You are viewing our Forum Archives. To view or take place in current topics click here.
#11. Posted:
Status: Offline
Joined: Jun 30, 201113Year Member
Posts: 1,010
Reputation Power: 49
Status: Offline
Joined: Jun 30, 201113Year Member
Posts: 1,010
Reputation Power: 49
#12. Posted:
Status: Offline
Joined: Jun 29, 201311Year Member
Posts: 211
Reputation Power: 13
Status: Offline
Joined: Jun 29, 201311Year Member
Posts: 211
Reputation Power: 13
OP, I consider you get better at PHP before endeavouring on such an ambitious project.
1) Don't do all that JS w/ embedded PHP stuff; it won't work. It's also wildly insecure and could potentially lead to a lot of problems for your site's security.
2) Don't handle a db connection like that. Learn OOP and use dependency injection. Also, ditch mysqli and just go with PDO; it'll save you time and potential girlfriends in the long run.
3) Learn PHP security. After 4 mins of looking around the repo; already found an SQLi vulnerability: [ Register or Signin to view external links. ]
4) As speed noticed, don't use an md5 constant hash as your salt. I'd also argue you've be better off just using the password_hash() function rather than doing it via crypt().
5) Oh, look, another SQLi vulnerability [ Register or Signin to view external links. ]
Please consider learning OOP PHP (along w/ SOLID and design patterns) and simple security measures before you continue with this.
1) Don't do all that JS w/ embedded PHP stuff; it won't work. It's also wildly insecure and could potentially lead to a lot of problems for your site's security.
2) Don't handle a db connection like that. Learn OOP and use dependency injection. Also, ditch mysqli and just go with PDO; it'll save you time and potential girlfriends in the long run.
3) Learn PHP security. After 4 mins of looking around the repo; already found an SQLi vulnerability: [ Register or Signin to view external links. ]
4) As speed noticed, don't use an md5 constant hash as your salt. I'd also argue you've be better off just using the password_hash() function rather than doing it via crypt().
5) Oh, look, another SQLi vulnerability [ Register or Signin to view external links. ]
Please consider learning OOP PHP (along w/ SOLID and design patterns) and simple security measures before you continue with this.
- 1useful
- 0not useful
#13. Posted:
Status: Offline
Joined: Jun 29, 201311Year Member
Posts: 211
Reputation Power: 13
Status: Offline
Joined: Jun 29, 201311Year Member
Posts: 211
Reputation Power: 13
I actually just found a more ridiculous error:
[ Register or Signin to view external links. ]
You're trying to close a mysqli connection via mysql_close() ?
That will not work and, if you update to PHP7 with that, you'll throw an error because that driver API (all mysql_* functions) are removed in PHP7.
Please, learn what you're doing.
[ Register or Signin to view external links. ]
You're trying to close a mysqli connection via mysql_close() ?
That will not work and, if you update to PHP7 with that, you'll throw an error because that driver API (all mysql_* functions) are removed in PHP7.
Please, learn what you're doing.
- 1useful
- 1not useful
#14. Posted:
Status: Offline
Joined: Dec 30, 201310Year Member
Posts: 1,331
Reputation Power: 69
#15. Posted:
Status: Offline
Joined: Nov 05, 201311Year Member
Posts: 2,749
Reputation Power: 452
Status: Offline
Joined: Nov 05, 201311Year Member
Posts: 2,749
Reputation Power: 452
Huge update to the thread!
I will no longer be adding people on Skype
If you are wondering why I chose discord, it is because it looks the same
on every device and has great permission features unlike Skype.
Also it is more secure.
I will no longer be adding people on Skype
If you are wondering why I chose discord, it is because it looks the same
on every device and has great permission features unlike Skype.
Also it is more secure.
- 0useful
- 0not useful
#16. Posted:
Status: Offline
Joined: Dec 30, 201310Year Member
Posts: 1,331
Reputation Power: 69
+1 this topic. Idea is well thought out and is organised.
- 0useful
- 0not useful
#17. Posted:
Status: Offline
Joined: Jun 11, 200915Year Member
Posts: 9,897
Reputation Power: 3160
Motto: "I'l no I grew up to fast speed I no u will be little famous" - Famous_Energy
Motto: "I'l no I grew up to fast speed I no u will be little famous" - Famous_Energy
Status: Offline
Joined: Jun 11, 200915Year Member
Posts: 9,897
Reputation Power: 3160
Motto: "I'l no I grew up to fast speed I no u will be little famous" - Famous_Energy
Sys wrote Enlighten me speed.
Go all out on the description.
First off, crypt is extremely weak, even with proper salting.
Second, they committed their salt, making it effectively useless.
Third, the SQL vulnerabilities that Obscure pointed out.
Those 3 together pretty much guarantee that anyone who wants to can not only get into the database, but reverse the hashes relatively easily.
The code is extremely insecure.
- 1useful
- 0not useful
#18. Posted:
Status: Offline
Joined: Jul 27, 201311Year Member
Posts: 82
Reputation Power: 4
Status: Offline
Joined: Jul 27, 201311Year Member
Posts: 82
Reputation Power: 4
What's your USP for this site to make it competitive vs others or is it just for the programming experience?
- 0useful
- 0not useful
You are viewing our Forum Archives. To view or take place in current topics click here.