ess14
-
Posts
45 -
Joined
-
Last visited
Never
Posts posted by ess14
-
-
so what were saying is... for someone to get to the memebers page in my script, they have either...
stuffed around with some injection 'attack' for the login
OR
Problems with the way i have set up the session varibles might allow a random user to gain access to the members page.
is this all it can be? is both of those possible?
i really need to sort it 100%.
-
[quote author=Nameless12 link=topic=123754.msg511978#msg511978 date=1169607636]
Your script is vulnerable to sql injection
[/quote]
no shit. as per the last 3 posts. -
and your right.. i better do some data checks...maybe someone is stuffing with the query...
Do you think its possiblem being on a shared host, that if someone else is using the usrid session varible on their site that they could go directly to my site and still have the same registered session variables?
I dont feel like someon is doing this stuff maliciously...theres just no point to it. must be sme random accident type thing. i dont know? any more ideas? -
Well i use session start() in all the pages where the user is using sessions.
i just left it out of that code.
i have the session checker() in its own file. that is included in pages that need it. those pages have the session start(), but the session checker page(as above) does not. im pretty sure it doesnt need it.
All the scripts work fine, i cannot get to the member only pages without a registered session.
I will try the update session code you have recommened. but id also like to know how you would bypass what i currently have. by all means go ahead and try... let me know how someone could have accessed the memeber pages.
I know ur saying session register is depreciated etc... but it seems to work?! -
Im having some troubles with a member style login i have created. Basically a user logs on to use some flash software i have created. This flash program exports its variables into an email (via php) and sends the order details to me. unfortunately we have been receiveing orders from people who havnt received their login details yet. how is this so? below is some code im using... im hopeing someone can see the flaw in my programming and can figure out how its possible. below is some of the code... let me know if u want to see more. i really need help on this as its not good for the client.
after the user enters the login details it is processed like so...
---------------------------
[code=php:0]
$email2 = $_POST['email2'];
$passwd = $_POST['passwd'];
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM odesign WHERE email='$email2' AND password='$passwd'");
$myrow = @mysql_fetch_array($sql);
if($myrow > 0){
$usrid = $myrow["usrid"];
// Register some session variables!
session_register('email2');
$_SESSION['email2'] = $email2;
session_register('passwd');
$_SESSION['passwd'] = $passwd;
session_register('usrid');
$_SESSION['usrid'] = $usrid;
[/code]
below is the code used for checking session data (signed in users only)
-------------------------------------
[code=php:0]
function session_checker(){
if(!session_is_registered('usrid')){
$error1= "You are not logged in!";
header("Location: ../login.php?error1=$error1");
exit();
}
}
[/code]
------------------------------------------------------
The site is: http://www.gamegear.com.au/onlinedesign/login.php
this is where the member-only page is: http://www.gamegear.com.au/onlinedesign/full/full.php
Please dont muck around with anything.. if you find any holes please let me know so i can fix it up.
much appreciated.
-
mmm, no sorry that doesnt make sense to me.
drop $link and $check. their not really needed for this example.
if i put the while loop above my first $totalcommision.... how come when i run the same while loop later down the page it comes back with 0 results?
thanks for helping too. i know im being a bit confusing.
-
well, this is the way id do it....
Database needs an ITEMS table and a RATINGS table.
items table has item name and ID (at least).
ratings table has ID (for matching with items) and 5 columns for ratings (ie 1 through 5).
so for instance:
TABLE ITEMS:
id=1 Name=Book
TABLE RATING:
id=1 rating1=3 rating2=1 rating3=2 rating4=10 rating5=5
then you use php to retrieve the ratings from the rating table (based on ID) then perform operations to average out the rating and then display the approproate images/ratings on ur page.
As for when someone actually rates something, you just add 1 to the appropriate column in ratings based on the ID.
-
ok, here is the code. i have had to cut out all the html and other bits of crap that i dont THINK have anything to do with what i want.
[code=php:0]
<?php
$sql=" SELECT s.artist_name,od.artist_id,o.*, u.user_name, u.email,
sum((od.product_price-(od.product_price*product_discount/100)) * od.product_quantity)
as total,od.artist_payment_status FROM ".$tableprefix."orders o
INNER JOIN " . $tableprefix . "users u ON o.user_id = u.user_id
INNER JOIN " . $tableprefix . "order_details od ON o.order_id = od.order_id
INNER JOIN " . $tableprefix . "artists s ON od.artist_id = s.artist_id
WHERE od.item_status > '0'
AND od.artist_payment_status <= 1 AND (od.artist_id = '".addslashes($artist)."') AND (o.order_id IN (".addslashes($orderlist)."))
GROUP BY od.artist_id, o.order_id ORDER BY od.artist_id ";
$res = mysql_query($sql);
//TRYING TO GIVE THIS THE SAME VALUE AS THE other $totalcommission below
echo $totalcommission;
$i=$begin+1;
$totalamount = 0;
$totalcommission = 0;
$totalaftercommission = 0;
while($row = mysql_fetch_array($res)){
$link = "<a class=links href='vieworder.php?orderid=".$row["order_id"]."' target='_blank'>";
$check = "<input class=checkbox type='checkbox' name='chkorders[]' value='" . $row["order_id"]."`".$row["artist_id"] . "' > ";
$amount = $row["total"];
$totalamount += $amount;
$commission = (($amount*$artistcommission)/100);
$totalcommission += $commission;
$amountaftercommission = $amount - $commission;
$totalaftercommission += $amountaftercommission;
//THIS IS THE BOTTOM $totalcommission.
echo $totalcommission;
$i++; }
?>
[/code]
i have tried copying the WHILE statement up top... but when i do that.. i only get the top $totalcommission and the bottom $totalcommission comes up as 0....
i was under the impression i could call the $sql statement as many times as i like? it seems like it calls it only once and then loses the data? if that makes sense. maybe its just stuffing the while.. i dunno. argh. help. lol. sorry im kinda confusing. -
$val2 = &$val;
$val = 7;
echo $val2; // Shows 7
doesnt work.....
its because i have to lay the script out like this:
$val2 = &$val;
echo $val2;
$val = 7;
with that layout, i need val2 to = val.
see what im gettign at? or should i just have a break and work it out for myself? lol theres probably no real easy way to do it....
-
why doesnt the example make sense?
if you cant move the $val = 7, how do you make $val2 = $val??
-
i think what your talking about is an injection attack.
this is where if you have a file upload utility for someone to use they could upload an image that is not actually an image, it would have malicious code in it.
http://php.robm.me.uk/
there is a good readup on SQL injection attacks for you to read.
make sure u sanitize any data being input by ur user and u'll be fine. -
i think there is an easier way to do what i want, but maybe not... but im just totally drawing a blank. maybe ive been awake for too long. here is an [u]example:[/u]
$val2 = $val;
echo $val2; // shows nothing
$val = 7;
echo $val; //shows 7
is there any way, after the script has been output, to give $val2 the value of $val?
see, i dont want to move "$val = 7" around.... ideally i want $val to be given the value, and once that is done basically run the "$val2 = $val" again. what am i supposed to do? argh, im lost.
-
[code]<? include ("menu.html"); ?>[/code]
is it okay to use the include function with html pages to create a template type setup?
is there any security or performance risks? is there a better way?
-
i really suck... can someone tell me how i would implement this class? what would my form look like and how do i make it all work? thanks in advance. i could learn alot from this.
[code]
<?php
class picture
{
var $save_dir; //where file will be saved
var $filename="spacer.gif"; //default file name initially
var $error_message=""; //string to be output if neccesary
var $width; //height of final image
var $height; //width of final image
function picture($save_directory, $file_array, $max_width, $max_height)
{
$this->save_dir = $save_directory;
$this->width = $max_width;
$this->height = $max_height;
//--change filename to time - make it unique
$temp_filename = $file_array['name'];
$ext = explode('.',$temp_filename);
$ext = $ext[count($ext)-1];
$temp_filename = time().".".$ext;
//--check that it's a jpeg or gif
if (preg_match('/^(gif|jpe?g)$/',$ext)) {
// resize in proportion
list($width_orig, $height_orig) = getimagesize($file_array['tmp_name']);
if ($this->width && ($width_orig < $height_orig)) {
$this->width = ($this->height / $height_orig) * $width_orig;
} else {
$this->height = ($this->width / $width_orig) * $height_orig;
}
$image_p = imagecreatetruecolor($this->width, $this->height);
//handle gifs and jpegs separately
if($ext=='gif'){
$image = imagecreatefromgif($file_array['tmp_name']);
imagecopyresampled($image_p, $image, 0, 0, 0, 0, $this->width, $this->height, $width_orig, $height_orig);
imagegif($image_p, $this->save_dir.$temp_filename, 80);
}
else
{
$image = imagecreatefromjpeg($file_array['tmp_name']);
imagecopyresampled($image_p, $image, 0, 0, 0, 0, $this->width, $this->height, $width_orig, $height_orig);
imagejpeg($image_p, $this->save_dir.$temp_filename, 80);
}
imagedestroy($image_p);
imagedestroy($image);
$this->filename=$temp_filename;
}else{
$this->error_message.="<br> file is not a jpeg or gif picture <br>";
}
}
}
?>
[/code]
and this is my form :(
[code]
<?php
$save_directory = "users/";
$max_width = 40;
$max_height = 40;
$fileIt = $myclass->picture($save_directory, $max_width, $max_height);
?>
</td>
</tr>
<tr>
<td> </td>
<td><form enctype="multipart/form-data" action="<? $fileIt; ?>" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form></td>
<td> </td>
</tr>
</table>
[/code]
im getting the error that its missing 4 arguments from the picture();
please tell me how stupid i am and what i can do to make this work.
thanks. -
hey thanks for the help on the coding. i will add some of those checks to it.
but you know what the problem actually was?! my submit button was named/valued 'Submit' and i was checking for isset($submit)!
what a waste of time. well, not entirely.. now i can use some of ur code. cheers! -
im trying to do a basic signup form in php and mysql.
i dont know what the hells goin on here. i cant get it to insert anything into the database.
any help would really save me some hair. i know the variables are being passed, there must be something up with my statemens. arghh
[code]
<?php
$usr_name = $_POST['formName'];
$usr_pass = $_POST['formPass'];
//lets check if username exists already
$sql_username_check = mysql_query("SELECT usr_name FROM users
WHERE usr_name=".$usr_name."");
//does it return any resutls?
$username_check = @mysql_num_rows($sql_username_check);
if($username_check > 0){
header("Location: http://www.motorgym.com/modgarage/signup.php?err=1");
exit(); // exit the script so that we do not create this account!
}
//username check passed begin account creation
if(isset($submit)){
// Enter info into the Database.
$sql = mysql_query("INSERT INTO users (usr_name, usr_pass)
VALUES('$usr_name', '$usr_pass')")
or die (mysql_error());
}
if(!$sql){
echo 'There has been an error creating your account. Please contact the webmaster.<br>
<a href="signup.php">go back</a>';
print mysql_error();
} else {
echo'Account creation success.<br> <a href="login.php">Login</a>';
}
?>
[/code] -
anyone? surely
-
thanks for the input, but sorta not really what i was after.
i would prefer them to have their own sub-directories....
anyone else got ideas how i would do it?
even after i make the directory, how would i be able to make a page that was editable by the user and viewable by the general public?
sorta confusing to think about.... hmmmm -
look, i dont even know what to call this.... im not sure exactly where im suppsed to start looking so any help would be useful.
what im after is a tutorial or script...anywhere to start looking for something that, once signed up, gives you your own member page. ie www.site.com/membername. sorta like how myspace gives you your own internet address so that other users can view your content via a web address.
If some people can even tell me what that sort of system is called so i can actually know where to start looking, that would be helpful. or if anyone knows any scripts or tuts on anything relevant to that.
if i was to do it myself im guessing it would have to execute FTP comannds to create a folder and then populate it with php scripts/templates that contained the memeber information etc. but im really not sure if thats the best/only way to go or where to start.
thanks in advance..
Session\Security - Member page
in PHP Coding Help
Posted