Folks,



Apart from Bootstrap (Twitter stuff), do you know of any free Mobile Responsive Design templates ?

I got a pagination page. I need to convert that to Mobile responsive Design. Searching for a template so I can learn from it and convert my pagination page so it looks good on mobile phone browsers too as now it looks terrible as you need to scroll and the texts look too small, etc.

Hence, need a Mobile Responsive Pagination page template.

Also need Account Login, Account Registration Page (web forms), Account Home Page Mobile Responsive Design templates.

Must be in Html 5 and CSS.



I am googling but no real luck.


Any advice ?



Thanks

Php Folks,

I want to allow my website members to login to their accounts and upload files to my server so other members can view them. Files such as text files, image files, audio files and video files. But not program files or executable files.
Now, what features must my File Upload Form have ?
I need a complete list of Php features it must have. I need you to give me a complete list of Php Functions the File Upload Form must make use of.
Kindly list as many Php features and functions you can think of that my File Upload Form must have in order for it to be a Secure File Upload Form so no one can upload malicious files (virus, programs, etc.).
I am going to get the File Upload Form developed by a paid programmer. I need to give the programmer a list of features the File Upload Form must have. Here is my list of REQUIREMENTS so far:

REQUIREMENT 1:
Add filters and sanitizations so malicious files cannot be uploaded. Nor can sql injections can be made.

REQUIREMENT 2:
Only file types from White-List should be uploaded. Any File Types not listed on this White-List should be discarded and not uploaded. Error should be given that this type of file is not allowed to be uploaded.

REQUIREMENT 3:
Uploaded File should not be more than 100MB. Echo error if File Sizes exceed limit & halt script.
MUST check File Size with function: file_size():
https://www.php.net/manual/en/function.filesize.php

REQUIREMENT 4:
Set a maximum name length and maximum file size – Make sure to set a maximum name length and file size in order to prevent a Denial of Service attack.
If you do not know what I am talking about then read number "6" on the following link:
https://www.opswat.com/blog/file-upload-protection-best-practices

REQUIREMENT 5:
MUST make use php of function getimagesize() for security purpose.
https://www.php.net/manual/en/function.getimagesize.php

REQUIREMENT 6:
Write to the file when you store it to include a header that makes it non-executable.
If you do not understand what I am talking about then read the line on the following link that comes just after the CONCLUSION section.
https://www.wordfence.com/learn/how-to-prevent-file-upload-vulnerabilities/

REQUIREMENT 7:
MUST STORE all errors and DISPLAY all errors using traditional:
"Errors[] = "";.
On my script, fix my error coding mistakes related to the following format as I have no clue how to fix all that to store errors and display them.
"Errors[] = "";.

REQUIREMENT 8:
To detect File Details, should use php functions:
file_info() & mime_content_type():
https://www.php.net/manual/en/function.finfo-file.php
https://www.php.net/manual/en/function.mime-content-type.php
Script Files (executable files) should not be uploadable. Only text files (.txt, .doc, .pdf, etc.), image files (.giff, .jpeg, etc.), audio files (.mp3, etc.) and video files (.mp4, .wav, etc.).

REQUIREMENT 9:
Script should check whether file upload was successful or not.
MUST check with upload with function: is_uploaded_file().
http://php.net/manual/en/function.is-uploaded-file.php
NOTE: After the check, user must get notified whether file has been uploaded successfully or not.

END OF REQUIREMENTS

Q2.
Should I get the programmer to add security features from other languages ? Currently, all my REQUIREMENTS revolve around Php as that is the only programming language I am learning. I do not have experience in any other languages. Server-side or Client-side.
Now, do you reckon I should get the programmer to add security features on Client-side ? If so, program in which language and make use of which functions from that language ? Can you give me a complete list ?

Q3. For security purpose, should I even bother getting the programmer to turn the current File Upload Form into an Ajax form ?

Q4. For security purpose, should I even bother getting the programmer to add Json or Jscript ? Are they really necessary ?
If so, which features and functions must be used to make the File Upload Form more secure ?
(I was just youtubing to learn more about Ajax and what is Json or Jquery and so I am very raw in these 3 fields. Hence, need your advice whether of these 3 should be added or not and what features and/or functions must be added from them 3).

Q5. Which language was used to build youtube you reckon and which of the functions were used from the language/s, you reckon ?

Q6. If you were in my position then which languages would you make use of and which functions and features of these languages would you make use of ? I need your complete list.

Thanks

Well, sounds like you use a share plan with your hoster (multiple paying users on one actual server). This is a common setup and for most intents and purposes also ok. Only when having lots of traffic you should consider a dedicated plan. Costs of those are much higher.

Anyway, the webserver software on your server is also shared. That limits the configuration options available to you. Your tech correctly points this out.

The articles you were reading assume you have complete control over every aspect of your webserver. Which is not true in your case, so the plan of your tech sounds reasonable to me.

You shouldn't play with the .htaccess file, unless you know what you are doing. While working with the Apache web server isn't that difficult, I would not call it easy. You need a good understanding of all the terminology and the concepts to make it work properly. A mistake is easily made and results in a mess and/or insecure website.

Your tech is also right about not blocking on IP address level, but on country codes. IP v4 addresses are running out on most continents. In the beginning it was pretty easy to block content from certain regions as you could make educated guesses about which block of IP addresses were assigned to which continent. The companies that handle the distribution of IP addresses have been swapping IP blocks amongst themselves as the need arose. Nowadays it is not that easy anymore to use IP addresses to block users from specific countries anymore.

So, the suggestion about using the country code to check against a country database for granting access sounds reasonable again.

-Shades (April 19, 2019, 01:15 PM)

Thanks Shade!

Then I guess the technician was telling the truth when he said to trust him and he knows what he's talking about and had 2 hosting companies in the past.
Now the problem is, I just got an email from fiverr.com tht they have shut down my free account (buyer account)! Would have been better if they had shut it down after I buy the $10 gig! Fiverr say I opened 2 accounts. Well, I did open a business account about 2.5yrs back and saw I was not getting any sales and then forgot about the account. And opened a buyers account few days ago. That first account should have been shut down by now for not logging in all this time. I believe if I open another account using another email then I'd get caught again. I did open the 2 accs with 2 different emails but they still sniffed me out. Do you have an idea how they did that apart from saying cookie tracking because I do delete my cookies every now and then. Mac address, I believe.
Now got to hunt for fiverr.com alternatives and hope I'll find another technician for around $10 Or better $5. :)