Search Results

Search found 2136 results on 86 pages for 'dominik str'.

Page 28/86 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • Please Critique this PHP Login Script

    - by NightMICU
    Greetings, A site I developed was recently compromised, most likely by a brute force or Rainbow Table attack. The original log-in script did not have a SALT, passwords were stored in MD5. Below is an updated script, complete with SALT and IP address banning. In addition, it will send a Mayday email & SMS and disable the account should the same IP address or account attempt 4 failed log-ins. Please look it over and let me know what could be improved, what is missing, and what is just plain strange. Many thanks! <?php //Start session session_start(); //Include DB config include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php'; //Error message array $errmsg_arr = array(); $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } //Define a SALT, the one here is for demo define('SALT', '63Yf5QNA'); //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Encrypt password $encryptedPassword = md5(SALT . $password); //Input Validations //Obtain IP address and check for past failed attempts $ip_address = $_SERVER['REMOTE_ADDR']; $checkIPBan = $db->prepare("SELECT COUNT(*) FROM ip_ban WHERE ipAddr = ? OR login = ?"); $checkIPBan->execute(array($ip_address, $login)); $numAttempts = $checkIPBan->fetchColumn(); //If there are 4 failed attempts, send back to login and temporarily ban IP address if ($numAttempts == 1) { $getTotalAttempts = $db->prepare("SELECT attempts FROM ip_ban WHERE ipAddr = ? OR login = ?"); $getTotalAttempts->execute(array($ip_address, $login)); $totalAttempts = $getTotalAttempts->fetch(); $totalAttempts = $totalAttempts['attempts']; if ($totalAttempts >= 4) { //Send Mayday SMS $to = "[email protected]"; $subject = "Banned Account - $login"; $mailheaders = 'From: [email protected]' . "\r\n"; $mailheaders .= 'Reply-To: [email protected]' . "\r\n"; $mailheaders .= 'MIME-Version: 1.0' . "\r\n"; $mailheaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $msg = "<p>IP Address - " . $ip_address . ", Username - " . $login . "</p>"; mail($to, $subject, $msg, $mailheaders); $setAccountBan = $db->query("UPDATE ip_ban SET isBanned = 1 WHERE ipAddr = '$ip_address'"); $setAccountBan->execute(); $errmsg_arr[] = 'Too Many Login Attempts'; $errflag = true; } } if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header('Location: http://somewhere.com/login.php'); exit(); } //Query database $loginSQL = $db->prepare("SELECT password FROM user_control WHERE username = ?"); $loginSQL->execute(array($login)); $loginResult = $loginSQL->fetch(); //Compare passwords if($loginResult['password'] == $encryptedPassword) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $getMemDetails = $db->prepare("SELECT * FROM user_control WHERE username = ?"); $getMemDetails->execute(array($login)); $member = $getMemDetails->fetch(); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $updateLog = $db->prepare("UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR), ip_addr = ? WHERE user_id = ?"); $updateLog->execute(array($ip_address, $member['user_id'])); session_write_close(); //If there are past failed log-in attempts, delete old entries if ($numAttempts > 0) { //Past failed log-ins from this IP address. Delete old entries $deleteIPBan = $db->prepare("DELETE FROM ip_ban WHERE ipAddr = ?"); $deleteIPBan->execute(array($ip_address)); } if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://somewhere.com"); } else { header('Location: http://somewhere.com'); } exit(); } else { //Login failed. Add IP address and other details to ban table if ($numAttempts < 1) { //Add a new entry to IP Ban table $addBanEntry = $db->prepare("INSERT INTO ip_ban (ipAddr, login, attempts) VALUES (?,?,?)"); $addBanEntry->execute(array($ip_address, $login, 1)); } else { //increment Attempts count $updateBanEntry = $db->prepare("UPDATE ip_ban SET ipAddr = ?, login = ?, attempts = attempts+1 WHERE ipAddr = ? OR login = ?"); $updateBanEntry->execute(array($ip_address, $login, $ip_address, $login)); } header('Location: http://somewhere.com/login.php'); exit(); } ?>

    Read the article

  • Need to convert string/char to ascii values.

    - by SA
    Hi, I need to convert char to hex values. Refer to the Ascii table but I have a few examples listed below: char 1 = 31 2 = 32 3 = 33 4 = 34 5 = 35 A = 41 a = 61 etc Therefore string str = "12345"; Need to get the converted str = "3132333435"

    Read the article

  • displaying german characters in iphone

    - by Jaimin
    i have following string coming in the json response. "Gas-Heizung-Sanit\u00e4r" so how to display it. i want to display that \u00e4 as a german character.. NSString *str = "Gas-Heizung-Sanit\u00e4r"; NSLog(@"%c",str); it only prints the german character.

    Read the article

  • Advice/suggestions for my first project PHP Classes

    - by Philip
    Hi guys, Any advice is welcome! I have a very limited understanding of php classes but below is my starting point for the route I would like to take. The code is a reflection of what I see in my head and how I would like to go about business. Does my code even look ok, or am I way off base? What are your thoughts, how would you go about achieving such a task as form-validate-insertquery-sendmail-return messages and errors? Please try and keep your answers simple enough for me to digest as for me its about understanding whats going on and not just a copy/paste job. Kindest regards, Phil. Note: This is a base structure only, no complete code added. <?php //======================================= //class.logging.php //======================================== class logging { public $data = array(); public $errors = array(); function __construct() { array_pop($_POST); $this->data =($this->_logging)? is_isset(filterStr($_POST) : ''; foreach($this->data as $key=> $value) { $this->data[$key] = $value; } //print_r($this->data); de-bugging } public function is_isset($str) { if(isset($str)) ? true: false; } public function filterStr($str) { return preg_match(do somthing, $str); } public function validate_post() { try { if(!is_numeric($data['cardID'])) ? throw new Exception('CardID must be numeric!') : continue; } catch (Exception $e) { return $errors = $e->getCode(); } } public function showErrors() { foreach($errors as $error => $err) { print('<div class="notok"></div><br />'); } } public function insertQ() { $query = ""; } } //======================================= //Usercp.php //======================================== if(isset($_GET['mode'])) { $mode = $_GET['mode']; } else { $mode = 'usercp'; } switch($mode) { case 'usercp': echo 'Welcome to the User Control Panel'; break; case 'logging': require_once 'class.logging.php'; $logger = new logging(); if(isset($_POST['submit']) { if($logger->validate_post === true) { $logger->insertQ(); require_once '/scripts/PHPMailer/class.phpmailer.php'; $mailer = new PHPMailer(); $mailer->PHPMailer(); } else { echo ''.$logger->showErrors.''; } } else { echo ' <form action="'.$_SERVER['PHP_SELF'].'?mode=logging" method="post"> </form> '; } break; case 'user_logout': // do somthing break; case 'user_settings': // do somthing break; ?>

    Read the article

  • How can you print a string using raw_unicode_escape encoding in python 3?

    - by Sorin Sbarnea
    The following code with fail in Python 3.x with TypeError: must be str, not bytes because now encode() returns bytes and print() expects only str. #!/usr/bin/python from __future__ import print_function str2 = "some unicode text" print(str2.encode('raw_unicode_escape')) How can you print a Unicode string escaped representation using print()? I'm looking for a solution that will work with Python 2.6 or newer, including 3.x

    Read the article

  • Change A Character In A String Using Actionscript

    - by Joshua
    What is the opposite of String.charAt()?? If I Have a string: var Str:String="Hello World"; How do I change the 5th character, for example, from a ' ' to an '_'? I can GET the 5th character like this: var C:String=Str.charAt(5); But how do I SET the 5th character? Thanks in advance.

    Read the article

  • Javascript Converter Coding Error ~ Showing Bug

    - by olivia
    Please help~! <HTML> <HEAD> <TITLE>Bra Size to Chest Size Converter - CM</TITLE> <SCRIPT LANGUAGE="JavaScript"> function CalculateSum(Atext, Btext, form) { var A = BratoNum(Btext); var B = parseFloat(CuptoNum(Btext)); form.Answer.value = A + B; } function ClearForm(form) { form.input_A.value = ""; form.input_B.value = ""; form.Answer.value = ""; } function BratoNum(str) { switch(str.toUpperCase()) { case "32": return 70; case "34": return 75; case "36": return 80; case "38": return 85; case "40": return 90; default: alert('You must enter a number between 32 and 40!'); return 'X'; } } function CuptoNum(str) { switch(str.toUpperCase()) { case "A": return 4; case "B": return 5; case "C": return 6; case "D": return 7; case "E": return 8; case "F": return 9; default: alert('You must enter a letter between A and F!'); return 'X'; } } // end of JavaScript functions --> </SCRIPT> </HEAD> <BODY> <P><FONT SIZE="+2">Bra Size to Chest Size Converter</FONT></P> <FORM NAME="Calculator" METHOD="post"> <P>Enter Bra Size: <INPUT TYPE=TEXT NAME="input_A" SIZE=8></P> <P>Enter Cup Size: <INPUT TYPE=TEXT NAME="input_B" SIZE=8></P> <P><INPUT TYPE="button" VALUE="Get Chest Size" name="AddButton" onClick="CalculateSum(this.form.input_A.value, this.form.input_B.value, this.form)"></P> <P>Your Chest Size is <INPUT TYPE=TEXT NAME="Answer" SIZE=8> inch</P> <P><INPUT TYPE="button" VALUE="Clear" name="ClearButton" onClick="ClearForm(this.form)"></P> </FORM> </BODY> </HTML>

    Read the article

  • Asp.Net(C#) inline coding problem

    - by oraclee
    Hi all; <% int i = Eval("NAME").ToString().IndexOf("."); string str = Eval("NAME").ToString().Substring(i + 1); %> <img src="../images/img_<%= str %>.gif" alt="" /> EVAL("test.txt") I need "txt" how to make ? Please Help Thank you

    Read the article

  • reCaptcha integration with php

    - by Neil Bradley
    Hi there, I'm building a contact us page that also uses a reCaptcha, but im having a few issues with it. I fill in all of the fields in the contact form and the correct reCaptcha words, but the form does not submit. I'm assuming this is something to do with the validation, but wondered if someone might be able to spot where i'm going wrong? The PHP code at the top of my page looks like this; <?php include('includes/session.php'); $err = ''; $success = ''; if(isset($_POST["docontact"]) && $_POST["docontact"] == "yes") { //get form details $form = new stdClass(); $form->name = sanitizeOne($_POST["name"], "str"); $form->email = sanitizeOne($_POST["email"], "str"); $form->phone = sanitizeOne($_POST["phone"], "str"); $form->mysevenprog = sanitizeOne($_POST["mysevenprog"], "str"); $form->enquiry = sanitizeOne($_POST["enquiry"], "str"); $form->howfindsite = sanitizeOne($_POST["howfindsite"], "str"); //Check for errors (required: name, email, enquiry) if($form->name == "") { $err .= '<p class="warning">Please enter your name!</p>'; } if($form->email == "") { $err .= '<p class="warning">Please enter your email address!</p>'; } if($form->enquiry == "") { $err .= '<p class="warning">Please supply an enquiry message!</p>'; } //Send Email if($err == "") { $mailer = new BlueMailer(); $mailer->AddAddress(Configuration::getVar("developer_email"), Configuration::getVar("admin_email_name")); include('templates/email/contact-us-admin.php'); if(!$mailer->Send()) { $err .= "<p>There was an error sending submitting your request!, Please try again later."; } else { $success = 'thanks'; } } } else { //Initialise empty variables $form = new stdClass(); $form->name = ""; $form->email = ""; $form->phone = ""; $form->mysevenprog = ""; $form->enquiry = ""; $form->howfindsite = ""; } ?> And then in the body of my page I have the form as follows; <?php if($err != "") : ?> <div class="error"> <?php echo $err; ?> </div> <?php endif; ?> <?php if($success == 'thanks') : ?> <h3>Thank you for your enquiry</h3> <p>Your enquiry has been successfully sent. Someone will contact you shortly.</p> <?php else: ?> <h3>If you are looking to advertise with us, have some feedback about some of our programming or want to say 'Hi' please use the fields below</h3> <form name="contactus" id="contactus" method="post" action="<?php echo $_SERVER['SCRIPT_NAME'] ?>"> <ul> <li><label for="name">Your name: *</label> <input name="name" id="name" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->name ?>" /></li> <li><label for="email">Email address: *</label> <input name="email" id="email" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->email ?>" /></li> <li><label for="phone">Telephone:</label> <input name="phone" id="phone" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->phone ?>" /></li> <li><label for="mysevenprog">My Seven programme</label> <input name="mysevenprog" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->mysevenprog ?>" /></li> <li><label for="enquiry">Enquiry/Message: *</label> <textarea name="enquiry" class="textarea" rows="5" cols="30" style="width: 75%;" id="enquiry"><?php echo $form->enquiry ?></textarea></li> <li><label for="howfindsite">How did you find out about our site?</label> <input name="howfindsite" id="howfindsite" class="textbox" style="width: 75%;" type="text" value="<?php echo $form->howfindsite ?>" /></li> <li> <?php require_once('recaptchalib.php'); // Get a key from http://recaptcha.net/api/getkey $publickey = "6LcbbQwAAAAAAPYy2EFx-8lFCws93Ip6Vi5itlpT"; $privatekey = "6LcbbQwAAAAAAPV_nOAEjwya5FP3wzL3oNfBi21C"; # the response from reCAPTCHA $resp = null; # the error code from reCAPTCHA, if any $error = null; # was there a reCAPTCHA response? if ($_POST["recaptcha_response_field"]) { $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) { echo "You got it!"; } else { # set the error code so that we can display it $error = $resp->error; } } echo recaptcha_get_html($publickey, $error); ?> </li> <li><input type="submit" value="Submit Form" class="button" /></li> </ul> <input type="hidden" name="docontact" value="yes" /> </form> <?php endif; ?>

    Read the article

  • How can I get returning data from jquery ajax request?

    - by Oguz
    function isNewUsername(str){ var result; $.post('/api/isnewusername', {username:str}, function(data) { result = data.result; }, "json"); return result; } So , my problem is very simple but I can not figure it out . I want to access result from the isnewusername function . I am very curious about answer because I spent 1 hour on it . Thank you

    Read the article

  • SimpleDateFormat

    - by manu
    Hi, The following code is giving me the parsed date as "Wed Jan 13 00:00:00 EST 2010" instead of "Wed Jun 13 00:00:00 EST 2010". Any ideas much appreciated. SimpleDateFormat sf = new SimpleDateFormat("yyyy-mm-dd'T'HH:mm:ss"); String str = "2010-06-13T00:00:00"; Date date = sf.parse(str); System.out.println(" Date " + date.toString());

    Read the article

  • Determine precision and scale of particular number in Python

    - by jrdioko
    I have a variable in Python containing a floating point number (e.g. num = 24654.123), and I'd like to determine the number's precision and scale values (in the Oracle sense), so 123.45678 should give me (8,5), 12.76 should give me (4,2), etc. I was first thinking about using the string representation (via str or repr), but those fail for large numbers: >>> num = 1234567890.0987654321 >>> str(num) = 1234567890.1 >>> repr(num) = 1234567890.0987654

    Read the article

  • Unable to free const pointers in C

    - by lego69
    How can I free a const char*? I allocated new memory using malloc, and when I'm trying to free it I always receive the error "incompatible pointer type" The code that causes this is something like: char* name="Arnold"; const char* str=(const char*)malloc(strlen(name)+1); free(str); // error here

    Read the article

  • CakePHP requestAction and eval code

    - by Naveed
    Hi, I am using cakephp for my site. I have stored multiple blocks in database and trying to access the code with following syntax. foreach($blocks as $block){ if($block['Block']['position'] == 'left'){ $str = $block['Block']['value']; eval("\"echo $str\";"); } } And i m getting this error; : Undefined property: View::$requestAction [APP\views\layouts\home.ctp(60) : eval()'d code Your Help will be highly appreciated. Thanks,

    Read the article

  • Problem with JQuery swapImage();

    - by VUELA
    Hello!~ On my articles page (http://www.adrtimes.squarespace.com/articles) I have each entry start with an image that changes on rollover. This is working fine. However, on my homepage (http://www.adrtimes.squarespace.com), I am loading in the 2 most recent articles that are not categorized as video, and the 2 most recent articles that are tagged as video. I am using jQuery load() to pull in the content from the articles page. Everything works ok with that except the swapImage rollovers on the homepage. i tried including the swapImage function as callbacks but only one group or the other will rollover properly, not both groups of content. I'm not sure what the problem is!! Here is the code: <script type="text/javascript"> <!-- $(function(){ $.swapImage(".swapImage"); /* Homepage */ // load recent articles $("#LoadRecentArticles").load("/articles/ .list-journal-entry-wrapper .journal-entry-wrapper:not(.category-video)", function(){ //callback... $("#LoadRecentArticles .journal-entry-wrapper").wrapAll('<div class="list-journal-entry-wrapper" />'); $("#LoadRecentArticles .journal-entry-wrapper:gt(1)").remove(); // modify Read More tag $('.journal-read-more-tag a:contains(Click to read more ...)').each(function(){ var str = $(this).html(); $(this).html(str.replace('Click to read more ...','Continue reading—')); }); $.swapImage(".swapImage"); }); // load recent videos $("#LoadRecentVideos").load("/articles/category/video .list-journal-entry-wrapper", function(){ //callback... $("#LoadRecentVideos .journal-entry-wrapper:gt(1)").remove(); $('<div class="VideoTag">—video</div>').insertBefore("#LoadRecentVideos .category-video .body img"); // modify Read More tag $('.journal-read-more-tag a:contains(Click to read more ...)').each(function(){ var str = $(this).html(); $(this).html(str.replace('Click to read more ...','Continue reading—')); }); $.swapImage(".swapImage"); }); }); --> </script> And here is a sample of the html for the images in an article entry: <a href="/articles/2010/5/6/article-title-goes-here.html"><img class="swapImage {src: '/storage/post-images/Sample2_color.jpg'}" src="/storage/post-images/Sample2_bw.jpg" /></a>

    Read the article

  • Python and classes

    - by Artyom
    Hello, i have 2 classes. How i call first.TQ in Second ? Without creating object First in Second. class First: def __init__(self): self.str = "" def TQ(self): pass def main(self): T = Second(self.str) # Called here class Second(): def __init__(self): list = {u"RANDINT":first.TQ} # List of funcs maybe called in first ..... ..... return data

    Read the article

  • Resize image on upload php

    - by blasteralfred
    Hi, I have a php script for image upload as below <?php $LibID = $_POST[name]; define ("MAX_SIZE","10000"); function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } $errors=0; $image=$_FILES['image']['name']; if ($image) { $filename = stripslashes($_FILES['image']['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension != "jpg") && ($extension != "jpeg")) { echo '<h1>Unknown extension!</h1>'; $errors=1; exit(); } else { $size=filesize($_FILES['image']['tmp_name']); if ($size > MAX_SIZE*1024) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; exit(); } $image_name=$LibID.'.'.$extension; $newname="uimages/".$image_name; $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo '<h1>image upload unsuccessfull!</h1>'; $errors=1; exit(); }}} ?> which uploads the image file to a folder "uimages" in the root. I have made changes in the html file for the compact display of the image by defining "max-height" and "max-width". But i want to resize the image file on upload. The image file may have a maximum width of 100px and maximum height of 150px. The image proportions must be constrained. That is, the image may be smaller than the above dimensions, but, it should not exceed the limit. How can I make this possible?? Thanks in advance :) blasteralfred..

    Read the article

  • Poor performance / speed of regex with lookahead

    - by Hugo Zaragoza
    I have been observing extremely slow execution times with expressions with several lookaheads. I suppose that this is due to underlying data structures, but it seems pretty extreme and I wonder if I do something wrong or if there are known work-arounds. The problem is determining if a set of words are present in a string, in any order. For example we want to find out if two terms "term1" AND "term2" are somewhere in a string. I do this with the expresion: (?=.*\bterm1\b)(?=.*\bterm2\b) But what I observe is that this is an order of magnitude slower than checking first just \bterm1\b and just then \bterm2\b This seems to indicate that I should use an array of patterns instead of a single pattern with lookaheads... is this right? it seems wrong... Here is an example test code and resulting times: public static void speedLookAhead() { Matcher m, m1, m2; boolean find; int its = 1000000; // create long non-matching string char[] str = new char[2000]; for (int i = 0; i < str.length; i++) { str[i] = 'x'; } String test = str.toString(); // First method: use one expression with lookaheads m = Pattern.compile("(?=.*\\bterm1\\b)(?=.*\\bterm2\\b)").matcher(test); long time = System.currentTimeMillis(); ; for (int i = 0; i < its; i++) { m.reset(test); find = m.find(); } time = System.currentTimeMillis() - time; System.out.println(time); // Second method: use two expressions and AND the results m1 = Pattern.compile("\\bterm1\\b").matcher(test); m2 = Pattern.compile("\\bterm2\\b").matcher(test); time = System.currentTimeMillis(); ; for (int i = 0; i < its; i++) { m1.reset(test); m2.reset(test); find = m1.find() && m2.find(); } time = System.currentTimeMillis() - time; System.out.println(time); } This outputs in my computer: 1754 150

    Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >