March 19, 2012

Using variables to check if certain things are allowed

Question by Marshall Mathews

i was thinking of implementing features of turning on and off certain things on my website like registering and logging of.
I could include a file with variables like so

$upload = 1;
$register = 1;

And then in suppose my register.php file i could do a check like so

if($register == 1){
//Show form
} else { echo "Registration is disabled" }

i was wondering if this would be a security issue as i read somewhere that stuff can be suffixed the url to bring the same effect
Like so


But that does not work if register globals are turned off, is this much of a security issue?

Answer by Starx


register.php?register=1 will only be accessed from $_GET['register']
Unless you’re using an older version of PHP with register_globals turned on Thanks Lex

If you are configuring some features on the server, I suggest you use sessions instead.

$_SESSION['upload'] = 1;
$_SESSION['register'] = 1;

Unlike constants, they can be changed, if some criteria is met.

And register_globals() is removed from the latest PHP 5.4.0, so, dont use that.


Please fill the form - I will response as fast as I can!