|
PHP - Stop People From Hacking With Unset
Code: [Select]
if ($indovina!=$indovinata) { if ($tentativi>=6) { echo ("\n<p>Sorry, you hanged yourself. The word you had to guess was: ".$indovina."</p>\n"); } else { $scelt = preg_split('//', $scelte, -1, PREG_SPLIT_NO_EMPTY); echo ("\n<p>\n"); foreach ($alfabeto as $lettalf) { $contrl = false; foreach ($scelt as $lett) { if (!strcasecmp ($lettalf, $lett)) { $contrl = true; } } if ($contrl) { print (' <img src="images/lr_'.$lettalf.'.gif" style="border:0;width:20px;height:20px" alt="'.$lettalf.'" />'); } else { print (' <a href="'.$_SERVER['PHP_SELF'].'?letter='.$lettalf.'"><img src="images/lb_'.$lettalf.'.gif" style="border:0;width:20px;height:20px" alt="'.$lettalf.'" /></a>'); } if ($lettalf=='m') echo ("\n <br />"); echo ("\n"); } echo ("</p>\n"); } } else if ($indovinata){ echo ("\n<p>Congratulations! You guessed the word.</p>\n"); $DB->query("UPDATE ibf_members set gold=gold+5 WHERE id = {$ibforums->member['id']}"); } Look at the bottom, ok so if the person wins the hangman game, it will show "Congrats" but then people will just beable to refresh the page, and that query will run again and again and that person will gain +5 gold each time....we need to fix this!! any help? Similar Tutorialsand doing sql injections i have enabled mysql logging and i can find where they did the query, but it only shows the query, it doesn't show what location or what url or how they did it so how can i fix it? thanks also lighttpd logs doesn't show... this sucks I have 3 php's home.php createStep1.php createCheckPass.php createStep2.php home.php unsets some $_SESSION variables if they still exist from previous pages: Code: [Select] if(!empty($_SESSION['ame'])) { unset($_SESSION['ame']); } if(!empty($_SESSION['ject'])) { unset($_SESSION['ject']); } if(!empty($_SESSION['ports'])) { unset($_SESSION['ports']); } if(!empty($_SESSION['session_age_range'])) { unset($_SESSION['range']); } createCheckPass.php gets some posted information from createStep1.php, checks everything is ok and if so sets the above session variables createStep2.php gets the session data set by createCheckPass.php and then gets to work with the user inputting data into the db. The odd problem If createCheckPass.php finds any problems with the posted data it redirects the user back to createStep1.php with the sessions set, createStep1.php then displays the errors with the info set in the sessions to the user and everything works ok. If however the user sends the form from createStep1.php with no problems and the createCheckPass.php passes the user onto createStep2.php, something strange happens... The sessions set by the createCheckPass.php are only ever unset at the home.php, yet somehow createStep2.php loses the sessions and therefore doesn't run. What is even stranger is if i comment out the unsetting of the sessions from the home.php, everything works fine and none of the sessions are lost. Really really odd Summary: createStep2.php is reading the unset session lines of code from home.php when never asked to. Has anyone ever come across anything like this before? Hi all, I have a security problem with my website who is a social network (like facebook). Let's me Explain : You can execute this page on my website. www.SocialNetWork.com/ChangeStatus.php?param=Hello So your status become "Hello". On your profile, you can create a link to a picture on the web, for example : <img src='http://www.hacking.com/pic.jpg'> The problem is that a "hacker" create several russian girl profile and made links to pic.jpg on his server, and this .jpg file rewrite URL to : www.SocialNetWork.com/ChangeStatus.php?param=Suck. So when you visite his profil, the php code is launched, and the status OF THE VISITOR is changed ! I have no idea of how to stop this ? If i check the variable : $_SERVER['HTTP_REFERER'] The value is empty or www.SocialNetWork.com, but never www.hacking.com ... How can i stop the fact that a foreign picture could launch a php page on my website ? thanks for help ! ps: sorry for my english Hi, when i submit the form using the following text... -1 OR 1=1) AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1)),0)>25),1,2)) that was sent by the hacker in my website i am trying to escape the above and filter it ... am using the mysql_Real_escape_string and trim function.. but nothing escaped... can u give me a suggestion , pls help me This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=321745.0 For obvious reasons, I wouldn't want any links to these sites or resources in this thread. I'd like some advice on where to find *modern* hacking techniques used against php and mysql. I'd prefer some info on PM so that not everybody is exposed to such sites - even suggested queries for google because I'm having a hard time finding reliable information. Also, does anybody have any advice on security books for say network (apache), php, mysql? I doubt I'll get a pm so if I do, I'll donate $20 to charity today! lol I have a link that sets a get variable that then performs a search based on that get variable. How after I the page has reloaded with the new search results how can I removed the $GET from the end of the url? Thanks for any help. Hi All I was wondering how important it is to unset() all your variables once used? Most of my code is object oriented so the functions discard any variables created within them. But do I have to unset() all the objects that I instantiate? Also how much will it improve on speed if I do so? Regards, Magnetica Afternoon, I've hit a brick wall, and I'd like someone to point out where I'm going wrong here as I can't for the life of me think of whats amiss. As it is, I'm trying to set a message to the user in session form, so the function is called passing the error ID. As you can see below, it finds it and assigns it to the private variable within the class. Code: [Select] <?php public function set($name){ // Check if the message is available... if(array_key_exists($name, $this->errors)){ // Set it. $_SESSION['cM'] = $this->errors[$name][0]; } else { $_SESSION['cM'] = 'TEST'; } } ?> To then return the message, the function is simply called using the below function which should return the error? Now, when I don't unset the session in anyway shape or form the message is displayed but when I do unset it, no message appears. I was under the impression that as I had already assigned the contents of the session to the $message variable that the session itself was then useless and as such I could then unset it for later use. But apparently not? Code: [Select] <?php public function get(){ // Is something set? if(isset($_SESSION['cM'])){ // Yes, into a variable! $message = $_SESSION['cM']; // Unset the session for later use. //unset($GLOBALS['cM']); - Doesnt make any difference. //$_SESSION['cM'] = false; - Doesnt make any difference. //unset($_SESSION['cM']); - Doesnt make any difference. // Return the message. $f = "<p style=\"color:green\">"; $f.= $message; $f.= "</p>"; return $f; } // No, Return false then to stop an error appearing. return false; } ?> As you can see I have tried unsetting the global variable, just session itself and clearing the session but to no avail. Any ideas? I have one entity: $_SESSION['order']['content']['lol'] I then unset this entity: unset($_SESSION['order']['content']['lol']); I then try to unset the following as it is now empty (because I removed "lol"), buts its not working: if (empty($_SESSION['order']['content'])) { unset($_SESSION['order']['content']); } Does anyone know why and how I can go about getting it to unset? hi i have an array that returns the longitude, latitude and timestamp of multiple users. then i use a for each loop to echo the details to add markers to google maps. the problem is that if one of the users has no gps position i dont want to include it it my foreach loop. Code: [Select] foreach($positions as $name => $status) { echo 'add(jQuery(this), number += 1, "' . $name . '", "map_post.php?n=' . $name . '&u=' . $status['user_id']. '", "' . date("d-m-Y @ h:i:s",$status['timestamp']) . '", "' . $status['latitude'] . '", "' . $status['longitude'] . '", "' . $status['user_id']. '");'; } how can i get the foreach to ignore the users with no data? Hello, Am writing a script with lots of variables and its called by require() into the main file. But I probably have an interference in variable values because I get incorrect results. I have to unset all variables first before I enter the new script but there are lots of them. Is there a way I can unset all variables with a simple line of code or function? Thanks in advance Code: [Select] $age = 18; //$age =___; //not working say error. unset($age); //working whats wrong? thanks Hello everyone!
I'm a web design student who's trying to learn some PHP, JavaScript and stuff! You'll probably find me asking more questions than helping people, apologies in advance!
Hi - I have a POST variable which contains a bunch of products with their codes and prices etc. However if the customer wants to delete one of those products it has to be removed from the POST before being processed. I have read the manual on unset which appears to work well when you know the key relating to the value, but if you take a look at the array ( below ) you can see that it is a multi- dimensional array where the number of potential entries not knowable in advance. My HTML checkbox for delete has a value of prodid. The answer is probably obvious but so far this student of PHP hasn't found it - MANY thanks for your advice ! Code: [Select] Array ( [quantity] => Array ( [0] => 1 [1] => 1 [2] => 1 [3] => 1 ) [prodid] => Array ( [0] => 17 [1] => 28 [2] => 27 [3] => 25 ) [name] => Array ( [0] => Ribs Large pack 20 pieces [1] => 25 Piece Bag [2] => Sirloin Steak [3] => 50 piece bag of Scalops ) [orderid] => Array ( [0] => JAC0398 [1] => JAC2920 [2] => JAC2920 [3] => JAC2920 ) [pricelb] => Array ( [0] => 5.00 [1] => [2] => [3] => ) [submit] => Update and Submit to Picking >> ) I am using an if statement. If the user has a credit value of 1 or more it echos a variable thats a form. When the user submits the form, it takes a credit away, so the credit value is -1. I need the form to dissapear, because the form has a button that will execute a query that I dont want to execute. So, usually unset() fixes this, but its not in my case. Heres the code Code: [Select] $a='<strong></strong>'; if ($hintcredit<1) $a.='<font style="color: #cc0000;">You have already requested a hint! Once you guess the correct number, you will be able to get another hint. </font>'; else $form= "<form action='blablabla' method='post'>blablablabla</form>"; $a.=$form; $a.='<strong></strong>'; echo $a; if ($_POST['request'] == "Retrieve Hint") { unset($form); $form= '<b>One of the digits in your number is '.substr($num, -1).'</b>'; $newquery= "UPDATE userinfo SET hint_credits = '-1' WHERE username = '".$_SESSION['login_name']."'"; echo $form; mysql_query($newquery,$link); } In this case, the form is still being shown. I need the form completely removed after the form has been submitted. This is simple and idk why its not working for me!? on page load pop up comes for selecting tv or movies (session is started in conn.php) if tv is selected session['select'] = 'tv_sotime' same for movies Now i want to change the selection I kept a link 'CHANGE' for selection i will unset session['select'] by passing variable on session.php but when i load /entertainment.php the pop up should not come Thank U... index.php Code: [Select] <? include("conn.php"); //require('_drawrating.php'); $pagename="Entertainment"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title><?=$settings->ScriptName?> | <?=$pagename?></title> <link rel="shortcut icon" href="images/favicon.ico" /> <link rel="shortcut icon" type="images/png" href="images/favicon.png" /> <link rel="shortcut icon" type="images/png" href="images/favicon.gif" /> <link rel="stylesheet" href="style.css" type="text/css" media="all" /> <link rel="stylesheet" href="css/cnelstyle.css" type="text/css" media="all" /> <link media="screen" rel="stylesheet" href="css/colorbox.css" /> <script src="js/jquerylatestmin.js" type="text/javascript"></script> <script src="js/jquery.colorbox-min.js" type="text/javascript"></script> <script type="text/javascript"> $(function() { $(window).bind('load', function(e) { $.colorbox({ 'width' : 300, 'height' : 130, 'transitionIn' : 'none', 'transitionOut' : 'elastic', 'centerOnScroll' : 'true', 'overlayOpacity' : 0.2, 'overlayColor' : '#000', 'modal' : 'true', href:"select.php"}); }); }); </script> </head> <body> <? //require_once("fb.php")?> <div id="wrap"> <? include('header.php'); include("session.php"); ?> <div class="wraper"> <div class="middle"> <div class="ad"><?=stripslashes($adsense->Ads7)?></div> </div> <div class="clr"></div> </div> </div> <div class="footer"> <div class="wraper"> <?php include("footer.php"); ?> </div> </div> </body> </html> tv_sotime.php Code: [Select] <?php include("conn.php"); $pagename="TV SHOWTIME"; $_SESSION['select'] = 'tv_sotime'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> <?=$settings->ScriptName?> | <?=$pagename?> </title> <link rel="shortcut icon" href="images/favicon.ico" /> <link rel="shortcut icon" type="images/png" href="images/favicon.png" /> <link rel="shortcut icon" type="images/png" href="images/favicon.gif" /> <link rel="stylesheet" href="css/cnelstyle.css" type="text/css" media="all" /> <link rel="stylesheet" href="style.css" type="text/css" media="all" /> <link rel="stylesheet" href="jscss/main.css" /> <script type="text/javascript" src="jscss/jquery-1.3.2.min.js"></script> <script type="text/javascript" src="jscss/main.js"></script> </head> <body> <? //include("customjqmodalbox.php"); require_once("fb.php"); ?> <div id="wrap"> <? include('header.php')?> <div class="wraper"> <div class="middle"> <div class="middle_content"><a href="session.php?curr=c">Change</a></div> <div id="page"> <ul class="mytabs" id="tabs"> <li class="title"> <h2><strong>What's on Today?</strong></h2> <? //date('l M d Y')?> </li> <!-- <li class="todaydate"> <h2></h2> </li>--> <li class="current"><a href="tab-1.html">Movies</a></li> <li><a href="tab-2.html">Reality</a></li> <li><a href="tab-3.html">Sports</a></li> </ul> <div class="mytabs-container" id="tabs-container"> Loading... </div> </div> <!-- page --> <div class="ad"> <?=stripslashes($adsense->Ads7)?> </div> <div class="ss"> <h3 id="cat_head">Categories</h3> <ul> <li><a href="#">Drama</a></li> <li><a href="#">TV Programs</a></li> <li><a href="#">Special Programs for special Day</a></li> </ul> <img src="images/cineaxis.png" alt="" /> </div> </div> </div> <div class="clr"></div> </div> </div> <!-- warp --> <!--<div class="fb-like-box" data-href="http://www.facebook.com/CineAxis" data-width="198" data-height="274" data-show-faces="true" data-border-color="#E8E8E8" data-stream="false" data-header="false"> </div>--> <div class="footer"> <div class="wraper"> <?php include("footer.php"); ?> </div> </div> </body> </html> Code: [Select] <? include("conn.php"); //session_start(); if(isset($_GET['curr']) == 'c') { unset($_SESSION['select']); //session_destroy(); header("Location:index.php"); } if(isset($_SESSION['select'])) { if($_SESSION['select'] == 'tv_sotime') { $page = 'tv_sotime.php'; header("Location:$page"); } if($_SESSION['select'] == 'movie_sotime') { $page2 = 'movie_sotime.php'; header("Location:$page2"); } } ?> I have a script that allows a User to create a new password as part of a password re-set flow. In my script, I store the $memberID in the Session so that when I redirect from "create_password.php" to "results.php" I still have the $memberID and can store it in the transaction log in my database. The problem is that even though I have unset() after the redirect, it is somehow erasing the value in $_SESSION['memberID'] before the redirect, and thus I get "0" in the database when "results.php" runs?! // Temp Password expires in 1 hour (3600 seconds). if ((time() - $tempResetOn)>10){ // Temp Password Expired. $_SESSION['resultsCode'] = 'PASSWORD_TEMP_PASSWORD_EXPIRED_2112'; // Set Error Source. $_SESSION['errorPage'] = $_SERVER['SCRIPT_NAME']; // Redirect to Outcome Page. header("Location: " . BASE_URL . "/members/results.php"); unset($_SESSION['memberID']); // End script. exit(); }//End of CHECK FOR EXPIRED TEMP PASSWORD How do I unset the Session variable - in the "create_password.php" script above - AFTER I successfully redirect and store the $memberID in the database? Thanks, Debbie In C, when you dynamically allocate memory, you have to free it, otherwise you face memory leaks:
char *str; str = (char *) malloc(10); free(str);But in most other languages you do not need to worry about this. PHP has a function called unset, which unsets the variable's value. But why would you want to do this, if PHP has a garbage collector that will free variables once they leave scope anyway? I see no point of unset in a scripting language with garbage collection. Is it possible to unset a submit button? <?PHP if(isset($_POST['Submit'])) { $date = $_POST['date']; if ($date = '1966-10-03'){ //Do Something } else { //Possible to unset? unset($date); unset($_POST['Submit']); } } else { ?> <form action="" method="post"> <input type="text" name="date" /> <input type="Submit" name="Submit" value="Submit" /> </form> <?PHP } ?> What I'm wondering is if it's possible to unset after submitting in the event of condition x. Should this not in turn echo out the form as it has been unset? |
|||||||