Reply to thread

Message

<blockquote data-quote="Chronical" data-source="post: 284597" data-attributes="member: 36803">AlrightSo clearly a whole bunch of faggots trying to make CMSs thinking they're the next big thing don't know how to make a secure CMS and need to kill themselves.However, I'm going to post this so that fagdicks don't get flamed for having insecure shit.Let's get started.Head over to wherever your functions.php is located (if you have one, it may not be &quot;functions.php&quot; It will probably be global.php) If you don't have one, make one. It doesn't matter where it's located. Inside the functions.php page, add this code[PHP]&nbsp; &nbsp; function filter($var)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; return mysql_real_escape_string(stripslashes(htmlspecialchars($var)));&nbsp; &nbsp; }[/PHP]Inside your &lt;?php ?&gt; tags of course.What this does this do you ask? It filters meta characters (75% of you faggots don't even know what that is) and tags out of user input requests so that they can't execute malicious codes or scripts.We're not done yet, we still have to apply this to anything that's not filtered.In order to make this way easier and save a shit ton of time, go to your other input functions (such as shit to do with email, password, username, motto, etc) include the file the filter function is in, and filter it using the function. Here's an example:[PHP]filter($_GET['id'])filter($_POST['id'])[/PHP]In most CMSs you don't have to do this because widely used CMSs are already secured (such as RevCMS)This is mainly for bobbas trying to edit a CMS or make one from scratch and haven't thought of securing it yet.If you have any questions regarding security in PHP feel free to ask in the posting section. I'll answer to the best of my ability.</blockquote>

[QUOTE="Chronical, post: 284597, member: 36803"] Alright So clearly a whole bunch of faggots trying to make CMSs thinking they're the next big thing don't know how to make a secure CMS and need to kill themselves. However, I'm going to post this so that fagdicks don't get flamed for having insecure shit. Let's get started. Head over to wherever your functions.php is located (if you have one, it may not be "functions.php" It will probably be global.php) If you don't have one, make one. It doesn't matter where it's located. Inside the functions.php page, add this code [PHP] function filter($var) { return mysql_real_escape_string(stripslashes(htmlspecialchars($var))); } [/PHP] Inside your <?php ?> tags of course. What this does this do you ask? It filters meta characters (75% of you faggots don't even know what that is) and tags out of user input requests so that they can't execute malicious codes or scripts. We're not done yet, we still have to apply this to anything that's not filtered. In order to make this way easier and save a shit ton of time, go to your other input functions (such as shit to do with email, password, username, motto, etc) include the file the filter function is in, and filter it using the function. Here's an example: [PHP]filter($_GET['id']) filter($_POST['id']) [/PHP] In most CMSs you don't have to do this because widely used CMSs are already secured (such as RevCMS) This is mainly for bobbas trying to edit a CMS or make one from scratch and haven't thought of securing it yet. If you have any questions regarding security in PHP feel free to ask in the posting section. I'll answer to the best of my ability. [/QUOTE]

Verification

Reply to thread

Connect with us

Newest members