AntiSystem :: No Good System

For a project of mine I needed a free script to show the visitors if I am online or not on yahoo messenger.

Hardly I found a decent script for this and I said maybe others will need to know about it.

http://osi.techno-st.net:8000/

Enjoy !

In many operations we need to check the file is being processed.
Bellow is a simple yet effective method to get the extension from the file name.

function get_file_extension($file_name)
{
// to keep it clean just make all letters in the file name small letters
$file_name = strtolower($file_name);

// split the file name by [ . ] and store all parts into an array
$ext = split("[/.]", $file_name);
// get the no of elements in the array
$i = count($ext);

// the extension is the last element in the array [ -1 is because the array starts from 0]
$extension = $ext[$i-1];
return $extension;
}

In all cases we are using input from the user we need first to check for the validity of the input. This way we can avoid the SQL injections for example.
For example we have a form username / password.
We have to get the input from the two fields and use them in a query on the user table to see if we have a match.
In case o password, we do not care to much because we do not store the password in plain text but rather in an salt form (md5 for example). Because of this we do not care too much about the content of this field

$password = md5($_POST['PASSWORD']);
/*
in this moment no meter what sql injection string the user has entered the resulting salt
will consist in 32 chars string which cannot harm our sql statement
*/

For the username there is a little bit more complicated. We are storing the usernames in plain text, so we have to be careful how we protect this string not to have false results.
I am using the following function but in my case I mad some restrictions to the username form: only alphanumeric chars plus – _ and @ as special characters.

function string_check($string)
{
$string = strtolower($string);

// we check the string for funny chars
$valid_chars = "0123456789abcdefghijklmnopqrstuvwxyz-_@";
$invalid_chars = 0;

// make a loop to verify each character in the string
$len = strlen($string);

for($i = 0; $i <= $len; $i++)
{
if(substr_count($valid_chars, $string{$i}) == 0)
{
// this means that the current char is not in our valid chars list
$invalid_chars++;
}
$i++;
}

if($invalid_chars == 0)
{
return TRUE;
}
else
{
return FALSE;
}
}

$username = trim($_POST['USERNAME']);
if(string_check($username) == TRUE)
{
// we continue the process using this string in the sql statement
}
else
{
// we stop here because the user input is funny
}

A nu … nu e vreo metoda desteapta de a alege numerele castigatoare la LOTO 6/49.

E doar un script care alege la intamplare 6 numere pe care sa le folosesti. M-a disperat mereu sa aleg eu din capul meu numerele astea asa ca am facut un mic scriptulet.

Asta e sursa:

function generate_6_49()
{
$min = 1;
$max = 49;
$no = 6;

$final_no[] = rand($min, $max);

while($no > 1)
{

$c = rand($min, $max);

if(!in_array($c, $final_no))
{
$final_no[] = $c;
$no--;
}
}

sort ($final_no);
reset ($final_no);

$display_no = "";
while (list($key, $no) = each ($final_no))
{
$display_no = $display_no.$no.", ";
}

$display_no = substr($display_no, 0, -2);
return $display_no;
}

print(generate_6_49());

Si aici e un rezultat. Daca nu va plac numerele dati refresh … ar trebui sa apara alte numere

Noroc!

WinPT Desktop Application usage

I have searched allot on internet for a PHP implementation of PGP encryption and message signing.

The main concept sounds like this:

- I have a key ring where I keep the public keys of the people I need to communicate with

- I have my private key

There are some rules regarding the concept:

- The private key is not to be sent to anyone under any circumstances

- The private key is used to decrypt the information encrypted using my public key

- The public key is the only one that may be moved / sent over the internet (obtaining the private key from the public one is not possible)

- There is a mathematical relation between the private and public key.

- You cannot send an encrypted message to a person that does not have the public key in your key ring (you have to use the person’s public key to encrypt the info so that only the intended person with his private key can decrypt the information).

I am using WinPT application to generate / manage my encryption keys. Here are some screens on keys creation:

This is my public key … it is ok to put it here because it is a public one pub 1024D/2285E662 6/17/2008 Gabriel Petrica <gabriel.petrica@root-systems.info> Primary key fingerprint: C972 679D 3617 2991 765F 009C 0FCB 0F7E 2285 E662 —–BEGIN PGP PUBLIC KEY BLOCK—– Version: GnuPG v1.4.7 (MingW32) mQGiBEhYHI0RBADN02MV/FBb06QRa2SHtXU4xJ1Hl3rXldYWF2rEHz6UVC8hT7nC 46tjsJy8ua2++NQV88QwJ+4vCYDF2cLDlT679A7OVyuoGEtkpFeQay4Gl0twkXmG 3sScl1d6clWs1zGdg5gt6BZMK9O/0huCUsUlNiHhUOAh8TczCQ3KlChvywCg4pQ3 rEBoYba9ezAcVHwu4kEJESUEALA8dpjg18No2GIt8GmaOj+0Ull47V6Zy1OvT21w HSXs7smtYnGipxOhXyqffkVLS4cKsO/0ouF5MAP9/mmYNE4ulekQ5PBpkJh+5/Tx Af6bSut3T7qCencc7R6kxMJAt81WrOQ6btzfxEpEZ71+r0s+WHcjwKY4pn8sZ32T 72YOA/0QstEkIz/CH4LrVvTbLrP72QMFQClO9kJyg5kSQvfVypRspi7D85ePA72k 1d1f+TWfdqHtjua2E2f9t/hLx7RqAAvpdQV5l7O7OucNJJvZlM4mIxsgJl2GmPZL /sPsB8sQLCYr6D1q4T3CthZZij6loLpSy8+cmdKvE5Q3L/U/97QzR2FicmllbCBQ ZXRyaWNhIDxnYWJyaWVsLnBldHJpY2FAcm9vdC1zeXN0ZW1zLmluZm8+iGAEExEC ACAFAkhYHI0CGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAPyw9+IoXmYrrt AJ4n+XnD+8tqIpJkJ977+Lb4QbJlJACeOKM1KruiqHDE9BFfKHGLa3pIezW5AQ0E SFgcjQEIAOdLh/WGhl3yFxvNx7z5ReJZCPs6Dw5AnJcpHM17pxM0+FBKtmsv5PZU WiOsLG+1iJkUH4+iayN9cmri/KKBZvEFfu/fMX9hYvDVAYhi3K/bu573lRI367HS +1+xpONs5SR5tj48IUWBvumlIroCMQuPBT2eFmO3wHBbUMJCw2vczl2U7PSgHLRz O/LuUheg2OC3RUThN4rQtsG16HENI81FFYYPWVSf5H/UbyaYRmQYUxU/2dw5Wuny mk7fS+K1Hk9fXZDutxym14vF1qp0BsowGPRYq2m7xS0bvVzhVHRC969Bd4Kb1EDK Vcgvv83uZp32FXgljjIaPR6EqLfGuPUAEQEAAYkBaAQYEQIACQUCSFgcjQIbLgEp CRAPyw9+IoXmYsBdIAQZAQIABgUCSFgcjQAKCRAtckkifHeLjdPMB/9pgekgl1zM 7oUY3dH4ZXwHSEfRlqh4NvaRzQxAaS8fny8mPy2hRipak2ZAZZFm8yqtBnN2yn3f E8cyNXzC6u5smMmEkgDLwYzRKHLOyzyKKH5YhkRUcOioqfYS69EK36Fm8E5WlhgY YsQckGR10G/rOhxUzCOLoO2Q4qcTBb4yBCKWm6X9CFgg6VARXptu3MIOlZxWSavx wNr4GCimjGe1K3e5FKUmpspVPCBKDuLOkWmYbffAGrKP1Xk8ULP0dJq4JyR8AgzD cYDSwnzk8fR80xEjwHS2O4nzRwfSfzaRZte4iMFXS5ECK909NW3mIUdxeurjdi0t MVgnKocc3aNJ14UAoI7GNrJYJP9ZeUSJZWNxOvCpUSLDAKC5cOAOQEGCc5PdjwVc z0sKOgb7bA== =8YIN —–END PGP PUBLIC KEY BLOCK—– If I want to encrypt the following message: “This is a test secrete message !!!” I am copying the bold message in the clipboard

Select the public key to be use for encryption. I am sending an encrypted message to myself !

This is how the encrypted message looks like.

—–BEGIN PGP MESSAGE—–Version: GnuPG v1.4.7 (MingW32) – WinPT 1.2.0 hQEMAy1ySSJ8d4uNAQgAxZzLCbW/EctddcglpL1sEOrPYA/TUHpx2mmtzi+zza1w mRZwBHDxITPghZQ+axchAs1ceO3gGlqsdQC+H37bxfLS+/5H6g3N/wT2aA4nVuia hpA5d08G6LCqPjoQoJnc28W5h+9e8nF/WeQZOJtwqCuS4Fq7CZyxG9IlzQyoPb7B S4PoIV0yrHIXXdEttcdp/muRTi4NnXWLkOYi2u/NQfTVsBaL1fdiF+Be6rVYuYm+ IosYJIF7kVLhZr7wd4SrnfvWIMexNszY4Z3vn/11GqM7PV87RKEZu8NiQLpV+p2k Qp8nsLIrCEShUBoqxgbCDM0BRGAYREfy5nY0D1hmjNJbAaHh2ARzX2TxKpvB9otK SHGfkIrsAGzXAGvisV5O9uUqGmKX3OKQNAEeHuQ8nj6TFerF4myWz9fBRrUdZf1B S5GVYj3Fl6EYemtJLAbwA0fyfYQiEA8i3R1KZQ== =aSKS —–END PGP MESSAGE—–

To be sure that what I have here is the right stuff I will decrypt it using my private key. For this I am copying to the clipboard the encrypted message and use the Decrypt/Verify option from the context menu (see some pictures above). You have to provide the password for the private key.

The encrypted message contains also information about the public key used for encryption. After pressing OK if the password is correct we’ll have on the clipboard the following phrase:This is a test secrete message !!! So the encryption / decription process went OK !

If need to sign a message I will do this using my private key. The recipe will be able to verify the integrity of the information using my public key.I will sign the above bold message. For this I have to copy it in my clipboard and use the option Sign. The pasword is require to decrypt the secret key that will be used for signing.

The signed message looks like bellow—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 This is a test secrete message !!! —–BEGIN PGP SIGNATURE—– Version: GnuPG v1.4.7 (MingW32) – WinPT 1.2.0 iQEVAwUBSFirSy1ySSJ8d4uNAQIxFQf/b7tDsUvEvhnqe1cVj7N6pnJ2tG0SBO7U a0ltjvjXtG6XpYIgc3acqRK0HktAIQ1eKmJ3UKIa4vdxRIJWqjoaYNl5DkXZNsO1 bBV7eOzczrAGb0geZO3HiAKAI2ZwmUiuVmsglMfl7MrBS+QCJ2LyWfSBpCaiDCUo LBmnmD2/tNScfyjD7SugV/4GygMk+6T/AKlsi98YpaobTRocScc5OisN+OSCuL5n PvOJJu8yKg87k/IfV7qGnrwuB5ZZI0Ym1MkYVU4/8Lj8SYyJY0RfQXiZycImfMwo kOB87JWXZrHvUfB3RSS6W4Y9k/XLQI6yE1Z/g3t22Ns8EEyaqfkL1Q== =pU60 —–END PGP SIGNATURE—–

The recipe can verify if the message is authentic using the option Decrypt/Verify with my public key. For this the recipe must copy the entire message to the clipboard and verify it.The message is verifyed as OK.