a matter of opinon
Posted: Thu Apr 21, 2005 5:01 pm
i am hoping i posted this in the correct form.
i just finished creating a shoutbox script that is NOT database driven but is done only with txt files. it is important that i stick to only text files. there is no registation page but i am trying to do a edit post section to the script. i have a working section were after they enter the message a couple of random characters are placed in to do this..
process.php has:
if there is no cookie then that part is left "NULL". but many of the people that will use my script are on the same ip (users in the same high school). the $num is a randomly generated number for each post as to make the edit.php page a little more secure. but still i fear that a person might save a cookie on the computer in a class room then another person can then edit the post from the same computer since the cookie is still saved.
chat.php(the file that shows the messages) has:
if you see what i mean. i was wondering if there was any other security things i could put in as to validate 1 person from the next so i wouldnt have to worry about a idiot saving their username as a cookie then someone else getting on that computer and editing their post. any ideas are accepted (or questions if im not making myself clear). thanks.
-shiznatix
i just finished creating a shoutbox script that is NOT database driven but is done only with txt files. it is important that i stick to only text files. there is no registation page but i am trying to do a edit post section to the script. i have a working section were after they enter the message a couple of random characters are placed in to do this..
process.php has:
Code: Select all
$message = $message.'*,*:!.-'.$_COOKIE['name'].'*,*:!.-'.$ip.'*,*:!.-'.$num;chat.php(the file that shows the messages) has:
Code: Select all
function check_user(){
$open = file_get_contents('shiznatix.txt');
$arr = explode('<br>', $open);
for ($i=0; $i<count($arr); $i++){
list($body, $cookie, $ip, $num_break) = split('\*\,\*\:\!\.\-', $arr[$i]);
echo $body;//echo message
list($num, $linebreak) = split('<', $num_break);
($_COOKIE['name'] == $cookie ? $return1 = TRUE : $return1 = FALSE);
($_SERVER['REMOTE_ADDR'] == $ip ? $return2 = TRUE : $return2 = FALSE);
if ($return1 == TRUE && $return2 == TRUE){
$return = TRUE;
}else{
$return = FALSE;
}
echo ($return == TRUE ? " <a href='#' onClick=\"window.open('edit.php?post=".$i."&return=".$return."&num=".$num."','mywindow','width=400,height=200')\">Edit Post</a>" : "");
echo '<br>';
}
}
check_user();
?>-shiznatix