ldb358 Posted June 22, 2009 Share Posted June 22, 2009 This is a site that i have been working on that is still in the very early stages but i think that it is important that some people can check it out and let me know of any glitchs, error, ect. that may be on the site. thanks foe the help for a login you can use: lane2 enter1 lbflash.summerhost.info/test Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/ Share on other sites More sharing options...
Coreye Posted June 23, 2009 Share Posted June 23, 2009 SQL Error: http://lbflash.summerhost.info/test/index.php?action=viewuser&viewUser= You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id='1'' at line 1 Table Information: http://lbflash.summerhost.info/test/index.php?action=viewuser&viewUser[] Table 'sum_2677639_login.Array' doesn't exist Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-861743 Share on other sites More sharing options...
Adam Posted June 23, 2009 Share Posted June 23, 2009 Passed all of SQL Inject ME's tests! Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-861825 Share on other sites More sharing options...
ldb358 Posted June 23, 2009 Author Share Posted June 23, 2009 thank you both of you all get on fixing that error Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-861976 Share on other sites More sharing options...
Adam Posted June 23, 2009 Share Posted June 23, 2009 Actually, I did find some 'SQL inject me' fails for the login screen, I didn't test it at first, but forgot to mention it in a reply... Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-861982 Share on other sites More sharing options...
dezkit Posted July 3, 2009 Share Posted July 3, 2009 Site doesn't work for me... Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-868194 Share on other sites More sharing options...
adamlacombe Posted July 6, 2009 Share Posted July 6, 2009 Login not working or registration failed. I would add if sign up was successful or not below your query. Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-869932 Share on other sites More sharing options...
darkfreaks Posted July 6, 2009 Share Posted July 6, 2009 SQL Inject me: Failures:47 File:login.php PHPFREAKS Security[MYSQL Injection Prevention] Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-869963 Share on other sites More sharing options...
darkfreaks Posted July 6, 2009 Share Posted July 6, 2009 nvm Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-870032 Share on other sites More sharing options...
ldb358 Posted July 22, 2009 Author Share Posted July 22, 2009 thanks all for your feed back, the site has been moved to the main domain at http://lbflash.summerhost.info Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-880453 Share on other sites More sharing options...
gevans Posted July 22, 2009 Share Posted July 22, 2009 The nav always shows logout, So it says I'm logging out even when I'm not logged in. Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-880559 Share on other sites More sharing options...
darkfreaks Posted July 23, 2009 Share Posted July 23, 2009 i see you have cleaned up your login with mysql_real_escape_string() but that wont stop all injection have you read up on how to use PDO? SQL Inject me: Failures:15 File:login.php Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-881563 Share on other sites More sharing options...
darkfreaks Posted July 24, 2009 Share Posted July 24, 2009 also you might want to encrypt your url's with urlencode() for security purposes so people cant manipulate the variables.mainly passwords and inportant information. for example it will output mysite.com/index.php?user=darkfreaks&pass=@#145 the password willl be enrypted but the user will not be encrypted. Fields i would encode: password,maxsize,upload,uploaded,register,pass2,first,last,email then use urldecode()when you want to display them on the page in a url. Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-881601 Share on other sites More sharing options...
ldb358 Posted July 28, 2009 Author Share Posted July 28, 2009 okay thank you every one ill look in to removing the the logout button and fixed those secerity issues Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-885005 Share on other sites More sharing options...
gabasc09 Posted August 13, 2009 Share Posted August 13, 2009 Your registration script doesn't check if passwords are identical and if email is actually a valid email address. You should consider putting the task of fixing it on your fix-it priority list Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-897086 Share on other sites More sharing options...
ldb358 Posted August 13, 2009 Author Share Posted August 13, 2009 okay i will do that right now Ive been working on a redesign for it so there hasn't been any real changes but ill make sure to do that Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-897273 Share on other sites More sharing options...
ldb358 Posted August 17, 2009 Author Share Posted August 17, 2009 okay the site has been moved again to http://lbflash.com Ive been try to getting the security updated I'm writing an email verification, but i didn't quite get how to use URL encode or more where to use it. also about the logout button being there i tried to write a function to change it in between logging in and logging out but i ran into the problem, my function that loads the header is called separately and before the rest of the page that means that on the first page loaded after logging in or out it would be backwards which i think would be more confusing for the user any way if anyone finds and security risks let me know and if some one code tell me where to use the encode/decode that would be nice too Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-900414 Share on other sites More sharing options...
lt40 Posted August 17, 2009 Share Posted August 17, 2009 Check your file upload script as it allows unwanted extensions to be sent by editing the MIME data sent. e.g http://lbflash.com/tester/test.php Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-900488 Share on other sites More sharing options...
ldb358 Posted August 17, 2009 Author Share Posted August 17, 2009 i dont get what you mean by messing with the MIME how can i fix that i hve it check the file type in my script? Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-900501 Share on other sites More sharing options...
darkfreaks Posted August 18, 2009 Share Posted August 18, 2009 IDB: simple use mime-content-type() Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-900628 Share on other sites More sharing options...
ldb358 Posted August 18, 2009 Author Share Posted August 18, 2009 okay thanks did that can some one test it again to if it still will let you upload a file Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-900937 Share on other sites More sharing options...
ldb358 Posted August 19, 2009 Author Share Posted August 19, 2009 okay now i thought id try and upload an image and now it generates a fatal error Fatal error: Call to undefined function mime_content_type() in /home/vol4/summerhost.info/sum_2677639/lbflash.com/htdocs/functions.php on line 536 Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-902155 Share on other sites More sharing options...
darkfreaks Posted August 19, 2009 Share Posted August 19, 2009 that function is deprecated if you read the manual page on it it says it is and links you to the fileinfo functions which work better sposedly. Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-902180 Share on other sites More sharing options...
ldb358 Posted August 19, 2009 Author Share Posted August 19, 2009 i did that and got the same error it says the same error Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-902184 Share on other sites More sharing options...
darkfreaks Posted August 20, 2009 Share Posted August 20, 2009 paste the full code to the page so i can sort it. Link to comment https://forums.phpfreaks.com/topic/163283-test-basic-site/#findComment-902201 Share on other sites More sharing options...
Recommended Posts