turn globals off

I have seen many threads, many scripts, many topics, many tutorials where it explains that globals need to be turned off?



I have absolutely no clue what this means, and are using arrays safer to use that just normally inputting data?

I think it's because many php applications have vulnerabilities that can be exploited if global variables is left on. Even the phpBB board has one that can be exploited.

A quick Google search for : globals + vulnerabilities will show you what I mean.

How can i avoid this type of situation?

turn globals off in php. If you don't have access to the server you would need to request it of your host. I don't run linux servers so I'm not sure how to tell you how to go about it, but there's probably several here who can.

What exactly are globals, i seriously have no clue.

http://www.strath.ac.uk/IT/Docs/Ccourse ... 3_6_3.html

Basically, the idea is that global variables can be used be all functions.

Hey a question about sessions...

If a session is created, how will another page recognise who the user is by the session?? I mean say if there are 2 users, wont the script get confused?

Its pretty simple to turn off globals. If you have a Linux machine just go in /etc/php.ini and where it says
register_globals on
change it to
register_globals off
Although most hosting companies have it turned off by default because PHP now does that by default.
To check if you have it on or not, make a php file and just put

and you will see all your variables.
Hope that was of some help to you.

phpBB uses a few methods to validate and remember users. This link explains it pretty well:

http://www.phpbb.com/kb/article.php?article_id=54

Truthfully nem, it's refreshing to see your tenacity at learning this, but you should take some real effort to study the code itself. For example, just take this phpBB board script and start to look at every file and study what each and every function and variable does. IMO this script is pretty highly developed and can teach a beginner a lot. I still consider myself a beginner at php and the study of this script is how I'm learning to understand it.

Thanks atno for the advice.

No prob. Another good learning tool is phpMyAdmin and study the structure of the tables in a script. For example as you'll note from the link above phpBB uses a combination of Session ID's (stored in the database and encrypted) and Cookies stored on the users machine. It's a huge challenge to do it right and get a good security in place. I suppose that's why the phpBB group is a "group" and not an individual. Most really good programs are not just written by one person.

yeah, but what about invisionboard. I would say that board is more secure than phpbb.

Really?

http://www.threatfocus.com/vuln_detail. ... t_id=12268
https://www.edgeos.com/threats/details.php?id=11977

OUCH

I think that turning the globals of can protect u from being hacked.If globals are on then hackers can get the values of these globals from the streams and can have undue advantage.So to turn globals off is to make ur system operate more safely.