Help Needed Securing code

Discussion in 'PHP' started by C.Jepson, Apr 3, 2006.

  1. #1
    Hey Programmers. I have heard a lot of good things about this community and I decided to try my luck as I need some help in a little code fixing.

    I am one of the Game moderators of Stargatewars http://www.stargatewars.com/. And I am requesting help in securing bugs in my game.

    I have run into a few problems involving SQL injections. To avoid anyone gaining a fair advantage through this method I have disabled the use of and Quotes or symbols to be submitted in the forms.
    Also some programmers pointed out a few holes in the login procedure. With their help I decided to introduce Session times and advanced login cookies to avoid users replicating cookies. I admit I dont understand the actual code involved but I am thankful for people helping me securing this game.

    But as always my work is not perfect and someone always manages to mess things up for me. Recently I had to introduce Pin confirmation just to validate simple tasks since people were using Macros.

    I will be ever grateful if some experienced Programmers took a small peek at my game and helped me secure it. Plz let me know by PM if you can help me. I would be even more grateful if you guys helped me fix the actual bug in question. I will check my Pm daily and of course I can arrange IM chats aswell for more detailed talks.

    Thanks for reading
    Yours Chris Jepson.
     
    C.Jepson, Apr 3, 2006 IP
  2. ian_ok

    ian_ok Peon

    Messages:
    551
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #2
    For email injections I use the following:
    function validate_fields($s) {
      $forbidden = array('%', '\r', '\n');
      foreach ($forbidden as $f)
        if (strpos($s, $f) !== false) return false;
      return true;
    }
    
    if (!validate_fields($_POST['from'])) {
      echo "<h4>Sorry you have entered an invalid character in your email address, you entered:</h4>";
    Code (markup):

    Ian
     
    ian_ok, Apr 3, 2006 IP
  3. feha

    feha Active Member

    Messages:
    1,005
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    80
    #3
    That was great ian_ok
     
    feha, Aug 30, 2006 IP