| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
Comments:
<0> basiaclly.
<1> Wolfpaws, hehe
<2> e107 is full if exploits
<3> magic_quotes_gpc does that default to off?
<1> gregtampa, try above url
<2> its just as bad as phpnuke
<4> ok so they had a flaw. Thats not a php flaw thats them. Not the server.
<5> gregtampa: Sounds more like an e107 issue and not PHP... there are ways in PHP to show the source of files if the programmer doesn't know what they're doing.
<6> e107 is another of those crappy OS CMSes
<2> i'm looking at 20 posts about e107 in the past 2 years on bugtraq
<6> :)
<6> phpBB is a friend of e107 ;]
<2> heh
<4> haha looks like someone had a field day with its security
<7> anyone? i have used file upload with html,.. and i would like to know what can i do in order to set file attributes when it gets into the server, any tip of what should i do?
<5> Hmm... interesting nick.
<1> gregtampa, can't do it? maybe there isn't a bug in php
<8> d_b: chmod()
<7> ahh
<7> oki
<7> cool
<7> i go cheack
<7> :P
<9> I'm thinking about using php-json and Dojo to do some ajax hackery
<9> I wanna try some of this newfangled xmlrpc/soap style ****
<9> rounded corners! gradients! haha
<0> oh and i grabed source to some game named Ogame.
<6> erudified: good.
<0> basiaclly what im asking is there a way to make ur php coding not open source when u give it out.
<1> gregtampa, grab the source to the above url I gave you and prove to us
<0> send me a noterized email giving me permission.
<9> Drakas, U SO KEWAL
<1> see my whois info, pgregg.com is my domain and my server
<0> im not prooving crap cause i dont really care about the php community.. no offence.. just trying to learn more about it is all.
<10> erudified: *blink*
<11> gregtampa, zend has something fancy encoding
<0> whois.ws not hard.
<6> !tell erudified about aolbonics
<10> gregtampa: Stop trolling
<6> !tell erudified about english
<8> gregtampa: licensing is legaly binding.
<0> yeah zend i dont think has what im looking for.
<1> uh, /whois qube
<4> gregtampa, FREAKING A I said it like 5 times http://www.zend.com/ is the pay version and http://eaccelerator.net/
<0> say i make a cms like vbullitian.. what makes someone purchase it and not give out the source to it?
<6> gregtampa: because... the buyers get a guarantee and support..?
<0> nife im looking it up now
<8> gregtampa: the fact that if they do, you can sue thier pants off
<0> accelerator right?
<0> u cant sue everyone..
<0> due to country wide laws and internation laws.
<8> !tell gregtampa about u
<8> so don't sell to people you can't sue
<9> !tell drakas about licking the inner lining of my rectum till it *shines*
<4> copyright is pretty international especially if you sell it with a signed contract
<6> hm
<6> ops, ban erudified
<6> [please]
<9> not necessary
<0> okay the zend wont work due to the fact what if i want other people to use the code. but not have the source of the code.
<8> gregtampa: um, that IS how zend works.
<5> Drakas: We don't take ban requests, we ban who needs to be banned, when we decide they need to be banned.
<4> thats what it does. They get a COMPILED binary that zend runs
<6> gregtampa: you want other people to use the code but not use the source code? isn't code = source code anyway?
<0> what if u dont want to sell it take that out ur head and u want to give it away but not people allowed to modify it.
<11> gregtampa, then compile it
<6> BigE: well, ok
<8> gregtampa: they have to install an extention on their server though, this is the only to encode the source of php files
<4> reading and thinking aren't your strong suit are they
<6> !tell gregtampa about aolbonics !!
<6> !tell gregtampa about aolbonics
<1> gregtampa, we found a great utility earlier today... http://www.visorsoft.com/htmltophp.php In reverse it'll convert your php to html, so your code is safe.
<8> gregtampa: stop using "u", it's too ****ing hard to read
<0> sorry you
<6> gregtampa: that is a good tool that Qube specified
<8> Qube: that's not hard to do, but then you got a static site
<0> right and im working witha sql databse.
<0> but great find!
<10> !+typing english
<12> ##PHP does not allow aolbonics (or leetspeak) such as "u for you, r for are, ic for i see -- etc" and typing like this will result in you being silenced; furthermore, inability to adapt may result in a ban.
<1> use the client side php for the db work
<10> Qube: \o/
<1> BS begets BS, no?
<10> lol :)
<11> If u GUy5 D0 no7 ALLoW lEe7 SP3AKINg Y Do i Th3N HAVE A 5CRIP7 2 conV3rT teX7 In7o LEet?
<0> okay well i heard from some php programmers they can take php code and make it closed source by converting it to a .dll so i thought i would ask and learn how todo this myself. sorry for the big upraor
<11> (sorry)
<0> that is ur irc client and a custom script that is way.
<6> ur = ??
<0> i myself dont have that script installed to talk in leet.
<4> not a dll, something like it. with the two things that I sent you
<8> Silliman: YOU have the script, WE dont.
<0> your! sorry bad habit
<6> gregtampa: use less msn or IM software; people in there are crazy
<11> oh fair enuff
<0> zend.. which loads into higher memory.. and the html converter.. which really doesnt do crap.
<13> uh ohz
<4> Yay, my hero
<8> gregtampa: you install an extention that decodes, or you don't encode. the reality is that decoding the encoded php isn't really all that hard if someone is determined to do it
<14> is it somehow possible to redeclare an internal php function? I want to redeclare header()...
<10> NotHere: no.
<6> /whois gregtampa
<1> Wolfpaws, whats with the % in the mask?
<8> NotHere: you can use runkit to do that
<6> :]
<10> Qube: mute
<15> Quick question,.. Are there ANY browsers that DO support javascript & such but do NOT send a REFERER in their headers ?
<14> ||cw: runkit? Never heard of it. I'll check
<1> oh i see :)
<5> NotHere: No, you cannot redeclare built in functions. runkit has the ability to redeclare functions, but those are only user functions.
<6> T-Start: IE
<4> T-Start, firefox if you have the extension
<1> T-Start, get yourself a personal firewall that blocks it
<16> what testing tools are available for php? like Test::More etc. in Perl?
<14> In order to override internal functions, you must enable the runkit.internal_override setting in the system-wide php.ini file. (There is hope! Thanks)
<15> Drakas, I mean,.. NOT send.. IE & firefox DO send a referer ! I am making my anti-leech script but i wonder if i should pounder over those browsers that do not send their referer
<5> Ah, so things have changed.
<13> BigE: ?
<6> well, no idea :/
<5> itrebal: runkit, last I saw, it wasn't able to override internal functions.
<4> mine firefox I use sometimes doesn't because of a privacy extension
<13> BigE: gotchya
<8> T-Start: the point is that referer is user-mutable and thus is not reliable.
<17> what's the best automated vulnerability checker for php apps ?
<8> T-Start: a user can setup any browser to not send referes
<1> NotHere, oh cool... I've wanted function override for years
<15> ||cw, indeed.. but in this case i only want to prevent hardlinks
<15> i'll just use apache's rewrite to check the referer.. if not.. bugger off
<13> T-Start: what if there isn't supposed to be a referer?
<1> T-Start, or they'll use a redirector to get the browser to the site without a referrer
<13> T-Start: like... they typed in the URL manually
<6> ..or used their bookmarks
<1> T-Start, what are you protecting from the leeches?
<13> probably images :/
<1> just wondering if I should offer advice or not :)
<15> js script
<15> but it's solved. So thanks for the help ;-)
<13> T-Start: you want to protect a JS script from being called?
<5> viewed, probably.
<1> you could beat them all via a different method
<1> and not kill people who block refs
<13> T-Start: if the computer executes it on pageload, then the user has a copy of the JS script
<13> if the client executes it at all, it has a copy
<1> in the pages you expect the JS to be called from, set a session cookie, and check for it in the JS (which needs to be served from php)
<1> that way it cannot be included from 3rd party sites
<15> This script contains lotto numbers that puts them in an array and calls a function to put them into html. If a user hardlinks this js and makes his own function with the same name it's a piece of cake to use these numbers in his own page
<13> and your referrer idea gets ruined the moment they do <a href="yourjsscript">link!</a>
<1> but they'll just get a copy "legit" and stick the source on their own server
<15> It's not sensetive at all. Just need to prevent a simple hardlink
<15> needED ;-)
Return to
#php
or
Go to some related
logs:
#gentoo
Edibletext
MALLOC_CHECK gentoo
*** can not find package gtk+-2.0 >= 2.0.0
#php
ubuntu+qjoypad
#debian
#osdev
#gentoo
vlc twinview
|
|