Jump to content

phpforfun

New Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by phpforfun

    PHP Ajax Game

    in PHP Coding Help

    Posted

    I am making a game with PHP and ajax but I have an issue. When a player joins a queue their user id is inserted into a database field called users. But when users either logout, close the browser, just leave the game in some form of way I need their id to be removed from that field. I know there is jquery .unload function but how reliable is that really? So could anyone help me in finding a reliable way of removing the user id from the field when they leave the game? thanks 

    PHP CSRF attacks

    in PHP Coding Help

    Posted

    Hey guys I am new to CSRF attacks and would like to know a little more about it. So I was messing with my code and here is what happened

    There is 2 pages, demo.php and edit_account.php

    demo.php and edit_account.php have the same exact form but the demo.php forms action value is edit_account.php.

    edit_account.php is where the database and everything gets updated.

    So when I submited the form on demo.php it went to edit_account.php and updated the database and everything because they have the same form names etc.

    So is this considered a CSRF attack and does this mean I need to put a "token" or whatever they do to protect from these attacks on EVERY form; because some hacker can just make a fake website, copy the form from inspect element and put it on their website and be updating the data on another website without even them knowing.

     

    Example form code that I tested and this attacked worked.

    <form action="edit_account.php" method="POST">
<br><br><table style="width:60%">
 <tr>
   <td><font style="font-size:22px;font-weight:bold;">Birthday:</font></td>
 <td>
   <label class="a"><select name="birth_day"><option value='0'>Day</option><option value="1">1</option>
<option value="2" selected>2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
</select></label><label class='a'><select name='birth_month'><option value="1">Month</option>
<option value="2">January</option>
<option value="3">February</option>
<option value="4">March</option>
<option value="5">April</option>
<option value="6">May</option>
<option value="7">June</option>
<option value="8">July</option>
<option value="9">August</option>
<option selected="selected" value="10">September</option>
<option value="11">October</option>
<option value="12">November</option>
</select></label><label class='a'><select name='birth_year'>
        <option value='private'>Year</option><option value="1900">1900</option>
<option value="1901">1901</option>
<option value="1902">1902</option>
<option value="1903">1903</option>
<option value="1904">1904</option>
<option value="1905">1905</option>
<option value="1906">1906</option>
<option value="1907">1907</option>
<option value="1908">1908</option>
<option value="1909">1909</option>
<option value="1910">1910</option>
<option value="1911">1911</option>
<option value="1912">1912</option>
<option value="1913">1913</option>
<option value="1914">1914</option>
<option value="1915">1915</option>
<option value="1916">1916</option>
<option value="1917">1917</option>
<option value="1918">1918</option>
<option value="1919">1919</option>
<option value="1920">1920</option>
<option value="1921">1921</option>
<option value="1922">1922</option>
<option value="1923">1923</option>
<option value="1924">1924</option>
<option value="1925">1925</option>
<option value="1926">1926</option>
<option value="1927">1927</option>
<option value="1928">1928</option>
<option value="1929">1929</option>
<option value="1930">1930</option>
<option value="1931">1931</option>
<option value="1932">1932</option>
<option value="1933">1933</option>
<option value="1934">1934</option>
<option value="1935">1935</option>
<option value="1936">1936</option>
<option value="1937">1937</option>
<option value="1938">1938</option>
<option value="1939">1939</option>
<option value="1940">1940</option>
<option value="1941">1941</option>
<option value="1942">1942</option>
<option value="1943">1943</option>
<option value="1944">1944</option>
<option value="1945">1945</option>
<option value="1946">1946</option>
<option value="1947">1947</option>
<option value="1948">1948</option>
<option value="1949">1949</option>
<option value="1950">1950</option>
<option value="1951">1951</option>
<option value="1952">1952</option>
<option value="1953">1953</option>
<option value="1954" selected>1954</option>
<option value="1955">1955</option>
<option value="1956">1956</option>
<option value="1957">1957</option>
<option value="1958">1958</option>
<option value="1959">1959</option>
<option value="1960">1960</option>
<option value="1961">1961</option>
<option value="1962">1962</option>
<option value="1963">1963</option>
<option value="1964">1964</option>
<option value="1965">1965</option>
<option value="1966">1966</option>
<option value="1967">1967</option>
<option value="1968">1968</option>
<option value="1969">1969</option>
<option value="1970">1970</option>
<option value="1971">1971</option>
<option value="1972">1972</option>
<option value="1973">1973</option>
<option value="1974">1974</option>
<option value="1975">1975</option>
<option value="1976">1976</option>
<option value="1977">1977</option>
<option value="1978">1978</option>
<option value="1979">1979</option>
<option value="1980">1980</option>
<option value="1981">1981</option>
<option value="1982">1982</option>
<option value="1983">1983</option>
<option value="1984">1984</option>
<option value="1985">1985</option>
<option value="1986">1986</option>
<option value="1987">1987</option>
<option value="1988">1988</option>
<option value="1989">1989</option>
<option value="1990">1990</option>
<option value="1991">1991</option>
<option value="1992">1992</option>
<option value="1993">1993</option>
<option value="1994">1994</option>
<option value="1995">1995</option>
<option value="1996">1996</option>
<option value="1997">1997</option>
<option value="1998">1998</option>
<option value="1999">1999</option>
<option value="2000">2000</option>
<option value="2001">2001</option>
<option value="2002">2002</option>
<option value="2003">2003</option>
<option value="2004">2004</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<option value="2009">2009</option>
<option value="2010">2010</option>
<option value="2011">2011</option>
<option value="2012">2012</option>
<option value="2013">2013</option>
<option value="2014">2014</option>
<option value="2015">2015</option>
</select></label>     <br><br>

    PHP $_GET Security

    in PHP Coding Help

    Posted

    Hey guys,

    So I wanted to know what security measures I would have to take when retrieving user information from the database with the $_GET method. The $_Get would be the user_id so do I need to add some if statements to make sure its an integer, not empty etc. And what function would I use for in case of the user attempts to break the website by changing the url with commas,malicious code, etc. 

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.