|
|
|
|
Like this code?
Show the author your appreciation.
|
|
| |
Making your URL $_GET param's can be tricky sometimes.
It is one of the easier things to overlook when it comes to security.
It is also one of the easiest ways to break a website.
With this function you can make sure your URL
$_GET params are only going to accept what you want them to.
| //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/**
/** Written on 1-17-06 by Joe F for http://bashmyex.com
*
* secure_url_param - determine if url param is valid
* if not valid - deny it. if valid - accept it.
*
* EXAMPLE USAGE: $bash = secure_url_param($num=$_GET['bash'], $nonum);
*
* is valid - http://bashmyex.com/index.php?action=bash&bash=1
* is not valid - http://bashmyex.com/index.php?action=bash&bash=F1
*
* @param string $num check get value for number. if no number - deny it
*
* @param string $nonum check get value for num/alpha. if not - deny it
*
* can also add other characters you wish to allow for $nonum
* I added an allowed _ for example purposes
*
*/
function secure_url_param($num=FALSE, $nonum=FALSE)
{
if ($num)
{
$correct = is_numeric($num);
if ( $correct ) { return $num; }
elseif
( !$correct ) { echo "deny message"; exit;}
//$num = cleanNUM($num);
//return $num;
}
if ($nonum)
{
$correct = preg_match('/^[a-z0-9_]*$/i', $nonum);
//can also use ctype if you wish instead of preg_match
//$correct = ctype_alnum($nonum);
if ( $correct ) { return $nonum; }
elseif
( !$correct ) { echo "deny message"; exit;}
}
} | |
|
|
| A damaged image generator (class) for validating text.
CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart
Categories : PHP, PHP Classes, Security, GD image library, Security | | | MD5 secured login
Categories : PHP, Java Script, Authentication, Security | | | Password Creator: This PHP code exmaple shows how to use bitwise operations on a single variable and using it as a flagged variable. The class generates passwords of a given length using specified characters and the flags.
Categories : PHP, PHP Classes, Algorithms, Security | | | Power Form Validation
Categories : PHP, PHP Classes, Data Validation | | | A PHP function to encrypt and decrypt a number or string or a combination of the two.
Categories : PHP, Encryption, Security | | | Encoding data using PGP via PHP's proc_* functions
Categories : Cryptography, Security, Email, PHP, PGP | | | A very simple PHP single password cookie based login without usernames.
Categories : PHP, Cookies, Security, Beginner Guides | | | Easily Grant Temporary SSH Access to yourself when in remote location
Categories : PHP, Linux, Cron, Security | | | Db_lib - practical example usage of database abstraction and form validation.
Categories : PHP, Form Processing, PHP Classes, Data Validation, Beginner Guides | | | SHA: Implementation of the Secure Hash Algorithm in pure PHP. This is a secure one-way function that can be used to perform challenge
response login algorithms over an insecure connection.
Categories : Algorithms, PHP, Security | | | Check for functional file links (broken Files)
Categories : PHP, Data Validation, FTP, Regexps, Arrays | | | A simple PHP login script that you can modify to suite your needs. It use a session to store data in a session file submited by the page.
Categories : PHP, Sessions, Security, Authentication | | | Validating a URL with preg_match
Categories : PHP, Regexps, Beginner Guides, Data Validation | | | Form Validation Using PHP to highlight non valid fields
Categories : PHP, Form Processing, Data Validation, Beginner Guides | | | A function to clean input coming from form fields (Minimize the risk for XSS and SQL Injection attacks).
Categories : Beginner Guides, Security, Data Validation | |
| | | | blacksnday bashmyex.com wrote :1646
I updated this code to a cleaner quicker version which can be found at
http://dev.bmescripts.com/index.cgi/opensource/rlog?f=opensource/bme_secure_url_param/bme_secure_url_param.function.php
That url will always contain my latest updated cvs versions of the example
| |
|
|
|
