DeanWhitehouse

Hmm this is the third account so far to have problems registering, please don't try registration page just yet

Please can anyone run some security tests on my site, i believe i have covered everything to protect it. On the site the main things i want to be safe against are things like RFI, cross-server attack, sql attacks and in game exploits. Any loop holes can be posted here, on the site, or PM(ed) to me on either site. The site is http://www.americangangsters.org/ Username: test password: tester Here is another thing to test http://www.americangangsters.org/airport.php Go there without logging in, and it redirects to the home page then back there when you log in, should i store the previous page in sessions? Thanks, Blade

This is how long a session lives ini_set("session.gc_maxlifetime",1800); And yeah i was planning on implementing a auto logout script. I verified the ini_set by using ini_get and no i didn't restart as its done on the fly.

Hmm ok, seemes its my browser settings, best to confirm these things though

Can anyone confirm and offer a reason as to why my websites sessions are not ending after 30 minutes, or when the browser is closed. The site is http://www.americangangsters.org/ Username:test Pass:tester I have even set the ini file (using php ini_set) for session lifetime to 30 mins. Also i set lifetime to 1 second and relogged in and then waited ten minutes (or more) before refreshing and i was still logged in :s Here is some of my security code involving sessions ## Session stealing ## ini_set("session.cookie_httponly",true); ini_set("session.use_only_cookies",1); ini_set("session.use_trans_sid",0); ini_set("session.gc_maxlifetime",1800); #ini_set("session.save_path") ## Adjust to change the session save path I have only tested this in firefox (3.0.10) Any ideas please?

could be, know an alternative?

tried still the same, its wierd cus the ajax on airport (which is the same near enough) works in IE

At the top function GetXmlHttpObject() { try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); } catch (e) { // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttp; }

This works fine in FF and there JS debugger finds no problems, whereas in IE if i enter 3+ chars it does nothing and just says error on page , then runtime error :s Any ideas please? Site is http://www.americangangsters.org/find.php User: Test Pass: tester <script type="text/javascript"> var xmlHttp=null; function GetXmlHttpObject() { try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); } catch (e) { // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttp; } function stateChanged() { document.getElementById("Js").innerHTML = '<td colspan="2" id="SearchResults"></td>'; document.getElementById("SearchResults").innerHTML = "<img align='middle' src='./images/loading.gif'/>"; if (xmlHttp.readyState == 4) { document.getElementById("SearchResults").innerHTML = xmlHttp.responseText; } } function trim(str) { var s; s = str.replace(/^(\s)*/, ''); s = s.replace(/(\s)*$/, ''); return s; } function UserSearch(Find) { Find = trim(Find); if(Find.length == 0) { document.getElementById("Warning").innerHTML = ""; if(document.getElementById("SearchResults") != null) { if(document.getElementById("SearchResults").innerHTML == "<img align='middle' src='./images/loading.gif'/>") { document.getElementById("Js").innerHTML = ''; document.getElementById("SearchResults").innerHTML = ""; } } return; } else if(Find.length < 3) { document.getElementById("Warning").innerHTML = "Enter 3 or more characters to begin searching"; if(document.getElementById("SearchResults") != null) { if(document.getElementById("SearchResults").innerHTML == "<img align='middle' src='./images/loading.gif'/>") { document.getElementById("Js").innerHTML = ''; document.getElementById("SearchResults").innerHTML = ""; } } return; } else { document.getElementById("Warning").innerHTML = ""; xmlHttp = GetXmlHttpObject(); if (xmlHttp==null) { alert ("Your browser does not support AJAX!, Please consider updating your browser"); return; } var url="./Ajax/FindUser.php?user="+Find; xmlHttp.onreadystatechange = stateChanged; xmlHttp.open("GET",url,true); xmlHttp.send(null); } } function ChangeSearch(type) { if(type == true) { document.getElementById("users_username").attributes["onkeyup"].value = "UserSearch(this.value)"; docuemnt.getElementById("form1").attributes["action"].value = ""; document.getElementById("form1").attributes["onsubmit"].value = ""; } else { document.getElementById("users_username").attributes["onkeyup"].value = ""; document.getElementById("form1").attributes["action"].value = "javascript:void()"; document.getElementById("form1").attributes["onsubmit"].value = "UserSearch(document.form1.users.value)"; } } function Init() { document.getElementById("js").innerHTML = 'Search While Typing <input type="checkbox" checked="checked" onchange="ChangeSearch(this.checked)">'; } </script> </head> <body onload="Init()">

Yeah thought so, i just changed the if statements in the second one to use $current_total for the counting sums and seems to work

Heya once more, I wrote a blackjack code a while back as some of you may remember but i am finding a bug in this function <?php function getTotal($player) { $current_total = 0; $new_total = 0; //$ace_total = 0; foreach($player as $counting) { $current_total += $counting['value']; } foreach($player as $counting) { if($counting['value'] == 1 && $new_total < 11 && ($new_total + 11) <= 21) $counting['value'] = 11; elseif($counting['value'] == 11 && $new_total >= 11 && $new_total + 1 <= 21) $counting['value'] = 1; $new_total += $counting['value']; } return $new_total; } ?> The function, will count the value of the cards in your hand. Now the problem, the function counts the cards in the order they are in and the problem with this is that it needs to determine whether an ace is worth 1 or 11 by counting the value of the other cards, see the problem, if it counts the ace first it will make it 11 then that can make a player bust as they then might have a 8 and a 3 with it in which it should count ace as 1. Ok, hope that made sense, if not please say. Any ideas how to fix this, cus i thought i had but odviously not Thanks, Blade

Hey guys, Once again i have got stuck on OOP , i don't know why this error is occuring but it is. Here is my code, it is long so below it i have posted the exact line. This is inside a class, called message. <?php function Send($subject,$message,$to,$from = 0,$check = false,$Alert = false,$read = false) { if(!is_numeric($from)) { $from = GetUserId($from); } if(!is_numeric($to)) { $to = GetUserId($to); } $to = mysql_real_escape_string($to); $from = mysql_real_escape_string($from); $message = $message; $subject = mysql_real_escape_string($subject); $alert = mysql_query("SELECT pm_alert FROM user_preferences WHERE user_id = '".$to."' AND pm_alert = '1' LIMIT 1"); if(mysql_num_rows($alert) == 1 || $Alert != false) { $email = mysql_query("SELECT email FROM user_details WHERE id = '".$to."'"); $email = mysql_fetch_assoc($email); $email = $email['email']; $Mail_sub = "New Private Message"; $Mail_bod = "You have recieved a new private message, you can view the entire message at <a href=\"http://www.americangangsters.org/inbox.php\">http://www.americangangsters.org/inbox.php</a>\r\n<br>The message is from ".CreateUserLink($from)." and reads \r\n<br> ".secure(substr($message,0,(strlen($message) / 2))); $Mail_headers = 'MIME-Version: 1.0' . "\r\n"; $Mail_headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // Additional headers $Mail_headers .= 'To: '.GetUserName($to).' <'.$email.'> ' . "\r\n"; $Mail_headers .= 'From: American Gangsters <blade280891@americangangsters.org>' . "\r\n"; mail($email,$Mail_sub,$Mail_bod,$Mail_headers); } if($check == true) { $subject = trim($subject); $message = trim($message); $from = trim($from); $to = trim($to); if(strlen($to) == 0) return "<center>Enter a recipient</center>"; elseif(strlen($subject) == 0) return "<center>Enter a subject</center>"; elseif(strlen($message) == 0) return "<center>Enter a message</center>"; elseif($from == $to) return "<center>You can't send to yourself</center>"; else { if($read == true) { $sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body,read_recipt) VALUES ('".$to."','".$from."','".$subject."','".$message."','1')"); } else { $sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body) VALUES ('".$to."','".$from."','".$subject."','".$message."')"); } $sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body) VALUES ('".$to."','".$from."','".$subject."','".$message."')"); mysql_query("UPDATE user_stats SET msgtotal = msgtotal + 1 WHERE user_id = ".$from." "); if($sql) return "<center>Message Sent</center>"; else return "<center>Message could not be sent</center>"; } } else { if($read == true) { $sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body,read_recipt) VALUES ('".$to."','".$from."','".$subject."','".$message."','1')"); } else { $sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body) VALUES ('".$to."','".$from."','".$subject."','".$message."')"); } mysql_query("UPDATE user_stats SET msgtotal = msgtotal + 1 WHERE user_id = ".$from." "); if($sql) return "<center>Message Sent</center>"; else return "<center>Message could not be sent</center>"; } } ?> $Mail_bod = "You have recieved a new private message, you can view the entire message at <a href=\"http://www.americangangsters.org/inbox.php\">http://www.americangangsters.org/inbox.php</a>\r\n<br>The message is from ".CreateUserLink($from)." and reads \r\n<br> ".secure(substr($message,0,(strlen($message) / 2))); Here is where i call it echo "<tr><td>".$message->Send($subject,$message,GetUserID($recipient),$_SESSION['user_id'],true)."</td></tr>"; There is more but i believe this is all the relevant code.

meta refresh would be best here then

This isn't the best thing to start learning PHP with but if you want to do this you will need to look into PHP $_GET/get PHP forms (if you want one) and then maybe file_get_contents and maybe a regex or just some string functions to search for the term in the results which say whether it is cached

try using elseifs' instead of just if e.g. if ($_POST['remove'] == 'nothing_a') { unset($sess_maker[0]); unset($sess_location[0]); unset($sess_year[0]); unset($sess_image[0]); unset($sess_type[0]); } elseif() { .... }

There can't be any HTML output before the header though, if there is use meta refresh to redirect or rethink your code logic.

change //Create INSERT query $qry = "INSERT INTO banddata(userid, bandname, genre, formed) VALUES('$userid','$bandname','$genre', '$formed' )"; $result = @mysql_query($qry); to $sql = mysql_query("SELECT * FROM bandata WHERE user_id = '$userid'"); if(mysql_num_rows($sql) == 0) { //Create INSERT query $qry = "INSERT INTO banddata(userid, bandname, genre, formed) VALUES('$userid','$bandname','$genre', '$formed' )"; } else { //Create update query $qry = "UPDATE bandata SET bandname = '$bandname', genre = '$genre', formed = '$formed' WHERE userid = '$userid'"; } $result = @mysql_query($qry);

Use code tags please

Ahh ok, works now thanks, using preg_replace_callback i believe also allows inline bbcode?

Same errors, this is my code $code = preg_replace_callback('/(\[user=(.*?)\])/sim', "Get_my_ID", $code); function Get_my_ID($User) { $sql = mysql_query("SELECT id FROM user_details WHERE username = '".mysql_real_escape_string($User[2])."' LIMIT 1"); $user = mysql_fetch_assoc($sql); if(mysql_num_rows($sql) != 0) { return "<a href=\"profile.php?user={$user['id']}\" target=\"_blank\">{$user['id']}</a>;"; }else{ return "Invalid User!"; } } It inside a function, does that effect it?

Errors

That would be if the profile system uses usernames, but it doesn't sorry, it uses unique ID

I need it to act like bbcode, so that it replaces each one seperatly e.g. User1 and user2 need to be links which to there profiles,clearer?

No, not yet, found a bug this code if(preg_match('/\[user=(.*?)\]/s', $code, $regs)) { $sql = mysql_query("SELECT username FROM user_details WHERE username = '".mysql_real_escape_string($regs[1])."'"); $user = mysql_fetch_assoc($sql); if(mysql_num_rows($sql) == 0) $code = preg_replace("/\[user=(.*?)\]/s","\\1",$code); else { $code = preg_replace("/\[user=(.*?)\]/s",CreateUserLink(null,$user['username']),$code); } } if(preg_match('/\[user\](.*?)\[\/user\]/s', $code, $regs)) { $sql = mysql_query("SELECT username FROM user_details WHERE username = '".mysql_real_escape_string($regs[1])."'"); $user = mysql_fetch_assoc($sql); if(mysql_num_rows($sql) == 0) $code = preg_replace("/\[user\](.*?)\[\/user\]/s","\\1",$code); else { $code = preg_replace("/\[user\](.*?)\[\/user\]/s",CreateUserLink(null,$user['username']),$code); } } when i do It makes four links which is correct, but the second and last link is to the first one if that makes sense . SO the above prints Any ideas?

Sorry , i tried to only show code which applied to keep it simple, but this code is inside one bigger function which is then inside another function. So here is the bbcode function <?php Removed ?> The output i need is a link to the users profile, the function createuserlink will create a link to the profile based on username or userid. the function createuserlink has these arguments function CreateUserLink($userid = null,$username = null) if $userid is null then it creates one using $username Scrap all that, solved i just needed to change $code = preg_replace("/\[user=(.*?)\]/s",CreateUserLink(null,"\\1",$code); to $code = preg_replace("/\[user=(.*?)\]/s",CreateUserLink(null,$regs[1]),$code);