WarDeities Posted August 3, 2007 Share Posted August 3, 2007 I have my own game at www.wardeities.com and last night I had a security problem...I don't know what happened, but somehow someone was able to run 2 of my cron files a total of 1000 times each. I had the crons password protected. I was wondering if there is a way to put more than one password on it? This is the old code: $password = "password"; if(!isset($_GET['password']) || $_GET['password']!=$password) { die("You are NOT AUTHORIZED to run this page!"); } To get the cron to work you need to go to http://www.wardeities.com/cron/godcron1.php?password=password (The password was obviously NOT password) And it worked perfectly!!! Now I am trying to run a code like this: (Again these are obviously NOT the passwords, mearly examples) $password1 = "password1"; $password2 = "password2"; $password3 = "password3"; if(!isset($_GET['password1']) || $_GET['password1']!=$password1) { die("You are NOT AUTHORIZED to run this page1!"); } else if(!isset($_GET['password2']) || $_GET['password2']!=$password2) { die("You are NOT AUTHORIZED to run this page2!"); } else if(!isset($_GET['password3']) || $_GET['password3']!=$password3) { die("You are NOT AUTHORIZED to run this page3!"); } I thought you would go to: http://www.wardeities.com/cron/godcron1.php?password1=password1?password2=password2?password3=password3 That didn't work so I tried: http://www.wardeities.com/cron/godcron1.php?password1=password%20password2=password2%20password3=password3 Still didn't work so I tried: http://www.wardeities.com/cron/godcron1.php?password1=password;20password2=password2;password3=password3 You guessed it...still didn't work...I was wondering if it is possible at all to do mor than isset $_GET statement in a single url... I have tried a few other things, but nothing is working...if anyone knows please help me!!! Quote Link to comment Share on other sites More sharing options...
plutomed Posted August 3, 2007 Share Posted August 3, 2007 Try this $password1 = "password1"; $password2 = "password2"; $password3 = "password3"; if(!isset(($_GET['password1'])) || ($_GET['password1']!=$password1)) { die("You are NOT AUTHORIZED to run this page1!"); } else if((!isset($_GET['password2'])) || ($_GET['password2']!=$password2)) { die("You are NOT AUTHORIZED to run this page2!"); } else if((!isset($_GET['password3'])) || ($_GET['password3']!=$password3)) { die("You are NOT AUTHORIZED to run this page3!"); } Quote Link to comment Share on other sites More sharing options...
WarDeities Posted August 3, 2007 Author Share Posted August 3, 2007 The code portion is working fine to the best of my knowledge, but i have know clue what to type in the address bar to get all 3 of the issets.... ??? Quote Link to comment Share on other sites More sharing options...
plutomed Posted August 3, 2007 Share Posted August 3, 2007 I added a second set of brackets round each statement, highlighted in bold. if[b]([/b](!isset($_GET['password1'])[b])[/b] || [b]([/b]$_GET['password1']!=$password1)[b])[/b] { die("You are NOT AUTHORIZED to run this page1!"); } else if[b]([/b](!isset($_GET['password2'])[b])[/b] || [b]([/b]$_GET['password2']!=$password2)[b])[/b] { die("You are NOT AUTHORIZED to run this page2!"); } else if[b]([/b](!isset($_GET['password3'])[b])[/b] || [b]([/b]$_GET['password3']!=$password3)[b])[/b] { die("You are NOT AUTHORIZED to run this page3!"); } Quote Link to comment Share on other sites More sharing options...
teng84 Posted August 3, 2007 Share Posted August 3, 2007 i dont know what runs on the back of your mind but suddenly password should not be seen so dont use url or get for that now maybe you should use one query string only an put a condition for all the way you do it is redundant and wrong may i say Quote Link to comment Share on other sites More sharing options...
WarDeities Posted August 3, 2007 Author Share Posted August 3, 2007 I have cron jobs run the file...i was just wondering if there is a way to put more the one statement into the url...the code portion works fine, but I am not sure what to type in the url address bar for the file to work correctly. if you can even put more than one statement into the url bar! Quote Link to comment Share on other sites More sharing options...
teng84 Posted August 3, 2007 Share Posted August 3, 2007 you can put it as long as it didn't reach the max limit of get value any way thats big and i dont think you can have it all used Quote Link to comment Share on other sites More sharing options...
WarDeities Posted August 3, 2007 Author Share Posted August 3, 2007 what do you use to seperate /cron.php?password1=password1 & password2=password2??? I have tried spaces, slashes, questionmarks, %20, and semi=colon.....I don't know what the actually address should be.... what character(s) is/are used to seperate the two or more variables? If I put the correct password for passwod1 I get the second die statement...if i try to type anything past password 1 I get the first die statement..... I'm soo lost right now... Quote Link to comment Share on other sites More sharing options...
teng84 Posted August 3, 2007 Share Posted August 3, 2007 ooooppppppsssss wait url should looooook like this test.php?name=teng&age=secret&location=phil not test.php?name=teng?age=secret?location=phil Quote Link to comment Share on other sites More sharing options...
simcoweb Posted August 3, 2007 Share Posted August 3, 2007 Couldn't you pass the info like: http://www.yoursite.com/filename.php?item1=bozo&item2=clown&item3=bigtop Quote Link to comment Share on other sites More sharing options...
WarDeities Posted August 3, 2007 Author Share Posted August 3, 2007 Your the best!!!! It worked perfectly :D :D Thanks again!!!! I didn't know & was the sepereating character...thanks again guys!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.