Topics - The Code Queryer [ switch to compact view ]

Pages: [1] 2 3next
1
General Software Discussion / Mobile Responsive Templates Design Advice From You!
« on: May 09, 2019, 01:14 PM »
Folks,



Apart from Bootstrap (Twitter stuff), do you know of any free Mobile Responsive Design templates ?

I got a pagination page. I need to convert that to Mobile responsive Design. Searching for a template so I can learn from it and convert my pagination page so it looks good on mobile phone browsers too as now it looks terrible as you need to scroll and the texts look too small, etc.

Hence, need a Mobile Responsive Pagination page template.

Also need Account Login, Account Registration Page (web forms), Account Home Page Mobile Responsive Design templates.

Must be in Html 5 and CSS.



I am googling but no real luck.


Any advice ?



Thanks

2
General Software Discussion / What Php Functions To Use To Build A Secure File Upload Form ?
« on: April 29, 2019, 12:23 PM »
Php Folks,

I want to allow my website members to login to their accounts and upload files to my server so other members can view them. Files such as text files, image files, audio files and video files. But not program files or executable files.
Now, what features must my File Upload Form have ?
I need a complete list of Php features it must have. I need you to give me a complete list of Php Functions the File Upload Form must make use of.
Kindly list as many Php features and functions you can think of that my File Upload Form must have in order for it to be a Secure File Upload Form so no one can upload malicious files (virus, programs, etc.).
I am going to get the File Upload Form developed by a paid programmer. I need to give the programmer a list of features the File Upload Form must have. Here is my list of REQUIREMENTS so far:

REQUIREMENT 1:
Add filters and sanitizations so malicious files cannot be uploaded. Nor can sql injections can be made.

REQUIREMENT 2:
Only file types from White-List should be uploaded. Any File Types not listed on this White-List should be discarded and not uploaded. Error should be given that this type of file is not allowed to be uploaded.

REQUIREMENT 3:
Uploaded File should not be more than 100MB. Echo error if File Sizes exceed limit & halt script.
MUST check File Size with function: file_size():
https://www.php.net/manual/en/function.filesize.php

REQUIREMENT 4:
Set a maximum name length and maximum file size – Make sure to set a maximum name length and file size in order to prevent a Denial of Service attack.
If you do not know what I am talking about then read number "6" on the following link:
https://www.opswat.com/blog/file-upload-protection-best-practices

REQUIREMENT 5:
MUST make use php of function getimagesize() for security purpose.
https://www.php.net/manual/en/function.getimagesize.php

REQUIREMENT 6:
Write to the file when you store it to include a header that makes it non-executable.
If you do not understand what I am talking about then read the line on the following link that comes just after the CONCLUSION section.
https://www.wordfence.com/learn/how-to-prevent-file-upload-vulnerabilities/

REQUIREMENT 7:
MUST STORE all errors and DISPLAY all errors using traditional:
"Errors[] = "";.
On my script, fix my error coding mistakes related to the following format as I have no clue how to fix all that to store errors and display them.
"Errors[] = "";.

REQUIREMENT 8:
To detect File Details, should use php functions:
file_info() & mime_content_type():
https://www.php.net/manual/en/function.finfo-file.php
https://www.php.net/manual/en/function.mime-content-type.php
Script Files (executable files) should not be uploadable. Only text files (.txt, .doc, .pdf, etc.), image files (.giff, .jpeg, etc.), audio files (.mp3, etc.) and video files (.mp4, .wav, etc.).

REQUIREMENT 9:
Script should check whether file upload was successful or not.
MUST check with upload with function: is_uploaded_file().
http://php.net/manual/en/function.is-uploaded-file.php
NOTE: After the check, user must get notified whether file has been uploaded successfully or not.

END OF REQUIREMENTS

Q2.
Should I get the programmer to add security features from other languages ? Currently, all my REQUIREMENTS revolve around Php as that is the only programming language I am learning. I do not have experience in any other languages. Server-side or Client-side.
Now, do you reckon I should get the programmer to add security features on Client-side ? If so, program in which language and make use of which functions from that language ? Can you give me a complete list ?

Q3. For security purpose, should I even bother getting the programmer to turn the current File Upload Form into an Ajax form ?

Q4. For security purpose, should I even bother getting the programmer to add Json or Jscript ? Are they really necessary ?
If so, which features and functions must be used to make the File Upload Form more secure ?
(I was just youtubing to learn more about Ajax and what is Json or Jquery and so I am very raw in these 3 fields. Hence, need your advice whether of these 3 should be added or not and what features and/or functions must be added from them 3).

Q5. Which language was used to build youtube you reckon and which of the functions were used from the language/s, you reckon ?

Q6. If you were in my position then which languages would you make use of and which functions and features of these languages would you make use of ? I need your complete list.

Thanks

3
General Software Discussion / Which Of These Security Methods Should I Try ? Mod Security Or GeoIP Apache Way
« on: April 19, 2019, 10:37 AM »
Technical Gurus,

I need your brilliant experienced opinion.
You see, it's practically impossible to make my website abide by the new EU GDPR without annoying my websites visitors. Hence, have decided to block all EU visitors altogether. I asked my webhost regarding this issue and they pointed me to these links:

Mod Security:
https://forums.cpanel.net/threads/blocking-visitors-from-certain-countries.574681/

GeoIP:
https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ and https://www.tecmint.com/install-mod_geoip-for-apache-in-centos/

They suggested I take the "GeoIP apache module way".
Now, I'm not too technical. New in all this. I tried installing both the Mod Security and the GeoIP Apache Module but failed (even after following the steps in the articles) as I don't have much experience with Unix/Linux. Therefore, searched for someone to take care of it. Told him to install both Mod Security and GeoIP Apache Module but to do it without touching the .htaccess because the following article says it will go to thousands of lines of code if I do it using .htaccess.
https://www.sitepoint.com/how-to-block-entire-countries-from-accessing-website/

The technician had a look at the links I gave and said he will install the GeoIP module but not by following the steps mentioned in the following article and he has to do it using .htaccess.
https://www.tecmint.com/install-mod_geoip-for-apache-in-centos/
Says there would only be 28 lines of code to block 28 EU countries.
Also says, if he follows the steps mentioned on the above link (tecmint article) then things will get messed-up. His exact words are:

"You can't directly edit apache configuration as techmin article suggest, because you are running cPanel. settings must be "friendly" with cpanel, or they'll get lost and make mess.".

He says he will do it following the steps mentioned here:
https://www.paunovic.win/2018/06/15/instalacija-mod_geoip-modula-na-cpanel-whm-serveru
He says that is the proper way to do it on cPanel Server.
I asked my webhost about this and they have gone silent. Hence, approaching you folks for your expert opinions.
I have Vps with Root Access: SSH, Panel. I got CentOS OS, Whm and cPanel ($15 version).
I got my webhost to build 8 cPanel accounts for my 8 domains. 1 cPanel account per domain. I think they built them via Whm. (Still learning about Whm).
I told the technician, I want him to set things up on my Whm so any domains &  cPanel accounts I add in the future (1 new cPanel account for 1 new domain) to my Vps should also block EU visitors. He said aslong as I have Root Access he will set things up following the steps in that article:
https://www.paunovic.win/2018/06/15/instalacija-mod_geoip-modula-na-cpanel-whm-serveru

You have now heard about my hardwares & softwares and what I need done. Block all EU visitors from my current 8 websites and from all future websites/domains hosted on this Vps. My questions are:

Q1. Must the GeoIP and the Mod Security be installed on my Whm for them to work on all my current and future websites/domains/cPanels hosted on this vps under this Whm ?

Q2. Which option is best for me ? Mod Security or GeoIP ? If I install both then that would not be a problem. Am I right ?

Q3. Is the technician correct when he says "You can't directly edit apache configuration as techmin article suggest, because you are running cPanel. settings must be "friendly" with cpanel, or they'll get lost and make mess."
He says the steps in following article is bad:
https://www.tecmint.com/install-mod_geoip-for-apache-in-centos
Is he correct ?
He further says: "I'll compile GeoIP module and GeoIP database on your server Apache and then you can easily block countries, and do not have to block IPs.". Is it better to do it this way over the techmint article way ?
Should I opt for his method instead (do things the .htaccess way) and
should I ignore the warning on the Site Point Forum article to not to things the .htaccess way ?

I am puzzled, confused and need your expert opinions and advice as I know you won't be giving biased advices.

Thank you for your interest in helping me out.

Whatever method you recommend, make sure it will be easy for me to easily add more countries in the banning list without needing to fiddle with messy code.

4
Developer's Corner / Building Pagination With Php 7 Using Mysqli And Prepared Statements
« on: April 08, 2019, 04:31 PM »
Php Folks,

I am trying to create a php script that queries my mysql database and shows results using pagination.
Here are my requirements:

REQUIREMENTS
* Language: Php
* Php Version: 7
* Programming Style: Procedural
* Php Extension: Mysqli
* Sql Injection Prevention Method: Prepared Statements

* Web Form Design: Html 5 Compatible/Compliant
* Search Feature - Exact Match & Fuzzy Match Options (Search Usernames - See attached file for mysql tbl columns)
* Pagination - Max Results (rows) per page: 25
* Page Design: Responsive Web Design using Html 5 & CSS (latest)

I have been googling for months now and found no tutorials based on my requirements.
Tutorial are either in Pdo (Oop Style) and do not use Mysqli extension.
Or tutorials are in Procedural Style but DO NOT use Prepared Statements.
Or, tutorials are in Procedural Style and DO use Prepared Statements but do not have the SEARCH function. No EXACT MATCH or FUZZY SEARCH features exist.
None of them are Responsive Web Design suitable for both computer users and mobile phone users.

For our newbies' learning purposes. Can anyone be kind enough to show a mini pagination script ?
You may leave-out the following as I am likely to manage this with Bootsrap design tutorials:
* Page Design: Responsive Web Design using Html 5 & CSS (latest).

Thank You

NOTE: Attached file will show you what my mysql table looks like.



5
Developer's Corner / File Upload With Php
« on: April 08, 2019, 03:21 PM »
Php Programmers,

I am trying to build a file upload script with php but struggling. Need your urgent assistance.
Here are the requirements:


START OF REQUIREMENTS

* If directories "uploads/videos/id_verifications/$user" do not exist then they must be created. Else, not.
NOTE: Only the script must be able to create these directories and write to them (add files, delete files, copy files there, copy files from there, etc.) and no external domain must have these privileges. No other scripts must be executable from these directories.

* If File already exists then should echo error. Else, not.
Should check with php function: file-exists().
https://www.php.net/manual/en/function.file-exists.php

* Uploaded File should only be video files (.wav, .mp4, etc.). Should echo error if File Types are otherwise.

* Script should check whether the file upload was successful or not.
Should check with php function: is_uploaded_file().
http://php.net/manual/en/function.is-uploaded-file.php

To detect File Details, should use php functions:
* file_info() & mime_content_type():
https://www.php.net/manual/en/function.finfo-file.php
https://www.php.net/manual/en/function.mime-content-type.php

* Uploaded File should not be more than 100MB. Should echo error if File Sizes are otherwise.
Should check with php function: file_size():
https://www.php.net/manual/en/function.filesize.php

* Temporary File should be created at first and then moved to the following permanent directory: uploads/videos/id_verifications/$user.
Moving of directory should be done using php function: move_uploaded_file
https://www.php.net/manual/en/function.move-uploaded-file.php

* Uploading File Name should be renamed to: $user_id_verification
File Renaming should be done using php function: rename():
https://www.php.net/manual/en/function.rename.php
So, if file name is "my_id.mp4" and User's username is "tommy_boy" then File Name should be renamed to: "tommy_boy_id_verification.mp4".
If file name is "my_id.wav" and User's username is "tony_boy" then File Name should be renamed to: "tony_boy_id_verification.wav".
(NOTE: On the above 2 example lines, the File extensions are different).

* User must get notified that, file has been uploaded successfully. If uploading fails then user must get echoed error.

* All Errors should be echoed using traditional: $Errors[] = "Error message goes here";

* Php code must be in procedural style as I do not know OOP.

* You must include understandable comments on your codes so I can understand them and have no questions.

END OF REQUIREMENTS


Q1. Are there anything else, in terms of security, that I should have as "Requirements" ?


Pages: [1] 2 3next
Go to full version