(i send some detail info )header not working properly?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
pinjubp
Forum Newbie
Posts: 3
Joined: Mon Mar 10, 2008 2:15 pm

(i send some detail info )header not working properly?

Post by pinjubp »

Code: Select all

<?php
if($GLOBALS["Get"]->val("submit")!=""){
    $admin = $GLOBALS["Get"]->val("admin");
    $password = $GLOBALS["Get"]->val("password");
    $p=md5($password);
    $db = new sqldb;
    $sql_query="SELECT * FROM admin WHERE user='$admin' AND PASSWORD ='$p' LIMIT 1";
    $value=$db->result($sql_query);
    if(($value['user'])&&($value['password'])){
    load_page(URL."/admin/index.php?page=adminpage");
    }
}
$GLOBALS["smarty"]->display('login.tpl');
?>
i just use this no session at this moment when i give print_r($_SERVER)

before submission

Code: Select all

Array
(
    [HTTP_HOST] => localhost
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
    [HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    [HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
    [HTTP_ACCEPT_ENCODING] => gzip,deflate
    [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
    [HTTP_KEEP_ALIVE] => 300
    [HTTP_CONNECTION] => keep-alive
    [PATH] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\apache2triad\bin;C:\apache2triad\perl\bin;C:\apache2triad\php\bin;C:\apache2triad\mysql\bin;C:\apache2triad\opssl\bin;C:\apache2triad\python\bin;C:\apache2triad\pgsql\bin
    [SystemRoot] => C:\WINDOWS
    [COMSPEC] => C:\WINDOWS\system32\cmd.exe
    [PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    [WINDIR] => C:\WINDOWS
    [SERVER_SIGNATURE] => <address>Apache/2.2.0 (Win32) PHP/5.1.2 Server at localhost Port 80</address>
 
    [SERVER_SOFTWARE] => Apache/2.2.0 (Win32) PHP/5.1.2
    [SERVER_NAME] => localhost
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 127.0.0.1
    [DOCUMENT_ROOT] => C:/apache2triad/htdocs
    [SERVER_ADMIN] => admin@localhost
    [SCRIPT_FILENAME] => C:/apache2triad/htdocs/pframe/admin/index.php
    [REMOTE_PORT] => 2323
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => 
    [REQUEST_URI] => /pframe/admin/
    [SCRIPT_NAME] => /pframe/admin/index.php
    [PHP_SELF] => /pframe/admin/index.php
    [REQUEST_TIME] => 1205268439
    [argv] => Array
        (
        )
 
    [argc] => 0
)
after submission

Code: Select all

Array
(
    [HTTP_HOST] => localhost
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
    [HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    [HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
    [HTTP_ACCEPT_ENCODING] => gzip,deflate
    [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
    [HTTP_KEEP_ALIVE] => 300
    [HTTP_CONNECTION] => keep-alive
    [HTTP_REFERER] => http://localhost/pframe/admin/
    [CONTENT_TYPE] => multipart/form-data; boundary=---------------------------387483431103
    [CONTENT_LENGTH] => 345
    [PATH] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\apache2triad\bin;C:\apache2triad\perl\bin;C:\apache2triad\php\bin;C:\apache2triad\mysql\bin;C:\apache2triad\opssl\bin;C:\apache2triad\python\bin;C:\apache2triad\pgsql\bin
    [SystemRoot] => C:\WINDOWS
    [COMSPEC] => C:\WINDOWS\system32\cmd.exe
    [PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    [WINDIR] => C:\WINDOWS
    [SERVER_SIGNATURE] => <address>Apache/2.2.0 (Win32) PHP/5.1.2 Server at localhost Port 80</address>
 
    [SERVER_SOFTWARE] => Apache/2.2.0 (Win32) PHP/5.1.2
    [SERVER_NAME] => localhost
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 127.0.0.1
    [DOCUMENT_ROOT] => C:/apache2triad/htdocs
    [SERVER_ADMIN] => admin@localhost
    [SCRIPT_FILENAME] => C:/apache2triad/htdocs/pframe/admin/index.php
    [REMOTE_PORT] => 2324
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => POST
    [QUERY_STRING] => 
    [REQUEST_URI] => /pframe/admin/
    [SCRIPT_NAME] => /pframe/admin/index.php
    [PHP_SELF] => /pframe/admin/index.php
    [REQUEST_TIME] => 1205268487
    [argv] => Array
        (
        )
 
    [argc] => 0
)
 

i use this class to get and post data

Code: Select all

class Get{
 
    function Get(){
        print_r($_SERVER);  
        $this->referer = $_SERVER["HTTP_REFERER"];        
        $this->cookies = $_COOKIE;
        $this->quotes  = get_magic_quotes_gpc();
        print_r($_SERVER["REQUEST_METHOD"]);        
        switch($_SERVER["REQUEST_METHOD"]){
 
            case 'GET':
 
                $this->vals = $_GET;
 
                break;
 
            case 'POST':
 
                $this->vals = $_POST;
 
                break;
 
        }//switch
 
    }//Get
    
    
     function val($name){
        
        $value  = $this->vals["$name"];        
        //$retval = $this->escape_value($value);
        //echo $value;
        //echo $retval;
        
        return $value;
 
    }//val
    
    function page_details($p_details=0){
    
    
    $page_details["page"]    = handle_non_alpha($this->val("page"));
    $page_details["action"]  = handle_non_alpha($this->val("action"));
    
    
    echo $page_details["page"];
    
    //$page_details["k"]    = handle_non_alpha($this->val("k"));
    
    if(empty($page_details["page"]))
        $page_details["page"]=login;
    
    //echo $page_details["page"];
    return($page_details);
    
    }
    
    
}   
    $Get = new Get;
thanks every one who read my previous topics and try to help me
plz help me to solve this problem again
Last edited by John Cartwright on Thu Mar 20, 2008 12:33 pm, edited 1 time in total.
Reason: Please use [code][/code] tags when posting code
Post Reply