logs archiveIRC Archive / Freenode / #php / 2015 / July / 5 / 1
Alphos
you know i know you know i know i know you know you know i know i know i know, i know.
you know ?
biberu
i know
Whiteclaws
Hello
I would like to know how i can save a variable securely
for use late
biberu
"securely"?
Whiteclaws
a cookie in a way that the attacker cant know whats in it
Bad_Advice_Cat
Securely from what though?
Whiteclaws
and if edited, i can know in a way
biberu
why does it have to be a cookie?
Whiteclaws
it doesnt have to be
         

biberu
problem solved
next question
Bad_Advice_Cat
I do not think I like that idea Whiteclaws.
Whiteclaws
biberu, what else than cookies
Bad_Advice_Cat
(Action) waits for next question.
Whiteclaws
basically
biberu
Whiteclaws: it really depends on your larger context
Bad_Advice_Cat
We do not know what data you're saving.
Whiteclaws
let me explain then
i have a captcha, i generate it with two words, and send an image to my client application (executable) via https, the request is "getcaptcha"
now i have another request "register <name> <pass> <captcha>"
that demands that captcha
how can i save those two words for use when i verify the reigister requesr?
i first thought of cookies but im a starter in php
and i know jack sh1t about security and cookies
of*
my goal is to save those two words as a cookie that expires after a minute
... so?
Bad_Advice_Cat
Whiteclaws, first. We identify the purpose of each that we have.
Whiteclaws
each what
Bad_Advice_Cat
Captcha usually exist only for the purpose to prevent robots from signing up/posting message. To detect robots.
Whiteclaws
yes
exactly
i dont want a bot to spam my sql server with unneeded registers
Bad_Advice_Cat: keep going im listenin
Bad_Advice_Cat
For username and password that comes from the "Register form", that data goes straight into a database. . But you only do this using a condition.
We can make use of an if/else condition.
Whiteclaws
Bad_Advice_Cat: im over all of this
my question is
how can i store those two captcha words
Bad_Advice_Cat
If ($the_capcha_is === correct) { we then store the username and password to database }
You do not store capcha words. O_O
biberu
Whiteclaws: you could encrypt the solution, have the client deliver it back to you, then decrypt and compare, or you could create an id for the request and store it somewhere server side, then have the client return it, find and compare
Whiteclaws
Bad_Advice_Cat: i dont want the client to be sent the captcha passwords
Bad_Advice_Cat
Capchas are always different, random, it is something you dispose of immediately. They only exist to check if the client is a Human or a Robot.
Whiteclaws
Bad_Advice_Cat yes and so
Bad_Advice_Cat
Whiteclaws, you don't send captcha "answer.
         

Whiteclaws
a cookie that dies after 1 min thats disposable
Bad_Advice_Cat
Or you defeat the point of capcha.
Whiteclaws
yes yes
Bad_Advice_Cat
Capcha is validated/check on Serverside.
Whiteclaws
i dont do that
Bad_Advice_Cat
Not on the Clientside.
Whiteclaws
YES YUES
i know all of that
thats exactly what im doing
Bad_Advice_Cat
As for password and Username. These do not go to the client.
These remain, and STAYS on the server side.
Whiteclaws
Bad_Advice_Cat: i never said they would go to the client
Bad_Advice_Cat
Just want to be sure.
Whiteclaws
Bad_Advice_Cat: you're going over the scope
i just wanted to know how i can store a variable so i can get it later on ;-;
Bad_Advice_Cat
Whiteclaws, it is necessary to understand prerequisites before exploring any further.
Whiteclaws
Bad_Advice_Cat: ok, first of all, i may be php-retarded but i did my research
second of all, this is a case, the answer is very much more general than that
Alphos
Whiteclaws there is no general case here. it depends on what that variable is, and what it's going to be used for
Bad_Advice_Cat
^
Whiteclaws
damn, i want programming and yall giving me design
Bad_Advice_Cat
So those goes to database (User name and Password. NOT the capcha) - Like this: http://dpaste.com/1CYV58P
Alphos
no, we're not
Literphor
Whiteclaws: Why do you want to store captcha words? You only need them for validation, no need to hold on to them for other requests
Bad_Advice_Cat
For our registered user name.
Whiteclaws
not a single function or line of code, not even a stack overflow link has been given :(
Literphor: because i dont want to pass them to the client
Bad_Advice_Cat
Whiteclaws, I gave you a line of code. Let's recap.
biberu
Whiteclaws: you are going about this too specifically, you don't need cookies, how you transport it really doesn't matter at all, all you want to do is present the puzzle to the user together with somthing that lets you validate his answer, e.g. an encrypted answer or an id he can send back
Bad_Advice_Cat
[Minutes Ago] <Bad_Advice_Cat> If ($the_capcha_is === correct) { we then store the username and password to database }
Literphor
Whiteclaws: Ok, you dont have too& storing the words and passing them to the client are seperate things
Whiteclaws
Bad_Advice_Cat: really ...
Bad_Advice_Cat
The capcha data sent from the Client is compared with the Capcha Answer
Whiteclaws
hey if(istrue == true) { //do stuff }
biberu: im scared of the user tampering with the input
Alphos
unexpected end of file in unknown on line 0, expected }
biberu
server sends [id|code, puzzle], client returns [id|code, solution], server compares
Bad_Advice_Cat
Whiteclaws, that is why we validate our data. Please see my code example.
Whiteclaws
how would i go about validating something sent to the client
Bad_Advice_Cat: its waaaaaaaaaaaaaaay harder than that
Bad_Advice_Cat
Whiteclaws, you validate data that sent FROM the client.
Not TO the client.
FROM.
Whiteclaws
Bad_Advice_Cat: no sh*t
Bad_Advice_Cat
THough you said "to".
Whiteclaws
oke
lets take a case
Bad_Advice_Cat
Anyway. Moving on. That is what you do. You validate their post data.
Whiteclaws
i send image + aes encrypted string
Bad_Advice_Cat
if ($capchaAnswer === $_POST['capcha_from_the_client'])
That is all there is to it.
« prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 next »