Creates cookies to keep track of a logged in user. A lot of md5 + server-side secret keeps normal "crackers" from forging tickets. Good for times when you don't have SSL.
UPDATE: For added security, place secret.php outside of your web tree so that if PHP breaks they can't easily reach the hash value. Also, forgot to add the PASSWORD into the
hash! Silly me! TODO: Make the cookies update as the user continually checks in so that the cookies expire after X seconds of INACTIVITY vs. a flat 36000 seconds.
This is a function which will format the passed string depending of it's specified to be a number or a string, in order to avoid problems with SQL injections in scripts.
If you need to check if the current user's IP address is either within a set range or matches a given IP use this function. Possible uses include additional security for an
authentication script. IP range needs to be in form 12.34.56.78-12.34.67.89
If you want to use PHP to display emails without fear of spambots taking them for ill-use, when you don't have an encryption algorithm, here is a simple and usefull tool to
both hide and present emails with sessions and random encoding. This is how you can easily encode your emails on a webpage. This works by generating a unique password to
attach to each email being encoded per page in a random place. To see a error, copy and paste a email link into a new window.
gencoder is a simple php encoder that use base64 algorithm to encode and decode the script, unlike zend encoder, this script won't solve your problem from hiding the source
code from advance programmer but at least you're one step closer to making your code tougher for people to steal
Keycom Version2 (production tested)- This is a class to store values in a conacated string. This string can then be passed as a post variable to a child program. As the
internals of the variable are not exposed this provides the most security. A companion script securepage.php checks for the existance of this post variable. The combination of
the class and script allows for completely secure (cookie-less) www programing with spider friendly clean urs's.
// ********* License COMPLETELY FREE NO GUARENTEE ******************** // keycom_class - where security is essential. Cookieless passing of post variables. // This class will
enable the user to pass all necessary variables in a // secure fasion to the child php page. // it accomplishes this by creating objects that search and or replace the //
variables one desires to pass in a conacated string // This is shot # 2 on creating classes so beware // Thanks for your interest. Ian A. Stewart
If you are making a admin tool for your site you can add all the users into a table called e.g. "users" and automaticaly generate a .htpasswd file from it. This function uses
MD5 encryption.
**************************************************************************** *** PHP Protect Plus *** *** v 1.0 *** *** www.phpclub.site.ir ***
**************************************************************************** To protect your html pages, first copy this file to the page's directory then rename html page to
.php and add the line bellow to the first line of your html page: [ Replace "protect.php" with the name of this file ] Also for php files, just add the above line to the first
line of code. The first time, use "admin" for username and "phpclub" for password. "admin" user is just for managing users. It can not be used for browsing protected pages. If
you want to make a logout link, link to : "protect.php?logout=1" or any protected .php file with "?logout=1" .
I used a html form that has a password field named password and a submit button named submit. When the submit button is clicked the page reloads with the $password variable
sent back to the server. Then when php resends the html to the client it includes the appropriate javascript to redirect them to the correct protected page.
This class uses integer bitmasks to represent permissions. This allows for easy and acurate storage of complex permissions. To aid in ease of use the class will convert
bitmasks to an associative array of boolean permissions and then convert the array back to a bitmask for easy storage.
Filter out unwanted PHP / Javascript / HTML tags. This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS)
attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields. I have tried to make this class as easy as possible to use. You
have control over the filter process unlike other alternatives, and can input a string or an entire array to be cleaned (such as $_POST).
Simple and relativity safe login scripts for web sites with secret contains and multiple users. All traffic is loged to MySQL database for possible latter analysis... This
scrips work correctly only with PHP 4.2 and higher...
Phrozen, The idea, you want to encode your scripts, however you don't want to have to make the end user install something to "un-encode" your script. Well, here is a poor-mans
solution to that. This does real-time encoding-decoding of the files and the file is only left on disk for exactly enough time for it to be read and parsed. This is one
solution, feel free to email me if you use this in a project, I would like to see how others have used it.
This simple security check ensures that a php script does not receive any unexpected rogue GET or POST vars. Just call this simple function at the top of each script to help
protect it from malicious attacks.
If you are sure that GET/POST/COOKIE values are not modified by user, you may be able to reduce lots of overhead for checking values. This function provide means to make sure
GET/POST/COOKIE values that are set by PHP programmer are not modified by users.
A PHP implementation of the Secure Hash Algorithm, SHA-1, based on the JavaScript implementation by Paul Johnston. This is basically a "translation from JavaScript to PHP, so
most of the credits should go to Paul Johnston. I only re-wrote it in PHP. See http://pajhome.org.uk/site/legal.html for details.
If you want to use this code, please link back to www.officedevils.com - you don't have to, just a comment on your blog will do!
These two code fragments are pretty simple. It randomly generates two numbers, and adds them as hidden variables on your site's submission or sign-up form. The user then has
to do the simple sum before the submission is accepted.
Yes, you could write a grep to find the numbers and add them, and submit that, but I am sure that won't happen until a LOT of people start using this, and then you can simply
move the variables, or add to it, so that the numbers are turned into words, or change the variable names, or change the sign.
You might also want to make the maths that little bit harder than adding a ten to a digit, to improve the quality of members you get!! ;-)
The big advantage is that this doesn't limit access to those without sight or graphics, such as disabled or WAP users, allowing you to still comply with the regs. on usage.
UA Blocker allows you to selectively deny specific user-agents from visiting your site. This helps to eliminate email harvesting, and various other bandwidth-sucking visitors.
Some examples are included.
A complete modual for you to wrap around anything that you want secure. Wiggem uses php's new session functions and is much more secure then the average cookie login script.
Md5 encryption is also used.
Store
Your email:
