ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 and the errors Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 Server Status Code: 302 Moved Temporarily Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31 Server Status Code: 302 Moved Temporarily Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' -- Server Status Code: 302 Moved Temporarily Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE Server Status Code: 302 Moved Temporarily Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116 Server Status Code: 302 Moved Temporarily Tested value: ' OR username IS NOT NULL OR username = ' Server Status Code: 302 Moved Temporarily Tested value: 1' AND non_existant_table = '1 Server Status Code: 302 Moved Temporarily Tested value: 1'1 Server Status Code: 302 Moved Temporarily Tested value: '; DESC users; -- Server Status Code: 302 Moved Temporarily Tested value: 1 AND USER_NAME() = 'dbo' Server Status Code: 302 Moved Temporarily Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- Server Status Code: 302 Moved Temporarily Tested value: 1 AND 1=1 Server Status Code: 302 Moved Temporarily Tested value: 1 EXEC XP_ Server Status Code: 302 Moved Temporarily Tested value: 1'1 Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 Server Status Code: 302 Moved Temporarily Tested value: 1 OR 1=1 Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709566 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 Failures: 134 those same errors for every field Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709567 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 <?php function clean($var) { $var=trim(mysql_real_escape_string(strip_tags($var))); $var=htmlspecialchars($var,ENT_QUOTES); $var=preg_replace("/n","<br>",$var); return filter_var($var,FILTER_SANITIZE_STRING); } echo clean(recaptcha_get_html($publickey, $error)); ?> Should be: <?php echo clean(recaptcha_get_html($publickey, $error));?> Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709568 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 i just get \n\n \n \n \n \n where the captcha should be now Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709574 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 Try: <?php function clean($var) { $var=trim(mysql_real_escape_string(strip_tags($var))); $var=htmlspecialchars($var,ENT_QUOTES); $var=preg_replace("/n","<br>",$var); return filter_var($var,FILTER_SANITIZE_STRING); } echo clean(recaptcha_get_html($publickey, $error)); ?> Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709582 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 no captcha.. Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709585 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 <?php function clean($var) {//removed htmlspecialchars $var=trim(mysql_real_escape_string(strip_tags($var))); return filter_var($var,FILTER_SANITIZE_STRING); } echo clean(recaptcha_get_html($publickey, $error)); ?> Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709589 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 ..still nothing :/ no captcha... with preg and without preg Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709593 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 is there another file that defines captcha ??? Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709594 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 yes Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709597 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 http://www.pastie.org/private/jj7ekmnepfunaetdefiyw Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709598 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 but i dont see how that interfeers with the database ? arent injections just bad data going in the database? Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709601 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 ok i combined everything put the file back like it was before with captcha then put this... <?php //GET FORM INFO INTO VARIABLES AND CLEAN--------------------------------------- $referralRAW = RemXSS(clean($_POST['referralForm'])); $my_ptcRAW = RemXSS(clean($_POST['my_ptcForm'])); $his_ptcRAW = RemXSS(clean($_POST['his_ptcForm'])); $dealRAW = RemXSS(clean($_POST['dealForm'])); $contact_userRAW = clean($_POST['contact_userForm']); $recaptcha_challenge_fieldRAW = $_POST['recaptcha_challenge_field']; $recaptcha_response_fieldRAW = $_POST['recaptcha_response_field']; $submitRAW = RemXSS(clean($_POST['submit']));?> Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709618 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 u mean var ? $referralVar = RemXSS(clean($_POST['referralForm'])); Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709633 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 yes just combine everything like i shown you dont worry about captcha its not going into the database that can fail Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709636 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 still getting those 302 errors Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709654 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 would u stop deleting logins please i gotta test these things yanno ??? Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709655 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 i didnt delete the login... dealstesting@fake.com 12345678 Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709659 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 did u log in? its here http://www.dealsground.byethost7.com/index.php Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709666 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 can you paste the link to the reformatted code ??? Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709681 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 http://www.pastie.org/private/csd8h7sohvjrxagvfsdn2w Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709686 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 Changed your if statements to smaller ones incase it was failing <?php session_start(); if (!isset($_SESSION['user'])) { header("Location: index.php"); } //------------------------------------------------------------------------ANTI-XSS FUNCTION------------------------------ function RemXSS($val) { // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=@avascript:alert('XSS')> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // @ @ search for the hex values $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // @ @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are \t, \n, and \r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(�{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } return $val; } //---------------------------------------------------------------CLEAN FUNCTION-------------------------------------- function clean($var) { $var=trim(mysql_real_escape_string(strip_tags($var))); $var=htmlspecialchars($var,ENT_QUOTES); return filter_var($var,FILTER_SANITIZE_STRING); } ?> <html><head><title>Deals Admin</title> <link href="css/crosspage.css" rel="stylesheet" type="text/css"> <link href="css/addeditDeal.css" rel="stylesheet" type="text/css"> </head><body> <div id="myaccount"> <table id="topHeader" cellpadding="0" border="0" cellspacing="0"> <tr><td id="logoTd"><span id="dealsAdmin">Deals Admin</span><br><?php if (isset($_SESSION['user'])) { ?><span id="loggedAs">Logged in as: <?php echo $_SESSION['user']; }?></span> </td><td id="xperimentTd"> </td></tr></table></div><div id="menu"><a href="myaccount.php" class="menuLinks">Deals</a> | <a href="settings.php" class="menuLinks">Settings</a> | <a href="backup.php" class="menuLinks">Backup</a> | <a href="about.php" class="menuLinks">About</a> | <a href="logout.php" class="menuLinks">Logout</a> | </div> <div id="topper"> </div> <div id="content" align="center"> <p> </p> <p> </p> <span id="sectionName"><img src="imgs/add.png" class="img"> Add Deal<span> <p> </p> <form name='form1' method='post' action=''> <table id='addDealTable' border='0' cellpadding='0' cellspacing='0'><tr><td> </td> <td id='adtCenter'>DETAILS</td></tr><tr><td id='adtRight'>REFERRAL USERNAME <input type='text' name='referralForm' size='30' /></td> <td id='adtCenter' rowspan='5'><textarea name='dealForm' cols='36' rows='8'/></textarea></td></tr><tr><td id='adtRight'> ** REFERRAL JOINS <input type='text' name='my_ptcForm' size='30'/></td></tr><tr><td id='adtRight'> ** I JOIN <input type='text' name='his_ptcForm' size='30' /></td></tr><tr> <td id='adtRight'>CONTACT REFERRAL <input type='text' name='contact_userForm' size='30' /></td></tr><tr> <td id='asteriscoTd'><span id='asterisco'>** full URL (http://www.site.com) to make links clickable from the deals list</span> </td> </tr><tr> <td> </td> <td id='adtCenter'> <?php include 'dbcDealsbase.php'; require_once('recaptchalib.php'); $publickey = "6LdlMQQAAAAAAO2NFGDOE0blpjzZLzvsbApD"; $privatekey = "6LdlMQQAAAAAAIH6OaaxXoyjFwrjZpl5K"; # the response from reCAPTCHA $resp = null; # the error code from reCAPTCHA, if any $error = null; # are we submitting the page? if ($_POST["submit"]) { $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) { //GET FORM INFO INTO VARIABLES--------------------------------------- $referralVar= RemXSS(clean($_POST['referralForm'])); $my_ptcVar = RemXSS(clean($_POST['my_ptcForm'])); $his_ptcVar= RemXSS(clean($_POST['his_ptcForm'])); $dealVar= RemXSS(clean($_POST['dealForm'])); $contact_userVar= clean($_POST['contact_userForm']); $recaptcha_challenge_field= $_POST['recaptcha_challenge_field']; $recaptcha_response_field= $_POST['recaptcha_response_field']; $submit= RemXSS(clean($_POST['submit'])); //------------------------------------------------------------------------ if(!isset($referralVar)||empty($referralVar)) { echo"somethings wrong";} if(!isset($my_ptcVar)||empty($my_ptcVar)){ echo"somethings wrong";} if(!isset($his_ptcVar)||empty($his_ptcVar)){ echo"somethings wrong";} if(!isset($dealVar)||empty($dealVar)){ echo"somethings wrong";} if(!isset($contact_userVar)||empty($contect_userVar)){ echo"somethings wrong";} if(!isset($recaptcha_challenge_field)||empty($recaptcha_challenge_field)){ echo"somethings wrong";} if(!isset($recaptcha_response_field)||empty($recaptcha_response_field)){ echo"somethings wrong";} if(!isset($submit)||empty($submit)){ echo"somethings wrong";} else{ $realUser = $_SESSION['user']; $sql = "INSERT INTO table (id, referral, my_ptc, his_ptc, deal, contact_user, member) VALUES ('','$referralVar','$my_ptcVar','$his_ptcVar','$dealVar','$contact_userVar','$realUser')"; header("Location: adddeal.php"); if (!mysql_query($sql,$link)) { die('Error: ' . mysql_error()); } exit(); } } else { header("Location: adddeal.php"); $error = $resp->error; } } echo recaptcha_get_html($publickey, $error); ?> <input type="submit" name="submit" value="submit" /> </form> </td> </tr> </table> <p> </p><p> </p><p> </p> <a href='myaccount.php'><img src='imgs/back.png' class='img'> back to deals</a> </div> <div id="publicity"> <?php include('includes/pubCol.php'); ?> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709797 Share on other sites More sharing options...
darkfreaks Posted December 8, 2008 Share Posted December 8, 2008 i finally figured out why its leaking your defining the functions in the top PHP tag therefore when you call clean() RemXSS() it comes up undefined Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709838 Share on other sites More sharing options...
ricmetal Posted December 8, 2008 Author Share Posted December 8, 2008 ill check that later (again) it didnt do any difference, but ill have to double check the coding to make sure its correct and ill go back to a error free code and build from there and see if i can produce it free of errors based on what youve written so, thanks and c you later Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-709885 Share on other sites More sharing options...
darkfreaks Posted December 9, 2008 Share Posted December 9, 2008 only thing i can think of is filter_var() is a PHP5 function so if you run PHP4 it wont work properly in which case you would need : <?php session_start(); if (!isset($_SESSION['user'])) { header("Location: index.php"); } //------------------------------------------------------------------------ANTI-XSS FUNCTION------------------------------ function RemXSS($val) { // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // &#x0040 @ search for the hex values $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // &#00064 @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are \t, \n, and \r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(&#0{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } return $val; } //---------------------------------------------------------------CLEAN FUNCTION-------------------------------------- function clean($var) { $var=trim(mysql_real_escape_string(strip_tags($var))); $var=htmlspecialchars($var,ENT_QUOTES); return $var; } ?> <html><head><title>Deals Admin</title> <link href="css/crosspage.css" rel="stylesheet" type="text/css"> <link href="css/addeditDeal.css" rel="stylesheet" type="text/css"> </head><body> <div id="myaccount"> <table id="topHeader" cellpadding="0" border="0" cellspacing="0"> <tr><td id="logoTd"><span id="dealsAdmin">Deals Admin</span><br><?php if (isset($_SESSION['user'])) { ?><span id="loggedAs">Logged in as: <?php echo $_SESSION['user']; }?></span> </td><td id="xperimentTd"> </td></tr></table></div><div id="menu"><a href="myaccount.php" class="menuLinks">Deals</a> | <a href="settings.php" class="menuLinks">Settings</a> | <a href="backup.php" class="menuLinks">Backup</a> | <a href="about.php" class="menuLinks">About</a> | <a href="logout.php" class="menuLinks">Logout</a> | </div> <div id="topper"> </div> <div id="content" align="center"> <p> </p> <p> </p> <span id="sectionName"><img src="imgs/add.png" class="img"> Add Deal<span> <p> </p> <form name='form1' method='post' action=''> <table id='addDealTable' border='0' cellpadding='0' cellspacing='0'><tr><td> </td> <td id='adtCenter'>DETAILS</td></tr><tr><td id='adtRight'>REFERRAL USERNAME <input type='text' name='referralForm' size='30' /></td> <td id='adtCenter' rowspan='5'><textarea name='dealForm' cols='36' rows='8'/></textarea></td></tr><tr><td id='adtRight'> ** REFERRAL JOINS <input type='text' name='my_ptcForm' size='30'/></td></tr><tr><td id='adtRight'> ** I JOIN <input type='text' name='his_ptcForm' size='30' /></td></tr><tr> <td id='adtRight'>CONTACT REFERRAL <input type='text' name='contact_userForm' size='30' /></td></tr><tr> <td id='asteriscoTd'><span id='asterisco'>** full URL (http://www.site.com) to make links clickable from the deals list</span> </td> </tr><tr> <td> </td> <td id='adtCenter'> <?php include 'dbcDealsbase.php'; require_once('recaptchalib.php'); $publickey = "6LdlMQQAAAAAAO2NFGDOE0blpjzZLzvsbApD"; $privatekey = "6LdlMQQAAAAAAIH6OaaxXoyjFwrjZpl5K"; # the response from reCAPTCHA $resp = null; # the error code from reCAPTCHA, if any $error = null; # are we submitting the page? if ($_POST["submit"]) { $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) { //GET FORM INFO INTO VARIABLES--------------------------------------- $referralVar= RemXSS(clean($_POST['referralForm'])); $my_ptcVar = RemXSS(clean($_POST['my_ptcForm'])); $his_ptcVar= RemXSS(clean($_POST['his_ptcForm'])); $dealVar= RemXSS(clean($_POST['dealForm'])); $contact_userVar= clean($_POST['contact_userForm']); $recaptcha_challenge_field= $_POST['recaptcha_challenge_field']; $recaptcha_response_field= $_POST['recaptcha_response_field']; $submit= RemXSS(clean($_POST['submit'])); //------------------------------------------------------------------------ if(!isset($referralVar)||empty($referralVar)) { echo"somethings wrong";} if(!isset($my_ptcVar)||empty($my_ptcVar)){ echo"somethings wrong";} if(!isset($his_ptcVar)||empty($his_ptcVar)){ echo"somethings wrong";} if(!isset($dealVar)||empty($dealVar)){ echo"somethings wrong";} if(!isset($contact_userVar)||empty($contect_userVar)){ echo"somethings wrong";} if(!isset($recaptcha_challenge_field)||empty($recaptcha_challenge_field)){ echo"somethings wrong";} if(!isset($recaptcha_response_field)||empty($recaptcha_response_field)){ echo"somethings wrong";} if(!isset($submit)||empty($submit)){ echo"somethings wrong";} else{ $realUser = $_SESSION['user']; $sql = "INSERT INTO table (id, referral, my_ptc, his_ptc, deal, contact_user, member) VALUES ('','$referralVar','$my_ptcVar','$his_ptcVar','$dealVar','$contact_userVar','$realUser')"; header("Location: adddeal.php"); if (!mysql_query($sql,$link)) { die('Error: ' . mysql_error()); } exit(); } } else { header("Location: adddeal.php"); $error = $resp->error; } } echo recaptcha_get_html($publickey, $error); ?> <input type="submit" name="submit" value="submit" /> </form> </td> </tr> </table> <p> </p><p> </p><p> </p> <a href='myaccount.php'><img src='imgs/back.png' class='img'> back to deals</a> </div> <div id="publicity"> <?php include('includes/pubCol.php'); ?> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/134547-please-test-for-security/page/5/#findComment-710276 Share on other sites More sharing options...
Recommended Posts