Online File Storage

[Carterhost]

Okay, I'd like some experienced testing on my site.

It's just an upload/management script for online file storage.

[url=http://file-city.co.uk]http://file-city.co.uk[/url]
Username: testone
Password: test

There is also a separate photo storage system where you can upload photos and make them public or private.
If they're public then they appear in a public gallery at http://file-city.co.uk/username.
If they're private, then only you can send the links to them out.

I plan on implementing Zipfile unzipping, and maybe multiple photo uploads.

Cheers!

[fert]

it works well didn't seen any errors or anything

[redbullmarky]

you need to carefully check user input.
one problem i sent you a PM about. the other is the fact that i can submit a blank contact form.

cheers

[Nameless12]

There is a bug when you login and click logout it says "you have been successfully logged out but in the top right hand corner it says you are logged in until you refresh the page

[Carterhost]

[quote author=Nameless12 link=topic=123904.msg512983#msg512983 date=1169705705]
There is a bug when you login and click logout it says "you have been successfully logged out but in the top right hand corner it says you are logged in until you refresh the page
[/quote]

Oh yeah...! Fixed.

[corbin]

I found a major security hole... Like major... I'll PM you lol

[corbin]

OK, I messaged you and I also have some small errors I would like to point out that aren't security threats.

If you go to http://file-city.co.uk/delete.php?zfile=' it creates a mysql error, but some how I don't think it's vulnerable to SQL injection... I'm guessing it's a SELECT clause based on the error made, and I think it's just using the number of rows from it, so someone could not have it output passwords or anything.

Also with the javascript method that goes to that page... I wouldn't say anything, but the rest of your site seems pretty JS independent... Anyways the link is like <a href="javascript: function();">Text</a> which means that if someone without JS enabled clicks it, it will do nothing.  I suggest you change it to <a href="delete.php?zfile=code it to put out the file name with PHP" onclick="function();"> .  That way if they have JS it behaves the same way, but if they don't it just skips the confirm thing and goes straight to the delete page (maybe have the JS version add &del=1 on the end.  Then you could have a small little form on the page that has a confirm delete button that is sent via get and just adds &del=1 to the end.  Then in the script you could do if($_GET['del'] == 1) { delete stuff } else { output the form and what not }.)

Hmmm one last thing... If you upload 2 files and they're both named the same thing, the second file over writes the first, but in the DB two separate entries exist...  You should either add a mysql query to make sure the file doesn't exist in the DB already, or you should check for duplicate file names and tell users to delete the file first.  You could even let the user upload it then save it as a temporary file for a moment.  Then you could allow them the choice of picking a name (don't forget to re validate the name or you might get a file named --;.jpg), or you could allow them to delete the first file.  That way there's not 2 entries in the database pointing to the same file.

[agentsteal]

Cross Site Scripting:
[url=http://www.file-city.co.uk/phpinfo.php?<script>alert('vulnerable')</script>]http://www.file-city.co.uk/phpinfo.php?<script>alert('vulnerable')</script>[/url]

Full Path Disclosure:
[url=http://www.file-city.co.uk/phpinfo.php]http://www.file-city.co.uk/phpinfo.php[/url]

[Lumio]

When I register on that page it displays me two password-inputs. But when I submit it, I can read my password. I registered in school, so I don't really want that other guys see my password.

[JoshF]

Looks nice and works great!

[Lumio]

Why don't you put files and pictures on one page?