RE: Re: So called "PHP Expert"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is why I am pushing for legislation to make this a licensed profession.

-----Original Message-----
From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] 
Sent: Friday, March 20, 2009 9:18 PM
To: Shawn McKenzie
Cc: php-general@xxxxxxxxxxxxx
Subject: Re:  Re: So called "PHP Expert"

On Fri, 2009-03-20 at 18:57 -0500, Shawn McKenzie wrote:
 <דניאל דנון wrote:
> > I'm a member of some forums about some topics,
> > One of them include a programming forum.
> > 
> > Now, I've visited there a week ago and saw a topic with the title "Free
> > security",
> > Someone who calls himself a PHP expert (and said that he could teach me PHP
> > since my level is so low), and pretends to have so many clients,
> > Posted the following code.
> > 
> > The code is written badly, and in his words - "its the best security,
> > without this you aren't secured".
> > Now, I am looking for a way to explain to him he is no PHP Professional, but
> > I can't find the right sentence. Will you help me?
> > And here is the code of the so-called "PHP Professional" who has "very large
> > amount of big clients" and "can teach me PHP".
> > Help me find something to say to him - I am not so good at that kind of
> > stuff
> > 
> > Kind regards,
> > Daniel
> > 
> > 
> > *<?
> > #######################################
> > ## aNtisQL by Moriel Pahima.
> > #######################################
> > $getadd=strtolower($_SERVER[REQUEST_URI]);
> > $adr1 = $getadd;
> > $adr2x = explode("?",$adr1);
> > $adr = $adr1;
> > foreach( $_POST as $post => $value )
> > $postcc.="$post => $value\n";
> > foreach ( $_COOKIE as $cook => $value )
> > $cookiecc.="$cook => $value\n";
> > foreach ( $_GET as $get => $value )
> > $getcc.="$get => $value\n";
> > #######################################
> > check($adr1);
> > check($postcc);
> > check($getcc);
> > check($cookiecc);
> > function check($antisql){
> > if (
> > eregi("union",$antisql)&&eregi("from",$antisql)
> > Or
> > eregi("ibf_",$antisql)&&eregi("select",$antisql)
> > Or
> > eregi("insert",$antisql)&&eregi("order",$antisql)
> > Or
> > eregi("update",$antisql)&&eregi("where",$antisql)
> > Or
> > eregi("`",$antisql)&&eregi("truncate",$antisql)
> > Or
> > eregi("null",$antisql)&&eregi("alter",$antisql)
> > ){
> > errorview();
> > }
> > if (
> > eregi(h3x("union"),$antisql)&&eregi(h3x("from"),$antisql)
> > Or
> > eregi(h3x("ibf_"),$antisql)&&eregi(h3x("select"),$antisql)
> > Or
> > eregi(h3x("insert"),$antisql)&&eregi(h3x("order"),$antisql)
> > Or
> > eregi(h3x("update"),$antisql)&&eregi(h3x("where"),$antisql)
> > Or
> > eregi(h3x("`"),$antisql)&&eregi(h3x("truncate"),$antisql)
> > Or
> > eregi(h3x("null"),$antisql)&&eregi(h3x("alter"),$antisql)
> > ){
> > errorview();
> > }
> > if (
> > eregi(h3x("UNION"),$antisql)&&eregi(h3x("FROM"),$antisql)
> > Or
> > eregi(h3x("IBF_"),$antisql)&&eregi(h3x("SELECT"),$antisql)
> > Or
> > eregi(h3x("INSERT"),$antisql)&&eregi(h3x("ORDER"),$antisql)
> > Or
> > eregi(h3x("UPDATE"),$antisql)&&eregi(h3x("WHERE"),$antisql)
> > Or
> > eregi(h3x("`"),$antisql)&&eregi(h3x("TRUNCATE"),$antisql)
> > Or
> > eregi(h3x("NULL"),$antisql)&&eregi(h3x("ALTER"),$antisql)
> > ){
> > errorview();
> > }
> > }
> > #######################################
> > ## All Rights Reserved!
> > #######################################
> > function errorview(){
> > echo <<<antisql
> > <center>
> > aNtisQL&nbsp;ANTI&nbsp;SQL-INJECTION&nbsp;SYSTEM <br />
> > by&nbsp;<a href="mailto:
> > hidden-since-i-dont-want-to-show-it-on-php-mailinglist
> > ">Moriel&nbsp;Pahima</a>
> > </center>
> > antisql;
> > die();
> > }
> > #######################################
> > function h3x($envar){
> >     $hax3d = bin2hex($envar);
> >     $hax3d  = chunk_split($hax3d , 2, "%");
> >     $hax3d  = "%" . substr($hax3d , 0, strlen($hax3d ) - 1);
> >     return $hax3d;
> > }
> > ?>*
> > 
> 
> Tell him that the PHP experts and me (PHP hobbyist) on this list won't
> even pick through his code because it is a garbled mass of shit!
> 
> Maybe someone else will disagree and say that its a masterpiece, then
> I'll bow out gracefully.
> 
> -- 
> Thanks!
> -Shawn
> http://www.spidean.com
> 
Nah, the GMS managed to pretty much cover it!


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


__________ Information from ESET Smart Security, version of virus signature database 3952 (20090320) __________

The message was checked by ESET Smart Security.

http://www.eset.com


 

__________ Information from ESET Smart Security, version of virus signature database 3952 (20090320) __________

The message was checked by ESET Smart Security.

http://www.eset.com
 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux