pot adauga in config niste scripturi anti sql injection?

Gotyc · Mesaj de **Gotyc** » 10-Mar-2010, 09:47:50

Cum spune titlu pot adauga in config urmatoarele ?

// ANTI SQL INJECTION
$ip = $_SERVER[REMOTE_ADDR];
$motiv = "Hacking Attempt";

    $badchars = array(";","'","*","/"," \ ","DROP", "SELECT", "UPDATE", "DELETE", "drop", "select", "update", "delete", "WHERE", "where", "-0", "-", "-1", "-2", "-3","-4", "-5", "-6", "-7", "-8", "-9", "FROM", "from"); 
   
    foreach($_POST as $value)
    {
    

    if(in_array($value, $badchars))
      {
mysql_query("INSERT INTO lista_neagra (ip, motiv) VALUES ('$ip','$motiv')");
}
      else
      {
        $check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
        foreach($check as $char)
        {
          if(in_array($char, $badchars))
          {
mysql_query("INSERT INTO lista_neagra (ip, motiv) VALUES ('$ip','$motiv')");

         }
        }
       }
      }

	foreach($_GET as $value)
	{
	    if(in_array($value, $badchars))
      {
mysql_query("INSERT INTO lista_neagra (ip, motiv) VALUES ('$ip','$motiv')");
      }
      else
      {
        $check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
        foreach($check as $char)
        {
          if(in_array($char, $badchars))
          {
mysql_query("INSERT INTO lista_neagra (ip, motiv) VALUES ('$ip','$motiv')");

   }
  }
 }
}

// Anti XSS (Cross Side Scripting)
foreach ($_GET as $check_url) {
if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
(eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
(eregi("\"", $check_url))) {
die ();
}
}

dorin · Mesaj de **dorin** » 10-Mar-2010, 15:22:52

De ce sa nu poti ? Poti face orice vrei cu config.php. Totusi, nu este recomandabil acest lucru, decat daca stii foarte bine ce faci. phpBB 3.0.7PL1 este destul de stabil, nu au fost raportate atacuri sql injection si nu cred ca e posiibil asa ceva, daca forumul este actualizat permanent la ultima versiune, daca nu flosesti MODuri care ar putea afecta securitatea, daca fisierele de stil sunt si ele actualizate, etc.

Gotyc · Mesaj de **Gotyc** » 10-Mar-2010, 21:34:53

Am pus ca prostu , si am stricat nush ce naiba :-j am scos. am lasat doar ce-mi trebe

Aaa
Este cumva mod pentru Anti Duble Account pe ip ?

Mesaj de **bogdan** » 10-Mar-2010, 22:41:38

Poti incerca MOD-ul Duplicate User IPs (se aplica doar la conturile noi - s-ar putea sa ai probleme cu userii ce folosesc acelasi LAN). O lista extinsa pentru antispam gasesti aici

Un subiect interesant Preventing Spam in phpBB 3.0.6 and Above

phpBB România • forumul phpBB in limba romana. Opinii, implementari, ajutor, instructiuni si download.

pot adauga in config niste scripturi anti sql injection?

pot adauga in config niste scripturi anti sql injection?

Re: pot adauga in config niste scripturi anti sql injection?

Re: pot adauga in config niste scripturi anti sql injection?

Re: pot adauga in config niste scripturi anti sql injection?

Cine este conectat