PHP/Jquery security

[tsm1248]

Whats up guys..just wanted to know if there is any security i should worry about on this

 

Is there anyway at all to by pass this post

Yes its overkill thats why im asking..

 

$(".like").click(function () {

  var id = $(this).parent().find(".id").val();

var url = 'id=' + escape(id) + '&submit=1';

$.ajax({

  type: "POST",

  url: "Actions/insert/up.php",

    cache: true,

    data: url,

  success: function(){........took out some code no reason to have

 

 

below is up.php

 

<?php

$id=stripslashes(trim(htmlentities(mysql_real_escape_string(strip_tags(strtolower(preg_replace('/\s+/','', $_POST['id'])))))));

$s=stripslashes(trim(htmlentities(mysql_real_escape_string(strip_tags(strtolower(preg_replace('/\s+/','', $_POST['submit'])))))));

$user=stripslashes(trim(htmlentities(mysql_real_escape_string(strip_tags(strtolower(preg_replace('/\s+/','', $_POST['user'])))))));

define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');

if(IS_AJAX) {

if (isset($_COOKIE['user']))

{

$connection = mysql_connect() or die(mysql_error());

mysql_select_db('mainframe', $connection) or die(mysql_error());

$idcheck=mysql_query("SELECT id FROM taken out WHERE id='$user' "); $rowic = mysql_fetch_array($idcheck); if ($idcheck){

if ($s=='1'){

mysql_query("INSERT INTO thumbsup (postidup,useridofup,typeof) VALUES ('$id','$user','up')")or die(mysql_error());

}else {die('Take it easy big guy!');}

 

}else {die('Take it easy big guy!');}

 

}else {die('Take it easy big guy!');}

 

}else {die('Take it easy big guy!');}

 

 

mysql_close($connection);

?>

[gizmola]

That looks ok, but why not use php sessions?  That is a lot safer than having a cookie named 'user' which would be easy enough to figure out and tamper with if you're a bad guy.

[tsm1248]

After long chats with security coders ..it got down to just using a cookie for site login as apposed to sessions; but create strings to verify the user..the cookie is far from secure itself its name i user and holds a number value being the id. After that cookie becomes secure then i will worry about verifying the user ect.. Of course it gets more detailed than that but as of right now as you can see user input and input in general needs to be precise the idea is what every goes into the system will be absolute so when the system processes the string and shoots it out the data has no flaws.

 

Thanks for the reply! 

[gizmola]

You don't understand how php sessions work.  If I wanted to screw around with your system the first thing i would do is start changing that number in the cookie to see what happens.  You have no way of verifying anything, because that cookie is your session. 

 

 

[tsm1248]

The cookie in the end is going to fit into an equation, as i said its only purpose is to hold a value like 1 key to a set of keys as of right now the way its used is a place holder (simple concept marker). Ignore the cookie for now. They both in the end no matter what are vulnerable to manipulation and hijacking. It gets down to do i want the user to be loged in long term or short term? The cookie in itself will hold 2 distinct variables 1 (key relevant to user) (2nd irrelevant yet very relevant to access) (2 keys) that fit into a lock that must then comply with the rest of the keys to gain access. I am very aware of the differences between a session and a cookie.

 

Here are a few good articles outlining some difficulties with this question.

http://www.phpshare.org/articles/Cookies-versus-Sessions

http://thinkvitamin.com/code/how-to-create-totally-secure-cookies/

 

Again I would like to stress that the cookie, is a simply a marker for a feature yet to be implemented. I rather have the user's input secure right now and worry about everything else later.

 

When i get to the cookies I will gladly shoot you a link to the app and let you have your way with it.

 

I still have't worry about Nginx and ajax push right now and these little problems are chilling in the back of the bus.