barefootsanders Posted April 15, 2007 Share Posted April 15, 2007 Hey everyone. I have been developing a 2d browser based game with PHP and MySQL. It is not finished yet but it is close. I was hoping someone experienced in PHP could help me make it as secure as possible. I am good with PHP however I don't have very good knowledge with PHP security. If anyone is willing to help please shoot me an email at [email protected]. Thanks! Link to comment https://forums.phpfreaks.com/topic/47130-help-with-php-security/ Share on other sites More sharing options...
neel_basu Posted April 15, 2007 Share Posted April 15, 2007 If you have any security issue to discuss post it. or If you have some security releted Problem / doubt Post Some Codes. Link to comment https://forums.phpfreaks.com/topic/47130-help-with-php-security/#findComment-229827 Share on other sites More sharing options...
barefootsanders Posted April 15, 2007 Author Share Posted April 15, 2007 Well I read somewhere that the command $_GET was not all that secure along with include() statements. This my center <div> which loads the correct page based on what someone clicked. The links are set up like this: <li><a href="index.php?page=userinfo&id=<?php echo $session->userid;?>">My Account</a></li> And heres the code: <?php $page = $_GET['page']; switch ($page) { case register: //Register was clicked include("register.php"); break; case welcome: //The main home page include("welcome.php"); break; case userinfo: //User info page include("userinfo.php"); break; case useredit: //User edit page include("useredit.php"); break; case levelup: include("levelup.php"); break; case attack: //Attack page include("attack.php"); break; case admincenter: //Admin center - FOR ADMINS ONLY! include("admin/admin.php"); break; case newfamily: //Create a new family page include("newfamily.php"); break; case familyinfo: include("familyinfo.php"); break; case familyinvite: include("familyinvites.php"); break; case editfamily: include("editfamily.php"); break; case travel: include("travel.php"); break; case viewmap: include("viewmap.php"); break; case forgotpass: //Forgot password was clicked include("forgotpass.php"); break; default: include("welcome.php"); } ?> Link to comment https://forums.phpfreaks.com/topic/47130-help-with-php-security/#findComment-229835 Share on other sites More sharing options...
neel_basu Posted April 15, 2007 Share Posted April 15, 2007 <li><a href="index.php?page=<?php echo base64_encode('userinfo');?>&id=<?php echo base64_encode($session->userid);?>">My Account</a></li> Use base64_decode() To Decode the encoded String. switch (base64_decode($page)) Link to comment https://forums.phpfreaks.com/topic/47130-help-with-php-security/#findComment-229838 Share on other sites More sharing options...
barefootsanders Posted April 15, 2007 Author Share Posted April 15, 2007 <li><a href="index.php?page=<?php echo base64_encode('userinfo');?>&id=<?php echo base64_encode($session->userid);?>">My Account</a></li> Use base64_decode() To Decode the encoded String. switch (base64_decode($page)) I see where this could help however I wanted each user to have a unique ID that could be used to access ones profile. So say one wanted to view another profile I wanted to just have the user click on their profile which would give the user their own profile and then they could just change the number to the certain ID they wanted to view. Is this not a secure way to do things?? Link to comment https://forums.phpfreaks.com/topic/47130-help-with-php-security/#findComment-229844 Share on other sites More sharing options...
neel_basu Posted April 16, 2007 Share Posted April 16, 2007 you can remove the base64_encode() from id its ok. But removing base64_encode() from ?page=<?php echo base64_encode('userinfo');?> is a very non secure idea Link to comment https://forums.phpfreaks.com/topic/47130-help-with-php-security/#findComment-230163 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.