| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Comments:
<0> [t0rc]: call a cl***'s function
<1> if I have a browser doing a POST to a php page -- can I intercept the post upload and read the STDIN? or do I have to post to a non-php cgi -- say perl.... so I can read stdin ?
<2> [t0rc], oh, that. lol
<3> Any ideas on this? The script returns ROW is 65 ... but the $db_array only contains 1 element. Any ideas? http://pastebin.com/567885
<2> [t0rc], I think the -> replaces.
<0> [t0rc]: cl*** godmode { function sayName(){ echo 'hello!\n' } } $a = new godmode; $a->sayName(); will echo 'hello'
<2> [t0rc], nevermind. I'm confusing with =>, forget what I said.
<0> [t0rc]: it is used with cl***es.
<4> Objects.. :)
<2> myc, oh my. I learn so much in here.
<5> well what does "=>" do then ?
<2> myc, what's $a = new godmode?
<5> and ty both. :)
<2> [t0rc], I've seen it in arrays such as:
<5> it is quite an infromative channel
<0> [t0rc]: ***ignment.. Array('a' => 'alpha', 'b' => 'beta');
<2> [t0rc], array('new' => 'old
<0> [t0rc]: it is used with (what perl calls) ***ociative arrays
<2> myc, or that. :D
<5> so thats really the only use? could've sworn I saw it being used elsewhere...
<0> echo $array[a]; would return 'alpha';
<0> [t0rc]: it is a sql keyword as well.
<6> echo $array[a]; would fire an E_NOTICE
<5> actually; just looked @ the code again, didn't notice the array.
<0> foo: how many times does it loop?
<3> myc: Just once, apparently.
<0> foo: is this using PEAR::DB?
<3> myc: No
<0> foo: you make baby jesus cry
<5> thnx myc and spyro_boy
<3> myc: Hmm. It says 64 rows for mysql_count_rows ... which is weird.
<3> myc: uh, why?
<2> [t0rc], no problem. Thank myc :P
<0> foo: peardb is nice .. is all :)
<2> foo <- bar :P
<0> spyro_boy: have you played with cl***es yet?
<3> myc: oh, any ideas on this weird problem?
<2> I wonder where the foo and bar thing came from..it's like John Smith for linux.
<3> spyro_boy: bar is on effnet
<2> foo, rofl.
<5> hmm...
<3> spyro_boy: Hmm, I know the history on it. And, well, I don't want to tell you :)
<0> foo: honestly im not sure what you are doing.. I have never seen this syntax..
<0> $result=db("SELECT file FROM rpms WHERE dir='".$rpm_dir."'");
<2> foo, hahaha.
<0> php doesnt have a 'db' function
<5> has anyone created a testing server that lets anyone just test their php code out online?
<2> myc, it's not a syntax..
<2> myc, lol.
<4> [t0rc]: That would be mildly risky.
<3> myc: The db() just calls a mysql_query(), basically. Here. http://pastebin.com/567890
<0> foo: why are you making wierd wrappers.
<5> mattmcc: well right; i guess, with a few functions disabled. like the e-mail ones.
<3> myc: Look at the function. If I have 10 database calls on the same page it saves me code.
<0> foo: if you say so.. 90% of the 'weird' database problems I see in here are related to people having wierd database libraries
<3> myc: heh, look at the code. This shouldn't be happening. If there was a problem with my code then $result wouldn't be returning 65 or whatever.
<0> foo: how many rows does it return whe nyou run the cmd on the cli for mysql?
<5> spyro_boy: http://en.wikipedia.org/wiki/Foobar
<2> function php_rap($your_mom) {$your_dad = trim($your_mom); echo str_repeat('f-you',20);}
<3> myc: 64. Tried that too.
<2> :P
<0> spyro_boy: ... ok
<2> !tell unset
<2> !tell about unset
<2> !tell spyro_boy about unset
<3> spyro_boy: php.net/unset
<3> heh
<2> Hm, anyway..
<3> myc: weird, eh?
<0> foo: your code is, yes.
<2> Can I use unset($_COOKIE['usersession']) ?
<0> foo: you need to make $result global as well I believe.
<3> myc: Not if it's returned by the function ... right?
<5> thanks again. later
<0> spyro_boy: php.net/session_start
<6> !tell spyro_boy about tias
<0> foo: no.. $result is a handle to the database..
<0> foo: your returning a copy of it..
<3> hm
<0> foo: like I said.. stop using wierd wrappers.. and just use peardb or such
<3> myc: peardb? I'll need to look into that. Not familiar with such things.
<0> foo: im 99% sure its because of your db wrapper call not functioning correctly.
<3> myc: Hmm. /me tries something
<0> make $result global for kicks
<2> Either I have HUGE lag, or everyone left coincidentally..
<0> spyro_boy: lag
<7> what the heck is wrong with my internet
<7> connection
<0> spyro_boy: are you like 3?
<8> is it really reduntant to store username/p***word in a session and validate them each time?
<0> itrebal: very much so
<8> myc: what? can we not joke arround :)
<0> itrebal: storing unencrypted p***word = BAD BAD idea
<6> hehehe
<8> myc: i dont store unencrypted p***words
<8> ..anywhere
<0> itrebal: You jsut said you did.. "username/p***word in a session"
<8> myc: doesnt mean the p***word isn't encrypted
<3> ROFLMAO.
<0> itrebal: anyways.. rechecking their login is redundant.
<3> myc: Well, you were 99% wrong. I had an ; at the end of the while
<3> while($row=mysql_fetch_array($result));
<3> Heh.
<0> itrebal: you have two cases correct? 1. is I am the same user, and 2. is I am the hacker.
<0> itrebal: if I am the user, I will p*** my session id, you will pull up the data on the server, and log me in.
<0> itrebal: If I am the hacker, I will manually set my phpsession id.. to the users.. and still pull up the login info..
<0> so theres no benefit security wise to check every time.
<8> in all honesty, how are you going to find the sessid?
<0> itrebal: your on wifi and I sniff your p***word.
<0> erm sessid
<3> myc: Laugh with me.
<3> heh
<0> itrebal: are you asking why use SSH over TELNET?
<0> itrebal: if web was secure, why even bother with HTTPS?
<8> where the **** did you get that from?
<0> Chill out illa
<8> whatever, theres nothing important here.... i just wanna keep track of users, pretty much
<6> Reflection API in php 5.1.2 is just sweet :)
<0> itrebal: theres no need to relog them in.
<0> tag the session as 'logged in'
<0> xshad: summary?
<3> myc: Anywho, thanks anyways.
<8> meh... i've gotta redesign my users cl*** now
<9> hello
<0> itrebal: just remember it is easy to hijack sessions.
<8> hm... if i just tag the session as logged in or not, how can i track the users?
<0> itrebal: everyone in here claims it doesnt matter right now.. but when you do something that matters.. and get your *** handed to you..
<0> itrebal: define 'track users'
<8> 1) i log movement in a database, 2) i have to have information about the current user on each page
<0> itrebal: if(AuthUser($username,$p***word)){ $_SESSION['username'] = $username; }
<8> so just store the username in the sessions
<8> session*
<0> yes.
<9> w0000t!
<0> so in your header you have something like.. session_start(); if(!isset $_SESSION['username']) header('location: /login.php');
<2> myc, omg. this is pissing me off.
<2> I'm trying to get a cookie to set but it wont
<8> its *slightly* different, but ok
<0> spyro_boy: why are you using cookies.
<2> >:0 -(RAWR)
<0> itrebal: the difference is, if username is set.. you dont need to hit your auth mechanism every page browse
<9> Jagger Lies!
<0> thx for crossposting
<8> but only in session, not if its from a cookie, cookies can be modified - right?
<0> itrebal: exactly.
<0> itrebal: you really shouldnt have a need for cookies.
<8> its a 'remember' sort of option
Return to
#php
or
Go to some related
logs:
#web
#mysql
ubuntu create swap space
ugly Nicks
#debian
group validation html_quickform
freebsd enable /dev/lp0
radeon +xorg +dbms
is ubuntu secure?
ICS SuSe 10 enterprise
|
|