|
|
|
|
Thread title: [Offer]Php/MySQL developer |
|
|
|
|
|
Thread tools
Search this thread
Display Modes
|
|
01-18-2009, 01:37 AM
|
#1
|
Status: Member
Join date: May 2005
Location:
Expertise:
Software:
Posts: 128
|
[Offer]Php/MySQL developer
Hello,
I am a PHP/MySQL freelancer that codes in PHP and uses a MySQL backend for the project. I do code in OOP if it is desired.
My rates my seem rather cheap and could mean my work is bad, but I promise you it is not.
For project's that take more than 2 hours to code I charge $20 a hour, all others I charge per project, from anywhere from $5 to $15 depending on the length of time it takes to code. I will also provide support for the product for 1 year for technical issues and bug fixes as needed. If new features are needed later on contact me and I may add on features for free depending on the feature.
I set aside 5-8 hours a day to code so your project will get ample attention and I will send you daily emails updating you on the project and how much time I spent on your project that day.
If you have any questions please ask me.
|
|
01-18-2009, 01:53 AM
|
#2
|
Status: Member
Join date: Apr 2006
Location:
Expertise:
Software:
Posts: 249
|
May we see some examples of your work and perhaps one of your Object Oriented source files to show your coding techniques?
Thanks,
- Phaaze
|
|
01-18-2009, 02:12 AM
|
#3
|
Status: Member
Join date: May 2005
Location:
Expertise:
Software:
Posts: 128
|
I dont have anything online at the moment, but I'll post one of the files of a script I'm working on now.
PHP Code:
<?
#############################################################
# Next Generation Bulletin Board
# Version Series: 0.x
# Author: Jeremy Howard
# Project Start Date: January 1, 2009
# Copywrite: (c) 2009 NGBB Media
#############################################################
# This program is free software; you can redistribute it
# and/or modify it under the terms of the GNU General
# Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your
# option) any later version.
#############################################################
# GLOBAL.PHP
# File Version: 0.1
# Created: 01-11-09
# Last Update: 01-16-09
# By: Jeremy
#############################################################
class NextGenBB {
public $version = "v0.2"; // NextGenBB's version string
public $server = array();
public $get = array();
public $post = array();
public $cookie = array();
public $files = array();
public $sets = array();
public $db;
public $starttime;
public $lang;
public $user;
/**
* Sets up publiciables
*
* @author: Jeremy
* Since: 0.1
**/
function NextGenBB() {
$this->server = $_SERVER;
$this->get = $_GET;
$this->post = $_POST;
$this->cookie = $_COOKIE;
$this->files = $_FILES;
}
/**
* Starts the timer for the forum system
*
* @author: Jeremy
* Since: 0.1
**/
function startTimer() {
$mtime = microtime ();
$mtime = explode (' ', $mtime);
$mtime = $mtime[1] + $mtime[0];
$this->starttime = $mtime;
}
/**
* Ends the timer for the forum system
*
* @author: Jeremy
* Since: 0.1
**/
function endTimer() {
$mtime = microtime ();
$mtime = explode (' ', $mtime);
$mtime = $mtime[1] + $mtime[0];
$endtime = $mtime;
$totaltime = round (($endtime - $this->starttime), 4);
return $totaltime;
}
/**
* Generates a random password
*
* @author: Jeremy
* Since: 0.1
**/
function generatePassword($length=9, $strength=8) {
$vowels = 'aeuy';
$consonants = 'bdghjmnpqrstvz';
if ($strength & 1) {
$consonants .= 'BDGHJLMNPQRSTVWXZ';
}
if ($strength & 2) {
$vowels .= "AEUY";
}
if ($strength & 4) {
$consonants .= '23456789';
}
if ($strength & 8) {
$consonants .= '@#$%';
}
$password = '';
$alt = time() % 2;
for ($i = 0; $i < $length; $i++) {
if ($alt == 1) {
$password .= $consonants[(rand() % strlen($consonants))];
$alt = 0;
} else {
$password .= $vowels[(rand() % strlen($vowels))];
$alt = 1;
}
}
return $password;
}
/**
* Now we create the settings for the forum
*
* @author: Jeremy
* Since: 0.0.1
**/
function settings($field) {
global $db;
$settings = $db->query("SELECT * FROM {$NGBB_PRE}settings");
$set = $db->fetch_array ($settings);
return($set[$field]);
}
/**
* Now we create the user settings for the forum
*
* @author: Jeremy
* Since: 0.1
**/
function usersettings($userfield) {
global $db;
$usersettings = $db->query("SELECT * FROM {$NGBB_PRE}members WHERE memberid = '".$_COOKIE['memid']."'");
$userset = $db->fetch_array ($usersettings);
return($userset[$userfield]);
}
/**
* Now we setup the language for the forum
*
* @author: Jeremy
* Since: 0.0.1
**/
function get_lang($lang, $page = null, $path = './', $main = true)
{
if (isset($this->get['lang'])) {
$lang = $this->get['lang'];
}
if (strstr($lang, '/') || !file_exists($path . 'language/' . $lang . '.php')) {
$lang = 'english';
}
include $path . 'language/' . $lang . '.php';
$obj = new $lang();
if ($page) {
$obj->$page();
}
if ($main) {
$obj->main();
}
return $obj;
}
/**
* This is a redirect for our error and message fields
*
* @author: Jeremy
* Since: 0.0.1
**/
function redirect($url, $sec=5)
{
$msec = $sec*1000;
?>
<script type="text/javascript" language="JavaScript">
function redirect() {
window.location.replace("<?php echo $url; ?>");
}
setTimeout("redirect();", <?php echo $msec; ?>);
</script>
<?php
}
/**
* This would be our message form.
*
* @author: Jeremy
* Since: 0.0.1
**/
function message($text1, $text2='', $redirect='', $sec=5, $tag1='strong', $tag2='') {
global $template;
$footer=FALSE;
include ("templates/$template/message.php");
if($redirect!='') {
$this->redirect($redirect, $sec);
} else {
exit;
}
}
/**
* This is our error form.
*
* @author: Jeremy
* Since: 0.0.1
**/
function error($text1, $text2='', $redirect='', $sec=5, $tag1='strong', $tag2='') {
global $template;
$footer=FALSE;
include ("templates/$template/error.php");
if($redirect!='') {
$this->redirect($redirect, $sec);
} else {
exit;
}
}
}
?>
|
|
01-18-2009, 04:22 AM
|
#4
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
You are aware that your code is SQL injection vulnerable, right? And judging by the look of usersettings, all one would need to hack an admin account is its ID. Why is there no authentication? There is also no organization to your class, these are all just utility functions, there is absolutely no purpose for the container class as you have it written (this shows a lack of knowledge regarding the usage of objects).
I know this is going to sound rude, but don't tell us that you know what you are doing when you cant even secure a query or build a basic user auth system.
|
|
01-18-2009, 04:58 AM
|
#5
|
Status: Member
Join date: May 2005
Location:
Expertise:
Software:
Posts: 128
|
Well it's still a work in progress, it's by no means complete yet. and what authentication are you talking about?
|
|
01-18-2009, 05:05 AM
|
#6
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
Authentication as in having the script stop me from becoming your account if I change my cookie to your ID.
|
|
01-18-2009, 05:09 AM
|
#7
|
Status: Member
Join date: May 2005
Location:
Expertise:
Software:
Posts: 128
|
oooo i gotcha, well its not there because like I said, i'm still coding it.
|
|
01-18-2009, 05:10 AM
|
#8
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
So basically you are saying that you knowingly posted a script full of holes without mentioning one in advance. Right.
|
|
01-18-2009, 05:16 AM
|
#9
|
Status: Member
Join date: May 2005
Location:
Expertise:
Software:
Posts: 128
|
is that what I said? no it is not. I overlooked it i'll admit but the script still isn't done so Im not to worried about security holes right now.
|
|
01-18-2009, 09:41 PM
|
#10
|
Status: Member
Join date: May 2005
Location:
Expertise:
Software:
Posts: 128
|
I must thank you Village Idiot, I was a bit peeved last night but you helped me realize there is no reason for letting security holes slip by, and I fixed the issue
Here is the new code:
PHP Code:
function usersettings($userfield) {
global $db;
$escape = $db->escape_string($_COOKIE['securestring']);
$usersettings = $db->query("SELECT * FROM {$NGBB_PRE}members WHERE securestring = '".$escape."'");
$userset = $db->fetch_array ($usersettings);
return($userset[$userfield]);
}
Now, I know you might say all you need to know is the securestring, but it's not that simple, it's generated randomly and not guessable, and it's a new string every time you login. All user queries will require the securestring in the cookie to match the one in the db. This will eliminate people from just having to know a userid and editing their cookie.
|
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
|