Jump to content

Recommended Posts

so I have been making a php chat service, and when i use this code:

Welcome <?php echo $_COOKIE["username"]; ?><br>
chatroom: <?php echo $_COOKIE["chatroom"]; ?>
<?php

$phpfile=$_COOKIE["chatroom"];
$chpage = $phpfile .".php";
$chtext = $phpfile .".txt";


$filename = $_COOKIE["chatroom"] . ".txt"; 
$myfile = fopen($filename, "r") or die("Unable to open file!");
fopen($myfile);
fclose($myfile);

include $chtxt;

?>

<form action="post.php" method="post">
message: <input type="text" name="msg"><br>
<input type="submit">
</form>

I get a 403 error. I does anyone know that is wrong with the code? 

 

there are more files that set the cookies but they work fine. I can't find anything wrong. please help.

 

 

Link to comment
https://forums.phpfreaks.com/topic/288484-403-error-on-code/
Share on other sites

No offense, but this whole thing is just weird. You cannot use this approach.

 

Do you really think it's a good idea to let the client choose which files should be included? Has it never occured to you that this might be a bit ... dangerous? Anybody is now able to read any file on your server as long as the webserver has access to it. Even worse, they can even execute any PHP script on your server or even from a remote location. This is the perfect way to get yourself hacked.

 

I think it's best to start from scratch and do it in a sane way this time. If you need help with the planning, I'm sure we can help you.

Link to comment
https://forums.phpfreaks.com/topic/288484-403-error-on-code/#findComment-1479452
Share on other sites

This is just my firs php script, only for my friends and I.

 

Unfortunately, the people breaking into servers don't care about that. If you plan to upload your code at some point of time, it must be secure.

 

Of course it takes time until you fully understand the various security issues. But I strongly recommend that you start thinking about this as early as possible and generally exercise common sense. The golden rule of security is: Do not trust user input. Every piece of data coming from the user must be regarded as harmful. So the last thing you want is include an unknown file just because the user told you so.

Link to comment
https://forums.phpfreaks.com/topic/288484-403-error-on-code/#findComment-1479462
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.