Category Archives: programming

How to set up recaptcha (no captcha) in PHP

Leave a reply

3 steps to implement new recaptcha no captcha in PHP

1. Register the domain to get the keys – “site key” and “secret key”

2. include code in the page you want to show the recaptcha

a. in <head>

<script src='https://www.google.com/recaptcha/api.js'></script>

b. in <form> – exactly you want to show the recaptcha

<div class="g-recaptcha" data-sitekey="xxxxx"></div>

3. include code to check upon submission (PHP file that process the form)

// use this function to get true/false result from the submitted response
function captcha_verify($secret_key)
{
        $response =file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secret_key."&response=".$_POST['g-recaptcha-response']);
        
$response = json_decode($response, true);
        if($response["success"] === true)
        {
            return true;
        }
        return false;
    }
}

Sublime Text 3

Leave a reply

This editor is fast and neat but requires plugins to be installed to fully utilize the power.

1. install the package control

cmd+shift+P
package control:install package

2. then install other plugins via the package control using the same step.

Some of the plugins.

  1. Sub­limeLin­ter
  2. Haven’t tried to install any other yet

Other sources on useful plugins:

http://wasil.org/sublime-text-3-perfect-php-development-set-up

http://neverstopbuilding.com/sublime-plugins-for-php

About sanitizing input

Leave a reply

Sanitizing is more that just running your input through all sorts of filters.

Sanitizing your input is about not polluting your application with user data you don’t want.
The big question, though, what is it you don’t want?

First example

You’ve made a page, allowing a user to send a text message. Your expected input would be a phone number and a text message.
Looking at the Rule reference in the manual, I would probably go for these rules:

numeric|exact_length[8]

These rules as I would like to make sure that the input is nummeric and that the input matches the length of phonenumbers in my region. Since I already validate that the input is nummeric, I can assume that XSS and SQL injection attempts should fail (as these attacks contain non-nummeric characters).

For the text message field, I would use trim and required: trim|required as I don’t wan’t an empty message sent.

Second example

Allowing users to comment, is a good way to allow users to spam your site or inject malicious code.

Basically, what you wan’t is a name, an email and the comment.

All input needs to be required. The e-mail needs to validate. But the comment and name needs to have some cleaning of XSS and overhead spaces/line feeds.

My validation with sanitazion would look like this:

$this->form_validation->set_rules('name', 'Name', 'required|trim|xss_clean');
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('comment', 'Comment', 'required|trim|xss_clean');

Sanitize what you must – not what you can – and do the sanitaziton for what you need.
Make sure, when you insert the data to your backend to use the Active Record/Query Builder for escaping your input correctly or that your are using Query Bindings which does the same for you.

original source

http://stackoverflow.com/questions/14757812/codeigniter-best-practice-to-sanitize-input

New things to learn

Leave a reply

Getting started with some new tools. To get comfortable with uncomfortables.

Other things to checkout

Add days to a date

Leave a reply 
$adate = '2013-12-10'; //can use Ymd or mdY. Can't use dmY. Can use dash or slash to separate
$daystoadd = 7;
$newdate = date('Y-m-d',strtotime($adate) + (24*3600*$daystoadd)); //the date format is for output