[SOLVED] Help: Need to secure my form

[clown[NOR]]

basicly what I'm doing, I'm working on a registration form, and I want it to be as secure as possible, so I don't becoma victim of SQL Injection and other stuff... So this is what I've got so far..

 

<?php

global $error;
$regUser = $_POST['username'];
$regPass1 = $_POST['pass1'];
$regPass2 = $_POST['pass2'];
$regName = $_POST['name'];
$regBorn = $_POST['month'] . "-" . $_POST['day'] . "-" . $_POST['year'];
$regGender = $_POST['gender'];
$regCountry = $_POST['country'];
$regCity = $_POST['city'];
$regEmail = $_POST['email'];
$regWebsite = $_POST['website'];

$error = array();
// Look for empty fields
if (empty($regUser)) { $error[] = "You did not enter a username"; }
if (empty($regPass1)) { $error[] = "You did not enter a main password"; }
if (empty($regPass2)) { $error[] = "You did not enter a confirmation password"; }
if (empty($regName)) { $error[] = "You did not enter your name"; }
if (empty($regEmail)) { $error[] = "You did not enter your email"; }

// Confirm password
if ($regPass1 != $regPass2) { $error[] = "Passwords didn't match"; }

// Check if the length is ok on requested fields
if (strlen($regUser) > 10) { $error[] = "Your username must contain less than 10 characters"; }
if (strlen($regUser) < 4) { $error[] = "Your username must contain more than 4 characters"; }
if (strlen($regPass1) < 6) { $error[] = "Your password must contain more than 6 charaters"; }
if (strlen($regPass) > 10) { $error[] = "Your password must contain less than 10 characters"; }

// Strip for any tags
$regUser = strip_tags($regUser);
$regPass1 = strip_tags($regPass1);
$regPass2 = strip_tags($regPass2);
$regName = strip_tags($regName);
$regCountry = strip_tags($regCountry);
$regCity = strip_tags($regCity);
$regEmail = strip_tags($regEmail);
$regWebsite = strip_tags($regWebsite);

// Replace "bad" characters
$regBadChars = array("'", "\\", "\"");
$regUser = str_replace($regBadChars, "", $regUser);
$regPass1 = str_replace($regBadChars, "", $regPass1);
$regPass2 = str_replace($regBadChars, "", $regPass2);
$regName = str_replace($regBadChars, "", $regName);
$regCountry = str_replace($regBadChars, "", $regCountry);
$regCity = str_replace($regBadChars, "", $regCity);
$regEmail = str_replace($regBadChars, "", $regEmail);
$regWebsite = str_replace($regBadChars, "", $regWebsite);

if (!empty($error)) {
	header("Location: index.php?view=signup");
} else { 
	echo "No errors!";
}

?>

 

I know I porbably should have use preg_replace or something like that instead of str_replace, but I just can figure out how to use it properly... can you guys see any thing that makes my script unsecure?

 

Thanks In Advance

- Clown

[clown[NOR]]

since there's no replies on this one... I'll just mark it as solved =)

[kenrbnsn]

Waiting 1.5 hours for an answer to your question is not very long. You can bump your question if no one has replied in 3 to 4 hours, but when you mark it "solved", you almost guarantee that you will not get an answer.

 

Ken

[clown[NOR]]

yeah... but it wasnt really that important ... was just a quick question... and my post was dropping on the list anyway.. lot's of new replies but none on mine... so I just marked it as solved... but when you were in here reading the post it would have been nice if you might dropped 2-3 ideas on how to make it more secure =)

[Glyde]

mysql_real_escape_string.  It's the most useful anti-injection function out there.  You can use mysql_escape_string as well, but mysql_real_escape_string will respect the current character set that is being used in the database.  (Note that mysql_real_escape_string can only be used after there is a database connection resource).

[clown[NOR]]

yeah I'm using mysql_real_escape_string on every query sent to my db...

[Glyde]

Well then you won't be injected.  As simple as it seems, it works extremely well.  You should be fine with just using it.

[clown[NOR]]

thanks for the reply

[MadTechie]

their was a bug with mysql_real_escape_string

 

E.1.7. Changes in release 5.0.22 (24 May 2006)

 

Bugs fixed:

 

    *      Security fix: An SQL-injection security hole has been found in multi-byte encoding processing. The bug was in the server, incorrectly parsing the string escaped with the mysql_real_escape_string() C API function. (CVE-2006-2753, Bug#8378)

 

check your up-to-date

 

basically it didn't filter chr(0xbf) or chr(0x27)

[clown[NOR]]

how did you do that? and how do I fix it? and what code did you check? i had no mysq_real_escape_string() in the code i posted

[Glyde]

He's quoting information from a changelog.  Obviously the MySQL release prior to 5.0.22 had a bug in the mysql_real_escape_string, as it was not properly dealing with two characters.  Just make sure you keep your MySQL server updated.  As far as I know, this exploit wasn't in MySQL 4, so if you're still on that, you should be fine...but you can upgrade to the newest MySQL server anyways just for improved functionality.

[clown[NOR]]

well i'm getting my own domain now... but until I get my pay check I'm just using wamp...and wamp's using 5.0.27... and the host I'm going to use have 4 something.. and I think they have, or is about to upgrade to 5.0.27 or something like that

[MadTechie]

This will stop sql injection but limits the input, i normallt use this for the login, but remember the security holes are normally in the hidden little place you didn't notice and rarely in the place you add all you cool protection scripts

 

<?php
function paranoid($string)
{
  $string = preg_replace("/[^a-zA-Z0-9]/", "", $string);
  return $string;
}

?>

[clown[NOR]]

thanks MadTechie

 

i really need to learn that preg, ereg, regex and so on... as I said in the first post... I've been reading x numbers of tutorials and "how to's"... but I jsut cant get it to work... anyone knows a really good tutorial that actually breaks the whole thing up in small pieces and explains what basicly every single thing does?

[MadTechie]

<?php
function paranoid($string)
{
  $string = preg_replace("/[^a-zA-Z0-9]/", "", $string);
  return $string;
}

?>

 

I'm learning myself, infact i have to learn it now due to a project i am on,

 

heres a quick break down

 

$string = preg_replace("/[a-zA-Z0-9]/", "", $string);

 

replace all characters within the ranges a-z and A-Z and 0-9 with "" (nothing)

But i used ^ this mean excluding so

$string = preg_replace("/[^a-zA-Z0-9]/", "", $string);

replace all characters EXCEPT characters within the ranges a-z and A-Z and 0-9 with "" (nothing)

 

the / are delimiter this just tells the preg_replace where to start and end

the [ means starting a range and ] means ending a range

 

of course theirs alot more too it and this is kinda basic...

but i'm gettng their 

[clown[NOR]]

awsome MadTechie... thank you so much... that made me understand SO much more than any other tutorial has made me udnerstand so far... and even if it's only basics, that's exactly what I need...

[MadTechie]

Cool