Search Results

Search found 3942 results on 158 pages for 'logged'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 136/158 | < Previous Page | 132 133 134 135 136 137 138 139 140 141 142 143  | Next Page >

  • Logback: Logging with two loggers

    - by gammay
    I would like to use slf4j+logback for two purposes in my application - log and audit. For logging, I log the normal way: static final Logger logger = LoggerFactory.getLogger(Main.class); logger.debug("-> main()"); For Audit, I create a special named logger and log to it: static final Logger logger = LoggerFactory.getLogger("AUDIT_LOGGER"); Object[] params = { new Integer(1) /* TenantID */, new Integer(10) /* UserID */, msg}; logger.info("{}|{}|{}", params); logback configuration: <logger name="AUDIT_LOGGER" level="info"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <encoder> <pattern>%d{HH:mm:ss.SSS}|%msg%n </pattern> </encoder> </appender> </logger> <root level="all"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <encoder> <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n </pattern> </encoder> </appender> </root> Problem: Messages logged through audit logger appear twice - once under the AUDIT_LOGGER and once under the root logger. 14:41:57.975 [main] DEBUG com.gammay.example.Main - - main() 14:41:57.978|1|10|welcome to main 14:41:57.978 [main] INFO AUDIT_LOGGER - 1|10|welcome to main How can I make sure audit messages appear only once under the audit logger?

    Read the article

  • White Screen of Death (WSOD) in Browser

    - by nickyt
    Here's the specs: ASP.NET 3.5 using ASP.NET AJAX AJAX Control Toolkit jQuery 1.3.2 web services IIS6 on Windows Server 2003 SP1 SP1 SQLServer 2005 SP3 Site is SSL Here's the problem: I'm getting the White Screen of Death (WSOD) in pretty much any browser (at least FireFox and IE 7/8). We have an application that uses one popup window for updating records. Most of the time when you click on the [Edit] button to edit a record, the popup window opens and loads the update page. However, after editing records for a while, all of a sudden the popup window will open, but it stays blank and just hangs. The URL is in the address bar. Loading up Fiddler I noticed that the request for the update page is never sent which leads me to believe it's some kind of lockup on the client-side. If I copy the same URL that's in the popup window into a new browser window, the page generally loads fine. Observations: - Since the request is never sent to the server, it's definitely something client-side - Only appears to happen when there is some semblance of traffic on the site which is weird because this appears to be contained within client-side code - There is a web service being called in the background every few seconds checking if the user is logged on, but this doesn't cause the freeze. I'm really at a loss here. I've googled WSOD but not much seems to appear related to my specific WSOD. Any ideas?

    Read the article

  • Drupal advanced ACLs for "untrusted" administrators

    - by redShadow
    I have a multi-site Drupal-6 installation containing websites of different customers. On each site, there is an "administrator" role that includes mainly the customer's account. We want to give as many permissions as possible to this privileged user, but this could bring to security leaks using just the Drupal Core permissions management system. The main thing to avoid is the customer account being able to run PHP code on the server (that would be like being logged on the server as the www-data user.. sounds really bad). To avoid that, it is not sufficient to deny PHP code evaluation for the role. Since the administrator role must have permissions to manage users, he could also change the password of the user #1 and login in the site as superadmin. The second goal would be to deny also some "confusing" administrative pages (such as module selection) but not others (such as site informations configuration, or theme selection, etc.) I found the User One module that seems to fix the first problem, but I have no idea on how to solve the second one. I found some modules around, but no-one seems to fit.. it seems like the most ACLs are thought to protect the content, and not the site itself, as if the site administrator would always be the server owner itself..

    Read the article

  • Javascript XMLHttpRequest Post method

    - by user535617
    Hey So I have a question about posting using an XMLHttpRequest. In theory, if I am to post a username and password to an https domain (which I have yet to get working, unfortunately) would the responseText then change to the next website, or should the text fields become filled in? What normally happens is you navigate to this page via browser, enter a username and password, and it uses a POST method when the submit button is clicked, doing some authentication under the hood and returning a different page. I feel like maybe the responseText should even stay exactly the same (which is what happens now), but I don't know as I have no experience with this kind of thing. this.requests[1].open("POST", "https://" + this.address, true); var query = "target=%2Fcgi-bin%2FStatusConfig.cgi%3FPage%3Dindex&userfile=&username=user&password=pass&log+in=Log+in"; this.requests[1].setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); this.requests[1].setRequestHeader("Content-length", query.length); this.requests[1].setRequestHeader("Keep-Alive", 115); this.requests[1].setRequestHeader("Connection", "keep-alive"); this.requests[1].setRequestHeader("Host", this.address); this.requests[1].send(query); this.requests[1].onreadystatechange = onReadyStateChange1; Then basically onReadyStateChange1 displays the responseText when ready. Any light that could be shed on what SHOULD be happening with the post and responseText would be very appreciated. As would any advice in getting the new, logged into page. For further clarification, what I'm trying to do is log in and then return the new page, because the login page displays only log in information/functionality and the page after logging in has a lot of relevant information. I'm not trying to check the credentials as much as I'm trying to get it (the script) to log in so it can access the next page. Granted, the credentials will have to be valid for that. Thanks all.

    Read the article

  • PHP -- automatic SQL injection protection?

    - by ashgromnies
    I took over maintenance of a PHP app recently and I'm not super familiar with PHP but some of the things I've been seeing on the site are making me nervous that it could be vulnerable to a SQL injection attack. For example, see how this code for logging into the administrative section works: $password = md5(HASH_SALT . $_POST['loginPass']); $query = "SELECT * FROM `administrators` WHERE `active`='1' AND `email`='{$_POST['loginEmail']}' AND `password`='{$password}'"; $userInfo = db_fetch_array(db_query($query)); if($userInfo['id']) { $_SESSION['adminLoggedIn'] = true; // user is logged in, other junk happens here, not important The creators of the site made a special db_query method and db_fetch_array method, shown here: function db_query($qstring,$print=0) { return @mysql(DB_NAME,$qstring); } function db_fetch_array($qhandle) { return @mysql_fetch_array($qhandle); } Now, this makes me think I should be able to do some sort of SQL injection attack with an email address like: ' OR 'x'='x' LIMIT 1; and some random password. When I use that on the command line, I get an administrative user back, but when I try it in the application, I get an invalid username/password error, like I should. Could there be some sort of global PHP configuration they have enabled to block these attacks? Where would that be configured? Here is the PHP --version information: # php --version PHP 5.2.12 (cli) (built: Feb 28 2010 15:59:21) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies with the ionCube PHP Loader v3.3.14, Copyright (c) 2002-2010, by ionCube Ltd., and with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

    Read the article

  • How do I compile and build the taf2-curb Ruby gem on Windows XP with MinGW?

    - by Laran Evans
    How do I compile and build the taf2-curb Ruby gem on Windows XP with MinGW? I tried this, but I'm kinda fishing, unsuccessfully. C:\Documents and Settings\Megem install taf2-curb -- --with-curl-include=C:/curl-7.19.5-devel-mingw32/include --with-curl-dir=C:/curl-7.19.5 --with-curl-lib=C:/curl-7.19.5-devel-mingw32/lib --prefix=C:/MinGW --with-curllib Bulk updating Gem source index for: http://gems.rubyforge.org Updating metadata for 73 gems from http://gems.rubyonrails.org ......................................................................... complete Bulk updating Gem source index for: http://gems.github.com Building native extensions. This could take a while... ERROR: Error installing taf2-curb: ERROR: Failed to build gem native extension. C:/Ruby/bin/ruby.exe extconf.rb install taf2-curb -- --with-curl-include=C:/curl-7.19.5-devel-mingw32/include --with-cur l-dir=C:/curl-7.19.5 --with-curl-lib=C:/curl-7.19.5-devel-mingw32/lib --prefix=C:/MinGW --with-curllib checking for curl-config... no checking for main() in true.lib... no *** extconf.rb failed *** Could not create Makefile due to some reason, probably lack of necessary libraries and/or headers. Check the mkmf.log file for more details. You may need configuration options. Provided configuration options: --with-opt-dir --without-opt-dir --with-opt-include --without-opt-include=${opt-dir}/include --with-opt-lib --without-opt-lib=${opt-dir}/lib --with-make-prog --srcdir=. --curdir --ruby=C:/Ruby/bin/ruby --with-curl-dir --with-curl-include=${curl-dir}/include --with-curl-lib=${curl-dir}/lib --with-curllib extconf.rb:9: Can't find libcurl or curl/curl.h (RuntimeError) Try passing --with-curl-dir or --with-curl-lib and --with-curl-include options to extconf. Gem files will remain installed in C:/Ruby/lib/ruby/gems/1.8/gems/taf2-curb-0.4.8.0 for inspection. Results logged to C:/Ruby/lib/ruby/gems/1.8/gems/taf2-curb-0.4.8.0/ext/gem_make.out C:\Documents and Settings\Me I've installed curl-7.19.5 and curl-7.19.5-devel-mingw from this url: http://curl.haxx.se/download.html Help! And thanks!

    Read the article

  • Deal with undefined values in code or in the template?

    - by David
    I'm writing a web application (in Python, not that it matters). One of the features is that people can leave comments on things. I have a class for comments, basically like so: class Comment: user = ... # other stuff where user is an instance of another class, class User: name = ... # other stuff And of course in my template, I have <div>${comment.user.name}</div> Problem: Let's say I allow people to post comments anonymously. In that case comment.user is None (undefined), and of course accessing comment.user.name is going to raise an error. What's the best way to deal with that? I see three possibilities: Use a conditional in the template to test for that case and display something different. This is the most versatile solution, since I can change the way anonymous comments are displayed to, say, "Posted anonymously" (instead of "Posted by ..."), but I've often been told that templates should be mindless display machines and not include logic like that. Also, other people might wind up writing alternate templates for the same application, and I feel like I should be making things as easy as possible for the template writer. Implement an accessor method for the user property of a Comment that returns a dummy user object when the real user is undefined. This dummy object would have user.name = 'Anonymous' or something like that and so the template could access it and print its name with no error. Put an actual record in my database corresponding to a user with user.name = Anonymous (or something like that), and just assign that user to any comment posted when nobody's logged in. I know I've seen some real-world systems that operate this way. (phpBB?) Is there a prevailing wisdom among people who write these sorts of systems about which of these (or some other solution) is the best? Any pitfalls I should watch out for if I go one way vs. another? Whoever gives the best explanation gets the checkmark.

    Read the article

  • problem with joomla, php and json

    - by sebastian
    hi, i have a problem with a joomla component. i'm, unsing php and json for some dynamic drop down boxes. here is the code:` jQuery( function () { //jQuery.ajaxSetup({error : function (a,b) {console.dir(a); console.dir(b);}}); jQuery("#util, #loc").change( function() { var locatie = jQuery("#loc").val(); var utilitate = jQuery("#util").val(); if ( (locatie!= '---') && (utilitate!='---') ) jQuery.getJSON( "index.php?option=com_calculator&opt=json_contor&format=raw", { locatie: locatie, utilitate: utilitate }, function (data) { var html = ""; if ( data.success == 'ok' ) for (var i in data.val) html += "<option name=den_contor value ='"+ i+"' >" + data.val[i]+ " </option>"; jQuery("#den_contor").html( html ) } ) }) }); the query works, but only on one PC. we have exactly the same xampp server, exactly the same files. on one pc it works, and on a online server and on my pc it doesn't. EDIT: i have three drop down boxes, the first is populated directly from the database, the second has 4 predefined values. and the third is populated depending on combination of the first two. i have a test site online. http://contor.redxart.com must be logged in to use Calculator in the menu. you can make an new account :) "Adaugare Index" is the part that isn't working any ideas? thanks, sebastian

    Read the article

  • How to stop input in Perl?

    - by user1472747
    First time poster and part time perl noobie. I'm making a reflex game. Here's the output - __________________________________________________________________________ Reflex game initiated. Press ENTER to begin the game, and then press ENTER after the asterisks are printed to measure your reflexes!. ************************* Your result: 0.285606 seconds. logout [Process completed] __________________________________________________________________________ There's one small problem though - There's 0-10 seconds (based on a random variable) after you press enter to start the game and before the stars are printed. During that time, if the player presses ENTER, it's logged as their reflex time. So I need a way to stop my code from reading their ENTER button before the stars are printed. The code - #!/usr/bin/perl use Time::HiRes qw(sleep); use Time::HiRes qw(gettimeofday); #random delay variable $random_number = rand(); print "Reflex game initiated. Press ENTER to begin the game, and then press ENTER after the asterisks are printed to measure your reflexes!.\n"; #begin button $begin = <>; #waits x milliseconds sleep(10*$random_number); #pre-game $start = [ Time::HiRes::gettimeofday() ]; print "\n****************************\n"; #user presses enter $stop = <>; #post game $elapsed = Time::HiRes::tv_interval($start); #delay time print print "Your result: ".$elapsed." seconds.\n";

    Read the article

  • DWR and Spring Security - User is deauthenticated in few seconds

    - by Vojtech
    I am trying to implement user authentication via DWR as follows: public class PublicRemote { @Autowired @Qualifier("authenticationManager") private AuthenticationManager authenticationManager; public Map<String, Object> userLogin(String username, String password, boolean stay) { Map<String, Object> map = new HashMap<>(); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); try { Authentication authentication = authenticationManager.authenticate(authRequest); SecurityContextHolder.getContext().setAuthentication(authentication); map.put("success", "true"); } catch (Exception e) { map.put("success", "false"); } return map; } public Map<String, Object> getUserState() { Map<String, Object> map = new HashMap<>(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); boolean authenticated = authentication != null && authentication.isAuthenticated(); map.put("authenticated", authenticated); if (authenticated) { map.put("authorities", authentication.getAuthorities()); } return map; } } The authentication works correctly and by calling getUserState() I can see that the user is successfully logged in. The problem is that this state will stay only for few seconds. In probably 5 seconds, the getAuthentication() starts returning null. Is there some problem with session in DWR or is it some misconfiguration of Spring Security?

    Read the article

  • Create Session Variable from different datasources?

    - by Szafranamn
    Currently I am developing a dynamic website using Dreamweaver cs5 with ColdFusion 9 and using Access to create my databases along with QuickBooks and QODBC to create database. I have established a login session variable stemming from the login page. This session variable is being drawn from one Datasource "Access" Table "Logininfo" Field "FullName" but I wanted to create another session variable either at this point or further into the member's page to use in a query sequence. This session variable would stem from another Datasoucre "QBs" Table "Invoice" Field "CustomerRefFullName" which is generated through Quickbooks and QODBC. I am not sure if this is possible but if it is how do I do it. I want to do this so I can query the Invoice database to upload the customer's Invoices unique to them onto their page. So it would have to be related to their login credentials. If there is another better route to take I would greatly appreciate the advice. Below is the login code if there is additional information needed let me know. This is my current thinking/plan to do what I wish to intend hence the need to create the session variable: I have another Datasource "QBs" with a Table "Invoice" when I create another webpage for the customer to see their invoice I need to create a recordset that accesses that Table. In order to do so I think the best way would some home convert the session.FullName (which came from Access Datasource, Logininfor Table) into a session.CustomerRefFullName (which would have to come from (Datasource: QBs Table: Invoice Field: CustomerRefFullName) that way I could set the query WHERE CustomerRefFullName and have each logged in user see their specific Invoices. So is there a way to turn the session variable off one datasource/table into a different sessionvariable off a new datasource/table even if it is unique just to that page??? <cfif IsDefined("FORM.username")> SELECT FullName, Username,Password,AccessLevels FROM Logininfo WHERE Username= AND Password=

    Read the article

  • Problem logging in and changing permissions in Facebook

    - by kujawk
    Hi everybody, I've got a piece of code that logs into Facebook, gets a session, sets status_update and offline_access permission if they are not set, and gets a new session with the newly set permissions. This code used to work fine but now I'm getting error 100 "One of the parameters specified was missing or invalid" as a response to the second call to get session and I can't figure out why. Here's the sequence in detail: CREATE TOKEN restserver.php?method=auth.createToken&api_key=[our key]&v=1.0&format=JSON&sig=[sig created with our secret] response: new token LOGIN m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[token created above] login screen loads and user successfully logs in with their username/password. GET SESSION restserver.php?method=auth.getSession&api_key=[our key]&v=1.0&format=JSON&auth_token=token created above&sig=[sig created with our secret] response: session key with expiration date and a secret CHECK/AUTHORIZE PERMISSIONS restserver.php?method=users.hasAppPermission&api_key=[our key]&v=1.0&format=JSON&ext_perm=status_update&call_id=[proper id]&session_key=[key returned above]&sig=[sig created with secret returned for get session] response: 0 m.facebook.com/authorize.php?api_key=[our key]&v=1.0&ext_perm=status_update authorization screen loads and user authorizes Same steps for status_update CREATE NEW TOKEN Same steps as done to create the first token LOGIN m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[new token] user is already logged in, redirected to their homepage GET NEW SESSION restserver.php?method=auth.getSession&api_key=[our key]&format=JSON&auth_token=[new token]&sig=[sig created with our secret] response: error 100 - missing or invalid parameter. Of course it doesn't tell me which one. Anybody have any ideas what I'm doing wrong here? I tried skipping the second login and going right to creating the new session and that didn't work. The only thing that seems to work is logging out the user after they've authorized the permissions and having them log back in again. I'd like to avoid this if possible. Can you have two outstanding sessions at one time? This code used to work but I'm thinking maybe something changed on Facebook's end that I'm not aware of. Thanks, kris

    Read the article

  • How can I spec out an authlogic sessions controller using using a stub?

    - by Dave
    I want to test my User Session Controller testing that a user session is first built then saved. My UserSession class looks like this: class UserSession < Authlogic::Session::Base end The create method of my UserSessionsController looks like this: def create @user_session = UserSession.new(params[:user_session]) if @user_session.save flash[:notice] = "Successfully logged in." redirect_back_or_default administer_home_page_url else render :new end end and my controller spec looks like this: describe UserSessionsController do it "should build a new user session" do UserSession.stub!(:new).with(:email, :password) UserSession.should_receive(:new).with(:email => "[email protected]", :password => "foobar") post :create, :user_session => { :email => "[email protected]", :password => "foobar" } end end I stub out the new method but I still get the following error when I run the test: Spec::Mocks::MockExpectationError in 'UserSessionsController should build a new user session' <UserSession (class)> received :new with unexpected arguments expected: ({:password=>"foobar", :email=>"[email protected]"}) got: ({:priority_record=>nil}, nil) It's although the new method is being called on UserSession before my controller code is getting called. Calling activate_authlogic makes no difference.

    Read the article

  • How to add Remember me function at custom login box ?

    - by morningglory
    In my theme, there's custom page for the login. Login function at functions.php is like this function log_in($username, $password) { $user = parse_user($username); $username = $username; $password = $password; if(isEmptyString($username)) return new WP_Error('username', 'required'); if(isEmptyString($password)) return new WP_Error('password', "required"); if(!wp_check_password( $password, $user->user_pass ) ) return new WP_Error('wrong_password', "wrong"); wp_set_auth_cookie($user->ID, $remember); wp_login($username, $password); redirect_profile(); } function parse_user($info = null, $return = 'object') { if ( is_null( $info ) ) { global $current_user; if ( empty( $current_user->ID ) ) return null; $info = get_userdata( $current_user->ID ); } elseif ( empty( $info ) ) { return null; } if( $return == 'ID' ) { if ( is_object( $info ) ) return $info->ID; if ( is_numeric( $info ) ) return $info; } elseif( $return == 'object' ) { if ( is_object( $info ) && $info->ID) return $info; if ( is_object( $info )) return get_userdata( $info->ID ); if ( is_numeric( $info ) ) return get_userdata( $info ); if ( is_string( $info ) ) return get_userdatabylogin( $info ); } else { return null; } } I want to add remember me checkbox for user to logged in all the time until they logout. How can i add this ? Please kindly help me out. Thank you.

    Read the article

  • adding a token onto a webservice or wcf call

    - by duncanUK
    I have an httphandler which I am using to log the http soap request and response for each webservice that is called from my application as a comms log. i would like to inject a token ont he 1st call (possibly the 1st call to invoke the service that is being logged) and then be able to track all subsequent webservice calls run in the same context with this token so i can tie the subsequent calls back up to the original call. so for example. main webservice -> 2nd web service -> another web service [token] [token] [token] -> nth web service [token] I would like to inject the token on the first call to the main webservice (http handler checks if no token, add it), I would like to use the same http handler to intercept each call to the subsequent webservices and pass on the token if it exists already (the job of the httphandler is to log the in/out soap with the token to reference with. I have managed to inject the first token, but my problem is how do I add the token on the subsequent calls.. can I make it stick on the same context or session? My worry is that when we call a new webservice, we create a whole new proxy/http request which will not inhrit the token... or will it?! Ideally I would like it to persist on the http header as I am setting the token as a header at the moment? has anyone got any ideas or a better way of doing this? I would be most greatful for you comments!

    Read the article

  • setting write permissions on theme subdirectory?

    - by Scott B
    I've a theme which supports multiple templates, each with a header background image whose color can be set by the site owner via a colorpicker widget in my theme's options panel. This has the effect of opening the background image, recoloring it and resaving it back to the server. I've had zero issues with this routine until recently when a customer installed the theme on a web host whose default read/write permissions are apparently much more restrictive than the norm. In this case, the user was unable to alter the colors of the template images because of the permissions settings. I'm looking for a bit of understanding on what the permissions would need to be (assuming I purposefully set them via script) to allow the logged in wordpress user to write to files under my theme's styles directory. The code I'm using to write to the image file is below... $img = imagecreatefromgif("../wp-content/themes/mytheme/styles/".get_option('my_theme')."/image.gif"); $color = imagecolorallocate($img, $info["red"], $info["green"], $info["blue"]); imagecolorset($img, 0, $info["red"], $info["green"], $info["blue"]); imagegif($img, $path);

    Read the article

  • Django: Determining if a user has voted or not

    - by TheLizardKing
    I have a long list of links that I spit out using the below code, total votes, submitted by, the usual stuff but I am not 100% on how to determine if the currently logged in user has voted on a link or not. I know how to do this from within my view but do I need to alter my below view code or can I make use of the way templates work to determine it? I have read http://stackoverflow.com/questions/1528583/django-vote-up-down-method but I don't quite understand what's going on ( and don't need any ofjavascriptery). Models (snippet): class Link(models.Model): category = models.ForeignKey(Category, blank=False, default=1) user = models.ForeignKey(User) created = models.DateTimeField(auto_now_add=True) modified = models.DateTimeField(auto_now=True) url = models.URLField(max_length=1024, unique=True, verify_exists=True) name = models.CharField(max_length=512) def __unicode__(self): return u'%s (%s)' % (self.name, self.url) class Vote(models.Model): link = models.ForeignKey(Link) user = models.ForeignKey(User) created = models.DateTimeField(auto_now_add=True) def __unicode__(self): return u'%s vote for %s' % (self.user, self.link) Views (snippet): def hot(request): links = Link.objects.select_related().annotate(votes=Count('vote')).order_by('-created') for link in links: delta_in_hours = (int(datetime.now().strftime("%s")) - int(link.created.strftime("%s"))) / 3600 link.popularity = ((link.votes - 1) / (delta_in_hours + 2)**1.5) if request.user.is_authenticated(): try: link.voted = Vote.objects.get(link=link, user=request.user) except Vote.DoesNotExist: link.voted = None links = sorted(links, key=lambda x: x.popularity, reverse=True) links = paginate(request, links, 15) return direct_to_template( request, template = 'links/link_list.html', extra_context = { 'links': links, }) The above view actually accomplishes what I need but in what I believe to be a horribly inefficient way. This causes the dreaded n+1 queries, as it stands that's 33 queries for a page containing just 29 links while originally I got away with just 4 queries. I would really prefer to do this using Django's ORM or at least .extra(). Any advice?

    Read the article

  • protect form hijacking hack

    - by Karem
    Yes hello today I discovered a hack for my site. When you write a msg on a users wall (in my communitysite) it runs a ajax call, to insert the msg to the db and will then on success slide down and show it. Works fine with no problem. So I was rethinking alittle, I am using POST methods for this and if it was GET method you could easily do ?msg=haxmsg&usr=12345679. But what could you do to come around the POST method? I made a new html document, made a form and on action i set "site.com/insertwall.php" (the file that normally are being used in ajax), i made some input fields with names exactly like i am doing with the ajaxcall (msg, uID (userid), BuID (by userid) ) and made a submit button. I know I have a page_protect() function on which requires you to login and if you arent you will be header to index.php. So i logged in (started session on my site.com) and then I pressed on this submit button. And then wops I saw on my site that it has made a new message. I was like wow, was it so easy to hijack POST method i thought maybe it was little more secure or something. I would like to know what could I do to prevent this hijacking? As i wouldnt even want to know what real hackers could do with this "hole". The page_protect secures that the sessions are from the same http user agent and so, and this works fine (tried to run the form without logging in, and it just headers me to startpage) but yea wouldnt take long time to figure out to log in first and then run it. Any advices are appreciated alot. I would like to keep my ajax calls most secure as possible and all of them are running on the POST method. What could I do to the insertwall.php, to check that it comes from the server or something.. Thank you

    Read the article

  • odd behavior with C# ftp client class

    - by geoff
    I found an ftp client class in c# over a year ago and have been using it in a process that uploads files on a nightly basis. A few days ago we started having a problem where it would time out. I'm not well versed in this so I'm not sure why it's doing this. When the program starts uploading a file it checks to see if it's logged in and if not, it calls the login method. In that method is this block of code. if (this.resultCode != 230) { this.sendCommand("PASS " + password); if (!(this.resultCode == 230 || this.resultCode == 202)) { this.cleanup(); throw new FtpException(this.result.Substring(4)); } } On the line that says this.sendCommand("PASS"... it goes into this code. private void sendCommand(String command) { if (this.verboseDebugging) Debug.WriteLine(command, "FtpClient"); Byte[] cmdBytes = Encoding.ASCII.GetBytes((command + "\r\n").ToCharArray()); clientSocket.Send(cmdBytes, cmdBytes.Length, 0); this.readResponse(); } If I let the program run, it times out. However if I step through it into the sendCommand method it executes fine. Does anyone know why it would work fine when I step through it? Nothing on our end has changed and I've been told nothing on the client's end has changed so I'm stumped. Thanks.

    Read the article

  • HOw can I have a Alert message in a div inside the form

    - by Paromita Poddar
    I have this script and it sends out an alert message. All I want is to put the alert message in a div inside the form. here is the script can you please help asap ` var registered=false function ExamineRegistration() { var email =document.regform.email.value; var emailcheck= email.indexOf("@") var emailcheck2= email.indexOf(".") var password = document.regform.pass.value; var passcheck = password.charAt(0) var message_out = "Errors: " if(email=="" || password==""){ message_out = message_out+"All boxes should be filled in, " } if(emailcheck==-1 || emailcheck2==-1) { message_out = message_out+"email must contain @ and ., " } if(password!=password) { message_out=message_out+"password must match" } if(message_out == "Errors: ") { message_out = "You have successfully been logged in!" registered=true } alert(message_out); } --> This function helps the user first to register and than to enter the site. function Checkreg() { if (registered ==true) { location.replace("http://www.google.com") } else alert("Please Login to proceed") } </script> ` I have a form. I just want the alert message to appear inside the form at the top. I just dont know how to display the alert message inside the form instead of a pop up.

    Read the article

  • Best practices for creating a logger library using log4net. Is

    - by VolleyBall Player
    My goal is to create a log4net library that can be shared across multiple projects. In my solution which is in .net 4.0, I created a class library called Logger and referenced it from web project. Now I created a logger.config in the class library and put all the configuration in the logger.config file. I then used [assembly: log4net.Config.XmlConfigurator(Watch = true, ConfigFile = "Logger.config")] When I run the web app nothing is getting logged. So I added this line of code in web.config <add key="log4net.Internal.Debug" value="true"/> which gave me debugging info and error information Failed to find configuration section 'log4net' in the application's .config file. Check your .config file for the and elements. The configuration section should look like: I moved the configuration from logger.config to web.config and everything seems to work fine. I don't want the log4net configuration in web.config but have it logger.config as a cleaner approach. The goal is to make other projects use this library and not have to worry about configuration in every project. Now the question is, How do I do this? What am I doing wrong? Any suggestion with code example will be beneficial to everyone. FYI, I am using structure map IOC to reslove the logger before logging to it.

    Read the article

  • Rails : can't write unknown attribute `url'

    - by user2954789
    I am new to ruby on rails,and I am learning by creating a blog. I am not able to save to my blogs table and I get this error "can't write unknown attribute url" Blogs migration :db/migrate/ class CreateBlogs < ActiveRecord::Migration --def change --- create_table :blogs do |t| ---- t.string :title ---- t.text :description ---- t.string :slug ---- t.timestamps --- end --end end Blogs Model :/app/models/blogs.rb class Blogs < ActiveRecord::Base --acts_as_url :title --def to_param ---url --end --validates :title, presence:true end Blogs Controller : /app/controllers/blogs_controller.rb class BlogsController < ApplicationController before_action :require_login --def new --- @blogs = Blogs.new --end --def show ---@blogs = Blogs.find(params[:id]) --end --def create ---@blogs = Blogs.new(blogs_params) --if @blogs.save ---flash[:success] = "Your Blog has been created." ---redirect_to home_path --else ---render 'new' --end -end --def blogs_params ---params.require(:blogs).permit(:title,:description) --end private --def require_login ---unless signed_in? ----flash[:error] = "You must be logged in to create a new Blog" ----redirect_to signin_path ---end --end end Blogs Form:/app/views/blogs/new.html.erb Blockquote <%= form_for @blogs, url: blogs_path do |f| %><br/> <%= render 'shared/error_messages_blogs' %><br/> <%= f.label :title %><br/> <%= f.text_field :title %><br/> <%= f.label :description %><br/> <%= f.text_area :description %><br/> <%= f.submit "Submit Blog", class: "btn btn-large btn-primary" %><br/> <% end %><br/> and I have also added "resources :blogs" to my routes.rb file. I get this error in controller at if @blogs.save

    Read the article

  • PHP question about global variables and form requests

    - by user220201
    Hi, This is probably a stupid question but will ask anyway sine I have no idea. I have written basic php code which serve forms. Say I have a login page and I serve it using the login.php page and it will be called in the login.html page like this - <form action="login.php" method="post"> By this it is also implied that every POST needs its own php file, doesn't it? This kind of feels weird. Is there a way to have a single file, say code.php, and just have each of the forms as functions instead? EDIT: Specifically, say I have 5 forms that are used one after the other in my application. Say after login the user does A, B, C and D tasks each of which are sent to the server as a POST request. So instead of having A.php, B.php, C.php and D.php I would like to have a single code.php and have A(), B(), C() and D() as functions. Is there a way to do this? Also on the same note, how do I deal with say a global array (e.g. an array of currently logged in users) across multiple forms? I want to do this without writing to a DB. I know its probably better to write to a DB and query but is it even possible to do it with a global array? The reason I was thinking about having all the form functions in one file is to use a global array. Thanks, - Pav

    Read the article

  • facebook graph api does not return all feed items on facebook page

    - by Nick Franceschina
    at the time of this question, if you go here: http://www.facebook.com/realplayer you'll see six posts down, I have posted a photo with a message of "#highfive Cincinnati, OH" but if you to either of these: http://graph.facebook.com/realplayer/feed http://graph.facebook.com/realplayer/tagged the JSON that is returned seemingly includes everything on the wall, except for MY post. there is another photo post from someone else down below mine, and it is showing up (and both my photo and his photo are in the "Fan photos" section) obviously, since I can see everything with these links already, it appears that access_token is not a part of the equation... BUT, some more info: if I use an access_token from a session that isn't me, I can't see the post in the JSON if I use an access_token from MY logged in session, then I DO see the post in the JSON so I'm very confused. if everyone in the world can see those posts on the wall without even authenticating, then I expect all of them to come back in the graph api as well. anyone have thoughts on this? I am aware of the "manage_page" permission... which I can use to get a list of accounts and special offline access tokens for those pages... and that's something I can explore... but it seems like alot of work when my post seemingly SHOULD be there in the graph

    Read the article

  • do not allow integrated windows authentication *for one of the domains*

    - by MK
    We have an ASP.NET web application which uses integrated windows authentication. It is accessed by users from two domains, A and B. A is the primary domain and B is an older domain which is going away. Web application is authenticating users using a group policy which only exists in domain A. Every user in domain B has an account in domain A. The application lives in domain A. There was no trust between the domains. So users from domain A would get silently authenticated and logged into the site. Users from domain B didn't get authenticated automatically and were prompted with the IE popup, to which they authenticated using their domain A credentials and everything worked. Now somebody has set up a trust between the domains and users from domain B get authenticated silently to IIS, and then their login fails (no group policy). So the question is: can I either programmatically or in IIS configuration make it so that users from domain B still get prompted even though there is trust between the domains? Is there a way to tell the server where IIS is running to ignore the trust relationship maybe?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 132 133 134 135 136 137 138 139 140 141 142 143  | Next Page >