet to @anyhub and if I see it I'll try restarting nginx for you.[/QUOTE]
Thanks!
________________________________
How would I go and do this?
[code]
"SELECT * FROM image
LEFT JOIN image_data ON image.img_id = image_data.img_id
LEFT JOIN COUNT(user_view_image) AS views
WHERE image.img_id='$id' LIMIT 1"
[/code]
Obviously it throws me an error
[code]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'COUNT(user_view_image) AS views WHERE image.img_id='65' LIMIT 1' at line 3
[/code]
What I am trying to do is add the unique views to it (that is one per user) and join it. I am probably doing thousands of things wrong but my MySQL knowledge is still slim.
I realize I can do all this with 2 queries, which I will probably do if there is no elegant solution to it.
[editline]14th August 2011[/editline]
[QUOTE=ken188;31722095]I'm trying to stop people from using VPS's on my site. Is it safe to say if the person's hostname is the same as their IP address (like this guy [url]http://whatismyipaddress.com/ip/108.76.233.145[/url]) that they are on a VPS? Should I just automatically block anyone whose IP is the same as their hostname?
[editline]14th August 2011[/editline]
Also are there any other ways to detect proxies/VPN's/VPS's using PHP?[/QUOTE]
[img]http://puu.sh/4l3v[/img]
Is Grandpa not allowed on your server?
Where's your closing bracket for that left join?
[editline]Now[/editline]
I'm retarded, ignore this post.
[QUOTE=EJay;31723435]Where's your closing bracket for that left join?[/QUOTE]
closing bracket? And I just realized what I am doing, and it is completely wrong, mainly the fact that I try to count a whole table.
Hi,
How do I pass variables from one .php page to another? When a user signs up, it goes to signup.php and if there are errors, different variables are set explaining the errors and the user is redirected to the signup page where those variables are echoed, but that doesn't seem to be working for me.
Here is the relevant code on the signup page:
[php]
<?php include('signup.php'); ?>
<?php echo $error1; echo $error2; echo $error3; echo $error4; echo $error5; ?>
[/php]
and here is the relevant code on the signup.php file:
[php]
if(condition){
$error1 = "password is too short";
}
...
if(condition){
$error5 = "username taken";
}
if(!$error1 && !$error2 && !$error3 && !$error4 && !$error5){
enter into database
}
else{
header("Location: signup page");
}
[/php]
when data is entered wrong, it gets redirected to the signup page but the variables aren't echoed like they were supposed to be according to the signup.php file.
Any help?
Thanks
You're doing lots of stuff wrong, you should like add me on Steam for some help~
[QUOTE=TehWhale;31735161]You're doing lots of stuff wrong, you should like add me on Steam for some help~[/QUOTE]
I think I already have you, you helped me out on one of my old projects :v:
I'll try and contact you via steam then, but if it doesn't happen, what am I doing wrong?
thanks
[QUOTE=Alcapwne;31735136]Hi,
How do I pass variables from one .php page to another? When a user signs up, it goes to signup.php and if there are errors, different variables are set explaining the errors and the user is redirected to the signup page where those variables are echoed, but that doesn't seem to be working for me.
Here is the relevant code on the signup page:
[php]
<?php include('signup.php'); ?>
<?php echo $error1; echo $error2; echo $error3; echo $error4; echo $error5; ?>
[/php]
and here is the relevant code on the signup.php file:
[php]
if(condition){
$error1 = "password is too short";
}
...
if(condition){
$error5 = "username taken";
}
if(!$error1 && !$error2 && !$error3 && !$error4 && !$error5){
enter into database
}
else{
header("Location: signup page");
}
[/php]
when data is entered wrong, it gets redirected to the signup page but the variables aren't echoed like they were supposed to be according to the signup.php file.
Any help?
Thanks[/QUOTE]
I used session for this stuff because of way mine is made makes get impossible.
try using sessions.
[QUOTE=zzlawlzz;31735340]I used session for this stuff because of way mine is made makes get impossible.
try using sessions.[/QUOTE]
Yeah I'm gonna do that, that's what TehWhale suggested too :v:
Where do I go learn CSS, HTML, and javascript? Don't say W3Schools. I need to make dis look pretty [url]http://mmavipc.dyndns.org:8080[/url]
hi mmavipc
[QUOTE=Alcapwne;31735586]Yeah I'm gonna do that, that's what TehWhale suggested too :v:[/QUOTE]
You can also use GET, something like signup.php?errorcode=1 and each number gets a different errormessage, but sessions are fine too.
[QUOTE=commander204;31739904]You can also use GET, something like signup.php?errorcode=1 and each number gets a different errormessage, but sessions are fine too.[/QUOTE]
Yeah that was the other thing TehWhale suggested :v: I ended up doing it with sessions because I'm more familiar with them
[editline]15th August 2011[/editline]
Me again, what's the best way to save user logins? I've heard cookies aren't very secure...
[QUOTE=Alcapwne;31742761]Yeah that was the other thing TehWhale suggested :v: I ended up doing it with sessions because I'm more familiar with them
[editline]15th August 2011[/editline]
Me again, what's the best way to save user logins? I've heard cookies aren't very secure...[/QUOTE]
what do you mean? you can use sessions. Again.
[QUOTE=zzlawlzz;31744066]what do you mean? you can use sessions. Again.[/QUOTE]
I mean to make sure people are logged in permanently on their computer after they log in once, like facepunch does
[QUOTE=Alcapwne;31744106]I mean to make sure people are logged in permanently on their computer after they log in once, like facepunch does[/QUOTE]
facepunch uses cookies. it stores your hashed password and your user id and makes it stay there for 1 year unless you erase it.
[QUOTE=zzlawlzz;31744277]facepunch uses cookies. it stores your hashed password and your user id and makes it stay there for 1 year unless you erase it.[/QUOTE]
ah okay, that's what I was planning to do but I thought I heard somewhere that cookies weren't the way to go but I guess not :v:
Thanks
[QUOTE=Alcapwne;31744432]ah okay, that's what I was planning to do but I thought I heard somewhere that cookies weren't the way to go but I guess not :v:
Thanks[/QUOTE]
The way I do it (I haven't learned it anywhere in particular but it seemed logical to me) is that on login I create a unique hash, nothing complicated, I store it in my database and everytime they come back I check it with the last hash. Depending on what you are doing with a logged in state that should suffice. Of course I suggest adding additional security like same IP checks, Useragent checks, etc... Of course that can be emulated (The useragent).
[QUOTE=commander204;31745809]The way I do it (I haven't learned it anywhere in particular but it seemed logical to me) is that on login I create a unique hash, nothing complicated, I store it in my database and everytime they come back I check it with the last hash. Depending on what you are doing with a logged in state that should suffice. Of course I suggest adding additional security like same IP checks, Useragent checks, etc... Of course that can be emulated (The useragent).[/QUOTE]
I understood very little of that :( Could you dilute it a bit please?
[QUOTE=Alcapwne;31745905]I understood very little of that :( Could you dilute it a bit please?[/QUOTE]
Sorry! I will make a list, I hope it will be more understandable.
I do it like this:
-User logs in.
-Create a unique hash, something like md5(time().$username)
-Store it on a database.
-Put it in a cookie or a session(it will create a cookie anyway)
-User was logged in and comes back
-We read/check if there is already a hash.
-If there is one you check it against the one in the database.
-If they match the user is logged in.
Additional security can be important, because in theory that hash acts like a passkey right now. So I suggest using either very short lived cookies but you didn't want that. So the other options are:
-IP, you check if the login was done from the same IP as before
-Useragent, this should be checked everytime, although it is not very secure as it can be changed.
Of course SSL helps a lot, and depending on what you need that login for might be even required. (Like if you store banking information.)
Of course this is only one way to do it. It works for me, and anybody seeing a potential flaw with it please tell. (I use this so it would help me too.)
[QUOTE=commander204;31746211]Sorry! I will make a list, I hope it will be more understandable.
I do it like this:
-User logs in.
-Create a unique hash, something like md5(time().$username)
-Store it on a database.
-Put it in a cookie or a session(it will create a cookie anyway)
-User was logged in and comes back
-We read/check if there is already a hash.
-If there is one you check it against the one in the database.
-If they match the user is logged in.
Additional security can be important, because in theory that hash acts like a passkey right now. So I suggest using either very short lived cookies but you didn't want that. So the other options are:
-IP, you check if the login was done from the same IP as before
-Useragent, this should be checked everytime, although it is not very secure as it can be changed.
Of course SSL helps a lot, and depending on what you need that login for might be even required. (Like if you store banking information.)
Of course this is only one way to do it. It works for me, and anybody seeing a potential flaw with it please tell. (I use this so it would help me too.)[/QUOTE]
What I'm currently doing is setting an eternal cookie when the user logs in for the first time, which holds the username and md5 password. Then when they leave and come back, it checks if there is a username and password cookie set. If the cookies are set, it checks the username and md5 password against the username and md5 password in the database and if they match, then it tells some session variables that a user is logged in, and that the user's username is x.
Is that enough or do I need to go deeper, as it were?
I think storing a password in anyway other than in your database, after passing it trough a slow-hashing function, is a security hole. Because the problem here is, if someone intercepts the transmission (like let's say on a public wifi) they have the password, even though in a hashed format. But everyone can easily find a collision with that. (I can do about 60M Hashes per second, so it is at max a matter of minutes/hours)
[QUOTE=commander204;31746350]I think storing a password in anyway other than in your database, after passing it trough a slow-hashing function, is a security hole. Because the problem here is, if someone intercepts the transmission (like let's say on a public wifi) they have the password, even though in a hashed format. But everyone can easily find a collision with that. (I can do about 60M Hashes per second, so it is at max a matter of minutes/hours)[/QUOTE]
Ah okay. The user data being stored on my site isn't sensitive at all, so should I still bother making it completely secure?
[QUOTE=Alcapwne;31746395]Ah okay. The user data being stored on my site isn't sensitive at all, so should I still bother making it completely secure?[/QUOTE]
Well me as a user wouldn't want my password leaked, so if you don't want fundamentally change your authoring I suggest a slow-hashing algorithm like blowfish.
[QUOTE=commander204;31747167]Well me as a user wouldn't want my password leaked, so if you don't want fundamentally change your authoring I suggest a slow-hashing algorithm like blowfish.[/QUOTE]
Okay, I'll do that then
thanks!
I do exactly the same thing commander204 does - create a unique GUID/PIN for every user, store it in the db, and when a user connects I store it in a cookie.
When he returns, I read the cookie and check the db and if the GUID exists the user is logged in.
I feel I should also advocate the usage of [url=http://www.gnucitizen.org/blog/why-httponly-wont-protect-you/]HTTP-Only cookies[/url] to prevent the data from being leaked if an attacker pulls an XSS attack.
I'd also suggest using [url=https://developer.mozilla.org/en/security/csp]Content Security Policy[/url] to stop any unknown JS code running on your site (Stops possible XSS attacks, encourages you to write your JS code separately, etc.)
Currently it's only supported by Firefox 4+ (And other browsers using Gecko 2+), but I think the Chrome guys are working on an implementation as well.
Sorry, you need to Log In to post a reply to this thread.
