TutorialNinja Logo
Forgot PasswordRegister
PHP - User System 79 PHP 57 Visual Basic 15 Javascript 13
Adobe Fireworks 1 Adobe Photoshop 10 Adobe Illustrator 0 Adobe InDesign 0 Gimp 0
C/C++ 3 Python 0 Visual Basic 15 Visual C# 1
Adobe Dreamweaver 0 Adobe Muse 0 ASP.net 0 .htaccess 6 CSS 5 Perl 0 PHP 57 PHP - User System 79 HTML 11 Java 0 Javascript 13 Ruby on Rails 0 General Web Development 4
CentOS 3 Debian 0 Ubuntu 0 Macintosh 0 Windows 7 Unraid 1
Adobe After Effect 0 Adobe Audition 0 Adobe Premiere 0 Final Cut 0 FruityLoops 0 iMovie 0 Windows Movie Maker 0
Apple Swift 0
Arduino 0 Raspberry Pi 1
ChatGPT 1
Site Statistics
Total Members
523
Total Tutorials
235
Newest User
jonyoyo
Todays Guests
307
0 Users 46 Guests Online

User System Tips


In this tutorial you will learn a few different things that you can use to protect your user system from being attacked by hackers.

First Tip:

You can change your file endings with a simple line in your .htaccess file wether you want the file ending to be .lol or something random like .abc123

So, open up you .htaccess and add this line:
PHP Code 
  1. application/x-httpd-php .abc123


This would allow you to do as i said, make file with the ending of .abc123

By using this you could save yourself from fopen attempts from other web servers and what-not because the file would be harder to guess.

Second Tip:

Config files are usually a prime target because users tend to just copy and paste coding with common variables such as $user or $pass.

One way to make them mharder to guess is by defining such as in the script below:
PHP Code 
  1. <?php
  2. define("HOST", "localhost"); //the defined variable of host
  3. define("USER", "root"); //your database username
  4. define("PASS", ""); //the database password
  5. define("DATA", "testdatabase"); //finally the database
  6.  
  7. $error = "<html><head><title>Error</title>
  8.     		   <style>P,BODY{ font-family:arial,sans-serif; font-size:11px; }</style></head><body>
  9.     		   &nbsp;<br><br><blockquote><b>There appears to be an error with the database.</b><br>
  10.  
  11.     		   You can try to refresh the page by clicking <a href=\"javascript:window.location=window.location;\">here</a>.<br></body></html>"; //error to be used
  12.  
  13. @mysql_connect(HOST, USER, PASS) or die($error); //connect or die with the error above.
  14. @mysql_select_db(DATA) or die($error); //select DB or die with above error
  15. ?>


You should change the defined variable to something harder.
Note: if dashes are in the name you will get an error.

Third Tip:

Using simple encryption methods such as just one md5:
PHP Code 
  1. <?
  2. $pw = md5($_POST[pass]);
  3. ?>

Website such as milw0rm and programs such as Cain And Abel are able to crack these thus revealing your password to the hacker.

Using methods with more than one md5 or sha1 process may greatly increase security.
you could use something like:
PHP Code 
  1. <?php
  2. function secure($var){
  3. 	$s1 = md5(md5(md5(md5(md5($var))))); //lets md5 the pass
  4. 	$s2 = sha1(sha1(sha1(sha1(sha1($var))))); //lets sha1 the password
  5. 	$makeone = "!-$s1-$s2-!"; //compile both for a longer password
  6. 	$secure = sha1(md5($makeone)); //make the makeone variable safer
  7. return $secure; //return the secure password
  8. }
  9. ?>


This could safe your usersystem due to the effect if the said hacker knows what to do and wishes to waste time on decoding about 10+ md5/sha1 passwords then they may if not, they might just leave your site alone.

User System Start: User System Part 1
ShadowMage's Avatar
Author:
Views:
4,736
Rating:
Posted on Sunday 22nd February 2009 at 12:36 PM
lajevardi
lajevardi's Avatar
use the code below on the first tip:
<code>
<IfModule mod_mime.c>
AddType application/x-httpd-php .py
</IfModule>
</code>
Posted on Tuesday 15th January 2008 at 06:14 PM
Agw2012
Agw2012's Avatar
Good Job ;)
Better Than The Old Database Error :)
Posted on Friday 18th May 2007 at 09:19 PM
cyruswu
cyruswu's Avatar
Good job!