Security Against the Developer Tool

so for the past couple of episodes have been talking about security when it comes to web sites and when you guys sent me a message reminding me of a mistake that I made a few episodes back when we create our comment section episodes so I figured since we talked about security for the past couple episodes it would be a good idea to show you guys how to fix the mistake that I made even if you didn't follow along these episodes regarding the comments section because this is a mistake you will run into if you make a PHP website that has any kind of form inside of it so we need to know about this little security breach here so as you guys can see I do have some code in front of me i also have the website in front of me that we actually made with the comment section now the basic idea behind this mistake that I made is that inside any kind of browser these most browsers today you have something called the developer tool meaning the right now as you guys can see I can actually right click on anything let's actually go to find a comment here I can right click on a comment inspect the elements and then we can actually see the actual code at least a front-end code of this website now the problem here is that I can actually change the code inside my developer tool meaning that if i want to change the look of this website because its front and only I can actually going to change the background color or what I want to do and it will actually change inside the website as long as they don't refresh the browser because when we refresh the browser everything is going to go back to normal again so the error then I made happens when we didn't make a second secure - check if the user who posted this post on here what's the correct user now the place that I needed to do that tick was when we actually edit or delete any of these posts down here now of course right now so you guys can see you can actually do that because I'm not locked in so just show you guys what it is i'm talkin about let's actually go ahead and lock in so I'm going to go to lock in staniel as you guys can see it says you are locked in as Daniel if I go down to one of my comments down here gasps considers to comment from admin and two from Daniel now I shouldn't be able to edit or delete these comments down here because it didn't make them but because we have to develop a tool and we haven't done a second secure - check I can actually do it so what i can do is i can actually then right click on the delete button for example on one that comes that I made inspect the element and inside the developer tool which is quite tiny here we can actually see the entire form of this delete button we can even see the hidden inputs and this is where we have our problem because right now we used our Comment ID from database as a value which some people can argue you know should we use the ID of you know specific tables from your database because we shouldn't let you know users know about die DS or should we use two pieces of data and mash them together to find the correct post so we can actually take the author name or the date the post was submitted and then that way find the correct post so there's some pros and cons of doing both ways if you actually do use the author and the date then there's a greater chance of something you know wrong happening when you actually want to find the right post but by using the common ID it which is the actual primary key of our table you tell the use of some information they shouldn't know so you can argue which one's better and it depends on you guys but what we can actually do here if I do actually go in here I can actually see my input that's hidden that has a common idea of six and now if i want to go down right click on one of the other people's post and inspect the element of their post i can actually go in and try to find the common ID on their post so i need to right click on the reply button which is down here inspect elements and as you guys can see we get another form what we can see that the common ID of the specific post is seven which is not a post that i made it as somebody else who made this post but if i go back to my post up here right click on delete button inspect element and seems to value 27 inside the developer tool and because i have a refresh the browser yet it's still going to see this as the correct info I can actually close to develop a tool never hit the delete button notice that the admin post out here that's called asdasdasd will disappear so now we only have one admin post we should not be able to do this so there's a couple of ways to to fix this the best way to do this would be if we actually checked for the current use ID when we want to do something either two leading editing from the database so we need to check when we load the browser if what a person who actually created the post which we've done right now this is actually doing here but we also need to check if it's the correct use ID when we do actually click the button so going into a code we're going to go and change a couple of things just a minor changes which is the fact that we're going to go back to our index PHP and then we have our delete button which is actually not inside the index ID would you actually need to go into our common studying the PHP file and in here we need to go down to where we have out get comments function which is the one that actually displays all the comments inside our website and we need to find the delete button now do bear in mind you need to do this fixed for put the edit and delete button but i'm just going to show you guys will delete button so you know how to actually fix it so how delete button is actually right down here up here and what we need to do is to do X need to bring in our session ID inside our function as well women to actually you know perform our action to delete this comment so inside out to delete comments function dad we're going to run as soon as we hit the delete button we're going to add a comma and then another variable which is going to be the session ID now right now we just need to take what we call our session idea don't actually remember I guess we're just going to go to create a variable from the session ID I'm going to go and say dollar sign ID is equal to a session ID and then I'm just going to go ahead and copy my focus on ID and insert it inside most of the comments function down here so now we're actually bringing the connection and the current ID of the person actually locked in this right now now you might ask why don't we included as an input like we've done down here why don't we just make and hidden input without comment or current session ID that is because it contains the inside developer tool we don't want people to be able to change both of them so we're going to go and bring it in side I'll function instead so now we have this I'm going to go and save this information and what we need to do now is actually go down to delete comments function and change the information accordingly and do our second check to make sure that it's the right user who actually clicked the link button so if we go down to our delete comments down here need to make sure we include our new variable inside the parentheses we're going to say variable ID and we're going to go ahead and use it down inside our SQL statement because inside here we just simply say you know delete from comments with a common ID is equal to the common ID but we also want to check that the user ID is the same as the person who actually made the post down here i'm going to go to include a and then I'm going to go and say that the ID or at least let's actually go and check what the name of the column was just going to open up my PHP myadmin here comments section comments and inside you can actually see that the idea of the user is inside a uid column so that's the one we need to check for we're going to say and you ID is equal to a variable ID and that's basically all we have to do so this actually go and save this and go back to a website let's actually go ahead and do a hard reset like so and that's actually see if we can delete the other person's comment what we doing to get an error message here but but that's actually going to take what this is all about line 42 which is ah for some reason i didn't actually include this in here I thought I did that's actually go and take why this is happening ah ok that's because our beliefs comments function is also down inside our reply button which is actually shouldn't be so let's go and delete that one that's because we didn't actually create the reply button in the previous episode so it will give us an error inside to reply . so that's actually just going to eat that don't worry about it hey that's not part of this episode now i refresh and as you guys can see no errors if I go down right click on the apply button of the second post inspect elements and right now will actually say that the common ideas eight which I can tell right here so let's go ahead and do the same trick as we did last time I'm going to go and change the value to eight directly inside developer tool like so and try and delete and as you guys can see the post is still here and that's because we're doing the second check will check if we're in fact the same person who actually made this post down here when we also click the submit button or delete or edit button in this case so this actually fixed it just to show you guys the other thing that I mentioned about comparing the author and the clock instead of using the common ID and this is sort of a bonus thing we already fix the mistake that I made so if you guys want to follow on this part is a pretty good thing to know so if we go back into my comments link to PHP file and go down to focus on my delete form you guys can see right now we're using a hidden input with the common ID in order to find the right comment when we go down to delete function search the database inside the comments tableware , ID is equal to comedy so if you want to use the author name and the clock instead what we can do is we can go actually go ahead and delete this line of code because we don't need it and instead we're going to reference to the uid up here and a date which you also have up here so I'm just going to go ahead and say what we do actually to have an actual input down here so we do actually need two to keep this but we're just going to change the name and the value so right now i'm going to change the name from cid to uid then i'm going to go ahead and change the value to what we have up here which is road to uid then we need to include a second one because we need to match up two different pieces of data to see the both exist inside the right row inside the table so we're going to go and change the second line hear from you ID to date and as well change the value and I was row dates without the two so now we have this we can actually go back into our delete function which is down here and we need to make sure we bring in not the common ID but the uid and the date and now we simply need to replace these inside out SQL statements so red right now actually checking for the common ID we need to check for the uid i'm just going to go ahead and go after you ID say and then we're going to go and check from date and I do believe if you're going to the database that it is called date so that's actually what we need to go and look for so it's a date should be equal to double quotes variable dates and for some reason we're getting a small error that's because these do not need to be double quotes and need to be single quotes typical and that's basically it this is all we have to do you want to change system should work essentially it's so if we do actually go in and try to just simply delete one of our comments here that makes it refers to web site just to make sure the leads and it does not delete for some reason let's actually go ahead and double take why that is ok so i made another mistake yeah I make quite a lot of mistakes today so we don't actually check for the uid here you know with the actor you are detached inside the input because right now we're taking for the uid to different places we're taking photo session ID which is the same as the uid and instead of a uid down here we do actually to take for the author name not the uid so we're going to go and change all these two IDs that we wrote here into author instead because we actually go into the database you guys can see that we have uid inside all comments table and we have author and we want to check it with author and with the date not the uid and date so knowing that is actually going to change the code so all the uid is down here going to be author except for the one that matches with the session ID and we also need to make sure the changes inside our form up here with the delete button so is that a uid want to take for author i can actually spell that correctly there we go now we need to make sure this is actually road to author that we need to write here let's actually go ahead and check I do actually believe this should be a row without the two author so now that we've done this let's access if this works if it doesn't work it's probably with Row 2 and not you know again with the bad name and so they named a better last time so if i try and delete you guys can see it's been deleted it so now it works so that's basically how we can fix this and I hope you guys found this useful it's definitely something you should know about when you make website I don't know why I slipped my mind we're actually making the comment section there's so much things i have to say it once and english is not my native language so sometimes I slip up so hope you guys can forgive me on that part so let's see you guys next time