Register Globals

phpforfun · #1 (**permalink**) 04-16-2008, 03:49 PM

hey guys, so I have always coded my sites with register globals on, thus this site I use now is setup that way.

I just joined ToastedPenguin.com, and it has it turned off, I doubt it can be turned on for just one user... anyone know of a script I an inject to turn them on?

Justin

phpforfun · #2 (**permalink**) 04-16-2008, 05:06 PM

looking through my code, there is hundreds and hundreds of variables id need to edit and change $variable to $_GET['variable']

and some of them are from either, like login is a POST method, but the action is login, so you click login and the url is ?action=login, then you submit and it sends the POST information with $login, $username, $password..

phpforfun · #3 (**permalink**) 04-16-2008, 05:10 PM

HAH! Found an emulator

PHP Code:


			
<?php

// Emulate register_globals on

if (!ini_get('register_globals')) {

    $superglobals = array($_SERVER, $_ENV,

        $_FILES, $_COOKIE, $_POST, $_GET);

    if (isset($_SESSION)) {

        array_unshift($superglobals, $_SESSION);

    }

    foreach ($superglobals as $superglobal) {

        extract($superglobal, EXTR_SKIP);

    }

}

?>

**Jordan** · #4 (**permalink**) 04-16-2008, 06:24 PM

You can turn this on in your .htaccess file as well. Add:

Code:

 php_flag register_globals on

In your .htaccess file.

***John*** · #5 (**permalink**) 04-16-2008, 09:32 PM

Since this server is running phpSuExec, I don't believe php flags can be set in the .htaccess file - they need to be set as directives in a personal php.ini file, in the directory the flags should be set. However, phpforfun should note, not using variables of the form $_POST and $_GET is a security risk as forms can be easily spoofed. Which is the reason why the server has them disabled by default.

phpforfun · #6 (**permalink**) 04-17-2008, 01:06 AM

its not that much of a risk, show me a script has them turned off, and I can secure it with them on

***John*** · #7 (**permalink**) 04-17-2008, 01:43 AM

Quote:

Originally Posted by phpforfun

its not that much of a risk, show me a script has them turned off, and I can secure it with them on

And your the one writing a book on PHP security?

phpforfun · #8 (**permalink**) 04-17-2008, 02:48 AM

Quote:

Originally Posted by John

And your the one writing a book on PHP security?

nope, how about you?

***John*** · #9 (**permalink**) 04-17-2008, 02:26 PM

I am - if you buy one, I will autograph it for you

phpforfun · #10 (**permalink**) 04-17-2008, 03:08 PM

Quote:

Originally Posted by John

I am - if you buy one, I will autograph it for you

You wrote the book on PHP security?! well I wrote the book on writing books on php security, want me to autograph yours?

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Register Controls	Anirban Chakraborty	C and C++	1	06-01-2007 11:48 AM

WingedPanther	........	2753.6
Xav	........	2704
Brandon W	........	1702.32
John	........	1207.73
marwex89	........	1175.24
morefood2001	........	966.05
dcs	........	655.75
Steve.L	........	475.59
orjan	........	418.58
Aereshaa	........	383.54

CodeCall

Contest Stats

CodeCall Goal

Sponsors

Ads

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)