shadowx
Aug 22 2006, 09:25 PM
Hi everyone I like to experiment with php, been doing so for about a year but im not clued up on security yet, i can use str_replace() to take out parts of strings i dont want like html and JS code inserted by users, and i know how to use stripslashes to take out slashes from input strings but this doesnt seem to be lock-tight security to me. There has to be something more to protect my scripts against malicious users. I belive its possible to use the "or_die()" function for connecting to an sql table to prevent the error messages being shown to users, as error messages can be a great help to a hacker. Anything else i can do to protect my databases? The main thing im worried about is having a guestbook on my pages, which i do have and it gets spammed alot because of stupid kids at my college but i remedied that, i just havent cleared up. So is there a way of preventing this spam? I could detect their ip and black it for about 5 minutes to prevent flooding of the guestbook and use my cpanel to permanently block ips if i have to. And also worried about people injecting code into the input box to screw the PHP, ive used the search and replace method to strip off html etc.. and its stored as a flat text file so html shouldnt work anyway. Does storing the guestbook content as a flat text document prevent users from inserting any type of code into my pages? I guessed it should do but im not too sure. I feel confident with everything else except security!
Reply
ghostrider
Aug 22 2006, 11:38 PM
There is a function in php called striptags() that removes all HTML from a string. This will also block out any Javascript because you need the script tag to write JavaScript. The link below explains the function. http://us2.php.net/manual/en/function.strip-tags.phpAs for blocking IP addresses, I would simply have a MySQL database and fill it up with IP addresses that are blocked and then check each time the page loads to see if the IP is blocked, and whether it has been 5 minutes or not. Another thing you could do is have the guestbook script email you to make sure it isnt spam, and then write another script that adds it to the guestbook, however this isn't exactly the fastest routine and requires some work on your part. Blocking IPs permanently doesn't sound like the best idea to me, remember IP addresses can change. If you need any help feel free to PM me.
Reply
shadowx
Aug 22 2006, 11:43 PM
I think ill definately use the striptags() as it will save me a lot of manual stripping (of tags!) using string replace. Thanks for that. And its true about IP's, one major pain in the neck, some ISP's give their clients different IP's every time they log on which is annoying. I blocked my college from accessing the site and that IP address doesnt change because they have a T1 or similar connection and its always on so as far as i know its got a static IP. I could of course check the guestbook often but im lazy and i figure computers are here to do my work for me!
Reply
Lyon2
Aug 23 2006, 12:16 AM
You can use all that, and or you can use a program or script to encrypt the php source code, like for instance: PHP Code Obfuscator SourceGuardian Pro I have both, and the first is a php script, a very good script, that can encrypt php source code to a simple or advanced encryption method, anyway, it can even reduce the size of your php page/script with the encryption. SourceGuardian pro is also very good, you have more functions, more features.
Reply
electron
Aug 23 2006, 03:07 AM
I recommend the use of HTML Entities - htmlentities() THis is more advanced and uses the HTML Transational table-get_html_translation_table(). htmlentities() has three QUOTE STYLE contents.It means you can also convert ' & " to HTML code so PHP doesnt get confused. Find full information on it : http://in.php.net/htmlentitiesYou can also reconvert it to HTML. So use this as it is better. Hope this helps.
Reply
FLaKes
Aug 23 2006, 04:42 AM
Dont forget about the mysql escape string function for security against sql injections. There is this really nice explanation in the php.net function documentation here: http://mx.php.net/manual/en/function.mysql...cape-string.phpThen you should scroll down to half of the page where the best practice example is. Also there is this function called md5, you should search it in the php.net webpage, its for encrypting data, but Im investigating it right now, so I cant really tell you much about it right now.
Reply
shadowx
Aug 23 2006, 03:04 PM
Ahh thanks some very good functions ill definately use there! I also stumbled accross a site im reading at the moment and thought id share it with you all, heres the link http://phpsec.org/ its a site dedicated to php security and is very usefull! Thanks for the functions ill check them out properly very soon!
Reply
wappy
Aug 24 2006, 02:04 PM
very interesting. I think i will be using some of these functions on my community site when i get more time. Also if your really worried about being hacked or have a persistent hacker stalking you its a good idea to use the robots.txt file to stop search engines like google searching your code, i have been google hacked twice in the past and had some very unique and private wap scripts made public and it made me very angry after working for months writing my own chat, toplist, and other big scripts. Word.
Reply
Similar Topics
Keywords : securing, php, script, proccessing, input, advice
- Securing Upload Directory
proper way to do it? (5)
How To Make Php Newsletter Script
(3) I have seen a post on here somewhere which shows how to make a simple newsletter php script. I
cvant find it anywhere and I wanted to ask some questions of the author. Does anyone know the one I
mean? Cheers ....
Php Guest Online Script
(3) make an index.php copy and paste this code CODE $db_host = "localhost"; $db_user = "root";
$db_pass = ""; $db_name = "test"; $dbc = mysql_connect($db_host, $db_user, $db_pass); $dbs =
mysql_select_db($db_name); $tm = time(); $timeout = $tm - (30*60); if($_SERVER ){$ip=$_SERVER ;}
else{$ip=$_SERVER ;} $brws = explode("(",$_SERVER ); $browser = $brws ; mysql_query("DELETE FROM
guest WHERE actvtime mysql_query("INSERT INTO guest SET time='".$tm."',
ip='".$ip."', browser='".$browser."'"); $count =
mysql_fetch_array(mysql_query("SELECT COUNT(*)....
How To Make A View New Post Script?
(5) Ok so i'm still working on the forum software i posted about a while back, but I have no idea
how to do this. I want to make a view new post script, as this is one of the main things that my
forum software dose not have that all other forums have. so does any body have an idea on how i
would do this? Thanks.....
Guessing Php Script
(2) I am looking for: freeware php quess the person in the photo game script....
Need Help Installing Dolphin Community Script!
(5) I'm not sure if this is the right place to post this but I really need help in installing the
dolphin community script. I have absolutely no previous experience of scripts or programming. I
would really appreciate if someone could walk me through it step-by-step, or even do it for me by
logging into my cpanel. I have tried to install it my self but I'm a little confused. I'm
sure it won't take very long at all for someone who has done this before.....
How Do I Connect To Live Database With Php Script?
while being hosted with ComputingHost (6) I am not new to programming. I want to create a form to add some values into my tables, the code
are all working. But I am not sure what is the URL to connect to my site's database. All along,
I have been testing through MAMP, which provides a local copy of mySQL. Can anyone lend me a hand?
My site's URL is http://limetouch.com/ ....
Download Script For Mp3 Files
(0) Hello, I'm looking for a download script for sound files (e.g. mp3, avi, wma, and other ones).
i have found a few download scripts but they would not work for sound files for some reason. also
this will not be used for allowing downloading of illegal or riped music, what i will be using this
script for is i'm making a site for my church and the pastor wants to be able to recored the
services and then have me upload them to the site so that the church members can download them for
what ever reason. If some one could tell me how to make one or could show me a plac....
Php Rediret Script
(12) Ok, what I am trying to do is this. Re-direct a domain name called: avalon.asn.au to
preschool.stmarksavalon.org.au I have created a script that will re-direct within the a folder.
However, the avalon.asn.au and stmarksavalon.org.au are PARKED Domains. Any ideas on how to create
this PHP Redirect Script please?....
Forum Script
(3) Hello, i'm wanting to start making my own forum software but i dont know where to start or what
i need to know in order to do this. I know i will need php and mysql but what else, and could some
one point me to a good site were i could learn php and mysql. Thanks ....
How Would I Go About Making A Simple "counting" Script?
(3) I plan on making a script for basic voting between different options, and I'd like to know what
PHP coding I would require. Basically, each choice will be as simple as this: CODE Best
falsetto? Person A Person B What PHP would be used to basically add 1 value to a
specified .txt file based on which option is chosen? (Like, if person A was selected, it would add 1
to persona.txt, and if person B was chosen, it would add 1 to personb.txt) Thanks in advance to
whoever helps. I'm not good at this kind of intermediate/advanced PHP. /ph34r.gi....
Library Script
Where? (6) Hello, everyone. Anyone knows where I can get a library script that acts like CMS script software,
you can add books or delete them. I want to build virtual online library which can be accessible to
everyone. Or just give me some advices how to make it build. I'm a novice in programming.....
Script Not Working
I don't know why. (6) For some reason my random string script is not working. I got a fatal error when I tried it under
XAMPP. I do not know why. It looks syntatically correct. Could someone help me? Here is the script:
(Warning its over 100 lines long) //This PHP script will generate a random array and turn it into
a string consisting of 0-9 and A-Z. // This is the first developmental version. //Create 10 item
array for string $string = array(0,0,0,0,0,0,0,0,0,0); //Create function to replace 10-36 with A-Z
function conToStr() { for ($a = 0;$a switch($string ) { case 10: $str....
Script Help Required: Undefined Variable
A fault I cannot spot in PHP (3) Hi, when running a PHP script I keep getting the error: QUOTE Notice: Undefined variable: bret
in c:\program files\easyphp1-8\home\poll.php on line 294 Notice: Undefined variable: bret in
c:\program files\easyphp1-8\home\poll.php on line 294 (And, yes, I get it twice). The code
related to the variable is as follows: CODE function LogString($string,$type) {
$t_log = "\n"; $t_log .= $this->globaldata->server_vars ."|";
$t_log .= date("Y-m-d h:i:s A|"); $t_log .= "$type| "; $string =
str_replace("\n","\\n",$s....
Php Downloads Script
(4) I've been looking all over the net for a PHP script which can provide an interface to browse a
downloads database. The database could be powered by MySQL. If you know a script like this, please
post it here. Thanks in advance, Ironchicken.....
Will This Code Work
php linking script ?p= (5) hi i'm not that great at php so i'm not to sure if this will work or not. but what i want to
do is be able to use ?p=staff or what ever page name, with out the php extion, and i would like to
no if this simple script i made would work. the code is: CODE $p = $_GET ; if ( !empty($p) &&
file_exists('./' . $p . '.php') && stristr( $p, '.' ) == False ) { // pages
= directory where you store your pages $file = './' . $p . '.php'; } else { //
1.php = defult page $file = './index.php'; } include $file; ?> ....
Php Sessions And Post Variables Issues
My script dosent seem to work as intended (1) You can test it out for yourself at http://sonesay.trap17.com/application.php I've been
working on this page locally and it seems to be working fine but when I upload it to my trap17
account the post variables dont get saved properly. Fill in some fields and submit it, the form
will come up as a empty field yet when you resubmit it without any modifications and the data you
entered in orginally will now magically appear, resubmit it again and it will be gone. This is
really annoying as I have no clue why it would be doing this when it seems to work fine locally.....
Html Code Tester. Online Script
(15) Yes, yes. I have another script that I have written and I am distributing. I am not entirely sure if
this works. I have not tested it yet, but I will later and post back with a demo and fix it up.
Current script: CODE //Save this as something like htmltest.php function CheckForm() {
$html_unsafe=$_POST ; //Gives us our user input $html_safe=str_replace(" //Starts security measures
$html_safe=str_replace("?>"," ",$html_safe); //User input now secure server side //Still security
issues client side echo $html_safe; //echos our statement } //End function //Main script....
Very Simple Online Now Script
This is a very simple online now script. (4) Hi all, Its Aldo. anyways, I wont be using the method of pagination, i will just tell you how to
make a basic online now script. When someone logs in, now take into consideration that the name of
the username input is username ( First ,create a table in your database saying online now and add 2
fields to it. id and username CODE id type=integer(INT) , auto increment, length =255 and
username = VARCHAR length=the limit a username should be in your site now from there we take off
: CODE //logged.php //authentication script //connection script //if connectio....
Creatting A Playlist Through Php
script help needed (5) Hi I am trying to make a script so that i can insert songs into a playlist, but i need a script in
which it opens the playlist file and removes the closing tag at the end, so before i can add more
entrys. e.g CODE Location 5 Location 4 Location 3 Location 2 Location 1 But to
add more entrys i would have to get rid of the atx, then use the fputs to place the new entry into
the file. code tags added Topic title modified. ....
What Kind Of Script Do You Need ?
post here and get free script (15) Hi everybody sorry if i posting here , i know I want design free PHP script and i dont know
webmasters what kind of scripts want i think its better to aks here becuase trap17 is very nice
webmasters forum So , Plz post here what kind of script with details you need ! sorry may en is
not very well for example you need "upload center" : write "upload center" with upload center
options ( like Ajax , Fast , multi lan and ... ) with this post we can give script details and
webmasters idea /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif"....
Wappy Buddy V1.10 - Tibia Gold Edition By Wappy & Jon Roig
the official wap download script (3) By downloading this script you are agreeing to the license and terms outlined below /biggrin.gif"
style="vertical-align:middle" emoid=":D" border="0" alt="biggrin.gif" /> QUOTE /** * *
@package: wappyBUDDY - Tibia Gold Edition * @version: 1.10 2006/10/01 00:00:01 wappy * @copyright:
©2003, 2006 jon roig, wappy * @release notes: this is the first official release of my download
script despite pirate and incomplete copies floating around that were stolen from one of my previous
servers. The next release will follow very shortly * @terms: wappyBUDDY is free softw....
Free Auction Script
Any Suggestions? (6) Any free auction script suggested? I want it to be as many practical functions as possible, yet
easy to manage. And more importantly, it is free! Appreciate your kind suggestions!....
Wappychat_oldskool
old version of my wap chat script :-) (15) here is a very old version of my wap chat script, its not very advanced but has privates, smileys
etc. I will post some further versions (with owner, admin, mod status and profiles) when i have time
to write the readme/install instructions for them. You will find instructions inside the zip. If you
have any problems post here but i know it don't work on all servers for some reason but it does
work on the trap server so will be cool ok /tongue.gif" style="vertical-align:middle" emoid=":P"
border="0" alt="tongue.gif" /> ....
Script That Tracks The User Status
how can I track on or offline users? (4) long explaination: hey, I'm building a user profile site right now. And, I kinda know how to
make a online/offline detector, but not totally sure. I know I can make a mysql database to track
them, but how does it entrer the information? I could easily put in a field where when they login it
sets them to online, but if they don't sign out, and just exit the browser, how can I tell.
short: I want someone to tell me how to make a online/offline status detector, like they have here
on trap17. I'd be thrilled if you can post to this, thanks, arcticsnpr....
Watermark Your Image With Simple Php Script
found it on the net (35) This script was found on the net http://tips-scripts.com/?tip=watermark#tip B&T's Tips &
Scripts site. Just in case the site may not show, I will include the code here: List of things
needed: 1. your image in any format 2. watermark image--in gif format with transparent background 3.
script below with name (i.e. watermark.php) CODE // this script creates a watermarked image
from an image file - can be a .jpg .gif or .png file // where watermark.gif is a mostly transparent
gif image with the watermark - goes in the same directory as this script // where this....
Transfer Variables To Another Php Script
(9) Hello, I've one registration page where the users fills in their information, is it possible to
trasnfer the things the fill in on the registration page to another script that does someting and
returnes something to the first page like true/false and then the registration gives an error
messange if the other php script returned false? Something like the script "activates" another
script that does something and returnes the result back to the original script. Best Regards ....
Parse: Error Unexpected T_lnumber
php parse error when running script (4) Hi. I've just created a php script. The main object of the script is to delete some old files
and replace it with a new file with some new content, effectively moving the contents from one file
to another. These are the first 50 lines of the file: /* Calculate For The "A" Group - The
Latest Games ID */ $a_B = 002; while(file_exists("a_" . $a_B . ".dat")) { $a_B++; }
$new_page_contents = " " . $_POST . " " . $_POST . " include
\"/home/cmatcme/public_html/footer.php\"; ?> "; $a_stream = fopen($a_B . ".cmat", "w+");
fwri....
Script: Php Jukebox
A one file script! (6) This scripts is so simple, you dont need to edit ANY of it! All you have to do is make a folder
called 'songs' and put some audio files in it. Here is the whole page, I named it index.php
and put it in a folder called 'music': CODE PHP jukebox ©2005 Craig lloyd.
All rights reserved. Visit cragllo.com for more scripts --> /** * ©2005 Craig lloyd. All rights
reserved. * * Mod Title: Simple PHP Jukebox * Author: Craig Lloyd * Author
Email: cragllo@cragllo.com * Author Homepage: http://www.cragllo.com/ * Des....
Many Php Script Sites
(16) Hi I find many sites has PHP scripts :: http://www.proxy2.de/scripts.php http://www.free-php.net
http://knubbe.t35.com/ http://www.ngcoders.com/ http://www.oxyscripts.com/
http://www.phparena.net/ http://www.1phpstreet.com/ http://px.sklar.com/
http://www.scoznet.com/ http://php.resourceindex.com/ /blink.gif' border='0'
style='vertical-align:middle' alt='blink.gif' /> ....
Looking for securing, php, script, proccessing, input, advice
|
*SIMILAR VIDEOS*
Searching Video's for securing, php, script, proccessing, input, advice
*MORE FROM TRAP17.COM*
|
advertisement
|
|
