Counting wasted time...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Counting wasted time...

Post by JAB Creations »

Code: Select all

<?php
if (!isset($_GET['number'])) {$a = 1;}
else {$a = $_GET['number'] + 1;}
 
$b = $a+ 1;
 
$self = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?number='.$a;
header("refresh: 1; url=$self");
 
echo 'You have wasted '.$a.' seconds of your life.';
?>
...at what point should I become concerned? :rofl:
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Counting wasted time...

Post by Mordred »

JAB Creations wrote:...at what point should I become concerned? :rofl:
Concerned about the couple of security holes in there, or the generic lack of life (tm) of both the author and the paranoid freak that looks for security holes in joke code?

It's pretty serious either way :D
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Counting wasted time...

Post by John Cartwright »

Your code does not take into account the connection speed/latency.
heres my take

Code: Select all

<?php
 
function microtime_float()
{
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}
 
session_start();
if (!isset($_SESSION['wasted'])) {
   $_SESSION['wasted'] = 0;
   $_SESSION['lastrequest'] = microtime_float();
 
}
$_SESSION['wasted'] += (microtime_float() - $_SESSION['lastrequest']);
header('Refresh: 1; url="'. $_SERVER['PHP_SELF'].'"');  
echo 'You have wasted '. number_format($_SESSION['wasted'], 5) .' seconds of your life.';
$_SESSION['lastrequest'] = microtime_float();
exit();
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: Counting wasted time...

Post by JAB Creations »

I knew the time wouldn't me completely accurate, but security holes? I didn't take too much time making this script but it was sort of interesting even if it doesn't achieve anything. Jcart exploded time! :P
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Counting wasted time...

Post by Mordred »

JAB Creations wrote:I knew the time wouldn't me completely accurate, but security holes?
Well, hardly something big, but for 5 lines of code it's enough :)

1. If the attacker gives you ?number[]=1, he might trigger a warning.
2. For older versions of PHP, there might be a header injection with PHP_SELF, I'm not 100% sure how the new lines would be encoded/handled though.
Post Reply