User System Tips
In this tutorial you will learn a few different things that you can use to protect your user system from being attacked by hackers.
First Tip:
You can change your file endings with a simple line in your .htaccess file wether you want the file ending to be .lol or something random like .abc123
So, open up you .htaccess and add this line:
Code
application/x-httpd-php .abc123
This would allow you to do as i said, make file with the ending of .abc123
By using this you could save yourself from fopen attempts from other web servers and what-not because the file would be harder to guess.
Second Tip:
Config files are usually a prime target because users tend to just copy and paste coding with common variables such as $user or $pass.
One way to make them mharder to guess is by defining such as in the script below:
PHP Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<?php
define("HOST", "localhost"); //the defined variable of host
define("USER", "root"); //your database username
define("PASS", ""); //the database password
define("DATA", "testdatabase"); //finally the database
$error = "<html><head><title>Error</title>
<style>P,BODY{ font-family:arial,sans-serif; font-size:11px; }</style></head><body>
<br><br><blockquote><b>There appears to be an error with the database.</b><br>
You can try to refresh the page by clicking <a href=\"javascript:window.location=window.location;\">here</a>.<br></body></html>"; //error to be used
@mysql_connect(HOST, USER, PASS) or die($error); //connect or die with the error above.
@mysql_select_db(DATA) or die($error); //select DB or die with above error
?>
You should change the defined variable to something harder.
Note: if dashes are in the name you will get an error.
Third Tip:
Using simple encryption methods such as just one md5:
PHP Code
<?
$pw = md5($_POST[pass]);
?>
Website such as milw0rm and programs such as Cain And Abel are able to crack these thus revealing your password to the hacker.
Using methods with more than one md5 or sha1 process may greatly increase security.
you could use something like:
PHP Code
<?php
function secure($var){
$s1 = md5(md5(md5(md5(md5($var))))); //lets md5 the pass
$s2 = sha1(sha1(sha1(sha1(sha1($var))))); //lets sha1 the password
$makeone = "!-$s1-$s2-!"; //compile both for a longer password
$secure = sha1(md5($makeone)); //make the makeone variable safer
return $secure; //return the secure password
}
?>
This could safe your usersystem due to the effect if the said hacker knows what to do and wishes to waste time on decoding about 10+ md5/sha1 passwords then they may if not, they might just leave your site alone.
User System Start:
User System Part 1