Follow along with the video below to see how to install our site as a web app on your home screen.
Note: this_feature_currently_requires_accessing_site_using_safari
if ($password=="c3g4H2m") {
$authorised="1";
}
if ($authorised == 1) header(Location: admin.php?login=true);
$authorised="0";
if ($password=="c3g4H2m") {
$authorised="1";
}
if ($authorised == 1) header(Location: admin.php?login=true);
if ($_GET['password']=="c3g4H2m") {
$authorised="1";
}
if ($authorised == 1) header(Location: admin.php?login=true);
php_flag register_globals on
php_flag register_globals off
if ($_GET['password']=="c3g4H2m") {
$authorised="1";
}
if ($authorised == 1) header(Location: admin.php?login=true);
script.php?authorised=1
admin.php?login=true
They're not recommended for logins, but for other parts of the script they are OK.I've read that $_GET table is rather not recommended for the reason the variables and values are also passed to the script in the url so they may be hacked the same way you described, right?
And yes, you could hack the script with admin.php?login=true, but that wasn't the point. I was just giving an example of some kind of access to the admin part.
But when I get some free time, I'll create one.
Quite a lot of application are created which required you to have register global on, most hosting companies prefers to have register global off.
Is there a significant security risk to having register global set to on in php.ini ?