PHP Programmers SPAM Me! - GoFuckYourself.com

SinSational · 12-02-2004, 07:26 PM

i have a customer that has some php code written but it is pretty sloppy. basically it uses a mysql db to authenticate a username and password. if the username and password are in the DB then it takes them to the members are (which is in a frame) and if not then it takes them to an error page. some people are having trouble getting to the frame and bounces them back to the login screen. Norton Internet Securities privacy feature has been one of the problems (when turning it off people can get in fine), and Mac user's are having trouble with the frames.

basically they are looking for the code to be altered without using frames to get to the members area, but at the same time it has to be protected.

if you know of how to possibly solve this and can do the work, then please email me at chris (a.t.) atcihosting (d.o.t) com with what you think may work and your cost. i can also give you some more details to how it works. please do not icq me because it is too hard to keep track of who quoted me what price etc.

thanks

Juicy D. Links · 12-02-2004, 09:25 PM

SinSational · 12-03-2004, 06:27 AM

i heard juicy knew everything.....i didn't think php though.

pornpf69 · 12-03-2004, 06:45 AM

...if I were not on 2 other projects I would hit you up....

Jennie · 12-03-2004, 07:17 AM

Hit me up !!!

Thanks..

foxylady · 12-03-2004, 07:47 AM

mail sent, you could check your mail now.

thanks

raymor · 12-03-2004, 10:42 AM

Strongbox, next generation security system,
can authenticate against a MySQL database.
After 5 years of development, Strongbox is going
to be much more robust and effective then anything
a PHP scripter is going to whip out for you this week.

s9ann0 · 12-03-2004, 10:51 AM

three words for you:

mod auth mysql

seven · 12-03-2004, 11:01 AM

Quote:

Originally posted by raymor
Strongbox, next generation security system,
can authenticate against a MySQL database.
After 5 years of development, Strongbox is going
to be much more robust and effective then anything
a PHP scripter is going to whip out for you this week.

Exactly what I was thinking, why not get a real pass script?

Got strongbox yesterday on 1 site, like it already

getting ready to have it on a 2nd site

SinSational · 12-03-2004, 11:29 AM

Quote:

Originally posted by raymor
Strongbox, next generation security system,
can authenticate against a MySQL database.
After 5 years of development, Strongbox is going
to be much more robust and effective then anything
a PHP scripter is going to whip out for you this week.

looks good, but can it be integrated with a PIN system? the current set up works like this:
people redeem a PIN # and create a user/pass at this time.
the user/pass is datestamped and allows unlimited access for 1, 10, 30 days etc.
when they redeem the PIN the above info is inserted in to the table.
the fields in the table are pin, username, password, days valid, pin reedeem date, pin expire date.
every time they go to login, the user/pass is validated against the table. if it is still valid it takes them to the members area page, if not it takes them to an error page and deletes the expired record from the table

s9ann0 · 12-03-2004, 12:49 PM

Quote:

Originally posted by SinSational
looks good, but can it be integrated with a PIN system? the current set up works like this:
people redeem a PIN # and create a user/pass at this time.
the user/pass is datestamped and allows unlimited access for 1, 10, 30 days etc.
when they redeem the PIN the above info is inserted in to the table.
the fields in the table are pin, username, password, days valid, pin reedeem date, pin expire date.
every time they go to login, the user/pass is validated against the table. if it is still valid it takes them to the members area page, if not it takes them to an error page and deletes the expired record from the table

why not use mod auth mysql and use basic auth (some might call this.htaccess password) and have a perl script or something on a crontab run daily to cancel users that expired

it would take like an hour to setup

Varius · 12-03-2004, 01:23 PM

First, make your pages you want protected include a .inc that does the following:

PHP Code:


			
if (!isset($_SERVER['PHP_AUTH_USER'])) {

    $page = $PHP_SELF;

    header("Location: /login.php?URL=".$page);

    exit();

}

Then have the page login.php do this:

PHP Code:


			
if (!isset($_SERVER['PHP_AUTH_USER'])) {

    authenticate();

}

else {

   $sock = -open your db connection-



    $sql = "SELECT    id

            FROM      users_table

            WHERE     username='".$_SERVER['PHP_AUTH_USER']."'

            AND       password=PASSWORD('".$_SERVER['PHP_AUTH_PW']."')";

    $res = mysql_query($sql,$sock);

    if(mysql_numrows($res)hahahaha0) {

        authenticate();

    }

    else {

        header("Location: ".$URL);

        exit();

    }

}



function authenticate() {

    header("WWW-Authenticate: Basic realm=\"Member's Area\"");

    header("HTTP/1.0 401 Unauthorized");

    header("Location: [url]http://whatever.com/error.page[/url]");

    exit;

}

What this will do, i any page they try and access thats protected, if they arent logged in it will popup the auth box. If they login properly, they will be redirected back to the page they were trying to access.

If they get it wrong few times, they will be redirected to your error page.

Fast, easy, no frames or modules needed.

Also allows you room for customization, for example when they do login successfully, you could update user_last_login in the database, or things like that....

Enjoy

pornpf69 · 12-03-2004, 03:16 PM

Quote:

Originally posted by Varius
First, make your pages you want protected include a .inc that does the following:

PHP Code:

if (!isset($_SERVER['PHP_AUTH_USER'])) { $page = $PHP_SELF; header("Location: /login.php?URL=".$page); exit(); }

Then have the page login.php do this:

PHP Code:

if (!isset($_SERVER['PHP_AUTH_USER'])) { authenticate(); } else { $sock = -open your db connection- $sql = "SELECT id FROM users_table WHERE username='".$_SERVER['PHP_AUTH_USER']."' AND password=PASSWORD('".$_SERVER['PHP_AUTH_PW']."')"; $res = mysql_query($sql,$sock); if(mysql_numrows($res)hahahaha0) { authenticate(); } else { header("Location: ".$URL); exit(); } } function authenticate() { header("WWW-Authenticate: Basic realm=\"Member's Area\""); header("HTTP/1.0 401 Unauthorized"); header("Location: [url]http://whatever.com/error.page[/url]"); exit; }

What this will do, i any page they try and access thats protected, if they arent logged in it will popup the auth box. If they login properly, they will be redirected back to the page they were trying to access.

If they get it wrong few times, they will be redirected to your error page.

Fast, easy, no frames or modules needed.

Also allows you room for customization, for example when they do login successfully, you could update user_last_login in the database, or things like that....

Enjoy

this wont work as you have forgot to open the '{' after the if and after the else....

aSStig · 12-03-2004, 03:20 PM

we could help you on that . . . .

sent an email, do check it out . . .

Varius · 12-03-2004, 04:11 PM

Quote:

Originally posted by pornpf69
this wont work as you have forgot to open the '{' after the if and after the else....

Where?

I put the open squiggly bracket in there its just it seems to get replaced by haha123 and the double = sign gets replaced by hahahaha

Varius · 12-03-2004, 04:13 PM

Quote:

Originally posted by Varius
Where?

I put the open squiggly bracket in there its just it seems to get replaced by haha123 and the double = sign gets replaced by hahahaha

also damn board automatically parse the url (cuz i forgot to uncheck that box) in my header() and stuck a href tags on it...which shouldnt be there

SinSational · 12-03-2004, 05:04 PM

thanks varius, i'll have to look in to this a bit more.

12-02-2004, 07:26 PM	#1
SinSational Confirmed User Join Date: Oct 2004 Location: Boston, MA Posts: 1,723	PHP Programmers SPAM Me! i have a customer that has some php code written but it is pretty sloppy. basically it uses a mysql db to authenticate a username and password. if the username and password are in the DB then it takes them to the members are (which is in a frame) and if not then it takes them to an error page. some people are having trouble getting to the frame and bounces them back to the login screen. Norton Internet Securities privacy feature has been one of the problems (when turning it off people can get in fine), and Mac user's are having trouble with the frames. basically they are looking for the code to be altered without using frames to get to the members area, but at the same time it has to be protected. if you know of how to possibly solve this and can do the work, then please email me at chris (a.t.) atcihosting (d.o.t) com with what you think may work and your cost. i can also give you some more details to how it works. please do not icq me because it is too hard to keep track of who quoted me what price etc. thanks __________________ ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details Virtual from $14.95/month, Dedicated from $149.95/month Dual-Core Xeon > 1000GB @ $149.95 \| 1500GB @ $169.95 \| 10Mbps @ $269.95

12-03-2004, 06:27 AM	#3
SinSational Confirmed User Join Date: Oct 2004 Location: Boston, MA Posts: 1,723	i heard juicy knew everything.....i didn't think php though. __________________ ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details Virtual from $14.95/month, Dedicated from $149.95/month Dual-Core Xeon > 1000GB @ $149.95 \| 1500GB @ $169.95 \| 10Mbps @ $269.95

12-03-2004, 06:45 AM	#4
pornpf69 Too lazy to set a custom title Join Date: Jun 2004 Location: Brasil Posts: 15,781	...if I were not on 2 other projects I would hit you up.... __________________ Delight Toys Store! Cumming Sooooon MY ICQ# 169833797

12-03-2004, 07:17 AM	#5
Jennie Confirmed User Join Date: Mar 2004 Posts: 2,018	Hit me up !!! Thanks.. __________________ xxxoutsourcing.com ICQ:119936 - Aim:xxxoutsourcing - US Toll FREE: 1-866-978-1048

12-03-2004, 07:47 AM	#6
foxylady Confirmed User Join Date: Oct 2004 Posts: 1,829	mail sent, you could check your mail now. thanks __________________

12-02-2004, 09:25 PM	#2
Juicy D. Links So Fucking Banned Industry Role: Join Date: Apr 2001 Location: N.Y. -Long Island -- Posts: 122,992

12-03-2004, 10:42 AM	#7
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	Strongbox, next generation security system, can authenticate against a MySQL database. After 5 years of development, Strongbox is going to be much more robust and effective then anything a PHP scripter is going to whip out for you this week. __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids

12-03-2004, 10:51 AM	#8
s9ann0 Confirmed User Join Date: Sep 2001 Location: Boston Posts: 4,873	three words for you: mod auth mysql

12-03-2004, 01:23 PM	#12
Varius Confirmed User Industry Role: Join Date: Jun 2004 Location: New York, NY Posts: 6,890	First, make your pages you want protected include a .inc that does the following: PHP Code: `if (!isset($_SERVER['PHP_AUTH_USER'])) { $page = $PHP_SELF; header("Location: /login.php?URL=".$page); exit(); }` Then have the page login.php do this: PHP Code: if (!isset($_SERVER['PHP_AUTH_USER'])) { authenticate(); } else { $sock = -open your db connection- $sql = "SELECT id FROM users_table WHERE username='".$_SERVER['PHP_AUTH_USER']."' AND password=PASSWORD('".$_SERVER['PHP_AUTH_PW']."')"; $res = mysql_query($sql,$sock); if(mysql_numrows($res)hahahaha0) { authenticate(); } else { header("Location: ".$URL); exit(); } } function authenticate() { header("WWW-Authenticate: Basic realm=\"Member's Area\""); header("HTTP/1.0 401 Unauthorized"); header("Location: [url]http://whatever.com/error.page[/url]"); exit; } What this will do, i any page they try and access thats protected, if they arent logged in it will popup the auth box. If they login properly, they will be redirected back to the page they were trying to access. If they get it wrong few times, they will be redirected to your error page. Fast, easy, no frames or modules needed. Also allows you room for customization, for example when they do login successfully, you could update user_last_login in the database, or things like that.... Enjoy __________________ Skype variuscr - Email varius AT gmail

12-03-2004, 03:20 PM	#14
aSStig Confirmed User Join Date: Apr 2004 Posts: 1,102	we could help you on that . . . . sent an email, do check it out . . . __________________ PAYMENT SOLUTIONS http://www.firstdata.com

12-03-2004, 05:04 PM	#17
SinSational Confirmed User Join Date: Oct 2004 Location: Boston, MA Posts: 1,723	thanks varius, i'll have to look in to this a bit more. __________________ ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details Virtual from $14.95/month, Dedicated from $149.95/month Dual-Core Xeon > 1000GB @ $149.95 \| 1500GB @ $169.95 \| 10Mbps @ $269.95