Hello Friends 🆒
I m trying to understand how i can validate users inputs to secure my site.
so iv made a simple form to test validation.
Nothing special(i could say a MESH!!! 😃 ) but working.
<html>
<body>
<h3>TEST</h3>
<?php
// get register_globals ini setting - jp
$register_globals = ini_get('register_gobals');
if ($register_globals == TRUE) { define("REGISTER_GLOBALS", 1); } else { define("REGISTER_GLOBALS", 0); }
// get magic_quotes_gpc ini setting - jp
$magic_quotes = (bool) ini_get('magic_quotes_gpc');
if ($magic_quotes == TRUE) { define("MAGIC_QUOTES", 1); } else { define("MAGIC_QUOTES", 0); }
echo " <b>Server:</b> " . $_SERVER["SERVER_NAME"] . "<br />\n";
echo " <b>Server Software:</b> " . $_SERVER["SERVER_SOFTWARE"] . " on Linux<br />\n";
echo " <b>PHP Version:</b> " . phpversion() . "<br />\n";
echo " <b>Register Globals:</b> " . REGISTER_GLOBALS . "<br />\n";
echo " <b>Magic Quotes GPC:</b> " . MAGIC_QUOTES . "<br />\n";
//if (MAGIC_QUOTES == 0) {
// echo
//} else {
//}
////////////////////////////////////////// a function that detects if magic_quotes_gpc is off, and adds slashes if that's the case///////////
function myAddSlashes( $string ) {
if (get_magic_quotes_gpc()==1) {
return ( $string );
} else {
return ( addslashes ( $string ) );
}
}
//////////////////////////// paranoid sanitization -- only let the alphanumeric set through
function keep_num($string, $min='', $max='')
{
$string = preg_replace("/[^a-zA-Z0-9]/", "", $string);
$len = strlen($string);
if((($min != '') && ($len < $min)) || (($max != '') && ($len > $max)))
return FALSE;
return $string;
}
/////////////////////////////////////////////////////////////////
$protect = array(
"<" => "<",
">" => ">",
"&" => "&",
"\"" => """,
"'" => "'",
"\n" => " ",
"\t" => " ",
"\r" => " ",
"\0" => " ",
"\x0B" => "",
" " => ""
);
if(isset($submit_button)){
$testout = myAddSlashes($test);
$testout1 = strtr($testout, $protect);
$testout2 = keep_num($testout1, $min='1', $max='50');
}
?>
<form method="POST" action="if_val.php">
<table border="1" cellpadding="7" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
<tr>
<td width="16%" align="right">First Name</td>
<td width="84%">
<input name="test" type="text" value="<? echo $test; ?>" size="50" maxlength="50">
<? echo $fn; ?></td>
</tr>
<tr>
<td width="16%" align="right">Test</td>
<td width="84%"><?php echo $test; ?></td>
</tr>
<tr>
<td width="16%" align="right">TestOut1</td>
<td width="84%"><?php echo $testout1; ?>
</td>
</tr>
<tr>
<td width="16%" align="right">TestOut2</td>
<td width="84%"><?php echo $testout2; ?>
</td>
</tr>
<tr>
<td width="16%" align="right">TestOut3</td>
<td width="84%"><?php echo $testout3; ?></td>
</tr>
<tr>
<td width="16%" align="right"> </td>
<td width="84%">
<input type="submit" value=" Register " name="submit_button"></td>
</tr>
</table>
</form>
</body>
</html>
i m trying to compile varius validation function to understand how this "thing" works
I m using some lines to test my form that i v found around the net as <<Malicius>> code like
<script>alert('CSS Vulnerable')</script>
<img csstest=javascript:alert('CSS Vulnerable')>
&{alert('CSS Vulnerable')};
and
'';!--"<CSS_Check>=&{()}
Can you pls give me a way to go-on ?
A path to walk?
Im reading the last week lot of tutorials & articles about this in net but im so comfused 😕
Thnx in Advance for your time.
