http://www.php.net/manual/en/security.database.sql-injection.php
http://www.php.net/manual/en/security.database.storage.php
On 28.07.2011 03:58, Jason Pruim wrote:
Hey everyone,
So I know this is related pretty strictly to paypal... But I also know that you
all most likely use it :)
So with that said... Has anyone successfully setup the IPN with paypal? I'm
trying to figure out to get it up and working...
Hi Jason
wil prim wrote:
>Ok so I have the md5() taken care of and now i have also attempted to
>create a login form plus a check login form that will try and match the
>hashed value of the input with a field in the data base and if
>successful it will echo 'You are now logged in' or else it will echo
>
I would like to add some info about storing the password hash in the
database.
I recently tested how quickly one can brute force a simple md5('foo')
hash with a modern GPU. The results have been truly eye opening
I have been able to break hundreds of hashes with my ATI 6870 in a
couple of
On 28.07.2011 11:13, John Black wrote:
This approach makes it impractical to bruteforce the hash because every
single test will have to run md5() 3000 times before it can validate a
single hash.
--
John
I am sorry, I made a mistake here, 3000 times is not enough for this.
The actual code for th
Just as a word of caution to everyone on this list, mcrypt version of
blowfish (which is implemented by php) (in linux) has an 8bit bug in it, and
thus should not be used for hashing passwords even as backup. Basically if
you use a character such as say a British pound in your password, blowfish
wi
On 28.07.2011 12:53, Alex Nikitin wrote:
Just as a word of caution to everyone on this list, mcrypt version of
blowfish (which is implemented by php) (in linux) has an 8bit bug in it, and
thus should not be used for hashing passwords even as backup. Basically if
you use a character such as say a
I have a few scripts that use "../location/file"
Is this interpreted differently on some systems?
Thanks.
--
Paul Halliday
http://www.squertproject.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On 07/28/2011 05:43 PM, Paul Halliday wrote:
> I have a few scripts that use "../location/file"
>
> Is this interpreted differently on some systems?
>
> Thanks.
>
I have no idea about it, but I generally use realpath() to avoid any
such problems. Windows may have, because it uses backward slash
On 28 July 2011 18:06, Nilesh Govindarajan wrote:
> On 07/28/2011 05:43 PM, Paul Halliday wrote:
> > I have a few scripts that use "../location/file"
> >
> > Is this interpreted differently on some systems?
> >
> > Thanks.
> >
>
Use __DIR__."../location/file" otherwise files using these script c
Yes, can be. There is a predefined variable DIRECTORY_SEPARATOR, which you
can use:
on index.php let's say
define('DS',DIRECTORY_SEPARATOR');
define('MY_APP_ROOT',dirname(realpath(__FILE__)));
define('LIB_DIR',MY_APP_ROOT.DS."..".DS."location".DS."file");
Cheers,
Tamas
-Original Me
On 28 July 2011 13:36, Nilesh Govindarajan wrote:
> On 07/28/2011 05:43 PM, Paul Halliday wrote:
>> I have a few scripts that use "../location/file"
>>
>> Is this interpreted differently on some systems?
>>
>> Thanks.
>>
>
> I have no idea about it, but I generally use realpath() to avoid any
> su
Hi
I use php5.3 on freebsd
I also use pf ( packet filter) on it.
I need to execute pfctl in php script. But I couldn't execute . I don't get
any errors about that.
Shell commands is allowed in php.ini My
My script is below,
shell_exec('pfctl -s nat');
exec('pfctl -s nat');
If I execut
did you try it in shell? or just You tried it in PHP?
If you want to execute shell commands as root theres another solution too
try this:
shell_exec('sudo -u root ls -l /var/tmp')
but the solution Of shawn is better then it will not needed to set it again
in another commands
also by gcc you can use code it and run the gcc in shell
I like this one:
setfacl -m u:wwwrun:rw the path that you would like
for permissions you can set it for the folders you have then run this
compiler it will make an executable file you can give a name to them by -o
'r' and 'w' are for read
The fourth and hopefully final release candidate of 5.3.7 was just
released for testing and can be downloaded here:
https://downloads.php.net/ilia/php-5.3.7RC4.tar.bz2 (md5sum:
143ae4c3c5df93e2a9efae532cb51790)
https://downloads.php.net/ilia/php-5.3.7RC4.tar.gz (md5sum:
8543604a0f171424c73ccaff506
On 07/28/2011 11:09 AM, Bulent Malik wrote:
> Hi
>
> I use php5.3 on freebsd
>
> I also use pf ( packet filter) on it.
>
> I need to execute pfctl in php script. But I couldn't execute . I don't get
> any errors about that.
>
> Shell commands is allowed in php.ini My
>
> My script is below,
>> did you try it in shell? or just You tried it in PHP?
Yeah, I tried it on shell and it works on it. Also if I execute it as
command line, it works ;
php test.php
But when I try it on www ( internet explorer, firefox, chrome ..) it
doesn't work.
Bulent Malik wrote:
>
>
>
>
> >> did you try it in shell? or just You tried it in PHP?
>
>Yeah, I tried it on shell and it works on it. Also if I execute it as
>command line, it works ;
>
>php test.php
>
>But when I try it on www ( internet explorer, firefox, chrome ..) it
>doesn't work.
>
>
Answer to your problem is in your pop Apache module configuration. I would
suggest to look how different your cli php.ini file is in comparison to your
Apache php module php.ini file
Also I would not follow the suggestion of adding Apache user to sudoers.
It's quite high risk move in security-wise
On 07/28/2011 01:22 PM, Arthur Moczulski wrote:
> Answer to your problem is in your pop Apache module configuration. I would
> suggest to look how different your cli php.ini file is in comparison to your
> Apache php module php.ini file
No
> Also I would not follow the suggestion of adding Apache
Arthur would you please explain it in more details?
Bulint clear private data or cookies maybe your browser stores something and
can't act for this clear them and then try and tell us the result
2011/7/28 Bulent Malik
> **
>
>
>
> >> did you try it in shell? or just You tried it in PHP?
>
> Yeah, I tried it on shell and it works on it. Also if
another point: I think you tried it in shell as a root but in browser it
can't execute it as a root again I agree with Shawn it is from permission
try the command that I told you I mean edit the command and then run it in
browser
25 matches
Mail list logo
