-
Content Count
253 -
Joined
-
Last visited
Everything posted by Nabb
-
I'm going to go under the assumption that you have the intention of getting free hosting here at Xisto. When you do, you will have access to your own cPanel. You have the option to 'Password Protect Directories'. A simple solution would be to have the file in a subfolder and password protect it. For example, instead of placing the file at /shop/add.php, define an 'admin' folder that is password protected and use /shop/admin/add.php. I don't understand what you're getting at. Who is 'they'? I'll propose one method to secure the system that removes the possibility of access given intercepted data: Define a function f(n) which returns a password. f(1) is the first password (e.g. add.php?item=pie&price=undefined&password=happy if the password is happy). f(2) is the second password, which is invalid until after the first password is used. f(n) is the nth password, which is only valid once, after f(n-1) is used. What you could then do would be to define f(n) recursively. For example: f(0) = "9012" (this password is unused, but necessary for the recurrence relation to work) f(n+1) = g(f(n)) g(n) = sha1(n + "some salt, thanks to whoever brought up this concept to me on some other thread"). (this is an example, feel free to create your own g(n), just as long as it involves a hash of some sort) This generates f(2) = "c3cd2a145b57c55305af29947c0630dd6b738e89", f(3) = "661dbb374be947d4f8e9facf3113b4cc892d531c", etc. (I think..) How this could work is to have stored somewhere in your database the last key used. In the previous example, you would have the key as "9012" before you've added any items, and "c3cd2a145b57c55305af29947c0630dd6b738e89" after adding one item. When you go to add an item via your program, it will prompt you for the salt. It has the previous key stored, and calculates f(n+1) from the previous key and salt. The program would then go to the page add.php?item=pie&price=undefined&password=f(n+1). (note that f(n+1) should be actually calculated and the value sent in, instead of the string "f(n+1)".) The file add.php then parses this data and calculates f(n+1) using the previous key stored in the database and the salt, checking it against the submitted data. If matched: it will return success, add the item, and replace the old key with the new one (e.g. replace "9012" with "c3cd2a145b57c55305af29947c0630dd6b738e89"; otherwise return failure (and potentially store information about the failed attempt). The security in this model is due to the fact that one cannot find the relation between the keys. Given 1000 intercepted passwords, a hacker would most likely be unable to determine a method of entry. This means that one cannot find the next key to be used and thus cannot add arbitrary items to the system. NB: This won't work if the program you're using isn't being made by yourself. [hr=noshade] Alternate methods are probably possible, this one I just made up. For example you could use a similar method but instead of f(n+1), calculate f(t) (possible problem: lag, a hacker reusing a key quickly (fix: limit additions by time, or remove the possibility of repeated keys)) These security devices have irreversible functions as the primary security method. [/hr]
-
Suggestions For Version 3 Of The Credit System
Nabb replied to Saint_Michael's topic in Web Hosting Support
I think the rating-credit system is easily exploitable, and shouldn't be implemented... Other solution: Don't put 30 credits in bank. The user will have 5 credits. Also note that there is already a credit bank.. whether you can transfer from the bank to yourself is another question - and there is 3% surcharge on transfers, so you'd lose 3% (or 5.91%?) of your initial deposit to commission when sending to the bank and then to yourself. Edit) Credit transfers: When you try to transfer credits, if you don't have enough it tells you how many you have minus 30 as the maximum you can transfer. This is incorrect due to the 3% commision. What should be displayed is (curr - 30)/1.03. A fix would be useful -
The Matter Of Hosting Credits Got a question? Find the answers
Nabb replied to gameratheart's topic in Web Hosting Support
When you apply, you will first need to wait for a moderator to review your posts. The moderator will then either deny your application or approve it. This is generally quite fast (a few hours at maximum usually). If denied, you will be told what to improve on.After being approved by a moderator, you will need to wait for an administrator to approve your web-hosting application. This can take anywhere up to a day, or more, but be patient because you'll be getting the best free hosting available on the web!After being approved by the administrator, your credits will drop to anywhere between 1 and 5 credits. Your credits will fall by 1 every day, meaning that you will need to stay active on the forums to keep your hosting. When negative, your hosting will be temporarily suspended.Also note that a change in credits will reflect an edited post (either by you or a moderator), so if you have a low credit count and have a post of yours edited by a moderator for spam or other reasons, your hosting may be suspended. -
What Do You Think About The Lhc Experiment?
Nabb replied to FreedomOverdose's topic in Science and Technology
Keep in mind that all that the LHC has done so far is send single protons around the huge loop. This will be all that happens for a few more weeks, until October 21 (I think) when the first collisions take place. This means that it's extremely unlikely of doomsday before then!(strangelets are strange) -
I don't play that much dota... I'm more into other things like Wintermaul Wars, and stuff...But when I do play, it's on Bored-Aussie (it's like battle.net I suppose, but it's a custom server for aussies )I only join the games labelled 'APEM FOR NOOBS' or similar
-
Firstly, dota is a map... Secondly, the song by Basshunter is about the map dota. What, mortal? With a little change of punctuation... What mortal? Anyways my favourite is Nevermore, but I'm pretty noob. For example: I often forget to use my lothars when I'm dying...
-
Seeing as you know PHP it should make some sense, which is good. It's probably not the best method, but I couldn't find a way to use duplicateMovieClip and attach the duplicate inside another movie-clip (something that is easily done with attachMovie - you could change it to createEmptyMovieClip on the first run, change the input parameter to a linkage id, and use attachMovie to attach the clips into the container...) If you need to use it on multiple clips, then you'd need to define another variable (say k) outside of the function call (alternatively check if its defined inside the function call and if not define it). Then change 'dupe' + c to 'dupe' + k and increment k somewhere inside the loop. ..and if it lags, try making the image smaller and then scaling it up via a html parameter.
-
I've ActionScripted up a solution! import flash.geom.Rectangle;function transparency (MC, s, e, g){ h = Math.ceil (MC._height); w = MC._width; xp = MC._y; var window:Rectangle = new Rectangle (0, 0, w, g); for (c = g; c <= h; c += g) { //when g is small (i.e. 1) and the MC is high, this might lag! duplicateMovieClip (MC, 'dupe' + c, _root.getNextHighestDepth ()); //is it possible to stick them in a container and simply count up the depth - getNext is a bit silly.. _root['dupe' + c].scrollRect = window; //i'm not sure if this would work well with vector drawings, i tested on your bitmap :P _root['dupe' + c]._y = c - g + xp; t = s * (1 - c / h) + e * c / h; if (t < 100) { if (t < 0) { _root['dupe' + c]._alpha = 0; } else { _root['dupe' + c]._alpha = t; } } var window:Rectangle = new Rectangle (0, c, w, g); } MC._visible = false; //if we remove MC, then the dupes are removed}//usage: transparency(MC, s, e, g)//MC: movie clip name//s: starting alpha (100 for not transparent, 0 for invisible - can be set outside)//e: ending alpha - gradient is made from s to e, if outside of [0,100], will be set to 0 or 100. you can have e>s for increasing alpha.//g: gap - the size in pixels of each block. 1 or 2 for a smooth gradient, high number for a nice blocky effecttransparency (MV,20,120,6);//i have a clip on stage called MV :)//the clip is split into 6-pixel blocks starting from 20% alpha, and going to 100% alpha for the last 1/5 of the picture... i think.. There you go! If anyone can find a better way, feel free to inform me! In case you don't know Flash that well, here's what you need to do to get it working: 1: Are you using a movie clip? Yes -> 5, No -> 2 2: Bitmap -> 3, or vector -> 4. 3: So it's a bitmap. Right click on it and hit 'Convert to Symbol...'. Make it a movie clip and name it whatever you want. -> 5 4: Highlight everything and do step 3 starting from 'Right click'... -> 5 5: Click on your movie clip. There should be 5 text-boxes in the properties panel at the bottom. Four of them describe size and location. In the fifth (topmost) one, type in whatever you want (MV in my example.) -> 6 6: Click on the background. Hit F9 if the actions panel isn't open. Pasta my code in. Change that last line outside the braces that isn't a comment to what you want. Feel free to remove the comments. -> ?????? -> PROFIT! If you need help, just ask =| If you've already solved the problem... damn! ..I just realised I used xp as the variable name (i.e. x position) when it refers to the y position =.= Can't be bothered changing it now. edit) changed 'it is' to 'is it'.. bloody grammar!
-
You should've done something random a second before the LHC started up. If school was during that period of time, I would've done something spontaneous. And then blame it on the LHC The one to worry about is 11:59:59 Dec 31st 2027... That picture was awesome Anyways, isn't it that the LHC isn't at full power for a couple of weeks? So we should worry that we could die in any time in the next couple of weeks? Oh and a question: LHC = Large Hadron Collider. This term is ambiguous. Is it a collider for large hadrons, or a large collider of hadrons? I mean the collider is large, but is it colliding large hadrons also? Which would make it a pun!? edit) There's a SUPER LARGE HADRON COLLIDER!? This changes things... I thought you were predicting that the LHC would work until 2012!
-
'Mr. President of Nigeria, I would be delighted to help you in your quest to retrieve the gold from the dragon's den. I am already equipping myself with the necessary armour and weaponry for the battle. However, I am unable to afford the last three pieces of Mithril which is needed for me to forge my 'Golden Mithril Battle Axe of Flame Resist'. If you would still like me to slay the dragon, I request a mere three pieces of Mithril, each of mass 1200 grams. You can deliver these pieces to 419 Nabb Street, Nabbland. Thank you, Nabb.' There be dragons!
-
So this text-same-colour-as-background thing has been done before.I devised a method that is almost undetectable. It doesn't create massive blank space. No text is hidden and visible by highlighting... But you can hit the quote button! Damn!So what do I do with this, should I leave it alone, or tell someone who would be able to do something about it, or what...(no, I haven't abused it anywhere, feel free to check all my 53 posts)edit) Har, I had another idea but it doesn't work. But it's IPB that blocks it!
-
I did that in a previous forum! Of course the 'credits' earned were only for fun, and allowed me to do things like change other peoples' avatar, user title and signature (before they logged on to realise). Fun stuff. Maybe it's possible to cheat the system by having text the same colour as the background - anyone tried that yet?
-
A list of free tools is available here. You can try using FlashDevelop. If you do by Adobe Flash and decide to make games or something, you should be able to get your investment back by sponsorships (e.g. send email to websites like ArmorGames, or submit to FlashGameLicense for a large possible sponsor audience), and Kongregate runs monthly and weekly contests that pays the highest rated games. In addition, MochiAds can get you ad revenue on a per view basis, an alternative is GameJacket (which has a possible $1000 grant if the team thinks your game is good).
-
If you want each user to have an individual page, it would probably work to create the page when they register. You could create the page separately and then paste it into the registration script as a heredoc (extremely useful these are, you should look into them if you don't know about them!), and have the script open username.php and just write to it.If there's a better way, feel free to say.
-
I've racked up over 1200 points in the past few weeks, but am, unfortunately, in one of the regions (Australia specifically) which has the new rules that give a much lower points to cash conversion rate. For this reason, I'll probably move back to google (even though scour searches google, searching on google itself lets me have more than one page of results )
-
Google Releases Browser Aka Chrome Beta release
Nabb replied to dimumurray's topic in Search Engines
Looks great.Love the default page - it'll make browsing a lot easier! The fact that pages are in full screen by default is a great addition too! Only complaint at the moment is that I can't press the middle mouse button and move down the mouse to scroll, but if it's a bug it should be fixed soon? -
A few things to note regarding passwords: Generally bruteforce attempts are done locally on stolen hashes. Web servers should lock out users who repeatedly fail login attempts (or at least hinder them, for example by forcing them to answer a CAPTCHA on each login attempt like gmail). This means that your password is safe unless the database of the website is compromised - in which case a hacker would only have a password hash. (Assuming they didn't store your password as plaintext!!) Common hashes (e.g. MD5, SHA-1) can be bruteforced extremely fast - at millions of tests a second on a regular computer. There exists wordlists of many thousands of words and common passwords, these would be tested first! This means that having a password of 1234567890 or qwertyuiop is going to be unsafe, even though they are both 10 digits long.. There are only about 95 (don't know the number off the top of my head) usable characters in the first 128 ASCII characters, so counting the other 30 in calculations is probably useless... However, having a password like 2²=4 using characters which are in the second half of the ASCII table would greatly increase security - well at least if it's lengthy! 2³²=4294967296 would make a great password... Keep in mind that someone trying to bruteforce a password does not know what character types are in it.
-
Are You Part Of The 2% Or The 98%? mind guessing game
Nabb replied to ChristmasTree's topic in General Discussion
I chose the number pi. It didn't work properly =| Maybe if it was requested that we chose a integer. In which case the first few steps can be condensed to 'Think of the letter D.' -
It's not that much of an issue for me, unless it's causing the forum downtimes o_oThe only annoying thing about it is that I need to shout a message if I want to check how long ago the last message was - I suppose now that I know it's 39 minutes fast I won't need to do this anymore!
-
The name doesn't really bother me.However one guy didn't want to visit my page because it had trap it the url =|Something that's been bothering me for a while: Does anyone know if 'Xisto' was meant to mean 'TrapIt', seeing as the name was of a gaming place, and so the name could likely be using some form of leetspeak?
-
I suggest that you upgrade to phpBB3. You can set the 'difficulty' of the CAPTCHA from the admin control panel there, and you can make it harder if it's being bypassed. IP banning would be a good idea also. A quick google revealed an anti-bot script here: http://www.phpbbhacks.com/download/8475 - there's probably an installation file to guide you through the installation (for phpBB3 - if you intend to stick to phpBB2, then you'll have to find your own! Also I can't guarantee that the script works, seeing as I haven't tried it..) Lastly, it's probably not a good idea to pass out your cPanel login info - if someone decides to delete all your files, there isn't much you can do.
-
Suggestions For Version 3 Of The Credit System
Nabb replied to Saint_Michael's topic in Web Hosting Support
10 credits for your first birthday, 10 credits for your second, and -51 for your third :)To anyone who falls for the trap - LOL! -
Surf Internet Without Opening It. Useful For School How-to
Nabb replied to miikerocks's topic in General Discussion
At my school, they charge us for internet.. Even if we get pass the filters and are watching youtube videos, there's still a monetary charge that we incur. (Unless you get one of those half-broken wireless certificates that lets your own laptop use free internet!)I personally don't see the benefits of using a help browser - if you're monitored, having a notepad help browser would surely arouse suspicion - especially if they see what you're browsing :)Unless IE is blocked, there's no reason to be using this - you'll probably need to close it if someone is walking by, and IE is a better browser than the help window of notepad! (Actually, try portable firefox (could you ghostfox with portable firefox?) or portable opera on a usb - you might need to configure the proxy settings though). Also, you could probably copy iexplore.exe and rename it to allow access - worked with minesweeper at my school o_o -
Sorry for any confusion, that's my sub-domain and it was to check if he was under an IP ban - (some bad login attempts when I was first hosted led to this - I couldn't see any Xisto pages aside from http://forums.xisto.com/, so I figured if Accure couldn't see my sub-domain, then he would be under an IP ban also.) (which I guessed from:) edit) No I'm not banned any more, the also makes it a bit ambiguous I think..