RE: [PHP] Secure vs httpOnly cookie flag: is one better?

2011-08-16 Thread Jen Rasmussen
Andrew, Wow, copied and pasted in the wrong link ...no wonder it made no sense - WHOOPS!! The correct link is: http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-14609 Below are the methods I WAS working with (similar to your recommendation last week

Re: [PHP] Secure vs httpOnly cookie flag: is one better?

2011-08-16 Thread Andrew Ballard
On Tue, Aug 16, 2011 at 1:01 PM, Jen Rasmussen wrote: > Thank you in advance for your input on my question here . > > > > I am currently running PHP 5.1.6 and would prefer to set both the secure and > httpOnly flags for a session cookie, > > however, httpOnly is not added until PHP 5.2. I have fou

Re: [PHP] (Kinda sorta) PHP related: recovering lost passwords

2011-08-16 Thread James Colannino
On 08/16/11 02:08, Richard Quadling wrote: > Take a look at https://code.google.com/p/loginsystem-rd/ > > Whilst it is just a login system, the techniques here could be adapted > and probably learned from (if you are new to security). Ah, that looks interesting. Thanks for the link! James --

[PHP] Secure vs httpOnly cookie flag: is one better?

2011-08-16 Thread Jen Rasmussen
Thank you in advance for your input on my question here . I am currently running PHP 5.1.6 and would prefer to set both the secure and httpOnly flags for a session cookie, however, httpOnly is not added until PHP 5.2. I have found an elegant way to set it ( courtesy of : http://www.youtube.co

Re: [PHP] (Kinda sorta) PHP related: recovering lost passwords

2011-08-16 Thread James Colannino
On 08/16/11 01:30, Lester Caine wrote: > All the good sites simply don't have that capability ... > Much safer rather than 'recovering' a password is to identify the user, > and send them a temporary password which they have to change when they > log in. This way nobody is allowed access existing

Re: [PHP] Why count() returns no error when string is given ?

2011-08-16 Thread Florian Lemaitre
Le 16/08/2011 16:50, rs...@live.com a écrit : Hello Florian, Tuesday, August 16, 2011, 4:32:39 PM, you wrote: manual : function.count.php "Returns the number of elements in/var/. If/var/is not an array or an object with implementedCountable int

Re: [PHP] Why count() returns no error when string is given ?

2011-08-16 Thread rsk82
Hello Florian, Tuesday, August 16, 2011, 4:32:39 PM, you wrote: > manual : function.count.php > "Returns the number of elements in/var/. If/var/is not an array or an > object with implementedCountable > interface,/1/will be > returned. There is

Re: [PHP] Why count() returns no error when string is given ?

2011-08-16 Thread Florian Lemaitre
Le 16/08/2011 16:32, Florian Lemaitre a écrit : Le 16/08/2011 16:29, rs...@live.com a écrit : For example when I do: strlen(array(1,2,3)); php shows: Warning: strlen() expects parameter 1 to be string, array given in... but when I do: count('string'); It simply returns 1 like nothing

Re: [PHP] Why count() returns no error when string is given ?

2011-08-16 Thread Florian Lemaitre
Le 16/08/2011 16:29, rs...@live.com a écrit : For example when I do: strlen(array(1,2,3)); php shows: Warning: strlen() expects parameter 1 to be string, array given in... but when I do: count('string'); It simply returns 1 like nothing happened. I would expect such behavior if I write

[PHP] Why count() returns no error when string is given ?

2011-08-16 Thread rsk82
For example when I do: strlen(array(1,2,3)); php shows: Warning: strlen() expects parameter 1 to be string, array given in... but when I do: count('string'); It simply returns 1 like nothing happened. I would expect such behavior if I write: count((array)'string') but otherwise such be

Re: [PHP] (Kinda sorta) PHP related: recovering lost passwords

2011-08-16 Thread Bastien
On 2011-08-16, at 5:08 AM, Richard Quadling wrote: > On 16 August 2011 09:14, James Colannino wrote: >> Hi everyone, >> >> I don't post all that often, so I hope my (mildly) off-topic question >> won't be too unwelcome... Keep in mind that I'm still pretty new when >> it comes to security, s

Re: [PHP] Newbie question. What is the best structure of a php-app?

2011-08-16 Thread Richard Quadling
On 16 August 2011 09:53, Dajka Tamás wrote: > Hi, > > Surely there's a wiki/doc somewhere :) > > But for the start: > > 1) plan what exactly you want to accomplish ( functionality ) > 2) complexity >        - if simple, just throw it in one php ( like index.php ) >        - if more complex, you ca

Re: [PHP] (Kinda sorta) PHP related: recovering lost passwords

2011-08-16 Thread Richard Quadling
On 16 August 2011 09:14, James Colannino wrote: > Hi everyone, > > I don't post all that often, so I hope my (mildly) off-topic question > won't be too unwelcome...  Keep in mind that I'm still pretty new when > it comes to security, so what I propose may or may not sound incredibly > dumb (you ha

RE: [PHP] Newbie question. What is the best structure of a php-app?

2011-08-16 Thread Dajka Tamás
Hi, Surely there's a wiki/doc somewhere :) But for the start: 1) plan what exactly you want to accomplish ( functionality ) 2) complexity - if simple, just throw it in one php ( like index.php ) - if more complex, you can separate the pages and/or use classes 3) based on 2), plan

Re: [PHP] (Kinda sorta) PHP related: recovering lost passwords

2011-08-16 Thread Lester Caine
James Colannino wrote: If it matches the unencrypted version stored in the database, you know you have the correct answer, and use it to decrypt the user's password and send it to the email the user has setup for their account. All the good sites simply don't have that capability ... Much safer

[PHP] (Kinda sorta) PHP related: recovering lost passwords

2011-08-16 Thread James Colannino
Hi everyone, I don't post all that often, so I hope my (mildly) off-topic question won't be too unwelcome... Keep in mind that I'm still pretty new when it comes to security, so what I propose may or may not sound incredibly dumb (you have been warned! :-P) I'm working on a project in PHP, a toy