Jump to content
xisto Community

8ennett

Members
  • Content Count

    435
  • Joined

  • Last visited

Everything posted by 8ennett

  1. Just a quick tutorial to explain how you can create a hidden website, this means you can have a website hidden within another website or a website that nobody can even view without knowing the secret. Now this method can be used to add additional security say to your administration panel for your site, basically even if someone were able to brute force the admin password they would still need to know this trick to access the admin panel. We are going to be playing around with your browsers user agent information. This is basically information available to a server telling it what web browser you are using and it's version number etc. A basic firefox user agent would be like so: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729) Now for this tutorial we will be using the latest version of firefox, and you will also need to download an add-on called User Agent Switcher which you can download here Once you have downloaded and installed this add-on, in firefox go to Tools -> Default User Agent -> Edit User Agents Next click on the "New" button then on "New User Agent..." and you will get a screen like this: Now we want to set the description to something like "Secret Website", and for this tutorial change the User Agent field to "opensesame". Excellent, we have now created our new means of accessing our secret website. Now we are going to write a php file with our code in it. This is very simple to do. The following code will either display our secret website, or if our user agent isn't set right it will redirect the user to google.com instead. <?phpif ($_SERVER['HTTP_USER_AGENT'] == 'opensesame'){echo 'Well done, you have found the cookies!';}else {header('Location: http://google.com; That's it, now upload your php file and first try to access it using your default user agent. You will find you can't, instead it just loads google. Now if you click on Tools -> Default User Agent -> Secret Website then this will change your user agent over to the new "opensesame" value. If you try opening the web page again then you will see the echoed message. If you don't have a server to try this out on, I have uploaded a copy of the php file to http://forums.xisto.com/no_longer_exists/ so you can still give it a go. If you want to hide a completely different website inside another website that is simple to do as well. In every page of your site have the above php code, except have your hidden site where the echo currently resides and have the public site in the else statement. Nobody will know it is there unless you tell them it is. You can also change the phrase "opensesame" to anything you want. I had this idea for hiding web pages when I was messing around with css files, using php to determine the browser so I could provide a more compatible browsing experience (we all know the pains of css and html when it comes to firefox and internet explorer). I had been using the user agent switcher add-on as part of my testing and it suddenly hit me that it could be used as an additional layer of security for your website. Not very practical for average users, I mean who wants to sign up to a website where you have to mess around with all that stuff just to access it, but excellent for hiding your admin panels and creating entirely hidden web pages from the public eye (for secret societies and highly sensitive data). Don't forget when not accessing your secret website to change your user agent back to the default otherwise it may interfere with other websites.
  2. Just realised I forgot to add the background images, however you can get a copy of them and a more detailed description of how to implement this script here http://forums.xisto.com/topic/97648-topic/?findpost=1064408457 Actually looking over the code above the whole thing has gone mental, the php tags have dissapeared etc. Just use the above link for a more up to date example.
  3. No, I had no way of updating the download link. At least this way if anyone tries to rip off my work (again ) by linking directly to the file then the people downloading it will wonder why it's not working lol
  4. AMENDMENT REQUIRED I've just realised there is a mistake in the index.php, simply change the two instances of $_SESSION['imagever'] =='true' to $_SESSION['logimg'] == true making sure you change imagever to logimg and also remove the speech marks from the word true, otherwise you won't be able to access the home page.
  5. 8ennett

    Hello

    I don't know, I kinda liked the laid back attitude over at asta, it's easier to have conversations without tonnes of posts flooding the forum day after day lolOne thing I would like to ask, I've posted a few good tutorials over on asta, is reposting allowed between the two or is that frowned upon?
  6. 8ennett

    Hello

    Hi there everyone, I've been a member over at the Xisto forums for some time and thought it was about time I signed up to ks as well. So here I am, hello
  7. Have you ever considered the fact that there is a reason for the cut-off percentage being increased so much each year?I doubt very much that these universities and colleges have any less students than in previous years. This indicates to us that the amount of students studying in India is increasing a hell of a lot faster than the production of prestigious academic facilities. They are having to increase the qualifying percentage to prevent having to reject students who have passed the qualifying criteria because their capacity is at maximum.It's not fair having two completely different fields of study and I agree that there should be a universal system of grading, however there are probably good reasons why they are seperate. The most obvious reason I can think of is that the government is unable to afford to make it a single system which is why a portion of the education system is in the hands of the private sector.Academics will obviously agree that the current system in place is not effective but it is obviously way the current body of government is able to maintain the status quo and keep the education system afloat. It may seem unfair, but unless new schools are built it will continue to function in this way and may get worse if the number of students continues to increase and the number of schools don't.
  8. He's probably either got a guy who looks just like him, or he has a twin and both of them are magicians pretending to be the same guy. It's another old trick of magicians, having a twin brother (or sister) but without people knowing and thinking you are the same person. That way you can do so many more tricks.
  9. Actually on google you can access your mail, view the weather and so on, it has all the features of yahoo plus more however it's designed so all this does not interfere with your general web searches.Google is without doubt the most efficient in both design and functionality for running on slower computers. If you were to type in "weather yourarea" then it brings up a panel with a general forecast for the next four days.Also measurement conversions and currency conversions are fantastic. I'm always converting GBP to USD using google, just type in 15GBP to USD and it brings the results up at the top of the page just like the weather. Also if you have a google account you can log in by clicking the link in the top right of the page which only appears when you mouse over it.The original search engine I used was yahoo, that was before I knew google existed. That was probably about 13 years ago, and yahoo was actually the better search engine. But now googles AI search queries and advanced query characters make it a breeze to find anything you want. For example I'm always looking for single-link downloads (not of illegal or copyright material) and on all these forums that link to the material I'm looking for it's always split-archives. So all I need to do is type in to google "site:megaupload.com mysearch" and it instantly brings up a list of single-link downloads from MU.So for those who weren't clear, Google is definately my favourite in all aspects.
  10. 8ennett

    Q: User Login

    I would say it is a matter of site traffic. If you aren't expecting a high volume of traffic through your website then I would recommend using your own custom function/class however, high volume traffic sites such as web communities and forums then static pages are a better way of reducing the pressure on your web server. I've never agreed with using classes and functions for every single aspect of your sites design. It may seem all neat and tidy, but it can really start chewing up those cpu cycles. A seperate include containing php classes and functions that you feel will be used in more than one place on your site is efficient, however if you are only going to use the function once and nowhere else on the site then definately just write it in to the page as raw php and don't bother putting it in a class or function. At this point I'm hearing programmers screaming in my ear NOOOOO however it is a cold hard fact this is what is best for your server even if it is not the best for you. Also the advantage of doing this is if you suddenly realise you are going to need to use this function in more places on your site, it's a simple matter of extracting the raw php, modifying it a little bit and putting it in your general functions include and replacing the code with the new function. I once saw an example of a login site which was absolutely ridiculous. The entire thing, and I mean the ENTIRE thing was a series of custom functions. It nearly made me sick going through it all. If you need to put multiple html outputs in to a single php document then it is a hell of a lot easier to seperate them like this: <?phpif ($_GET['page'] == 'login'){?>Login page goes here<?php}elseif ($_GET['page'] == 'register'){?>Registration page goes here<?php}elseif ($_GET['page'] == 'logout'){?>Logout page goes here<?php}else {?>Home page goes here<?php}?> A lot less pressure on your server yet still divided out in to manageable and none confusing sections that you can work on without a high chance of messing up and getting lost in an ocean of code. Alternatively you could have a central control document like the one above and call in your seperate pages using a page activation variable and a series of includes like so: <?php$pageactivate = true;if ($_GET['page'] == 'login'){include('login.php');}elseif ($_GET['page'] == 'register'){include('register.php');}elseif ($_GET['page'] == 'logout'){include('logout.php');}else {include('home.php');}?> Then your seperate php files can contain the following to ensure they are only being access by the above page and not manually typed in to the browser: <?phpif ($pageactivate == true){?>Page content goes here<?php}else {header('Location: index.php');exit;}?> Really, structuring your site like this is just as tidy as having all your own functions and classes in one file, that's why file systems haven't changed much since they were first created. People get over excited about different filing methods though and tend to take it to extremes.
  11. This tutorial is the first part in what will soon become a series of in-depth PHP tutorials to create your very own web community. The quality and features of this web community will be enough to rival many packages already out on the web which people are trying to sell. So not only can you save money by building it yourself, but you will have in-depth knowledge of exactly how the site has been built and can add more and more to it with ease. Over all the web community will contain forums, chat rooms, profile pages, advanced admin options, forum moderators, news feeds and even a module engine. Ok, let's get started. ======================================================== PHP Web Community: Part 1 Advance User Account System First of all you will need to download the PHP files - Download Now it is recommended you use PHP 5+, MySQL and your PHP server NEEDS to include the GD2 library. Also your server will needed a working SMTP server so your site can send out emails. Also for ease of use your users will be required to have a working javascript browser. Once you have extracted your files, you will need to create a new database (you can name it anything) and run the file 'tables.sql' located in the extracted folder. Once you have run this sql file in your favourite MySQL console then delete this file. Next up go into the 'lib' folder and open config.php. All the PHP files have been fully commented as to what each line is/does. Fill out the first four variables defined with your database connection details. The other variables in the config file are: $configsitename: Fill this in with what ever you are going to call your site $configsiteaddress: The base url of your site without trailing slashes, eg. http://forums.xisto.com/no_longer_exists/ $configsiteadminemail: The administrators EMail address $configsitewhoseonline: This value is in seconds. If a user has been online within the past amount of seconds then on the login page they will be displayed as part of the online users value. $configsitedisable: If a person attempts to login to an account that is not their own and they have gotten the password wrong X amount of times (X being defined below) then the account is disabled for this many amount of seconds. $configsitedisableamount: This is the amount of times a person can get their account password wrong before their account is disabled for the above defined amount of seconds. $configsitewrongimage: If a user gets the captcha image wrong this amount of times then they are automatically logged out. This is to prevent bots from automatically logging in to an account. Now if you didn't understand what some of the above variables are defining then don't worry, as you go through this tutorial you will understand. Also, in part 2 of this series we will be making an admin panel that will make it easier to edit these values so you don't have to keep editing the config.php file. Once your site has been configured it will now be fully functional. I would suggest at this point you register an account for yourself and once it has been registered go in to your database and modify the following fields: Validated: Set this to Yes so you don't need to bother checking your email Type: Set this to 'Super' which will make this account in to a Super Admin account. Ok now we can set about describing each php document and what their functions are. In order to access the site now all you need to do is open the index.php in your web browser. This is the only file you will now need to type in as all the other php files are includes. index.php If you open this file up you will find each line of php is fully commented login.php This file handles our login credentials. If you go through the php at the top of the file then you will see what each line of the code does and how it affects the login. This page will also display how many users are registered with your site (including banned, disabled and unvalidated accounts) and how many users are currently online (people who have been online within the past X amount of minutes pre-defined in the config.php file). Now the amount of users that are online is currently only updated when they fill in the login page, however once we get on to the part 2 chapter of this series we will be updating their online status every time they interact with the website once logged in. If a person attempts to guess a users password then after they get the password wrong the amount of times we defined in the config file then the account will be disabled for however long will set it to again in the config file. As you can see the pages aren't going to look very pretty, however that is not a topic for discussion in this tutorial. If you are unfamiliar with CSS and image design then I suggest you look up a seperate tutorial on that topic register.php Now obviously this page is going to handle our users registration to your website. As you will see in the php file, each line is commented and describes the different types of checks on the users submitted data so we won't run through these again. As long as the checks pass on the user submitted data then an email will be sent out to the users email address and this will contain a link which the user can easily click to activate their account. This is so you can verify that the email address the user has given you is in fact real. Another feature of this is checking that the username is not already being used. If it is found that someone else has this username then it will offer alternatives. They can choose to use one of these alternatives or change their desired username. If there are any problems with the user submitted data then the registration form will automatically fill out again with the info previously provided (except the confirm pass field). This is just so the user doesn't get more and more frustrated having to fill out an entire form over and over again if their usernames aren't available. lostpass.php This page is going to deal with our lost password information. If a user requests their password to be reset then an email will be sent out to them with a link. As a security measure this whole process won't affect their password at all until they have clicked a link with a valid password reset code associated with their account AND have entered a new password. This is so others can't reset a persons password and lock out their account or gain access illegally. After a valid link has been clicked imagever.phpThis php file will be displayed after user has logged in (and their account has been validated) and is a way to prevent automated logins. It will display a captcha image which the user must enter to continue logging in and they will be automatically logged out if they get the image wrong a pre-defined amount of times in our config file. Again, the file is fully commented and will explain everything in detail. The image itself is generated using the randomImage.php file which is also commented. I suggest you create your own background images and these are located in the base directory of the site name cbg1.JPG to cbg5.JPG and one of these are randomly selected each time the image is loaded. Please not it is important if you are running a linux server to have the JPG extension in UPPERCASE as if they are in lowercase then linux won't recognise the extension. It took me a while to figure that one out validate.php This file will handle our account validation information. If a user attempts to login without having validated their account then they will be taken to a page that displays their currently registered email address and the user can opt to change their email address, and after doing so a new email will be sent out to the new address containing a fresh validation link (the old cold previously sent out will become obsolete and unusable). They can also simply resend the validation email in case they had to disable a spam filter etc. on their email account. If they click a link which contains a valid activation code then this page will simply activate their account and take them to the image verification page without displaying any other details. If they enter an invalid code then an error message will be displayed and they will be taken back to the login page or to the resend validation email page depending on wether or not they are logged in. We now have ourselves an advanced user account system with full features. I wouldn't advise expanding on this to continue creating your site without read part 2 in this series of tutorials which will detail key security features to prevent unauthorised access to the site and also continue updating your online status as you navigate the logged in site. Feel free to ask questions and add comments concerning this tutorial and let me know if you found it to be informative. Can I also add, although this is a free tutorial and will eventually create a web community website of the same quality as other developers sell online, you are not free to modify the code and slap a price tag on it. It is designed to be free, you can develop it as much as you like and add/take features from it however selling it is NOT an option.
  12. Erm, right I kinda had a hard time believing you actually asked this question, you want to know if magic is real or not?What you saw were all illusions, that is the key thing behind magic tricks. There is no real magic in the word. Magicians deceive you in order to entertain, if there were such a thing as real magic I doubt they would be crappy tricks for minimum wage lolI once saw a man make an entire elephant dissapear, it was incredible, there was no possible way I thought that he could have done it. The elephant wasn't near the walls and was stood in the center of the room. There were no trap doors, the floor was solid concrete. The elephant was there one second and gone the next. I then saw a program called "breaking the magicians code" where they reveal the secrets of some of the most popular tricks including the elephant trick. There is always one way you never think of (that's the job of a magician) and so it was with the elephant trick. A mirror, that's all it took. One large mirror expertly placed and perfectly executed and it would appear as though the elephant vanishes in to thin air.When it comes to magic you have to remember, for every 10 ways you know the trick can be done there are another 30 you don't know, hence the definition of the word "trick"
  13. There's not really much that can be done digitally, it's a big job and needs the image to be physically mended. The print needs re-adjusting and putting back in place, it looks like there are quite a few fingerprints that have moved it out of place. You may have to face facts and understand this image can never be restored back to a decent quality. I take it you don't have a copy of the negatives. Maybe you can track down the photographer who took the picture. Tax records are always the best way to do this. Find the tax records for any professional photographers paid by the school during the year it was taken. Also, professional photographers always keep an extensive library of negatives from all their work just for occasions like this. I did have a go at mending this however it would not be anything like the original. There is too much missing data. I did have a go at cleaning it up however the sharpness was not very good. The only thing I could fix was the face, however with that large portion of missing print on the forehead it was hard. Like I said, not a very good job and nowhere near as sharp as the original
  14. I'm just wondering actually, how come you want generate the file in rtf format? I haven't written rtf headers for a while so it was fun ammending this code. But yeah, in what context would this script be exporting rich text?
  15. That just verifies everything I have said, the only way to crack a wpa key is a brute force attack
  16. There's no other way to break WPA encryption (or WPA2) other than using a dictionary attack. WEP is the most unsecure form of encryption which is the whole point of the article, many routers only provide WPA and WPA2 in pre-shared key form which is what is vulnerable to dictionary attack. If you are saying there is a faster method of breaking a pre-shared WPA key then please share this method.
  17. It makes no difference if it is WPA or WPA2, the methods of attack are identical and take the exact same amount of time. Did anybody even read this article before responding?
  18. Interesting, i was really referring more to the table layouts than anything, I know what you mean about pre-generated code. I usually prefer to manage my div attributes through a css file instead of writing it into the div style, that way all my div alignments and features are easily edited in one place, and when the css is linked directly in the page header then the wysiwig automatically updates the visual side as you change the css so you can write in code yet see how it looks in a live format
  19. I've gone through the code, and normally I would agree with the backslashes statement however it's not in double speech marks so that's not the case here. It's actually a problem with the rtf formatting, I've gone through and updated it like so, note the value of the dropdown is now the f reference inside the rtf code and have pre-defined Times New Roman (f1) and Arial (f0), this should work fine now and have had no problems in my rtf reader (wordpad). Also another problem was the initial new line after the first speech mark, it cause other readers to consider the whole thing as text instead of rich text. <div class="page" style="background:white;"><form action="?" method="post"><select name="font"><option value="1">Arial</option><option value="0">Times New Roman</option></select> <br /><textarea name="text">Type Here</textarea><input type="hidden" name="done" value="1"> <br/><input type="submit"></form><?php$text = '{\rtf1\ansi\ansicpg1252\deff0\deflang2057{\fonttbl{\f0\froman\fprq2\fcharset0 Times New Roman;}{\f1\fswiss\fcharset0 Arial;}}{\colortbl;\red255\green255\blue255;}\viewkind4\uc1\pard\cf'.$_POST['font'].'\f'.$_POST['font'].'\fs24 '.$_POST['text'].'\cf'.$_POST['font'].'\f'.$_POST['font'].'\par}';if($_POST['done'] == 1) {$fp = fopen('writetest.rtf','w+');fwrite($fp,$text);fclose($fp);echo '<a href="writetest.rtf">Download</a>';}?></div> Oh yeah, and also you had a slash between ansicpg and 1252 which was the main cause of the error
  20. Frontpage Express was the original web design tool I used over 11 years ago, it's what got me interested in web design in the first place, however back then it was not a part of the office suite and came free with windows 98.I found it was an ok tool for developing basic html pages (back in the days when css was hardly used and it was all done using the <font> tag) but as my thirst for knowledge lead me on to other web devolpment languages I found it was unable to cater to my needs.Now I find myself using dreamweaver constantly (I'm still using 8 though, see it as a waste of money upgrading since I already own a perfectly good copy). Dreamweaver is fantastic for both the complete amateur developer and the hyper advanced.The WYSIWIG environment is perfect for modifying those annoying complex table and div layouts, whilst on the code view all the code is perfectly formatted and not left an untidy mess like most other editors. It also has its own content management system built in which helps keep track of your current sites structure, although I find once your website has reached over 500 files like mine it's easier just to use a folder browser to navigate your site structure.Dreamweaver costs a little more than most development tools however you can guarantee once you have it, you'll never get rid of it.
  21. It's hard to get work as a programmer in the UK because there are so many people who think they can code but are at best a beginner. They apply for all the jobs that require a higher grade programmer and seriously undersell the rest of us.An employer in the finance sector for isntance, they hire business analysts and system analysts however they don't have a clue how difficult their job can be or what it involves, and because they don't understand it they think anyone who claims to be able to do it CAN do it. So they hire these complete amateurs who take forever to get the job done, which makes the employer think that this line of work isn't that important to the company.I was once employed to work on a project for a large life assurance company as an assistant systems analyst. The job was basically to transfer the database to a new incompatible system after the company was taken over. They brought me in because they were behind on the deadline and needed an extra hand. The first day I started I was shocked at how ineffecient their methods were, it was incredible. After working there for two weeks the project manager realised that by myself I had achieved a 500% higher workload than any other person on the project so was given the running of my area and the rest were let go. The project was finished 4 months ahead of schedule and left me out of work again and underappreciated. I single-handedly finished what was supposed to be a further 8 months of work for 7 people in to 4 months by myself.They then shrugged it off, didn't renew my contract and used the new system, hiring amateurs to develop the software for them leaving their general productivity a lot lower than it should be, simply because the amateurs will work for a lot less money. If they had kept me on to continue developing for them I could have reduced the amount of staff they required in the company by 1/3. Doesn't sound good on the employment side but in retrospect the company could have saved hundreds of thousands per year by hiring a professional. They didn't understand this fact though, and the cycle continues.Until the rest of the world catches up and actually attempts to understand how computer programming works the professionals amongst us will always be undersold by amateurs, and with the amount of amatuers growing (who lack the flare for programming the rest of us have) it's just getting too hard to keep in this line of business.
  22. As a couple of you may be aware I have been designing my own browser-based PHP MMORPG (Massively Multiplayer Online Role-Playing Game) over the past 12 months and it is reaching the stage where I could use some good beta testers to test out what has been made so far and to find all those niggling little errors I've missed in the code and also cross-browser layout, suggest improvements and additional features and many other things.The site is still a good few months from being completed at least which is why it would be best to start testing now instead of sifting through a completed set of scripts to amend any errors.The beta testers need to be diligant, checking every single available feature of the game no matter how insignificant. Also, those with a security exploit background would be very welcome. Experience in cheating or attmepting to cheat at other MMORPG's would help me a lot in improving my own security (and no names will ever be mentioned). Also be warned, constant changes to the database will be made during testing and may require you to re-register many times over. Don't get attached to the account you have either because at the release date all accounts will be reset.Once the game has been released all beta testers will receive 3-6 months premium membership and for those who prove extremely perceptive and highly motivated will be offered moderator positions with the opportunity to move up to admin status in the future.It's not quite ready for beta testing just yet and I will be writing a specialised error reporting script for the beta testers to use.If you are interested then just reply to this post and include any questions you may have then I will let you all know via pm when the site is ready for you.Thanks and regards,8ennett
  23. Well I started on designing my index.php which contains the login, registration, lost password and email validation pages and by doing so helped me sculpt the look and feel of how my site was going to turn out and also creates those vital sql tables essential to the general running of the game. Everytime someone loads a page when logged in it always pulls the entire contents of the user list table and puts it in a session variable so writing additional pages doesn't require constant pulling of data from the database. Also it checks the server is online (daily maintenance etc.) and logs them out if not, checks if their account is banned and log out if so (if they are banned while they are online). Basically all the details you need for the header and security checks.There isn't really an in-depth tutorial of how to do all this online because most of the larger games are actually an engine bought from a company and the company isn't going to write the tutorial because obviously they want to keep making money.It was because people were using pre-built game engines that caused me to start writing my own game, show the people what a REAL programmer can achieve lol
  24. ah sorry I can't help you then. I've never used reCaptcha, I just don't feel like it fits in with the aesthetics of my sites. Plus I always prefer using my own stuff so I know exactly what's going on with it.
  25. It all seems to be working fine again now, strange. I couldn't access either site or the admin panel at :2082, didn't try ftp. It may have been a DNS error as apposed to a server error if the server reports as fine. It happened over the space of an hour before i went to bed.
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.