Search Results

Search found 10670 results on 427 pages for 'session cookie'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 207/427 | < Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >

  • Are there any security vulnerabilities in this PHP code?

    - by skorned
    Hi. I just got a site to manage, but am not too sure about the code the previous guy wrote. I'm pasting the login procedure below, could you have a look and tell me if there are any security vulnerabilities? At first glance, it seems like one could get in through SQL injection or manipulating cookies and the ?m= parameter. define ( 'CURRENT_TIME', time ()); / / Current time. define ( 'ONLINE_TIME_MIN', (CURRENT_TIME - BOTNET_TIMEOUT)); / / Minimum time for the status of "Online". define ( 'DEFAULT_LANGUAGE', 'en'); / / Default language. define ( 'THEME_PATH', 'theme'); / / folder for the theme. / / HTTP requests. define ( 'QUERY_SCRIPT', basename ($ _SERVER [ 'PHP_SELF'])); define ( 'QUERY_SCRIPT_HTML', QUERY_SCRIPT); define ( 'QUERY_VAR_MODULE', 'm'); / / variable contains the current module. define ( 'QUERY_STRING_BLANK', QUERY_SCRIPT. '? m ='); / / An empty query string. define ( 'QUERY_STRING_BLANK_HTML', QUERY_SCRIPT_HTML. '? m ='); / / Empty query string in HTML. define ( 'CP_HTTP_ROOT', str_replace ( '\ \', '/', (! empty ($ _SERVER [ 'SCRIPT_NAME'])? dirname ($ _SERVER [ 'SCRIPT_NAME']):'/'))); / / root of CP. / / The session cookie. define ( 'COOKIE_USER', 'p'); / / Username in the cookies. define ( 'COOKIE_PASS', 'u'); / / user password in the cookies. define ( 'COOKIE_LIVETIME', CURRENT_TIME + 2592000) / / Lifetime cookies. define ( 'COOKIE_SESSION', 'ref'); / / variable to store the session. define ( 'SESSION_LIVETIME', CURRENT_TIME + 1300) / / Lifetime of the session. ////////////////////////////////////////////////// ///////////////////////////// / / Initialize. ////////////////////////////////////////////////// ///////////////////////////// / / Connect to the database. if (! ConnectToDB ()) die (mysql_error_ex ()); / / Connecting topic. require_once (THEME_PATH. '/ index.php'); / / Manage login. if (! empty ($ _GET [QUERY_VAR_MODULE])) ( / / Login form. if (strcmp ($ _GET [QUERY_VAR_MODULE], 'login') === 0) ( UnlockSessionAndDestroyAllCokies (); if (isset ($ _POST [ 'user']) & & isset ($ _POST [ 'pass'])) ( $ user = $ _POST [ 'user']; $ pass = md5 ($ _POST [ 'pass']); / / Check login. if (@ mysql_query ( "SELECT id FROM cp_users WHERE name = '". addslashes ($ user). "' AND pass = '". addslashes ($ pass). "' AND flag_enabled = '1 'LIMIT 1") & & @ mysql_affected_rows () == 1) ( if (isset ($ _POST [ 'remember']) & & $ _POST [ 'remember'] == 1) ( setcookie (COOKIE_USER, md5 ($ user), COOKIE_LIVETIME, CP_HTTP_ROOT); setcookie (COOKIE_PASS, $ pass, COOKIE_LIVETIME, CP_HTTP_ROOT); ) LockSession (); $ _SESSION [ 'Name'] = $ user; $ _SESSION [ 'Pass'] = $ pass; / / UnlockSession (); header ( 'Location:'. QUERY_STRING_BLANK. 'home'); ) else ShowLoginForm (true); die (); ) ShowLoginForm (false); die (); ) / / Output if (strcmp ($ _GET [ 'm'], 'logout') === 0) ( UnlockSessionAndDestroyAllCokies (); header ( 'Location:'. QUERY_STRING_BLANK. 'login'); die (); ) ) ////////////////////////////////////////////////// ///////////////////////////// / / Check the login data. ////////////////////////////////////////////////// ///////////////////////////// $ logined = 0, / / flag means, we zalogininy. / / Log in session. LockSession (); if (! empty ($ _SESSION [ 'name']) & &! empty ($ _SESSION [ 'pass'])) ( if (($ r = @ mysql_query ( "SELECT * FROM cp_users WHERE name = '". addslashes ($ _SESSION [' name'])."' AND pass = ' ". addslashes ($ _SESSION [' pass']). " 'AND flag_enabled = '1' LIMIT 1 ")))$ logined = @ mysql_affected_rows (); ) / / Login through cookies. if ($ logined! == 1 & &! empty ($ _COOKIE [COOKIE_USER]) & &! empty ($ _COOKIE [COOKIE_PASS])) ( if (($ r = @ mysql_query ( "SELECT * FROM cp_users WHERE MD5 (name )='". addslashes ($ _COOKIE [COOKIE_USER ])."' AND pass = '". addslashes ($ _COOKIE [COOKIE_PASS]). " 'AND flag_enabled = '1' LIMIT 1 ")))$ logined = @ mysql_affected_rows (); ) / / Unable to login. if ($ logined! == 1) ( UnlockSessionAndDestroyAllCokies (); header ( 'Location:'. QUERY_STRING_BLANK. 'login'); die (); ) / / Get the user data. $ _USER_DATA = @ Mysql_fetch_assoc ($ r); if ($ _USER_DATA === false) die (mysql_error_ex ()); $ _SESSION [ 'Name'] = $ _USER_DATA [ 'name']; $ _SESSION [ 'Pass'] = $ _USER_DATA [ 'pass']; / / Connecting language. if (@ strlen ($ _USER_DATA [ 'language'])! = 2 | |! SafePath ($ _USER_DATA [ 'language']) | |! file_exists ( 'system / lng .'.$_ USER_DATA [' language '].' . php'))$_ USER_DATA [ 'language'] = DEFAULT_LANGUAGE; require_once ( 'system / lng .'.$_ USER_DATA [' language'].'. php '); UnlockSession ();

    Read the article

  • Viewstate seems to be hijacked inadvertently

    - by dvr
    Hi, we are using asp.net 2.x, we use session state stored in sql server, 2 web servers in loadbalance, iis6. our issue is that in the last 3 months we have had 2 cases where some one using our enquiry form has seen someone else's info e.g. first name and last name. We are not populating the form from objects in session so I have come to the conclusion that the second user has somehow received the viewstate from the first user, after that user has tried to submit and got an error e.g. has posted view state and returned the the same page and the other user has requested that page at the same time (must have been on the same server I am guessing if it is a viewstate issue). have any of you experienced this before? some questions mulling around in my head is how does the worker process know to retun view state to a unique request and how does it determine a unique request etc..

    Read the article

  • Jquery JSON .each() doesnt work in Google Chrome

    - by Sheriffen
    I have a really simple chat application on a site which works pretty good. It requests by ajax like this: $.ajax({ url: "fetch/"+CHAT_SESSION_ID+"/"+LAST_MESSAGE_ID, dataType: "json", cache: false, success: function(data) { if (data.session_active == 0) { //If other chatter ended session alert("Session Ended"); } else { $.each(data.messages, function(i,msg){ alert(msg.message.Body); )}; } } }); and gets a json response that lookes like this: { "session_active": "1", "messages": [ {"message": {"MsgID": "100", "UserID": "1", "Body": "heyy"}}, ]} It works really well in at least FF and Saf but in Chrome it never gets past the .each! This is driving me nuts, have tried everything I've come across online for days but I can't seem to get it right. Please someone help! I can provide testserver if someone wants to firebug it themselves ;)

    Read the article

  • What is the standard way of using a sitemap with pages that require specific information passed to t

    - by Mike
    Hi, I have a website for which many pages rely on information passed to them (usually in the form of a querystring) or on a session variable. When making a web application, how do you normally handle these particular pages in regards to the sitemap? If you're using the standard ASP.NET menu control, it will render the node on the menu and if you click it, you could get an exception stating that a session variable doesn't exist (if it hasn't been created yet). For example, if you're making a user management area: All of these nodes get rendered, but I don't want the user to click on edit user or delete user without specifying someone to edit or delete. Any tips or suggestions would be greatly appreciated.

    Read the article

  • php symantics of setting cookies and redirecting without getting header error

    - by salmane
    I would like to do the following in php : setcookie('name', $value, $Cookie_Expiration,'/'); then some action header("location:http://www.example.com") the problem is that I get : warning: Cannot modify header information - headers already sent by (...etc ) could you please let me know what i am doing wrong and if there is a way to do this? by the way , this code is before any output is made ...the cookie setting part works fine on its own and so does the redirection code....the combination fails thank you

    Read the article

  • Semantics of setting cookies and redirecting without getting header error

    - by salmane
    I would like to do the following in php : setcookie('name', $value, $Cookie_Expiration,'/'); then some action header("location:http://www.example.com") the problem is that I get : warning: Cannot modify header information - headers already sent by (...etc ) could you please let me know what i am doing wrong and if there is a way to do this? by the way , this code is before any output is made ...the cookie setting part works fine on its own and so does the redirection code....the combination fails thank you

    Read the article

  • How to model localized items

    - by tweir
    I'm currently designing a e-commerce solution. One of the primary requirements is for the store to support localized item details. The same store must be able to support multiple languages via the user's language selection and/or browser preference. I have two tables: Item (id, sku, price, ...) ItemDetails (item_id, language, title, ...) For each Item, there will be multiple rows corresponding to the item, where the (item_id,language) pair will be unique. I would like to model this as: class Item { public string sku; public double price; public ItemDetails Details; } Based on the user's session, I would like the items returned to have the Details object corresponds to the user's selected language (from their session). What are some approaches for representing this?

    Read the article

  • How to facebook getuser() after login with javascript SDK

    - by user1848205
    So I have to ask for extended permission by clicking the enter button, but after the login is necessary to refresh the page in order to display the app. Here's my code: <?php require 'facebook.php'; $facebook = new Facebook(array( 'appId' => '< THE APPID >', 'secret' => '< THE SECRET >', 'cookie' => true, )); $user = $facebook->getUser(); if ($user) { try { $user_profile = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); $user = null; } } ?> <body> <div id="fb-root"></div> <script> window.fbAsyncInit = function() { FB.init({ appId : '< THE APPID >', status : true, cookie : true, xfbml : true }); // Additional initialization code such as adding Event Listeners goes here $('#btn-enter').click(function(){ login(); }); }; (function(d){ var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0]; if (d.getElementById(id)) {return;} js = d.createElement('script'); js.id = id; js.async = true; js.src = "//connect.facebook.net/en_US/all.js"; ref.parentNode.insertBefore(js, ref); }(document)); function login() { FB.login(function(response) { if (response.authResponse) { // connected } else { // cancelled } //}); }, {scope: 'read_friendlists,friends_photos,publish_stream'}); } </script> <?php if ($user): ?> <!--Here is my APP--> <?php else: ?> <a id="btn-enter">Enter</a> <?php endif ?> Is there a better way to do this ? What works for me is: function login() { FB.login(function(response) { if (response.authResponse) { top.location.href='https://the_app_url'; } else { } //}); }, {scope: 'read_friendlists,friends_photos,publish_stream'}); } But this causes the entire page to refresh and is not 'elegant' per se...

    Read the article

  • SQLAlchemy - loading user by username

    - by keithjgrant
    Just diving into pylons here, and am trying to get my head around the basics of SQLALchemy. I have figured out how to load a record by id: user_q = session.query(model.User) user = user_q.get(user_id) But how do I query by a specific field (i.e. username)? I assume there is a quick way to do it with the model rather than hand-building the query. I think it has something with the add_column() function on the query object, but I can't quite figure out how to use it. I've been trying stuff like this, but obviously it doesn't work: user_q = meta.Session.query(model.User).add_column('username'=user_name) user = user_q.get()

    Read the article

  • Alternative Django Authenication

    - by pq
    Need to integrate Django with an existing authentication system. That system has it's own database, API, login/logout,edit profile web pages and cookie. (I may have to add a few additional profile fields stored/updated locally) What's the proper approach to substitute the out-of-the-box authentication in Django?

    Read the article

  • .htaccess Problem

    - by ocergynohtna
    I'm having trouble with redirecting urls using the .htaccess file. This is how my htaccess file looks like: Redirect 301 /file-name/example.php http://www.mysite.com/file-name/example-001.php Redirect 301 /section-name/example.php http://www.my-site.com/section-name/example-002.php RewriteEngine on RewriteCond %{HTTP_HOST} !^www.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=301] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.+)/(.*)$ hqtemplates/articles.php?file_name=$2 [L] php_value session.use_only_cookies 1 php_value session.use_trans_sid 0 Now the problem is that when I go to page: www.my-site.com/file-name/example.php instead of redirecting me to www.my-site.com/file-name/example-001.php it redirects me to www.my-site.com/file-name/example.php?file_name=example-001.php. For some reason it adds "?file_name=example-001.php" to the url. Anyone know's why this is happening and how to fix this?

    Read the article

  • how to dissect string values

    - by nhoyti
    how can i dissect or retrieve string values Here's the sample code that im working on now private void SplitStrings() { List<string> listvalues = new List<string>(); listvalues = (List<string>)Session["mylist"]; string[] strvalues = listvalues.ToArray(); for (int x = 0; x < strvalues.Length; x++) { } } now that i'am able to retrieve List values in my session, how can i separately get the values of each list using foreach or for statement?

    Read the article

  • How to access the calling source line from interactive shell

    - by TJD
    I want to make a function that can determine the source code of how it was called. I'm aware of how to do this generally with the inspect module. For example, this question, works well and provides my desired output in the lines variable as shown below: def hello(x): frame,filename,line_number,function_name,lines,index=\ inspect.getouterframes(inspect.currentframe())[1] print(frame,filename,line_number,function_name,lines,index) The problem is that this solution doesn't work in an interactive command line session. For example, from a command line, the result looks like: >>> y = hello(7) (<frame object at 0x01ECA9E8>, '<stdin>', 1, '<module>', None, None) The problem is that the source file is '<stdin>', so the lines variable is None. How can I access the calling line to find the result containing the string y = hello(7) during an interactive session?

    Read the article

  • NHibernate and MySql is inserting and Selecting, not updating

    - by Chris Brandsma
    Something strange is going on with NHibernate for me. I can select, and I can insert. But I can't do and update against MySql. Here is my domain class public class UserAccount { public virtual int Id { get; set; } public virtual string UserName { get; set; } public virtual string Password { get; set; } public virtual bool Enabled { get; set; } public virtual string FirstName { get; set; } public virtual string LastName { get; set; } public virtual string Phone { get; set; } public virtual DateTime? DeletedDate { get; set; } public virtual UserAccount DeletedBy { get; set; } } Fluent Mapping public class UserAccountMap : ClassMap<UserAccount> { public UserAccountMap() { Table("UserAccount"); Id(x => x.Id); Map(x => x.UserName); Map(x => x.Password); Map(x => x.FirstName); Map(x => x.LastName); Map(x => x.Phone); Map(x => x.DeletedDate); Map(x => x.Enabled); } } Here is how I'm creating my Session Factory var dbconfig = MySQLConfiguration .Standard .ShowSql() .ConnectionString(a => a.FromAppSetting("MySqlConnStr")); FluentConfiguration config = Fluently.Configure() .Database(dbconfig) .Mappings(m => { var mapping = m.FluentMappings.AddFromAssemblyOf<TransactionDetail>(); mapping.ExportTo(mappingdir); }); and this is my NHibernate code: using (var trans = Session.BeginTransaction()) { var user = GetById(userId); user.Enabled = false; user.DeletedDate = DateTime.Now; user.UserName = "deleted_" + user.UserName; user.Password = "--removed--"; Session.Update(user); trans.Commit(); } No exceptions are being thrown. No queries are being logged. Nothing.

    Read the article

  • FormsAuthentication AuthCookie data type

    - by FreshCode
    Does the original data type of the username string in a call to FormsAuthentication.SetAuthCookie(...) make any difference with regards to security or code maintainability? As I understand it, the cookie is encrypted and used to identify a user on each request. I'm curious whether it should affect the design of the primary key on my Users table in my database, eg. Guid vs int or a unique username string.

    Read the article

  • Hibernate Save Parent Only

    - by user239905
    Hi, I'm having an issue with Hibernate 3.2.5, where I have to save only the parent object in a one-to-many relationship. For example, I have a flower A, that can have many details. Firstly I want to save only the flower, and the details will be added later. This process throws an exception: not-null property references a null or transient value: com.juflora.bean.JFlora._floraSetBackref This is my code: JFlora flora = new JFlora(); flora.setTypeId(Integer.parseInt(type)); flora.setDescription(description); flora.setName(name); flora.setImage(image); flora.setFloraDetails(new HashSet()); session.save(flora); session.getTransaction().commit();

    Read the article

  • Can entities be attached to an ISession that weren't previously attached?

    - by TheCloudlessSky
    I'm playing around with NHibernate 3.0. So far things are pretty cool. I'm trying to attach an entity that wasn't detached previously: var post = new Post(){ Id = 2 } session.Update(post); // Thought this would work but it doesn't. post.Title = "New Title After Update"; session.Flush(); Is this possible so that only Title gets updated? This is currently possible in EntityFramework. I'd like to not have to load Post from the database when I just need to update a few properties.

    Read the article

  • Simple check authentication decorator in Python + Pylons

    - by ensnare
    I'd like to write a simple decorator that I can put above functions in my controller to check authentication and re-direct to the login page if the current user is not authenticated. What is the best way to do this? Where should the decorator go? How should I pass cookie info to the decorator? Sample code is greatly appreciated. Thank you!

    Read the article

  • Linking javascript BASEDIR

    - by Azzyh
    Hello. So continue from this: http://stackoverflow.com/questions/2715295/linking-how-php-html Please check the answer i accepted, and i used the "BASEDIR" solution zneak came with. Now i ran onto another problem.. in my ajax_framework.js i have: $.ajax({url: "session.php", success: function(data){ how should i include BASEDIR onto this? i was thinking something about: $.ajax({url: "'.BASEDIR.'session.php", success: function(data){ but this isnt PHP, so i think you cant? no? any help or maybe another method to come around this?

    Read the article

  • Function to set an auth_token

    - by john mossel
    In my form I have a hidden field: <input type="hidden" name="auth_token" value="<?php echo $auth_token; ?>"> This value is also stored in a session and a variable: $_SESSION['auth_token'] = hash('sha256', rand() . time() . $_SERVER['HTTP_USER_AGENT']); # TODO: put this in a function $auth_token = $_SESSION['auth_token']; When the form is submitted the two values are compared. It's a basic form token. Should this be made into two functions or just one when refactored? set_form_token() and get_form_token(), get_form_token() returning the session value, then I can compare it in my main code. What is the proper way of doing this?

    Read the article

  • For securing forms, when do I issue the token?

    - by AQuestionADayKeepsTheDrAway
    So, I have a form, to make it a little more secure and potentially help prevent CSRF attacks I want to add a random token value in a hidden field that value is also stored server side in my session data. When should I issue a new token? Per form? Per page load where there is any form? Per session? I can render it invalid as soon as a form is successfully submitted but I'm wondering when to generate one. I ask as if I issue it per form or per page do I not risk the chance of a duplicate token value overwriting the existing (valid) token if a user opens a separate window but submitting the first form (with the now overwritten value)?

    Read the article

  • Using SQLAlchemy, how can I return a count with multiple columns

    - by Andy
    I am attempting to run a query like this: SELECT comment_type_id, name, count(comment_type_id) FROM comments, commenttypes WHERE comment_type_id=commenttypes.id GROUP BY comment_type_id Without the join between comments and commenttypes for the name column, I can do this using: session.query(Comment.comment_type_id,func.count(Comment.comment_type_id)).group_by(Comment.comment_type_id).all() However, if I try to do something like this, I get incorrect results: session.query(Comment.comment_type_id, Comment.comment_type, func.count(Comment.comment_type_id)).group_by(Comment.comment_type_id).all() I have two problems with the results: (1, False, 82920) (2, False, 588) (3, False, 4278) (4, False, 104370) Problems: The False is not correct The counts are wrong My expected results are: (1, 'Comment Type 1', 13820) (2, 'Comment Type 2', 98) (3, 'Comment Type 2', 713) (4, 'Comment Type 2', 17395) How can I adjust my command to pull the correct name value and the correct count?

    Read the article

  • [sqlalchemy] subquery in select statement

    - by webjunkie
    Hi guys, I have two tables (albums,pictures) in a one to many relationship and I want to display each albums details with one picture so I have the following query select albums.name,(select pictures.path from pictures where pictures.albumid=albums.id limit 1) as picture from albums where ... Now I'm struggling creating this on Pylons with sqlalchemy I tried to do the following picture = Session.query(model.Picture) sub_q = picture.filter_by(albumid = model.Album.id).limit(1).subquery() album_q = Session.query(model.Album, sub_q) result = album_q.all() but it creates the following statement displaying the incorrect picture beacuse the table albums is included in the subquery select albums.name,(select pictures.path from pictures,albums where pictures.albumid=albums.id) from albums where ... Am I doing it wrong?, is this even possible in sqlalchemy?.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >