Search Results

Search found 95978 results on 3840 pages for 'user defined literals'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 229/3840 | < Previous Page | 225 226 227 228 229 230 231 232 233 234 235 236  | Next Page >

  • Incompatible group permissions in Linux - Is it a bug?

    - by Sachin
    I am on Ubuntu 11.04. I am creating another user and placing an existing user in the group of other user, hoping to write in the home directory of other user. # uname -a Linux vini 2.6.38-11-generic #50-Ubuntu SMP Mon Sep 12 21:18:14 UTC 2011 i686 athlon i386 GNU/Linux # whoami sachin # su root # useradd -m -U foo // create user foo # usermod -a -G foo sachin // add user `sachin' to group `foo' # chmod 770 /home/foo/ # exit # whoami sachin # cd /home/foo/ bash: cd: /home/foo/: Permission denied # groups sachin sachin : sachin foo This is totally weird. Though user sachin is in group foo, and group bits for /home/foo/ is set to rwx, sachin can't chdir to /home/foo/. I am not able to understand this. But, if at the exit step, I switch to sachin user from root, this is what happens: # uname -a Linux vini 2.6.38-11-generic #50-Ubuntu SMP Mon Sep 12 21:18:14 UTC 2011 i686 athlon i386 GNU/Linux # whoami sachin # su root # useradd -m -U foo // create user foo # usermod -a -G foo sachin // add user `sachin' to group `foo' # chmod 770 /home/foo/ # su sachin # whoami sachin # cd /home/foo/ # ls examples.desktop Now, whatever is happening here is totally incomprehensible. Does su sachin inherits some permissions from the root user at this step? Any explanations would be much appreciated.

    Read the article

  • Make all text EXCEPT <input> unselectable in Internet Explorer? [migrated]

    - by Ashli
    I have a website where I want to disable users from selecting content EXCEPT for input areas. I currently have some CSS to disable user-select: -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -o-user-select: none; user-select: none; However, this does NOT cover Internet Explorer; thus, I need to implement some JavaScript: <body onselectstart="return false;"> Through CSS and JavaScript, I can make all content unselectable across all popular browsers. BUT, this code also makes areas unselectable, which is a major case of poor usability. I use CSS to make input areas selectable: -webkit-user-select: text; -khtml-user-select: text; -moz-user-select: text; -o-user-select: text; user-select: text; .. and as you might have expected, this does not cover Internet Explorer, since I used JavaScript to disable all content from being selectable. What can I do to make all content unselectable except for input areas?

    Read the article

  • How can I read a DBF file with incorrectly defined column data types using ADO.NET?

    - by Jason
    I have a several DBF files generated by a third party that I need to be able to query. I am having trouble because all of the column types have been defined as characters, but the data within some of these fields actually contain binary data. If I try to read these fields using an OleDbDataReader as anything other than a string or character array, I get an InvalidCastException thrown, but I need to be able to read them as a binary value or at least cast/convert them after they are read. The columns that actually DO contain text are being returned as expected. For example, the very first column is defined as a character field with a length of 2 bytes, but the field contains a 16-bit integer. I have written the following test code to read the first column and convert it to the appropriate data type, but the value is not coming out right. The first row of the database has a value of 17365 (0x43D5) in the first column. Running the following code, what I end up getting is 17215 (0x433F). I'm pretty sure it has to do with using the ASCII encoding to get the bytes from the string returned by the data reader, but I'm not sure of another way to get the value into the format that I need, other that to write my own DBF reader and bypass ADO.NET altogether which I don't want to do unless I absolutely have to. Any help would be greatly appreciated. byte[] c0; int i0; string con = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\ASTM;Extended Properties=dBASE III;User ID=Admin;Password=;"; using (OleDbConnection c = new OleDbConnection(con)) { c.Open(); OleDbCommand cmd = c.CreateCommand(); cmd.CommandText = "SELECT * FROM astm2007"; OleDbDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { c0 = Encoding.ASCII.GetBytes(dr.GetValue(0).ToString()); i0 = BitConverter.ToInt16(c0, 0); } dr.Dispose(); }

    Read the article

  • Section or group name 'cachingConfiguration' is already defined - but where?

    - by Richard Ev
    On Windows XP I am working on a .NET 3.5 web app that's a combination of WebForms and MVC2 (The WebForms parts are legacy, and being migrated to MVC). When I run this from VS2008 using the ASP.NET web server everything works as expected. However, when I host the app in IIS and try to use it, I see the following error Section or group name 'cachingConfiguration' is already defined. Updates to this may only occur at the configuration level where it is defined. Source Error: Line 24: </sectionGroup> Line 25: <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net"/> Line 26: <section name="cachingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Caching.Configuration.CacheManagerSettings,Microsoft.Practices.EnterpriseLibrary.Caching, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> Line 27: </configSections> Line 28: Sure enough, if I remove the offending line (line 26 in the error message) from my web.config then the app runs correctly. However, I really need to find out where the duplicate definition of this is. It's nowhere in my solution. Where else could it be?

    Read the article

  • Does not contain a definition for GetDataFromNumber But i have it defined!?!?!

    - by JB
    public void button2_Click(object sender, System.EventArgs e) { string text = textBox1.Text; Mainform = this; this.Hide(); GetSchedule myScheduleFinder = new GetSchedule(); string result = myScheduleFinder.GetDataFromNumber(text);// says there is no definition if (!string.IsNullOrEmpty(result)) { MessageBox.Show(result); } else { MessageBox.Show("Enter A Valid ID Number!"); } } says it does not contain definition for it but on my GetSchedule .cs file i have it defined public string GetDataFromNumber(string ID)//defined here { foreach (IDnumber IDCandidateMatch in IDnumbers) { if (IDCandidateMatch.ID == ID) { StringBuilder myData = new StringBuilder(); myData.AppendLine(IDCandidateMatch.Name); myData.AppendLine(": "); myData.AppendLine(IDCandidateMatch.ID); myData.AppendLine(IDCandidateMatch.year); myData.AppendLine(IDCandidateMatch.class1); myData.AppendLine(IDCandidateMatch.class2); myData.AppendLine(IDCandidateMatch.class3); myData.AppendLine(IDCandidateMatch.class4); //return myData; return myData.ToString(); } } return ""; }

    Read the article

  • Using an ORM with a database that has no defined relationships?

    - by Ahmad
    Consider a database(MSSQL 2005) that consists of 100+ tables which have primary keys defined to a certain degree. There are 'relationships' between tables, however these are not enforced with foreign key constraints. Consider the following simplified example of typical types of tables I am dealing with. The are clear relations between the User and City and Province tables. However, they key issues is the inconsistent data types in the tables and naming conventions. User: UserRowId [int] PK Name [varchar(50)] CityId [smallint] ProvinceRowId [bigint] City: CityRowId [bigint] PK CityDescription [varchar(100)] Province: ProvinceId [int] PK ProvinceDesc [varchar(50)] I am considering a rewrite of the application (in ASP.net MVC) that uses this data source as is similar in design to MVC storefront. However I am going through a proof of concept phase and this is one of the stumbling blocks I have come across. What are my options in terms of ORM choice that can be easily used and why? Should I even be considering an ORM? (The reason I ask this is that most explanations and tutorials all work with relatively cleanly designed existing databases, or newly created ones when compared to mine. I am thus having a very hard time trying to find a way forward with this problem) There is a huge amount of existing SQL queries, would a datamappper(eg IBatis.net) be more suitable since we could easily modify them to work and reuse the investment already made? I have found this question on SO which indicates to me that an ORM can be used - however I get the impression that this a question of mapping? Note: at the moment, the object model is not clearly defined as it was non-existent. The existing system pretty much did almost everything in SQL or consisted of overly complicated, and numerous queries to complete fucntionality. I am pretty much a noob and have zero experience around ORMs and MVC - so this an awesome learning curve I am on.

    Read the article

  • Cocos2d on iPhone: Using Sprites Defined in Separate Class Files.

    - by srikanth rongali
    I'm trying to draw two sprites on the same screen. I have defined the two sprite objects in two separate class files. If I comment out two lines (see "item 1" comment below) then I get a display as [a backgroundimage[background2.jpg] with a sprite[grossini.png] on the left side. If I uncomment the two lines I do not get the background image and sprite of (gameScreen.m). I get only the sprite [grossinis_sister1.png] defined in (enemy.m). But what I need is a [backgroundimage[background2.jpg]], sprite[grossini.png] and sprite [grossinis_sister1.png] in one screen. This is implementation file of my first class: #import "gameScreen.h" #import "enemy.h" @implementation gameScreen -(id)init { if((self = [super init])) { CCSprite *backGroundImage = [CCSprite spriteWithFile:@"background2.jpg"]; backGroundImage.anchorPoint = ccp(0,0); CCParallaxNode *voidNode = [CCParallaxNode node]; [voidNode addChild:backGroundImage z:-1 parallaxRatio:ccp(0.0f,0.0f) positionOffset:CGPointZero]; [self addChild:voidNode]; CGSize windowSize = [[CCDirector sharedDirector] winSize]; CCSprite *player = [CCSprite spriteWithFile:@"grossini.png"]; player.position = ccp(player.contentSize.width/2, windowSize.height/2); [self addChild:player z:0]; //eSprite = [[enemy alloc]init]; //<-- see item 1 //[self addChild:eSprite]; } return self; } This is my implementation file of my second class: #import "enemy.h" #import "gameScreen.h" @implementation enemy -(id)init { if ((self = [super init])) { CGSize windowSize = [[CCDirector sharedDirector] winSize]; CCSprite *enemySprite = [CCSprite spriteWithFile:@"grossinis_sister1.png" ]; enemySprite.position = ccp(windowSize.width/2, windowSize.height/2); [self addChild:enemySprite]; } return self; } @end

    Read the article

  • Undefined Variable? But I defined it...

    - by Rob
    Well before anyone claims that theres a duplicate question... (I've noticed that people who can't answer the question tend to run and look for a duplicate, and then report it.) Here is the duplicate you are looking for: http://stackoverflow.com/questions/2481382/php-claims-my-defined-variable-is-undefined However, this isn't quite a duplicate. It gives me a solution, but I'm not really looking for this particular solution. Here is my problem: Notice: Undefined variable: custom Now here is my code: $headers = apache_request_headers(); // Request the visitor's headers. $customheader = "Header: 7ddb6ffab28bb675215a7d6e31cfc759"; //This is what the header should be. foreach ($headers as $header => $value) { $custom .= "$header: $value"; } Clearly, $custom is defined. According to the other question, it's a global and should be marked as one. But how is it a global? And how can I make it a (non-global)? The script works fine, it still displays what its supposed to and acts correctly, but when I turn on error messages, it simply outputs that notice as well. I suppose its not currently necessary to fix it, but I'd like to anyway, as well as know why its doing this.

    Read the article

  • Outlook Rule for forwarding and bouncing ?

    - by Outlook User
    In order to consolidate all my email, I wanted to forward all my Gmail(2 accounts) to a new Live(Hotmail) account. I wanted all email arriving at my Gmail account to be forwarded to my Hotmail(easy enough) BUT I ALSO want all email arriving at Gmail to be replied back to sender with a message like: "Your email has been delivered BUT the user has moved onto [email protected] . Please further all communication to this email". Using Outlook as my email client, how can I work this out?

    Read the article

  • OpenSSH does not accept public key?

    - by Bob
    I've been trying to solve this for a while, but I'm admittedly quite stumped. I just started up a new server and was setting up OpenSSH to use key-based SSH logins, but I've run into quite a dilemma. All the guides are relatively similar, and I was following them closely (despite having done this once before). I triple checked my work to see if I would notice some obvious screw up - but nothing is apparent. As far as I can tell, I haven't done anything wrong (and I've checked very closely). If it's any help, on my end I'm using Cygwin and the server is running Ubuntu 12.04.1 LTS. Anyways, here is the output (I've removed/censored some parts for privacy (primarily anything with my name, website, or its IP address), but I can assure you that nothing is wrong there): $ ssh user@host -v OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Connecting to host [ipaddress] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/id_rsa type 1 debug1: identity file /home/user/.ssh/id_rsa-cert type -1 debug1: identity file /home/user/.ssh/id_dsa type -1 debug1: identity file /home/user/.ssh/id_dsa-cert type -1 debug1: identity file /home/user/.ssh/id_ecdsa type -1 debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 24:68:c3:d8:13:f8:61:94:f2:95:34:d1:e2:6d:e7:d7 debug1: Host 'host' is known and matches the ECDSA host key. debug1: Found key in /home/user/.ssh/known_hosts:2 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/user/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /home/user/.ssh/id_dsa debug1: Trying private key: /home/user/.ssh/id_ecdsa debug1: No more authentication methods to try. Permission denied (publickey). What can I do to resolve my problem?

    Read the article

  • CUPS Web Admin Error 500 Unknown

    - by Floyd Resler
    I keep getting a 500 Unknown error whenever I navigate off the home page of my CUPS web admin. I'm sure I have something misconfigured but I'm not sure what. Here's my configuration: # # "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $" # # Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. # # Log general information in error_log - change "warn" to "debug" # for troubleshooting... LogLevel warn # Administrator user group... SystemGroup lpadmin sys root # Only listen for connections from the local machine. Listen 192.168.6.101:631 Listen /var/run/cups/cups.sock ServerName 192.168.6.101 # Show shared printers on the local network. Browsing On BrowseOrder allow,deny BrowseAllow all BrowseLocalProtocols CUPS BrowseAddress 192.168.6.255 # Default authentication type, when authentication is required... DefaultAuthType Basic # Restrict access to the server... Order allow,deny Allow From All Allow From 127.0.0.1 # Restrict access to the admin pages... AuthType Default Require user @SYSTEM Order allow,deny Allow From All Allow From 127.0.0.1 # Restrict access to configuration files... AuthType Default Require user @SYSTEM Order allow,deny Allow From All Allow From 127.0.0.1 # Set the default printer/job policies... # Job-related operations must be done by the owner or an administrator... Require user @OWNER @SYSTEM Order deny,allow # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # Only the owner or an administrator can cancel or authenticate a job... Require user @OWNER @SYSTEM Order deny,allow Order deny,allow # Set the authenticated printer/job policies... # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow AuthType Default Require user @OWNER @SYSTEM Order deny,allow # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # Only the owner or an administrator can cancel or authenticate a job... AuthType Default Require user @OWNER @SYSTEM Order deny,allow Order deny,allow # # End of "$Id: cupsd.conf.in 8805 2009-08-31 16:34:06Z mike $". #

    Read the article

  • What is the the maximum time for a user to return to Google for the visit to be flagged up as a bounce in GA?

    - by Anonymous
    I know that Google measures bounce rates by how fast a user returns to the results page after clicking-through to a website. Roughly what is the maximum duration of the visit for the user to then return for it to be considered a bounce? i.e. <5 seconds, <30 seconds? I'm mainly interested as it appears a lot of users clicking through my PPC adverts (Adwords) are bouncing, despite my ads having a high quality score and the page's being entirely related to the adverts copy and at as best tied to what I think user's may be searching for from the key phrases I've selected so the high bounce rate (100% on some keywords) seems a bit strange. If a bounce isn't determined by time, but simply whether a user returns to the SERP after visiting my site or not after any amount of time that would make more sense but the average duration of visit for my keywords with a 100% bounce rate in GA is 00:00:00, which suggests a user immediately returned to the SERPs, which again, is odd. Is my GA data being skewed by https or anything like that? Scratching my head here.

    Read the article

  • Does it make the game more fun when the user is forced to progress thru the levels sequentially rather than letting them pick and play?

    - by BeachRunnerJoe
    Hello. For the first time in my game, I'm stuck with a real design dilemma. I guess that's a good thing ;) I'm building a word puzzle game that has five levels, each with 30 puzzles. Currently, the user has to solve one puzzle at a time before moving to the next. However, I'm finding the user occasionally gets stuck on a puzzle, at which point they can no longer play until they solve it. This is obviously bad because many people will just quit playing the game and delete the app since they get frustrated and can't play any other puzzles until the current puzzle is solved. The only elegant solution I can find to helping the player get unstuck is changing the design of the game to allow the users to pick any puzzle to play at any time. This way, if they get stuck, they can come back to it later and at least they have other puzzles to play in the meantime. It's my opinion, however, that this new flow design doesn't make the game as fun as the original flow design where the player has to complete a puzzle before moving to the next. To me, it's like anything else, when you only have one of something, it's more enjoyable, but when you have 30 of something, it's far less enjoyable. In fact, when I present the user with 30 puzzles to choose from that they need to solve before unlocking the next level, it almost seems as tho I'm making them feel like it's work they have to do. I even had a tester voluntarily tell me that being forced to complete a puzzle before moving to the next is more motivating. My questions are... Do you agree/disagree? Do you have any suggestions for how I can help the player get unstuck? Thanks so much in advance for your thoughts! EDIT: I should mention that I've already considered a few other solutions to helping the user get unstuck, but none of them seem like good ideas. They are... Add more hints: Currently, the user gets two hints per puzzle. If I increase the hint count, it only makes the game more easy and still leaves the possibility of the user getting stuck. Add a "Show Solution" button: This seems like a bad idea because it's my opinion this takes the fun out of the game for many people who would probably otherwise solve the puzzle if they didn't have the quick option to see the solution.

    Read the article

  • Does it make the game more fun when the user is forced to progress through the levels sequentially rather than letting them pick and play?

    - by BeachRunnerJoe
    Hello. For the first time in my game, I'm stuck with a real design dilemma. I guess that's a good thing ;) I'm building a word puzzle game that has five levels, each with 30 puzzles. Currently, the user has to solve one puzzle at a time before moving to the next. However, I'm finding the user occasionally gets stuck on a puzzle, at which point they can no longer play until they solve it. This is obviously bad because many people will probably just quit playing the game and delete the app. The only elegant solution I can find to helping the player get unstuck is changing the design of the game to allow the users to pick any puzzle to play at any time. This way, if they get stuck, they can come back to it later and at least they have other puzzles to play in the meantime. It's my opinion, however, that this new flow design doesn't make the game as fun as the original flow design where the player has to complete a puzzle before moving to the next. To me, it's like anything else, when you only have one of something, it's more enjoyable, but when you have 30 of something, it's far less enjoyable. In fact, when I present the user with 30 puzzles to choose from, I'm concerned I might be making them feel like it's a lot of work they have to do and that's bad. I even had a tester voluntarily tell me that being forced to complete a puzzle before moving to the next is actually motivating. My questions are... Do you agree/disagree? Do you have any suggestions for how I can help the player get unstuck? Thanks so much in advance for your thoughts! EDIT: I should mention that I've already considered a few other solutions to helping the user get unstuck, but none of them seem like good ideas. They are... Add more hints: Currently, the user gets two hints per puzzle. If I increase the hint count, it only makes the game more easy and still leaves the possibility of the user getting stuck. Add a "Show Solution" button: This seems like a bad idea because it's my opinion this takes the fun out of the game for many people who would probably otherwise solve the puzzle if they didn't have the quick option to see the solution.

    Read the article

  • Why does a user have to enter "Profile" data to enter data into other tables?

    - by Greg McNulty
    EDIT It appears the user has to enter some data for his profile, otherwise I get this error below. I guess if there is no profile data, the user can not continue to enter data in other tables by default? I do not want to make entering user profile data a requirement to use the rest of the sites functionality, how can I get around this? Currently I have been testing everything with the same user and everything has been working fine. However, when I created a new user for the very first time and tried to enter data into my custom table, I get the following error. The INSERT statement conflicted with the FOREIGN KEY constraint "FK_UserData_aspnet_Profile". The conflict occurred in database "C:\ISTATE\APP_DATA\ASPNETDB.MDF", table "dbo.aspnet_Profile", column 'UserId'. The statement has been terminated. Not sure why I am getting this error. I have the user controls set up in ASP.NET 3.5 however all I am using is my own table or at least that I am aware of. I have a custom UserData table that includes the columns: id, UserProfileID, CL, LL, SL, DateTime (id is the auto incremented int) The intent is that all users will add their data in this table and as I mentioned above it has been working fine for my original first user I created. However, when i created a new user I am getting this problem. Here is the code that updates the database. protected void Button1_Click(object sender, EventArgs e) { //connect to database MySqlConnection database = new MySqlConnection(); database.CreateConn(); //create command object Command = new SqlCommand(queryString, database.Connection); //add parameters. used to prevent sql injection Command.Parameters.Add("@UID", SqlDbType.UniqueIdentifier); Command.Parameters["@UID"].Value = Membership.GetUser().ProviderUserKey; Command.Parameters.Add("@CL", SqlDbType.Int); Command.Parameters["@CL"].Value = InCL.Text; Command.Parameters.Add("@LL", SqlDbType.Int); Command.Parameters["@LL"].Value = InLL.Text; Command.Parameters.Add("@SL", SqlDbType.Int); Command.Parameters["@SL"].Value = InSL.Text; Command.ExecuteNonQuery(); } Source Error: Line 84: Command.ExecuteNonQuery();

    Read the article

  • How do I change the logged in user to another?

    - by TruMan1
    I would like to change the logged in user to another user temporarily to do some process. For example, say I am logged in as "Joe". In my method, I want to make the logged in user from "Joe" to "SuperUser", do some process, then change the logged in user back to "Joe". Can someone help with this?

    Read the article

  • How to build a web site which gives a sub-domain dynamically to every registered user?

    - by coderex
    Suppose i have a site and i wish to give a sub-domain for each registered users. like my site http://site.com/ and the test-user is a user registered on my site and site want to make sub-domain for that user. Like http://test-user.site.com Like http://test-user1.site.com for test-user1. Hop you understood the requirement. How can i create a sub-domain using my sites back-end. or dynamically while register

    Read the article

  • How do I get other claims of the user using ADFS?

    - by stackuser1
    Hi I am able to authenticate the user using ADFS and succeded in getting the user alias using the below statement. Since some time, i am looking for a way in getting the other claims of the authenticated user, like email, name, roles, username etc. Any help on this would be appreciated. string alias = ((MicrosoftAdfsProxyRP.MicrosoftPrincipal)HttpContext.Current.User).Alias; Response.Write (alias);

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • Why second user login redirects me to /accounts/profile/ url?

    - by drupality
    I am using Django built in view for user login: url(r'^user/login/$', 'django.contrib.auth.views.login', {'template_name': 'users/templates/login.html'}, name='user-login'), After login when I goto user/login again I can login second time. I submit the form and getting: The current URL, accounts/profile/, didn't match any of these. I haven't declare this url in urls.py. What I am doing wrong? Why framework want to redirect to this url?

    Read the article

  • Asp.net Mvc - Kigg: Maintain User object in HttpContext.Items between requests.

    - by Pickels
    Hallo, first I want to say that I hope this doesn't look like I am lazy but I have some trouble understanding a piece of code from the following project. http://kigg.codeplex.com/ I was going through the source code and I noticed something that would be usefull for my own little project I am making. In their BaseController they have the following code: private static readonly Type CurrentUserKey = typeof(IUser); public IUser CurrentUser { get { if (!string.IsNullOrEmpty(CurrentUserName)) { IUser user = HttpContext.Items[CurrentUserKey] as IUser; if (user == null) { user = AccountRepository.FindByClaim(CurrentUserName); if (user != null) { HttpContext.Items[CurrentUserKey] = user; } } return user; } return null; } } This isn't an exact copy of the code I adjusted it a little to my needs. This part of the code I still understand. They store their IUser in HttpContext.Items. I guess they do it so that they don't have to call the database eachtime they need the User object. The part that I don't understand is how they maintain this object in between requests. If I understand correctly the HttpContext.Items is a per request cache storage. So after some more digging I found the following code. internal static IDictionary<UnityPerWebRequestLifetimeManager, object> GetInstances(HttpContextBase httpContext) { IDictionary<UnityPerWebRequestLifetimeManager, object> instances; if (httpContext.Items.Contains(Key)) { instances = (IDictionary<UnityPerWebRequestLifetimeManager, object>) httpContext.Items[Key]; } else { lock (httpContext.Items) { if (httpContext.Items.Contains(Key)) { instances = (IDictionary<UnityPerWebRequestLifetimeManager, object>) httpContext.Items[Key]; } else { instances = new Dictionary<UnityPerWebRequestLifetimeManager, object>(); httpContext.Items.Add(Key, instances); } } } return instances; } This is the part where some magic happens that I don't understand. I think they use Unity to do some dependency injection on each request? In my project I am using Ninject and I am wondering how I can get the same result. I guess InRequestScope in Ninject is the same as UnityPerWebRequestLifetimeManager? I am also wondering which class/method they are binding to which interface? Since the HttpContext.Items get destroyed each request how do they prevent losing their user object? Anyway it's kinda a long question so I am gradefull for any push in the right direction. Kind regards, Pickels

    Read the article

  • How to login as another user and then log out in bash script?

    - by Neuquino
    Hi, I need to write a bash script to do something as another user and then return to the initial user... Suppose I run the following as root: #!/bin/bash USER=zaraza su - "${USER}" #do some stuff as zaraza ________ #here I should logout zaraza #continue doing things as root In the console I should write "exit", but in bash is a keyword and it exits the script... Thanks in advance,

    Read the article

  • How is it that i am getting two different open ids for the same site for the same user

    - by Salvin Francis
    I was under the impression that the open id for a user remains constant. I am allowing users to setup open id with my site with 2 different screens in my app... I was under the impression that the open id for a user is constant and will not change and I was planning to save it to my database for a given user, However, to my suprise, I found different ids for the same user using the same google account in the two different screens. How does open id actually work ?

    Read the article

  • How to escalate database user permissions to create new databases?

    - by steelaz
    I created new cPanel account, using this account created new database, new database user and connected user to database, simple stuff. Now, I want this particular user to be able to create new databases, how can I escalate this database user's permissions to allow creating new databases? I still want these databases to be associated with cPanel account, is adding account name prefix (account_) to database name enough to associate it with that cPanel account? Edit: Whoops, forgot to mention - database is MySQL.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 225 226 227 228 229 230 231 232 233 234 235 236  | Next Page >