Jump to content

could someone sql attack this email form

runnerjp

By runnerjp
in PHP Coding Help

Recommended Posts

runnerjp Advanced Member

runnerjp

Posted
Posted

i have this email form

 

<link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/css/login.css">
<link rel="stylesheet" type="text/css" href="http://www.runningprofiles.com/members/include/style.css">
<?php
session_start();
require_once '../settings.php';
checkLogin ('1 2');

$user= get_username($_SESSION['user_id']);
    
    //Are they logged in or not?
    if(!$user)
        {
        echo "<br><p>Blah blah you arent logged in and stuff, you should do that or something</p><br>";
        }
        
    else
        {
        //Get your private message count
        $sql = mysql_query ("SELECT pm_count FROM users WHERE Username='$user'");
        $row = mysql_fetch_array ($sql);
        $pm_count = $row['pm_count'];
        
        $percent = $pm_count/'50';
        $percent = $percent * '100';
        ?>
        <br>
        <center>
      	<b><p><a href="index.php?page=inbox">Inbox</a> | <a href="index.php?page=compose">Compose</a> | <a href="index.php?page=sent">Sentbox</a>
        <b><p><?php echo "$pm_count"." of 50 Total  |  "."$percent"."% full"; ?></p></b>
        </center>
        <br>
        <?php
        //So here we get the variable submitted through the form to this page
        $reciever = mysql_real_escape_string($_POST['username']);
        $subject = mysql_real_escape_string($_POST['subject']);
        $message = mysql_real_escape_string($_POST['message']);
        $timestamp = time();
        $error = '0';
        
        //If they are all blank we jsut say to compose a message
        if(!$reciever AND !$subject AND !$message)
            {
            ?>
            <p><b>Please compose a message.</b>
              <?php
            }
        
        //Since this form was partially filled out we need to return an error message
        else
            {
            if (!$reciever)
                {
                $error = 'You must enter a reciever to your message';
                }
            
            if (!$subject)
                {
                $error = 'You must enter a subject';
                }
            
            if (!$message)
                {
                $error = 'You must enter a message';
                }
            
            //If the variable error is not set to zero, we have a problem and should show the error message
            if($error != '0')
                {
                echo "<p>$error</p><br>";
                }
            
            //There are no errors so far which means the form is completely filled out    
            else
                {
                //Are the trying to send a message to a real user or to something they just made up?
                $user_check = mysql_query("SELECT username FROM users WHERE username='$reciever'");
                $user_check = mysql_num_rows($user_check);
                
                //The user is real and not made up if this is true
                if($user_check > '0')
                    {
                    //There might already be a sessioned time variable, if so we need to get it for the flood check
                    $time = $_SESSION['time'];
                    
                    //If there is a time variable already, set it to the varialbe $old_time
                    if($time > '0')
                        {
                        $old_time = $time;
                        }
                    
                    //Here we get the minutes and seconds on the server time using the date function, and set that to the $time variable
                    //Now we find the difference between this time ($time) and the time that the page was submitted ($old_time)
                    $time = date('is');
                    $difference = $time - $old_time;
                    
                    $_SESSION['time'] = $time;
                    
                    //If the two times have a difference greater or equal to 15, which is 15 seconds, they can submit the message, this is for flood protection
                    if($difference >= '15')
                        {
                        //Get their private message count
                        $sql = mysql_query ("SELECT pm_count FROM users WHERE Username='$reciever'");
                        $row = mysql_fetch_array ($sql);
                        $pm_count = $row['pm_count'];
                        
                        //You cant have more than 50 private messages, if they try sending a message to a user with a full inbox return an error message
                        if(pm_count == '50')
                            {
                            $error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message untill that user deletes some of their messages.';
                            }
                            
                        else
                            {
						$pm_count = $pm_count + '1';

						//Update Them
						mysql_query("UPDATE users SET pm_count='$pm_count' WHERE username='$reciever'");


$query = "SELECT * FROM users WHERE Username = '$reciever' LIMIT 1"; 
if ($result = mysql_query($query)){
    if (mysql_num_rows($result)) {
        $array = mysql_fetch_assoc($result);
        $pemail = $array['Email'];
        $puser = $array['Username'];


}

// this all needs completing properly but currently works perfectly... things to add are message and subject!!!
// Build the email (replace the address in the $to section with your own)
$to = "$pemail";
$emailsubject = "New message: test";
$emailmessage = "$puser has sent you a message";
$headers = "From: [email protected]";

// Send the mail using PHPs mail() function
mail($to, $emailsubject, $emailmessage, $headers);

echo $to, $emailsubject, $emailmessage, $headers;

}
								    
                            //And not we stick the message in the database with all the correct information
                            mysql_query("INSERT INTO messages (time,reciever, sender, subject, message) VALUES('$timestamp','$reciever', '$user', '$subject', '$message')") or die (mysql_error());
                            }
                            
                        //Let the user know everything went ok.
                        echo "<p><b>You have successfully sent a private message!</b></p><br>";
                        }
                    
                    //Since they are trying to send messages faster than every 15 seconds, give them an error message    
                    else
                        {
                        $error = 'You must wait 15 seconds before sending another private message';
                        }
                    }
                
                //If they mis spelled or, made up a username, then give an error message telling them its wrong.
                else
                    {
                    $error = 'That username does not exist, please try again. Remember to check your spelling, and don\'t make stuff up at random.';
                    }
                }
            }
            
        //Since we may have set the error variable to something while trying to send the messae, we need another error check
        if($error != '0')
            {
            echo "<p>$error</p><br>";
            }
            
        else
            {
            //Here's the form for the input
            ?>
            </p>
      <form name="send" method="post" action="index.php?page=compose">
            <table width="80%">
              <tr>
                <td width="150" align="left" valign="top"><p>Username</p></td>
                <td width="" align="left" valign="top"><?php $username= get_username($_SESSION['user_id']);
$query = "SELECT * FROM `friends` WHERE `username`= '$username' ORDER BY username ASC;";
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)){
$friends[]= $row['friendname'];}
$friends;
$lines = $friends;;
echo '<select class="input" id="username" name="username">';
foreach($lines as $line) {
    echo '<option>'.$line.'</option>';
}
echo '</select>';?> (select from the drop down list)</td>
              </tr>
              
              <tr>
                <td width="150" align="left" valign="top"><p>Subject</p></td>
                <td width="" align="left" valign="top"><input class="inputinbox" name="subject" type="text" id="subject" value="<?php echo "$subject"; ?>"></td>
              </tr>
              
              <tr>
                <td width="150" align="left" valign="top"><p>Message Body</p></td>
                <td width="" align="left" valign="top"><textarea class="inputinbox" name="message" type="text" id="message" value="" cols="50" rows="10"></textarea></td>
              </tr>
                  
              <tr>  
                <td colspan="2"><input type="submit" name="Submit" class="submit-btn" value=""></td>
              </tr>
            </table>
</center>
            </form>
            <?php
            }
        }    
    ?>

 

 

is there any way in which a user could attack it so that it sends a message to everyone on the db is is this secure enough?

 

i also suppose i could limit the sending to only people on there friends list.. i thought i could do this by the drop down menu method shown here

 

<?php $username= get_username($_SESSION['user_id']);
$query = "SELECT * FROM `friends` WHERE `username`= '$username' ORDER BY username ASC;";
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)){
$friends[]= $row['friendname'];}
$friends;
$lines = $friends;;
echo '<select class="input" id="username" name="username">';
foreach($lines as $line) {
    echo '<option>'.$line.'</option>';
}
echo '</select>';?>

but then i thought all u have to do is edit the html and you can send it to any one if you know how lol so is ther away to limit it to only send to users in friends box

runnerjp Advanced Member

runnerjp

Posted
  • Author
Posted

thanks for looking and thanks for finding that :D

 

iv really tried to be carefull with this as i wanted no help lol thats why i commented it all so i new every part was doing and i needed to know if i did a good job... if any 1 can find any mistakes in security tell me as i really need to learn security to sharpen my scripts up to avoid dam hackers

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.