Jun/090
Some updates
Well, yesterday around 10am EST our forum was hacked. I stupidly haven't updated the forum software and someone was able to use an exploit that gave them admin on the forum. They then changed the templates index page to have some random crap, but oh well. At least our database is intact and the hacker didn't do more damage.
In other news, I've decided to sell ihidenow and prankermail. I would like to start up on some other projects and dont have time to update those two sites. Plus i think someone else could do a lot more with them then me. If you are interested i posted a thread with information about them on digital point forums which can be found here, http://forums.digitalpoint.com/showthread.php?t=1398858.
If you have any questions regarding them then please PM me on digital point.
In other news, i recently bought myself a Cordless Logitech Desktop Wave. The package comes with a keyboard and mouse. I will be doing a review of this sometime this week when i get the chance, but all i can say right now is that this set is amazing.
Jun/091
New wordpress theme!
The new wordpress theme is now basically complete as you can probably see! There are still a few tweaks i have to make but for the most part its complete, let me know what you guys think about it. In my opinion i think it turned out pretty great. Ill be adding content to the downloads section pretty soon, as well as updating some of the other pages.
Jun/090
bytebeat launched!
Yesterday bytebeat was finally launched. It's a tech/music blog owned by Blair Beckwith. Here is a post taken from bytebeat:
bytebeat has been a long time coming; the web needs another technology blog: false. The web needs another music blog: false. The web needs a blog that brings together what you want to read about in the way that you want to read it: true.
In this world of ever-changing social media where the live-stream is king, it can be hard to keep up with everything. It can be hard to know which technologies you need to know about, and which ones aren’t worth your time, let alone your dime. When you don’t know, bytebeat is here for you. We’ll tell you what you need to know with no dancing around it.
If music is more your thing, we have that too. bytebeat was built on the premise that technology makes the world go ’round, but music makes this “going ’round” more enjoyable. We’ll bring you the latest album reviews, industry news, spotlight-worthy indie acts, and more importantly…
That about sums up the blog, I know its going to go places, its only a matter of time. As for the sexy theme, yes it was designed by Vorbb.
Jun/090
Theme customized
I've been trying to come up with a good wordpress theme for vorbb, so far its a work in progress and adding onto it. Im also looking to sell prankermail, if anyone is interested then drop me an email or comment here.
Jun/090
PHP – Creating a secure login system
This tutorial was written and posted by Burningmace, the original post can be found here http://forums.vorbb.com/Thread-Tutorial-PHP-Creating-a-secure-login-system?pid=1063.
This tutorial expects you to know the PHP language to a reasonable level.
A lot of people make huge mistakes when designing and coding a login system. You'd be surprised how many are comprimised by the simplest of mistakes.
First note - where possible use SSL for login pages. You can get a certificate signed by CAcert.org for free.
I'm dealing with a session based login system here, so lets start off with the basics. First we need a secure way to talk to the database server. Obviously we have to store MySQL login details in the script somewhere, but you must NEVER put them in the script doing the queries. The best thing to do is keep the settings in a file outside the document root of the web server. So, if your Apache server points to C:\webdocs, keep them outside that folder. That way there is no way to get hold of them through any exploit found in your website. For extra security, open up php.ini and add the directory to the include_dir etnry. That way, even if the full source of a page is somehow released, an attacker can't find the location of the PHP file that contains the database login information. For example:
-
// If you see this, you know where the file is
-
require('C:/phpincludes/mysql_login.php');
-
// Whereas the following doesn't give you any clue.
-
require('mysql_login.php');
If you can't mess with php.ini, create a folder called includes and put your login script in there. Then create a file called .htaccess in the folder and put the following in it:
deny from all
This stops anyone from accessing the files in the folder.