Newgrounds.com — Everything, By Everyone.

Hey everyone, this is really important. I own the site Xero Studios , and my forum was just hacked. What the person did was upload a simple script to my flash portal, and it deleted my forum. Luckily, I backed up my forum a couple days ago, but this person could obviously keep uploading the script. I need to make it so only .swf files can me uploaded to my portal. I tried to make it like that before, but it didn't work out, and I didn't think it was a big deal, but now I am worried about getting hacked again, so it is important now. So if anyone could help me add some lines of code to my portal to protect myself from that, it would be great. Thanks guys!

Couldn't you use an explode( ) on the filename being uplaoded and take the second half as the extension and a simple if( ) statement to check it against "swf" ??

Can we see your current script?

if(strstr(!flashfile, ".swf")){
echo "The file must be an swf file.";
}

At 11/4/06 07:47 PM, SpamBurger wrote: What if the person named the file destroy.swf.php?

Exactly.

So, what you should do, like someone said above, is use explode like so:

<?php
$file_extension = explode('.', $filename);
if ($file_extension[count($file_extension)-1] != 'swf')
{
echo 'You can only upload a .swf file.';
exit;
}
?>

Something like that would be pretty safe I think.

Awesome DFox, thats what I did and it works. Yey the Xero Studios portal is safe once again! Thanks everyone for the help.

At 11/4/06 08:11 PM, Xero wrote:

Yey the Xero Studios portal is safe once again!

Sorry, just checked your site looks like someone disagrees?

Who does?

At 11/4/06 08:48 PM, Xero wrote: Who does?

He was probably referring to the fact that your database had issues earlier after you said you had fixed the problem.

A New Day isn't on Doctor's Advocate ;)

Lol, yea I know that Taylor, its because I didn't name the files, they are from other places. I can't wait for the Doctor's Advocate though!

At 11/4/06 09:53 PM, Xero wrote: Lol, yea I know that Taylor, its because I didn't name the files, they are from other places. I can't wait for the Doctor's Advocate though!

Depending on how you'd like to end up with it, drop me a PM and I can probably "help you out"

Its probably the best CD I've heard in years. All the Scott Storch tracks are hot, COMPTON (produced by Black Eyed Pea's Will.I.Am) starts out cheesy but Game comes in with some of the heaviest lyrics I've ever heard.