A free thing, isn't it awesome? This little widget shows the total time spent by your users on your blog, with a precision of about two seconds. Your users also get to see how much time they have spent themselves. A demo + download can be found here.
Tested on Internet Explorer 6 and Firefox 3 (RC1).
(before anyone asks: yes, it is based on my previous posts' code)
Like Javascript? Like AJAX? Like PHP? Well, this application combines them all in one, but it's useless! Awesome!
I've been experimenting a little with the image functions of PHP for some time, but this would be the first time I write a working script that does something too! It takes an image (PNG only at the moment but it's only a matter of changing one line in the script to adjust this.
The method I used was - very inefficient - simple, take some image, read it pixel by pixel, read the RGB code of each pixel, convert it to HEX code and output in html, with some CSS tricks to keep the size. Another (bandwith) trick I used is checking if the previous pixel had the same HEX colour code as the previous one, so instead of creating a new <div>, just add a pixel to the previous one.
I have currently no plans of distributing the source code, it's pathetic and needs cleaning, but if you're interested drop me an e-mail, as long as you don't whine about the overload of crap there is in the code.
And here is an example: the PerlForums logo in ASCII Art!
Everyone loves challenges (atleast I do), so here are some for you. They all involve bypassing some sort of filter or doing something very basic, don't expect anything hard here. It's all very obvious, maybe the admin password thing will make you stare at your screen for a couple of minutes, not more if you're used to this kind of things.
Feel free to contact me by commenting on this post about ideas, bugs, bad recognition or solutions you proudly found to the made up problems.
I'm writing too much junk apparently, so here is a idea I had that would solve a lot of SQL injection damage.
Instead of hashing your passwords with md5($password), or instead of the safer md5(md5($password)), or even instead of md5(md5($password).md5($salt)), why not try md5(base64_encode($password))? Not used enough! I'm talking about websites where the source code isn't open for the public (exit: any free PHP CMS that isn't modified on the password storing part).
The scenario I'm talking about is the one where your website gets hacked, owned or roflz0rsyousuckpwned, through a method that doesn't involve executing system commands, but rather stays on the level of the web application. The first two on the top of my head are SQL injection and XSS.
So, the hacker used SQL injection on index.php, like this:
/index.php?id=1' UNION SELECT password FROM userTable
Alright, he has just retrieved a password that is most likely hashed, with SHA1 or md5, in 90% of the occasions. If the attacker is dedicated to his job, he'll open up some sweet cracking tool and start reversing it. Now, if you had a weak password, or your co-administrator had one, the attacker will be able to log in. Now, since the attack didn't involve any source code reading, the attacker will not know what way the password was hashed, md5 was an easy job since it contained 32 chars, a - f and 0 - 9. Double hashing would work good, but thinking on the level of a scriptkiddy: PasswordsPro cracks this. So, here comes the fun: just hash your password like this (play with it, base64_encode(rot13()) in the middle would be fun too :-) ):
md5(base64_encode($password))
Providing your attacker doesn't have your source code, try this method, even after an attack there won't be a way to recover the password.
Note: this method isn't new, just reminding.
So, I've seen this really cool dude posting on Warez-BB, with an awesome attitude and absolutely not retarded style of posting. Well, quotes say more than a thousand pictures (or something along the lines):
Well.. I m hadsome looking guy.. Wish to be a actor or a model... My dream is to be a superstar... and i wish people will raise hands.. and girls will go crazy on me someday..I love counter strike.. and i m a part of best clan team in my city... I own alienware area-51 laptop for gaming and surfing....If you wanted to be my online buddy... add me at
Yes, exactly. A very nice guy with barely any egocentric behaviour. But this wasn't his only post, along the other sweet things he said, was:
God knows how u looks man... check ur own avatar.. i think u look like that lolz ....I fink u all are jealous.... check my community on orkut hunks and beauties.. or Rang de basanti... .. u will know who i am!!
And a final ending:
I dont care what you think... and i even dont like this forum.. It has all crack pirated stuff.. that u poor people like....
and i m leaving it... I love buying products..intead of using fakes all with keyloggers.. and ~love~..
Excellent, absolutely excellent. So, if you have Yahoo Messenger and feel like sharing thoughts with this certified airhead, go ahead and add him:
killerlooks18@yahoo.com
Or for the spambots that scrape for *[at]*[dot]com (everyone can share in the fun):
killerlooks18[at]yahoo[dot]com
The topic on Warez-BB can be found here.
Having professionnaly wrecked my Linux box, I'm on Windows again, too lazy to fix it. Luckily, there are programmers who understand the need for a good editor, without all the extra shit you'll use once to play with it. Syntax highlighting in Notepad++ is the best I've ever seen in an editor, whatever language you program in. The colors also don't burn your eyes out (exit: Microsoft Script Editor), which is a nice little extra of course.
So, when you're on Windows, you better use Notepad++. When on Linux, well, ... I'm not gonna say anything since this has always been some hot topic and I don't want my house burned down by a bunch of angry protesters.
but we all know gedit is the best
All packed up & ready for your enjoyment: PHP Source Auditor 4! So, if you have (most likely) never heard of it, this is the deal:
PSA4 is a Perl script that connects to your local webhost and scans all files (recursively) in the www root, for vulnerabilities. It scans for:
The difference with other scanners is, it actually can tell whether the script is vulnerable or not since it exploits it on the fly by entering weird data into the variables. You can download it right here and (for now) nowhere else :).
No, I'm not talking about ironing cloths, more talking about my very own algorithm. It's not that special and seems to produce a lot of duplicates, and is quite reversable (credits to sraeG for reversing it in a challenge). I might write a completely new one, more advanced maybe. Source code is in PHP:
function iron($nr,$method = 'numeric')
{
$chrs = preg_split('//', $nr, -1, PREG_SPLIT_NO_EMPTY);
$d = '';
foreach($chrs as $c)
{
if(substr($d,-2,2) == round(ord($c)/2))
{
$d .= round(ord($c)/2)*round(ord($c)/2);
}
else
{
$d .= round(ord($c)/2);
}
}
switch($method)
{
case 'ascii':
$char = '';
for($i = strlen($d); $i > 0; $i -= 2)
{
$char .= chr(substr($d,-$i,2));
}
break;
default:
$char = $d;
break;}
return $char;
}
Usage is as simple as iron("string","ASCII") for ASCII output (recommended only if you hash it with another algorithm after) or iron("string","numeric") for the normal numeric output. Online hasher is here.
The old music search page was kind of annoying, after entering a search term the next job was to actually find a working link. Our new page uses a huge database of known links that work. Because of the size of the new database, querying it can take a few seconds, but once queried it'll deliver you a nice set of working links!
The programming stage has finished only a few minutes ago, r0bin is now working on the design. Expect a release in a few hours!
edit: released!