Jump to content

Some security issues ...


enkidu72

Recommended Posts

Hello all ,
I'm coding ( as a noob :)) an application to access to a mysql db to insert and search for books ..

There are two kinds of user, user and admin , authentified by a user/pass stored into the db . Admins have perm=1
and users = 0 . I have basically 2 problems . If u hit the "back" button of the browser u can get access again to the
pages visited previously by an admin o user .
Some quotes :

<?
session_start();

header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
?>

---------------
if (((isset($_SESSION['user'])) &&  ($_SESSION['perms'] == 1))&& (isset($_SESSION['logged']) && $_SESSION['logged']=='1')){


This stuff works perfectly if u don't hit back button and then reload ...

Another question ... I'd like to escape the input .
Which is the better way ? Basically I need to check the user/pass and the input for inserting new books .
It's  mysql_real_escape_string() what I'm looking 4 ? or maybe addslashes() &
stripslashes() ? or escapeshellcmd can do ?

Thx in advance

David






Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.