Setting a PHP cookie value to be intentionally vulnerable

First of all, I’m new to PHP and coding in general.

I’m currently creating a web application which is intentionally vulnerable to teach students about web based vulnerabilities. The web app consists of levels with each level containing a different vulnerability.

On the current level, I am trying to set a cookie name “Authenticated” with a value of “0” when a user successfully logs into the level. When they reach the page, they receive a PHP error that they are not authenticated. I want them to be able to intercept the page request, change the value to “1”, and then as a result of this changed value, receive a PHP echo containing the password for the next level.

Here is my main page (level6.php):

 <?php
 session_start();
 if(!isset($_SESSION['user'])){
    header("Location:../level5/login6.php");
 }
 include("authentication.php");
 ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <meta charset='utf-8'>
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <link rel="stylesheet" href="../css/wargames.css">
   http://code.jquery.com/jquery-latest.min.js
   http://js/script.js
   <title>Generic Web App Title</title>
   
</head> <body background="../images/background.jpg"> <br />

Welcome to Level 6!


<br />

Aura Session 2.x – CSRF

I have a question if anyone had the opportunity to use Aura Session 2.x? If so, I need help …

My problem is that I have no idea what I’m supposed to call (?) For the CSRF to work. Unfortunately, but from the example I didn’t learn anything. I can’t apply it in practice.

Link to the example: Aura Session 2.x CSRF

Thanks in advance for any reply.


Source: stackoverflow-php

How To Free My site to lost useless SESSION Stored in PHP

Hello everyone i have a site anytime i make any change like changing image or any picture or anything it will not change instantly until lik some hours before change please assist me i have some codes here that i think that is the problem

     <?php ini_set('session.use_cookies', true);
     ini_set('session.use_trans_sid', true);
     ini_set('arg_separator.output', '&amp;');
      ignore_user_abort(true);
      ini_set('default_charset','UTF-8');
      session_set_cookie_params(31556926); // 31556926 FOr 1year
      ini_set('session.gc_divisor',1);
     ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);

     $currentTimeout= ini_get('session.gc_maxlifetime');

      ini_set('session.gc_maxlifetime', 31556926); // 1 Year
      error_reporting(1); 
      ob_start();
    session_start(); ?>

is the problem
ob_start(); ?
please help me thanks


Source: stackoverflow-php

using session in wordpress to get template only once

Hi I am using session in wordpress to get template part in the session. I am new to php and don’t know how to fix.

Using below code to pull the template part once and use only the first one for the session.
It pulls only once but when I refresh the page it returns blank
How can I fix it?

            session_start(); 
            if(!isset($_SESSION['function_ran'])){ 
            // get_empplate_part
            $_SESSION['function_ran'] = true; 
            } 


Source: stackoverflow-php

Yii2 creates new session instead of opening existing

I am working on a simple logic of storing my shopping cart in session using Yii2 native yiiwebSession.
Every time I add an item to a cart I call a method:

public function actionAdd( ) {

    $id = Yii::$app->request->get('id');
    $product = Product::findOne($id);

    $session = Yii::$app->session;
    $session->open();

    $cart = new Cart();
    $cart->addToCart($product);

    $this->layout = false;
    return $this->render('cart-modal', compact('session'));
}

this method works with a Cart model and adds my item to the session:

public function addToCart($product, $qty = 1) {

    if(isset($_SESSION['cart'][$product->id])) {
        $_SESSION['cart'][$product->id]['qty'] += $qty;
    } else {
        $_SESSION['cart'][$product->id] = [
            'qty' => $qty,
            'title' => $product->title,
            'price' => $product->price,
            'image' => $product->image,
        ];
    }
}

and all goes well until I try add another item.
Then Yii instead of opening existing session creates a new one with this last item I’ve add. What can be the reason of this kind of behavior?

I’m working on a local web server OpenServer and haven’t changed any setting that might be related to sessions.


Source: stackoverflow-php