sportsquid Posted May 14, 2014 Share Posted May 14, 2014 so I have been making a php chat service, and when i use this code: Welcome <?php echo $_COOKIE["username"]; ?><br> chatroom: <?php echo $_COOKIE["chatroom"]; ?> <?php $phpfile=$_COOKIE["chatroom"]; $chpage = $phpfile .".php"; $chtext = $phpfile .".txt"; $filename = $_COOKIE["chatroom"] . ".txt"; $myfile = fopen($filename, "r") or die("Unable to open file!"); fopen($myfile); fclose($myfile); include $chtxt; ?> <form action="post.php" method="post"> message: <input type="text" name="msg"><br> <input type="submit"> </form> I get a 403 error. I does anyone know that is wrong with the code? there are more files that set the cookies but they work fine. I can't find anything wrong. please help. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 14, 2014 Share Posted May 14, 2014 No offense, but this whole thing is just weird. You cannot use this approach. Do you really think it's a good idea to let the client choose which files should be included? Has it never occured to you that this might be a bit ... dangerous? Anybody is now able to read any file on your server as long as the webserver has access to it. Even worse, they can even execute any PHP script on your server or even from a remote location. This is the perfect way to get yourself hacked. I think it's best to start from scratch and do it in a sane way this time. If you need help with the planning, I'm sure we can help you. Quote Link to comment Share on other sites More sharing options...
sportsquid Posted May 14, 2014 Author Share Posted May 14, 2014 This is just my firs php script, only for my friends and I. ok back to the drawing board... Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 14, 2014 Share Posted May 14, 2014 This is just my firs php script, only for my friends and I. Unfortunately, the people breaking into servers don't care about that. If you plan to upload your code at some point of time, it must be secure. Of course it takes time until you fully understand the various security issues. But I strongly recommend that you start thinking about this as early as possible and generally exercise common sense. The golden rule of security is: Do not trust user input. Every piece of data coming from the user must be regarded as harmful. So the last thing you want is include an unknown file just because the user told you so. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.