Welcome, Guest
You have to register before you can post on our site.

Username/Email:
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 8,441
» Latest member: sushant
» Forum threads: 65,877
» Forum posts: 413,880

Full Statistics

Latest Threads
Where to store static arr...
Forum: General Help
4 minutes ago
» Replies: 3   » Views: 21
Unsetting Session In Arra...
Forum: General Help
1 hour ago
» Replies: 1   » Views: 55
XML error: Invalid docume...
Forum: CodeIgniter 2.x
3 hours ago
» Replies: 4   » Views: 80
CSV Importing Advice
Forum: General Help
9 hours ago
» Replies: 6   » Views: 192
Are there any CodeIgniter...
Forum: Jobs
Yesterday, 11:24 PM
» Replies: 4   » Views: 190
Redirect doesn't work wit...
Forum: General Help
Yesterday, 10:40 PM
» Replies: 7   » Views: 355
How to format template?
Forum: Model-View-Controller
Yesterday, 03:59 PM
» Replies: 6   » Views: 360
MongoCollection::update()...
Forum: General Help
Yesterday, 02:38 PM
» Replies: 0   » Views: 45
How to Get Banned
Forum: News & Discussion
Yesterday, 12:08 PM
» Replies: 12   » Views: 7,351
Create custom link url fo...
Forum: General Help
Yesterday, 11:47 AM
» Replies: 5   » Views: 219

 
  Multiple Set-Cookie in header? Session regenerating maybe?
Posted by: AzaZPPL - 04-20-2017, 05:40 AM - Forum: General Help - Replies (9)

We have an issue with our simplesamlphp authentication.


I believe the issue is that the session is being regenerated.
In the Header I can see the following

Code:
Set-Cookie: ci_session=1f8a5fc76b261172fc190f8161cbc91ad5901b49; path=/; HttpOnly
Set-Cookie: ci_session=ea7e04c4099d5d5c217725c1a73caed5; path=/; HttpOnly
We didn't have this issue before. So I tried retracing back to what was changed. The only thing I could find is our upgrade from CodeIgniter 2 to CodeIgniter 3. 

When does CodeIgniter Set-Cookie multiple times?

This is my Cookie at the moment it happens.
Code:
Cookie: ci_session=1f8a5fc76b261172fc190f8161cbc91ad5901b49

So it looks like it's resetting my cookie and then resetting to a new one? I don't understand what is going on.


Sad Host Header Attack
Posted by: solasoli - 04-20-2017, 02:27 AM - Forum: General Help - Replies (5)

   
Hi guys, i got this issue from IT-Sec, i have read and search thouroghly but i still can't find any actual solution to fix this issue.

Here it is.

Quote:
Quote:"HTTP Host header can be controlled by an attacker. This can be exploited using web-cache poisoning and by abusing alternative channels. Pentester try to request with modify header host. and the response result showing with the modify host header. affected files:
Quote:
  1. app/formulir
  2. app/kompensasi
  3. app/panduan-agen
  4. app/produk-dan-layanan
  5. app/tentang
  6. app/tentang-
  7. app/training
The impact of this vulnerability An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways."

Recommended solution thus far is :

Quote:The web application should use the SERVER_NAME instead of the Host header

This app are running on xampp with reverse proxy setting for testing. I already do 3 changes to config.php, but the issue is still there. Here is the code.

1.
PHP Code:
if(isset($_SERVER[SERVER_NAME])) { 
$config['base_url'] = isset($_SERVER['HTTPS']) &&  strtolower($_SERVER['HTTPS']) == 'on' 'https' 'http';
$config['base_url'] = '://'$_SERVER['SERVER_NAME'];
$config['base_url'] = str_replace(basename($_SERVER['SCRIPT_NAME']), ''$_SERVER['SCRIPT_NAME']);
}
else{
$config['base_url'] = '';


2.
Quote:
Code:
$config['base_url'] = 'http://$_SERVER[SERVER_NAME]';

PHP Code:
$config['base_url'] = 'https://jktdc.*********.com/app' 

What im asking is, how/where/what exactly i have to change/add to fix this issue. [b]Thanks a lot.

PS : the response header is on the attachment.[/b]


  Storing IP as binary type in DB
Posted by: neuron - 04-20-2017, 12:32 AM - Forum: General Help - Replies (1)

Hi, 

I have a table which keeps failed logins. 

IP stored in VARBINARY(16) column.

I don't have any experience with BINARY types in MySql.

Problem is when I want to do query by comparing  by IP sometimes it throws db error: 

SELECT MAX(attempted_at) as last_failed_attempt
FROM failed_login 
WHERE attempted_at > DATE_SUB('2017-04-19 17:26:18', INTERVAL 60 MINUTE) AND (ip_address = 'Xç'e' OR 1 = 0)

My model:

get max attempts:

Code:
$now = date($this->config->item('log_date_format'));
   $ip = inet_pton($_SERVER['REMOTE_ADDR']);


   $sql = "SELECT MAX(attempted_at) as last_failed_attempt
   FROM failed_login
   WHERE attempted_at > DATE_SUB('$now', INTERVAL $delay_minutes MINUTE)
   AND (ip_address = '$ip' OR ";
   if($username != null){
       $sql .= "username = '$username')";
   }else $sql .= " 1 = 0) ";

   $result = $this->db->query($sql)
   ->row_array();


what is wrong in my query?

Insert query:
Code:
   $insert_data = array(
       'username' => $username,
       'ip_address' => inet_pton($_SERVER['REMOTE_ADDR']),
       'attempted_at' => date($this->config->item('log_date_format'))
       );
   $this->db->insert('failed_login', $insert_data);


  Delete Item / Job from Database - CodeIgniter PHP
Posted by: SDillon001 - 04-19-2017, 10:25 PM - Forum: General Help - Replies (2)

Hello, I've posted a pretty involved post about not being able to delete an item (job listing) from a database on an app using Codeigniter. If anyone can help, here's the link:

http://stackoverflow.com/questions/43506...9_43506919

Thanks
Steve


  Recommendations for PDF Creation Libraries?
Posted by: cyclist - 04-19-2017, 09:24 PM - Forum: Libraries & Helpers - Replies (4)

Hi everyone,

I want to give users the option in my Web app to convert Web site content to a PDF to print or download.

I'm looking for recommendations for a PDF library which works well with ci, doesn't hog too much space and which has at least a decent chance of being supported for a while!

I tried MPDF and after an hour couldn't get it to work. I think some of the tutorials are out of date. If that is in fact the best one I'll spend another hour or two trying to make it work, but I'm thinking maybe there's a better option?

Thank you!


  redirect()
Posted by: donpwinston - 04-19-2017, 02:11 PM - Forum: CodeIgniter 4 Support - Replies (3)

I can't get redirect() to work. Is this yet to be worked on? I get a 'Unable to locate a valid route' error.

The route works form the browser's command box. 

Huh

Code:
<?php namespace App\Controllers;

use CodeIgniter\Controller;

class Register extends Controller
{
    private $session;
    private $validation;

    public function __construct(...$params) {
        parent::__construct(...$params);
        $this->validation =  \Config\Services::validation();
        $this->session = \Config\Services::session();
    }

    public function index()
    {
        print view('header.php', ['current' => 'register', 'title' => 'Register']);
        print view('register.php');
        print view('footer.php');
    }

    //--------------------------------------------------------------------

    public function step1()
    {
        $messages = [
           'name' => ['required' => 'The Name field is required'],
           'mailing-address-1' => ['required' => 'Street Address 1 is required'],
           'city' => ['required' => 'The City field is required'],
           'state' => ['required' => 'The State field is required'],
           'zip' => ['required' => 'The Zip field is required'],
        ];
        $this->validation->setRules([
            'name' => 'required',
            'mailing-address-1' => 'required',
            'city' => 'required',
            'state' => 'required',
            'zip' => 'required',
        ], $messages);

        if (! $this->validation->withRequest($this->request)->run())
       {
            print view('header.php', ['current' => 'register', 'title' => 'Step 1']);
            print view('step1.php', ['validation' => $this->validation]);
            print view('footer.php');
        }
        else
        {
            $this->session->set($this->request->getPost());
            redirect('/register/step2');
        }
    }

    public function step2()
    {
        print "<pre>" . print_r($this->session->get(), TRUE) . "</pre>";
    }
}


  CodeIgniter Rest Server with JWT Authentication
Posted by: aiamk - 04-19-2017, 05:55 AM - Forum: Addins - No Replies

Hello,

Try it and leave your feedback.

Check out the example file "controllers/api/Jwt.php" for testing.

https://github.com/aiamk/codeigniter-restserver


Kind Regards.


  Execute a controller method in background.
Posted by: saranayars - 04-19-2017, 05:15 AM - Forum: General Help - Replies (2)

Hi,
     I have to execute controller method in background and I am using HMVC structure.
     
       <?php
          class Test_Controller extends CI_Controller  {
                public function index() {
                 }
                public function test() {
                      // background script code
                }
 
           } ?>


I need to execute the function test as background process using exec/shell command. Any solution?
If not,Where (folder structure) I can write background script in codeigniter?


  Resolving Render Blocking CSS in Dynamic Serving
Posted by: Amruta Shelar - 04-19-2017, 04:14 AM - Forum: Choosing CodeIgniter - No Replies

HI,

Render blocking issue not getting resolved in our Dynamic serving website. We tried to solve the issue by using critical path CSS.
But we have different pages for mobile and desktop sites, but having same domain name, so the issue could not be resolved.
Any other solution?
Huh


  Multiple Core Controllers
Posted by: neuron - 04-19-2017, 02:07 AM - Forum: Addins - Replies (1)

I have asked this question in https://forum.codeigniter.com/thread-67845-page-2.html here
but nobody responded. so I created new thread for this problem:

I have tried to implement Phil Sturgeon's Rest Server:

in application/config.php:

PHP Code:
$config['subclass_prefix'] = 'MY_';


function 
__autoload($class)
{

 if(
strpos($class'CI_') !== 0)
 {
 @include_once( 
APPPATH 'core/'$class EXT );
 }


in application/core/MY_Controller.php
PHP Code:
class MY_Controller extends CI_Controller{

 function 
__construct()
 {

 
parent::__construct();

 
   }


in application/core/Rest_Controller.php
PHP Code:
abstract class Rest_Controller extends MY_Controller {
 
   public function __construct($config 'rest')
 
   {
 
          parent::__construct();
 
           ....
 
          }


in application/Auth.php
Code:
class Auth extends Rest_Controller{

function __construct()
{
           parent::__construct();
       }
}

I am getting Class 'Rest_Controller' not found error in Auth php at line: class Auth extends Rest_Controller.



  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.