php
How to implement a secure session management system in PHP (and generally)?
Developers, especially unexperienced PHP developers, have a tendency to not care much care about security-related issues. This is true for the problem of secure sessions, too - and the reason why attackers of a certain website or service can easily hijack sessions to get access to data, which they should not have access to.
Because HTTP is a stateless protocol, sessions are required to identify a certain client on multiple requests. In PHP this identification is done via "session IDs", which are exchanged by the client and the webserver on each request (the session ID may be stored as a Cookie, in the URL or hidden field). The server stores the session ID locally to identify a certain client if the session ID is available in a certain request.
If an attacker is able to steal the session ID of a certain client, the server will "think", that the attacker is the client. As a result, the attacker will be able to do everything, the client is allowed to do.
How do I implement a session management system in PHP (and generally), which is more secure and more protected against "session hijacking" attempts?
Taggings:
Create a simple manageable website for a village assiciation
The main requirement was that in the end, it should be possible for a person without programming experience to provide content and photos on the website.
I come to the conclusion that Wordpress is an alternative. I installed a web server and a MySQL database and tried it out first. After a few adjustments and additions coded in PHP, I showed it to my client. He agreed with it. The biggest benefit of Wordpress is that it takes no programming experience to the user. The last step was to register a free web space and a domain.
Providing data using Views-Module, creating module to access it.
There exists a Drupal-Module called Views. It is available for Drupal 5 through 7. It is able to output a site's data in XML (or RSS) format. That way a machine-readable format of the first site's data can be created.
For the other site a Drupal Module could be created that reads the XML file and formats it for output the way desired.
Taggings:
geocoding challenge in php
i have two addresses which i can quite easily display within a google map i integrated into my web application. now i would like to calculate the distance of the two addresses. is there any service easily to use which returns the distance i am looking for or i can use to find out if the second address is within a given range from the first one?
Taggings:
Wiener Linien API
The challenge was to get a public transport route, by sending time, date, start and destination address. The problem was solved by using the "Wiener Linien API" (http://akirk.github.com/Wiener-Linien-API/). The PHP-Code sends a XML-request with all details of the appointment and get a XML-respond with the transport connection.
For building a request the PHP-function "buildRequest()" can be used.
The following example illustrates a query from "Seckendorfstrasse 4" to "Wiedner Hauptstr. 8":
$params = array();
$params["outputCoords"] = "WGS84";
$params["from"] = "Seckendorfstrasse 4";
$params["to"] = "Wiedner Hauptstr. 8";
$params["year"] = "2011";
$params["month"] = "12";
$params["day"] = "14";
$params["hour"] = "17";
$params["minute"] = "00";
$params["deparr"] = "arr";
$params["modality"] = "pt";
$params["sourceFrom"] = "gps";
$params["sourceTo"] = "stoplist";
$req = buildRequest("api_get_route", $params);
Afterwards, the XML-request must be sent to the following webservice: http://webservice.qando.at/2.0/webservice.ft.
$response = httpPost("http://webservice.qando.at/2.0/webservice.ft", $req);
Finally, the XML-response must be load into a Document Object Model (DOM). A DOM presents an XML document as a tree-structure, which makes it easy to interpret and evaluate the local public transport route.
$dom = new DOMDocument();
$dom->formatOutput = true;
$dom->preserveWhiteSpace = false;
$dom->loadXML($response);
The complete DOMDocument manual is available on the website: http://php.net/manual/de/class.domdocument.php.
To print out the XML-response of the public transport route, use the following PHP-code:
echo "Response: " .$dom->saveXML(). "";
Display a local public transport route by using the Wiener Linien API
The core problem of this challenge is the proper formulation (encoding) of the request and the correct interpretation (decoding) of the server-response.
Another problem is the sending and the receiving of the XML-files with a server-side scripting language such as PHP.
PHP mail() Function
The problem was solved by the creation of the PHP mail()-function.
Programmers have to include the receiver or receivers, subject, message, header (From, Cc, and Bcc) and optional parameter of the eMail.
The syntax of the mail()-function is mail(to,subject,message,headers,parameters).
For an example, see "Screenshot PHP Mail-Function" or the following code-snippet:
<?php
$to = "somebody@example.com";
$subject = "test subject";
$txt = "Hello world!";
$headers = "From: from@example.com" . "\r\n" .
"CC: cc@example.com";
mail($to,$subject,$txt,$headers);
?>
Taggings:
How to send an eMail via PHP?
The core problem of this challenge is to find an existing PHP-function, which enables a programmer to send an eMail. Furthermore, the correct syntax and the required data of the mail-function is an essential problem.
Taggings:
Using xampp with Windows 7 64 Bit
Xampp that I normally use for creating PHP-sites didn't worked at this computer with a 64 bit Windows 7. The Problem is that I needed it to make some changes in the source of a php-site and this with that new computer. First I had to install xampp which I did, but it didn't worked.
Automatic upload - Eclipse - FTP server
Eclipse is an IDE for implementation of applications in different programming languages.
During the programing of an PHP web application it must be first deployed to the server in order to run it. It is possible to configure Eclipse to run a PHP program on local server, but sometimes it is necessary to implement the program locally and run it on a remote web server (because of the tweaking of the application or other reasons).
We want to make the process of uploading of the PHP files to the appropriate folder on the remote FTP server automatic. The particular file should be uploaded after each save on the local disk.
Pages
