Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Coz of this virus here in China, our new term will not begin on the 17th Feb. School will remain closed. My boss asked me to try and do class online.
The students have to login. This is not really because of security, no sensitive data here. I use the login to catch attendance in mysql:
Code:
include $_SERVER['DOCUMENT_ROOT'] . '/includes/studentdbReadfrom.inc.php' ;
try
{
// attendance will not increase with multiple logins. Before next week, reset has_been_incremented to zero
$sql = 'UPDATE 19BEattendance SET attendance = attendance + 1,
has_been_incremented = has_been_incremented + 1, time = LOCALTIME()
WHERE number = ' . $_POST['password'] . ' AND has_been_incremented != 1 ;';
$pdo->exec($sql);
}
This stuff is all new to me, I'm learning it on the fly!
How long will a login session last?
Where can I set it to 100 minutes? That would be our normal 2 class periods + 10 minutes break.
Not a PHP expert but since no one has replied yet.
By default a session is 1440 seconds i.e. 24 minutes which is defined by the session.gc_maxlifetime value. How garbage cleaned is also determined by session.gc_probability and session.gc_divisor.
There are various ways to write PHP code for an activity timer using session variables which might be better then letting the garbage collector automatically do it. Be sure to adjust the maxlifetime to greate then 100 minutes.
only comes after the password has been found. If it were a lump of sql code, the password would not be found.
would return false and the code in #1 would never happen, because the else clause happens then.
That might be accurate in this specific situation, but is exactly the sort of reasoning that causes SQL injection vulnerabilities, when a tired developer overlooks ways around their protections, or a junior developer inadvertently changes something which bypasses them, or whatever.
Mistakes happen, and the best way to guarantee that SQL cannot be inserted is to never insert user-derived input into a query, and the easiest way to do that is to always parameterise queries.
Even ignoring the parameterising, it should be easy to change your initial query from COUNT(*) to return the unique student number, and then use that variable to update their attendance - then you're not using user input directly (I'd still parameterise it), but it also has the added benefit of the code being less brittle, such as for when the requirement to allow passwords to be changed comes along.
For PHP you can use password_hash which uses the bcrypt algorithm.
Since your passwords aren't secret you can just do a single update to switch them all over (in other systems it's necessary to wait for users to login before verifying, re-encoding with a more secure algorithm, then replacing the hash).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.