BludClart Posted January 9, 2010 Posted January 9, 2010 Want to stop people putting things in the url? SIMPLE! i have worked out a way that takes a LONG time to install but very worth it ;) First ALTER TABLE user ADD PID INT(11) NOT NULL DEFAULT '0'; Second you need to add this into header.php .... $randpid=mt_rand(11111111111,99999999999); $db->query(UPDATE users SET PID={$randpid} WHERE userid=$userid"); if($_GET['pid'] != $ir['PID']) { die("Page expired!"); } HUGE downside to this is that you have to go through EVERY file and add $_GET['pid'] = abs(@intval($_GET['pid'])); AND to EVERY url you add this after for example index.php ?pid={$pid['PID']} so it should look like this..... index.php?pid={$pid['PID']} OR if it has something already after .php like this example.php?ID={$_GET['ID']} you make it look like this example.php?ID={$_GET['ID']}&pid={$pid['PID']} Now for the worst part but worth it if you dont want anything inserted into your url ;) in EVERY FILE (As far as i know) $pi=$db->query("SELECT PID FROM users WHERE userid=$userid"); $pid=$db->fetch_row($pi); This i think you would be able to get in header =\ or you COULD add it to a .php file and just require "pid.php"; in pid.php add $pi=$db->query("SELECT PID FROM users WHERE userid=$userid"); $pid=$db->fetch_row($pi); PLEASE tell me if there is anything else that could make this work better and just so you know this is just an example of what you can do with this method,i am adding mine a little different that this but hope it helps stop url inserting ;) Quote
BludClart Posted January 9, 2010 Author Posted January 9, 2010 just so everyone knows how this works.....it means they HAVE to click the buttons in the game rather than refreshing the page.....they cant refresh the page because every time a page loads pid=EXPIREEEEED :P Quote
rulerofzu Posted January 9, 2010 Posted January 9, 2010 You can do this like this I think. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. On a page where you wish it to be. NB. I tried something like this months ago to stop people refreshing. Got someone who has limited macro knowledge and they could beat the code with a simple macro easily and refresh. Quote
seanybob Posted January 9, 2010 Posted January 9, 2010 Want to stop people putting things in the url? SIMPLE! i have worked out a way that takes a LONG time to install but very worth it ;) Second you need to add this into header.php .... $randpid=mt_rand(11111111111,99999999999); $_SESSION['PID']=$randpid; if($_GET['pid'] != $_SESSION['PID']) { die("Page expired!"); } $_GET['pid'] = abs(@intval($_GET['pid'])); HUGE downside to this is that you have to go through EVERY file and to EVERY url you add this after for example index.php ?pid={$_SESSION['PID']} so it should look like this..... index.php?pid={$_SESSION['PID']} OR if it has something already after .php like this example.php?ID={$_GET['ID']} you make it look like this example.php?ID={$_GET['ID']}&pid={$_SESSION['PID']} Now for the worst part but worth it if you dont want anything inserted into your url ;) in EVERY FILE (As far as i know) PLEASE tell me if there is anything else that could make this work better and just so you know this is just an example of what you can do with this method,i am adding mine a little different that this but hope it helps stop url inserting ;) Fixed some things. No need for Database query. Quote
rulerofzu Posted January 10, 2010 Posted January 10, 2010 Yeah what he said.... good job Seanybob :D Quote
Joshua Posted January 10, 2010 Posted January 10, 2010 TC what are you on about? Can't stand when people post rude comments w/o any explanation. Quote
BludClart Posted January 10, 2010 Author Posted January 10, 2010 TC what are you on about? Can't stand when people post rude comments w/o any explanation. Ditto :P What exactelly do you mean Tcmaker? =\ cuz by the sound of things you try to copy TC :S Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.