0

I have my website which has this issue. It could be hacked easily through javascript.If the hacker types this in his console he can easily add a user in my database and can signup without going through the stuff like checking password length , checking username length and so on ...

$.post("extra/includes/signup/register.inc2.php",{username:"user1234",email:"[email protected]",p:"here goes password"})

I want a code that could stop him from using console in my website. And if there is no way to do that then how to fix it by some other means ?

Improve this question
3
  • 1
    a hacker can always manipulate the js and html. What you have to do is make your PHP code safe. Commented Feb 6, 2015 at 7:39
  • you dont only do validation on client side, in fact you can always use php to validate then return the validation error to client side, if you use this way, how can the hacker hack? Commented Feb 6, 2015 at 7:40
  • if you want to secure your actions you have to let only authenticated user with some specified privilages to do it, to achieve this you need to write some kind of authentication and privilages system and check if user got right to add users Commented Feb 6, 2015 at 7:41

2 Answers 2

Reset to default
1

Disabling the console won't do. A hacker can always do the same request to your server as you do.

If it is something that isn't public you can protect it using a username and password, looking at the url it is a public script.

If you require a public register script the best way to protect against this kind of thing is to us a captcha (for example recaptcha. It makes it a lot harder to do a scripted attack on your register script.

Always validate the data server side, you can not trust the data you receive from your request because it can be easely manipulated.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You should not rely on client side form validations and it is total bad practice.Try to adapt framework like CI or Laravel . They have particular set of easy ways to validate the form inputs .

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.