Secured preferences.php [ OPINION ]

[Redex]

Hello fellow Makewebgames community, Today, i have been advancing my security skills, so since many people get hacked because of insecure preferences i secured it.

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Thanks, i hope to be getting positive comments ;)

[Coly010]

nice one! i've needed the Forum info thing in my prefernces for ages! so thx.

i'm going to edit this for lite users.

[Coly010]

sorry to mention this but it comes up

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/colum/public_html/preferences.php on line 162

 

any ideas what this means?

[Redex]

I'll see to it, and post a fix ;)

[Redex]

Works fine for me ?

[Coly010]

oh! it wont be your line 162! it will be 14 lines less

[Redex]

Copy paste this exact code, it works fine for me and for someone else testing it, you might have edited it. I'm sorry for not being able to help :(

[Coly010]

its ok but its still not working

[Danny696]

Your hasing the password sha512, but the mcc auth+regg is MD5, that'll cause probs.

[Danny696]

Oh and

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

They could link it to a php script.

[bullseye]

This wouldn't stop the display pic hack tho would it If it dont you could use some think like $_POST['newpic']=str_replace('action','', $_POST['newpic']);

[Joshua]

There is also no need to use strip_slashes with MRES =P

Kind of has counter effects

But you're learning and it's not to bad =)

[Equinox]

There is also no need to use strip_slashes with MRES =P

Kind of has counter effects

But you're learning and it's not to bad =)

 

On input, yes. However on output it's perfectly fine. It will strip slashes from the output.....So you're code won't display slashes everytime ' is used

[Danny696]

Its stripslashes not strip_slashes ;)

[Equinox]

Its stripslashes not strip_slashes ;)

 

/me things he is referring to the strip_tags() :P

[Danny696]

Not trying to me 'harsh' here, but this could be alot more secure.

[Equinox]

Not trying to me 'harsh' here, but this could be alot more secure.

You're right, however, I was talking Redex through a few things....

He's learning, give him a chance to grasp the concept of things

[Danny696]

I know, i was juts simply saying to Redex, it could be more secure, Oh and hers something you could try, Where you have the SHA512, try adding settings for it, so people can change it without searching the code for SHA512 :thumbsup:

[Redex]

Thanks for all the replies. As i have mentioned in the past, all feedback is welcome whether it is negative or positive since i'm still in the learning process, and it's through mistakes that you learn ;)

[iR00T]

Hey hey hey ! guys, come on it's good for a first try isn't it. This is your first time securing a pref's right?

[Redex]

Chris, this is my first time securing preferences, but to note it is also only my 2nd attempt at securing anything ;) . Thanks for the positive feedback though, it's highly appreciated.

[Danny696]

$_POST['newpic']=str_replace('action','', $_POST['newpic']); What will that do if i link it to http://www.mystie.com/script.php????

[Zero-Affect]

Redex please change the title of your original post to [mccode v2.x] Secured preferences.php [OPINION] because in my opinion it isn't secure in the slightest, i prefer not to pussy foot around and just come out with it because people may use this believing it's secure when it's not.

[Redex]

Thanks for that. I'm not a person who wants to cause a argument, so I'll do what you said ;)

Done - [OPINION] added.

[Zero-Affect]

appreciate it now maybe some of you guys who posted could give him a hand fixing some issues then he can remove [OPINION]?