Thursday 26 May 2011
Wednesday 11 May 2011
MYSQL
MYSQL Injection
SQL injection is yet another common vulnerability that is the result of lax input validation.
example SQL Injection Attack
<?php // We didn't check $_POST['password'], it could be anything the user wanted! For example: $_POST['username'] = 'aidan';$_POST['password'] = "' OR ''='";
// Query database to check if there are any matching users $query = "SELECT * FROM users WHERE user='{$_POST['username']}' AND password='{$_POST['password']}'";mysql_query($query);
// This means the query sent to MySQL would be: echo $query; ?>The query sent to MySQL:
SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''
This would allow anyone to log in without a valid password.
The correct way to do it to prevent database attack:
<?php
function check_input($value){
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
// Make a safe SQL
$user = check_input($_POST['user']);Sunday 3 April 2011
Download and unzip the WordPress package from Download wordpress
1. Log in to your cPanel.
2. Click MySQL Database Wizard icon under the Databases section.
3. In Step 1. Create a Database enter the database name and click Next Step.
4. In Step 2. Create Database Users enter the database user name and the password. Make sure to use a strong password. Click Create User.
5. In Step 3. Add User to Database click the All Privileges checkbox and click Next Step.
6. In Step 4. Complete the task note the database name and user. Write down the values of hostname, username, databasename, and the password you chose. (Note that hostname will usually be localhost.)
1. Log in to your cPanel.
2. Click MySQL Database Wizard icon under the Databases section.
3. In Step 1. Create a Database enter the database name and click Next Step.
4. In Step 2. Create Database Users enter the database user name and the password. Make sure to use a strong password. Click Create User.
5. In Step 3. Add User to Database click the All Privileges checkbox and click Next Step.
6. In Step 4. Complete the task note the database name and user. Write down the values of hostname, username, databasename, and the password you chose. (Note that hostname will usually be localhost.)
Thursday 31 March 2011
get_bloginfo()
The get_bloginfo() function returns information about your site which can then be used elsewhere in your PHP code. This function, as well as bloginfo(), can also be used to display your site information.
* 'name' - Returns the 'Site Title' set in Settings > General. This data is retrieved from the 'blogname' record in the wp_options table.
* 'description' - Returns the 'Tagline' set in Settings > General. This data is retrieved from the 'blogdescription' record in the wp_options table.
* 'wpurl' / 'siteurl' - Returns the 'WordPress address (URI)' set in Settings > General. This data is retrieved from the 'siteurl' record in the wp_options table. Consider using site_url() instead.
* 'url' / 'home' - Returns the 'Site address (URI)' set in Settings > General. This data is retrieved from the '????' record in the wp_options table. Consider using home_url() instead.
* 'admin_email' - Returns the 'E-mail address' set in Settings > General. This data is retrieved from the 'admin_email' record in the wp_options table.
* 'charset' - Returns the 'Encoding for pages and feeds' set in Settings > Reading. This data is retrieved from the 'blog_charset' record in the wp_options table.
* 'version' - Returns the WordPress Version you use. This data is retrieved from the '$wp_version' variable set in wp-includes/version.php.
* 'html_type' - Returns the Content-Type of WordPress HTML pages (default: text/html). This data is retrieved from the 'html_type' record in the wp_options table. Themes and plugins can override the default value using the pre_option_html_type filter.
* 'text_direction' - Returns the Text Direction of WordPress HTML pages. Consider using is_rtl() instead.
* 'language' - Returns the language of WordPress.
* 'stylesheet_url' - Returns the primary CSS (usually style.css) file URL of the active theme. Consider using get_stylesheet_uri() instead.
* 'stylesheet_directory' - Returns the stylesheet directory URL of the active theme. (Was a local path in earlier WordPress versions.) Consider using get_stylesheet_directory_uri() instead.
* 'template_url' / 'template_directory' - URL of the active theme's directory ('template_directory' was a local path before 2.6; see get_theme_root() and get_template() for hackish alternatives.) Within child themes, both get_bloginfo('template_url') and get_template() will return the parent theme directory. Consider using get_template_directory_uri() instead (for the parent template directory) or get_stylesheet_directory_uri() (for the child template directory).
* 'pingback_url' - Returns the Pingback XML-RPC file URL (xmlrpc.php).
* 'atom_url' - Returns the Atom feed URL (/feed/atom).
* 'rdf_url' - Returns the RDF/RSS 1.0 feed URL (/feed/rfd).
* 'rss_url' - Returns the RSS 0.92 feed URL (/feed/rss).
* 'rss2_url' - Returns the RSS 2.0 feed URL (/feed).
* 'comments_atom_url' - Returns the comments Atom feed URL (/comments/feed).
* 'comments_rss2_url' - Returns the comments RSS 2.0 feed URL (/comments/feed).
$filter
(string) (Optional) Keyword specifying how to filter what is retrivied.
Default: raw
Note that directory URLs are missing trailing slashes
admin_email = admin@example
atom_url = http://example/home/feed/atom
charset = UTF-8
comments_atom_url = http://example/home/comments/feed/atom
comments_rss2_url = http://example/home/comments/feed
description = Just another WordPress blog
home = http://example/home
html_type = text/html
language = en-US
name = Testpilot
pingback_url = http://example/home/wp/xmlrpc.php
rdf_url = http://example/home/feed/rdf
rss2_url = http://example/home/feed
rss_url = http://example/home/feed/rss
siteurl = http://example/home
stylesheet_directory = http://example/home/wp/wp-content/themes/largo
stylesheet_url = http://example/home/wp/wp-content/themes/largo/style.css
template_directory = http://example/home/wp/wp-content/themes/largo
template_url = http://example/home/wp/wp-content/themes/largo
text_direction = ltr
url = http://example/home
version = 2.7
wpurl = http://example/home/wp
$show
(string) (Optional) Keyword naming the information you want.Default: name
* 'name' - Returns the 'Site Title' set in Settings > General. This data is retrieved from the 'blogname' record in the wp_options table.
* 'description' - Returns the 'Tagline' set in Settings > General. This data is retrieved from the 'blogdescription' record in the wp_options table.
* 'wpurl' / 'siteurl' - Returns the 'WordPress address (URI)' set in Settings > General. This data is retrieved from the 'siteurl' record in the wp_options table. Consider using site_url() instead.
* 'url' / 'home' - Returns the 'Site address (URI)' set in Settings > General. This data is retrieved from the '????' record in the wp_options table. Consider using home_url() instead.
* 'admin_email' - Returns the 'E-mail address' set in Settings > General. This data is retrieved from the 'admin_email' record in the wp_options table.
* 'charset' - Returns the 'Encoding for pages and feeds' set in Settings > Reading. This data is retrieved from the 'blog_charset' record in the wp_options table.
* 'version' - Returns the WordPress Version you use. This data is retrieved from the '$wp_version' variable set in wp-includes/version.php.
* 'html_type' - Returns the Content-Type of WordPress HTML pages (default: text/html). This data is retrieved from the 'html_type' record in the wp_options table. Themes and plugins can override the default value using the pre_option_html_type filter.
* 'text_direction' - Returns the Text Direction of WordPress HTML pages. Consider using is_rtl() instead.
* 'language' - Returns the language of WordPress.
* 'stylesheet_url' - Returns the primary CSS (usually style.css) file URL of the active theme. Consider using get_stylesheet_uri() instead.
* 'stylesheet_directory' - Returns the stylesheet directory URL of the active theme. (Was a local path in earlier WordPress versions.) Consider using get_stylesheet_directory_uri() instead.
* 'template_url' / 'template_directory' - URL of the active theme's directory ('template_directory' was a local path before 2.6; see get_theme_root() and get_template() for hackish alternatives.) Within child themes, both get_bloginfo('template_url') and get_template() will return the parent theme directory. Consider using get_template_directory_uri() instead (for the parent template directory) or get_stylesheet_directory_uri() (for the child template directory).
* 'pingback_url' - Returns the Pingback XML-RPC file URL (xmlrpc.php).
* 'atom_url' - Returns the Atom feed URL (/feed/atom).
* 'rdf_url' - Returns the RDF/RSS 1.0 feed URL (/feed/rfd).
* 'rss_url' - Returns the RSS 0.92 feed URL (/feed/rss).
* 'rss2_url' - Returns the RSS 2.0 feed URL (/feed).
* 'comments_atom_url' - Returns the comments Atom feed URL (/comments/feed).
* 'comments_rss2_url' - Returns the comments RSS 2.0 feed URL (/comments/feed).
$filter
(string) (Optional) Keyword specifying how to filter what is retrivied.
Default: raw
Note that directory URLs are missing trailing slashes
admin_email = admin@example
atom_url = http://example/home/feed/atom
charset = UTF-8
comments_atom_url = http://example/home/comments/feed/atom
comments_rss2_url = http://example/home/comments/feed
description = Just another WordPress blog
home = http://example/home
html_type = text/html
language = en-US
name = Testpilot
pingback_url = http://example/home/wp/xmlrpc.php
rdf_url = http://example/home/feed/rdf
rss2_url = http://example/home/feed
rss_url = http://example/home/feed/rss
siteurl = http://example/home
stylesheet_directory = http://example/home/wp/wp-content/themes/largo
stylesheet_url = http://example/home/wp/wp-content/themes/largo/style.css
template_directory = http://example/home/wp/wp-content/themes/largo
template_url = http://example/home/wp/wp-content/themes/largo
text_direction = ltr
url = http://example/home
version = 2.7
wpurl = http://example/home/wp
Thursday 27 January 2011
Send email from my localhost wamp server.
| 1 | Download PHPMailer from http://phpmailer.sourceforge.net | |||||||
| 2 | Extract to folder phpmailer | |||||||
| 3 4 5 6 | Create a file email.php Paste this code and change the values in blue as you need (I modified the sample code given on the PHPMailer homepage) NOTE: Change all XXX as your user name and YYY as your password. include_once("phpmailer.class.php"); $mail = new PHPMailer(); $mail->IsSMTP(); // enable SMTP authentication $mail->SMTPAuth = true; // sets the prefix to the server $mail->SMTPSecure = "ssl"; // sets GMAIL as the SMTP server $mail->Host = "smtp.gmail.com"; // set the SMTP port $mail->Port = "465"; // GMAIL username $mail->Username = "XXX@gmail.com"; // GMAIL password $mail->Password = "YYY"; $mail->From = "email address who send the email"; $mail->FromName = "rajmaha"; $mail->AddReplyTo("startwpnow@gmail.com", "name to reply"); $mail->Subject = "Test Gmail!"; $is_your_mail_an_html = ""; $text_message = "hai"; if($is_your_mail_an_html){ $mail->MsgHTML($html_message); $mail->IsHTML(true); }else{ $mail->Body = $text_message; $mail->IsHTML(false); } $mail->AddAddress("startwpnow@gmail.com", "to name"); if(!$mail->Send()){ echo $mail->ErrorInfo; }else{ $mail->ClearAddresses(); $mail->ClearAttachments(); } NOTE: don't forget to include the "phpmailer.class.php" and "class.smtp.php". Unable to find the socket transport “ssl” - did you forget to enable it when you configured PHP? Here is the solution to the above problem, uncommented the line in php.ini ;extension=php_openssl.dll php.ini files location C:\wamp\bin\php\php5.3.5\php.ini C:\wamp\bin\apache\Apache2.2.17\bin\php.ini Question? Answer: startwpnow@gmail.com |
Subscribe to:
Posts (Atom)