Break the Style » PHP Tutorial

How to change Ubuntu Password

Paran — Wed, 16 Feb 2011 07:14:08 +0000

Different purpose we need to change the password. It may OS or other device. Different device changing option different. So, I like to to discuss here how to change Ubuntu Password. This tips is important for novice Ubuntu user. Ok, Lets see how to do it.

First Technique:

Go to: System->Preferences->About Me

Click to Change Password Button

Then Enter the current password and click to the Authenticate

Then Enter the New Password, also Retype the new Password.

Then Click to the Change Password Button. Oh, Try to Enter the strong password.

Now your Current Password is establish.

How to print/retrieve current page link location

Paran — Thu, 28 Oct 2010 03:53:37 +0000

Several time we need to print or retrieve current page link location. Or Several time we need to pass the instant page link location. But how to do it? Ok, just I try to give you some hints about this. Just you can add this code on your page head or you can add the following function on your site configuration page.

Now, you need to call this function on your desired place where you want to print this link location. Call system are as follows:

echo curPageURL();
?>

I hope it will be helpful.

How to Avoid the PHP_SELF exploits

Paran — Fri, 01 Oct 2010 18:21:45 +0000

PHP_SELF exploits can be avoided by using the htmlentities() function. For example, the form code should be like this to avoid the PHP_SELF exploits:

The htmlentities() function encodes the HTML entities. Now if the user tries to exploit the PHP_SELF variable, the attempt will fail and the result of entering malicious code in URL will result in the following output:

As you can see, the script part is now ‘sanitized’.

So don’t forget to convert every occurrence of “$_SERVER['PHP_SELF']” into “htmlentities($_SERVER['PHP_SELF'])” throughout your script.

What are PHP_SELF exploits and how to avoid them

Paran — Fri, 01 Oct 2010 18:09:17 +0000

The PHP_SELF variable is used to get the name and path of the current file but it can be used by the hackers too. If PHP_SELF is used in your page then a user can enter a slash (/) and then some Cross Site Scripting (XSS) commands to execute.

See below for an example:

Now, if a user has entered the normal URL in the address bar like “http://www.yourdomain.com/form-action.php”, the above code will be translated as:

This is the normal case.

Now consider that the user has called this script by entering the following URL in the browser’s address bar:

http://www.yourdomain.com/form-action.php/%22%3E%3Cscript%3Ealert('xss')%3C
/script%3E%3Cfoo%22

In this case, after PHP processing the code becomes:

You can see that this code has added a script tag and an alert command. When this page is be loaded, user will see an alert box. This is just a simple example how the PHP_SELF variable can be exploited.

Any JavaScript code can be added between the “script” tag. . A hacker can link to a JavaScript file that may be located on another server. That JavaScript file can hold the malicious code that can alter the global variables and can also submit the form to another address to capture the user data, for example.