Page 1 of 1

Need an extra set of eyes

Posted: Sat Feb 17, 2007 4:58 pm
by alex.barylski
I usually wouldn't bother with something so trivial, but because it's kind of the first and best firewall against attacks/hacks I figured I'd ask the community, incase i missed something.

Code: Select all

$path = dirname($_SERVER['PHP_SELF']); // Drop currently requested file name with any $_GET parameters
$redirect_url = str_replace('//', '/', $_SERVER['HTTP_HOST'].'/'.$path.'/login.php');
header("location: http://$redirect_url");
exit;
basically I check if user ID is zero (not authenticated) and redirect to a login script...

Safe?

This is called inside an index.php which is in the same directory as login.php, so my next question (equally important)

Does the above make sure, that regardless where in a directory structure, the login.php is actually invoked?

What I mean is, assume I had it installed like:

Code: Select all

www.domain.com/test/apps/index.php
Would it redirect to:

Code: Select all

www.domain.com/test/apps/login.php
Or would it redirect to another sub-directory and thus result in 404 because login.php wasn't in that directory?

Thanks for any input :)

Posted: Sat Feb 17, 2007 6:40 pm
by Kieran Huggins
are you using a front controller? is this it?

Posted: Sat Feb 17, 2007 8:08 pm
by alex.barylski
Lets say emulating a front controller...

It's not Zend...and according to some it might be more analogous to a page controller...

Right now, it's simply a single switch inside a index.php

The reason I have the $file is because I may modularize the application into PHP scripts or may formalize the monolithic switch into a single front controller (in which case the above code isn't nessecary - if implemented as a proper front controller).

For the tim being though, it is what it is :P

Ignore those specifics though, please...

I just care to know if there are any exploits, etc which could be captialized on? See anything you'd change (considering the context)?

Cheers :)

Posted: Sat Feb 17, 2007 8:39 pm
by nickvd
Other than perhaps using $_SERVER['SCRIPT_FILENAME'] (or __FILE__) instead of php_self I can't see anything glaringly obvious.

Posted: Sat Feb 17, 2007 9:56 pm
by feyd
parse_url() may be of interest.