| |||||||
| Programming PHP, Perl, Ruby on Rails, AJAX, HTML, XHTML, CSS, JavaScript, MySQL and any other coding topics. |
![]() |
| | LinkBack | Thread Tools |
| | #1 (permalink) |
| NamePros Regular | Urgent help please (Experts) Hello, I need help on a security filter script / access logging. A script that will filter all incomming $_POST and $_GET data. Check every variable for data manipulation, cross site scripting vulnerabilities, sql injection and all standard php vulnerabilities. Script should output original $_POST and $_GET arrays with malicious characters/code removed or replaced by it's equivalent. The script should not die() or exit(). If malicious code found, issue javascript alert and redirect to page where it came from, notify admin via email. Also, create an array for variables which shouldn't be processed by the script which can be passed to the script in terms of global variables. This script will be included in files. It has to contain routine for access logging. IP,DATE,TIME,REFERRER,URI_STRING,QUERY_STRING,GET, POST, SESSION data. Storing --- DB. Design DB table for it. Please help or make a sort of script and i can give the person points about 100 $NP or maybe even 200 $NP Would really appreicate any help Regards,
__________________ Live Support : Zubair11 [at] hotmail.com Free SEO Directory! || Free Games and Songs || eBloggy.net Zubair.info || Mixcat Interactive |
| |
| | #2 (permalink) |
| Senior Member | well, here's a simple script to screen the incoming $_POST and $_GET variables, I don't know what else you need: PHP Code:
__________________ ----------------------------------------------------- |-----FREE BANNER EXCHANGE! 1:1 RATIO!!!!-----| |-------------www.bannercenter.info-------------| ----------------------------------------------------- |
| |
| | #3 (permalink) |
| DNOA Member | SQL Injection Prevention, basic: mysql_real_escape_string($variable);
__________________ codeboards A high-quality community of programmers -- Join today and post! We want new members! |
| |
| | #5 (permalink) | |
| NamePros Regular | Quote:
i need it to secure my script it will be included in the files I need a script to check for incoming data by GET & POST super globals and check for every variable data manuplation, cross site scripting vunerabilities, sql injections and all the other standard php vunerabilities. the script should output the variables removing all the malicous stuff from it or replacing it with its equalvent. Also, create an array for variables in the script which shouldn't be processed by the script which can be passed to the script in terms of global variables. Would really appreicate some one can do this for me Regards,
__________________ Live Support : Zubair11 [at] hotmail.com Free SEO Directory! || Free Games and Songs || eBloggy.net Zubair.info || Mixcat Interactive | |
| |
| | #6 (permalink) |
| Senior Member | well, to do the first part of what you wanted, just use the code I posted earlier. Somebody else that knows how can add the rest you need, because I don't.
__________________ ----------------------------------------------------- |-----FREE BANNER EXCHANGE! 1:1 RATIO!!!!-----| |-------------www.bannercenter.info-------------| ----------------------------------------------------- |
| |
| | #7 (permalink) | |
| NamePros Regular | Quote:
i am donating some $np's to your account.....really appreicate the help can anyone else complete this? Regards,
__________________ Live Support : Zubair11 [at] hotmail.com Free SEO Directory! || Free Games and Songs || eBloggy.net Zubair.info || Mixcat Interactive | |
| |
| | #8 (permalink) |
| New Member | The first object of good script design is to only handle what you expect. If your script creates / processes a form. Then you know what to expect. The second object of good script design is to CAST name value pairs so they only contain what they should. People spend to much time on testing variables when they should auto CAST them so they don't need to worry about them during the rest of the script process! So what I am saying... If it by POST then use POST, if it's by GET use GET, if a value is INT, cast as INT, if a value is a STR, NO HTML, then strip it so it only contains what you want it to. If it's a STR, HTML then encode it. If a element is missing then create it. After unset() all the SUPER GLOBALS to maintain smart memory usage and continue with the script process! You can create a simple 7 or 8 line function to do this, it will save you much time but more importantly it will make your scripts faster and much easier to manage! John |
| |
![]() |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| please, urgent! www.CiberArt.com | sabbella | Domain Appraisals | 1 | 05-27-2005 04:36 AM |
| Urgent Vbulletin Forum Help Required! Please Help! | Billy! | Programming | 6 | 01-12-2005 03:25 AM |
| hackbox.com , Please appraise, Urgent | suthra | Domain Appraisals | 4 | 10-13-2004 06:59 PM |
| Urgent! Wanted! Forum Skin Design, Hacks, For a Car Forum! Urgent! | Billy! | Web Design Discussion | 0 | 10-13-2004 02:50 AM |
| ==== URGENT !!! MAMBO fans or experts wanted === | johnn | For Sale / Advertising Board | 1 | 04-02-2004 04:29 PM |