CHAMAVELI Posted August 28, 2008 Share Posted August 28, 2008 Is it possible to secure all pages by inserting the codes into globals.php or header.php. If it is could someone please give me the codes to secure the Mccodes V2 game. Im new to PHP and this is a project to help me learn so I need you to explain it as though I was an idiot. Thanks. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 28, 2008 Share Posted August 28, 2008 Re: Secure all pages using globals or header * Topic Moved * What type of "codes" are you talking about. Please explain in a bit more detail. Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 28, 2008 Share Posted August 28, 2008 Re: Secure all pages using globals or header There isn't something you can just put in the header to secure your game. It's the proverbial "too good to be true" deal. Quote Link to comment Share on other sites More sharing options...
CHAMAVELI Posted August 28, 2008 Author Share Posted August 28, 2008 Re: Secure all pages using globals or header What it was saying is that the Mccodes game is un secure so we have to secure it from hackers so they cant abuse the crystal market or what ever. I was asking if there is a code that I can insert into the header that will secure all the pages instead of me modifying every page that needs to be secure. Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 28, 2008 Share Posted August 28, 2008 Re: Secure all pages using globals or header I think my previous statement applies to your second statement. If you want to secure a crystal market, go into the crystal market file and find/fix any security holes that exist there. I could see something like if (isset($GET['ID']) {$GET['ID'] = abs((int)$GET['ID']); } BUT BUT BUT you have to add one in for POST too BUT BUT BUT what if another file uses Id? then you have to add those in as well, or id, or iD you'd have to do post get for both of those, and if you use any of my code, I use REQUEST, so you mise well do GET, POST and REQUEST for all of those BUT BUT BUT what if somewhere you use ID to pass something that has letters in it? then your code is broke because you applied an overreaching "fix" that wasn't really a fix. It's bad technique, it doesn't work 100%, you will fell safe, but there will be unique security holes on each page. If you just patch over ID, you'll be missing a lot.... You really should --- not be lazy --- and do the hard work of digging into any file you think might have security holes. In closing, I'll leave you with a simple statement that sums up what will happen with your approach: FALSE SENSE OF SECURITY Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 28, 2008 Share Posted August 28, 2008 Re: Secure all pages using globals or header FALSE SENSE OF SECURITY Hence the reason professional developers avoid the use of REQUEST as it "implies" certain constructs to be in place. Outside of that, I agree with F. here -- There is *no* simple solution - You have to do the work yourself. Quote Link to comment Share on other sites More sharing options...
CHAMAVELI Posted August 29, 2008 Author Share Posted August 29, 2008 Re: Secure all pages using globals or header Ok thanks for the replies. Would you guys by any change know the in-secure files in Mccodes V2? Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 29, 2008 Share Posted August 29, 2008 Re: Secure all pages using globals or header No, but judging from version 1, and also going on user input as being a major source of vulnerabilities, we could make a list like: login registration any shop or market file forums preferences Those would probably be the ones I'd have a high priority on hitting. Most of them would have POST, GET, or REQUEST vars that are different from any file, and would need to be looked at closely. Good luck ;) Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted August 29, 2008 Share Posted August 29, 2008 Re: Secure all pages using globals or header wait login and register are exploitable or are you thinking of authenticate? Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted August 29, 2008 Share Posted August 29, 2008 Re: Secure all pages using globals or header Login is not exploitable, It's mainly made of html. It could be authenticate.php that you might want to secure the input's. Register could also be exploitable. Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 29, 2008 Share Posted August 29, 2008 Re: Secure all pages using globals or header That works for me. I'm not a big mccodes guy. I forget that mccodes uses authenticate along with login to handle logins instead of just one file. Well, there you go ;) Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted August 29, 2008 Share Posted August 29, 2008 Re: Secure all pages using globals or header did you release your engine floydian? Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 30, 2008 Share Posted August 30, 2008 Re: Secure all pages using globals or header The release will be in a week or two. It's 95% complete. It's mainly cosmetic appointments that need to be finished. Quote Link to comment Share on other sites More sharing options...
CHAMAVELI Posted August 30, 2008 Author Share Posted August 30, 2008 Re: Secure all pages using globals or header The release will be in a week or two. It's 95% complete. It's mainly cosmetic appointments that need to be finished. Is your engine going to be free or will it cost? Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 30, 2008 Share Posted August 30, 2008 Re: Secure all pages using globals or header It will cost. $300 Think of it as mccodes version 1 million. It's that much better... (it's not based on mccodes at all, it's completely 100% original) Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted August 30, 2008 Share Posted August 30, 2008 Re: Secure all pages using globals or header Any previews? Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 30, 2008 Share Posted August 30, 2008 Re: Secure all pages using globals or header My banner links to the site ;) Look for the Horizons Game Engine button. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted August 30, 2008 Share Posted August 30, 2008 Re: Secure all pages using globals or header Nice, but can everyone use id 1's account? Quote Link to comment Share on other sites More sharing options...
Floydian Posted August 30, 2008 Share Posted August 30, 2008 Re: Secure all pages using globals or header Yes and no. For the sample site, I have an "express login" that allows anyone to login to the default account. That allows folks that don't care to go through the registration process to check it out. There's quite a few things in the admin panel that are "dissallowed" on the sample site as well, not the least of which is the ability to hook new staff modules into the game. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.