XAMPP comes with sendmail, version 1.7.1 use fake sendmail, and version 1.7.2 use msmtp. In order to send email from PHP-based programs, you can enable sendmail using the following methods:
A. for version 1.7.1 - fake sendmail
1. edit c:\xampp\sendmail\sendmail.ini, modify the settings for your ISP
Essential Section - the following shows the minimal settings to get it working
1a. Configure the domain, SMTP server and authentication settings:
edit /etc/postfix/mail.cf and append the following at the end:
1. 成交活躍
2. 年期最好不要長過一年
3. 溢價不要太高(20%可接受)
4. 引申波幅低(50-60%)
5. 槓杆比率方面,對於較進取投資者,可選槓杆比率較大的,但風險相對較高
6. 於飄忽市,最好選價內或等價;若對後市有信心,可選輕微價外;若對大市非常有信心,可選較大的價外輪
維護本站運作,提供具參考價值內容,請踴躍捐助,作為贊助本站經費的一點心意!
- comments can divulge important information like database name, user logins, and passwords.
- debug messages can reveal trace of internal application details
- disable error reporting in a production site to avoid working details being revealed
2. don't use overly helpful error message
- error messages like "invalid username" and "invalid password" reveals a legitimate username.
3. never use default user id and/or password
- default user id (eg. 'root', 'admin' or 'sa') and default password should never be used as is.
4. don't put up a file unless you're ready to make it public
- even if no link is shown on the web pages, user may still get to it by guessing the filename.
5. never trust input originates from a client
- re-validate all input values on the server, don't rely on client-side restrictions.
- use white-lists and/or black-lists to validate input if possible
- filter out special characters, code, commands, and scripts from any input to avoid SQL- and Command-Injection, NULL-String Attacks or Cross-Site Scripting
- don't forget to check for all different representations of the same characters
- truncate all input at reaonable length to prevent buffer overflows
6. be careful with the use of hidden fields and URL parameters
- because value may be altered by malicious users to conduct State-Based Attacks
- use cryptic names whenever necessary to add some degree of protection
7. don't store important information in cookies
- because value contained and expiry timestamp may be altered by malicious users
- encrypt the data and set the secure flag and/or domains to increase security
8. implement good session management to prevent Session-Hijacking or Session-Fixation
- generate new session upon each visit, and protect the session id
- timeout session after a specified period, disallow expired sessions to be reactivated
- track if a session is used by more than one user, invalidate it if necessary
9. adhere to the 'least privilege' security principal
- only give users the minimum rights they need
- run your web server and connect to database using an account with appropriate rights, avoid the use of 'root' or 'admin'
10. use strong authentication
- enforce policy to use long password and user id with mixture of numbers, upper- and lowercase letters and punctuation
- use http-basic, http-digest, nonce, CAPTCHA or SSL to secure authentication if necessary
11. make sure your web server is well protected
- hide your web server identity
- use firewall, intrusion detection system (IDS) or bandwidth management to protect against Denial of Service
- avoid launching OS commands from the web server, and confine the 'root' directory of your web server to the document root
12. protect user privacy
- be aware of the use of User Agents, Referrer, Cookies, Web Bugs, Clipboard
- disable caching for pages that may contain sensitive information
- only use benign ActiveX controls or Browser Help Objects
13. protect your web services
- beware of WSDL scanning, debugging information or functions may be exposed
- verify the received XML content, paramters maybe tampered
- check for Recursive Payload attack, Oversize Payload attack, and External Entity attack
Other techniques/precautions:
- check whether actual byte count of data submitted match the 'content-length' of HTTP header
- use HTTP_REFERRER to check where the web request come from
- only use algorithms that are well known and secure when data encryption is necessary
- set PHP option "open_basedir" to restrict file access to certain folders
- set PHP option "allow_url_fopen" to "off" to disable data retrieval from remote location to prevent code injection
- explicitly declare and initialize global variables before use, and only use variables that you have defined
- use PHP addslashes(string) function to escape all the special characters
- use PHP htmlspecialchars() or htmlentities() with ENT_QUOTES option to convert all special charaters to HTML entities
PHPMailer is a great email component for PHP, however, it lacks the support of connecting to SMTP servers that requires SSL (such as GMail). Therefore, I've modified this version to add a "IsSSL()" method to the class to handle this.
Download HERE 
擁有自己的網站,是一件很興奮有趣的事!然而,背後所付出的時間心力亦不少!此外,你可能還須繳付一些開支,去維持網站日常的運作,比如:登記網域(domain name)、網頁儲存(web hosting)、甚至購置硬件的費用...等等。
既然如此,我們何不借助自己辛苦建成的網站,賺回些少金錢上的回報?
擁有自己的網站,是一件很興奮有趣的事!然而,背後所付出的時間心力亦不少!此外,你可能還須繳付一些開支,去維持網站日常的運作,比如:登記網域(domain name)、網頁儲存(web hosting)、甚至購置硬件的費用...等等。
既然如此,我們何不借助自己辛苦建成的網站,賺回些少金錢上的回報?
維護本站運作,提供具參考價值內容,請多按廣告或踴躍捐助,作為贊助本站經費的一點心意!
|
httpd.conf
1. DocumentRoot "c:/web"
2. <Directory "c:/web"> php.ini
1. display_errors = On
2. short_open_tag = On
3. register_long_arrays = On
4. extension_dir = "c:/program files/php/ext" 或 extension_dir = "c:/php/extensions"
5. extensions=php_mysql.dll
|
維護本站運作,提供具參考價值內容,請踴躍捐助,作為贊助本站經費的一點心意!
錄製個人CD或VCD!專業錄音設備,電腦混音,即場協助提供專業剪接及執歌!
Profession Hard Disk Data Recovery,專業硬碟數據恢復服務!硬碟是電腦內其中一個活動最頻繁的機械組件,每分鐘也以數千轉的頻率高速轉動,因此出現故障的機會也最大。隨著各式各樣的資訊也數碼化,很多有價值的東西也以數碼方式儲存,變成所謂的 "Digital Property" (數碼財產);加上,硬碟的容量愈來愈大,動輒數百GB的資料,一旦發生意外,無論是個人或是公司,損失均可以非常慘重!
Build professional web site,個人或公司均可!專業製作,採用 CMS 形式架設網站框架,包無限內容,及後勤管理員介面,可讓你隨時自行管理及更新網站!不會像傳統 html 網站般,受到幾多頁內容所限制;亦免郤逐頁計錢之負擔!
網站用途廣泛,包括會員註冊、 PHP 支援、 MySQL 資料庫、討論區 Discussion Forum、相薄 Photo Gallery 、目錄、表格、投票 Polls、統計、影音多媒體 Multimedia 等等!不論公司網站,或個人 blog 均適合!