barefootsanders Posted April 15, 2007 Share Posted April 15, 2007 Hey everyone. I have been developing a 2d browser based game with PHP and MySQL. It is not finished yet but it is close. I was hoping someone experienced in PHP could help me make it as secure as possible. I am good with PHP however I don't have very good knowledge with PHP security. If anyone is willing to help please shoot me an email at solidgold10287@aol.com. Thanks! Quote Link to comment Share on other sites More sharing options...
neel_basu Posted April 15, 2007 Share Posted April 15, 2007 If you have any security issue to discuss post it. or If you have some security releted Problem / doubt Post Some Codes. Quote Link to comment Share on other sites More sharing options...
barefootsanders Posted April 15, 2007 Author Share Posted April 15, 2007 Well I read somewhere that the command $_GET was not all that secure along with include() statements. This my center <div> which loads the correct page based on what someone clicked. The links are set up like this: <li><a href="index.php?page=userinfo&id=<?php echo $session->userid;?>">My Account</a></li> And heres the code: <?php $page = $_GET['page']; switch ($page) { case register: //Register was clicked include("register.php"); break; case welcome: //The main home page include("welcome.php"); break; case userinfo: //User info page include("userinfo.php"); break; case useredit: //User edit page include("useredit.php"); break; case levelup: include("levelup.php"); break; case attack: //Attack page include("attack.php"); break; case admincenter: //Admin center - FOR ADMINS ONLY! include("admin/admin.php"); break; case newfamily: //Create a new family page include("newfamily.php"); break; case familyinfo: include("familyinfo.php"); break; case familyinvite: include("familyinvites.php"); break; case editfamily: include("editfamily.php"); break; case travel: include("travel.php"); break; case viewmap: include("viewmap.php"); break; case forgotpass: //Forgot password was clicked include("forgotpass.php"); break; default: include("welcome.php"); } ?> Quote Link to comment Share on other sites More sharing options...
neel_basu Posted April 15, 2007 Share Posted April 15, 2007 <li><a href="index.php?page=<?php echo base64_encode('userinfo');?>&id=<?php echo base64_encode($session->userid);?>">My Account</a></li> Use base64_decode() To Decode the encoded String. switch (base64_decode($page)) Quote Link to comment Share on other sites More sharing options...
barefootsanders Posted April 15, 2007 Author Share Posted April 15, 2007 <li><a href="index.php?page=<?php echo base64_encode('userinfo');?>&id=<?php echo base64_encode($session->userid);?>">My Account</a></li> Use base64_decode() To Decode the encoded String. switch (base64_decode($page)) I see where this could help however I wanted each user to have a unique ID that could be used to access ones profile. So say one wanted to view another profile I wanted to just have the user click on their profile which would give the user their own profile and then they could just change the number to the certain ID they wanted to view. Is this not a secure way to do things?? Quote Link to comment Share on other sites More sharing options...
neel_basu Posted April 16, 2007 Share Posted April 16, 2007 you can remove the base64_encode() from id its ok. But removing base64_encode() from ?page=<?php echo base64_encode('userinfo');?> is a very non secure idea Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.