Search Results

Search found 19667 results on 787 pages for 'missing template'.

Page 296/787 | < Previous Page | 292 293 294 295 296 297 298 299 300 301 302 303  | Next Page >

• Please Critique this PHP Login Script

  - by NightMICU

  Greetings, A site I developed was recently compromised, most likely by a brute force or Rainbow Table attack. The original log-in script did not have a SALT, passwords were stored in MD5. Below is an updated script, complete with SALT and IP address banning. In addition, it will send a Mayday email & SMS and disable the account should the same IP address or account attempt 4 failed log-ins. Please look it over and let me know what could be improved, what is missing, and what is just plain strange. Many thanks! <?php //Start session session_start(); //Include DB config include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php'; //Error message array $errmsg_arr = array(); $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } //Define a SALT, the one here is for demo define('SALT', '63Yf5QNA'); //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Encrypt password $encryptedPassword = md5(SALT . $password); //Input Validations //Obtain IP address and check for past failed attempts $ip_address = $_SERVER['REMOTE_ADDR']; $checkIPBan = $db->prepare("SELECT COUNT(*) FROM ip_ban WHERE ipAddr = ? OR login = ?"); $checkIPBan->execute(array($ip_address, $login)); $numAttempts = $checkIPBan->fetchColumn(); //If there are 4 failed attempts, send back to login and temporarily ban IP address if ($numAttempts == 1) { $getTotalAttempts = $db->prepare("SELECT attempts FROM ip_ban WHERE ipAddr = ? OR login = ?"); $getTotalAttempts->execute(array($ip_address, $login)); $totalAttempts = $getTotalAttempts->fetch(); $totalAttempts = $totalAttempts['attempts']; if ($totalAttempts >= 4) { //Send Mayday SMS $to = "[email protected]"; $subject = "Banned Account - $login"; $mailheaders = 'From: [email protected]' . "\r\n"; $mailheaders .= 'Reply-To: [email protected]' . "\r\n"; $mailheaders .= 'MIME-Version: 1.0' . "\r\n"; $mailheaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $msg = "<p>IP Address - " . $ip_address . ", Username - " . $login . "</p>"; mail($to, $subject, $msg, $mailheaders); $setAccountBan = $db->query("UPDATE ip_ban SET isBanned = 1 WHERE ipAddr = '$ip_address'"); $setAccountBan->execute(); $errmsg_arr[] = 'Too Many Login Attempts'; $errflag = true; } } if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header('Location: http://somewhere.com/login.php'); exit(); } //Query database $loginSQL = $db->prepare("SELECT password FROM user_control WHERE username = ?"); $loginSQL->execute(array($login)); $loginResult = $loginSQL->fetch(); //Compare passwords if($loginResult['password'] == $encryptedPassword) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $getMemDetails = $db->prepare("SELECT * FROM user_control WHERE username = ?"); $getMemDetails->execute(array($login)); $member = $getMemDetails->fetch(); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $updateLog = $db->prepare("UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR), ip_addr = ? WHERE user_id = ?"); $updateLog->execute(array($ip_address, $member['user_id'])); session_write_close(); //If there are past failed log-in attempts, delete old entries if ($numAttempts > 0) { //Past failed log-ins from this IP address. Delete old entries $deleteIPBan = $db->prepare("DELETE FROM ip_ban WHERE ipAddr = ?"); $deleteIPBan->execute(array($ip_address)); } if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://somewhere.com"); } else { header('Location: http://somewhere.com'); } exit(); } else { //Login failed. Add IP address and other details to ban table if ($numAttempts < 1) { //Add a new entry to IP Ban table $addBanEntry = $db->prepare("INSERT INTO ip_ban (ipAddr, login, attempts) VALUES (?,?,?)"); $addBanEntry->execute(array($ip_address, $login, 1)); } else { //increment Attempts count $updateBanEntry = $db->prepare("UPDATE ip_ban SET ipAddr = ?, login = ?, attempts = attempts+1 WHERE ipAddr = ? OR login = ?"); $updateBanEntry->execute(array($ip_address, $login, $ip_address, $login)); } header('Location: http://somewhere.com/login.php'); exit(); } ?>

  Read the article

• How to integer-divide round negative numbers *down*?

  - by Conrad Albrecht

  Seems like whenever I divide a negative int by a positive int, I need it to round down (toward -inf), not toward 0. But both C# and C++ round toward 0. So I guess I need a DivideDownward() method. I can write it in a few lines with a test for negative and so on, but my ideas seem klugey. So I'm wondering if I'm missing something and if you have an "elegant" way to round negative division downward.

  Read the article

• Get all custom fields that belong to a certain box in Wordpress

  - by user252160

  How can I get all custom fields that belong to a certain box only. For example, I am using the "more fields" plugin which allows me to create boxes of custom fields for instance a box called "hotel features" with different custom fields as the particular features. Teh point is that when I extract meta data in the template, there is no way, known to me, how to get only the fields that belong to the "hotel features box", say. Please, help with suggestions

  Read the article

• I am getting the erorr when I try to debug.

  - by Michael

  I am receiving the error noted below. I have built/rebuilt the files sevaral time. I have alson renamed the file the file in the *.exe The NetworkAssociation.exe file is in the debug folder. Any help would be wonderful Visual Studio cannot start debugging because the debub target 'c:\NetworkAssociation\NetworkAssociation\Bin\Debug\NetworkAssociation.exe' is missing. Please build the project and retry, or set the OutputPath and AssemblyName properties appropriately to point at the correct location.

  Read the article

• How can I obfuscate email addresses contained in 'free input' text fields in Django

  - by bitbutter

  In my models I often use text fields that are intended to contain large pieces of textile-formatted input. I'd like to automatically obfuscate any email addresses that are entered into these text fields, so that when they're printed in a template they're not visible to spiders. Is there a smart way to do this?

  Read the article

• How to add backgroud music in my website done in Joomla?

  - by Nishant Shrivastava

  Hello Experts, I am willing to add a music which runs in the background of my website.The site is generated in Joomla.Does anyone knows about any component (or any way) through which I can add a music which runs in the background of the website. I know it can be achieved via embed tag in the index page of the selected template,but one additional requirement is whenever any visitor clicks on any other Link, it should continue but not start from the begining.Is it feasible? Can anyone help me regarding this?

  Read the article

• Django: url tag reverse

  - by Alexander A.Sosnovskiy

  Can you help me to get url in my template: url(r'^page/(?P[-\d]+)$', 'show_port', {"template_name": "port.html"}, name="port",), href="{% url port page_num=1 %}" I want to get /page/1 as a result , but don't know how :( Caught an exception while rendering: Reverse for 'port' with arguments '()' and keyword arguments '{'page_num': 1}' not found. The same thing if href="{% url port 1 %}"

  Read the article

• Access 2007 db is readonly, why?

  - by Malcolm

  Hi, I copied an MSAccess 2007 db from a workstation onto another workstation. I added the DB folder to Trusted Locations. I check the file properties readonly flag, but it is unchecked. But the database is opened in ReadOnly mode. What am I missing here please??? Malcolm

  Read the article

• Checkbox gets reset in WPF Datagrid when sorting

  - by user464420

  I have a WPF application with DataGrid The DataGrid contains 4 columns with a checkbox template column on the first column the problem is when i check some of the checkbox on the items, the checkbox would got reset when i sort a certain column. For example i check the checkbox on the row 2 it gets unchecked when i sort the datagrid. been searching for similar case like this for a while but haven't seen one Thanks,

  Read the article

• Convert SQL server datetime fields to compare date parts only, with indexed lookups

  - by Caveatrob

  I've been doing a convert(varchar,datefield,112) on each date field that I'm using in 'between' queries in SQL server to ensure that I'm only accounting for dates and not missing any based on the time part of datetime fields. Now, I'm hearing that the converts aren't indexable and that there are better methods, in SQL Server 2005, to compare the date part of datetimes in a query to determine if dates fall in a range. What is the optimal, indexable, method of doing something like this: select * from appointments where appointmentDate='08-01-2008' and appointmentDate<'08-15-2008'

  Read the article

• Stretch text in a TextArea control in Flex 3

  - by Wil

  I think I might be missing something really obvious here but how can I stretch the width or height of the text in a TextArea rather than just resizing the bounding box of the control ?

  Read the article

• Scala parser combinators: how to parse "if(x)" if x can contain a ")"

  - by Germán

  I'm trying to get this to work: def emptyCond: Parser[Cond] = ("if" ~ "(") ~> regularStr <~ ")" ^^ { case s => Cond("",Nil,Nil) } where regularStr is defined to accept a number of things, including ")". Of course, I want this to be an acceptable input: if(foo()). But for any if(x) it is taking the ")" as part of the regularStr and so this parser never succeeds. What am I missing?

  Read the article

• Can I sort the tabs in Eclipse alphabetically?

  - by cringe

  Just a quick question: I'm using a lots of tabs in Eclipse and I wonder if there is a way to have them sorted alphabetically. Is there a settings I'm missing for years or a plugin that I'm unaware of?

  Read the article

• Do you think it's a good idea to create a login box as a user control?

  - by Sergio Tapia

  Hi there guys! I'm starting out learning some ASP.Net programming and I'm going to be making a little community website for my friends and myself. I'm trying to pick up some good habits along the way. I was thinking of having a usercontrol and have that 'loginBox' shows the appropriate textboxes and login button, but also show his username when he is logged in. Do you think I should handle this as a user control or am I missing something as an ASP.Net newbie?

  Read the article

• Where is IIS Out-Of-Process in Windows Server 2008?

  - by user303526

  Hi, I've installed all the components of IIS 7 on a Windows Server 2008 box but I don't see IIS Out-Of-Process Pooled Applications in Component Services. How do I get it ? I have a .dll file that I want to drag it here. I have IIS 6 locally and it has IIS Out-Of-Process Pooled Applications under Control Panel - Administrative Tools - Component Services - Computers - My Computer - COM+ Applications. But the same is missing in Windows Server 2008. Thanks, Nandagopal

  Read the article

• replace html tags within xml content with wordML formatting tags

  - by Josh

  I am taking an XML document and creating a word document using XSLT and OpenXML. The problem is that when I create the word document, all of the HTML that is within the CDATA tags are not escaped and look like this: GET /recipe/recipe/cat.php/&gt;&quot;&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt; I have tried defining "cdata-section-elements" in my xsl:output; however I receive an error stating that p tag doesn't match the w:t tag.(the p tag is apart of the CDATA HTML). Here is what one of my xsl templates looks like: <xsl:template match="SECTION"> <w:p w:rsidR="00272D24" w:rsidRPr="00272D24" w:rsidRDefault="00272D24"> <w:pPr> <w:rPr> <w:rFonts w:ascii="Arial" w:hAnsi="Arial" w:cs="Arial"/> </w:rPr> </w:pPr> </xsl:template> <w:r w:rsidRPr="00272D24"> <w:rPr> <w:rFonts w:ascii="Arial" w:hAnsi="Arial" w:cs="Arial"/> </w:rPr> <w:t> <xsl:value-of select="INFORMATION"/> </w:t> </w:r> </w:p> Here is what the xml looks like: <INFORMATION> <![CDATA[ <P> line 1 of information <P> line 2 of information.......]]> </INFORMATION> Here is what the word output looks like: (white space and poor formatting) DIAGNOSIS: <P> line 1 of information. <P> line 2 of information I need to be able to somehow render the HTML or strip out the HTML. If I strip out the HTML then I would have to search for every possible HTML element, which is madness! Any help at all would be appreciated... Thanks.

  Read the article

• CodeIgniter helper inside controllers

  - by kapitanluffy

  can i call helper functions inside controller classes? let's say i have this controller with the _open_form method class User extends Controller { function _open_form($action){ print_r(form_open($action)); } } i tried echoing out the result of form_open() but it returns null. it seems that helper functions can't be called inside controllers if your wondering why i need to use it inside the controller instead in the view because we are required to use the given template parser xD

  Read the article

• How to use java ee 6 @Resource annotation

  - by javamonkey79

  The java ee 6 api has an annotation @Resource with an attribute 'lookup', however, so does the java se 6 api (here). However, since java ee 6 is dependent on java se 6, it seems you can not get at the ee version of the annotation and the 'lookup' attribute. Is this a bug or is there some other way to use this annotation that I am missing. TIA

  Read the article

• Iframe Facebook application and cookies [Internet Explorer]

  - by Joe P

  I have downloaded the IBM P3P editor, created files and uploaded them to my server. And cookies are still not recognized in Internet Explorer. I've checked the P3P validation tool and it seems to validate. The application can be viewed here: apps.facebook.com/naplesnews and the iframe points to www.naplesnews.com/facebook/app/. Again www.naplesnews.com/facebook/app/ seems to validate with no issues as well. Any idea what I'm missing here?

  Read the article

• Set title of SplitViewController

  - by John

  I am using the SplitViewController template. How do I set the title on the topbar in the detailview? Been trying to work this out for hours. Tried simple: detailViewController.title = @"String"; but no luck. Any help appreciated. Thanks.

  Read the article

• Simple Tableless Positioning issue: Trying to float Div right on same line

  - by MrEnder

  Ok I just started a template for a website http://clickforclicks.com/design1/ I'm trying to make it tableless. Notice I have a red div along the side. I tried to get one on the otherside aswell that looked the same. But when I do it. It goes to a new line =[ How might I get this effect without using Javascript or Absolute positioning that wont look proper on all resolution sizes.

  Read the article

• Compile error while adding items to nested dictionary

  - by anshu

  I am trying to created nested dictionary variable like the below, But I get compile error stating that it needs "}" at line where I am adding items (line #2) to my nested dictionary. What Am I missing here? Thanks. Dim myNestedDictionary As Dictionary(Of String, Dictionary(Of String, Integer)) = New Dictionary(Of String, Dictionary(Of String, Integer))() myNestedDictionary.Add("A", New Dictionary("A", 4)())

  Read the article

• Conditional Styling In Silverlight?

  - by DeanMc

  Hi, While I'm fine with standard control styling in silverlight I have recently began using more dynamic methods of fetching data to be displayed in items controls. One of the controls I am reworking is a collection of links. The issue I am having is that each link is coloured differently when moused over. One red, one blue, one green, etc. Is there a way to style these items without sacrificing the dynamics of using an items control with a data template?

  Read the article

• Perl Insert Lines

  - by thebourneid

  How to change this code to insert lines if missing without deleting existing ones tie my @lines, 'Tie::File', $fn or die "could not tie file: $!"; for (my $i = 0; $i < @lines; $i++) { if ($ln_title == 0) { if ($i < $#lines and $lines[$i] =~ /(\s+TRACK \d\d .*)$/) { $lines[$i+1] = ' TITLE ""'; } } } untie @lines;

  Read the article

• Error while using csrf

  - by iHeartDucks

  This is my view function @csrf_request def view_function(request, template_name): c = {} return return render_to_response(template_name, {'recipe' : objRecipeForm}, c, context_instance=RequestContext(request)) I also used a {% csrf_token %} in my template The error I get is render_to_string() got multiple values for keyword argument 'context_instance' I am kinda new with django so any help is appreciated.

  Read the article

< Previous Page | 292 293 294 295 296 297 298 299 300 301 302 303  | Next Page >