| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
Comments:
<0> SubOne: Some servers are configured to automatically add the session id to every <a href=""> (among other things) on a page
<1> SubOne, Im sorry if im buggin you :) But did you check the code ?
<2> http://www.blumentals.net/webuilder/ is also a very nice editor
<3> SubOne: what ds- said *if* it's unable to use a cookie
<4> EddieX i dont see anywhere where you are actually setting the user and p***word
<1> SubOne, Those are just ordinary ***igns like $p***wd = "foo".. Above that function.
<4> but cant you set that to NOT automatically do that?
<4> EddieX why are you using variables for those rather than constants
<1> SubOne, I have them in an "include" file, along with some other stuff..
<3> SubOne: are you saying you have control over every server that runs your apps? perhaps so, but that is not everyone's case.
<3> SubOne: http://wiki.w4py.org/url-session-id-security.html
<5> good afternoon
<4> EddieX you should make them into constants so that they cannot be changed
<4> wait, we are talking about php/sessions right?
<1> SubOne, Weird, there is no code that changes the state of them..
<4> EddieX its just a precaution
<3> SubOne: php/jsp/doesn't matter. a session is a session.
<6> Your sessions are never 100% protected from hijacking
<4> EddieX did you try putting in plaintext to see if it would connect?>
<1> SubOne, It did connect :)
<4> b1n0ry i mean you know start_sessions() that sort of thing?
<5> myc: NOTHIGN is 100% protected
<7> Remowylliams, Sweet :)
<1> SubOne, I have been troubling with this for some hours now huhu... Thanks dude
<6> itrebal: Hack my wrist watch
<4> phone....
<7> Remowylliams, ill throw that on the 1 win box we have here LOL
<3> SubOne: that's how a session is started in PHP, yes. but whether you run start_sessions() in php or whatever in JSP or set your GLOBALS in ASP/IIS, it all does the same thing.
<8> ola
<2> raden: I wasn't sure what you were looking for but it seemed you probably had the same problem I have with dreamweaver it's too simplified for me to use. :9
<8> algum brasileiro por aqui
<9> don't ask to ask, just ask
<9> (?) lol
<3> dreamweaver destroyed my machine
<2> raden: Not to mention dream weaver still produces only marginally readable code.
<8> instalei hoje o debian e sou novato algum pode me dar algumas dicas
<10> b1n0ry that's what you get for using dreamweaver
<11> !+es
<12> Para los usuarios PHP de habla hispana que requieren la ayuda, ensamble por favor el canal del ##php.es
<3> Jymmm: i know, i've been told
<5> b1n0ry: what'd it do to you?
<10> b1n0ry Macromedia Dreamweaver, an Adobe Compony
<10> Company
<13> Yeah, I'm back. Ahem. Yes. (Annoying, aren't I?) What's the whole $t = New Template('somefile.php')?
<4> back
<11> [Karlprof]: I don't understand the question.
<7> is there a way to include a html file iside a table ?
<4> so is there no way to prevent session stealing?
<11> !tell [Karlprof] about back
<11> !tell SubOne about back
<7> like i have my menu buttons i want to just be able todo include('menu.htm');
<13> Well, TML, I'll try to explain it better.
<1> SubOne, Thank you very much!!
<4> TML, i was in a conversation and i was interupted by the phone, IF... YOU ... DON'T... MIND
<7> but when i include it like kills everything
<10> Aloha
<0> stupid php bot wouldn't tell me about back
<4> b1n0ry so is there no way to avoid someone stelaing sessions?
<10> !tell ds- about back
<14> SubOne, there is no way to avoid session stealing, but it is possible to do a lot of checkign to reconfirm who is viewing the session
<0> stupid bot....listens to you but not me :P
<4> ic
<3> itrebal: when you set up an FTP server, it creates a local cache path. If you happen to delete your temporary windows files while said server (and files) are open then you attempt an upload, Dreamweaver will appear to hang. Only it doesn't hang. It defaults your cache path to C:\%win_dir% (because it can't find the subdir) and since none of the files exist on the remote server, it starts deleting in order to sync. thus, it basically runs a
<10> ds- It's a smart bot =)
<14> so if someone hijacks it you can detect and react
<0> lol, touche
<15> !tell SubOne about typing english
<2> SubOne: you can make it difficult by recording the ip and locking the session id and the IP together
<11> ds-: "back" got removed somewhere along the way, I was re-creating it while you were asking.
<13> I was just wondering, how do "templates" work in PHP? I've read things such as "$t = new Template('somefile.php');" and "$t->title = $title" and "$t->display()". Is this a cl*** thing or something? I don't understand it much. Could someone point me in the direction of a guide or something?
<4> so what was the verdict on the best way to avoid it?
<5> b1n0ry: ooh
<13> (Is that better, TML?)
<14> you can't -- if someone wants to do something, they will
<16> [Karlprof]: Well, Template would be a cl***, yes.
<0> SubOne, scroll up if you can, there is a link I pasted somewhere up there
<11> [Karlprof]: PHP doesn't have builtin templating. Template is a cl*** installed somewhere on your system, *NOT* a part of PHP.
<14> cause if someone can hijack the session, they can most certainly spoof the IP too
<4> !tell Stormchaser about myob
<16> [Karlprof]: How it works depends on how whoever wrote it made it work. It's not a built in PHP thing.
<17> i have a script that dynamically generates an image ... the script pulls a location of a tiff, and using imagemagick, converts it to a jpg file and outputs the results to the screen after the proper jpg headers are sent ... is there a way that i can force the script to make browsers cache the images it generates so that it doesn't constantly have to convert something for a particular client?
<3> itrebal: thus the system that i did have that i ran Dreamweaver on currently does not boot.
<13> Ah, I see, TML.
<16> Although PEAR does have a couple template packages.
<6> sleek: cache it yourself
<5> b1n0ry: hehe, sounds like something exciting to do with a school computer :)
<11> SubOne: Actually, I *DO* mind. Our guidelines are pretty clear on the matter.
<17> myc: how?
<18> is phpmyadmin a perl thing?
<13> http://us2.php.net/zend-engine-2.php <-- Would reading through that be a good first step to writing my own template doohicky?
<6> sleek: save the image you created, drop its existance into a database.. when the script is called, ask the database if such a file exists, and if it does spit out the saved copy.
<14> that has to go in the subject...
<13> (It's the Cl***es and Objects page.)
<14> luu`laptop's comment
<15> luu`laptop: Lost your common sense?
<17> myc: i don't want to do that.
<18> TML this thing here lets me download a phpmyadmin-pl3 thing
<17> myc: i can't store the file .. it's not an option
<18> :\
<11> luu`laptop: patch level 3
<18> oh
<18> I knew that!
<16> [Karlprof]: Well, it would be a good first step to writing a cl***, at least.. It won't contain any particularly templating-specific insights..
<15> NOT :)
<3> itrebal: not a fun day in paradise, that's for sure.
<13> Okeydokey.
<18> :)
<13> I'll have a read.
<4> ds- is this the link you are talking about? http://wiki.w4py.org/url-session-id-security.html
<7> is there a way to include a .htm file within a cell or am i on crack ?
<0> no
<0> hold on
<19> hey
<0> http://www.sitepoint.com/blogs/2004/03/03/notes-on-php-session-security/
<20> raden: sure. <td><?php readfile('somefile.htm'); ?></td>
<0> I haven't been to that other one
<4> ty
<21> xsl :>
<19> is there java extension for php 5 ?
<7> caffinated, appreciated bro
<21> + xml :>
<20> raden: the only stipulation is that the file that's in needs a .php extension
<4> can someone tell me if i have a template script setup do i have to load every page from one base page? (index.php)
<7> soo the file im including needs to be PHP ?
<20> i didn't say that
<6> SubOne: no
<20> I said the file where you make the call needs to be .php
<4> myc: how would i do it then
<7> caffinated, i know that bro :)
<6> SubOne: include('template');
<22> SubOne: depends on the template system
<6> SubOne: ***uming your using DIYTemlpate
<4> myc: no i mean if all the pages are templates than what is the point of using different pages to bring in the templates?
<22> SubOne: a template is just a way to sperate html from logic, has nothing to do with how your site is designed, such as per-page or front-controler
<6> SubOne: *blinks*
<4> the different pages to call them would format it differently?
<20> and often times, templating systems do very little to seperate html from logic anyway.
<4> so in other words if i have a main page and a forum main page is should have at least 2 files for both ?
<7> caffinated
<23> hey there. Trying to install an apach2 (works fine), with php5 and osme goodies on debian. problem when I click on a php file I am asked to save it somewhere.
<7> that worked very well for me thank you gain
<22> caffinated: like smarty?
<10> !+at
<12> For Apache to be able to parse your .php files, you need to add this line to your config "AddHandler application/x-httpd-php .php". To make .phps files work too, you need to add "AddHandler application/x-httpd-php-source .phps" also. You must restart Apache after adding either or both of these lines.
<20> ||cw: it was one of the ones that came to mind
<4> myc: so in other words if i have a main page and a forum main page is should have at least 2 files for both ?
<3> Jymmm: is there a list somewhere of the commands that php-bot understands?
<11> b1n0ry: No
Return to
#php
or
Go to some related
logs:
#ubuntu
gconf-2.0 ubuntu
#mysql
HD 4TB ubuntu
kqemu fedora udev
howto run a patch ubuntu
#css
beeper dpkg
#perl
#css
|
|