So, how do you signup? Easy simply link to whatsthetide.com from your website, and send me the link.

And I’ll generate you a juicy serial! :)

Oh… and prizes for who can crack my serial algorithm! (Probably best not to bother with this one!)

Have a look that this source code:

// Lowercase via is used by open proxies/referrer spammers
// Exceptions: Clearswift uses lowercase via (refuses to fix;
// may be blocked again in the future)
if (array_key_exists(’via’, $package['headers']) &&
!strstr($package['headers']['via'],’Clearswift Web Policy Engine’)) {
return “9c9e4979″;
}

Hm….

4.2 Message Headers

   HTTP header fields, which include general-header (section 4.5),
   request-header (section 5.3), response-header (section 6.2), and
   entity-header (section 7.1) fields, follow the same generic format as
   that given in Section 3.1 of RFC 822 [9]. Each header field consists
   of a name followed by a colon (”:”) and the field value. Field names
   are case-insensitive. 

Well, it seems that: Clearswift, Coral CDN, etc are getting blocked because of this…

If you use Bad Behavior let me know you experiences with it, and if this is affecting you, you might want to contact them.

Yesterday I made a nother presentation at the Sydney PHP Group February Meeting.

This time we did not get access to our room, hence my slides were useless, and a roll play was under taken insted of a diagram! No slides, nothing, all off my head.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).

Ok, you’re on some channel on an IRC network… yada yada… so loser wants to hack you…

>Yeah, my IP is 127.0.0.1 go hack it…

Looks like they tried to…

There is your laugh for today…

I would of thought DShield would of filtered out bogus firewall logs…

Hm.. NULL even tried some hacking…

I wonder if 255.255.255.255 did?

Today I needed to use curl, but this time via a http proxy that required authentication:

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, ‘proxy.mybusiness.null:8080′);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, ‘user:password’);

Easy, huh? Just add those three lines before you call curl_exec().

Steven.

Yesterday I made a nother presentation at the Sydney PHP Group February Meeting.

This time about dealing with comment spam.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).

Yesterday I made a presentation at the Sydney PHP Group February Meeting.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).

No preamble needed…

Readonly:

*[readonly] {
/* CSS for all nodes with readonly attribute */
}

input[readonly] {
/* CSS for input nodes with readonly attribute */
}

textarea[readonly] {
/* CSS for textarea nodes with readonly attribute */
}

select[readonly] {
/* CSS for select nodes with readonly attribute */
}

Disabled:

*[disabled] {
/* CSS for all nodes with disabled attribute */
}

input[disabled] {
/* CSS for input nodes with disabled attribute */
}

textarea[disabled] {
/* CSS for textarea nodes with disabled attribute */
}

select[disabled] {
/* CSS for select nodes with disabled attribute */
}

Notes:
Works with:
readonly=”[anything]”
readonly
disabled=”[anything]”
disabled

Steven

While developing a project using two factor authentication, with a key fob, I needed to use HTTP Basic Authentication over SSL, to prevent XSS as the project was a web based proxy. Now I had PHP5 running as a module, but PHP4 as CGI. There was the problem HTTP Authentication isn’t available under PHP running as CGI.

First you need to configure mod_rewrite:

.htaccess:

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

What that will do is feed the base64′d user:pass into an environment variable named HTTP_AUTHORIZATION.

Then just add this above your script:

list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(’:’ , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

That splits up the username and password, and makes it look as if you were running PHP as a module.
So for a sample script:

// split the user/pass parts
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(’:', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

// open a user/pass prompt
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header(’WWW-Authenticate: Basic realm=”My Realm”‘);
header(’HTTP/1.0 401 Unauthorized’);
echo ‘Text to send if user hits Cancel button’;
exit;
} else {
echo ‘Hello, ‘.htmlentities($_SERVER['PHP_AUTH_USER']).’

‘;
echo ‘You entered as your password: ‘.htmlentities($_SERVER['PHP_AUTH_PW']).’

‘;
}
?>

Steven

This is the easiest part:

Windows:

Install Peer Guardian and utorrent

Download your hopefully legal content!

Linux:

Download: XAMPP

Install, this is a very easy installation!

Enjoy your webserver/filesever!

Regards,

Steven Roddis