Hello everyone! I have recently started to learn the PHP landing interface is this meaning if the account and password as the database so give a session= user name
Then at each interface to detect whether legitimate users with include check.php
The main idea of the code is that if the session is empty then prompt illegal but found that the security is very poor what are the good ideas and code?
The novice doesn't have much to be ashamed of
Reply to discussion (solution)
Session is a global variable, you can check any page to see if there is any value in the session
Session is a global variable, you can check any page to see if there is any value in the session
My original Checka. That's how it's written in PHP.
Session_Start ();
if ($_session[admin_name]== "") {
echo "";
}
?>
But it doesn't feel safe. If the external illegal submission of a form in the use of seession== "arbitrary content" can be executed. How to change
$_session["admin_name]==" "and session==" "not the same.
Please let us know your PHP version.
if ($_session[admin_name]== "") {
Should write
if (! isset ($_session[' admin_name ')) {
Version of 5.4.3
Hit the wrong 5.3.4
if the external illegal submission of a form in the use of seession== "arbitrary content" can be executed
Are you imagining it or is it true?
if the external illegal submission of a form in the use of seession== "arbitrary content" can be executed
Are you imagining it or is it true?
The code in my Checka is as follows
Permission validation
2014-3-20
by Liu
Session_Start ();
if ($_session[' username ']== "") {
echo "";
}
?>
The login code is as follows
Verify login Information
2014-3-24
by Liu 1s
Session_Start ();
Include_once ' connss.php ';
if ($_post[' submit ']) {
$username =$_post[' username '];
$USERPASSWD =$_post[' Userpass '];
$answers =$_post[' answers '];
$USERPASSWD =md5 ($USERPASSWD);
$sql = "SELECT * from user where username= ' $username '";
$query =mysql_query ($sql);
$row =mysql_fetch_array ($query);
if ($row [' Answers ']== $answers) {
if ($row [' username ']== $username) {
if ($row [' userpasswd ']== $userpasswd) {
$_session[' username ']= $username;
echo "";
}
else {
echo "";
}}
else {
echo "";
}}
else {
echo "";
}
?>
I include checka.php in front of each page
Then I create a new PHP to mimic the external commit content for a form to add news then start with session_start ();
$_session[' username ']== "123";
Discovery can be submitted successfully! Solving
Session_Start ();
$_session[' username ']= "123";
PHP program, not form can be submitted!
Of course, if someone goes to your server and modifies your program, it's another matter.
Session_Start ();
$_session[' username ']= "123";
PHP program, not form can be submitted!
Of course, if someone goes to your server and modifies your program, it's another matter.
Just want to ask me to write this checka.php is not safe if not how to modify it thank you
It should be safe.
It should be safe.
Is there any other way of thinking?
Study!!!