Nicholas Posted January 22, 2010 Posted January 22, 2010 hi, im wondering... would this make it secure? halloffame.php $filter['filter'] = abs(@intval($filter['filter'])); $filter['filter'] = isset($filter['filter']) && is_string($filter['filter']) ? strtolower(trim($filter['filter'])) : ""; $filter['filters'] = abs(@intval($filter['filters'])); $filter['filters'] = isset($filter['filters']) && is_string($filter['filters']) ? strtolower(trim($filter['filters'])) : ""; $filters['filter'] = abs(@intval($filters['filter'])); $filters['filter'] = isset($filters['filter']) && is_string($filters['filter']) ? strtolower(trim($filters['filter'])) : ""; $filters['filters'] = abs(@intval($filters['filters'])); $filters['filters'] = isset($filters['filters']) && is_string($filters['filters']) ? strtolower(trim($filters['filters'])) : ""; $filter['bt1'] = abs(@intval($filter['bt1'])); $filter['bt1'] = isset($filter['bt1']) && is_string($filter['bt1']) ? strtolower(trim($filter['bt1'])) : ""; $filter['bet1'] = abs(@intval($filter['bet1'])); $filter['bet1'] = isset($filter['bet1']) && is_string($filter['bet1']) ? strtolower(trim($filter['bet1'])) : ""; $filter['bt2'] = abs(@intval($filter['bt2'])); $filter['bt2'] = isset($filter['bt2']) && is_string($filter['bt2']) ? strtolower(trim($filter['bt2'])) : ""; $filter['bet2'] = abs(@intval($filter['bet2'])); $filter['bet2'] = isset($filter['bet2']) && is_string($filter['bet2']) ? strtolower(trim($filter['bet2'])) : ""; $filter['bt3'] = abs(@intval($filter['bt3'])); $filter['bt3'] = isset($filter['bt3']) && is_string($filter['bt3']) ? strtolower(trim($filter['bt3'])) : ""; $filter['bet3'] = abs(@intval($filter['bet3'])); $filter['bet3'] = isset($filter['bet3']) && is_string($filter['bet3']) ? strtolower(trim($filter['bet3'])) : ""; $filters=array( 'nodon' => 'AND donatordays=0', 'don' => 'AND donatordays > 0', 'all' => ''); $filter=(isset($filters[$_GET['filter']])) ? $_GET['filter'] : 'all'; $myf=$filters[$filter]; $bt1=($filter=="nodon") ? "[b]" : ""; $bet1=($filter=="nodon") ? "[/b]" : ""; $bt2=($filter=="don") ? "[b]" : ""; $bet2=($filter=="don") ? "[/b]" : ""; $bt3=($filter=="all") ? "[b]" : ""; $bet3=($filter=="all") ? "[/b]" : ""; userlist.php $st = abs((int) $_GET['st']); $by = abs((int) $_GET['by']); $ord = abs((int) $_GET['ord']); abs(@intval($_GET['st'])); abs(@intval($_GET['by'])); abs(@intval($_GET['ord'])); $_GET['st'] = isset($_GET['st']) && is_string($_GET['st']) ? strtolower(trim($_GET['st'])) : ""; $_GET['by'] = isset($_GET['by']) && is_string($_GET['by']) ? strtolower(trim($_GET['by'])) : ""; $_GET['ord'] = isset($_GET['ord']) && is_string($_GET['ord']) ? strtolower(trim($_GET['ord'])) : ""; $st=($_GET['st']) ? $_GET['st'] : 0; $by=($_GET['by']) ? $_GET['by'] : 'userid'; $ord=($_GET['ord']) ? $_GET['ord'] : 'ASC'; could you tell me if its secure or not? and if not, could you tell me how to secure it please? (im trying to learn security) Quote
Zero-Affect Posted January 22, 2010 Posted January 22, 2010 i just glanced at the userlist fix, I have to ask did you just copy examples from other people? i think (if i remember correctly) $_GET['ord'] only can be two things asc and desc so why not use a array and use a ternary operator... $_GET['ord'] = ( isset($_GET['ord']) AND in_array($_GET['ord'], array('asc', 'desc')) ) ? $_GET['ord'] : 'asc' ; same with some of the others... $by = abs((int) $_GET['by']); $ord = abs((int) $_GET['ord']); You are simply just copying other peoples methods not considering they ain't numeric they are alpha, i would suggest you maybe hit php.net a little more and work out some methods. I personally like to double check all my code before uploading it. $st = abs((int) $_GET['st']); into $st = ( ctype_digit($_GET['st']) AND isset($_GET['st']) ) ? $_GET['st'] : 0; I won't do the other for you and i hope you don't just copy this stuff, research the functions and consider where it's needed. Quote
Nicholas Posted January 22, 2010 Author Posted January 22, 2010 so its all wrong then? lol also php.net is confusing... i cant figure out how to use it to get information... lol. Quote
Zero-Affect Posted January 22, 2010 Posted January 22, 2010 use the search function... example input 'ctype' in there or the exact name of the function your research 'ctype_digit' people don't put the quotes... Simple solution is to google whatever like for example [lmgtfy]array php.net[/lmgtfy] top result: http://php.net/manual/en/language.types.array.php Quote
Zeggy Posted January 23, 2010 Posted January 23, 2010 In your list of filter code like this: $filter['filter'] = abs(@intval($filter['filter'])); $filter['filter'] = isset($filter['filter']) && is_string($filter['filter']) ? strtolower(trim($filter['filter'])) : ""; Your variables will always be set to an empty string. This is because in the first line, you change the value into an integer. The second line turns it into an empty string because the type of the variable isn't a string. This applies to all your filter code in that section. Quote
chaoswar4u Posted January 27, 2010 Posted January 27, 2010 With the example from crimegroup.com ive come up with the following - // Security fix $st=(ctype_digit($_GET['st']) AND isset($_GET['st']) ) ? $_GET['st'] : 0; $by=$_GET['by'] = ( isset($_GET['by']) AND in_array($_GET['by'], array('userid', 'username', 'level', 'gender')) ) ? $_GET['by'] : 'userid' ; $ord=$_GET['ord'] = ( isset($_GET['ord']) AND in_array($_GET['ord'], array('asc', 'desc')) ) ? $_GET['ord'] : 'asc' ; // End Seems to work for me. Please post below if something can be improved upon. Quote
Zero-Affect Posted January 28, 2010 Posted January 28, 2010 it's actually crimgame.com lol and yeah looks fine to me Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.