Comments for Tinsology http://tinsology.net Read Me Thu, 11 Mar 2010 07:39:16 +0000 http://wordpress.org/?v=2.9.2 hourly 1 Comment on Creating a Secure Login System the Right Way by verboze http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/comment-page-1/#comment-2736 verboze Thu, 11 Mar 2010 07:39:16 +0000 http://tinsology.net/?p=663#comment-2736 Great article! Being new to implementing login systems, this article thought me the basics I needed to get started. Thanks for sharing! Great article! Being new to implementing login systems, this article thought me the basics I needed to get started. Thanks for sharing!

]]> Comment on Creating a Secure Login System the Right Way by Kevin http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/comment-page-1/#comment-2732 Kevin Tue, 09 Mar 2010 23:11:14 +0000 http://tinsology.net/?p=663#comment-2732 My bad! Feel free to delete my dumbass post. Thats what <b>I</b> get for writing and not sleeping. I take it all back! I blindly missed the WHERE username = '$username' and assumed it was WHERE username = '$username' AND password = '$password' which WOULD have been a problem. My bad! Feel free to delete my dumbass post. Thats what I get for writing and not sleeping. I take it all back!

I blindly missed the WHERE username = ‘$username’ and assumed it was WHERE username = ‘$username’ AND password = ‘$password’ which WOULD have been a problem.

]]> Comment on Creating a Secure Login System the Right Way by Tinsley http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/comment-page-1/#comment-2731 Tinsley Tue, 09 Mar 2010 22:57:25 +0000 http://tinsology.net/?p=663#comment-2731 Did you read the code carefully? The raw password never touches the database... it is hashed. There is no need to use escape_string or any other sanitizing on hashed data. The ONLY user input that touches the database is the username and that IS sanitized. In addition to this I point out PDO as an alternative to using the mysql_ family of functions, which is inherently more secure. Did you read the code carefully? The raw password never touches the database… it is hashed. There is no need to use escape_string or any other sanitizing on hashed data. The ONLY user input that touches the database is the username and that IS sanitized. In addition to this I point out PDO as an alternative to using the mysql_ family of functions, which is inherently more secure.

]]> Comment on Creating a Secure Login System the Right Way by Kevin http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/comment-page-1/#comment-2730 Kevin Tue, 09 Mar 2010 22:33:22 +0000 http://tinsology.net/?p=663#comment-2730 Your subject for this code is "Creating a Secure Login System the Right Way" yet you post insecure code. WTF? In your own words you say "you should never trust your users. Validate all user input, protect against SQL injections", yet you don't provide any sanitizing protection for the password input from the user. Newbies using your "secure" code will now be open to an sql injection attack. Your subject for this code is “Creating a Secure Login System the Right Way” yet you post insecure code. WTF? In your own words you say “you should never trust your users. Validate all user input, protect against SQL injections”, yet you don’t provide any sanitizing protection for the password input from the user. Newbies using your “secure” code will now be open to an sql injection attack.

]]> Comment on Creating a Secure Login System the Right Way by Tinsley http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/comment-page-1/#comment-2711 Tinsley Tue, 02 Mar 2010 16:21:34 +0000 http://tinsology.net/?p=663#comment-2711 Normally I would, but not in this case for three reasons: If I post a zip file of this script I will have to update it whenever I updated this post All I would be doing is copying the code I posted here into a few files ...And the main reason: This is not a working implementation. I don't mean for you to copy this code and put it into production. It is meant to demonstrate the concepts. It is meant to be a reference for creating a login system of your own. Normally I would, but not in this case for three reasons:

If I post a zip file of this script I will have to update it whenever I updated this post
All I would be doing is copying the code I posted here into a few files
…And the main reason: This is not a working implementation. I don’t mean for you to copy this code and put it into production. It is meant to demonstrate the concepts. It is meant to be a reference for creating a login system of your own.

]]> Comment on Creating a Secure Login System the Right Way by Nookie http://tinsology.net/2009/06/creating-a-secure-login-system-the-right-way/comment-page-1/#comment-2710 Nookie Tue, 02 Mar 2010 07:42:31 +0000 http://tinsology.net/?p=663#comment-2710 Hi, Could you maybe post or email me entire script in a zip file? That would be really really great! Thanx in advance! /Nookie Hi,

Could you maybe post or email me entire script in a zip file?
That would be really really great!

Thanx in advance!
/Nookie

]]> Comment on CSS Drop Cap Effect by Tinsley http://tinsology.net/2009/06/css-drop-cap-effect/comment-page-1/#comment-2704 Tinsley Sun, 28 Feb 2010 23:57:29 +0000 http://tinsology.net/?p=750#comment-2704 Thanks for pointing that out. Most of the time I just test in Opera, IE and firefox. I guess its a good thing 99% of my code is server side. Thanks for pointing that out. Most of the time I just test in Opera, IE and firefox. I guess its a good thing 99% of my code is server side.

]]> Comment on CSS Drop Cap Effect by fano http://tinsology.net/2009/06/css-drop-cap-effect/comment-page-1/#comment-2703 fano Sun, 28 Feb 2010 21:27:39 +0000 http://tinsology.net/?p=750#comment-2703 the css property \visibility:hidden\ causes he first letter no to show in Safari. Good tutorial though. the css property \visibility:hidden\ causes he first letter no to show in Safari. Good tutorial though.

]]> Comment on Seamless WordPress bbPress Integration by Tinsley http://tinsology.net/2009/05/seamless-wordpress-bbpress-integration/comment-page-1/#comment-2695 Tinsley Fri, 26 Feb 2010 01:51:59 +0000 http://tinsology.net/?p=611#comment-2695 You're going to have to either type the address manually or code the link into your template: [source language="php"] if($is_bb) echo '<a href="forum/bb-admin/">Admin</a>'; [/source] You’re going to have to either type the address manually or code the link into your template:

if($is_bb)
	echo '<a href="forum/bb-admin/">Admin</a>';
]]> Comment on Seamless WordPress bbPress Integration by johnuk http://tinsology.net/2009/05/seamless-wordpress-bbpress-integration/comment-page-1/#comment-2694 johnuk Thu, 25 Feb 2010 21:35:31 +0000 http://tinsology.net/?p=611#comment-2694 I've successfully integrated bbpress and wordpress.. it works fine.. but the problem is that my bb-admin not open.. what can i do? How can i go to my bb-admin? any help? I’ve successfully integrated bbpress and wordpress.. it works fine.. but the problem is that my bb-admin not open..
what can i do? How can i go to my bb-admin?
any help?

]]>