BetterPHP

Line 62 looks like an empty line...It could be because of the extra } on line 61. You'll need to remove it anyways for the activation id to be valid. Also, please surround code in the syntax tags. They can be located as a button above the textbox when submitting a new post. In this case it would be ...

Did some more research and learned that self-signed certificates unfortunately are not secure as an attacker can create a certificate of their own for your server and acquire the secret key to decrypt the data.

The code you posted is just using php.net's example. How do you process your login? Just one query that is vulnerable can search your entire database (depending on user permissions) however, so it may take time to spot your vulnerability. General precautions to take include: 1. Salt and hash all pas...

Unfortunately any VPS that supports Java is pretty hefty in price these days. If anyone is willing to, more power to them Just anything except Simple Auth is all I have to say... Teaching live would be cool, there are a few sites out there that let you do that for free for up to half an hour if I'm ...

You can create mods in JavaScript and upload them with PocketTool? It's something that begins with pocket You just compress them in a zip file I believe. It's been a while since I played pocket edition since there really aren't a lot of features yet. Minecarts are coming in 0.8.0 though. I'm not sur...

Between the two there really isn't much difference. The only thing I noticed back when I used ASP.NET was that PHP could not do threading. Also, on larger scale projects, ASP.NET seemed to be more useful while PHP was better for performance (i.e. speed). There is no logical reason why one is better ...

The site is definitely being paid for. That's a good sign in a way. We could always mess with the site and create a 500 error to see his email idk if he or any visitor would like it too much though. Just read through the rest of the posts and saw the popularity of Temor's minecraft thread. Minecraft...

Yea sorry about that. I tried to reduce as much as possible into functions. All but the last fuction should be good to skip. Granted I could be returning arrays instead of exploding some places, and that strlen() shouldn't be there in valid_api_key(), but those are minor details that I will nullify ...

Hello. Just finished my API and I would like a security check if possible. It's not completely done as of the distributing of the API key, and downloading of the data, but what I would really like feedback on is the handling of the data. I haven't installed SSL yet so there's no forcing it yet. It's...

Jacek is alive He fixed the search.

Took me a while to know what you meant You mean hashing the code inside the file, then checking the code on the user's server against it? I suppose it could work but since the user updating won't have access to the updated code before hand, the hash will have to be placed in the returned json which ...

Thanks for the article I guess I should start down the intended path then. I do plan to self sign or find cheaper certificates. $600~ isn't really in my budget for no source of income coming from the projects I'm working with. Even ads get cluttery and no one really wants to see them. The script is ...

The harder it is, the more fun in my opinion Problem being that MTIM attacks can intercept any private key made before it reaches my server if I understand it correctly. I may have everything the opposite way. No matter. There wouldn't be a session id that I could make on another site and routers of...

Thanks, and yes it is very sensitive. I've been trying to work on auto updating of scripts by letting the user request my site via an API and read code via a temp file. Looks like I'll have to do more research and/or scrap the idea and make update scripts that can be downloaded at the site. Update: ...

I'm not very experienced with MITM attacks so, a few questions if I may. 1. When using an API, is it required for both parties to have SSL for a MITM attack to be prevented? I believe I read somewhere that it was but I can no longer find it. 2. Follow up on number 1: If the party that is accessing t...

Checking your support messages every day is a given. Multiple times a day is best. YES! Even if you're on a host that limits the number of emails being sent, there is no excuse. You can make your contact form insert the information into the database instead of mailing and read it through the backen...

Why the two document ready calls?

Also, never EVER display SQL errors while users have access to your site. If for some crazy reason you disregard that advice, be sure to htmlentities(); your query if you display that as well (Why would one ever...?). Most importantly, check support messages several times a day. Reported a vulnerabi...

He was on 11 days ago. If only he would just post something

Thanks temor. Updated with an example of integer injection. My brain was slow yesterday.

Haha yes it does. I might just do the same later on. I believe they returned the file to its original contents. No word as of yet on the security breach being patched.