Perl/PHP Thread
- Thread starter Cromewell
- Start date
Ankur
Active Member
Just some queries.
1. PHP include
I use it in most of my pages to give a connection and select the database. I want to know how secure it is? I have heard that the header.php file is not very secure.
2. How to auto generate/create a page?
Example. When I joined facebook it did not give me specific page for my profile. The one day it asked me to select a page name for it. I selected one name and the page got generated. What is this technique called? How to auto generated such pages?
1. PHP include
Code:
<?php include("header.php"); ?>2. How to auto generate/create a page?
Example. When I joined facebook it did not give me specific page for my profile. The one day it asked me to select a page name for it. I selected one name and the page got generated. What is this technique called? How to auto generated such pages?
1. If header.php isn't very secure that's kind of you own problem, fix the code
There was a security flaw (may have been addressed by now) where if header.php was missing the php start tag it could get printed out in plain text on every page which references it. That may be the security issue you are talking about.
It's possible with recent versions of php to include remote files. Obviously this is a security concern because you are including a file which you likely don't have source control over, someone could be modifying functions you are using to do undesired things.
2. I don't use facebook at all but I'd imagine it's all database driven. They may be using some kind of mvc framework as well.
mihir
VIP Member
1. What kind of security are you talking about. You can chmod the file. And as cromwell said you can make some changes in the code. What exactly did you hear about header.php being not very secure?
2.You can use php file handling to create a new php page with the profile details as saved as variables. Like you can have a template with appropriate variable to create a php page for every user. Or you can use query strings and url masking. I think facebook uses URL masking
I think what he is talking about is due to the behaviour of the php intrepreter. Lets say you have a php file which manages your connection credentials and someone were to either make an error or intentionally wanted to mess it up and removed the starting <?php. Any page which was including this file would have the contents displayed for all to see.
Ankur
Active Member
I want to know how safe is the header.php file? I put my connection details in it. What if someone gets the code on it? They will hack my whole site. I know the php code isn't displayed on Pages but is there a way to see it? I am not aware of any way, if there is a way then what are the preventions?
Example, if I put some text in a text box, e.g name, then after hitting submit I want it to create a page automatically, like sitename.com/name.
I did not really understand that.
Example, if I put some text in a text box, e.g name, then after hitting submit I want it to create a page automatically, like sitename.com/name.
As long as you have a server with the php parser they can't get the code unless they break into the server itself. At which time that's probably the least of your trouble.
It can be done a couple ways, one is with URL Rewrite where it's faked (but looks like a real page to a user/search engine) and the other is a script that actually generates the file structure.
mihir
VIP Member
I think URL masking is the best method, for regular websites.I am not sure what facebook uses. But I won't be surprised if they create new files for every user they have since they own the appropriate server resources needed to get the job done. But something like creating new files for every user would be very heavy for a regular website
Troncoso
VIP Member
You should just be able to add HTML bold tags around it (<b></b>). If you would like to do a lot of formatting and visual things in PHP, it would do you good to learn how to integrate some HTML/CSS into your code.
Ankur
Active Member
Agreed, but I want to write the string in a word file and not on a webpage. If I put "<b>Hello</b>" in a string and write it in a word file then it will print
<b>Hello</b> in word file.
How I actually I want to print in word file
Hello
How actually it is printing
<b>Hello</b>
Are you trying to write the doc file with using the word xml format? If so you have to use <w:b/> modifier but it's ugly as anything you've ever seen or ever will again.
If you have some library which is helping you with the word doc format, it should have a method to do what you want.
If you have some library which is helping you with the word doc format, it should have a method to do what you want.
Ankur
Active Member
I have created login page for my website, it checks the username and password and the if successful creates a session for that user.
Example: $_Session['user']=$username;
I want to know if other user logs into my site then will the $_Session['user'] variable be overwritten?
Will there be confusion or any bugs?
Is there a method to solve this problem?
I want to create two different sessions for these two users accessing my site concurrently, how to identify the users?
Example: $_Session['user']=$username;
I want to know if other user logs into my site then will the $_Session['user'] variable be overwritten?
Will there be confusion or any bugs?
Is there a method to solve this problem?
I want to create two different sessions for these two users accessing my site concurrently, how to identify the users?
kobaj
VIP Member
I have created login page for my website, it checks the username and password and the if successful creates a session for that user.
Example: $_Session['user']=$username;
I want to know if other user logs into my site then will the $_Session['user'] variable be overwritten?
Will there be confusion or any bugs?
Is there a method to solve this problem?
I want to create two different sessions for these two users accessing my site concurrently, how to identify the users?
No, the session table gives unique ids depending on the user accessing the server. So User A cannot see User B's session variables.
But I'm posting because that is not a very effective way to manage the login of users. As soon as they close their browser/navigate away from the site session variables are recycled. Meaning every time they come back to your website they have to log in /again/. Which, if you're running a banking website is secure yes. But regular website, or forums, or anything of that nature will drive the user insane.
You should use cookies.
Ankur
Active Member
It is more of a place where security is needed, I am destroying everything after the user leaves the site, thanks Kobaj I needed that reply, I'm feeling positive now.
Okay now I have some security question, what is SSL, HTTPS?
I can google it but can someone explain me nice in short
Other tricks to keep my session safe.
Okay now I have some security question, what is SSL, HTTPS?
I can google it but can someone explain me nice in short
Other tricks to keep my session safe.
Using sessions is good for security but depending on what you are doing, it's possible to steal someone's session.
SSL/TLS/HTTPS is a secured connection between the server and client. Basically, it defines how the client and server encrypt their communications. You need a certificate to identify your server. You can use a self signed one but the client will complain that the site may not be secure unless your server is a trusted signer.
SSL/TLS/HTTPS is a secured connection between the server and client. Basically, it defines how the client and server encrypt their communications. You need a certificate to identify your server. You can use a self signed one but the client will complain that the site may not be secure unless your server is a trusted signer.