March 19, 2012

Using variables to check if certain things are allowed

Question by Marshall Mathews

i was thinking of implementing features of turning on and off certain things on my website like registering and logging of.
I could include a file with variables like so

<?php
$upload = 1;
$register = 1;
?>

And then in suppose my register.php file i could do a check like so

if($register == 1){
//Show form
} else { echo "Registration is disabled" }

i was wondering if this would be a security issue as i read somewhere that stuff can be suffixed the url to bring the same effect
Like so

register.php?register=1

But that does not work if register globals are turned off, is this much of a security issue?

Answer by Starx

NO

register.php?register=1 will only be accessed from $_GET['register']
Unless you’re using an older version of PHP with register_globals turned on Thanks Lex

If you are configuring some features on the server, I suggest you use sessions instead.

$_SESSION['upload'] = 1;
$_SESSION['register'] = 1;

Unlike constants, they can be changed, if some criteria is met.

And register_globals() is removed from the latest PHP 5.4.0, so, dont use that.

...

Please fill the form - I will response as fast as I can!