The file_get_content integration

Community Based Support for JROX Affiliate Manager Only
Post Reply
cspasztor
Posts: 1
Joined: Tue Jul 25, 2017 2:42 pm

The file_get_content integration

Post by cspasztor » Tue Jul 25, 2017 2:56 pm

After the php5.6 changes this is not working on https.

But I can make fake commissions from my browser http://mysite.com/myfolder/sale/amount/ ... de/$COOKIE
I write the values into the variables.

I think everybody can make fake commission who "know" the script.

I think it is a security risk.
It is a better method to post (with a security ID) than this.
Or another possibility if I can change the route from "myfolder/sale/amount/" to "myfolder/sale23tqprz65kst/amount/" for example.

Or if you not encrypt a file - the sale.php I think.
If the file is "open source" (only this file) we can implemet own our secure transactions.

Thanks,
Csaba

Post Reply