| View previous topic :: View next topic |
| Author |
Message |
mrtdunn
-
Joined: 27 Jan 2005
Posts: 16
Location: Joplin,MO
|
 Posted: Thu Dec 29, 2005 8:49 pm Post subject: I cant figure this out! |
 |
|
Hey all. Hopefully someone can help me with this. I've tested my system and can see that it is possible for people to signup using the same email address over and over. This causes problems other than mutliple accounts being allowed. It messes up the system. Hopefully I can find some help here as my php skills are certainly lacking here.
| Code: | $trimail = trim($email1);
$res = mysql_query("select count(*) from user where email='$trimail1'");
if (mysql_result($res, 0) != 0) {
$error = $error . 'Your e-mail address is already registered<br>';
$checkpass = 'false'; |
If I set the $res, 0 to $res, 1 it automatically says that the email adress has been registered. Same same if I set the code like this ($res, 1) != 1. This is a result of my testing. I used seperate emails in my tests. I'm at a loss. |
|
| Back to top |
     |
 |
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Thu Dec 29, 2005 9:07 pm Post subject: |
|
|
I personally prefer mysql_num_rows over count, since you can then get an array for the query if you need it afterward.
Try:
| Code: | $trimail = trim($email1);
$res = mysql_query("select * from user where email='$trimail1'");
if (mysql_num_rows($res) > 0) {
$error = $error . 'Your e-mail address is already registered<br>';
$checkpass = 'false';
} |
Note: Also, if you haven't escaped $email1, I suggest you do that.
_________________
 |
|
| Back to top |
   |
|
tpdunn
-
Joined: 29 Dec 2005
Posts: 2
|
| Posted: Thu Dec 29, 2005 9:44 pm Post subject: |
|
|
I had to register with a new name because my other one just became inactive for some reason and am waiting on a reply from the admin on that.
| Quote: | | Note: Also, if you haven't escaped $email1, I suggest you do that. |
Ummm? Help me out here. And I tried that code you posted but got the same results, i.e. it allowed a signup with the same email account. Maybe that escaped $email thing has something to do with it? Thanks for replying by the way. |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Thu Dec 29, 2005 10:23 pm Post subject: |
|
|
| tpdunn wrote: | I had to register with a new name because my other one just became inactive for some reason and am waiting on a reply from the admin on that.
| Quote: | | Note: Also, if you haven't escaped $email1, I suggest you do that. |
Ummm? Help me out here. And I tried that code you posted but got the same results, i.e. it allowed a signup with the same email account. Maybe that escaped $email thing has something to do with it? Thanks for replying by the way. |
Well, if you're using the exact code there, then you've used $trimail for the trim, and $trimail1 in the query. (So I assume there's no rows in the database with a blank email field.)
Also, escaping is turning " into \". It will stop hacking. (E.G. If someone entered "'; DROP TABLE `user`; SELECT * FROM `user` WHERE `email`='" into email, then it would screw things up.)
Using addslashes() for example stops sql injection in it's tracks. (What's above.) As \' counts as a ' that can't end anything in the query.
$trimail = addslashes(trim($email1)); would to the trick.
_________________
|
|
| Back to top |
|
|
tpdunn
-
Joined: 29 Dec 2005
Posts: 2
|
| Posted: Thu Dec 29, 2005 11:13 pm Post subject: |
|
|
My knowledge of php is extremely limited. I would compare it to an ant's ability to do calculus. This is what the entire code page looks like. If I read what you wrote correctly then I've got a lot of security holes.
| Code: | <?php
include($DOCUMENT_ROOT . '/vars.php');
include($DOCUMENT_ROOT . '/headfoot.php');
mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name);
if ($QUERY_STRING == 'terms') {
uheader();
echo("<div align=center class=\"big\"><b>Terms and Conditions</b></div>\n");
$res = mysql_query("select content from html where type='terms'");
$terms = mysql_result($res, 0, "content");
echo($terms);
ufooter();
} else {
$langs = array("English" => "English", "Arabic" => "Arabic", "Chinese" => "Chinese", "Czech" => "Czech", "Danish" => "Danish", "Dutch" => "Dutch", "Estonian" => "Estonian", "Finnish" => "Finnish", "French" => "French", "German" => "German", "Greek" => "Greek", "Hebrew" => "Hebrew", "Hungarian" => "Hungarian", "Icelandic" => "Icelandic", "Italian" => "Italian", "Japanese" => "Japanese", "Korean" => "Korean", "Latvian" => "Latvian", "Lithuanian" => "Lithuanian", "Norwegian" => "Norwegian", "Polish" => "Polish", "Portuguese" => "Portuguese", "Romanian" => "Romanian", "Russian" => "Russian", "Spanish" => "Spanish", "Swedish" => "Swedish", "Turkish" => "Turkish");
$res = mysql_query("select content from html where type='head1'");
$hf = mysql_result($res, 0, "content");
//$hf = substr($hf, 12);
$ip=@$REMOTE_ADDR;
echo("<html><head>\n<script language=\"javascript1.2\" type=\"text/javascript\">\nfunction TestURL()\n{\n var URL = document.nu.url.value;\n if(URL== \"\") {\n alert(\"You must provide an URL before testing!\");\n document.nu.url.focus();\n return false;\n }\n var URL = 'urltest.php?url='+URL;\n window.open(URL, '_blank' );\n return false;\n}\n</script></head>\n");
echo($hf);
echo('<BODY BGCOLOR=#FFFFFF LEFTMARGIN=0 TOPMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0 background="images/bg5.gif">
<link rel="stylesheet" href="main.css" type="text/css"><div align=center class=\"big\">
<script language="javascript">
//IP address display: By http://www.Hostroute.com
//Script featured on JavaScript Kit (http://www.javascriptkit.com)
var ip = \'<!--#echo var=REMOTE_ADDR-->\'
function ipval() {
document.myform.ipaddr.value=ip;
}
window.onload=ipval
</script>
<table width=778 border=0 cellspacing=0 cellpadding=0 bgcolor=#FFFFFF>
<tr>
<td width=259>
<table width=100% border=0 cellspacing=0 cellpadding=0>
<tr>
<td><img src=images/index_01.gif width=107 height=32 alt="" border=0><img src=images/index_02.gif width=91 height=32 alt="" border=0><img src=images/index_03.gif width=94 height=32 alt=""></td>
</tr>
<tr>
<td><img src=images/index_13.gif width=292 height=11 alt=""></td>
</tr>
</table>
</td>
<td width=259>
<table width=207 border=0 cellspacing=0 cellpadding=0>
<tr>
<td width=207><img src=images/index_04.gif width=207 height=22 alt=""></td>
</tr>
<tr>
<td width=207><img src=images/index_10.gif width=60 height=21 alt="" border=0><img src=images/index_11.gif width=79 height=21 alt="" border=0><img src=images/index_12.gif width=68 height=21 alt="" border=0></td>
</tr>
</table>
</td>
<td width=260>
<table width=279 border=0 cellspacing=0 cellpadding=0>
<tr>
<td width=122 background=images/index_08.gif>
<table width=279 border=0 cellspacing=0 cellpadding=0>
<tr>
<td width=81><img src=images/index_05.gif width=81 height=32 alt=""></td>
<td width=96><img src=images/index_06.gif width=96 height=32 alt="" border=0></td>
<td width=102><img src=images/index_07.gif width=85 height=32 alt="" border=0></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width=122><img src=images/index_14.gif width=279 height=11 alt=""></td>
</tr>
</table>
</td>
</tr>
</table>
<table width=778 border=0 cellspacing=0 cellpadding=0>
<tr>
<td><img src=images/index_152.jpg width=778 height=186 alt=""></td>
</tr>
</table><br><font face=$fontface><b>New Member Registration<BR>Please use an email address provided by your ISP as our system has problems with free email services. <br>Gmail is OK!</b></font></div>');
if ($form == 'sent') {
$checkpass = 'true';
$error = '<div align=center><font face=$fontface color=red size=2><b>Please, correct the following:<br>';
if (ereg('%', $name) || ereg('<', $name) || ereg('>', $name)) {
$error = $error . 'Your name contains inadmissible characters<br>';
$checkpass = 'false';
}
if ($name == "") {
$error = $error . 'You must enter your name<br>';
$checkpass = 'false';
}
$trimail = trim($email1);
$res = mysql_query("select * from user where email='$trimail1'");
if (mysql_num_rows($res) > 0) {
$error = $error . 'Your e-mail address is already registered<br>';
$checkpass = 'false';
}
if (!ereg('@', $email1) || !ereg('.', $email1)) {
$error = $error . 'Your e-mail address is invalid<br>';
$checkpass = 'false';
}
if ($email1 != $email2) {
$error = $error . 'Your e-mail address doesn\'t match<br>';
$checkpass = 'false';
}
if ($passwd == "") {
$error = $error . 'You must enter your password<br>';
$checkpass = 'false';
} elseif (strlen($passwd) < 6) {
$error = $error . 'Your password must be at least 6 characters long<br>';
$checkpass = 'false';
}
if (ereg('%', $passwd) || ereg(' ', $passwd)) {
$error = $error . 'Your password contains inadmissible characters<br>';
$checkpass = 'false';
}
if ($sitename == "") {
$error = $error . 'You must enter your site name<br>';
$checkpass = 'false';
}
if (ereg('%', $sitename) || ereg('<', $sitename) || ereg('>', $sitename)) {
$error = $error . 'Your site name contains inadmissible characters<br>';
$checkpass = 'false';
}
if ($url == "") {
$error = $error . 'You must enter your site URL<br>';
$checkpass = 'false';
} elseif (!ereg('http://', $url) || ereg(' ', $url)) {
$error = $error . 'Your site URL is invalid<br>';
$checkpass = 'false';
}
if ($termscheck != 1) {
$error = $error . 'Your must check and agree to our terms<br>';
$checkpass = 'false';
}
if ($checkpass != 'true') {
$error = $error . '</font></b></div>';
echo($error);
}
}
if ($checkpass != 'true') {
echo("<table border=0 cellpadding=5 cellspacing=0 width=100%><form action=$PHP_SELF method=post name=nu><input type=hidden name=form value=sent>\n");
if (isset($ref) && is_numeric($ref)) {
echo("<input type=hidden name=ref value=$ref>");
}
echo("<tr><td width=50% align=right valign=top><font face=$fontface size=2><b>Your name:</b></td><td width=50% align=left valign=top><input value=\"$name\" type=text name=name size=20 maxlength=100></td></tr>\n");
echo("<tr><td align=right valign=top><font face=$fontface size=2><b>Your E-mail address:</b></td><td align=left valign=top><input value=\"$email1\" type=text name=email1 size=20 maxlength=100></td></tr>\n");
echo("<tr><td align=right valign=top><font face=$fontface size=2><b>Confirm your E-mail address:</b></td><td align=left valign=top><input value=\"$email2\" type=text name=email2 size=20 maxlength=100></td></tr>\n");
echo("<tr><td align=right valign=top><font face=$fontface size=2><b>Password:</b></td><td align=left valign=top><input value=\"$passwd\" type=password name=passwd size=20 maxlength=20></td></tr>\n");
echo("<tr><td align=right valign=top><font face=$fontface size=2><b>Your IP Address is:</b></td><td align=left valign=top><input type=text value=$ip readonly></td></tr>\n");
echo("<tr><td align=right valign=top><font face=$fontface size=2><b>Your site name:</b></td><td align=left valign=top><input value=\"$sitename\" type=text name=sitename size=20 maxlength=255></td></tr>\n");
echo("<tr><td align=right valign=top><font face=$fontface size=2><b>Your site URL:</b></td><td align=left valign=top><input value=http:// type=text name=url size=20 maxlength=255></td></tr>\n");
echo("<tr><td></td><td align=left valign=top><A href=\"\" onclick=\"return TestURL();\"><b><font color=black onmouseover=\"this.style.color='red'\" onmouseout=\"this.style.color='black'\" face=$fontface size=2 style=\"text-decoration: none\">Click here to test your URL</font></b></a></td></tr>");
echo("<tr><td align=right valign=top><font face=$fontface size=2><b>Your site language:</b></td><td align=left valign=top><select name=lang>");
while (list($k, $v) = each($langs)) {
echo("<option");
if ($k == $lang) {echo(" selected");}
echo(" value=$k>$v</option>");
}
echo("</select></td></tr>\n");
echo("<tr><td align=center valign=top colspan=2><input type=checkbox");
if ($termscheck == 1) {echo(" checked");}
echo(" name=termscheck value=1><font color=black face=$fontface size=2> <b>I agree with the</b> <a href=$PHP_SELF?terms target=_blank><b><font face=$fontface color=black size=2 style=\"text-decoration: none\">terms and conditions</b></a></td></tr>\n");
echo("<tr><td align=center valign=top colspan=2><b><font face=$fontface size=2><b><font color=red>Important Notes:</font></b> Your IP address is recorded to ensure our one account per user policy.<br>Your site MUST NOT have any pop-up windows, MUST NOT break out of frames,<br>and MUST NOT use any forwarding or redirection!</b></td></tr>\n");
echo("<tr><td align=center valign=top colspan=2><input type=submit value=\"Register!\"></td></tr>\n");
echo("</form></table></body>\n");
} else {
srand((double)microtime()*1000000);
$ac = rand(1000, 10000);
$name = trim($name);
$email = trim($email1);
$sitename = trim($sitename);
$name = addslashes($name);
$sitename = addslashes($sitename);
$res = mysql_query("select value from adminprops where field='inibon'");
$inibon = mysql_result($res, 0, "value");
if (!isset($ref) || !is_numeric($ref)) {$ref=0;}
$date = date("Y-m-d H:i:s");
$res = mysql_query("insert into user (name, email, passwd, ref, acctype, credits, joindate, minmax, lastaccess, ac) values ('$name', '$email', '$passwd', $ref, 1, $inibon, '$date', 1, '$date', $ac)");
$usrid = mysql_insert_id();
$res = mysql_query("insert into site (usrid, name, url, lang, state, credits) values ($usrid, '$sitename', '$url', '$lang', 'Waiting', 0)");
$surpres = mysql_query("update adminprops set value=value-$inibon where field='surplu'");
$res = mysql_query("select value from admin where field='email'");
$admail = mysql_result($res, 0, "value");
mail($email, "Thank you for registration at $title!", "$name, thank you for registration!\n\n Your $title login is: $email\nYour $title password is: $passwd\n\nTo activate your account you have to open the following link:\n$self_url" . "activate.php?ac=$ac&i=$usrid\nClick it or copy-paste it to your browser's query string.\n\nYour refferal link is:\nhttp://$siteurl?ref=$usrid\nYou will earn 0.1 credit every time your referant shows a site!\n\n$title Admin\nhttp://$siteurl/\n$admail", "From: \"$title Admin\" <$admail>");
echo("<p align=center class=\"big\">Thank you for registration!</p>");
echo("<p align=center>The activation link for your account was sent to $email.</p>");
}
ufooter();
}
mysql_close;
?>
|
Sorry for being so lame on this. But I gotta learn somehow right? :( |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Fri Dec 30, 2005 1:02 am Post subject: |
|
|
| tpdunn wrote: | | If I read what you wrote correctly then I've got a lot of security holes. |
Correct.
You can automatically get everything escaped by using set_magic_quotes_runtime(1); before you use any user inputted values, though. (So you don't have to addslashes() everything.)
Also, I don't recommend using register globals. ($email instead of $_POST['email']) If you made an "administrator area" using the same type of coding you used there, it could be easily exploited.
E.G.
| Code: | if ($remote_addr == "127.0.0.1")
$admin = "true";
if ($admin == "true")
echo "Sup admin area";
//You could bypass this by doing pagename.php?admin=true. |
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
