Thread: www.rawpasswords.com - You have to be FUCKING kidding me
View Single Post
Old 07-16-2007, 05:22 AM  
Nathan
Confirmed User
 
Industry Role:
Join Date: Jul 2003
Posts: 3,108
Quote:
Originally Posted by FakeNick View Post
like this you mean

PHP Code:
<? 

// Redirect "password" traffic 

$refer_full_path = "$HTTP_REFERER"."$PATH_INFO"; 

if(( preg_match("/pass/i", $refer_full_path)) || 
( preg_match("/passes/i", $refer_full_path)) || 
( preg_match("/password/i", $refer_full_path)) || 
( preg_match("/passwords/i", $refer_full_path))) {_ 


header("Location: $refer_full_path"); 
exit;_ 


?>
PHP Code:
<? 
$words=array("pass","passes","password","passwords"); 
for($i=0;$i<count($words);$i++){ 
if(eregi($words[$i],$HTTP_REFERER)){ 
header("Location: http://www.adultfriendfinder.com"); 


?>
Oh god...

1) REGISTER GLOBALS?!?!?! You insane?
2) Performance wise eregi or preg_match are extremely bad for this kind of stuff, use strpos for it, also checking for "pass" will match "passes" and "password" and "passwords" so why even check for "passes", "password", "passwords" after that?! No point.
3) In your 2nd example, add an exit after the header(); so it stops searching on a match...
__________________
"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie Munger
Nathan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote