• Registered: 2006-03-03
  • Posts: 86

Topic: Cant add sessions to punbb :(

I'm trying out a new hack by putting in a token for registered users on the register form as a PHP Security guru suggests

http://shiflett.org/articles/foiling-cross-site-attacks

Unfortunately it seems the way punbb works it wont allow session, i think some stuff is coming in before the session starts even though I put in my session code at the top of register.php

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Cant add sessions to punbb :(

I'm confused, what are you trying to add?

  • Registered: 2006-03-03
  • Posts: 86

Re: Cant add sessions to punbb :(

a token that is in the form and must match whats in the session, also I'm gonna set a 15min timeout, I know my code works as I've used it in a email form I have, but I'm trying to hack it into punbb registration

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Cant add sessions to punbb :(

What would the point of it be though? I think most bots process forms like a human would, which means the hidden field would be sent. I also would think that cookies (especially session cookies) are handled properly, since they're used so often for anti-spam measures

  • Registered: 2006-03-03
  • Posts: 86

Re: Cant add sessions to punbb :(

ok good point, I guess I was thinking the cross-domain stuff might help with spam, doh