bruckerrlb Posted June 29, 2010 Share Posted June 29, 2010 I have a new app that I'm administering and noticed the guy who developed it let a little security hole get through. The website displays pages like example.com?company_id=$company_id and that displays the link like example.com?company_id=25 for example. Now, if we take out that company_id so the link looks like example.com?company_id= Everyones information is shown this way. What would be the fastest way to get this fixed? I've tried setting it up as if ($Company_Id != $_SESSION['UserID'] || is_null($Company_Id)) { header("Location: index.php"); } Yet, it still keeps getting through, does anyone have any suggestions? Link to comment https://forums.phpfreaks.com/topic/206185-security-issue-and-sessions/ Share on other sites More sharing options...
Pikachu2000 Posted June 29, 2010 Share Posted June 29, 2010 Add an exit(); after the header redirect to stop the script from executing further, and see if that helps. Also, pass some bogus/empty/NULL values to the conditional to see how they are evaluated, and what happens. Without seeing more of the code, that's about all I can come up with at the moment. Link to comment https://forums.phpfreaks.com/topic/206185-security-issue-and-sessions/#findComment-1078786 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.