Search Results

Search found 43347 results on 1734 pages for 'php security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 413/1734 | < Previous Page | 409 410 411 412 413 414 415 416 417 418 419 420  | Next Page >

  • What is the fastest way for me to become a full stack developer? [on hold]

    - by user136368
    I run a small webdesign firm. I have an overview of HTML, CSS, JS, PHP(laravel), MySQL. I did a few courses on code academy. I wanted to build a web app in the company. I find that I am severely crippled by the lack of programming expertise. I want to become a full stack developer who can build a prototype on his own. I cannot spend 5-10k USD on the boot camp courses. Can someone suggest structured courses which can help me become a full stack developers? I found the following websites but I donot know if they can help me become one. My goal: Be able to make a working prototype of the ideas I come up with.(This is my primary goal. I do not want to be the lead developer. I just want to be able to make a prototype.) Several questions I have in mind: Will it be fine if I stick to PHP(laravel)? Should I be using ROR? I have come across a few online resources: Codeacademy, codeschool,teamtreehouse,and theodinproject. These are within my affordability range. I can commit to a 2-3 months intensively to learn programming. What do you suggest I do?

    Read the article

  • Social Network ( Help) [on hold]

    - by brunocascio
    I am in a great "problem" so to speak , and I need opinions to decide. The problem is to create a social network without knowing the number of users who use it (but if thinking if they were sufficient ) . The question is which language and framework to use .... I do not mind having to learn new technologies and / or languages ??. I am among PHP ( Laravel - Symfony - other? ) Ruby ( Ruby on Rails 4? ) Javascript ( Ember , express, locomotive , other? ) Python ( Django ) Java ( Grails , Play, other?) I have experience in both PHP and frameworks. In Symfony developed part of it, but I got tired having to do a thousand configurations for all . I know very little about Ruby , but I saw very easy . I do not know are saying the performance. Javascript costs me to get used to their paradigm , and do not know if at all sure to cover everything with Javascript. Django and python ( very poor knowledge ) Java , experience in data structure and android , but not web . Regarding the / s databases: In my head I have to MongoDB and costs change of opinion by another database with respect to documentation and EASE performance . But .......... frameworks have no support at all clear . I also thought of mixing technologies for using a tecnlogía backend and the frontend other. As I read in the new social network Origo . They use Symfony for REST and javascript for the frontend . ( Backbone , Underscore and RequireJS ) What do you recommend me ?

    Read the article

  • Facebook require_login() in iFrame App

    - by LapKom
    Hi, I have serious problem with iframe application. I need to use many external JS libraries and other dynamic stuuf so FMBL application can't be done. When I call require_login() I get applicaition installing dialog when app is not already installed, which is ok. But then after authorization application enters an endless redirect loop with parameters like auth_token, installed and so. Yesterday I managed to fix this, but today it's broken again... What the heck is happening with FB? It's driving me crazy to find a sollution, none of ones found on net doesn't seem to be working. So far I tried: http://abhirama.wordpress.com/2010/03/07/facebook-iframe-xfbml-app/ (7th march 2010!) http://forum.developers.facebook.com/viewtopic.php?pid=156092 http://www.keywordintellect.com/facebook-development/how-to-set-up-a-facebook-iframe-application-in-php-in-5-minutes/ http://www.markdeepwell.com/2010/02/validating-a-facebook-session-within-an-iframe/ http://forum.developers.facebook.com/viewtopic.php?pid=210449 http://www.ajaxlines.com/ajax/stuff/article/facebook_fbml_rendering_in_iframe_application.php http://www.aratide.com/php/solving-the-break-out-issue-in-iframe-facebook-applications/ None of the above worked... According to those and some FB docs: http://wiki.developers.facebook.com/index.php/FB_RequireFeatures http://wiki.developers.facebook.com/index.php/Cross_Domain_Communication_Channel My example test files look as follow: <?php //Link in library. require_once '../application/vendor/Facebook/facebook.php'; //Authentication Keys $appapikey = 'XXXX'; $appsecret = 'XXXX'; //Construct the class $facebook = new Facebook($appapikey, $appsecret); //Require login $user_id = $facebook->require_login(); ?> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"> <head> <title></title> </head> <body> <script src="http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script> This is you: <fb:name uid="<?php echo $user_id?>"></fb:name> <?php var_dump($facebook->$this->facebook->api_client->friends_get())?> <script type="text/javascript"> FB_RequireFeatures(["XFBML"], function(){ FB.Facebook.init("<?=$appapikey?>", "xd_receiver.html"); }); </script> </body> </html> And cross-domain file xd_receiver.html is: <!doctype html public "-//w3c//dtd xhtml 1.0 strict//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>cross-domain receiver page</title> </head> <body> <script src="http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script> </body> </html> How do I get it working? I'm using Kohana framework to do this and already replaced header('Location') with url::redirect() in facebook php library.

    Read the article

  • Retreiving dynamic post values

    - by Pankaj Khurana
    Hi I am using tiny table with some input fields for posting in a page. I want to retrieve the data which the user fills up for a particular instrument number. My code <form name="frmDeposit" action="paymentdeposited.php" method="post"> <table cellpadding="0" cellspacing="0" border="0" id="table" class="tinytable" style="width:700px;"> <thead> <tr> <th><h3>Email</h3></th> <th><h3>Amount Paid</h3></th> <th><h3>Instrument Type</h3></th> <th><h3>Instrument No.</h3></th> <th><h3>Date Paid</h3></th> <th class="nosort"><h3>Date Deposited</h3></th> <th class="nosort"><h3>Bank Name</h3></th> <th class="nosort"><h3>Slip No.</h3></th> <th class="nosort"><h3>Submit</h3></th> </tr> </thead> <tbody> <?php foreach($paymentsdeposited as $paymentdeposited) { ?> <tr> <td><?php echo $paymentdeposited[email];?></td> <td><?php echo $paymentdeposited[amount];?></td> <td><?php echo $paymentdeposited[instrument];?></td> <td><?php echo $paymentdeposited[instrumentnumber];?></td> <td><?php echo $paymentdeposited[dated];?></td> <td><input type="text" name="txtDateDeposited_<?php echo $paymentdeposited[pk_paymentinstrumentid];?>" class="field date-pick"/></td> <td><input type="text" name="txtBankName_<?php echo $paymentdeposited[pk_paymentinstrumentid];?>" class="field"/></td> <td><input type="text" name="txtSlipNo_<?php echo $paymentdeposited[pk_paymentinstrumentid];?>" class="field"/><input type="hidden" name="txtPaymentInstrumentNo_<?php echo $paymentdeposited[pk_paymentinstrumentid];?>" value="<?php echo $paymentdeposited[pk_paymentinstrumentid];?>" class="field"/></td> <td><input type="submit" name="btnSubmit1" value="Submit"/></td> </tr> <?php } ?> </tbody> </table> The print_r command outputs Array ( [txtDateDeposited_57] => 2010-05-07 [txtBankName_57] => pnb [txtSlipNo_57] => 121 [txtPaymentInstrumentNo_57] => 57 [btnSubmit1] => Submit [txtDateDeposited_51] => [txtBankName_51] => [txtSlipNo_51] => [txtPaymentInstrumentNo_51] => 51 [txtDateDeposited_52] => [txtBankName_52] => [txtSlipNo_52] => [txtPaymentInstrumentNo_52] => 52 [txtDateDeposited_45] => [txtBankName_45] => [txtSlipNo_45] => [txtPaymentInstrumentNo_45] => 45 [txtDateDeposited_47] => [txtBankName_47] => [txtSlipNo_47] => [txtPaymentInstrumentNo_47] => 47 ) I want to retrieve the values for id 57 for which he has entered values. But i am unable to construct logic for retrieving this value.I want to make it dynamic. Please help me on this. Thanks

    Read the article

  • function fetch() on a non-object problem

    - by shin
    I have this url, http://webworks.net/ww.incs/forgotten-password-verification.php?verification_code=974bf747124c69f12ae3b36afcaccc68&[email protected]&redirect=/ww.admin/index.php And this gives the following error. Fatal error: Call to a member function fetch() on a non-object in /var/www/webworks/ww.incs/basics.php on line 23 Call Stack: 0.0005 338372 1. {main}() /var/www/webworks/ww.incs/forgotten-password-verification.php: 0 0.0020 363796 2. dbRow() /var/www/webworks/ww.incs/forgotten-password-verification.php:18 The forgotten-password-verification.php require 'login-libs.php'; login_check_is_email_provided(); // check that a verification code was provided if( !isset($_REQUEST['verification_code']) || $_REQUEST['verification_code']=='' ){ login_redirect($url,'novalidation'); } // check that the email/verification code combination matches a row in the user table // $password=md5($_REQUEST['email'].'|'.$_REQUEST['password']); $r=dbRow('select * from user_accounts where email="'.addslashes($_REQUEST['email']).'" and verification_code="'.$_REQUEST['verification_code'].'" and active' ); if($r==false){ login_redirect($url,'validationfailed'); } // success! set the session variable, then redirect $_SESSION['userdata']=$r; $groups=json_decode($r['groups']); $_SESSION['userdata']['groups']=array(); foreach($groups as $g)$_SESSION['userdata']['groups'][$g]=true; if($r['extras']=='')$r['extras']='[]'; $_SESSION['userdata']['extras']=json_decode($r['extras']); login_redirect($url); And login-libs, require 'basics.php'; $url='/'; $err=0; function login_redirect($url,$msg='success'){ if($msg)$url.='?login_msg='.$msg; header('Location: '.$url); echo '<a href="'.htmlspecialchars($url).'">redirect</a>'; exit; } // set up the redirect if(isset($_REQUEST['redirect'])){ $url=preg_replace('/[\?\&].*/','',$_REQUEST['redirect']); if($url=='')$url='/'; } // check that the email address is provided and valid function login_check_is_email_provided(){ if( !isset($_REQUEST['email']) || $_REQUEST['email']=='' || !filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL) ){ login_redirect($GLOBALS['url'],'noemail'); } } // check that the captcha is provided function login_check_is_captcha_provided(){ if( !isset($_REQUEST["recaptcha_challenge_field"]) || $_REQUEST["recaptcha_challenge_field"]=='' || !isset($_REQUEST["recaptcha_response_field"]) || $_REQUEST["recaptcha_response_field"]=='' ){ login_redirect($GLOBALS['url'],'nocaptcha'); } } // check that the captcha is valid function login_check_is_captcha_valid(){ require 'recaptcha.php'; $resp=recaptcha_check_answer( RECAPTCHA_PRIVATE, $_SERVER["REMOTE_ADDR"], $_REQUEST["recaptcha_challenge_field"], $_REQUEST["recaptcha_response_field"] ); if(!$resp->is_valid){ login_redirect($GLOBALS['url'],'invalidcaptcha'); } } basics.php is, session_start(); function __autoload($name) { require $name . '.php'; } function dbInit(){ if(isset($GLOBALS['db']))return $GLOBALS['db']; global $DBVARS; $db=new PDO('mysql:host='.$DBVARS['hostname'].';dbname='.$DBVARS['db_name'],$DBVARS['username'],$DBVARS['password']); $db->query('SET NAMES utf8'); $db->num_queries=0; $GLOBALS['db']=$db; return $db; } function dbQuery($query){ $db=dbInit(); $q=$db->query($query); $db->num_queries++; return $q; } function dbRow($query) { $q = dbQuery($query); return $q->fetch(PDO::FETCH_ASSOC); } define('SCRIPTBASE', $_SERVER['DOCUMENT_ROOT'] . '/'); require SCRIPTBASE . '.private/config.php'; if(!defined('CONFIG_FILE'))define('CONFIG_FILE',SCRIPTBASE.'.private/config.php'); set_include_path(SCRIPTBASE.'ww.php_classes'.PATH_SEPARATOR.get_include_path()); I am not sure how to solve the problem. Any help will be appreciated. Thanks in advance. UPDATE: My db CREATE TABLE IF NOT EXISTS `user_accounts` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `email` text, `password` char(32) DEFAULT NULL, `active` tinyint(4) DEFAULT '0', `groups` text, `activation_key` varchar(32) DEFAULT NULL, `extras` text, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ; INSERT INTO `user_accounts` (`id`, `email`, `password`, `active`, `groups`, `activation_key`, `extras`) VALUES (2, '[email protected]', '6d24dde9d56b9eab99a303a713df2891', 1, '["_superadministrators"]', '5d50e39420127d0bab44a56612f2d89b', NULL), (3, '[email protected]', 'e83052ab33df32b94da18f6ff2353e94', 1, '[]', NULL, NULL), (9, '[email protected]', '9ca3eee3c43384a575eb746eeae0f279', 1, '["_superadministrators"]', '974bf747124c69f12ae3b36afcaccc68', NULL);

    Read the article

  • Security benefits from a second opinion, are there flaws in my plan to hash & salt user passwords vi

    - by Tchalvak
    Here is my plan, and goals: Overall Goals: Security with a certain amount of simplicity & database-to-database transferrability, 'cause I'm no expert and could mess it up and I don't want to have to ask a lot of users to reset their passwords. Easy to wipe the passwords for publishing a "wiped" databased of test data. (e.g. I'd like to be able to use a postgresql statement to simply reset all passwords to something simple so that testers can use that testing data for themselves). Plan: Hashing the passwords Account creation records the original email that an account is created with, forever. A global salt is used, e.g. "90fb16b6901dfceb73781ba4d8585f0503ac9391". An account specific salt, the original email the account was created with, is used, e.g. "[email protected]". The users's password is used, e.g. "password123" (I'll be warning against weak passwords in the signup form) The combination of the global salt, account specific salt, and password is hashed via some hashing method in postgresql (haven't been able to find documentation for hashing functions in postgresql, but being able to use sha-2 or something like that would be nice if I could find it). The hash gets stored in the database. Recovering an account To change their password, they have to go through standard password reset (and that reset email gets sent to the original email as well as the most recent account email that they have set). Flaws? Are there any flaws with this that I need to address? And are there best practices to doing hashing fully within postgresql?

    Read the article

  • Wordpress: how to call a plugin function with an ajax call?

    - by Bee
    I'm writing a Wordpress MU plugin, it includes a link with each post and I want to use ajax to call one of the plugin functions when the user clicks on this link, and then dynamically update the link-text with output from that function. I'm stuck with the ajax query. I've got this complicated, clearly hack-ish, way to do it, but it is not quite working. What is the 'correct' or 'wordpress' way to include ajax functionality in a plugin? (My current hack code is below. When I click the generate link I don't get the same output I get in the wp page as when I go directly to sample-ajax.php in my browser.) I've got my code[1] set up as follows: mu-plugins/sample.php: <?php /* Plugin Name: Sample Plugin */ if (!class_exists("SamplePlugin")) { class SamplePlugin { function SamplePlugin() {} function addHeaderCode() { echo '<link type="text/css" rel="stylesheet" href="'.get_bloginfo('wpurl'). '/wp-content/mu-plugins/sample/sample.css" />\n'; wp_enqueue_script('sample-ajax', get_bloginfo('wpurl') . '/wp-content/mu-plugins/sample/sample-ajax.js.php', array('jquery'), '1.0'); } // adds the link to post content. function addLink($content = '') { $content .= "<span class='foobar clicked'><a href='#'>click</a></span>"; return $content; } function doAjax() { // echo "<a href='#'>AJAX!</a>"; } } } if (class_exists("SamplePlugin")) { $sample_plugin = new SamplePlugin(); } if (isset($sample_plugin)) { add_action('wp_head',array(&$sample_plugin,'addHeaderCode'),1); add_filter('the_content', array(&$sample_plugin, 'addLink')); } mu-plugins/sample/sample-ajax.js.php: <?php if (!function_exists('add_action')) { require_once("../../../wp-config.php"); } ?> jQuery(document).ready(function(){ jQuery(".foobar").bind("click", function() { var aref = this; jQuery(this).toggleClass('clicked'); jQuery.ajax({ url: "http://mysite/wp-content/mu-plugins/sample/sample-ajax.php", success: function(value) { jQuery(aref).html(value); } }); }); }); mu-plugins/sample/sample-ajax.php: <?php if (!function_exists('add_action')) { require_once("../../../wp-config.php"); } if (isset($sample_plugin)) { $sample_plugin->doAjax(); } else { echo "unset"; } ?> [1] Note: The following tutorial got me this far, but I'm stumped at this point. http://www.devlounge.net/articles/using-ajax-with-your-wordpress-plugin

    Read the article

  • Unexpected space between DIV elements, no - not padding and not margins

    - by jon
    my code for the php page displaying the divs <?php session_start(); require_once("classlib/mainspace.php"); if (isset($_SESSION['username'])==FALSE) { header("location:login.php"); } $user = new User($_SESSION['username']); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="style/style.css" /> <title>SimpleTask - Home</title> </head> <body> <div id="main"> <div id="menu"> <div id="items"> <ul> <li><a href="home.php">home</a></li> <li>&bull;</li> <li><a href="projects.php">my projects</a></li> <li>&bull;</li> <li><a href="comments.php">my comments</a></li> </ul> </div> <div id="user"> <p>Welcome, <?php echo $user->GetRealName(); ?><br/><a href="editprofile.php">edit profile</a> &bull; <a href="logout.php">logout</a></p> </div> </div> <div id="content"> <h1>HOME</h1> </div> <div id="footer"> <p>footer text goes here here here here</p> </div> </div> </body> </html> and you can find my CSS here http://tasker.efficaxdevelopment.com/style/style.css and to view the live page go here http://tasker.efficaxdevelopment.com/login.php username:admin password:password

    Read the article

  • How do I convert the below PHP code to VB.NET?

    - by Greg
    How do I convert the below PHP code to VB.NET? <?php $X_HOST ="foo.com"; $X_URL = "/index.php"; $X_PORT ="8080"; $X_USERNAME = "foo"; $X_PASSWORD = "bar"; $s_POST_DATA = "Channel=UK.VODAFONE"; // Channel $s_POST_DATA .= "&Shortcode=12345"; // Shortcode $s_POST_DATA .= "&SourceReference=3456"; // Source Reference $s_POST_DATA .= "&MSISDN=447811111111"; // Phone $s_POST_DATA .= "&Content=test"; // Content $s_POST_DATA .= "&DataType=0"; // Data Type $s_POST_DATA .= "&Premium=1"; // Premium $s_POST_DATA .= "&CampaignID=4321"; // CampaignID $s_Request = "POST ".$X_URL." HTTP/1.0\r\n"; $s_Request .="Host: ".$X_HOST.":".$X_PORT."\r\n"; $s_Request .="Authorization: Basic ".base64_encode($X_USERNAME.":".$X_PASSWORD)."\r\n"; $s_Request .="Content-Type: application/x-www-form-urlencoded\r\n"; $s_Request .="Content-Length: ".strlen($s_POST_DATA)."\r\n"; $s_Request .="\r\n".$s_POST_DATA; //Sends out the request to the server. $fp = fsockopen ($X_HOST, $X_PORT, $errno, $errstr, 30) or die("Error!!!"); fputs ($fp, $s_Request); while (!feof($fp)) { $s_GatewayResponse .= fgets ($fp, 128); } fclose ($fp); //Array of official response codes. $a_Responses = array( "100" => "Server has returned an unspecified error.", "101" => "Server successfully received the request.", "102" => "Server has returned an database error", "103" => "Server has returned an syntax error." ); echo "<HTML>\n<BODY>\n\n"; //Checks for an official response code. foreach ($a_Responses as $s_ResponseCode => $s_ResponseDescription) { if (stristr($s_GatewayResponse, "\n$s_ResponseCode\n")) { echo "A response code of $s_ResponseCode was returned – "; echo $s_ResponseDescription"; $b_CodeReturned = true; } } //Checks for an authorization failure where an official response code has //not been recognized. if (!$b_CodeReturned) { if (stristr($s_GatewayResponse, "HTTP/1.1 401")) { echo "The server rejected your username/password (HTTP 401)."; } else { echo "No recognised response code was returned by the server."; } } echo "\n\n</BODY>\n</HTML>"; ?> and <?php $s_ref = $HTTP_POST_VARS["Reference"]; // Reference $s_trg = $HTTP_POST_VARS["Trigger"]; // trigger $s_shc = $HTTP_POST_VARS["Shortcode"]; // shortcode $s_pho = $HTTP_POST_VARS["MSISDN"]; // MSISDN $s_con = $HTTP_POST_VARS["Content"]; // Content $s_chn = $HTTP_POST_VARS["Channel"]; // Channel $s_pay = $HTTP_POST_VARS["DataType"]; // Data Type $s_dat = $HTTP_POST_VARS["DateReceived"]; // Date Received $s_cam = $HTTP_POST_VARS["CampaignID"]; // CampaignID $b_IsValid = getValidateRequest($s_ref, $s_trg, $s_shc, $s_pho, $s_con, $s_cam, $s_chn, $s_pay, $s_dat); if ($b_IsValid) { $s_ResponseCode = "success"; } else { $s_ResponseCode = "fail"; } exit($s_ResponseCode); /*******************************************************************************/ function getValidateRequest ($s_req_ref, $s_req_trg, $s_req_shc, $s_req_pho, $s_req_con, $s_req_cam, $s_req_chn, $s_req_pay, $s_req_dat) { /* * Stub function to be replaced with whatever process is needed to * process/validate request from server by specific client requirements. */ return(true); } ?> lastly <?php $s_ref = $HTTP_POST_VARS["Reference"]; // Reference $s_sta = $HTTP_POST_VARS["Status"]; // Status $s_dat = $HTTP_POST_VARS["DateDelivered"]; // Date Delivered $b_IsValid = getValidateReceipt($s_ref, $s_sta, $s_dat); if ($b_IsValid) { $s_ResponseCode = "success"; } else { $s_ResponseCode = "fail"; } exit($s_ResponseCode); /*******************************************************************************/ function getValidateReceipt ($s_req_ref, $s_req_sta, $s_req_dat) { /* * Stub function to be replaced with whatever process is needed to * process/validate receipts from server by specific client requirements. */ return(true); } ?> Thank you very much in advance Regards Greg

    Read the article

  • Making a Login Work After Cache, Cookies, etc. Have Been Cleared

    - by John
    Hello, I am using the code below for a user login. The first I try to login after cache / cookies, etc. have been cleared, the browser refreshes and the user name is not logged in. After that, logging in works fine. Any idea how I can make it work the first time? Thanks in advance, John index.php: <?php if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../index.php?username='.$username.'&password='.$password.'');} require_once "header.php"; include "login.php"; require_once "footer.php"; ?> login.php: <?php if (!isLoggedIn()) { if (isset($_POST['cmdlogin'])) { if (checkLogin($_POST['username'], $_POST['password'])) { show_userbox(); } else { echo "Incorrect Login information !"; show_loginform(); } } else { show_loginform(); } } else { show_userbox(); } ?> show_loginform function: function show_loginform($disabled = false) { echo '<form name="login-form" id="login-form" method="post" action="./index.php?'.$_SERVER['QUERY_STRING'].'"> <div class="usernameformtext"><label title="Username">Username: </label></div> <div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div> <div class="passwordformtext"><label title="Password">Password: </label></div> <div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div> <div class="registertext"><a href="http://www...com/.../register.php" title="Register">Register</a></div> <div class="lostpasswordtext"><a href="http://www...com/.../lostpassword.php" title="Lost Password">Lost password?</a></div> <p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" '; if ($disabled == true) { echo 'disabled="disabled"'; } echo ' /></p></form>'; }

    Read the article

  • Paypal development. encrypt transactions. php p12

    - by ninchen
    when i take a look at the paypal documentation, they say "Note that the PayPal SDK for PHP does not require SSL encryption". https://developer.paypal.com/docs/classic/api/apiCredentials/#encrypting-your-certificate Is the statement of this phrase, that i don't have to create a p12 certificate when working with php, but use the public_key.pem and paypal_public_key.pem? If yes: Is it secure enough to create the encrypted form input elements without p12 certificate? If no: What do they mean? :-) Before this question came up, i've tested this little programm. http://www.softarea51.com/blog/how-to-integrate-your-custom-shopping-cart-with-paypal-website-payments-standard-using-php/ There is a config file paypal-wps-config.inc.php where i can define the paths to my certificates. // tryed to use // 'paypal_cert.p12 '; $config['private_key_path'] = '/home/folder/.cert/pp/prvkey.pem'; // must match the one you set when you created the private key $config['private_key_password'] = ''; //'my_password'; When i try to use the p12 certificate, openssl_error_string() returns "Could not sign data: error:0906D06C:PEM routines:PEM_read_bio:no start line openssl_pkcs7_sign When i instead use the prvkey.pem without password all works fine. Here is the function, which signs and encrypt the data. function signAndEncrypt($dataStr_, $ewpCertPath_, $ewpPrivateKeyPath_, $ewpPrivateKeyPwd_, $paypalCertPath_) { $dataStrFile = realpath(tempnam('/tmp', 'pp_')); $fd = fopen($dataStrFile, 'w'); if(!$fd) { $error = "Could not open temporary file $dataStrFile."; return array("status" => false, "error_msg" => $error, "error_no" => 0); } fwrite($fd, $dataStr_); fclose($fd); $signedDataFile = realpath(tempnam('/tmp', 'pp_')); **// here the error came from** if(!@openssl_pkcs7_sign( $dataStrFile, $signedDataFile, "file://$ewpCertPath_", array("file://$ewpPrivateKeyPath_", $ewpPrivateKeyPwd_), array(), PKCS7_BINARY)) { unlink($dataStrFile); unlink($signedDataFile); $error = "Could not sign data: ".openssl_error_string(); return array("status" => false, "error_msg" => $error, "error_no" => 0); } unlink($dataStrFile); $signedData = file_get_contents($signedDataFile); $signedDataArray = explode("\n\n", $signedData); $signedData = $signedDataArray[1]; $signedData = base64_decode($signedData); unlink($signedDataFile); $decodedSignedDataFile = realpath(tempnam('/tmp', 'pp_')); $fd = fopen($decodedSignedDataFile, 'w'); if(!$fd) { $error = "Could not open temporary file $decodedSignedDataFile."; return array("status" => false, "error_msg" => $error, "error_no" => 0); } fwrite($fd, $signedData); fclose($fd); $encryptedDataFile = realpath(tempnam('/tmp', 'pp_')); if(!@openssl_pkcs7_encrypt( $decodedSignedDataFile, $encryptedDataFile, file_get_contents($paypalCertPath_), array(), PKCS7_BINARY)) { unlink($decodedSignedDataFile); unlink($encryptedDataFile); $error = "Could not encrypt data: ".openssl_error_string(); return array("status" => false, "error_msg" => $error, "error_no" => 0); } unlink($decodedSignedDataFile); $encryptedData = file_get_contents($encryptedDataFile); if(!$encryptedData) { $error = "Encryption and signature of data failed."; return array("status" => false, "error_msg" => $error, "error_no" => 0); } unlink($encryptedDataFile); $encryptedDataArray = explode("\n\n", $encryptedData); $encryptedData = trim(str_replace("\n", '', $encryptedDataArray[1])); return array("status" => true, "encryptedData" => $encryptedData); } // signAndEncrypt } // PPCrypto The main questions: 1. Is it possible to use p12 cert with php, or is it secure enough to work without it? 2. Why i become an error when using openssl_pkcs7_sign Please help. Greetings ninchen

    Read the article

  • Unexpected space between DIV elements

    - by jon
    my code for the php page displaying the divs <?php session_start(); require_once("classlib/mainspace.php"); if (isset($_SESSION['username'])==FALSE) { header("location:login.php"); } $user = new User($_SESSION['username']); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="style/style.css" /> <title>SimpleTask - Home</title> </head> <body> <div id="main"> <div id="menu"> <div id="items"> <ul> <li><a href="home.php">home</a></li> <li>&bull;</li> <li><a href="projects.php">my projects</a></li> <li>&bull;</li> <li><a href="comments.php">my comments</a></li> </ul> </div> <div id="user"> <p>Welcome, <?php echo $user->GetRealName(); ?><br/><a href="editprofile.php">edit profile</a> &bull; <a href="logout.php">logout</a></p> </div> </div> <div id="content"> <h1>HOME</h1> </div> <div id="footer"> <p>footer text goes here here here here</p> </div> </div> </body> </html> and you can find my CSS here http://tasker.efficaxdevelopment.com/style/style.css and to view the live page go here http://tasker.efficaxdevelopment.com/login.php username:admin password:password

    Read the article

  • Framework 4 Features: Login Id Support

    - by Anthony Shorten
    Given that Oracle Utilities Application Framework 4 is available as part of Mobile Work Force Management and other product progressively I am preparing a number of short but sweet blog entries highlighting some of the new functionality that has been implemented. This is the first entry and it is on a new security feature called Login Id. In past releases of the Oracle Utilities Application Framework, the userid used for authentication and authorization was limited to eight (8) characters in length. This mirrored what the market required in the past with LAN userids and even legacy userids being that length. The technology market has since progressed to longer userid lengths. It is very common to hear that email addresses are being used as credentials for production systems. To achieve this in past versions of the Oracle Utilities Application Framework, sites had to introduce a short userid (8 characters in length) as an alias in your preferred security store. You then configured your J2EE Web Application Server to use the alias as credentials. This sometimes was a standard feaure of the security store and/or the J2EE Web Application Server, if you were lucky. If not, some java code has to be written to implement the solution. In Oracle Utilities Application Framework 4 we introduced a new attribute on the user object called Login Id. The Login Id can be up to 256 characters in length and is an alternative to the existing userid stored on the user object. This means the Oracle Utilities Application Framework can support both long and short userids. For backward compatibility we use the Login Id for authentication but the short userid for authorization and auditing. The user object within the Oracle Utilities Application Framework holds the translation. Backward compatibility is always a consideration in any of our designs for future or changed functionality. You will see reference to this fact in the blog entries I will be composing over the next few months. We have also thought about the flexibility in implementing this feature. The Login Id can be the same value of the Userid (the default for backward compatibility) or can be different. Both the Login Id and Userid have to be unique. This avoids sharing of credentials and is also backward compatible. You can manually enter the Login Id or provision it from Oracle Identity Manager (or other tool). If you use the Login Id only, then we will not autogenerate a short userid automatically as the rules for this can vary from site to site. You have a number of options there. Most Identity provisioning tools can generate a short userid at user creation time and this can be used. If you do not use provisioning tools, then you can write a class extension using the SDK to autoegenerate the userid based upon your sites preference. When we designed the feature there were lots of styles of generating userids (random, initial and surname, numbers etc). We could not really see a clear winner in that respect so we just allowed the extension to be inserted in if necessary. Most customers indicated to us that identity provisioning was the preferred way. This is why we released an Oracle Identity Manager integration with the framework. The Login id is case sensitive now which was not supported under userid. The introduction of the Login Id allows the product to offer flexible options when configuring security whilst maintaining backward compatibility.

    Read the article

  • Mysql query does not update row [closed]

    - by Gerculy Robert
    // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // get value of id that sent from address bar /*$id=$_GET['$usrid'];*/ // Retrieve data from database $sql="SELECT * FROM user WHERE id='$usrid'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <form name="form1" method="post" action="update.php"> <td> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td>&nbsp;</td> <td colspan="3"><strong>Update site info</strong> </td> </tr> <tr> <td align="center">&nbsp;</td> <td align="center">&nbsp;</td> <td align="center">&nbsp;</td> <td align="center">&nbsp;</td> </tr> <tr> <td align="center">&nbsp;</td> <td align="center"><strong>User Name</strong></td> <td align="center"><strong>Site url</strong></td> <td align="center"><strong>Url banner</strong></td> </tr> <tr> <td>&nbsp;</td> <td align="center"> <input name="username" type="text" id="username" value="<? echo $rows['username']; ?>"> </td> <td align="center"> <input name="siteurl" type="text" id="siteurl" value="<? echo $rows['siteurl']; ?>" size="40"> </td> <td> <input name="urlbanner" type="text" id="urlbanner" value="<? echo $rows['urlbanner']; ?>" size="40"> </td> </tr> <tr> <td>&nbsp;</td> <td> <input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>"> </td> <td align="center"> <input type="submit" name="Submit" value="Submit"> </td> <td>&nbsp;</td> </tr> </table> </td> </form> </tr> </table> <?php // close connection mysql_close(); ?> // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // update data in mysql database $sql="update user SET siteurl='$siteurl', username='$username', urlbanner='$urlbanner' WHERE id=$usrid"; $result=mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='edit.php'>View result</a>"; } else { echo "ERROR"; } Hello, I have this two pages wich should update 3 rows. The problem is it does not update all , only 2 . I tried over 1 hour to find the problem but nothing. The row , siteurl, is not being updated at all . The table is : varchar(255) Database and session is ok. Any idea ? It's just a simple update code , should work fine :(

    Read the article

  • Spring Security and the Synchronizer Token J2EE pattern, problem when authentication fails.

    - by dfuse
    Hey, we are using Spring Security 2.0.4. We have a TransactionTokenBean which generates a unique token each POST, the bean is session scoped. The token is used for the duplicate form submission problem (and security). The TransactionTokenBean is called from a Servlet filter. Our problem is the following, after a session timeout occured, when you do a POST in the application Spring Security redirects to the logon page, saving the original request. After logging on again the TransactionTokenBean is created again, since it is session scoped, but then Spring forwards to the originally accessed url, also sending the token that was generated at that time. Since the TransactionTokenBean is created again, the tokens do not match and our filter throws an Exception. I don't quite know how to handle this elegantly, (or for that matter, I can't even fix it with a hack), any ideas? This is the code of the TransactionTokenBean: public class TransactionTokenBean implements Serializable { public static final int TOKEN_LENGTH = 8; private RandomizerBean randomizer; private transient Logger logger; private String expectedToken; public String getUniqueToken() { return expectedToken; } public void init() { resetUniqueToken(); } public final void verifyAndResetUniqueToken(String actualToken) { verifyUniqueToken(actualToken); resetUniqueToken(); } public void resetUniqueToken() { expectedToken = randomizer.getRandomString(TOKEN_LENGTH, RandomizerBean.ALPHANUMERICS); getLogger().debug("reset token to: " + expectedToken); } public void verifyUniqueToken(String actualToken) { if (getLogger().isDebugEnabled()) { getLogger().debug("verifying token. expected=" + expectedToken + ", actual=" + actualToken); } if (expectedToken == null || actualToken == null || !isValidToken(actualToken)) { throw new IllegalArgumentException("missing or invalid transaction token"); } if (!expectedToken.equals(actualToken)) { throw new InvalidTokenException(); } } private boolean isValidToken(String actualToken) { return StringUtils.isAlphanumeric(actualToken); } public void setRandomizer(RandomizerBean randomizer) { this.randomizer = randomizer; } private Logger getLogger() { if (logger == null) { logger = Logger.getLogger(TransactionTokenBean.class); } return logger; } } and this is the Servlet filter (ignore the Ajax stuff): public class SecurityFilter implements Filter { static final String AJAX_TOKEN_PARAM = "ATXTOKEN"; static final String TOKEN_PARAM = "TXTOKEN"; private WebApplicationContext webApplicationContext; private Logger logger = Logger.getLogger(SecurityFilter.class); public void init(FilterConfig config) { setWebApplicationContext(WebApplicationContextUtils.getWebApplicationContext(config.getServletContext())); } public void destroy() { } public void doFilter(ServletRequest req, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; if (isPostRequest(request)) { if (isAjaxRequest(request)) { log("verifying token for AJAX request " + request.getRequestURI()); getTransactionTokenBean(true).verifyUniqueToken(request.getParameter(AJAX_TOKEN_PARAM)); } else { log("verifying and resetting token for non-AJAX request " + request.getRequestURI()); getTransactionTokenBean(false).verifyAndResetUniqueToken(request.getParameter(TOKEN_PARAM)); } } chain.doFilter(request, response); } private void log(String line) { if (logger.isDebugEnabled()) { logger.debug(line); } } private boolean isPostRequest(HttpServletRequest request) { return "POST".equals(request.getMethod().toUpperCase()); } private boolean isAjaxRequest(HttpServletRequest request) { return request.getParameter("AJAXREQUEST") != null; } private TransactionTokenBean getTransactionTokenBean(boolean ajax) { return (TransactionTokenBean) webApplicationContext.getBean(ajax ? "ajaxTransactionTokenBean" : "transactionTokenBean"); } void setWebApplicationContext(WebApplicationContext context) { this.webApplicationContext = context; } }

    Read the article

  • Getting Started with ASP.NET Membership, Profile and RoleManager

    - by Ben Griswold
    A new ASP.NET MVC project includes preconfigured Membership, Profile and RoleManager providers right out of the box.  Try it yourself – create a ASP.NET MVC application, crack open the web.config file and have a look.  First, you’ll find the ApplicationServices database connection: <connectionStrings>   <add name="ApplicationServices"        connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"        providerName="System.Data.SqlClient"/> </connectionStrings>   Notice the connection string is referencing the aspnetdb.mdf database hosted by SQL Express and it’s using integrated security so it’ll just work for you without having to call out a specific database login or anything. Scroll down the file a bit and you’ll find each of the three noted sections: <membership>   <providers>     <clear/>     <add name="AspNetSqlMembershipProvider"          type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"          connectionStringName="ApplicationServices"          enablePasswordRetrieval="false"          enablePasswordReset="true"          requiresQuestionAndAnswer="false"          requiresUniqueEmail="false"          passwordFormat="Hashed"          maxInvalidPasswordAttempts="5"          minRequiredPasswordLength="6"          minRequiredNonalphanumericCharacters="0"          passwordAttemptWindow="10"          passwordStrengthRegularExpression=""          applicationName="/"             />   </providers> </membership>   <profile>   <providers>     <clear/>     <add name="AspNetSqlProfileProvider"          type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"          connectionStringName="ApplicationServices"          applicationName="/"             />   </providers> </profile>   <roleManager enabled="false">   <providers>     <clear />     <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />     <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />   </providers> </roleManager> Really. It’s all there. Still don’t believe me.  Run the application, walk through the registration process and finally login and logout.  Completely functional – and you didn’t have to do a thing! What else?  Well, you can manage your users via the Configuration Manager which is hiding in Visual Studio behind Projects > ASP.NET Configuration. The ASP.NET Web Site Administration Tool isn’t MVC-specific (neither is the Membership, Profile or RoleManager stuff) but it’s neat and I hardly ever see anyone using it.  Here you can set up and edit users, roles, and set access permissions for your site. You can manage application settings, establish your SMTP settings, configure debugging and tracing, define default error page and even take your application offline.  The UI is rather plain-Jane but it works great. And here’s the best of all.  Let’s say you, like most of us, don’t want to run your application on top of the aspnetdb.mdf database.  Let’s suppose you want to use your own database and you’d like to add the membership stuff to it.  Well, that’s easy enough. Take a look inside your [drive:]\%windir%\Microsoft.Net\Framework\v2.0.50727\ folder.  Here you’ll find a bunch of files.  If you were to run the InstallCommon.sql, InstallMembership.sql, InstallRoles.sql and InstallProfile.sql files against the database of your choices, you’d be installing the same membership, profile and role artifacts which are found in the aspnet.db to your own database.  Too much trouble?  Okay. Run [drive:]\%windir%\Microsoft.Net\Framework\v2.0.50727\aspnet_regsql.exe from the command line instead.  This will launch the ASP.NET SQL Server Setup Wizard which walks you through the installation of those same database objects into the new or existing database of your choice. You may not always have the luxury of using this tool on your destination server, but you should use it whenever you can.  Last tip: don’t forget to update the ApplicationServices connectionstring to point to your custom database after the setup is complete. At the risk of sounding like a smarty, everything I’ve mentioned in this post has been around for quite a while. The thing is that not everyone has had the opportunity to use it.  And it makes sense. I know I’ve worked on projects which used custom membership services.  Why bother with the out-of-the-box stuff, right?   And the .NET framework is so massive, who can know it all. Well, eventually you might have a chance to architect your own solution using any implementation you’d like or you will have the time to play around with another aspect of the framework.  When you do, think back to this post.

    Read the article

  • OFM 11g: OAM SSO for Forms and ADF Faces

    - by olaf.heimburger
    In my blog entry OFM 11g: Implementing OAM SSO with Forms we set the foundation for providing a complete Single Sign-On solution based on Oracle Access Manager (OAM). This foundation should now be used to combine Forms 11g and ADF Faces 11g applications with a transparent login. The Beginning Before we start, lets re-consider the requirements to achieve the ultimate goal. These are:- Access to the Forms 11g Application must be authenticated by OAM (protected). Access to the ADF Faces 11g Application must be authenticated by OAM (protected). Switching from one application to the other should not result in a re-authentication (aka single sign-on). User identity should be availble to the application without any extra work in the application code. All these are the common requirements for a single sign-on solution. The challenge here is that Forms relies on Oracle AS SSO (OSSO or "the old SSO") while ADF Faces is quite open and can be protected by Oracle AS SSO and Oracle Access Manager SSO (OAM SSO or "the modern SSO"). Both application types can use their own login mechanism. The Forms 11g Application To demonstrate the SSO functionality, we use the standard Forms test (/forms/frmservlet?form=test.fmx). Although this shows nothing specific in the Forms application, it is good enough to demonstrate that it is protected. The ADF Faces 11g Application With ADF 11g you can develop quite a number of useful Faces based applications. Among many features, it comes with the ADF Security feature that provides you with functionality to protect your pages, regions, and even TaskFlows from un-authenticated usage in a declarative way.To demonstrate that functionality a sample application with different access levels plus a login dialog is used. This application comes with a publc page that has protected content (a button). Once you are authenticated for the application, the protected content and some personalisation (the users name) is shown. Protecting Forms 11g As already explained in the OFM 11g: Implementing OAM SSO with Forms, the easiest way to protect a Forms application is to configure it as a OSSO partner application, setup mod_osso, test it, migrate OSSO to OAM SSO with the Upgrade Agent, reconfigure mod_osso, and you are done.Sort of. By default the OAM is configured to run in co-exist mode. This means that a user has to re-authenticate to the Forms application when logged into an OAM SSO application before. To avoid this, you must disable the co-exist mode, for example by using WLST and issue the disableCoexistMode on the OAM server. Protecting ADF Faces 11g To protect an ADF Faces 11g application we have to consider two scenarios: Use a HTTPD server in front of WLS Use WLS without a HTTPD server Both scenarios have their pro's and cons' and we won't get into details and just describe how to configure both. Scenario 1: HTTPD Server with WLS In this scenario we have to setup the environment in some steps:- Configure a WebGate at OAMThis configuration can be done through the OAM console or by a script. No matter which way you choose, the WebGate configuration files will be created for you. Install the OAM WebGate into an HTTPD serverThe type of webgate you need to install depends on you HTTPD server. With Oracle HTTP Server 11g you can use the latest OAM 11g WebGate. With other HTTPD servers you must resort to OAM 10g WebGates. A OAM 11g WebGate can use the pre-created configuration files supplied during the WebGate configuration at OAM. An OAM 10g WebGate asks for the specific configuration and verifies it during installation. Configure the WLS plugin to forward the requests to WLSAgain, depending on your HTTPD Server you have different plugins to forward requests to WLS. With OHS 11g you can use the pre-installed mod_wl_ohs plugin. Its configuration is quite simple and straightforward. Configure an OAM SSPI Provider as a IdentityAsserter in WLS to retrieve the user identifierThis configuration is quite important as it retrieves the user identifier for the next step. If you have a SOA Suite installation within your OFM_HOME, the necessary software is already installed and you only need to setup your Security Realm within WLS.You can do this by pointing your browser to the WLS Console, log in as administrator, select the Security Realm (usually myrealm), and select Providers. We add the OAMIdentityAsserter as the first SSPI Provider. It is important that the Control Flag is set to SUFFICIENT. Every other configuration can be left as is, no changes are necessary here. Configure an OAM Identity Provider to get the real user identityIn OFM 11g: Implementing OAM SSO with Forms we have configured an OID as Identity Store. To get the user identity we need to configure the same OID as an SSPI Provider for WLS. This will retrieve the real user information from OID and creates the JAAS Subject and Principals to be used by any application within WLS.Again, you can do this by pointing your browser to the WLS Console, log in as administrator, select the Security Realm (usually myrealm), and select Providers. Now add the OIDAuthenticator as the second SSPI Provider. It is important that the Control Flag is set to OPTIONAL. After we saved this setup, we need to configure this provider by setting the Provider Specific details to access OID. Scenario 2: WLS only This scenario is a bit easier but requires more work in the WLS setup:- Configure a WebGate at OAMThis configuration can be done through the OAM console or by a script. No matter which way you choose, the WebGate configuration files will be created for you. Configure the OAM SSPI Provider as IdentityAuthenticator to authenticate and set the user identifierWhen using the OAM SSPI Provider as OAMAuthenticator we create it with the Control Flag as SUFFICIENT. Afte saving it, the Provider Specific settings must be configured to allow the OAM SSPI Provider to connect to the OAM Server. Configure an OAM Identity Provider to get the real user identity providerAgain, you can do this by pointing your browser to the WLS Console, log in as administrator, select the Security Realm (usually myrealm), and select Providers. Now add the OIDAuthenticator as the second SSPI Provider. It is important that the Control Flag is set to OPTIONAL. After we saved this setup, we need to configure this provider by setting the Provider Specific details to access OID. Configure ADF 11g Application for OAM Actually, there are no changes to be made within the ADF application. We only need to add the value CLIENT_CERT to the <auth-mode> tag in the <login-config> tag in the web.xml file. Testing To test the configuration, simply point your browser to one of both appliction URLs. OAM should kick in and redirect you to the OAM Login page. After you have entered the correct credentials, access to the URLs is granted and you will see the application. Enjoy!

    Read the article

  • How to Recover From a Virus Infection: 3 Things You Need to Do

    - by Chris Hoffman
    If your computer becomes infected with a virus or another piece of malware, removing the malware from your computer is only the first step. There’s more you need to do to ensure you’re secure. Note that not every antivirus alert is an actual infection. If your antivirus program catches a virus before it ever gets a chance to run on your computer, you’re safe. If it catches the malware later, you have a bigger problem. Change Your Passwords You’ve probably used your computer to log into your email, online banking websites, and other important accounts. Assuming you had malware on your computer, the malware could have logged your passwords and uploaded them to a malicious third party. With just your email account, the third party could reset your passwords on other websites and gain access to almost any of your online accounts. To prevent this, you’ll want to change the passwords for your important accounts — email, online banking, and whatever other important accounts you’ve logged into from the infected computer. You should probably use another computer that you know is clean to change the passwords, just to be safe. When changing your passwords, consider using a password manager to keep track of strong, unique passwords and two-factor authentication to prevent people from logging into your important accounts even if they know your password. This will help protect you in the future. Ensure the Malware Is Actually Removed Once malware gets access to your computer and starts running, it has the ability to do many more nasty things to your computer. For example, some malware may install rootkit software and attempt to hide itself from the system. Many types of Trojans also “open the floodgates” after they’re running, downloading many different types of malware from malicious web servers to the local system. In other words, if your computer was infected, you’ll want to take extra precautions. You shouldn’t assume it’s clean just because your antivirus removed what it found. It’s probably a good idea to scan your computer with multiple antivirus products to ensure maximum detection. You may also want to run a bootable antivirus program, which runs outside of Windows. Such bootable antivirus programs will be able to detect rootkits that hide themselves from Windows and even the software running within Windows. avast! offers the ability to quickly create a bootable CD or USB drive for scanning, as do many other antivirus programs. You may also want to reinstall Windows (or use the Refresh feature on Windows 8) to get your computer back to a clean state. This is more time-consuming, especially if you don’t have good backups and can’t get back up and running quickly, but this is the only way you can have 100% confidence that your Windows system isn’t infected. It’s all a matter of how paranoid you want to be. Figure Out How the Malware Arrived If your computer became infected, the malware must have arrived somehow. You’ll want to examine your computer’s security and your habits to prevent more malware from slipping through in the same way. Windows is complex. For example, there are over 50 different types of potentially dangerous file extensions that can contain malware to keep track of. We’ve tried to cover many of the most important security practices you should be following, but here are some of the more important questions to ask: Are you using an antivirus? – If you don’t have an antivirus installed, you should. If you have Microsoft Security Essentials (known as Windows Defender on Windows 8), you may want to switch to a different antivirus like the free version of avast!. Microsoft’s antivirus product has been doing very poorly in tests. Do you have Java installed? – Java is a huge source of security problems. The majority of computers on the Internet have an out-of-date, vulnerable version of Java installed, which would allow malicious websites to install malware on your computer. If you have Java installed, uninstall it. If you actually need Java for something (like Minecraft), at least disable the Java browser plugin. If you’re not sure whether you need Java, you probably don’t. Are any browser plugins out-of-date? – Visit Mozilla’s Plugin Check website (yes, it also works in other browsers, not just Firefox) and see if you have any critically vulnerable plugins installed. If you do, ensure you update them — or uninstall them. You probably don’t need older plugins like QuickTime or RealPlayer installed on your computer, although Flash is still widely used. Are your web browser and operating system set to automatically update? – You should be installing updates for Windows via Windows Update when they appear. Modern web browsers are set to automatically update, so they should be fine — unless you went out of your way to disable automatic updates. Using out-of-date web browsers and Windows versions is dangerous. Are you being careful about what you run? – Watch out when downloading software to ensure you don’t accidentally click sketchy advertisements and download harmful software. Avoid pirated software that may be full of malware. Don’t run programs from email attachments. Be careful about what you run and where you get it from in general. If you can’t figure out how the malware arrived because everything looks okay, there’s not much more you can do. Just try to follow proper security practices. You may also want to keep an extra-close eye on your credit card statement for a while if you did any online-shopping recently. As so much malware is now related to organized crime, credit card numbers are a popular target.     

    Read the article

  • ADF page security - the untold password rule

    - by ankuchak
    I'm kinda new to Oracle ADF. So, in this blog post I'm going to share something with you that I faced (and recovered from) recently. Initially I thought if I should at all put a blog post on this, because it's totally simple. Still, simplicity is a relative term. So without wasting further time, let's kick off.    I was exploring the ADF security aspect to secure a page through html basic authentication. The idea is very simple and the credential store etc. come into picture. But I was not able to run a successful test of this phenomenally simple thing even after trying for over 30 minutes. This is what I did.   I created a simple jsf page and put a panel in it. And I put a simple el to show the current user name.  Next I created a user that I should test with. I named the password as myuser, just to keep it simple. Then I created an enterprise role and mapped the user that I just created. Then I created an application role and mapped the enterprise role to it. Then I mapped the resource, the simple jsf page in this case, to this application role. This way, only users with the given application role can only access this page (as if you didn't know this duh!).  Of course, I had to create the page definition for the page before I could map it to an application role. What else! done! Then I hit the run menu item and it all went well...   Until... I got this message. I put the correct credentials repeatedly 2-3 times. Still I got the same error. Why? I didn't get any error message during the deployment. nope.  Then, as I said before, I spent over 30 minutes trying different things out, things like mapping only the user(not the role) to the page, changing the context root etc. Nothing worked!  Then of course, I bothered to look at the logs and found this. See the first red line. That says it all. So the problem was with that password. The password must have at least one special character and one digit in it. I think I was misled by the missing password hint/rule and the fact that the deployment didn't fail even if the user was not created properly. Well, yes, I agree that I was fool enough not to look at the logs.  Later I changed the password to something like myuser123# . And it worked. I hope it helped.

    Read the article

  • How can I get HTTPD to serve the html/php files and not list/index them when they are in folder for virtual host. Using Centos 6.0

    - by LaserBeak
    My virtual hosts are configured as below, initally I could not even get to the /public_html/ directory when typing example.com and apache would just serve me up the default welcome page, I would also get the error: Directory index forbidden by Options directive: /var/www/html/example.com/public_html/ in the log . After editing the welcome.conf page (- Index) so it does not show again when I now type example.com the/public_html/ contents (Index.php) are indexed in the browser. Where as I want it to actually execute and diplay the index.php page. vhost.conf , located in etc/httpd/vhost.d/ NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin [email protected] ServerName localhost ServerAlias localhost.example.com DocumentRoot /var/www/html/example.com/public_html/ ErrorLog /var/www/html/example.com/logs/error.log CustomLog /var/www/html/example.com/logs/access.log combined </VirtualHost> <VirtualHost *:80> ServerAdmin [email protected] ServerName example.org ServerAlias www.example.org DocumentRoot /var/www/html/example.org/public_html/ ErrorLog /var/www/html/example.org/logs/error.log CustomLog /var/www/html/example.org/logs/access.log combined </VirtualHost> httpd.conf, settings on default, added onto end: Include /etc/httpd/vhosts.d/*.conf Root directories: DocumentRoot "/var/www/html"

    Read the article

  • Android Client : Web service - what's the correct SOAP_ACTION, METHOD_NAME, NAMESPACE, URL I should

    - by Hubert
    if I want to use the following Web service (help.be is just an example, let's say it does exist): http://www.help.be/webservice/webservice_help.php (it's written in PHP=client's choice, not .NET) with the following WSDL : <?xml version="1.0" encoding="UTF-8"?> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" name="webservice_help" targetNamespace="http://www.help.be/webservice/webservice_help.php" xmlns:tns="http://www.help.be/webservice/webservice_help.php" xmlns:impl="http://www.help.be/webservice/webservice_help.php" xmlns:xsd1="http://www.help.be/webservice/webservice_help.php" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"> <portType name="webservice_helpPortType"> <operation name="webservice_help"> <input message="tns:Webservice_helpRequest"/> </operation> <operation name="getLocation" parameterOrder="input"> <input message="tns:GetLocationRequest"/> <output message="tns:GetLocationResponse"/> </operation> <operation name="getStationDetail" parameterOrder="input"> <input message="tns:GetStationDetailRequest"/> <output message="tns:GetStationDetailResponse"/> </operation> <operation name="getStationList" parameterOrder="input"> <input message="tns:GetStationListRequest"/> <output message="tns:GetStationListResponse"/> </operation> </portType> <binding name="webservice_helpBinding" type="tns:webservice_helpPortType"> <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/> <operation name="webservice_help"> <soap:operation soapAction="urn:webservice_help#webservice_helpServer#webservice_help"/> <input> <soap:body use="encoded" namespace="http://www.help.be/webservice/webservice_help.php" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </input> </operation> <operation name="getLocation"> <soap:operation soapAction="urn:webservice_help#webservice_helpServer#getLocation"/> <input> <soap:body parts="input" use="encoded" namespace="http://www.help.be/webservice/webservice_help.php" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </input> <output> <soap:body parts="return" use="encoded" namespace="http://www.help.be/webservice/webservice_help.php" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </output> </operation> <operation name="getStationDetail"> <soap:operation soapAction="urn:webservice_help#webservice_helpServer#getStationDetail"/> <input> <soap:body parts="input" use="encoded" namespace="http://www.help.be/webservice/webservice_help.php" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </input> <output> <soap:body parts="return" use="encoded" namespace="http://www.help.be/webservice/webservice_help.php" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </output> </operation> <operation name="getStationList"> <soap:operation soapAction="urn:webservice_help#webservice_helpServer#getStationList"/> <input> <soap:body parts="input" use="encoded" namespace="http://www.help.be/webservice/webservice_help.php" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </input> <output> <soap:body parts="return" use="encoded" namespace="http://www.help.be/webservice/webservice_help.php" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </output> </operation> </binding> <message name="Webservice_helpRequest"/> <message name="GetLocationRequest"> <part name="input" type="xsd:array"/> </message> <message name="GetLocationResponse"> <part name="return" type="xsd:array"/> </message> <message name="GetStationDetailRequest"> <part name="input" type="xsd:array"/> </message> <message name="GetStationDetailResponse"> <part name="return" type="xsd:string"/> </message> <message name="GetStationListRequest"> <part name="input" type="xsd:array"/> </message> <message name="GetStationListResponse"> <part name="return" type="xsd:string"/> </message> <service name="webservice_helpService"> <port name="webservice_helpPort" binding="tns:webservice_helpBinding"> <soap:address location="http://www.help.be/webservice/webservice_help.php"/> </port> </service> </definitions> What is the correct SOAP_ACTION, METHOD_NAME, NAMESPACE, URL I should use below ? I've tried with this : public class Main extends Activity { /** Called when the activity is first created. */ private static final String SOAP_ACTION_GETLOCATION = "getLocation"; private static final String METHOD_NAME_GETLOCATION = "getLocation"; private static final String NAMESPACE = "http://www.help.be/webservice/"; private static final String URL = "http://www.help.be/webservice/webservice_help.php"; TextView tv; @SuppressWarnings("unchecked") @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); tv = (TextView)findViewById(R.id.TextView01); // -------------------------------------------------------------------------------------- SoapObject request_location = new SoapObject(NAMESPACE, METHOD_NAME_GETLOCATION); request_location.addProperty("login", "login"); // -> string required request_location.addProperty("password", "password"); // -> string required request_location.addProperty("serial", "serial"); // -> string required request_location.addProperty("language", "fr"); // -> string required (available « fr,nl,uk,de ») request_location.addProperty("keyword", "Braine"); // -> string required // -------------------------------------------------------------------------------------- SoapSerializationEnvelope soapEnvelope = new SoapSerializationEnvelope(SoapEnvelope.VER11); //soapEnvelope.dotNet = true; // don't forget it for .NET WebServices ! soapEnvelope.setOutputSoapObject(request_location); AndroidHttpTransport aht = new AndroidHttpTransport(URL); try { aht.call(SOAP_ACTION_GETLOCATION, soapEnvelope); // Get the SAOP Envelope back and then extract the body SoapObject resultsRequestSOAP = (SoapObject) soapEnvelope.bodyIn; Vector XXXX = (Vector) resultsRequestSOAP.getProperty("GetLocationResponse"); int vector_size = XXXX.size(); Log.i("Hub", "testat="+vector_size); tv.setText("OK"); } catch(Exception E) { tv.setText("ERROR:" + E.getClass().getName() + ": " + E.getMessage()); Log.i("Hub", "Exception E"); Log.i("Hub", "E.getClass().getName()="+E.getClass().getName()); Log.i("Hub", "E.getMessage()="+E.getMessage()); } // -------------------------------------------------------------------------------------- } } I'm not sure of the SOAP_ACTION, METHOD_NAME, NAMESPACE, URL I have to use? because soapAction is pointing to a URN instead of a traditional URL and it's PHP and not .NET ... also, I'm not sure if I have to use request_location.addProperty("login", "login"); of request_location.addAttribute("login", "login"); ? = <message name="GetLocationRequest"> <part name="input" type="xsd:array"/> What would you say ? Txs for your help. H. EDIT : Here is some code working in PHP - I simply want to have the same but in Android/JAVA : <?php ini_set("soap.wsdl_cache_enabled", "0"); // disabling WSDL cache $request['login'] = 'login'; $request['password'] = 'password'; $request['serial'] = 'serial'; $request['language'] = 'fr'; $client= new SoapClient("http://www.test.be/webservice/webservice_test.wsdl"); print_r( $client->__getFunctions()); ?><hr><h1>getLocation</h1> <h2>Input:</h2> <? $request['keyword'] = 'Bruxelles'; print_r($request); ?><h2>Result</h2><? $result = $client->getLocation($request); print_r($result); ?>

    Read the article

  • mootools element is null using calendar EightySix plugin

    - by I Like PHP
    i m using mootools Eighty six calendar from this link i download the code and customize according to my need , it's working good on single HTML page but when i embed this code with my php page then it display below error element is null [Break on this error] element.appendChild(context);\n (on line 1712 of js/mootools-1.2.4-core.js) i m unable to debug this kind of error... please tell me where is the problem and how to solve it? one more thing: it was working fine with mootools v 1.2 i m using Jquery on header file of that php page, but also written jQuery.noConflict() in header.php file my basic code is here <link rel="stylesheet" type="text/css" href="css/calendar-eightysix-default.css" media="screen" /> <script type="text/javascript" src="js/mootools-1.2.4-core.js"></script> <script type="text/javascript" src="js/mootools-1.2.4.2-more.js"></script> <script type="text/javascript" src="js/calendar-eightysix-v1.0.1.js"></script> <script type="text/javascript"> window.addEvent('domready', function() { new CalendarEightysix('myCalendar',{ 'format': '%a %D %B %Y', 'theme': 'default red', 'defaultDate': 'today', 'minDate': 'tomorrow', 'offsetY': -4 }) }); </script> and later <input id="myCalendar" name="myCalendar" type="text" maxlength="10" > please take intrest and help me Thanks always

    Read the article

  • What's slowing for loops/assignment vs. C?

    - by Lee
    I have a collection of PHP scripts that are extremely CPU intensive, juggling millions of calculations across hundreds of simultaneous users. I'm trying to find a way to speed up the internals of PHP variable assignment, and looping sequences vs C. Although PHP is obviously loosely typed, is there any way/extension to specifically assign type (assign, not cast, which seems even more expensive) in a C-style fashion? Here's what I mean. This is some dummy code in C: #include <stdio.h> int main() { unsigned long add=0; for(unsigned long x=0;x<100000000;x++) { add = x*59328409238; } printf("x is %ld\n",add); } Pretty self-explanatory -- it loops 100 million times, multiples each iteration by an arbitrary number of some 59 billion, assigns it to a variable and prints it out. On my Macbook, compiling it and running it produced: lees-macbook-pro:Desktop lee$ time ./test2 x is 5932840864471590762 real 0m0.266s user 0m0.253s sys 0m0.002s Pretty darn fast! A similar script in PHP 5.3 CLI... <?php for($i=0;$i<100000000;$i++){ $a=$i*59328409238; } echo $a."\n"; ?> ... produced: lees-macbook-pro:Desktop lee$ time /Applications/XAMPP/xamppfiles/bin/php test3.php 5.93284086447E+18 real 0m22.837s user 0m22.110s sys 0m0.078s Over 22 seconds vs 0.2! I realize PHP is doing a heck of a lot more behind the scenes than this simple C program - but is there any way to make the PHP internals to behave more 'natively' on primitive types and loops?

    Read the article

  • PECL install error after upgrading to OSX 10.8

    - by Clive
    I've just upgraded my OS to Mountain Lion and PECL is no longer working (it's on a test drive so no drama, but I'd like to get it working so I can upgrade the OS on my shiny new SSD as well). I'm using the native PHP installation, no macports/homebrew or anything like that. Running sudo pecl install uploadprogress (for example) produces the following terminal output: downloading uploadprogress-1.0.3.1.tgz ... Starting to download uploadprogress-1.0.3.1.tgz (9,040 bytes) .....done: 9,040 bytes 4 source files, building running: phpize grep: /usr/include/php/main/php.h: No such file or directory grep: /usr/include/php/Zend/zend_modules.h: No such file or directory grep: /usr/include/php/Zend/zend_extensions.h: No such file or directory Configuring for: PHP Api Version: Zend Module Api No: Zend Extension Api No: autom4te: need GNU m4 1.4 or later: /usr/bin/m4 ERROR: `phpize' failed I'm guessing the problem is the 3 grep lines. I've found several threads that suggest this is caused by XCode not being installed...but XCode is installed, and updated to the latest version (4.4). All the relevant symlinks to /Developer/usr/bin/* also exist as they should. m4 is currently at version: m4 (GNU M4) 1.4.13, so even though the output above contains a line pertaining to it, I don't think that can be the problem. I'm sure it's just a simple issue, anyone got any clues?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 409 410 411 412 413 414 415 416 417 418 419 420  | Next Page >