a matter of opinon

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

a matter of opinon

Post by shiznatix »

i am hoping i posted this in the correct form.

i just finished creating a shoutbox script that is NOT database driven but is done only with txt files. it is important that i stick to only text files. there is no registation page but i am trying to do a edit post section to the script. i have a working section were after they enter the message a couple of random characters are placed in to do this..

process.php has:

Code: Select all

$message = $message.'*,*:!.-'.$_COOKIE['name'].'*,*:!.-'.$ip.'*,*:!.-'.$num;
if there is no cookie then that part is left "NULL". but many of the people that will use my script are on the same ip (users in the same high school). the $num is a randomly generated number for each post as to make the edit.php page a little more secure. but still i fear that a person might save a cookie on the computer in a class room then another person can then edit the post from the same computer since the cookie is still saved.

chat.php(the file that shows the messages) has:

Code: Select all

function check_user(){
$open = file_get_contents('shiznatix.txt');
$arr = explode('<br>', $open);
	for ($i=0; $i<count($arr); $i++){
	list($body, $cookie, $ip, $num_break) = split('\*\,\*\:\!\.\-', $arr[$i]);
	echo $body;//echo message
	list($num, $linebreak) = split('<', $num_break);
		($_COOKIE['name'] == $cookie ? $return1 = TRUE : $return1 = FALSE);
		($_SERVER['REMOTE_ADDR'] == $ip ? $return2 = TRUE : $return2 = FALSE);
		
		if ($return1 == TRUE && $return2 == TRUE){
		$return = TRUE;
		}else{
		$return = FALSE;
		}
		
		echo ($return == TRUE ? " <a href='#' onClick=\"window.open('edit.php?post=".$i."&return=".$return."&num=".$num."','mywindow','width=400,height=200')\">Edit Post</a>" : "");
		
	echo '<br>';
	}
}
check_user();
?>
if you see what i mean. i was wondering if there was any other security things i could put in as to validate 1 person from the next so i wouldnt have to worry about a idiot saving their username as a cookie then someone else getting on that computer and editing their post. any ideas are accepted (or questions if im not making myself clear). thanks.

-shiznatix
Post Reply