In order to divide site visitors into certain groups, a small system must be installed on the site registration in php. In this way, you conditionally divide visitors into two groups of simply random visitors and into a more privileged group of users to whom you provide more valuable information.
In most cases, a more simplified registration system is used, which is written in php in one file register.php.
So, we've digressed a bit, and now we'll take a closer look at the registration file.
Register.php file
To ensure that this does not take up a lot of your time, we will create a system that will collect users, accepting minimal contact information from them. In this case, we will enter everything into the mysql database. For the highest speed of the database, we will create the users table in the MyISAM format and in utf-8 encoding.
Note! All scripts must always be written in the same encoding. All site files and the MySql database must be in the same encoding. The most common encodings are UTF-8 and Windows-1251.
Why you need to write everything in one encoding we will talk about later. For now, take this information as a strict rule for creating scripts, otherwise you will have problems with scripts in the future. It’s okay, of course, but you’ll just lose a lot of time searching for errors in the script.
How will the script itself work?
We want to simplify everything and get quick results. Therefore, we will receive only login, email and password from users. And to protect against spam robots, we will install a small captcha. Otherwise, some boy from London will write a small robot parser that will fill the entire database with fake users in a few minutes, and will rejoice at his genius and impunity.
Here is the script itself. Everything is recorded in one file register.php:
! `; // red question mark $sha=$sh."scripts/pro/"; //path to the main folder $bg=` bgcolor="#E1FFEB"`; // background color of rows?> Example registration script register.php style.css" />
In this case, the script refers to itself. And it is a form and a processor of data entered into the form. Please note that the file is compressed as a zip archive and contains a configuration file config.php, a users database dump, a file containing auxiliary functions functions.php, a style file style.css and the register.php file itself. There are also several files that are responsible for the operation and generation of captcha symbols.
It is likely that you have already heard about register_globals directive and you know what she does. If someone does not know this, then you will learn about it from this article, however, the main task of this article is to prove that register_globals directive It's best to always keep it disabled for safety reasons.
Allows you to register variables obtained from GET request. Let's say there was a request like this: index.php?a=15. Thus, of course, a variable is created $_GET["a"] and variable a. Here is the variable creation a and happened as a result register_globals directive enabled.
Now let’s talk about why this directive should always be kept disabled. Let's assume that you are authorizing a user, and you wrote the following code:
if (($_POST["login"] == "Admin") && ($_POST["password"] == "123456")) $check_user = true;
if ($check_user) echo "Authorization was successful";
else echo "Authorization error";
?>
Now if the file is called, for example, auth.php, then access it as follows: auth.php?check_user=1, then successful authorization will be obtained, regardless of what login and password were sent and whether they were sent at all.
Of course, this example is slightly mystical, since no one writes like that (if only due to the lack else $check_user = false;), however, this example clearly shows what can lead to enabled register_globals directive.
Now about how disable register_globals directive. To do this you need to add to the file .htaccess just one line:
Php_value register_globals 0
There is a small chance that if the directive was previously enabled, then something may break, so check everything carefully and eliminate all errors that have arisen, since security is really worth it.
13.9KHello dear webmasters, the article talks about why it is dangerous to leave the register_globals option enabled. You may have heard that using it can lead to unsafe operation of your program (script). But let's figure out how this option can be used for illegal purposes and how to protect yourself from this.
What is register_globals?
This is an option in php.ini, which indicates the need to register variables received by the POST or GET method into the global $GLOBALS array.
For clarity, I will give an example with register_globals=on .
There is a file "index.php" with the contents:
"; echo $GLOBALS["asd"]." - link in the global array $GLOBALS
"; echo $_GET["asd"]." - $_GET["asd"]"; ?>
In the address bar we will write: index.php?asd=123
As we can see, 2 variables have been created: one local (+ link in $GLOBALS), the other in the $_GET array. Many people don't use the $_GET array at all, they continue to process the "$asd" variable after receiving it from outside.
But let's think about it, why do we need to “pollute” the $GLOBALS array? For this, we have special arrays that store data transferred by the GET ($_GET array) and POST ($_POST array) methods.
The same example, but with register_globals=off :
That. no local variable has been created and we must use the $_GET array to manipulate "$asd".
You may have already changed your mind about register_globals.
You'll probably have to rewrite some things in your programs, but it's worth it.
And now I will tell you how an attacker can use this option for his own purposes, i.e. with register_globals=on
I'll start from simple to complex.
We often see warnings:
Notice: Undefined variable: asd(variable name) in ****
What does it mean? This means that the variable "$asd" was not defined explicitly.
For example, some people indulge in this:
Those. without defining a variable, they immediately begin to use it. The above code is not scary in theory, but think about it, what if this very variable “$asd” is subsequently written to a file? For example, we write the following in the address bar: “index.php?asd=LUSER+” and we get: “LUSER 0123456789”. Well, wouldn't it be nice to see this? Don't think.
Suppose we are writing a user authentication system:
I brought a obviously leaky system, we just need to write “index.php?valid_user=1” in the address bar and we will get the message “Hello, user”
This wouldn't happen if we wrote it like this:
Those. They themselves defined the $valid_user variable as FALSE in case of failure.
Let me give you an example with sql injection:
In the address bar we write: “index.php?where=id=0+UNION+ALL+SELECT+login,+password,+null+FROM+admin+where+login=’admin’” we get an sql injection:
And the hacker gets your logins and passwords :(
As you can see, all examples have security holes that can be exploited through enabled register_globals.
You can deal with this if you always define a variable regardless of the conditions. Or use encapsulation of variables in functions, i.e. When you define a function, the variables inside it will be private from the outside, for example:
Now, if we write in the address bar: “index.php?where=123”
Will give: "$where does not exist"
But this is provided that you do not set the $where variable as global, i.e. "global $where"
I can come up with many more examples, but I think that the ones I have given will be enough for you to understand.
I want to say that all these problems will disappear into oblivion when you set the register_globals=off option and try all the above examples again.
This can be done as in php.ini, but most hosting providers will not allow you to do this, so you will have to use the “.htaccess” file
In this article you will learn how to create a registration and authorization form using HTML, JavaScript, PHP and MySql. Such forms are used on almost every website, regardless of its type. They are created for a forum, an online store, social networks (such as Facebook, Twitter, Odnoklassniki) and many other types of sites.
If you have a website on your local computer, then I hope that you already have local server installed and running. Without it, nothing will work.
Creating a table in the Database
In order to implement user registration, first of all we need a Database. If you already have it, then great, otherwise, you need to create it. In the article, I explain in detail how to do this.
And so, we have a Database (abbreviated as DB), now we need to create a table users in which we will add our registered users.
I also explained how to create a table in a database in the article.
Before creating a table, we need to determine what fields it will contain. These fields will correspond to the fields from the registration form. users So, we thought, imagined what fields our form would have and created a table
- with these fields: id with these fields:- Identifier. Field
- Every table in the database should have it. first_name
- - To save the name. last_name
- - To preserve the surname. email
- - To save the postal address. We will use e-mail as a login, so this field must be unique, that is, have the UNIQUE index. email_status
- - Field to indicate whether the mail is confirmed or not. If the mail is confirmed, then it will have a value of 1, otherwise the value is 0. password
If you want your registration form to have some other fields, you can also add them here.
That's it, our table users ready. Let's move on to the next stage.
Database Connection
We have created the database, now we need to connect to it. We will connect using the PHP extension MySQLi.
In the folder of our site, create a file with the name dbconnect.php, and write the following script in it:
DB connection error. Error description: ".mysqli_connect_error()."
"; exit(); ) // Set the connection encoding $mysqli->set_charset("utf8"); // For convenience, add a variable here that will contain the name of our site $address_site = "http://testsite.local" ; ?>This file dbconnect.php will need to be connected to form handlers.
Notice the variable $address_site, here I indicated the name of my test site that I will be working on. Please indicate the name of your site accordingly.
Site structure
Now let's look at the HTML structure of our site.
We will move the header and footer of the site into separate files, header.php And footer.php. We will include them on all pages. Namely on the main page (file index.php), to the page with the registration form (file form_register.php) and to the page with the authorization form (file form_auth.php).
Block with our links, registration And authorization, add them to the site header so that they are displayed on all pages. One link will be entered at registration form page(file form_register.php) and the other to the page with authorization form(file form_auth.php).
Contents of the header.php file:
Name of our site
As a result, our main page looks like this:
Of course, your site may have a completely different structure, but this is not important for us now. The main thing is that there are links (buttons) for registration and authorization.
Now let's move on to the registration form. As you already understand, we have it on file form_register.php.
Go to the Database (in phpMyAdmin), open the table structure users and look at what fields we need. This means that we need fields for entering the first and last name, a field for entering the postal address (Email) and a field for entering the password. And for security purposes, we will add a field for entering a captcha.
On the server, as a result of processing the registration form, various errors may occur due to which the user will not be able to register. Therefore, in order for the user to understand why registration fails, it is necessary to display messages about these errors.
Before displaying the form, add a block to display error messages from the session.
And one more thing, if the user is already authorized, and out of curiosity he goes to the registration page directly by writing in the address bar of the browser site_address/form_register.php, then in this case, instead of the registration form, we will display a header stating that he is already registered.
In general, the file code form_register.php we got this:
You are already registered
In the browser, the page with the registration form looks like this:
By using required attribute, we have made all fields mandatory.
Pay attention to the registration form code where captcha is displayed:
We specified the path to the file in the value of the src attribute for the image captcha.php, which generates this captcha.
Let's look at the file code captcha.php:
The code is well commented, so I will focus on just one point.
Inside a function imageTtfText(), the path to the font is specified verdana.ttf. So for the captcha to work correctly, we must create a folder fonts, and place the font file there verdana.ttf. You can find it and download it from the Internet, or take it from the archive with the materials of this article.
We're done with the HTML structure, it's time to move on.
Checking email validity using jQuery
Any form needs to check the validity of the entered data, both on the client side (using JavaScript, jQuery) and on the server side.
We must pay special attention to the Email field. It is very important that the entered postal address is valid.
For this input field, we set the email type (type="email"), this slightly warns us against incorrect formats. But this is not enough, because through the code inspector that the browser provides us, we can easily change the attribute value type With - To preserve the surname. on text, and that’s it, our check will no longer be valid.
And in this case, we must do a more reliable check. To do this, we will use the jQuery library from JavaScript.
To connect the jQuery library, in the file header.php between tags , before the closing tag , add this line:
Immediately after this line, we will add the email validation code. Here we will add a code to check the length of the entered password. Its length must be at least 6 characters.
Using this script, we check the entered email address for validity. If the user entered an incorrect Email, we display an error message about this and disable the form submit button. If everything is fine, then we remove the error and activate the form submit button.
And so, we are done with form validation on the client side. Now we can send it to the server, where we will also do a couple of checks and add data to the database.
User registration
We send the form to the file for processing register.php, via the POST method. The name of this handler file is specified in the attribute value action. And the sending method is specified in the attribute value method.
Open this file register.php and the first thing we need to do is write a session launch function and connect the file we created earlier dbconnect.php(In this file we made a connection to the database). And also, let’s immediately declare the cells error_messages And success_messages in the global session array. IN error_mesages we will record all error messages that occur during form processing, and in succes_messages, we will record joyful messages.
Before we continue, we must check was the form submitted at all?. An attacker can look at the attribute value action from the form, and find out which file is processing this form. And he may have the idea to go directly to this file by typing the following address in the browser’s address bar: http://site_address/register.php
So we need to check for a cell in the global POST array whose name matches the name of our "Register" button from the form. This way we check whether the "Register" button was clicked or not.
If an attacker tries to go directly to this file, they will receive an error message. Let me remind you that the $address_site variable contains the name of the site and it was declared in the file dbconnect.php.
Error! main page.
"); } ?>The captcha value in the session was added when it was generated, in the file captcha.php. As a reminder, I’ll show you this piece of code from the file again captcha.php, where the captcha value is added to the session:
Now let's proceed to the verification itself. In file register.php, inside the if block, where we check whether the "Register" button was clicked, or rather, where the comment " // (1) Space for the next piece of code"we write:
//Check the received captcha //Trim the spaces from the beginning and end of the line $captcha = trim($_POST["captcha"]);
Error! if(isset($_POST["captcha"]) && !empty($captcha))( //Compare the received value with the value from the session. if(($_SESSION["rand"] != $captcha) && ($_SESSION ["rand"] != ""))( // If the captcha is not correct, then we return the user to the registration page, and there we will display an error message to him that he entered the wrong captcha. $error_message = "
"; // Save the error message to the session. $_SESSION["error_messages"] = $error_message; // Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site ."/form_register.php"); //Stop the script exit(); // (2) Place for the next piece of code )else( //If the captcha is not passed or it is empty exit("Error! There is no verification code, that is, a captcha code. You can go to the main page.
"); }Next, we need to process the received data from the POST array. First of all, we need to check the contents of the global POST array, that is, whether there are cells there whose names correspond to the names of the input fields from our form.
If the cell exists, then we trim the spaces from the beginning and end of the line from this cell, otherwise, we redirect the user back to the page with the registration form.
Next, after we have trimmed the spaces, we add the line to the variable and check this variable for emptyness; if it is not empty, then we move on, otherwise we redirect the user back to the page with the registration form.
Paste this code into the specified location" // (2) Space for the next piece of code".
/* Check if there is data sent from the form in the global array $_POST and wrap the submitted data in regular variables.*/ if(isset($_POST["first_name"]))( //Trim the spaces from the beginning and end of the string $first_name = trim($_POST["first_name"]); //Check the variable for emptiness if(!empty($first_name))( // For safety, convert special characters to HTML entities $first_name = htmlspecialchars($first_name, ENT_QUOTES) ; )else( // Save the error message to the session. $_SESSION["error_messages"] .= "
Enter your name
Name field is missing
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) if( isset($_POST["last_name"]))( //Trim spaces from the beginning and end of the line $last_name = trim($_POST["last_name"]); if(!empty($last_name))( // For security , convert special characters into HTML entities $last_name = htmlspecialchars($last_name, ENT_QUOTES); )else( // Save the error message to the session. $_SESSION["error_messages"] .= "Please enter your last name
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) )else ( // Save the error message to the session. $_SESSION["error_messages"] .= "Last name field is missing
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) if( isset($_POST["email"]))( //Trim spaces from the beginning and end of the line $email = trim($_POST["email"]); if(!empty($email))( $email = htmlspecialchars ($email, ENT_QUOTES); // (3) Code location for checking the format of the email address and its uniqueness )else( // Save the error message to the session. $_SESSION["error_messages"] .= "Enter your email
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) )else ( // Save the error message to the session. $_SESSION["error_messages"] .= " "; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) if( isset($_POST["password"]))( //Trim spaces from the beginning and end of the string $password = trim($_POST["password"]); if(!empty($password))( $password = htmlspecialchars ($password, ENT_QUOTES); //Encrypt the password $password = md5($password."top_secret");else( //Save the error message to the session. $_SESSION["error_messages"] .= "Enter your password
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) )else ( // Save the error message to the session. $_SESSION["error_messages"] .= " "; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) // (4) Place for the code for adding a user to the databaseOf particular importance is the field - To preserve the surname.. We must check the format of the received postal address and its uniqueness in the database. That is, is there any user with the same email address already registered?
At the specified location" // (3) Code location to check the format of the postal address and its uniqueness" add the following code:
//Check the format of the received email address using a regular expression $reg_email = "/^**@(+(*+)*\.)++/i";
//If the format of the received email address does not match the regular expression if(!preg_match($reg_email, $email))( // Save the error message to the session. $_SESSION["error_messages"] .= "
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) // We check whether such an address is already in the database. $result_query = $mysqli->query("SELECT `email` FROM `users` WHERE `email`="".$email."""); there are exactly one row, which means the user with this email address is already registered if($result_query->num_rows == 1)( //If the result obtained is not false if(($row = $result_query->fetch_assoc()) != false) ( // Save the error message to the session. $_SESSION["error_messages"] .= "A user with this email address is already registered
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); )else( // Save the error message to the session . $_SESSION["error_messages"] .= "Error in database query
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); ) /* closing the selection */ $result_query-> close(); //Stop the script exit(); ) /* closing the selection */ $result_query->close();And so, we are done with all the checks, it’s time to add the user to the database. At the specified location" // (4) Place for the code for adding a user to the database" add the following code:
//Query to add a user to the database $result_query_insert = $mysqli->query("INSERT INTO `users` (first_name, last_name, email, password) VALUES ("".$first_name."", "".$last_name." ", "".$email.", "".$password."")");
if(!$result_query_insert)( // Save the error message to the session. $_SESSION["error_messages"] .= "
Error in request to add user to database"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); )else( $_SESSION["success_messages"] = "
Registration completed successfully!!!
If an error occurred in the request to add a user to the database, we add a message about this error to the session and return the user to the registration page.
Otherwise, if everything went well, we also add a message to the session, but this time it’s more pleasant, namely we tell the user that the registration was successful. And we redirect it to the page with the authorization form.
The script for checking the email address format and password length is in the file header.php, so it will also apply to fields from this form.
The session is also started in the file header.php, so in the file form_auth.php There is no need to start a session, because we will get an error.
As I already said, the script for checking the email address format and password length also works here. Therefore, if the user enters an incorrect email address or short password, he will immediately receive an error message. A button to come in will become inactive.
After fixing the errors, the button to come in becomes active, and the user will be able to submit the form to the server, where it will be processed.
User authorization
To attribute value action the authorization handicap has a file specified auth.php, this means that the form will be processed in this file.
And so, open the file auth.php and write code to process the authorization form. The first thing you need to do is start a session and connect the file dbconnect.php to connect to the database.
//Declare a cell to add errors that may occur when processing the form.
$_SESSION["error_messages"] = "";
Error!//Declare a cell for adding successful messages $_SESSION["success_messages"] = "";
"); }/* Check whether the form was submitted, that is, whether the Login button was clicked. If yes, then we move on, if not, then we will display an error message to the user indicating that he accessed this page directly.
Error! if(isset($_POST["captcha"]) && !empty($captcha))( //Compare the received value with the value from the session. if(($_SESSION["rand"] != $captcha) && ($_SESSION ["rand"] != ""))( // If the captcha is not correct, then we return the user to the registration page, and there we will display an error message to him that he entered the wrong captcha. $error_message = "
"; // Save the error message to the session. $_SESSION["error_messages"] = $error_message; // Return the user to the authorization page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site ."/form_auth.php"); //Stop the script exit()) )else( $error_message = "Error! The captcha entry field must not be empty.
"; // Save the error message to the session. $_SESSION["error_messages"] = $error_message; // Return the user to the authorization page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site ."/form_auth.php"); //Stop the script exit(); //(2) Place for processing the email address //(3) Place for processing the password //(4) Place for composing a request to the database )else ( //If the captcha is not passed exit("Error! There is no verification code, that is, a captcha code. You can go to the main page.
"); }If the user entered the verification code correctly, then we move on, otherwise we return him to the authorization page.
Checking the mailing address
//Trim spaces from the beginning and end of the line $email = trim($_POST["email"]);
if(isset($_POST["email"]))( if(!empty($email))( $email = htmlspecialchars($email, ENT_QUOTES); //Check the format of the received email address using a regular expression $reg_email = " /^**@(+(*+)*\.)++/i"; //If the format of the received email address does not match the regular expression if(!preg_match($reg_email, $email))( // Save to the session error message. $_SESSION["error_messages"] .= "
You entered an incorrect email"; //Return the user to the authorization page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_auth.php"); //Stop the script exit(); ) )else ( // Save the error message to the session. $_SESSION["error_messages"] .= "
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_register.php"); //Stop the script exit(); ) )else ( // Save the error message to the session. $_SESSION["error_messages"] .= "The field for entering a postal address (email) must not be empty.
Email input field is missing"; //Return the user to the authorization page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_auth.php"); //Stop the script exit(); ) // (3) Password processing area
If the user entered an email address in the wrong format or the value of the email address field is empty, then we return him to the authorization page where we display a message about this.
Password verification The next field to process is the password field. To the specified place"//(3) Place for password processing
If(isset($_POST["password"]))( //Trim spaces from the beginning and end of the string $password = trim($_POST["password"]); if(!empty($password))( $password = htmlspecialchars($password, ENT_QUOTES); //Encrypt the password $password = md5($password."top_secret");else( //Save the error message to the session. $_SESSION["error_messages"] .= "
Enter your password
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_auth.php"); //Stop the script exit(); ) )else ( // Save the error message to the session. $_SESSION["error_messages"] .= "Password field is missing
"; //Return the user to the registration page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_auth.php"); //Stop the script exit(); )Here we use the md5() function to encrypt the received password, since we have passwords in the database in encrypted form. An additional secret word in encryption, in our case " top_secret" must be the one that was used when registering the user.
Now you need to make a query to the database to select a user whose email address is equal to the received email address and whose password is equal to the received password.
//Query in the database based on the user's selection.
$result_query_select = $mysqli->query("SELECT * FROM `users` WHERE email = "".$email."" AND password = "".$password.""");
if(!$result_query_select)( // Save the error message to the session. $_SESSION["error_messages"] .= "Query error when selecting a user from the database
"; //Return the user to the authorization page header("HTTP/1.1 301 Moved Permanently"); header("Location: ".$address_site."/form_auth.php"); //Stop the script exit(); ) )Exit from the site
And the last thing we implement is procedure for leaving the site. At the moment, in the header we display links to the authorization page and the registration page.
In the site header (file header.php), using the session we check whether the user is already authorized. If not, then we display registration and authorization links, otherwise (if he is authorized), then instead of registration and authorization links we display a link Exit.
Modified piece of code from file header.php:
Registration
Exit
When you click on the exit link from the site, we are taken to a file logout.php, where we simply destroy the cells with the email address and password from the session. After this, we return the user back to the page on which the link was clicked exit.
File code logout.php:
That's all. Now you know how implement and process registration and authorization forms user on your website. These forms are found on almost every website, so every programmer should know how to create them.
We also learned how to validate input data, both on the client side (in the browser, using JavaScript, jQuery) and on the server side (using PHP). We also learned implement a procedure for leaving the site.
All scripts have been tested and are working. You can download the archive with the files of this small site from this link.
In the future I will write an article where I will describe. And I also plan to write an article where I will explain (without reloading the page). So, in order to stay informed about the release of new articles, you can subscribe to my website.
If you have any questions, please contact me, and if you notice any error in the article, please let me know.
Lesson Plan (Part 5):
- Creating an HTML structure for the authorization form
- We process the received data
- We display the user's greeting in the site header
Did you like the article?
I don’t know why... no, I know why you can’t enable the register_globals directive, but I don’t know why in the literature, as a rule, nothing is said about this.
In this article I will try to get all those sitting in it out of the tank and explain what’s what (especially for those on the armored train - editor’s note). It’s not for nothing that some hosters disable this directive. So…
How it works
In the PHP settings (php.ini file) there is such a register_globals directive. Its meaning is that if it is enabled (register_globals = on), then all variables passed via GET and POST will be automatically registered as global. What does it mean?
For example, we pass the GET method to the index.php script some page value: index.php?page=2. The passed value is stored in a GET array and can be used in a script as $_GET["page"]. However, if we have register_globals enabled, then a $page variable will be created for the passed value, which is available in any part of the index.php script.
A small summary and addition. When register_globals is enabled, three copies of the variable are created: in the GET array, in the GLOBALS array, and simply the variable itself ($_GET["page"], $GLOBALS["page"], $page), while when register_globals is disabled, the passed value can be accessible only through the GET array ($_GET["page"]). Remember.
Danger of use
Let's look at a simple example to understand what's in store for us (from 3 to 5 years - editor's note). To make it easier, I’ll say right away that $login and $password are variables passed by the GET/POST method.
Briefly about what the script does:
Line 2. We make a request to the database in order to pull out the real password for the login entered by the user.
Line 3. We get this password and assign it to the $real_pass variable.
Line 4. We compare the real and entered password and if they match, the $check variable will be assigned true.
Lines 5-8. If $check is true, then we write that authorization was successful, etc.
The proposed scenario, by definition, is the most leaky in the world, and now I will show you these holes. Condition: register_globals is enabled.
Let's say the transfer is carried out using the GET method. Then the url will look something like this:
www.site.com/index.php? login=admin& - Field to indicate whether the mail is confirmed or not. If the mail is confirmed, then it will have a value of 1, otherwise the value is 0.=qwerty
It is clear that the global variables $login and $password are immediately created. Now look at the script. It contains the $check variable. What if you pass it via URL?
www.site.com/index.php? login=admin& - Field to indicate whether the mail is confirmed or not. If the mail is confirmed, then it will have a value of 1, otherwise the value is 0.=qwerty& check=1
Then the password matching check is bypassed and the user is immediately authorized (after all, do you remember that 1 is true, and 0 is false?). The same result will occur if we write www.site.com/index.php?check
=1
. And even if you use the POST method, all such frauds will still work, since when register_globals is enabled, it does not matter what method you use - GET or POST.
I think someone has a question, how does a cracker know about the check variable and that it is responsible for everything? If you haven't shown the script to anyone, they are unlikely to know it. However, not everyone uses their own scripts, CMS, etc., but uses what is available on the network. In such cases, a cracker, for example, can study the CMS code and attack sites created with its help.
However, not all hosters disable register_globals, and even if your scripts are designed to not have register_globals enabled, a cracker can still hack your script using the vulnerability of this directive.
Let's take our example. To protect it in case register_globals is enabled, after the line if ($password==$real_pass) $check =true; add the following: else $check =false;. In this case, even if the check variable equal to one is passed by the GET method, the script will still set $check=false if the password is incorrect.
Yes, I would also like to draw your attention to the fact that if you turn off register_globals, then our example will not work. And for it to work, you need to write $login = $_POST["login"]; $password = $_POST["password"];
Let's sum it up...
and draw two main conclusions:
1) When register_globals is enabled, you can pass various variables, the values for which were not calculated to be received via GET or POST.
2) Register_globals itself is not so much dangerous as a crookedly written script.
That's all for today! I will be very glad to see your comments, remarks, suggestions and just feedback. Therefore, write, don’t be shy!
With wishes for a successful week,
Alexander SHUYSKY
