₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,325,496 members, 8,422,324 topics. Date: Monday, 08 June 2026 at 06:48 AM

Toggle theme

Masterpreshy's Posts

Nairaland ForumMasterpreshy's ProfileMasterpreshy's Posts

1 (of 1 pages)

ProgrammingRe: Please Help Me With This Laravel Project by masterpreshy: 7:24am On Sep 06, 2020
I can help you do it.
Share
Technology MarketAdiina: The Future Of Ads. by masterpreshy(op):
The world is quickly revolving everyday, we can virtually do everything from the comfort of our homes. Bloggers spend their day working from home, hoping to be the next big thing one day. But it can be pretty hard to get traffic to your blog, a problem Adiina is solving.

Adiina Ads Plans.

Starter (24hours) - N300
Premium (1 week) N1000
Gold (1 month) N5000

Adiina, launched on 4th May 2017 by the Ceo/Founder, Precious Opusunju, is an advertising platform where publishers can shorten their blogs or website URL and also advertise. Adiina explores uniqueness at the peak, it lets you advertise your blog niche or websites ads as little as 300 naira for a day, 1000 naira for 7 days, and 5000 naira for 32 days and provides you with quality traffic and real visitors.


Publishers make 3 Adiina coins per visitor who click a publisher's link and these coins can be used for advertisement on Adiina or withdrawn as airtime or cash. It is really easy to shorten a URL on Adiina, but it doesn't just stop at being able to shorten a URL, publishers and advertisers have a huge opportunity to earn from the shortened URL when visitors click on your link.


There's also access to a real time tracking platforms where clicks could be tracked and make activities transparent enough. The more real visitors that click on your link, Adiina pushes the traffic to your blog or website and the more you earn. Adiina makes advertising, blog traffic and the life of a blogger easier. Adiina is a solution, the Future of ads.
https://adiina.com
Share
ComputersWeb Security Tips To Keep Your Website Secured And Running.. by masterpreshy(op): 2:54am On Nov 14, 2015
Hi, i am a Cyber Security Professional.
Most times i come across websites and i detect loop holes, usually they are mistakes from the web developer.
1. If you're using PHP, i guess you've made an upload page or script to transfer files to the server? but they.. did you remember to filter?
Reasons why you should Filter your uploader script (a) A bad guy could transfer a Web Backdoor(Virus) to your web server and get FTP or more access to your files and credentials such as database, cPanel etc.
How do i filter my PHP Uploader?
NB: I dont know how you code but i hope u grab.

<?php
$allowed_extentions = array(".jpg",".png"wink; //This are the allowed types
$filename = $_FILES["image"]["name"];
$check_extension = substr($filename, strpos($filename, '.'), strlen($filename)-1); //This removes the (.) before the file extension
if(!in_array($check_extension, $allowed_extensions)
{
   echo $check_extension.' Is not an allowed type of File';
}
?>


Now with that block of code, we have just prevented shells, backdoors, from being uploaded to your website..

2. I guess you've heard of Cross-site scripting (XSS),
it is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into webpages viewed by other users.
Now how can XSS affect you? not even you, your users!!
You could loose Audience, lemme get to the point..
<script>alert("THIS IS A JAVASCRIPT CODE"wink;</script>
Mostly these codes are executed on a $_GET(method of processing information) parameter, in PHP i'll show you how to protect your self.
[code]
<?php
//I'll write a function to prevent it!
function kill_xss($kill_xss)
{
  $parameters = array("<script>","</script>","<",">"wink; //Add more here
  $kill_xss = str_replace($parameters, ' NOT ALLOWED ', $kill_xss);
  return $kill_xss;
}
$test = kill_xss($_GET["xss"]); //replace this with your $_GET parameter
if($test)
{
	echo $test; //this is just for testing
}
?>

3. SQL injection, as the name implies SQL(Structured Query Language).. we all know that you are the only one who can execute queries either from phpMyAdmin or mysql shell.. hmmm but this vulnerability can allow an attacker run such queries and steal your credentials, how do we prevent this? and how does it happen..
EG: A web developer writes a code to fetch some information from the database using a $_GET paramter(might be and ID) and he/she did not secure the input this could happen: 
SQL error: There is an error in your SQL statement in line .....
If an attacker see's that, he can have access to the database by injecting few queries, lets protect this!
With PHP once again!
[code]<?php
$id = intval($_GET["id"]); //This removes any other string apart from a numeric value
?>

instead, use MySQLi_Real_Escape_String(); or go for PDO smiley

Thats all for now, drop your comments more on the way smiley

The last Image is edited and not real.
Share

1 (of 1 pages)