I'm having a blast with PHP functionality, but I know very little about PHP security -- which, of course, is a major bad thing. I'm self-teaching myself this language but the resources are sometimes a little less cut-and-dried than is helpful.
I just made this dumb little site:
You can see that right below the "Again!" button is a counter. It shows how many times the button has been clicked. Every time the button is clicked, my JS makes an Ajax call to a PHP file (counter.php) which updates this file:
http://www.ineedaprompt.com/counter.txt
Every 100ms, I use an Ajax call to update the value of that counter field with the contents of the counter file.
The counter was well over 100 recently, but then suddenly dropped back to 0 and started all over. How easy would it be for someone external to overwrite that counter.txt file? How can I prevent it?
Note: There's nothing in my .htaccess file having to do with PHP because I'm not sure what to put in there.
Pardon my ignorance and TMI, and thank you!
EDIT: You guys are wonderfully fast.
Here's the counter.php code:
<?php
$counter = file_get_contents("counter.txt");
$counter++;
file_put_contents("counter.txt", $counter);
?>
...and the code in my JS that activates on clicking the button:
$("#button").click(function(){
$.ajax("counter.php");
});
...and the code in my JS that activates every 100ms:
window.setInterval(function(){
$.get("counter.txt", function(result){
$("#counter").html(result);
});
}, 100);
The counter has no limit. It's literally just a text file with a single number in it.