Feb 9

Need security advice?.

It could be thought of as a war out there. Traditional alarms are no longer a stumbling block to the hardened and educated burglar, (TV and the internet has a lot to answer for). As technology moves on, so does the burglar’s and squatter’s skills and cockiness. Keep one step ahead and ensure that your choice of alarm and protection equipment is sophisticated, not complicated

Are you unsure about what to do?.
The problem is, how do you decide what is needed when faced with so many choices? In an attempt to keep it simple, you must determine what you are trying to protect and why, then relate that to your local environment. Follow the links and consider the survey to have a better idea of what you should be installing

Jul 15

I was playing around with some more vector work, (yes boss, I am working too!) and came up with a penguin who I have affectionately named Dave.

I am including the PSD file in with Dave in case anyone wants it to download and play with.

If you do decide to give Dave a new home, please drop me a line and let me know :)

Dave….
Click for larger view.

Give Dave a Home

Here is the psd (zipped)

Give him a good home and look after him!

Jul 15
More Vector thingy’s
icon1 SpikeZ | icon2 artwork | icon4 07 15th, 2008| icon3No Comments »

As promised here are a few more green things. There are also red ones which I will put on as well.

If anybody wants to take the PSD and do more with it then let me know and I will link it up :)

1/ I think I need a break…..

I need a break.....

2/ sad

sad

3/ sleepy

sleepy

Jul 11

Whilst uploading an image I kept getting an error message:

HTTP ERROR:

crunching…

and the image wouldnt upload.

This appears to be a know bug and a few people have a few theories but the one that worked for me was to create an .htaccess file in the wp-admin folder and add:

<IfModule mod_security.c> <Files async-upload.php> SecFilterEngine Off SecFilterScanPOST Off </Files> </IfModule> to it.
Jul 10
Vector Art
icon1 SpikeZ | icon2 artwork | icon4 07 10th, 2008| icon36 Comments »

Validation Validation?
One of a range of vector images I did for T Shirts not so long ago. I still have some availble with different designs if anyone i sinterested ;)

Jul 10

Need a quick and dirty captcha?

session_start();

        $str = str_shuffle(‘abcdefghijklmnopqrstuvwxyz0123456789′);
        $substr = substr($str, 0, 6);
        $im = imagecreate(60, 25);
        // white background and blue text
        $bg = imagecolorallocate($im, 255, 255, 255);
        $textcolor = imagecolorallocate($im, 0, 0, 0);
        // write the string at the top left
        imagestring($im, 5, 2, 4, $substr, $textcolor);
        // output the image
        header(“Content-type: image/png”);
        imagepng($im);

Should give you a simple image (but easily decipherable by OCR Readers )

Jul 10

So 1 day into my blogging life and I have 5 spam messages already.

Askimet is now activated so lets see what happens…….

Jul 10

Alrighty then, here goes with the first of what I hope will be many tutorials.
This is a BASIC login script that uses a MySQL database to log someone in.

It is by no means a complete, secure, authorising system so please dont come back with things like; “Your session security is rubbish” or “Why isnt this in full OO code?” - It’s a principle tutorial with working code done in a semi OOP/procedural fashion for the purposes of learning.

So here we go, most of the text is in the code - cut, paste and learn :)

1) Database sql file
Create a database or if you have one already just run the following code:

/*
SQLyog Community Edition- MySQL GUI v6.05
Host - 5.1.24-rc-community : Database - spf
*********************************************************************
Server version : 5.1.24-rc-community
*/

/*!40101 SET NAMES utf8 */;

/*!40101 SET SQL_MODE=”*/;

/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=’NO_AUTO_VALUE_ON_ZERO’ */;

/*Table structure for table `members` */

CREATE TABLE `members` (
  `id` int(6) NOT NULL AUTO_INCREMENT COMMENT ‘members id’,
  `username` varchar(12) NOT NULL COMMENT ‘members username’,
  `password` varchar(255) NOT NULL COMMENT ‘members password’,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;

/*Data for the table `members` */

insert  into `members`(`id`,`username`,`password`) values (1,’spike’,‘a60e7822190108e7bfa5015a3f57dea1′),(2,‘doug’,‘b07b89b1d596bc0d32cbabed34147efd’);

/*Table structure for table `membersinfo` */

CREATE TABLE `membersinfo` (
  `id` int(12) NOT NULL AUTO_INCREMENT COMMENT ‘record id NOT user’,
  `usr_id` int(6) NOT NULL COMMENT ‘member id’,
  `realname` varchar(255) NOT NULL COMMENT ‘members realname’,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;

/*Data for the table `membersinfo` */

insert  into `membersinfo`(`id`,`usr_id`,`realname`) values (1,1,‘Mike’),(2,2,‘Doug’);

/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;

The Username/ Password combinations are:
spike/spike
doug/doug

File 1 - functions.php
(remember - comments are in the code!)

<?php

/* Basic login using php and mysql
        ** nothing clever or complicated :)
        ** Build mainly to demonstrate a login system
        ** that anyone can follow
        ** Requirements:
        ** PHP4+/PHP5+
        ** MySQL database
        **
        ** */

/* functions.php
        ** This page is literally for the function that can
        ** be used in the script more than once or need to be
        ** called from different locations eg: login
        ** Also on this page are some basic congiuration items
        ** as this file is included in other pages
        **
        ** session_start();
        ** www.php.net/session_start
        ** Initialize session data
        **
        ** ini_set("display_errors", 2);
        ** ERROR_REPORTING(E_ALL);
        ** set up error reporting
        ** www.php.net/manual/en/function.error-reporting.php
        ** */

       

/* session handler
    ** Start session
    ** append with @ depending on server config */

@session_start();

/* error handler
    ** set error reporting level to 0 to show no error, 2 to show */

ini_set(“display_errors”, 2);
ERROR_REPORTING(E_ALL);

/* define some useful constants
        ** */

define(‘DB_USER’, ‘root’);
define(‘DB_PASS’, ‘peanuts2′);
define(‘DB_HOST’, ‘localhost’);
define(‘DB_BASE’, ’spf’);

/* database connection
        ** connect to your MySQL database
        ** using the constants above.
        **
        ** */

mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_BASE);
               

       
/*————————————->
        function: login form
        ** basic login form
        ** nothing fancy :)
————————————–*/

        function loginForm() {
               
                return
                <fieldset>
                <legend>Please Login</legend>
                        <form name="loginForm" id="loginForm" method="post" action="">
                                <p><label for="usr">Username</label><br />
                                        <input type="text" name="usr" value="" /></p>
                                <p><label for="psw">Password</label><br />
                                        <input type="password" name="psw" value="" /></p>
                                <button type="submit" name="submit" value="SUBMIT">Login</button>
                                <input type="hidden" name="login" value="1">
                        </form>
                </fieldset>
                ‘
;
        }
       
/*————————————->
        function: login process
        ** process the login form
————————————–*/

        function loginProcess($username, $password) {
               
                /* never trust incoming data
                        ** sanitise it and escape it
                        ** basic cleaning 
                        ** mysql_real_escape_string (www.php.net/mysql_real_escape_string)
                        ** trim (www.php.net/trim)
                        ** */

                       
                $username = mysql_real_escape_string(trim($username));
               
                /* using md5 for password security
                        ** if you are using plain password - stop it!
                        ** if you insist on using plain passwords then
                        ** comment/hash the line below
                        ** */

                $password = md5($password);
               
                /* Run the query to find a match in the database
                        ** selecting only the basic fields and
                        ** NOT using *
                        ** also using LIMIT 1 as there should only be one
                        ** result…..
                        ** */

                $sql = mysql_query(
                                select
                                          id
                                        , username
                                        , password
                                from
                                        members
                                where
                                        username = ‘$username’
                                and
                                        password =’$password’
                                limit 1
                        “
);
                       
                /* are there any rows returned
                        ** from the login query?…..
                        ** mysql_num_rows() returns the total number of rows
                        ** found by the query
                        ** So if there is a row
                        ** */

                if(mysql_num_rows($sql) > 0) {
               
                /* assign a results handler to the
                        ** returned fields.
                        ** */

                $rows = mysql_fetch_assoc($sql);
               
                /* register some session variables
                        ** based on the database values */

                $_SESSION[‘usr_logged’] = 1;
                $_SESSION[‘usr_id’] = $rows[‘id’];
                $_SESSION[‘usr_name’] = $rows[‘username’];
               
                /* now that the basic values are registered
                        ** fire them off to the next page
                        ** using header("Location: nextPage.php");
                        ** */

                header(“location: members.php”);
                /* exit() as we dont want the
                        ** script to carry on */

                exit();
                       
                } else {
               
                /* but what happens if there are no results
                        ** returned from the database?
                        ** Make a polite error message
                        ** */

                $errorMsg = ‘<p>Sorry. Your details couldnt be found</p>’;
               
                /* and return that value to the script
                        ** for displaying */

                return $errorMsg;
                }       
               
        }

/*————————————->
        function: check auth
                is the usr_logged variable present?
                has the user logged in? 
————————————–*/

        function checkAuth() {
                /* is the SESSION usr_logged variable
                        ** anywhere? */

                       
                /* if not - redirect them to somewhere they can login
                        **      */
   
                if(!isset($_SESSION[‘usr_logged’])) {
                        header(“Location: index.php”);
                        exit();
                        return false;
                } else {
                /* return true - not really needed but keeps things tidy! */
                        return true;
                }
        }
       

/*————————————->
        function: get member details
                based on the usr_id session variable   
————————————–*/

        function getMemberDetails($id) {
               
                /* query the database using the session usr_id
                        ** variable. Also left join the information table
                        ** to get the extra information
                        ** */

                $sql = mysql_query(
                                select
                                          members.id
                                        , members.username
                                        , members.password
                                        , membersinfo.realname
                                from
                                        members
                                left join
                                        membersinfo
                                on
                                        members.id=membersinfo.usr_id
                                where
                                        members.id = $id                               
                        “
);
               
                /* for this tutorial there are no real details
                        ** but if you had another table with more
                        ** information such as address, postcode etc
                        ** you can use the same theory
                        ** */

               
                /* assign a results handler as we did earlier
                        ** to handle the returning information */

                $rows = mysql_fetch_assoc($sql);
               
                /* note that $rows is an ARRAY and as such holds the
                        ** information like:
                        ** $rows['usrname']
                        ** $rows['password']
                        ** etc… */

                return $rows;
               
        }

?>

File 2 - index.php

<?php
/* include the functions file
        ** so that we can use those functions
        ** */

include(‘functions.php’);

/* set up an empty variable that we can ‘fill’
        ** later in the script.
        ** defining it here avoids the error message…..
        ** Undefined index $whatever on line X….
        ** */

$msg = ;

/* Has the login form been sent?
        ** Check the $_POST global array for the hidden field
        ** Using a hidden field as they will always be sent with a form
        ** whereas the submit button wont always be there if the user hits
        ** enter.
        ** NB: Not sure if that still holds true with modern browsers but its
        ** a habit now :)
        ** */

if(isset($_POST[‘login’])) {
        /* fill the $msg variable that we defined earlier with the
                ** results of the login function */

        $msg = loginProcess($_POST[‘usr’], $_POST[‘psw’]);
}

?>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”>
<html>

<head>
        <meta http-equiv=“content-type” content=“text/html; charset=iso-8859-1″>
        <title>Index.php</title>
</head>

<body>

<h1>Index</h1>
<?php
/* down to the nitty gritty now!
        ** If the $msg variable is not equal to nothing
        ** then echo it
        ** It should only be full if the login failed…..
        ** */

if($msg != ) {
        echo $msg;
}
/* basic setup…..
        ** check if the session variable usr_logged is present
                ** if it isnt then the user cant have logged in so
                ** give them the login form
                ** */

if(!isset($_SESSION[‘usr_logged’])) {
        echo loginForm();
}

echo md5(‘doug’);

?>
</body>
</html>

file 3 - members.php

<?php
/* include the functions file
        ** so that we can use those functions
        ** */

include(‘functions.php’);

/* USR/MEMBER AUTH CHECK
        ** so this is our members page so we dont want any Tom, Dick or Harry
        ** looking at it so…..
        ** */

checkAuth();
/* if they have got to here, they should be logged in…..
        **/

/* get the member details based on the usr_id held
        ** in the SESSION.
        ** */

$memberDetails = getMemberDetails($_SESSION[‘usr_id’]);

/* if the login form is on this page
        ** process it if it has been sent */

if(isset($_POST[‘login’])) {
        $msg = loginProcess($_POST[‘usr’], $_POST[‘psw’]);
}

/* logging out */
if(isset($_GET[‘logout’])) {
        unset($_SESSION[‘usr_logged’]);
        unset($_SESSION[‘usr_name’]);
       
        header(“Location: index.php”);
        exit();
}
?>
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”>
<html>

<head>
        <meta http-equiv=“content-type” content=“text/html; charset=iso-8859-1″>
        <title>members.php</title>
</head>

<body>

<h1>Members</h1>
<a href=“?logout”>Logout</a>
<?php

echo ‘Welcome back ‘. $_SESSION[‘usr_name’];

/* $memberDetails holds the information returned from the function
        ** that gets all the information from the database
        ** */

echo ‘<p>Members Realname is…. ‘. $memberDetails[‘realname’] .‘</p>’;

?>
<p>That is really all there is to it as a basic, bare bones login system.<br /><br />
It has minimal security so that is something to look at next as is Adding a user to the database.</p>
</body>
</html>

It should be quite easy to follow butif you have any questions, please just ask :)

Jul 9
format size
icon1 SpikeZ | icon2 PHP, snippets | icon4 07 9th, 2008| icon32 Comments »

Snippet for formatting byte size.

function formatSize($size, $round = 0) {
    $sizes = array(‘B’, ‘kB’, ‘MB’, ‘GB’, ‘TB’, ‘PB’, ‘EB’, ‘ZB’, ‘YB’);
    for ($i=0; $size > 1024 && $i < count($sizes) - 1; $i++) $size /= 1024;
    return round($size,$round).$sizes[$i];
}

Usage:

formatSize(‘12345′);

*********** UPDATE **********
From LogicEarth at Sitepoint, an alternative method
Cheers LE :)

function fromBytes ( $size, $place = 3, $iec = true, $bits = false )
{
        $messure = ‘KMGTPXZY’;
        $factor  = $iec ? 1024 : 1000;
        $count   = 0;

        if ($bits) { $size *= 8; }

        while ( $size >= $factor ) {
                $size /= $factor; $count++;
        }

        $messure = $count ? $messure[$count ] . ( $iec ? ‘i’ : ) : ;
        $messure = !$bits ? $messure . ‘B’ : strtolower( $messure ) . ‘b’;

        return round( $size, $place ) . ‘ ‘ . $messure;
}

Jul 9
debugger function
icon1 SpikeZ | icon2 PHP, snippets | icon4 07 9th, 2008| icon3No Comments »

Debugger Function:

Wrote this for a small CMS to return a nicel formatted error string.
Accepts either a string or Array as the argument and cn debug superglobals as well

(POST, SESSION, GET, COOKIE et al)

function debugger($desc=null, $what) {
        /* if it’s an array, print_r for formatted output
                ** */

                if($desc) {
                        echo ‘<b>’. $desc .‘</b><br />’;
                }
               
                if(is_array($what)) {
        /* give the formatting
                ** */

                        echo ‘<pre>’;
                        print_r($what);
                        echo ‘</pre>’;
                } else {
        /* otherwise just print out the string
                ** */

                        echo $what;
                }
        }

« Previous Entries