MDCode
-
Posts
640 -
Joined
-
Last visited
-
Days Won
1
Posts posted by MDCode
-
-
If a user were to clear their cookies they could simply log in and view the page again, thus incrementing it as many times as they want
-
This isn't really a big issue, but when logging in with invalid credentials, the error message seems a bit annoying. The placement and color do not match the site imo. Also it gets overlapped by "Login:"
-
I can not find any security vulnerabilities. However, before assessing completely, the errors of not being able to view/edit/delete pages with special characters needs to be fixed.
-
username: testacc
password: test
Invalid login
-
$confirm = $_GET["passkey"];
Make sure you filter that with mysql_real_escape_string or it will be a security risk.
-
Warning: Cannot modify header information - headers already sent by (output started at /home/content/j/e/f/user1234/html/education/add.php:20) in/home/content/j/e/f/user1234/html/education/add.php on line 32
Line 32 is the last line of add.php that says header(location etc..
If you have any html before the header location, it will give that error.
-
I am making a survey feature for my website. Nothing is wrong with the current security (that I know of :s) I was actually wondering what I could do to improve the security. Sorry for the lack of organization I have no code editor on this computer.
submit_survey.php
<?php require('check/ip_check.php'); if($id == "1"){ if($ip_check != "0") { echo "<p>Error: You have already taken this survey.<br>"; echo "<a href='../index.php'>Back</a></p>"; die; } else { if($_POST['agree'] == "Yes") { } else if($_POST['agree'] == "No") { } else { echo "<p>Error: Please select an answer for question 1<br>"; echo "<a href='../survey.php?id=1'>Back</a></p>"; die; } if($_POST['placement'] == "") { echo "<p>Error: Please enter text for question 2<br>"; echo "<a href='../survey.php?id=1'>Back</a></p>"; die; } if($_POST['different_location'] == "Yes") { if($_POST['location'] == ""){ echo "<p>Error: It seems you selected yes for question 3. Please enter text for question 4.<br>"; echo "<a href='../survey.php?id=1'>Back</a></p>"; die; } } else if($_POST['different_location'] == "No") { } else { echo "<p>Error: Please select an answer for question 3<br>"; echo "<a href='../survey.php?id=1'>Back</a></p>"; die; } include('add_survey1.php'); } } else { echo "Error: Invalid survey id"; } ?>Both ip_check.php (One for selecting survey, other for if a user were to make their own form and submit)
<?php session_start(); require('../config.php'); $ip = $_SERVER['REMOTE_ADDR']; include('connection.php'); $getid = mysql_real_escape_string($_GET['id']); $sql ="SELECT * FROM Survey_Responses WHERE `ip` = '$ip' AND `id` = '$getid'"; $result = @mysql_query($sql, $connection) or die(mysql_error()); $ip_check = mysql_num_rows($result); ?>add_survey1.php
<?php session_start(); require('../config.php'); include('connection.php'); $ip = $_SERVER['REMOTE_ADDR']; $question1 = htmlentities($_POST['agree'], ENT_QUOTES); $question1 = mysql_real_escape_string($question1); $question2 = htmlentities($_POST['placement'], ENT_QUOTES); $question2 = mysql_real_escape_string($question2); $question3 = htmlentities($_POST['different_location'], ENT_QUOTES); $question3 = mysql_real_escape_string($question3); $question4 = htmlentities($_POST['location'], ENT_QUOTES); $question4 = mysql_real_escape_string($question4); $question5 = htmlentities($_POST['other_locations'], ENT_QUOTES); $question5 = mysql_real_escape_string($question5); $sql ="INSERT INTO Survey_Responses VALUES('1', '$question1', '$question2', '$question3', '$question4', '$question5', '$ip')"; $result = @mysql_query($sql, $connection) or die(mysql_error()); echo "Thank you for taking our survey. Your answers have been successfully recorded."; ?>Any help would be appreciated
-
Oops i put
if (!error)
instead of
if (!$error)
works perfectly now thank you all so much
-
Ty for that explanation...sorry I'm fairly new to php heres the update. It seems I can now send to Admins and have admin error displayed but neither for Users
if($group_check == "Administrators") { if($pm_count >= '50000') { $error = 'The admin you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } else if($group_check == "Users") { if($pm_count >= '50') { $error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } // changed if (!error) { //And now we stick the message in the database with all the correct information mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error()); //Add 1 to the pm count, update the reciever with the new pm count $pm_count++; mysql_query("UPDATE authorize SET pm_count='$pm_count' WHERE username='$reciever'"); } -
if($group_check == "Administrators") { if($pm_count >= '50000') { $error = 'The admin you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } else if($group_check == "Users") { if($pm_count >= '50') { $error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } else { -
Notice a problem? You're only executing the query when $group_check does not equal "Users". So it will execute it for admins, but the admin PM check won't have any impact on anything, escape perhaps the error shown later.
Indentation makes a huge impact, I would certainly try to re-indent the code and you'll probably spot more logic errors.
I have added an else if to the Users group check now nothing works.
-
Basicly my site has a ranking system. If a user ranks up certain extras will be added to their account. Right now I am just testing this feature. And there is an option to delete
-
No mysql errors displayed
-
ok so im making a basic private message system. I have been experimenting with using user group types to limit the amount of messages they can have. My issue is that when the form is submitted it is not sent or error reporting for Administrators but will report error for users and will not send. here is the sending code:
<?php if (isset($_POST['Submit'])) { include ('check/group_check.php'); } $user = $_SESSION['user_name']; include 'db.php'; if(!$user) { echo "<br><p>Error: Not logged in</p><br>"; } else { $sql = mysql_query ("SELECT pm_count FROM authorize WHERE username='$user'"); $row = mysql_fetch_array ($sql); $pm_count = $row['pm_count']; $percent = $pm_count/'50'; $percent = $percent * '100'; ?> <br> <center> <b><p><a href="index.php">Inbox</a> | <a href="compose.php">Compose</a> | <a href="sent.php">Sentbox</a></b> <b><p><?php echo "$pm_count"." of 50 Total | "."$percent"."% full"; ?></p></b> </center> <br> <?php $reciever = $_POST['username']; $subject = $_POST['subject']; $message = $_POST['message']; $error = '0'; if(!$reciever AND !$subject AND !$message) { ?> <p><b>Please compose a message.</b></p> <br> <?php } else { if (!$reciever) { $error = 'You must enter a reciever to your message'; } if (!$subject) { $error = 'You must enter a subject'; } if (!$message) { $error = 'You must enter a message'; if($error != '0') { echo "<p>$error</p><br>"; } else { $user_check = mysql_query("SELECT username FROM authorize WHERE username='$reciever'"); $user_check = mysql_num_rows($user_check); if($user_check > '0') { $time = $_SESSION['time']; if($time > '0') { $old_time = $time; } $time = date('is'); $difference = $time - $old_time; $_SESSION['time'] = $time; if($difference >= '15') { $sql = mysql_query ("SELECT pm_count FROM authorize WHERE username='$reciever'"); $row = mysql_fetch_array ($sql); $pm_count = $row['pm_count']; if ($group_check == "Administrators") { if($pm_count >= '50000') { $error = 'The user you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } if($group_check == "Users") { if($pm_count >= '50') { $error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.'; } } else { mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error()); $pm_count++; mysql_query("UPDATE authorize SET pm_count='$pm_count' WHERE username='$reciever'"); } echo "<p><b>You have successfully sent a private message!</b></p><br>"; } else { $error = 'You must wait 15 seconds before sending another private message'; } } else { $error = 'That username does not exist, please try again. Remember to check your spelling, and don\'t make stuff up at random.'; } } } if($error != '0') { echo "<p>$error</p><br>"; } else { ?> <form name="send" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <table width="80%"> <tr> <td width="150px" align="left" valign="top"><p>Username</p></td> <td width="" align="left" valign="top"><input name="username" type="text" id="username" value="<?php echo "$reciever"; ?>"></td> </tr> <tr> <td width="150px" align="left" valign="top"><p>Subject</p></td> <td width="" align="left" valign="top"><input name="subject" type="text" id="subject" value="<?php echo "$subject"; ?>"></td> </tr> <tr> <td width="150px" align="left" valign="top"><p>Message Body</p></td> <td width="" align="left" valign="top"><textarea name="message" type="text" id="message" value="" cols="50" rows="10"></textarea></td> </tr> <tr> <td></td> <td><input type="submit" name="Submit" value="Send Message"></td> </tr> </table> </center> </form> <?php } } ?>$group_check is working properly so i have no idea what the problem could be
Test My Website Builder For Vulnrabilities
in Beta Test Your Stuff!
Posted
Doesn't work again. Someone keeps entering ' as password, making it \' as the password. It seems you can not update the password as well as I tried to revert it back to "test"