pamamolf Posted November 9, 2010 Posted November 9, 2010 I will not post the code (already many know about that) but i need some help about the fix: This is the code to protect against this attack: First Write protection.php: -------protection.php----- <?$self = $_SERVER['PHP_SELF']; $pos = strpos($self, 'login.php');if($pos == true){echo "<script language='javascript'>window.location = 'http://server/index.php';</script>";}?>---------------------------- Save protection.php in the admin map of oscommercethen paste following code in all pages in the /admin map(expect login.php): include('protection.php') I was create the file protection.php and i add this code inside: <?$self = $_SERVER['PHP_SELF'];$pos = strpos($self, 'login.php');if($pos == true){echo "<script language='javascript'>window.location = 'http://server/index.php';</script>";}?> I was replace the: http://server/index.php with: http://mydomain/index.php and i upload it to admin folder. then i was try to add the: include('protection.php') on all php files on admin folder exclude login.php i was add it at the top above: require('includes/application_top.php'); like: include('protection.php') require('includes/application_top.php'); But after that i was try to login to my admin panel and i am getting a blank white screen :( Can you please let me know what i was did wrong and how to fix it? Thank you
pamamolf Posted November 9, 2010 Author Posted November 9, 2010 If i use it on top of all php files like this is working: <?php include('protection.php') ?> But it will use the protection.php for security or not? Thank you
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.