Search Results

Search found 43347 results on 1734 pages for 'php security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 207/1734 | < Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >

  • Storing an Image with php?

    - by Chris
    I'm trying to store an Image in my website so I can use it easily but I found this php code from here and I can't quite make much sense of it.. I'm just starting php and I dont quite know what to change and what to keep.. I'd greatly appreciate it if you could explain this a little better for me, thanks. <?php $allowedExts = array("jpg", "jpeg", "gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } ?>

    Read the article

  • ASP.NET WebAPI Security 3: Extensible Authentication Framework

    - by Your DisplayName here!
    In my last post, I described the identity architecture of ASP.NET Web API. The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client security context from its host. This is fine in many situations (e.g. AJAX style callbacks with an already established logon session). But there are many cases where you don’t use the containing web application for authentication, but need to do it yourself. Examples of that would be token based authentication and clients that don’t run in the context of the web application (e.g. desktop clients / mobile). Since Web API provides a nice extensibility model, it is easy to implement whatever security framework you want on top of it. My design goals were: Easy to use. Extensible. Claims-based. ..and of course, this should always behave the same, regardless of the hosting environment. In the rest of the post I am outlining some of the bits and pieces, So you know what you are dealing with, in case you want to try the code. At the very heart… is a so called message handler. This is a Web API extensibility point that gets to see (and modify if needed) all incoming and outgoing requests. Handlers run after the conversion from host to Web API, which means that handler code deals with HttpRequestMessage and HttpResponseMessage. See Pedro’s post for more information on the processing pipeline. This handler requires a configuration object for initialization. Currently this is very simple, it contains: Settings for the various authentication and credential types Settings for claims transformation Ability to block identity inheritance from host The most important part here is the credential type support, but I will come back to that later. The logic of the message handler is simple: Look at the incoming request. If the request contains an authorization header, try to authenticate the client. If this is successful, create a claims principal and populate the usual places. If not, return a 401 status code and set the Www-Authenticate header. Look at outgoing response, if the status code is 401, set the Www-Authenticate header. Credential type support Under the covers I use the WIF security token handler infrastructure to validate credentials and to turn security tokens into claims. The idea is simple: an authorization header consists of two pieces: the schema and the actual “token”. My configuration object allows to associate a security token handler with a scheme. This way you only need to implement support for a specific credential type, and map that to the incoming scheme value. The current version supports HTTP Basic Authentication as well as SAML and SWT tokens. (I needed to do some surgery on the standard security token handlers, since WIF does not directly support string-ified tokens. The next version of .NET will fix that, and the code should become simpler then). You can e.g. use this code to hook up a username/password handler to the Basic scheme (the default scheme name for Basic Authentication). config.Handler.AddBasicAuthenticationHandler( (username, password) => username == password); You simply have to provide a password validation function which could of course point back to your existing password library or e.g. membership. The following code maps a token handler for Simple Web Tokens (SWT) to the Bearer scheme (the currently favoured scheme name for OAuth2). You simply have to specify the issuer name, realm and shared signature key: config.Handler.AddSimpleWebTokenHandler(     "Bearer",     http://identity.thinktecture.com/trust,     Constants.Realm,     "Dc9Mpi3jaaaUpBQpa/4R7XtUsa3D/ALSjTVvK8IUZbg="); For certain integration scenarios it is very useful if your Web API can consume SAML tokens. This is also easily accomplishable. The following code uses the standard WIF API to configure the usual SAMLisms like issuer, audience, service certificate and certificate validation. Both SAML 1.1 and 2.0 are supported. var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer( "d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add( new Uri(Constants.Realm)); adfsConfig.IssuerNameRegistry = registry; adfsConfig.CertificateValidator = X509CertificateValidator.None; // token decryption (read from configuration section) adfsConfig.ServiceTokenResolver = FederatedAuthentication.ServiceConfiguration.CreateAggregateTokenResolver(); config.Handler.AddSaml11SecurityTokenHandler("SAML", adfsConfig); Claims Transformation After successful authentication, if configured, the standard WIF ClaimsAuthenticationManager is called to run claims transformation and validation logic. This stage is used to transform the “technical” claims from the security token into application claims. You can either have a separate transformation logic, or share on e.g. with the containing web application. That’s just a matter of configuration. Adding the authentication handler to a Web API application In the spirit of Web API this is done in code, e.g. global.asax for web hosting: protected void Application_Start() {     AreaRegistration.RegisterAllAreas();     ConfigureApis(GlobalConfiguration.Configuration);     RegisterGlobalFilters(GlobalFilters.Filters);     RegisterRoutes(RouteTable.Routes);     BundleTable.Bundles.RegisterTemplateBundles(); } private void ConfigureApis(HttpConfiguration configuration) {     configuration.MessageHandlers.Add( new AuthenticationHandler(ConfigureAuthentication())); } private AuthenticationConfiguration ConfigureAuthentication() {     var config = new AuthenticationConfiguration     {         // sample claims transformation for consultants sample, comment out to see raw claims         ClaimsAuthenticationManager = new ApiClaimsTransformer(),         // value of the www-authenticate header, // if not set, the first scheme added to the handler collection is used         DefaultAuthenticationScheme = "Basic"     };     // add token handlers - see above     return config; } You can find the full source code and some samples here. In the next post I will describe some of the samples in the download, and then move on to authorization. HTH

    Read the article

  • Magento started showing PHP language errors since I downloaded the blank theme using Connect

    - by Aayush
    I used the Magento Connect downloader to install the blank theme extension, but I did not switch to it as I was unable to access any-page anymore. Instead, it started showing php errors for front-end and Magento generated security errors for admin. Frontend Error: Fatal error: Call to a member function toHtml() on a non-object in D:\xampp\htdocs\newpinch\app\code\core\Mage\Core\Model\Layout.php on line 529 Admin error on Log-in: There has been an error processing your request Exception printing is disabled by default for security reasons. Error log record number: 1608724822 Link to the theme extension I installed. I didn't even change the theme from the default, can anyone please tell me what am I doing wrong. I just installed the theme and then clicked on "Return to admin" in Magento Connect but it was unable to go instead started refreshed the Magento Connect page, only this time without any CSS styling. The only page that still appears correctly is the admin log-in page. Please help me, I have already tried the forums at magentocommerce.com and their community sucks. 0 views & 0 replies. please help...

    Read the article

  • edited and reversed changes on .htaccess - site starts redirecting to .comindex.php/

    - by Aurigae
    Site is a Joomla 2.5 site. I wanted to add a non www to www redirect to the htaccess file, did so, then the redirection went mad, reversed but still the site redirects. When i click view site in admin panel, i get linked to http://domain.comindex.php/ The website is http://www.domain.com Visiting the website URL works without www, but once you click on projects it acts mad too. Projects is managed with joomshopping extension. EDIT: the redirect also happens when rewrite is deactivated in admin panel. ## # @package Joomla # @copyright Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved. # @license GNU General Public License version 2 or later; see LICENSE.txt ## ## # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE! # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. ## ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks ## Mod_rewrite in use. RewriteEngine On ## Begin - Rewrite rules to block out some common exploits. # If you experience problems on your site block out the operations listed below # This attempts to block the most common type of exploit `attempts` to Joomla! # # Block out any script trying to base64_encode data within the URL. RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block out any script that includes a <script> tag in URL. RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Return 403 Forbidden header and show the content of the root homepage RewriteRule .* index.php [F] # ## End - Rewrite rules to block out some common exploits. ## Begin - Custom redirects # # If you need to redirect some pages, or set a canonical non-www to # www redirect (or vice versa), place that code here. Ensure those # redirects use the correct RewriteRule syntax and the [R=301,L] flags. # ## End - Custom redirects ## # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root). ## # RewriteBase / ## Begin - Joomla! core SEF Section. # RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # # If the requested path and file is not /index.php and the request # has not already been internally rewritten to the index.php script RewriteCond %{REQUEST_URI} !^/index\.php # and the request is for something within the component folder, # or for the site root, or for an extensionless URL, or the # requested URL ends with one of the listed extensions RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC] # and the requested path and file doesn't directly match a physical file RewriteCond %{REQUEST_FILENAME} !-f # and the requested path and file doesn't directly match a physical folder RewriteCond %{REQUEST_FILENAME} !-d # internally rewrite the request to the index.php script RewriteRule .* index.php [L] # ## End - Joomla! core SEF Section. Redirect 301 /index.html /index.php Redirect 301 /services /project Redirect 301 /projects/projects.html /project Redirect 301 /projects/project1.html /project Redirect 301 /projects/project2.html /project Redirect 301 /projects /project Redirect 301 /keypersonnel.html /about-agrin/keystaff Redirect 301 /cooperation.htm /about-agrin/intcoop Redirect 301 /member.html /about-agrin/memberships Redirect 301 /contact.html /contacts Redirect 301 /hr.htm /jobs Redirect 301 /index.php/404 /index.php

    Read the article

  • MySQL table with similar column info - HELP!!!

    - by George Garman
    I have a DB with a table that is named "victim". The form that dumps the info into the table has room for two victims and therefore there is vic1_fname, vic1_lname, vic2_fname, vic2_lname, etc.. (business name, person first, person last, address, city, state, zip) a "1" and "2" of each. Now I want to search the DB and locate listed victims. This is what I have so far: $result = mysql_query( "SELECT victim.* FROM victim WHERE vic1_business_name OR vic2_business_name LIKE '%$search_vic_business_name%' AND vic1_fname OR vic2_fname LIKE '%$search_vic_fname%' AND vic1_lname OR vic2_lname LIKE '%$search_vic_lname%' AND vic1_address OR vic2_address LIKE '%$search_vic_address%' AND vic1_city OR vic2_city LIKE '%$search_vic_city%' AND vic1_state OR vic2_state LIKE '%$search_vic_state%' AND vic1_dob OR vic2_dob LIKE '%$search_vic_dob%' "); <table width="960" style="border: groove;" border=".5"> <tr><th colspan=10>You search results are listed below:</th></tr> <tr> <th>Case Number</th> <th>Business Name</th> <th>First Name</th> <th>Last Name</th> <th>DOB / Age</th> <th>Address</th> <th>City</th> <th>State</th> </tr> <?php while($row = mysql_fetch_array($result)) { ?> <tr> <td align="center"><?php print $row['vic_business_name']; ?></td> <td align="center"><?php print $row['vic_fname']; ?></td> <td align="center"><?php print $row['vic_lname']; ?></td> <td align="center"><?php print $row['vic_dob']; ?></td> <td align="center"><?php print $row['vic_adress']; ?></td> <td align="center"><?php print $row['vic_city']; ?></td> <td align="center"><?php print $row['vic_state']; ?></td> </tr> <?php } ?> </table> The info did not display in the table until I changed the table to this: <tr> <td align="center"><?php print $row['vic1_business_name']; ?></td> <td align="center"><?php print $row['vic1_fname']; ?></td> <td align="center"><?php print $row['vic1_lname']; ?></td> <td align="center"><?php print $row['vic1_dob']; ?></td> <td align="center"><?php print $row['vic1_adress']; ?></td> <td align="center"><?php print $row['vic1_city']; ?></td> <td align="center"><?php print $row['vic1_state']; ?></td> </tr> <tr> <td align="center"><?php print $row['vic2_business_name']; ?></td> <td align="center"><?php print $row['vic2_fname']; ?></td> <td align="center"><?php print $row['vic2_lname']; ?></td> <td align="center"><?php print $row['vic2_dob']; ?></td> <td align="center"><?php print $row['vic2_adress']; ?></td> <td align="center"><?php print $row['vic2_city']; ?></td> <td align="center"><?php print $row['vic2_state']; ?></td> </tr> Now it displays both rows, even if its empty. It doesn't matter if the victim was listed originally as vic1 or vic2, i just want to know if they are a victim. I hope this makes sense. I can't get it to display the way I want, line-by-line, irregardless of whether you are vic1 or vic2.

    Read the article

  • Websphere federated repository for Active Directory

    - by Drakiula
    Hi, What I am trying to achieve is to have Websphere 6.1 use Active Directory users authentication. Websphere is running on Windows 2008 R2. What I've done already: Succesfully setup a federated repository for Windows Active Directory (LDAP); Create a realm definition for the federated repository previously defined; Set the realm definition as the current real definition. Stop the Websphere service. When I attempt to start the Websphere service again, it crashes with the following stacktrace: ------Start of DE processing------ = [9/3/10 2:36:14:133 PDT] , key = com.ibm.websphere.security.EntryNotFoundException com.ibm.ws.security.registry.UserRegistryImpl.createCredential 824 Exception = com.ibm.websphere.security.EntryNotFoundException Source = com.ibm.ws.security.registry.UserRegistryImpl.createCredential probeid = 824 Stack Dump = com.ibm.websphere.wim.exception.EntityNotFoundException: CWWIM4001E The 'null' entity was not found. at com.ibm.ws.wim.registry.util.UniqueIdBridge.getUniqueUserId(UniqueIdBridge.java:233) at com.ibm.ws.wim.registry.WIMUserRegistry$6.run(WIMUserRegistry.java:351) at com.ibm.ws.wim.security.authz.jacc.JACCSecurityManager.runAsSuperUser(JACCSecurityManager.java:500) at com.ibm.ws.wim.security.authz.ProfileSecurityManager.runAsSuperUser(ProfileSecurityManager.java:964) at com.ibm.ws.wim.registry.WIMUserRegistry.getUniqueUserId(WIMUserRegistry.java:340) at com.ibm.ws.security.registry.UserRegistryImpl.createCredential(UserRegistryImpl.java:750) at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:776) at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:453) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:618) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709) at java.security.AccessController.doPrivileged(AccessController.java:246) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706) at javax.security.auth.login.LoginContext.login(LoginContext.java:603) at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLoginHelper.java:376) at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3513) at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3306) at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3086) at com.ibm.ws.security.auth.ContextManagerImpl.getServerSubjectInternal(ContextManagerImpl.java:2180) at com.ibm.ws.security.auth.ContextManagerImpl.getServerSubjectInternal(ContextManagerImpl.java:1972) at com.ibm.ws.security.auth.ContextManagerImpl.initialize(ContextManagerImpl.java:2530) at com.ibm.ws.security.auth.ContextManagerImpl.initialize(ContextManagerImpl.java:2560) at com.ibm.ws.security.core.SecurityContext.enable(SecurityContext.java:83) at com.ibm.ws.security.core.distSecurityComponentImpl.initialize(distSecurityComponentImpl.java:379) at com.ibm.ws.security.core.distSecurityComponentImpl.startSecurity(distSecurityComponentImpl.java:336) at com.ibm.ws.security.core.SecurityComponentImpl.startSecurity(SecurityComponentImpl.java:105) at com.ibm.ws.security.core.ServerSecurityComponentImpl.start(ServerSecurityComponentImpl.java:283) at com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl.java:977) at com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:673) at com.ibm.ws.runtime.component.ApplicationServerImpl.start(ApplicationServerImpl.java:197) at com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl.java:977) at com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:673) at com.ibm.ws.runtime.component.ServerImpl.start(ServerImpl.java:526) at com.ibm.ws.runtime.WsServerImpl.bootServerContainer(WsServerImpl.java:192) at com.ibm.ws.runtime.WsServerImpl.start(WsServerImpl.java:140) at com.ibm.ws.runtime.WsServerImpl.main(WsServerImpl.java:461) at com.ibm.ws.runtime.WsServer.main(WsServer.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:618) at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:183) at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:90) at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:72) at org.eclipse.core.internal.runtime.PlatformActivator$1.run(PlatformActivator.java:78) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:92) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:68) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:400) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:177) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.core.launcher.Main.invokeFramework(Main.java:336) at org.eclipse.core.launcher.Main.basicRun(Main.java:280) at org.eclipse.core.launcher.Main.run(Main.java:977) at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:329) at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:92) Dump of callerThis = Object type = com.ibm.ws.security.registry.UserRegistryImpl com.ibm.ws.security.registry.UserRegistryImpl@68a068a0 Anybody maybe has a hint on this? I followed the exact steps described in the IBM Infocenter for setting this up. Thanks in advance for the help.

    Read the article

  • Why do two patterns (/.*) and (.*) match different strings? @per-directory (.htaccess) mod_rewrite RewriteRule

    - by Leftium
    Shouldn't the two patterns (/.*) and (.*) match the same string? My real question is actually: where did the "abc" go? Something funky seems to be happening inside the mod_rewrite engine... Given this .htaccess file in www/dir/: Options +FollowSymlinks RewriteEngine on RewriteRule (/.*) print_url_args.php?result=$1 A request for http://localhost/dir/abc/123/ results in: result ($1) = "/123/" $_REQUEST_URI = "/dir/abc/123/" If the / is removed from the pattern like RewriteRule (.*) print_url_args.php?result=$1 The same request for http://localhost/dir/abc/123/ results in: result ($1) = "print_url_args.php" $_REQUEST_URI = "/dir/abc/123/" update: posted rewrite log. 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#23cd4a8/initial] (3) [perdir C:/db/www/dir/] add path info postfix: C:/db/www/dir/abc - C:/db/www/dir/abc/123/ 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#23cd4a8/initial] (3) [perdir C:/db/www/dir/] strip per-dir prefix: C:/db/www/dir/abc/123/ - abc/123/ 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#23cd4a8/initial] (3) [perdir C:/db/www/dir/] applying pattern '(/.*)$' to uri 'abc/123/' 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#23cd4a8/initial] (2) [perdir C:/db/www/dir/] rewrite 'abc/123/' - 'print_url_args.php?result=/123/' 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#23cd4a8/initial] (3) split uri=print_url_args.php?result=/123/ - uri=print_url_args.php, args=result=/123/ 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#23cd4a8/initial] (3) [perdir C:/db/www/dir/] add per-dir prefix: print_url_args.php - C:/db/www/dir/print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#23cd4a8/initial] (2) [perdir C:/db/www/dir/] strip document_root prefix: C:/db/www/dir/print_url_args.php - /dir/print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#23cd4a8/initial] (1) [perdir C:/db/www/dir/] internal redirect with /dir/print_url_args.php [INTERNAL REDIRECT] 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#43833c8/initial/redir#1] (3) [perdir C:/db/www/dir/] strip per-dir prefix: C:/db/www/dir/print_url_args.php - print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#43833c8/initial/redir#1] (3) [perdir C:/db/www/dir/] applying pattern '(/.*)$' to uri 'print_url_args.php' 127.0.0.1 - - [15/Feb/2011:14:21:51 +0900] [localhost/sid#1333140][rid#43833c8/initial/redir#1] (1) [perdir C:/db/www/dir/] pass through C:/db/www/dir/print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23bf470/initial] (3) [perdir C:/db/www/dir/] add path info postfix: C:/db/www/dir/abc - C:/db/www/dir/abc/123/ 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23bf470/initial] (3) [perdir C:/db/www/dir/] strip per-dir prefix: C:/db/www/dir/abc/123/ - abc/123/ 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23bf470/initial] (3) [perdir C:/db/www/dir/] applying pattern '(.*)$' to uri 'abc/123/' 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23bf470/initial] (2) [perdir C:/db/www/dir/] rewrite 'abc/123/' - 'print_url_args.php?result=abc/123/' 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23bf470/initial] (3) split uri=print_url_args.php?result=abc/123/ - uri=print_url_args.php, args=result=abc/123/ 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23bf470/initial] (3) [perdir C:/db/www/dir/] add per-dir prefix: print_url_args.php - C:/db/www/dir/print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23bf470/initial] (2) [perdir C:/db/www/dir/] strip document_root prefix: C:/db/www/dir/print_url_args.php - /dir/print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23bf470/initial] (1) [perdir C:/db/www/dir/] internal redirect with /dir/print_url_args.php [INTERNAL REDIRECT] 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23fda10/initial/redir#1] (3) [perdir C:/db/www/dir/] strip per-dir prefix: C:/db/www/dir/print_url_args.php - print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23fda10/initial/redir#1] (3) [perdir C:/db/www/dir/] applying pattern '(.*)$' to uri 'print_url_args.php' 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23fda10/initial/redir#1] (2) [perdir C:/db/www/dir/] rewrite 'print_url_args.php' - 'print_url_args.php?result=print_url_args.php' 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23fda10/initial/redir#1] (3) split uri=print_url_args.php?result=print_url_args.php - uri=print_url_args.php, args=result=print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23fda10/initial/redir#1] (3) [perdir C:/db/www/dir/] add per-dir prefix: print_url_args.php - C:/db/www/dir/print_url_args.php 127.0.0.1 - - [15/Feb/2011:14:24:54 +0900] [localhost/sid#1333140][rid#23fda10/initial/redir#1] (1) [perdir C:/db/www/dir/] initial URL equal rewritten URL: C:/db/www/dir/print_url_args.php [IGNORING REWRITE]

    Read the article

  • Can I create a variable with JavaScript that PHP can recognize?

    - by zeckdude
    I have a series of PHP statements that I only want to run if javaScript is enabled. if($js_enabled == 'yes') { //Run a series of PHP statements } My problem is that I want to create that $js_enabled variable with javaScript. Therefore, if javaScript is enabled, the variable will be created and the PHP statements will be run, but if javaScript is not enabled, the variable will never be created and the PHP statements will not run. How can I create a variable with JavaScript that PHP can recognize?

    Read the article

  • How to integrate wordpress with an existing php homepage ?

    - by user284523
    I have already a site with a single homepage index.php which accepts 2 parameters like http://mydomain.com/index.php?param1=something&param2=somethingelse param2 can be optional I want to install wordpress on the root directory, except for index.php and the above url, I want wordpress to show the blog pages. How to do that either in PHP and/or htaccess ? (I'm very bad at htaccess so I prefer php).

    Read the article

  • What should I learn & use to become a pro in PHP & Python Web development?

    - by pecker
    Hello, I'll just show some code to show how I do web development in PHP. <html> <head> <title>Example #3 TDavid's Very First PHP Script ever!</title> </head> <? print(Date("m/j/y")); require_once("somefile.php"); $mysql_db = "DATABASE NAME"; $mysql_user = "YOUR MYSQL USERNAME"; $mysql_pass = "YOUR MYSQL PASSWORD"; $mysql_link = mysql_connect("localhost", $mysql_user, $mysql_pass); mysql_select_db($mysql_db, $mysql_link); $result = mysql_query("SELECT impressions from tds_counter where COUNT_ID='$cid'", $mysql_link); if(mysql_num_rows($result)) { mysql_query("UPDATE tds_counter set impressions=impressions+1 where COUNT_ID='$cid'", $mysql_link); $row = mysql_fetch_row($result); if(!$inv) { print("$row[0]"); } } ?> <body> </body> </html> Thats it. I write every file like this. Recently, I learnt OOP and started using classes & objects in PHP. I hear that there are many frameworks there for PHP. They say that one must use these libraries. But I feel they are just making things complicated. Anyway, this is how I've been doing my web development. Now, I want to improve this. and make it professional. Also I want to move to Python. I searched SO archives and found everyone suggesting Django. But, can any one give me some idea about how web development in Python works? user (client) request for page --- webserver(-embedded PHP interpreter) ---- Server side(PHP) Script --- MySQL Server. Now, is it that instead of PHP interpreter there is python interpreter & instead of php script there is python script, which contains both HTML & python (embedded in some kind of python tags). Python script connects to database server and fetches some data which will be printed as HTML. or is it different in python world? Is this Django thing like frameworks for PHP? Can't one code in python without using Django. Because, I never encountered any post without django Please give me some kick start.

    Read the article

  • Derek Brink shares "Worst Practices in IT Security"

    - by Darin Pendergraft
    Derek Brink is Vice President and Research Fellow in IT Security for the Aberdeen Group.  He has established himself as an IT Security Expert having a long and impressive career with companies and organizations ranging from RSA, Sun, HP, the PKI Forum and the Central Intelligence Agency.  So shouldn't he be talking about "Best Practices in IT Security?" In his latest blog he talks about the thought processes that drive the wrong behavior, and very cleverly shows how that incorrect thinking exposes weaknesses in our IT environments. Check out his latest blog post titled: "The Screwtape CISO: Memo #1 (silos, stovepipes and point solutions)"

    Read the article

  • ADF Desktop Integration Security Explained

    - by juan.ruiz
    ADFdi provides a secure access to spreadsheets within MS-Excel. Developers as well as administrators could wonder how the security features work in this mixed layout -having MS-Excel accessing JavaEE business services? and also what do system administrators should expect when deploying an ADF solution that offers ADFdi capabilities? Shaun Logan from the ADFdi team published an excellent article back in January where you can find in a great detail the ADF desktop integration security features and implementation. You can find the article here: http://www.oracle.com/technology/products/jdev/11/collateral/security%20whitepaper%20for%20adfdi%20r1%20final.pdf Enjoy!

    Read the article

  • nikto probe warning messages

    - by julio
    Hi-- I have a pretty standard VPS running Ubuntu 8.1, Apache 2.2, PHP 5 etc. -- standard Lamp stack. I am using suhosin and have tried my best to plug the obvious stuff, since I'm the only user-- there's no SSH access except via pubkey on a non-standard port, there's no root access by SSH, no FTP server running, iptables is set to discard anything outside of basically port 80 or my SSH port (there's no mail server or anything else). However, I've still been compromised (not badly as far as I can tell) probably by a SQL injection. I've locked down the SQL user (there's only one outside of root, and he's got limited priv, no file etc.) So I ran nikto to see what I'm doing wrong, and there's a list of things I've never seen, and can't find using "find" or any other method I'm aware of. See below: + /autologon.html?10514: Remotely Anywhere 5.10.415 is vulnerable to XSS attacks that can lead to cookie theft or privilege escalation. This is typically found on port 2000. + /servlet/webacc?User.html=noexist: Netware web access may reveal full path of the web server. Apply vendor patch or upgrade. + OSVDB-35878: /modules.php?name=Members_List&letter='%20OR%20pass%20LIKE%20'a%25'/*: PHP Nuke module allows user names and passwords to be viewed. + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content. + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-3092: /administrator/: This might be interesting... + OSVDB-3092: /Agent/: This might be interesting... + OSVDB-3092: /includes/: This might be interesting... + OSVDB-3092: /logs/: This might be interesting... + OSVDB-3092: /tmp/: This might be interesting... + ERROR: /servlet/Counter returned an error: error reading HTTP response + OSVDB-3268: /icons/: Directory indexing is enabled: /icons + OSVDB-3268: /images/: Directory indexing is enabled: /images + OSVDB-3299: /forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-3299: /forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-3299: /htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-3299: /vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-3299: /vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-6659: /kCKAowoWuZkKCUPH7Mr675ILd9hFg1lnyc1tWUuEbkYkFCpCdEnCKkkd9L0bY34tIf9l6t2owkUp9nI5PIDmQzMokDbp71QFTZGxdnZhTUIzxVrQhVgwmPYsMK7g34DURzeiy3nyd4ezX5NtUozTGqMkxDrLheQmx4dDYlRx0vKaX41JX40GEMf21TKWxHAZSUxjgXUnIlKav58GZQ5LNAwSAn13l0w<font%20size=50>DEFACED<!--//--: MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version. I understand about the trace and index, but what about the vbulletin and autologin? I've searched, and I can't find any files like that on the server. I have no idea about the "MyWebServer" stuff, the PHP Nuke, or the Netware/servlet stuff-- there's nothing really on the server except a pretty standard Joomla site (updated to the latest version). Any help with these messages and/or what I'm doing wrong is very much appreciated.

    Read the article

  • ASP.NET WebAPI Security 2: Identity Architecture

    - by Your DisplayName here!
    Pedro has beaten me to the punch with a detailed post (and diagram) about the WebAPI hosting architecture. So go read his post first, then come back so we can have a closer look at what that means for security. The first important takeaway is that WebAPI is hosting independent-  currently it ships with two host integration implementations – one for ASP.NET (aka web host) and WCF (aka self host). Pedro nicely shows the integration into the web host. Self hosting is not done yet so we will mainly focus on the web hosting case and I will point out security related differences when they exist. The interesting part for security (amongst other things of course) is the HttpControllerHandler (see Pedro’s diagram) – this is where the host specific representation of an HTTP request gets converted to the WebAPI abstraction (called HttpRequestMessage). The ConvertRequest method does the following: Create a new HttpRequestMessage. Copy URI, method and headers from the HttpContext. Copies HttpContext.User to the Properties<string, object> dictionary on the HttpRequestMessage. The key used for that can be found on HttpPropertyKeys.UserPrincipalKey (which resolves to “MS_UserPrincipal”). So the consequence is that WebAPI receives whatever IPrincipal has been set by the ASP.NET pipeline (in the web hosting case). Common questions are: Are there situations where is property does not get set? Not in ASP.NET – the DefaultAuthenticationModule in the HTTP pipeline makes sure HttpContext.User (and Thread.CurrentPrincipal – more on that later) are always set. Either to some authenticated user – or to an anonymous principal. This may be different in other hosting environments (again more on that later). Why so generic? Keep in mind that WebAPI is hosting independent and may run on a host that materializes identity completely different compared to ASP.NET (or .NET in general). This gives them a way to evolve the system in the future. How does WebAPI code retrieve the current client identity? HttpRequestMessage has an extension method called GetUserPrincipal() which returns the property as an IPrincipal. A quick look at self hosting shows that the moral equivalent of HttpControllerHandler.ConvertRequest() is HttpSelfHostServer.ProcessRequestContext(). Here the principal property gets only set when the host is configured for Windows authentication (inconsisteny). Do I like that? Well – yes and no. Here are my thoughts: I like that it is very straightforward to let WebAPI inherit the client identity context of the host. This might not always be what you want – think of an ASP.NET app that consists of UI and APIs – the UI might use Forms authentication, the APIs token based authentication. So it would be good if the two parts would live in a separate security world. It makes total sense to have this generic hand off point for identity between the host and WebAPI. It also makes total sense for WebAPI plumbing code (especially handlers) to use the WebAPI specific identity abstraction. But – c’mon we are running on .NET. And the way .NET represents identity is via IPrincipal/IIdentity. That’s what every .NET developer on this planet is used to. So I would like to see a User property of type IPrincipal on ApiController. I don’t like the fact that Thread.CurrentPrincipal is not populated. T.CP is a well established pattern as a one stop shop to retrieve client identity on .NET.  That makes a lot of sense – even if the name is misleading at best. There might be existing library code you want to call from WebAPI that makes use of T.CP (e.g. PrincipalPermission, or a simple .Name or .IsInRole()). Having the client identity as an ambient property is useful for code that does not have access to the current HTTP request (for calling GetUserPrincipal()). I don’t like the fact that that the client identity conversion from host to WebAPI is inconsistent. This makes writing security plumbing code harder. I think the logic should always be: If the host has a client identity representation, copy it. If not, set an anonymous principal on the request message. Btw – please don’t annoy me with the “but T.CP is static, and static is bad for testing” chant. T.CP is a getter/setter and, in fact I find it beneficial to be able to set different security contexts in unit tests before calling in some logic. And, in case you have wondered – T.CP is indeed thread static (and the name comes from a time where a logical operation was bound to a thread – which is not true anymore). But all thread creation APIs in .NET actually copy T.CP to the new thread they create. This is the case since .NET 2.0 and is certainly an improvement compared to how Win32 does things. So to sum it up: The host plumbing copies the host client identity to WebAPI (this is not perfect yet, but will surely be improved). or in other words: The current WebAPI bits don’t ship with any authentication plumbing, but solely use whatever authentication (and thus client identity) is set up by the host. WebAPI developers can retrieve the client identity from the HttpRequestMessage. Hopefully my proposed changes around T.CP and the User property on ApiController will be added. In the next post, I will detail how to add WebAPI specific authentication support, e.g. for Basic Authentication and tokens. This includes integrating the notion of claims based identity. After that we will look at the built-in authorization bits and how to improve them as well. Stay tuned.

    Read the article

  • Silverlight Security

    Here are some interesting links about Silverlight security (I learnt a lot from the first document): Silverlight security whitepaper: > http://download.microsoft.com/download/A/1/A/A1A80A28-907C-4C6A-8036-782E3792A408/Silverlight Security Overview.docx This reading gives you a lot of insight into features like Isolated Storage, Local Messaging, Cross-Site Scripting (XSS), Sandbox, Validate input, https, . Shawn Wildermuths session at MIX10: > Securing Microsoft Silverlight Applications ...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Trigger IP ban based on request of given file?

    - by Mike Atlas
    I run a website where "x.php" was known to have vulnerabilities. The vulnerability has been fixed and I don't have "x.php" on my site anymore. As such with major public vulnerabilities, it seems script kiddies around are running tools that hitting my site looking for "x.php" in the entire structure of the site - constantly, 24/7. This is wasted bandwidth, traffic and load that I don't really need. Is there a way to trigger a time-based (or permanent) ban to an IP address that tries to access "x.php" anywhere on my site? Perhaps I need a custom 404 PHP page that captures the fact that the request was for "x.php" and then that triggers the ban? How can I do that? Thanks! EDIT: I should add that part of hardening my site, I've started using ZBBlock: This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently reccurring 503 OVERLOAD message with a 24 hour timeout. But ZBBlock doesn't do quite exactly what I want to do, it does help with other spam/script/hack blocking.

    Read the article

  • Ldap invalid credentials not loading authentication failure url

    - by Murari
    Able to do the custom ldap authentication for external db authorities. But when i am trying to test wrong password the authentication failure url is not showing instead my browser prints the exception details.Below is my securitycontext.xml and exption given <http auto-config="false" access-decision-manager-ref="accessDecisionManager" access-denied-page="/accessDenied.jsp"> <!-- Restrict access to ALL other pages --> <intercept-url pattern="/index.jsp" filters="none" /> <!-- Don't set any role restrictions on login.jsp --> <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/service/**" access="PRIV_Report User, PRIV_305" /> <logout logout-success-url="/index.jsp" /> <form-login authentication-failure-url="/index.jsp?error=1" default-target-url="/home.jsp" /> <anonymous/> </http> <b:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> <b:property name="decisionVoters"> <b:list> <b:ref bean="roleVoter" /> <b:ref bean="authenticatedVoter" /> </b:list> </b:property> </b:bean> <b:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"> <b:property name="rolePrefix" value="PRIV_" /> </b:bean> <b:bean id="authenticatedVoter" class="org.springframework.security.vote.AuthenticatedVoter"> </b:bean> <b:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <b:constructor-arg value="ldap://mydomain:389" /> </b:bean> <b:bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> <b:constructor-arg ref="contextSource" /> </b:bean> <b:bean id="ldapAuthenticationProvider" class="com.zo.sas.gwt.security.login.server.SASLdapAuthenticationProvider"> <b:property name="authenticator" ref="ldapAuthenticator" /> <custom-authentication-provider /> </b:bean> <b:bean id="ldapAuthenticator" class="com.zo.sas.gwt.security.login.server.SASAuthenticator"> <b:property name="contextSource" ref="contextSource" /> <b:property name="userDnPatterns"> <b:value>uid={0},OU=People</b:value> </b:property> </b:bean> and my exception logs..... org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:180) org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) com.zo.sas.gwt.security.login.server.SASAuthenticator.authenticate(SASAuthenticator.java:55) com.zo.sas.gwt.security.login.server.SASLdapAuthenticationProvider.authenticate(SASLdapAuthenticationProvider.java:45) org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:188) org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46) org.springframework.security.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:82) org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:258) org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89) org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235) org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:183) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:138) This is my index.jsp <html> <script type="text/javascript" language="javascript"> var dictionary = { loginErr: "${SPRING_SECURITY_LAST_EXCEPTION.message}", error: "${param.error}" }; </script> <head> </head> <body > <iframe src="javascript:''" id="__gwt_historyFrame" style="width:0;height:0;border:0"></iframe> <script type="text/javascript" language="javascript" src="com.zo.sas.gwt.sasworkflow.home.Home.nocache.js"></script> </body> </html>

    Read the article

  • Set up lnux box for hosting a-z [apache mysql php ssl]

    - by microchasm
    I am in the process of reinstalling the OS on a machine that will be used to host a couple of apps for our business. The apps will be local only; access from external clients will be via vpn only. The prior setup used a hosting control panel (Plesk) for most of the admin, and I was looking at using another similar piece of software for the reinstall - but I figured I should finally learn how it all works. I can do most of the things the software would do for me, but am unclear on the symbiosis of it all. This is all an attempt to further distance myself from the land of Configuration Programmer/Programmer, if at all possible. I can't find a full walkthrough anywhere for what I'm looking for, so I thought I'd put up this question, and if people can help me on the way I will edit this with the answers, and document my progress/pitfalls. Hopefully someday this will help someone down the line. The details: CentOS 5.5 x86_64 httpd: Apache/2.2.3 mysql: 5.0.77 (to be upgraded) php: 5.1 (to be upgraded) The requirements: SECURITY!! Secure file transfer Secure client access (SSL Certs and CA) Secure data storage Virtualhosts/multiple subdomains Local email would be nice, but not critical The Steps: Download latest CentOS DVD-iso (torrent worked great for me). Install CentOS: While going through the install, I checked the Server Components option thinking I was going to be using another Plesk-like admin. In hindsight, considering I've decided to try to go my own way, this probably wasn't the best idea. Basic config: Setup users, networking/ip address etc. Yum update/upgrade. Upgrade PHP: To upgrade PHP to the latest version, I had to look to another repo outside CentOS. IUS looks great and I'm happy I found it! cd /tmp #wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/epel-release-1-1.ius.el5.noarch.rpm #rpm -Uvh epel-release-1-1.ius.el5.noarch.rpm #wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1-4.ius.el5.noarch.rpm #rpm -Uvh ius-release-1-4.ius.el5.noarch.rpm yum list | grep -w \.ius\. [will list all packages available in the IUS repo] rpm -qa | grep php [will list installed packages needed to be removed. the installed packages need to be removed before you can install the IUS packages otherwise there will be conflicts] #yum shell >remove php-gd php-cli php-odbc php-mbstring php-pdo php php-xml php-common php-ldap php-mysql php-imap Setting up Remove Process >install php53 php53-mcrypt php53-mysql php53-cli php53-common php53-ldap php53-imap php53-devel >transaction solve >transaction run Leaving Shell #php -v PHP 5.3.2 (cli) (built: Apr 6 2010 18:13:45) This process removes the old version of PHP and installs the latest. To upgrade mysql: Pretty much the same process as above with PHP #/etc/init.d/mysqld stop [OK] rpm -qa | grep mysql [installed mysql packages] #yum shell >remove mysql mysql-server Setting up Remove Process >install mysql51 mysql51-server mysql51-devel >transaction solve >transaction run Leaving Shell #service mysqld start [OK] #mysql -v Server version: 5.1.42-ius Distributed by The IUS Community Project And this is where I'm at. I will keep editing this as I make progress. Any tips on how to Configure Virtualhosts for SSL, setting up a CA, setting up SFTP with openSSH, or anything else would be appreciated.

    Read the article

  • PHP/MySQL Swap places in database + JavaScript (jQuery)

    - by James Brooks
    I'm currently developing a website which stores bookmarks in a MySQL database using PHP and jQuery. The MySQL for bookmarks looks like this (CSV format): id,userid,link_count,url,title,description,tags,shareid,fav,date "1";"1";"0";"img/test/google.png";"Google";"Best. Search Engine. Ever.";"google, search, engine";"7nbsp";"0";"1267578934" "2";"1";"1";"img/test/james-brooks.png";"jTutorials";"Best. jQuery Tutorials. Ever.";"jquery, jtutorials, tutorials";"8nbsp";"0";"1267578934" "3";"1";"2";"img/test/benokshosting.png";"Benoks Hosting";"Cheap website hosting";"Benoks, Hosting, server, linux, cpanel";"9nbsp;";"0";"1267578934" "4";"1";"3";"img/test/jbrooks.png";"James Brooks";"Personal website FTW!";"james, brooks, jbrooksuk, blog, personal, portfolio";"1nbsp";"0";"1267578934" "6";"1";"4";"img/test/linkbase.png";"LinkBase";"Store and organise your bookmarks and access them from anywhere!";"linkbase, bookmarks, organisation";"3nbsp";"0";"1267578934" "5";"1";"5";"img/test/jtutorials.png";"jTutorials";"jQuery tutorials, videos and examples!";"jquery, jtutorials, tutorials";"2nbsp";"0";"1267578934" I'm using jQuery Sortable to move the bookmarks around (similar to how Google Chrome does). Here is the JavaScript code I use to format the bookmarks and post the data to the PHP page: $(".bookmarks").sortable({scroll: false, update: function(event, ui){ // Update bookmark position in the database when the bookmark is dropped var newItems = $("ul.bookmarks").sortable('toArray'); console.log(newItems); var oldItems = ""; for(var imgI=0;imgI < newItems.length;imgI++) { oldItems += $("ul.bookmarks li#" + imgI + " img").attr("id") + ","; } oldItems = oldItems.slice(0, oldItems.length-1); console.log("New position: " + newItems); console.log("Old position: " + oldItems); // Post the data $.post('inc/updateBookmarks.php', 'update=true&olditems=' + oldItems + "&newitems=" + newItems, function(r) { console.log(r); }); } }); The PHP page then goes about splitting the posted arrays using explode, like so: if(isset($pstUpdate)) { // Get the current and new positions $arrOldItems = $_POST['olditems']; $arrOldItems = explode(",", $arrOldItems); $arrNewItems = $_POST['newitems']; $arrNewItems = explode(",", $arrNewItems); // Get the user id $usrID = $U->user_field('id'); // Update the old place to the new one for($anID=0;$anID<count($arrOldItems);$anID++) { //echo "UPDATE linkz SET link_count='" . $arrNewItems[$anID] . "' WHERE userid='" . $usrID . "' AND link_count='" . $arrOldItems[$anID] . "'\n"; //echo "SELECT id FROM linkz WHERE link_id='".$arrOldItems[$anID]."' AND userid='".$usrID."'"; $curLinkID = mysql_fetch_array(mysql_query("SELECT id FROM linkz WHERE link_count='".$arrOldItems[$anID]."' AND userid='".$usrID."'")) or die(mysql_error()); echo $arrOldItems[$anID] . " => " . $arrNewItems[$anID] . " => " . $curLinkID['id'] . "\n"; //mysql_query("UPDATE linkz SET link_count='" . $arrNewItems[$anID] . "' WHERE userid='" . $usrID . "' AND link_count='" . $curLinkID['id'] . "'") or die(mysql_error()); // Join a string with the new positions $outPos .= $arrNewItems[$anID] . "|"; } echo substr($outPos, 0, strlen($outPost) - 1); } So, each bookmark is given it's own link_count id (which starts from 0 for each user). Every time a bookmark is changed, I need the link_count to be changed as needed. If we take this array output as the starting places: Array ( [0] => 0 [1] => 1 [2] => 2 [3] => 3 [4] => 4 [5] => 5 ) Each index equalling the link_count position, the resulting update would become: Array ( [0] => 1 [1] => 0 [2] => 3 [3] => 4 [4] => 5 [5] => 2 ) I have tried many ways but none are successful. Thanks in advance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >