PHP - Securing $_post

Hello,

I'm writing an application that will have to interact with my webserver and it will be using php to input data into the database and retrieve from as well. However, I'm not sure what is the best approach on securing my database from people sniffing while using my application. The only thing that I can do that is coming to mind is try to use a unique key as a password and have one of my GET vars be that password, but that is easily sniff-able.

What can I do to secure my database and prevent people from filling up my databases if they sniff out my password key? Is there any kind of encryption I can use that will defeat this?

Hey everyone,

I am new to PHP and I want to learn how to secure a PHP session properly.

I wrote a few lines, but I don't know if it's secure enough.

Code: [Select]
<?php
session_start();

if (isset($_SESSION['exists'])) {
    if ($agent != $_SERVER['HTTP_USER_AGENT']) {
        session_unset();
        session_destroy();
        session_regenerate_id(True);
}
}
else {
    $_SESSION['exists']=1;
    $agent=$_SERVER['HTTP_USER_AGENT'];
    session_regenerate_id();
}
?>

Can anybody help me correct or improve my code?

Thanks in advance.

Hi,

I want to secure my AJAX routines which use the POST method. I want to prevent people from posting to my method with their own program/script.

I have read about making a random seed that the server knows to expect from authorized AJAX sources.

What is the basic code for doing this?

Hi my website offers the users to buy the videos. But the hackers are stealing my video links through view source. So there any option to hide my video links in view source and firebug etc..My videos are comign from amazon. and we are using JW  Players to play the videos
    The methods i have tried..
    1)Encode and decode the urls still the embed tag displays the complete path in firebug.
    2)Amazon provide signed url(temporary url)-Still have some problem in this..
    3)call the video through ajax call. Still the complete HTML code will be displayed in the firebug.
   
    please check here i have attached the firebug sample how it displays the code. Here we can find the complete video path in file: attribute in embed tag
   
    Is there any to hide the urls

I tried searching but came up empty handed, hoping you guys can give me some assistance.

I have a login script that I would like to lock down a little from flooding. What is the easiest way to do this? Something that will restrict the IP if the script encounters x amount of failed attempts in x amount of minutes.

Thanks!

Hello, I wish to secure the PayPal form button. As my button is used on a subscription website, I don't want people changing the parameters and code needs to be hidden from peering eyes with firebug for instance.


I have heard that you can pass the data to PayPal be given a CMD URL in return and you simply forward the user to such URL.


Anyone know of this? - or another method?


The button manager is not acceptable as the values will change in the hidden fields.


George.

I am building an e-commerce site and have a security question.

My Payment Gateway has given me "Log-In ID" and "Transaction Key" that I use to log in to their server to submit payments.

What is a *reasonable* way to protect this information?

I have a VPS with root access, although I'm relying on using sFTP and the Plesk Control Panel since I don't know SSH yet.

Can I just store my "Log-In ID" and "Transaction Key" in a php file outside of my Web Root and include it?

Would that be secure enough for now?

Thanks,



Debbie

I've just gotten back into re learning web development, I have created a contact form however my server is forcing me to use SMTP which will require me to have a config include with my details inside. How do I ensure nobody can open the files in the browser? I have heard of putting the files outside of the webroot or using htaccess files however the passive aggressive answers I got from stack over flow didn't tell me HOW to implement them.

The files are
Form.HTML
Bin/config.php
Bin/mail.php

Any help is appreciated.

If I store a value in a hidden form control, and then use that as a means to pass the value to another PHP script, could that cause any security issues?

 

 

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=346762.0

This topic has been moved to Ajax Help.

http://www.phpfreaks.com/forums/index.php?topic=358932.0

Hi guys,

I have a form using radio buttons.
For the radio button, lets just say i have the id name as 'rim' + number eg; rim0, rim1, rim2....

When i post the data to another file to execute the data collected, naturally i would use the:
Code: [Select]
$rim0=$_POST['rim0'];
$rim1=$_POST['rim1'];
....
$rim10=$_POST['rim10'];
i tried to shorten this process using this method:
Code: [Select]
//$q is part of the post variable.
for($x = 0; $x < count($q); $x++){

$rim[]=$_POST['"rim"."$x"'];
}
But i get this error
Code: [Select]
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Notice: Undefined index: "rim"."$x" in D:\Apache Software Foundation\Apache2.2\htdocs\.....\#####.php on line 20
Is there something wrong with my POST syntax?

Hi guys, running through this tutorial at the moment:

http://www.tizag.com/phpT/forms.php

I seem to keep having problems with the $_POST variable. Is that obsolete syntax now?

Here's the part I get an error on:

<html>
<body>
<?php
$quantity=$_POST['quantity'];
$item=$_POST['item'];

echo "You ordered".$quantity."".$item.".<br/>.";
echo "Thank you for ordering from Boombaby art supppplies!";

?>
</body>
</html>


Here's the error:


( ! ) Notice: Undefined index: quantity in C:\wamp\www\process.php on line 4
Call Stack
#   Time   Memory   Function   Location
1   0.0009   363936   {main}( )   ..\process.php:0

( ! ) Notice: Undefined index: item in C:\wamp\www\process.php on line 5
Call Stack
#   Time   Memory   Function   Location
1   0.0009   363936   {main}( )   ..\process.php:0
You ordered.
.Thank you for ordering from Boombaby art supppplies!



Any help would be appreciated. I tried googling but everything didn't seem to answer my question or was too confusing.

Thanks.

Hello,

My script here is not sending POST vars from form to script. I can't figure it out.

Form:
Code: [Select]
<form action="train2.php" method="POST">
 <tr>
<td colspan="4"><center><img src="pic/toppage16.gif" /></center></td>
       </tr>

<TR> <TD><FONT COLOR="white">Reassign Miners</FONT></TD>

<TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD>

<TD align=middle><FONT COLOR="white"><INPUT size="6" maxlength="8" value="0" name="miner>"</FONT></TD>

</TR>

<TR>

<TD><FONT COLOR="white">Reassign Normal Attackers</FONT></TD>

<TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD>

<TD align=middle><FONT COLOR="white"><INPUT size="6" maxlength="8" value="0" name="atsold"></FONT></TD>

</TR>

 <TR>
 
<TD><FONT COLOR="white">Reassign Normal Defenders</FONT></TD>


<TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD>

<TD align=middle><FONT COLOR="white"><INPUT size=6 maxlength=8 value=0 name="defsold"></FONT></TD>

</TR>

<TR>

 <TD><FONT COLOR="white">Reassign Covert Agents</FONT></TD>

<TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD>

<TD align=middle><FONT COLOR="white"><INPUT size=6 maxlength=8 value=0 name="spy"></FONT></TD>

</TR>

<TR> <TD><FONT COLOR="white">Anti Covert Agents</FONT></TD>

<TD align=right><FONT COLOR="white">0 Naquadah</FONT></TD><TD align=middle><FONT COLOR="white"><INPUT size="6" maxlength=8 value=0 name="spykiller"></FONT></TD></TR>

<TR> <TD align=middle colSpan=3><FONT COLOR="white"><INPUT type="submit" value="UnTrain!" name="untrain">
</FONT>

</TD>

</form>

Code: [Select]
<?php
if(isset($_POST['untrain'])){

die($_POST['miner']);
$miners = securevar($_POST['miner']);
$nattackers = securevar($_POST['atsold']);
$ndefenders = securevar($_POST['defsold']);
$covertunits = securevar($_POST['spy']);
$anticovertunits = securevar($_POST['spykiller']);

$totalunits+=$miners;
$totalunits+=$nattackers;
$totalunits+=$ndefenders;
$totalunits+=$covertunits;
$totalunits+=$anticovertunits;

if($totalunits>=1){
$q = "UPDATE `accountinfo_db` SET `miners_1` = `miners_1`-'$miner', `attackers_1` = `attackers_1`-'$natta', `defenders_1` = `defenders_1`-'$ndefe', `covertagents` = `covertagents`-'$cover', `anticovertagents` = `anticovertagents`+'$antic', `untrainedunits` = `untrainedunits`+'$totalunits' WHERE `id` = '$id'"; 
$res = mysql_query($q) or die(mysql_error());

if(isset($res)){
header("Location: train.php?strmsg=".$totalunits."Troops Untrained! For 0 Naquadah.");
}

}else{
header("Location: train.php?strmsg=You must enter atleast 1 troop to be un-trained!");
}

}


?>

when I die($_GET['miner'); nothing is outputed even tho I submited the data.

Thank you,
Brian

I use a form to sent date and  use php to display it . However , the code only can working on one page. I can not turn the page. I do not why . Please tell me reason . Thank you very much.

<select name="kind">
  <option >kind</option>
 <option value="Copier Toner">Copier Toner</option>
        <option value="Laser Toner">Laser Toner</option>
      <option value="MICR Toner">MICR Toner</option>
      <option value="Inkjet">Inkjet</option>
    
php code

if (isset($_GET["page"])) { $page  = $_GET["page"]; } else { $page=1; };
$start_from = ($page-1) * 18;



$select="select * from $chun where  brand = '$_POST[brand]' or  sort ='$_POST[kind]' or type='$_POST[type]'  LIMIT $start_from, 18";

$result2=mysql_query($select, $connection) or die (mysql_error());

 <?php
   $sql = "select count(*) from $chun  where   brand = '$_POST[brand]' or sort='$_POST[kind]' or type='$_POST[type]' ";

   
$rs_result = mysql_query($sql,$connection);
$row = mysql_fetch_row($rs_result);
$total_records = $row[0];
$total_pages = ceil($total_records / 18);
 
for ($i=1; $i<=$total_pages; $i++) {



?>


      <div class="trunpage"><a href='table2.php?page=<?php echo  "$i" ; ?>&id=<?php echo "$_POST[brand]";?>&cd=<?php echo "$_POST[kind]";?>&td=<?php echo "$_POST[type]";?>'  ><?php echo  "$i" ; ?></a>
      
       </div>
   
The first page is working fine. The second page I get error message.

Undefined index: brand in C:\wamp\www\php1000\table2.php on line 234