SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 32
  1. #1
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question MySQL Security Questions

    I have no experience in database security and I had a few questions. The story is I built my site and database just using the bare minimum and used no security. My friend wanted to prove a point, that my site was so insecure, that he could create a button on HIS website that would delete all the users on MY website with the click of a mouse (and he did this).

    I have a few FORM inputs like "username" "password" "email" and an image uploader and stuff like that where he could input his malicious codes.

    How does this security work, do you put up a generic function at the top of every page that automatically makes everything on the page safe? Or do I have to put some security statement on every spot where there is an input?

    What is an example of some code snippets (and where to place them in my php file) that would provide some pretty heavy security for 3 FORM inputs: "username" "password" and the image upload?

    Thanks
    Best

  2. #2
    SitePoint Guru
    Join Date
    Sep 2008
    Posts
    977
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well this is a question for the forum relative to your server-side langugage and, not, mysql.

    To start you off though, you need to check each and very value that can be sent to a script from a form or wherever, so that it contains either, only the characters that you allow or, that it does not cointain set characters. look up sql-injection as well if you are using php.

    bazz

  3. #3
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question

    Hello again, I've been putting in the mysql_real_escape_string(); tags around variables that users can input.

    But my friend still is able to delete all my users and he told me how he did it and I can't figure out how to stop it now. Here is the situation. I have this button that logged in users can press to delete their account:

    PHP code:
    Code:
    <tr><td><strong>Delete My Profile:</strong></td></tr>
    <tr><td>
    <form action="update.php" method="post" name="delete">
    <p><input type="submit" name="delete" value="delete">
    </form></td></tr>
    </table></td></tr></table>
    </td>
    MySQL code:
    Code:
    session_start();
    session_register('user');
    $nuser=$_SESSION['user'];
    
    if(isset($_POST['delete'])){
    mysql_query("DELETE FROM login WHERE user = '$nuser' ") or die(mysql_error());  
    echo'<html><head><meta http-equiv="REFRESH" content="3; url=/index.php"></head><body>';
    print "Congratulations! You have deleted your profile and will be redirect to the homepage!";
    echo'</body></html>';
    exit;
    }
    Here is the code he put on his website:
    Code:
    <html><head>
    <title>Login/Register</title>
    </head><body>
    
    <form name="login" action="http://www.mysite.com/update.php?username=john123" method="post" name="delete">
    <input name="deleteuser" value="where users='*'" type="hidden">
    <p style=""><input name="delete" value="delete" type="submit">
    </p></form>>
    
    </body></html>
    I don't even know what kind of attack this is (XSS, SQL injection, something else?) and I have no idea how to stop. I've been working on this for hours. Please let me know if there is a solution.

    Thanks
    Best

  4. #4
    SitePoint Guru
    Join Date
    Sep 2008
    Posts
    977
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    value="where users='*'" is the key issue. you need to prevent such characters from being processed by your script. look into 'regex' substitution like this example:

    Code:
    my $value_submitted = '*';
    
    $value_submitted=~ s/*//g;
    or
    Code:
    unless ($value_submitted =~ /^\d+$/ )
    { exit;}
    that is some perl code but I reckon php regexes should be similar.

    / = boundaries of regex
    ^ means start of value to be affected
    $ means end of value to be affected
    \d means allow only digits
    + means one or more (perhaps more than zero, I don't recall)



    hth
    bazz

  5. #5
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the reply. I think this would normally work but there is a strange problem. My friend is using this line of code:

    Code:
    <input name="deleteuser" value="where users='*'" type="hidden">
    Basically he's storing the value of "where users='*'" into the name variable "deleteuser". Now in my code, there is no $deleteuser variable to implement your code on. I have no idea how this value is even getting into my MySQL query since all I use is:

    Code:
    $nuser=$_SESSION['user'];
    mysql_query("DELETE FROM login WHERE user = '$nuser' ")

    I am now wondering if I am doing the whole "delete user" thing wrong. I exclusively only want a user who has signed in to delete their account and I thought the Session variable would have worked but I guess not.

  6. #6
    SitePoint Enthusiast akstar's Avatar
    Join Date
    Feb 2009
    Posts
    75
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How about if you restrict your textbox to only
    A-Z and a-z
    All other characters is not allowed.

  7. #7
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's not really a text box though, my friend created this code that consists only of a "delete" button. I actually don't even know how to manipulate his value or what variable it's being stored to.

  8. #8
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is one of the reasons why register_globals has been by default set to off for years. people don't understand it, and it gets them into trouble. session_register() is also a very ancient way to use sessions. Not understanding how they work + using them both = potential for problems.

    while the code you posted won't work(unless you have not posted the code for update.php), it could work with a slight modification

    You should
    turn off register_globals, as it is very dangerous when you don't understand it well.
    stop using session_register() as its simply not needed. just use $_SESSION
    use mysql_real_escape_string() on ALL variables in a mysql query, no matter how safe you think they are.

    read up on sql injection, and php security in general.

  9. #9
    SitePoint Enthusiast akstar's Avatar
    Join Date
    Feb 2009
    Posts
    75
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just maybe, you might need to set those update.php and delete.php to 644 permission in your server.

  10. #10
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for that info. I am actually new to this and really didn't understand a lot of that session stuff.

    First, to turn off register_global, do I just make a .htaccess file and input "php_value register_globals 0" submit it?

    Second, is session_register('user'); the same as $_SESSION['user']?

  11. #11
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not a security expert but it seems that your application is vulnerable to a few security issues:

    1. This seems to be an sql injection, which is using your own form to "hack" your website. Take a look at this article for some clues on what to do. And this google search http://www.google.com/search?hl=en&q...NL316&ie=UTF-8

    2. Instead of relying on magic quotes and addslashes, test for magic_quotes as described in the article and stripslashes if necessary. Use mysql_real_escape_string() on any string values you input into your db. For integers and decimal values use intval() and floatval() to make sure the values are at least converted to what you are expecting them to be.

    3. For your own development environment set error_reporting on completely:
    PHP Code:
    error_reporting(E_ALL|E_STRICT);
    ini_set('display_errors''On'); 
    4. Also with an upload form you'll need to make sure you're running several tests on the uploaded file and that your website is not allowing anyone to upload any file. A webserver has security settings for its directories and for some reason a lot of hosts like to set the upload directory wide open with chmod 777 on a unix dir - this allows a hacker the potential to upload whatever they want to your upload dir; I don't know what the setting is for windows iis. Anyway, try not to use an open directory for uploading files, make sure the script has control of the dir instead, or better yet that only your account has access to your created directories (this can be an issue on a shared host) using something like 755 on the dir. http://www.google.com/search?hl=en&r...ty&btnG=Search

    5. And you'll need to make sure your session control is secure as well http://www.google.com/search?hl=en&r...ty&btnG=Search

  12. #12
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for that information danNL. I was reading it for awhile and was able to turn off my register_global and putting mysql_real_escape_string() on my variables.

    But I'm still not able to fix the problem, when I press that delete button on my friend's website, it still deletes all my users...

    He is using <input name="deleteuser" value="where users='*'" type="hidden"> on his website. When he presses the button, it goes to update.php to run the deletion script. I would use the mysql_real_escape_string() function on the "deleteuser" variable, but that variable doesn't even exist on update.php, I don't even know how he is getting his '*' value into my mysql_query.

    The only variable I have in my mysql_query("DELETE FROM login WHERE user = '$nuser' ") is $nuser. The only other mentions of that variable in my page before the mysql_query are:

    session_start();
    $nuser=$_SESSION['user'];
    $nuser = mysql_real_escape_string($nuser);

  13. #13
    SitePoint Enthusiast akstar's Avatar
    Join Date
    Feb 2009
    Posts
    75
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just a question: Does your update.php has username and password features ?

    PHP Code:
    <?php
    $con 
    mysql_connect("localhost","username","password");
    if (!
    $con)
      {
      die(
    'Could not connect: ' mysql_error());
      }

    mysql_select_db("databaseName"$con);

  14. #14
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Clear your cookies and try again.

    Post the current code in update.php

  15. #15
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I sort of have that, basically I store my admin username and password for the database connection in an external file that gets called up.

  16. #16
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I cleared the cookies and that didn't work.

    Below is the code for my update.php file. Please let me know if I'm doing anything else wrong. I will also post the code that my friend is using that keeps deleting my users after this:

    Code:
    <?php
    session_start();
    error_reporting(E_ALL|E_STRICT);
    ini_set('display_errors', 'On'); 
    require 'database.php';  \\database username and password connection stuff
    $nuser=$_SESSION['user'];
    if($nuser){
    $userfinal=$nuser;
    }
    if(isset($userfinal)){
    $Members = mysql_query("SELECT user FROM login order by id") or die(mysql_error());
    $numRowsMembers = mysql_num_rows($Members);
    }
    
    if(isset($_POST['submit'])){
    $count = 0;
    $email = mysql_real_escape_string($_POST['email']);
    $pass = mysql_real_escape_string($_POST['pass']);
    $status = mysql_real_escape_string($_POST['status']);
    $updateuser = mysql_real_escape_string($_POST['updateuser']);
    if ($email != NULL) {
    mysql_query("UPDATE login SET email = '$email' WHERE user = '$updateuser'");
    $count = $count + 1;
    }
    if ($pass != NULL) {
    mysql_query("UPDATE login SET pass = '$pass' WHERE user = '$updateuser'");
    $count = $count + 1;
    }
    if ($status != NULL) {
    mysql_query("UPDATE login SET status = '$status' WHERE user = '$updateuser'");
    $count = $count + 1;
    }
    if ($count > 0){
           echo'<html><head><meta http-equiv="REFRESH" content="1;url=/members.php?username=' . $_SESSION['user'] . '"></head><body>';
           print "Congratulations, you have updated your profile!";
           echo'</body></html>';
           exit;
    }}
    
    if(isset($_POST['delete'])){
    
    $nuser = mysql_real_escape_string($nuser);
    mysql_query("DELETE FROM login WHERE user = '$nuser' ") or die(mysql_error());  
    echo'<html><head><meta http-equiv="REFRESH" content="3; url=/index.php"></head><body>';
    print "Congratulations! You have deleted your profile and will be redirect to the homepage!";
    echo'</body></html>';
    exit;
    }
    
    $username = mysql_real_escape_string($_SESSION['user']);
    $userinfo = mysql_query("SELECT * FROM login WHERE user = '$username'");
    $userinfo=mysql_fetch_assoc($userinfo);
    
    $directory_self = mysql_real_escape_string(str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']));
    $uploadHandler = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'processor.php';
    $max_file_size = 300000; // size in bytes
    
    
    
    
    echo'
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title></title>
    <meta name="robots" content="noindex,nofollow">
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <link rel="stylesheet" type="text/css" href="/style.css">
    <link rel="SHORTCUT ICON" href="favicon.ico">
    </head><body><br>
    <table class="main" align="center"><tr>
    <td valign="top" align="left" bgcolor="#f5f9eb">
    <div class="bar"></div>
    <table width="100&#37;" cellspacing="0" cellpadding="0" border="0">
    <tr bgcolor="#006633">
    <td><table class="header" align="left">
    <tr><td align="center" valign="top">
    <h1 class="main">Snipits</h1>
    </td></tr></table>
    </td></tr></table>
    
    
    
    
    <table align="center" cellspacing="0" cellpadding="2" border="0">
    <tr>
    
    
    
    <td colspan="2" valign="top" align="left">';
    if (isset($_SESSION['user'])) {
    echo'<br>
    You are now logged in. || 
    <a href=logout.php>Log Out</a> || 
    <a href=index.php?username=' . $_SESSION['user'] . '>Home</a> || 
    <a href=members.php?username=' . $_SESSION['user'] . '>My Profile</a> || 
    <a href=update.php?username=' . $_SESSION['user'] . '>Update My Profile</a>
    <br>
    </td></tr>
    
    
    <!-- #################################################################################################################### -->
    
    
    <tr><td valign="top" align="center">
    <table width="150" border="0"cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
    <tr><td>
    <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
    <tr>
    <td><strong>My Friends List:</strong></td>
    </tr>';
    for($count = 1; $count <= $numRowsMembers; $count++)
    {
    $name = mysql_fetch_array($Members);
    echo '<tr><td><a href="member_profile.php?username=' . $name['user'] . '">' . $name['user'] . '</a></td></tr>';
    }  
    echo'
    </table></td></tr></table><br>
    </td>
    
    
    
    
    
    <td valign="top">
    <table width="480" border="0" align="left" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
    <tr><td><table width="100%" border="0" cellpadding="3" cellspacing="2" bgcolor="#FFFFFF">
    
    <tr><td><h2>User Profile: ' . $_SESSION['user'] . '</h2></td></tr>
    <tr><td><img src=" '.$userinfo['image'].' " alt=""></td></tr>
    <tr><td>
    <form id="Upload" action="processor.php" enctype="multipart/form-data" method="post">
    <p><strong>Upload Profile Picture:</strong></p>
    <p><input type="hidden" name="MAX_FILE_SIZE" value="300000"></p>
    <p><label for="file">File to upload:</label><input id="file" type="file" name="file"></p>
    <p><label for="submit">Press to...</label><input id="submit" type="submit" name="submit" value="Upload Image"></p>
    </form>
    </td></tr>
    
    <tr><td><strong>Update My Profile:</strong></td></tr>
    <tr><td>
    <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
    <tr><td>
    <form action="update.php?username=' . $_SESSION['user'] . '" method="post" name="update">
    <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
    <tr>
    <td width="78">Email</td>
    <td width="6">:</td>
    <td width="294"><input type="text" name="email"></td>
    </tr>
    <tr>
    <td>Password</td>
    <td>:</td>
    <td><input type="text" name="pass"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input type="submit" name="submit" value="submit"></td>
    </tr>
    </table>
    </form>
    </td></tr></table><br>
    </td></tr>
    
    
    <tr><td><strong>Delete My Profile:</strong></td></tr>
    <tr><td>
    <form action="update.php" method="post" name="delete">
    <p><input type="submit" name="delete" value="delete">
    </form></td></tr>
    </table></td></tr></table>
    </td>
    
    
    
    
    
    
    <td valign="top">
    <table width="100%" border="0" align="left" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
    <tr><td>
    <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
    <tr><td>
    <object width="340" height="285">
    <param name="movie" value="http://www.youtube.com/v/nsCXZczTQXo&hl=en&fs=1&color1=0x234900&color2=0x4e9e00&border=1"></param>
    <param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param>
    <embed src="http://www.youtube.com/v/nsCXZczTQXo&hl=en&fs=1&color1=0x234900&color2=0x4e9e00&border=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="340" height="285"></embed></object>
    </td></tr>
    <tr><td>
    <object width="340" height="285">
    <param name="movie" value="http://www.youtube.com/v/ecd3h_BQ5P8&hl=en&fs=1&color1=0x5d1719&color2=0xcd311b&border=1"></param>
    <param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param>
    <embed src="http://www.youtube.com/v/ecd3h_BQ5P8&hl=en&fs=1&color1=0x5d1719&color2=0xcd311b&border=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="340" height="285"></embed></object>
    </td></tr>
    <tr><td>
    <object width="340" height="285">
    <param name="movie" value="http://www.youtube.com/v/_Y-suQWFOfg&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1"></param>
    <param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param>
    <embed src="http://www.youtube.com/v/_Y-suQWFOfg&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="340" height="285"></embed></object>
    </td></tr>
    </table>
    </td></tr>
    </table></td>
    </tr></table>';
    }
    
    
    
    ########################################################################################################################### 
    
    
    else {
    echo'
    <center>UH OH!! You are not logged in</center><br><br>
    <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
    <tr>
    <td>
    <form name="login" method="post" action="login.php">
    <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
    <tr>
    <td colspan="3"><strong>You need to log in to view the Friends List</strong></td>
    </tr>
    <tr>
    <td width="78">Username</td>
    <td width="6">:</td>
    <td width="294"><input name="user" type="text" id="user"></td>
    </tr>
    <tr>
    <td>Password</td>
    <td>:</td>
    <td><input name="pass" type="text" id="pass"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input type="submit" name="login" value="login"></td>
    </tr>
    </table>
    </form>
    </td>
    </tr>
    </table><br>';
           }
    
    
    ########################################################################################################################### 
    
    
    
    echo'<br><br>
    <div class="bar"></div>
    </td></tr>
    </table>
    <br><br><br><br>
    <table align="center"><tr><td align="center">
    <p><a href="http://validator.w3.org/check?uri=referer" rel="nofollow"><img src="http://www.w3.org/Icons/valid-html401" border="0" alt="Valid HTML 4.01 Transitional"></a>
    <a href="http://jigsaw.w3.org/css-validator/" rel="nofollow"><img style="border:0;width:88px;height:31px" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"></a></p>
    </td></tr></table>
    </body>
    </html>';
    
    ?>
    My Friends Hack Code:
    Code:
    <html>
    <head>
    <title>
    Login/Register
    </title>
    </head>
    <body>
    
    <form name="login" action="http://www.mysite.info/update.php?username=john123" method="post" name="delete">
    <input name="deleteuser" value="where users='*'" type="hidden">
    <p style=""><input name="delete" value="delete" type="submit">
    </p></form>>
    
    
    
    </body>
    </html>

  17. #17
    SitePoint Enthusiast akstar's Avatar
    Join Date
    Feb 2009
    Posts
    75
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just my newbie humble assumptions.

    it looks like with such a simple few lines of codes.... he could easily press a button and delete your stuff.

    which means, the problem could be in your LOGIN and SESSIONS.
    it is not secure enough. this means, anyone could actually delete your stuff without even logging in.

    this means, your update.php is fully public for everyone to delete as they wish.

  18. #18
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is that all of the code that's in your update.php file?
    Is that really all he has in his hack script?

    Try downloading the update.php file that's on your site to your local computer's desktop, not in any web served directory and take a look at it in notepad ... is it the same file you uploaded? Your friend may have been able to upload his own version using your upload form. If this is a development environment with no live data you may want to delete your upload directory and not use your upload script until you've had a chance to learn more about secure uploads.

    Also, what seems strange is the where clause your friend is using is not what you're using in your script. Do you have a field called users in your table or is it user? Is user a unique primary key for the user table?

    where users='*'
    v.s.
    WHERE user = '$nuser'

    And your form has the same name as the input variable; name="delete". Your form doesn't need the name attribute.

    And this, http://www.mysite.com/update.php?username=john123, seems to indicate that your friend is setting the username variable via a query string, which may be hacking your session variable and seems to indicate that global variables may still be on or that maybe there's more to your upload.php file than what you've been able to post here.

    Also, you may want to create a query string like this instead:
    PHP Code:
    $query null;
    $query .= "DELETE FROM login";
    $query .= "WHERE user = '".mysql_real_escape_string($nuser)."'";
    mysql_query($query); 
    You may want to start over with a secure login script, secure session control, and securing the directories in your application.

  19. #19
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How do I secure this then? Like what type of SESSIONS or security should I add into this page and future pages to prevent this?

  20. #20
    SitePoint Enthusiast akstar's Avatar
    Join Date
    Feb 2009
    Posts
    75
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if you have some extra time,
    I suggest, you try - http://dodona.wordpress.com/puls/
    its the one I am using now.

  21. #21
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    danNL, Apparently that's all my friend has in the Hack unless he's a lying ******* and hiding something to send me in a wild ghoose chase.. That is also the code directly from my computer as well, the entire upload.php. My users log in on the login.php page though which is external.

    There is a field in my table: 'user' which is basically the text string for their username.

  22. #22
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also just deleted name="delete" from my <form> and <input> statements and that still didn't work.

    My friend is reading this thread as well trying to figure this out and he says "that is rather strange tho, i really cant see why my own code works haha"

  23. #23
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ah ... I see you posted the rest in between my post ... I don't have time to go through it all right now ... but one thing you may want to look into is setting all your script variables to null or a default value at the beginning of your script ... this can help insure no one can can set them via a get or post and don't trust the get and posted values implicitly.

    You'll need to keep the name attribute on the input field ... that's how PHP reads the posted value. Are you sure Register Globals is off ... put a verification in your script just to make sure ... you can find on the internet how to do this.

    later you may want to look into separating your logic, data and presentation, http://en.wikipedia.org/wiki/Multitier_architecture

    There is a lot to learn but it definitely can be rewarding ... just take it step-by-step ...

  24. #24
    SitePoint Addict
    Join Date
    Jul 2007
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey danNL, thanks for all the info, I'm going to have to take a serious look into that stuff.

    I also believe I fixed it (I don't know how), either that or my friend is doing something screwy hacking into other things and making me think it's fixed... I will be back if it keeps coming up.

    Thanks
    Best

  25. #25
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you positive you're uploading the file to the correct directory?

    post the code in database.php

    Add this
    PHP Code:
    if(isset($_POST['delete'])){
        
    // add this part
        
    print_r(get_included_files());
        exit; 
    Now click the hack button. Does it output only database.php?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •