In this Tutorial i will explain the basics of how to secure a lava script:
1. Lets Remove the Sessions
The easiest way of removing the session in lava is to use
lets put that at the beginning of every page right after the <?php
ok that still dont removes the sessions right? Thats what we do next
Wapdesire right from the start checks if a session is already existing in a database we need to delete that and start a new session :
ok now we go to every page again you will note the
there we are going to change it to
after we have done that you can securly remove the &sid=$sid from the links
We have just removed the sessions from the url congrats
2. Secure posted data like you might have noted there are a lot of $_GET or $_POST statements lets secure them here is a simple function that will do the job simply put it in core.php
and instead of $_GET or post we use
for example
3. Lets secure the gallery
use phpthumb for gallery simply look in google for phpthumb then in user profiles or in gallery use it the way how to use it is discribed in the phpthumb file
hope this helps you guys
1. Lets Remove the Sessions
The easiest way of removing the session in lava is to use
PHP Code:
session_start();
ok that still dont removes the sessions right? Thats what we do next
Wapdesire right from the start checks if a session is already existing in a database we need to delete that and start a new session :
PHP Code:
if (isset($_SESSION['sid']))
{
mysql_query("DELETE FROM ibwf_ses WHERE id='$_SESSION[sid]'");
unset($_SESSION['sid']);
}
else
{
$_SESSION['sid'] = $sid;
}
PHP Code:
$sid = $_GET['sid'];
PHP Code:
$sid = $_SESSION['sid'];
We have just removed the sessions from the url congrats
2. Secure posted data like you might have noted there are a lot of $_GET or $_POST statements lets secure them here is a simple function that will do the job simply put it in core.php
PHP Code:
function getget($name, $def = '') {
if (isset($_REQUEST[$name]))
return $_REQUEST[$name];
else
return $def;
}
PHP Code:
$pass = getget('pass', $pass);
$user = getget('user', $user);
3. Lets secure the gallery
use phpthumb for gallery simply look in google for phpthumb then in user profiles or in gallery use it the way how to use it is discribed in the phpthumb file
hope this helps you guys
.. bro, pls also chk this topic. i can give u my files to correct this particular problem.. pls help.. 
Comment