Search Results

Search found 9520 results on 381 pages for 'account lockout'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 339/381 | < Previous Page | 335 336 337 338 339 340 341 342 343 344 345 346  | Next Page >

  • Secure web module for paid subscribtion

    - by DarkJaff
    Hello everyone, I'm building a website (a community web site like digg) but we will soon release a new feature that people will need to pay for. Right now, our website is in pure C# in .NET, very simple pages with some AJAX. When the member log in, there is no HTTPS. Everything is check with session and the internal validation that I do. What we need, is that when the people are logged in, they can click on a link a proceed to a payment (Paypal, credit card, etc). After the payment is done, the "billing module" will return a value to my site to validate that the payment is done so the account will be flagged as "paying member". I'm guessing this is the way to do, maybe I'm wrong! So my questions are: -What is the name of this kind of billing module? (I will do some research on that) -Do you know any ready to go module that does this kind of thing? -(I push my luck) Do you know any FREE module that do this kind of things. If something is not clear, don't hesitate to ask question :) Thanks a lot! DarkJaff

    Read the article

  • How to avoid user keep trying login using Ruby on Rails?

    - by Tattat
    I want to create a login page, it can easy implement using Ruby on Rails. But the login is very simple, but I want more security. I want to stop the user keep trying the password. So, I have some ideas on that. First, stop login feature if the user keep trying the password for 15 mins. After the user login fail 5 times in 15 mins, the system should not allow the user login again in next 15 mins, ever his/her password is correct. Second, I want to add a human verification, after the user tried 5 times. After the user wait for 15 mins to login, I want to add an addition verification to the user. I want the user click the password, and the CAPTCHA image. If one of them is failed, they still can't login the system. He/She have 5 times to try, if he / she failed again, he/she need to want another 15 mins. Third, After the user tried 15 times, and still can't get into the system. I want to lock the user account, the user will receive an email, with a link to assign the password again. So, the question is "Is there any library to implement such authorization easily?" I know it can be implemented using code, but using library is much convenient. Also, I want to ask is there any security suggestion for that? thank u.

    Read the article

  • Facebook IFrame Application issues for certain users

    - by Kon
    We have a strange issue with running an Facebook IFrame application (using MVC 2). When I run my app and log into Facebook, I get to the application just fine. But when my coworker does it, she gets the following error: API Error Code: 100 API Error Description: Invalid parameter Error Message: Requires valid next URL. Typically this error is resolved by updating the "New Data Permissions" setting of the Facebook application. However, in this case it doesn't help. We've also tried logging in with our accounts from different computers and it seems that neither computer nor which one the MVC ASP.NET app is running from matters. The only difference is who is logged into Facebook. We've looked at our Facebook account settings, but couldn't find any obvious differences. We both have Developer access to the FB application and we both can edit its settings. However, only one of us can actually run the application without getting the above mentioned error message. Any idea what could be happening here?

    Read the article

  • How important is it to use SSL on every page of your website?

    - by Mark
    Recently I installed a certificate on the website I'm working on. I've made as much of the site as possible work with HTTP, but after you log in, it has to remain in HTTPS to prevent session hi-jacking, doesn't it? Unfortunately, this causes some problems with Google Maps; I get warnings in IE saying "this page contains insecure content". I don't think we can afford Google Maps Premier right now to get their secure service. It's sort of an auction site so it's fairly important that people don't get charged for things they didn't purchase because some hacker got into their account. All payments are done through PayPal though, so I'm not saving any sort of credit card info, but I am keeping personal contact information. Fraudulent charges could be reversed fairly easily if it ever came to that. What do you guys suggest I do? Should I take the bulk of the site off HTTPS and just secure certain pages like where ever you enter your password, and that's it? That's what our competition seems to do.

    Read the article

  • asp code for upload data

    - by vicky
    hello everyone i have this code for uploading an excel file and save the data into database.I m not able to write the code for database entry. someone please help <% if (Request("FileName") <> "") Then Dim objUpload, lngLoop Response.Write(server.MapPath(".")) If Request.TotalBytes > 0 Then Set objUpload = New vbsUpload For lngLoop = 0 to objUpload.Files.Count - 1 'If accessing this page annonymously, 'the internet guest account must have 'write permission to the path below. objUpload.Files.Item(lngLoop).Save "D:\PrismUpdated\prism_latest\Prism\uploadxl\" Response.Write "File Uploaded" Next Dim FSYSObj, folderObj, process_folder process_folder = server.MapPath(".") & "\uploadxl" set FSYSObj = server.CreateObject("Scripting.FileSystemObject") set folderObj = FSYSObj.GetFolder(process_folder) set filCollection = folderObj.Files Dim SQLStr SQLStr = "INSERT ALL INTO TABLENAME " for each file in filCollection file_name = file.name path = folderObj & "\" & file_name Set objExcel_chk = CreateObject("Excel.Application") Set ws1 = objExcel_chk.Workbooks.Open(path).Sheets(1) row_cnt = 1 'for row_cnt = 6 to 7 ' if ws1.Cells(row_cnt,col_cnt).Value <> "" then ' col = col_cnt ' end if 'next While (ws1.Cells(row_cnt, 1).Value <> "") for col_cnt = 1 to 10 SQLStr = SQLStr & "VALUES('" & ws1.Cells(row_cnt, 1).Value & "')" next row_cnt = row_cnt + 1 WEnd 'objExcel_chk.Quit objExcel_chk.Workbooks.Close() set ws1 = nothing objExcel_chk.Quit Response.Write(SQLStr) 'set filobj = FSYSObj.GetFile (sub_fol_path & "\" & file_name) 'filobj.Delete next End if End If plz tell me how to save the following excel data to the oracle databse.any help would be appreciated

    Read the article

  • Stored Procedures In Source Control - Automate Build/Deployment Process

    - by Alex
    My company provides a large .NET service-oriented solution. The services layer interact with a T-SQL back-end consisting of hundreds of tables and stored procedures. Our C# code is in version-control (SVN) but our stored procedures and schema are not. After much lobbying of expedient upper-management, I was allowed to review our (non-existent) build/deployment process to accomplish the following goals: Place schema and stored procedures under source-control. Automate the build/deployment process. I would like to proceed per the accepted answer's strategy in this post but have additional questions: I would like to use Hudson as my build server. Is this a reasonable choice for a C#/SQL solution? What better alternatives should I explore? Assuming I have all triggers, stored-procedures, schema, etc... under source control, and that they are scripted to individual files, how do I generate a build script which will take into account dependencies/references between these items? (SQL Server does this automatically, but it generates one giant script) What does the workflow of performing an update at the client look like? i.e. I have to keep existing table data. How do I roll-back schema changes? I am the only programmer. Several other pseudo-technical staff like to make changes directly inside SQL Management Studio. Is it realistic to expect others to adhere to this solution -- how can I enforce this? Thank you in advance for your help.

    Read the article

  • SystemStackError in Rails::ActiveSupport::Callbacks

    - by coreyward
    I'm building a Rails app that connects to Dropbox and syncs with a folder to update a personal site. I'm using Rails 3.0.3, Ruby 1.9.2, and the Dropbox gem. Right now I have a DropboxAccounts Controller, and two models: DropboxSession, which wraps calls to the gem with application-specific functionality, and DropboxAccount, which stores the session and settings in the database. After the user authorizes their account with Dropbox they're redirected back over and the DropboxAccount is saved with the authorized session. That all works just fine. My problem is that when I try to call Dropbox::API#create_folder(any path) I end up with a SystemStackError in lib/activesupport/callbacks.rb:421 which refers to the code below. If I remove the call to create the folder, it works. If I call create folder from another request, it works. I doubled the stack size to 16K to no avail. # This is called the first time a callback is called with a particular # key. It creates a new callback method for the key, calculating # which callbacks can be omitted because of per_key conditions. # def __create_keyed_callback(name, kind, object, &blk) #:nodoc: @_keyed_callbacks ||= {} @_keyed_callbacks[name] ||= begin str = send("_#{kind}_callbacks").compile(name, object) class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1 def #{name}() #{str} end # THIS IS LINE 421 protected :#{name} RUBY_EVAL true end end I'm not very familiar with Rails yet, and I'm not sure what the intention of the code above is or why it would cause a stack overflow. I'm not using any method_missing/ghost method magic in my code. I suspected it was something with a callback serialize :files but commenting it out did nothing. My DropboxAccount model contains only a call to belongs_to :user, and DropboxSession is just a handful of methods, none of which contain callbacks. Bypassing them and using the Dropbox::Session methods directly doesn't help. I hope someone on StackOverflow can help me with this stack overflow. ;)

    Read the article

  • master pages, form pages, form runat=server > all onclick methods on master page?

    - by b0x0rz
    the problem i have is that i have multiple nested master pages: level 1: global (header, footer, login, navigation, etc...) level 2: specific (search pages, account pages, etc...) level 3: the page itself now, since only one form can have runat=server, i put the form at global page (so i can handle things like login, feedback, etc...). now with this solution i'd have to also put the for example level 3 (see above) methods, such as search also on the level 1 master page, but this will lead to this page being heavy (for development) with code from all places, even those that are used on a single page only (change email form for example). is there any way to delegate such methods (for example: ChangeEMail) from level 1 (global masterpage) to level 3 (the single page itself). to be even more clear: i want to NOT have to have the method ChangeEMail on the global master page code behind, but would like to 'MOVE' it somehow to the only page that will actually use it. the reason why it currently has to be on the global master is that global master has form runat=server and there can be only one of those per aspx page. this way it will be easier (more logical) to structure the code. thnx (hope i explained it correctly) have searched but did not find any general info on handling this case, usualy the answer is: have all the methods on the master page, but i don't like it. so ANY way of moving it to the specific page would be awesome. thnx

    Read the article

  • Reporting Services "cannot connect to the report server database"

    - by Dano
    We have Reporting Services running, and twice in the past 6 months it has been down for 1-3 days, and suddenly it will start working again. The errors range from not being able to view the tree root in a browser, down to being able to insert parameters on a report, but crashing before the report can generate. Looking at the logs, there is 1 error and 1 warning which seem to correspond somewhat. ERROR:Event Type: Error Event Source: Report Server (SQL2K5) Event Category: Management Event ID: 107 Date: 2/13/2009 Time: 11:17:19 AM User: N/A Computer: ******** Description: Report Server (SQL2K5) cannot connect to the report server database. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. WARNING: always comes before the previous error Event code: 3005 Event message: An unhandled exception has occurred. Event time: 2/13/2009 11:06:48 AM Event time (UTC): 2/13/2009 5:06:48 PM Event ID: 2efdff9e05b14f4fb8dda5ebf16d6772 Event sequence: 550 Event occurrence: 5 Event detail code: 0 Process information: Process ID: 5368 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: ReportServerException Exception message: For more information about this error navigate to the report server on the local server machine, or enable remote errors. During the downtime we tried restarting everything from the server RS runs on, to the database it calls to fill reports with no success. When I came in monday morning it was working again. Anyone out there have any ideas on what could be causing these issues? Edit Tried both suggestions below several months ago to no avail. This issue hasn't arisen since, maybe something out of my control has changed....

    Read the article

  • Php script running as scheduled task hangs - help!

    - by Ali
    Hi guys, I've built a php script that runs from the command line. It opens a connection into a pop3 email account and downloads all the emails and writes them to a database, and deletes them once downloaded. I have this script being called from the commandline by a bat file. in turn I have created a scheduled task which invokes the bat file every 5 minutes. The thing is that I have set the time out to zero for the fact that at times there could be emails with large attachments and the script actually downloads the attachments and stores them as raw files offline and the no timeout is so that the script doesnt die out during downloading. I've found that the program hangs sometimes and its a bit annoying at that - it always hangs are one point i.e. when negotiating the connection and getting connected to the mail server. And because the timeout is set to zero it seems to stay stuck up in taht position. And because of that the task is not run as its technically hung up. I want that the program should not timeout when downloading emails - however at the points where it is negotiating a connection or trying to connect to the mailserver there should be a timeout only at that point itself and not the rest of the program execution. How do I do this :(

    Read the article

  • Different users get the same cookie - value in .ASPXANONYMOUS

    - by Malcolm Frexner
    My site allows anonymous users. I saw that under heavy load user get sometimes profile values from other users. This happens for anonymous users. I logged the access to profile data: /// <summary> /// /// </summary> /// <param name="controller"></param> /// <returns></returns> public static string ProfileID(this Controller controller ) { if (ApplicationConfiguration.LogProfileAccess) { StringBuilder sb = new StringBuilder(); (from header in controller.Request.Headers.ToPairs() select string.Concat(header.Key, ":", header.Value, ";")).ToList().ForEach(x => sb.Append(x)); string log = string.Format("ip:{0} url:{1} IsAuthenticated:{2} Name:{3} AnonId:{4} header:{5}", controller.Request.UserHostAddress, controller.Request.Url.ToString(), controller.Request.IsAuthenticated, controller.User.Identity.Name, controller.Request.AnonymousID, sb); _log.Debug(log); } return controller.Request.IsAuthenticated ? controller.User.Identity.Name : controller.Request.AnonymousID; } I can see in the log that user realy get the same cookievalue for .ASPXANONYMOUS even if they have different IP. Just to be safe I removed dependency injection for the FormsAuthentication. I dont use OutputCaching. My web.config has this setting for authentication: <anonymousIdentification enabled="true" cookieless="UseCookies" cookieName=".ASPXANONYMOUS" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" /> <authentication mode="Forms"> <forms loginUrl="~/de/Account/Login" /> </authentication> Does anybody have an idea what else I could log or what I should have a look at?

    Read the article

  • Trouble creating calendar in Google API via Coldfusion

    - by KingErroneous
    I am trying to create a caledar using the Google API, and it just returns the list of calendars in my account, just like I sent a GET request. Here is my code: <cfxml variable="locals.xml"> <cfoutput> <entry xmlns="http://www.w3.org/2005/Atom" xmlns:gd="http://schemas.google.com/g/2005" xmlns:gCal="http://schemas.google.com/gCal/2005"> <title type="text">#arguments.argTitle#</title> <summary type="text">#arguments.argSummary#</summary> <cfif len(arguments.argTimezone)><gCal:timezone value="#arguments.argTimezone#"></gCal:timezone></cfif> <gCal:hidden value="false"></gCal:hidden> <gCal:accesslevel value="owner" /> <gCal:color value="#arguments.argColor#"></gCal:color> <gd:where rel='' label='' valueString='Oakland'></gd:where> </entry> </cfoutput> </cfxml> <cfhttp url="#variables.baseURL#/default/owncalendars/full" method="post" redirect="false" multiparttype="related" charset="utf-8"> <cfhttpparam type="header" name="Authorization" value="GoogleLogin auth=#getAuth(variables.serviceName)#"> <cfhttpparam type="header" name="Content-Type" value="application/atom+xml"> <cfhttpparam type="header" name="GData-Version" value="2"> <cfhttpparam type="body" value="#trim(locals.xml)#"> </cfhttp> Any help would be appreciated.

    Read the article

  • Confused about UIView frame property

    - by slowfungus
    I'm building a prototype iPad app that draws diagrams. I have the following view hierarchy: UIView UIScrollView DiagramView : UIView TabBar NavigationBar And a UIViewController subclass holding all that together. Before drawing the diagram the first time I calculate the dimensions of the diagram, and set the DiagramView frame to that size, and the content size of the scrollview as well. -(void)recalculateBounds { [renderer diagram:diagram shouldDraw:NO]; SQXRect diagramRect = SQXMakeRect(0.0,0.0,[diagram bounds].size.width,[diagram bounds].size.height); self.frame = diagramRect; [(UIScrollView*)[self superview] setContentSize:diagramRect.size]; } I should disclose that the frame is being set to about 1500 x 3500 which i know is ridiculous. I just want to focus on some other parts of the app before I get into optimizing the render code. This works beautifully, except that the rect being passed to drawRect is not the size that I set, and my drawing is getting clipped at the bottom. Its close the size i set, but bigger in width, and shorter in height. Also of note, is the fact that if I force the frame to be much bigger than what I know the diagram needs, then the drawRect:rect is big enough, and no clipping occurs. Of course this has me wondering if the frame size needs to take into account some other screen real estate like the toolbars but my reading of the docs tells me the frame is in superview coordinates, which would be the scrollview so I reckon I need to worry about such things. Any idea what is causing this discrepancy?

    Read the article

  • HTTP Compression problems on IIS7

    - by Jonathan Wood
    I've spent quite a bit of time on this but seem to be going nowhere. I have a large page that I really want to speed up. The obvious place to start seems to be HTTP compression, but I just can't seem to get it to work for me. After considerable searching, I've tried several variations of the code below. It kind of works, but after refreshing the browser, the results seem to fall apart. They were turning to garbage when the page used caching. If I turn off caching, then the page seems right but I lose my CSS formatting (stored in a separate file) and get an error that an included JS file contains invalid characters. Most of the resources I've found on the Web were either very old or focused on accessing IIS directly. My page is running on a shared hosting account and I do not have direct access to IIS7, which it's running on. protected void Application_BeginRequest(object sender, EventArgs e) { // Implement HTTP compression if (Request["HTTP_X_MICROSOFTAJAX"] == null) // Avoid compressing AJAX calls { // Retrieve accepted encodings string encodings = Request.Headers.Get("Accept-Encoding"); if (encodings != null) { // Verify support for or gzip (deflate takes preference) encodings = encodings.ToLower(); if (encodings.Contains("gzip") || encodings == "*") { Response.Filter = new GZipStream(Response.Filter, CompressionMode.Compress); Response.AppendHeader("Content-Encoding", "gzip"); Response.Cache.VaryByHeaders["Accept-encoding"] = true; } else if (encodings.Contains("deflate")) { Response.Filter = new DeflateStream(Response.Filter, CompressionMode.Compress); Response.AppendHeader("Content-Encoding", "deflate"); Response.Cache.VaryByHeaders["Accept-encoding"] = true; } } } } Is anyone having better success with this?

    Read the article

  • Program repeats each time a character is scanned .. How to stop it ?

    - by ZaZu
    Hello there, I have a program that has this code : #include<stdio.h> main(){ int input; char g; do{ printf("Choose a numeric value"); printf(">"); scanf("\n%c",&input); g=input-'0'; }while((g>=-16 && g<=-1)||(g>=10 && g<=42)||(g>=43 && g<=79)); } It basically uses ASCII manipulation to allow the program to accept numbers only .. '0' is given the value 48 by default...the ASCII value - 48 gives a ranges of numbers above (in the while statement) Anyway, whenever a user inputs numbers AND alphabets, such as : abr39293afakvmienb23 The program ignores : a,b,r .. But takes '3' as the first input. For a b and r, the code under the do loop repeats. So for the above example, I get : Choose a numeric value >Choose a numeric value> Choose a numeric value >3 Is there a way I can stop this ??? I tried using \n%c to scan the character and account for whitespace, but that didnt work :( Please help thank you very much !

    Read the article

  • Why does first call to java.io.File.createTempFile(String,String,File) take 5 seconds on Citrix?

    - by Ben Roling
    While debugging slow startup of an Eclipse RCP app on a Citrix server, I came to find out that java.io.createTempFile(String,String,File) is taking 5 seconds. It does this only on the first execution and only for certain user accounts. Specifically, I am noticing it Citrix anonymous user accounts. I have not tried many other types of accounts, but this behavior is not exhibited with an administrator account. Also, it does not matter if the user has access to write to the given directory or not. If the user does not have access, the call will take 5 seconds to fail. If they do have access, the call with take 5 seconds to succeed. This is on a Windows 2003 Server. I've tried Sun's 1.6.0_16 and 1.6.0_19 JREs and see the same behavior. I googled a bit expecting this to be some sort of known issue, but didn't find anything. It seems like someone else would have had to have run into this before. The Eclipse Platform uses File.createTempFile() to test various directories to see if they are writeable during initialization and this issue adds 5 seconds to the startup time of our application. I imagine somebody has run into this before and might have some insight. Here is sample code I executed to see that it is indeed this call that is consuming the time. I also tried it with a second call to createTempFile and notice that subsequent calls return nearly instantaneously. public static void main(final String[] args) throws IOException { final File directory = new File(args[0]); final long startTime = System.currentTimeMillis(); File file = null; try { file = File.createTempFile("prefix", "suffix", directory); System.out.println(file.getAbsolutePath()); } finally { System.out.println(System.currentTimeMillis() - startTime); if (file != null) { file.delete(); } } } Sample output of this program is the following: C:\java.exe -jar filetest.jar C:/Temp C:\Temp\prefix8098550723198856667suffix 5093

    Read the article

  • GWT RPC and GoDaddy Shared Hosting

    - by Mike Apolis
    Hi, I've deployed the sample Stock Watcher app to my GoDaddy Hosting site, and I get the error below. I've tried compiling the Project in Eclipse with JRE 1.5 because my Host is using jre 1.5. I think the issue is the "gwt-servlet.jar" is not compatible with jre 1.5. Can anyone confirm this. The project runs fine on my local machine using JRE 1.6. Unfortunately GoDaddy will not upgrade my shared hosting account jre to 1.6. GoDaddy Server Setup: Tomcat Version 5.0.27 JRE 1.5_22 Error: HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Error allocating a servlet instance org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java: 117) org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 535) org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java: 417) org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java: 160) org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300) org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374) org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743) org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java: 675) org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866) org.apache.tomcat.util.threads.ThreadPool $ControlRunnable.run(ThreadPool.java:683) java.lang.Thread.run(Thread.java:595) root cause java.lang.UnsupportedClassVersionError: Bad version number in .class file java.lang.ClassLoader.defineClass1(Native Method) java.lang.ClassLoader.defineClass(ClassLoader.java:621) java.security.SecureClassLoader.defineClass(SecureClassLoader.java: 124) org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java: 1634) org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java: 860) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java: 1307) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java: 1189) java.security.AccessController.doPrivileged(Native Method) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java: 117) org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 535) org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java: 417) org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java: 160) org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300) org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374) org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743) org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java: 675) org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866) org.apache.tomcat.util.threads.ThreadPool $ControlRunnable.run(ThreadPool.java:683) java.lang.Thread.run(Thread.java:595) note The full stack trace of the root cause is available in the Apache Tomcat/5.0.27 logs. Apache Tomcat/5.0.27

    Read the article

  • Lack of security in many PHP applications?

    - by John
    Over the past year of freelancing, I inherited two web projects, both of them built in PHP, both of them with sensitive information like credit card info, bank info, etc... In one application, when I typed http://thecompany.com/admin/, and without being asked for a username and password, I saw every user's sensitive information, including credit card numbers, bank account numbers etc... In another application, I was able to bypass the login screen by simply typing http://the2ndcompany.com/customer.php?user_id=777, and again, without any prompts for username and password, i was able to see user 777's credit card info. I cycled through a few more user_ids (any integer) and saw each person's credit card info. Is something wrong here? Or is this the quality of work that the "average" programmer produces? Because if this is what the average programmer produces, does that means I'm an...gasp...elite programmer?? No..that can't be right....something doesn't make sense. So my question is, is it just coincidence that I inherited two applications both of which are dangerously lacking in security? Or are there are a lot of bad PHP programmers out there?

    Read the article

  • Using PHP to get the source code of a URL I must be logged in to reach

    - by Maxwell
    I am trying to write a PHP script that will get the source code of a page in my Amazon account. However, to reach that page, I must be logged in. From what I understand, I should be able to accomplish this by posting the correct request headers, and then capturing the HTML response. Is that correct? If so, I'd really appreciate it if someone could explain to me how exactly I would do this. If it's not right, I'd love to hear the correct way of doing it! I've used Firebug to get the request and response headers I need. It's just a matter of what to do with them now. I read elsewhere on this site that you can't send a request with the PHP post method, and that perhaps using cURL is the way to go. I really know nothing about cURL, so the more info the better. Also, feel free to point me to some useful tutorials on this topic. Thanks! Max

    Read the article

  • CakePHP adding columns to a table

    - by vette982
    I have a Profile model/controller in my cake app as well as an index.ctp view in /views/profiles. Now, when I go to add a column to my table that is already filled with data, and then add the corresponding code to the view to pick up this column's data, it just gives me an empty result. My model: <?php class Profile extends AppModel { var $name = 'Profile'; } ?> My controller: <?php class ProfilesController extends AppController { var $name = 'Profiles'; function index() { $this->set('profiles', $this->Profile->find('all')); } } ?> My views printing (stripped down): <?php foreach ($profiles as $profile): ?> <?php echo $profile['Profile']['id']; ?> <?php echo $profile['Profile']['username']; ?> <?php echo $profile['Profile']['created']; ?> <?php echo $profile['Profile']['thumbnail'];?> <?php echo $profile['Profile']['account'];?> <?php endforeach; ?> Basically, the columns id, username, column, thumbnail always have been printing fine, but when I add a column called accountit returns no information (nothing prints, but no errors). Any suggestions?

    Read the article

  • Add an item to the Finder/Save dialog sidebar

    - by Clinton Blackmore
    I'm working on a script where a user logs into a guest account on OS and is prompted for their network credentials in order to mount their network home folder (while they benefit from working on a local user folder). As the guest folder is deleted when users log out, I want to discourage them from saving anything there. I would like to replace the items on the Finder and Open/Save sidebar lists (such as "Desktop", username, "Documents", etc) with ones that would save into their network home folder. It is possible to do this using AppleScript or Cocoa APIs, or do I need to modify a plist and restart the Finder? [Ack. Looking into ~/Library/Preferences/com.apple.sidebars.plist, it isn't at all clear how I'd populate it.] Similar Questions: AppleScript: adding mounted folder to Finder Sidebar? suggests using fstab; this code will most likely run as a user and really, automounting at that point would be too late. How do you programmatically put folder icons on the Finder sidebar, given that you have to use a custom icon for the folder? Says there is no Cocoa API, but that you can use a carbon-style LSSharedFileList API that is only documented in a single header file. Does anyone know of some example code to add an item to the Finder sidebar?

    Read the article

  • Rails ActionCaching with Memcached fragment hit but action gets called anyway

    - by baldtrol
    Hi stackoverflow. I'm running into something strange. I'm using memcached with a caches_action setup. I'm doing this in 4 different controllers. In two of them, it works flawlessly (so far), though admittedly those two controllers are less complicated than the two in which it doesn't seem to work. I'm doing something like this: caches_action :index, :expires_in => 6.hours, :cache_path => Proc.new {|controller| controller.send(:generate_cache_path) }, :layout => false, :if => Proc.new { |c| c.request.format.js? } The intention behind the above is to cache some results that are dependent on the params. my :generate_cache_path method just takes into account some params and session vars and creates a unique key for memcached. I can see in memcached -vv that this is working. What's weird is that I get my request from the rails app for a given key, and I see memcached (with -vv) get the request and send back the response. But then my action runs anyway, and a new value is then set for the same key, even when all the same params are given. I can watch it happen. In the controllers where everything is working, the request is made for the fragment, it gets it, and the action in the controller is halted, and the fragment is passed back. These lines come from the exact same request: Cached fragment hit: views/items/?page=1&rp=10&srtn=created_at&srto=DESC.js And then: Cached fragment miss: views/items/?page=1&rp=10&srtn=created_at&srto=DESC.js I don't know what to make of it, or if I'm doing something stupid. Any help or ideas where I could start looking for trouble would be greatly appreciated.

    Read the article

  • Fails proceeding after POSTing to web server

    - by OverTheRainbow
    Hello According to this question, it seems like the error "Too many automatic redirections were attempted" is caused when forgetting to use a cookiecontainer to connect to a web server that uses cookies to keep track of the user. However, even though I used "request.CookieContainer = MyCookieContainer", I'm still getting into an endless loop that is terminated by VB Express with this error message. Imports System.IO Imports System.Net 'Remember to add reference to System.Web DLL Imports System.Web Imports System.Text Public Class Form1 Const ConnectURL = "http://www.acme.com/logon.php" Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim request As HttpWebRequest = WebRequest.Create(ConnectURL) 'Build POST data request.Method = "POST" request.ContentType = "application/x-www-form-urlencoded" Dim Data As New StringBuilder Data.Append("Account=" + HttpUtility.UrlEncode("jdoe")) Data.Append("&Password=" + HttpUtility.UrlEncode("test")) Dim byteData() As Byte byteData = UTF8Encoding.UTF8.GetBytes(Data.ToString()) request.ContentLength = byteData.Length Dim postStream As Stream = Nothing Try postStream = request.GetRequestStream() postStream.Write(byteData, 0, byteData.Length) Finally If Not postStream Is Nothing Then postStream.Close() End Try 'Dim MyCookieContainer As New CookieContainer Dim MyCookieContainer As CookieContainer = New CookieContainer() request.CookieContainer = MyCookieContainer 'Makes no difference 'request.KeepAlive = True 'request.AllowAutoRedirect = True Dim response As HttpWebResponse 'HERE '"Too many automatic redirections were attempted" response = request.GetResponse() Dim reader As StreamReader = New StreamReader(response.GetResponseStream()) RichTextBox1.Text = reader.ReadToEnd End Sub End Class This is probably a newbie issue, but I don't know what else to try. Any idea? Thank you for any hint.

    Read the article

  • After Delete Trigger Fires Only After Delete?

    - by Brandi
    I thought "after delete" meant that the trigger is not fired until after the delete has already taken place, but here is my situation... I made 3, nearly identical SQL CLR after delete triggers in C#, which worked beautifully for about a month. Suddenly, one of the three stopped working while an automated delete tool was run on it. By stopped working, I mean, records could not be deleted from the table via client software. Disabling the trigger caused deletes to be allowed, but re-enabling it interfered with the ability to delete. So my question is 'how can this be the case?' Is it possible the tool used on it futzed up the memory? It seems like even if the trigger threw an exception, if it is AFTER delete, shouldn't the records be gone? All the trigger looks like is this: ALTER TRIGGER [sysdba].[AccountTrigger] ON [sysdba].[ACCOUNT] AFTER DELETE AS EXTERNAL NAME [SQL_IO].[SQL_IO.WriteFunctions].[AccountTrigger] GO The CLR trigger does one select and one insert into another database. I don't yet know if there are any errors from SQL Server Mgmt Studio, but will update the question after I find out.

    Read the article

  • Integrate OpenId into an existing site

    - by Andrea
    I have a working web application which already has a login and registration system. I'm looking for some advice on how to do it. Until now, users have a username, an email, a password and some optional fields. The registrartion is the usual process with email confirmation. Now I'd like to allow users to use OpenId. So I have added an openid field to the table. There are two different login forms, and users which are already registered can add their openid info and use either login form. The problem is with new users who come on the site for the first time and try to login with OpenId. I create a new user for them, and I don't need a password, but still I need at least a username, which is used on the site (I'm not sure if the email is needed). So my problems are: 1) How do I manage validation? Some fields are required for some users, (e.g. a password) but not for some others. I mean, I can do this, but it immediately gets messy. 2) Should I ask for a username and email on the first OpenId login? On the one hand I'd say yes, but I fear this vanishes the advantages of using OpenId, that is, not having to provide details. 3) I could get the details via SReg or AttributeExchange, but most providers have a bad support for those. For instance my Gmail OpenId account does not tell the email (!). Is there some place to learn more about the current support for these extensions?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 335 336 337 338 339 340 341 342 343 344 345 346  | Next Page >