Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding CMS Using Url Query's to define page

Thread Rating:
  • 419 Vote(s) - 3.45 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Using Url Query's to define page

Offline rachelfecvhjb


Member
*
Member
Posts: 0
Threads: 0
Joined: Jul 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-20-2023, 01:33 PM
The web page i want to go to is

[To see links please register here]


I have a file called projects.php that looks for variables and includes the correct page (projectsm projectdetails, projectedit...) But i don't know how to make the script detect if there is a page definition (`?action=projectdetails`) The `&id` variable tells to server what id to query on the database to retrieve information.

Here is my current code (which doesn't work)

<?php
session_start();
ob_start();
$currentPage = 'usrprojects';

require ('assets/config.inc.php');


if (isset($_SESSION['logged_in']) != true) {
header("location: login.php");
}
else {
if (isset($_GET['action'])){
if( isset($_GET['projectdetails']) && $_GET['projectdetails'] == "")
{
echo "asd";
}
}
else {
require 'includes/pages/projects.php';
}
}
?>

Reply

Offline demystifies125977


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Oct 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-20-2023, 01:41 PM
I think the above would more likely be like this as you are trying to find if a GET variable is equal to `projectdetails` rather than find a GET variable with the name `projectdetails`

session_start();
ob_start();
$currentPage = 'usrprojects';

require ('assets/config.inc.php');


if ( isset( $_SESSION['logged_in'] ) != true ) {
header( 'location: login.php' );
} else {
if ( isset( $_GET['action'] ) ){
if( $_GET['action'] == 'projectdetails' ) require 'includes/pages/projects.php';
else echo 'asd';
}
}

However, as I mentioned in the comment you might want to use a whitelist idea - rough idea like this:



session_start();
ob_start();

if( empty( $_SESSION['logged_in'] ) ){
exit( header( 'location: login.php' ) );
}

$whitelist=array(
'projects' => array('script'=>'includes/pages/projects.php','level'=>3),
'admin' => array('script'=>'includes/pages/admin.php','level'=>1),
'other' => array('script'=>'includes/pages/other.php','level'=>5)
);

$currentPage = 'usrprojects';
require ('assets/config.inc.php');



if( !empty( $_GET['action'] ) && array_key_exists( $_GET['action'], $whitelist ) ){

$action = $whitelist[ $_GET['action'] ]['script'];
$level = $whitelist[ $_GET['action'] ]['level'];

if( file_exists( $action ) && $_SESSION['level'] <= $level ) require $action;
}
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through