Monkuar Posted February 17, 2012 Share Posted February 17, 2012 we have a hacker on my forum using -1424 values as inputs how do i block and make sure the input is not anything negative? Quote Link to comment https://forums.phpfreaks.com/topic/257162-we-have-a-hacker-on-my-forum/ Share on other sites More sharing options...
Pikachu2000 Posted February 17, 2012 Share Posted February 17, 2012 You need to validate that the values are zero or greater when you validate the rest of the form data. Quote Link to comment https://forums.phpfreaks.com/topic/257162-we-have-a-hacker-on-my-forum/#findComment-1318240 Share on other sites More sharing options...
Monkuar Posted February 17, 2012 Author Share Posted February 17, 2012 if (isset($ibforums->input['star'])) { if ($ibforums->input['star'] > $this->member['max_stars']){ //They trying to hack my stars... $std->Error2("You cannot choose a star you don't have access to..."); }else{ $DB->query("UPDATE ibf_members set star='{$ibforums->input['star']}' WHERE id='".$this->member['id']."'"); } Max stars is set at as 0 I put my tamper data plugin to try to perform how the hacker hacked, and put -125 or any - number and it worked. how does it work thougih? when the -1235 is not greater then 0? Max_stars is at 0 Quote Link to comment https://forums.phpfreaks.com/topic/257162-we-have-a-hacker-on-my-forum/#findComment-1318243 Share on other sites More sharing options...
Pikachu2000 Posted February 17, 2012 Share Posted February 17, 2012 Read your conditional statement again, and use the values you set out above. if ($ibforums->input['star'] > $this->member['max_stars']){ //They trying to hack my stars... $std->Error2("You cannot choose a star you don't have access to..."); It says, "IF -1235 is greater than ZERO, that's an error condition. Otherwise, since -1235 is NOT greater than zero, update the database" Quote Link to comment https://forums.phpfreaks.com/topic/257162-we-have-a-hacker-on-my-forum/#findComment-1318247 Share on other sites More sharing options...
Monkuar Posted February 17, 2012 Author Share Posted February 17, 2012 Read your conditional statement again, and use the values you set out above. if ($ibforums->input['star'] > $this->member['max_stars']){ //They trying to hack my stars... $std->Error2("You cannot choose a star you don't have access to..."); It says, "IF -1235 is greater than ZERO, that's an error condition. Otherwise, since -1235 is NOT greater than zero, update the database" ok, my bad overlooked it. I need to check now if it's negative tho, so I can echo out "Stop being Nawty" is there a php function that helps and protects all - inputs and turns them positive? I have a lot of fixing up to do.. he hacked everything Quote Link to comment https://forums.phpfreaks.com/topic/257162-we-have-a-hacker-on-my-forum/#findComment-1318248 Share on other sites More sharing options...
Pikachu2000 Posted February 17, 2012 Share Posted February 17, 2012 abs will return the absolute value, but you probably should just make it a validation error instead. if( $ibforums->input['star'] > $this->member['max_stars'] || $ibforums->input['star'] < 0 ) { Quote Link to comment https://forums.phpfreaks.com/topic/257162-we-have-a-hacker-on-my-forum/#findComment-1318249 Share on other sites More sharing options...
Monkuar Posted February 17, 2012 Author Share Posted February 17, 2012 if ($ibforums->input['amount'] < 0){ $std->Error2("Stop being nawty"); } thanks pikachu topic solved Quote Link to comment https://forums.phpfreaks.com/topic/257162-we-have-a-hacker-on-my-forum/#findComment-1318253 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.