runnerjp Posted April 25, 2007 Share Posted April 25, 2007 hey guys... at the moment i u8se this code to update profiles- <dir inc="accountinfo"> <? if($action == "update") { if($auth['login'] == "admin" AND $demo_mode == "yes") { include("include/admin_demo.inc.php"); exit; } //check input for errors $pass_length = strlen("$pass1"); if(empty($pass1)) { echo "You did not enter a password! Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } elseif(empty($pass2)) { echo "You did not verify your password! Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } elseif("$pass1" != "$pass2") { echo "Your passwords do not match! Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } elseif(empty($email)) { echo "You did not enter your email! Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } elseif(empty($displayname)) { echo "You did not enter your Display Name! Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } elseif($pass_length < 3) { echo "Your password must be at least 3 characters long. Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } elseif(ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@([a-zA-Z0-9-]+\.)+([a-zA-Z]{2,3})$", $email)) { $okmail="1"; } if($okmail != "1") { echo "Your email address is not properly formatted! Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } if (ereg("^[a-zA-Z0-9]+$",$pass1)) { $okpass="1"; } if($okpass != "1") { echo "Your password can contain only letters and numbers! Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } if (ereg("^[a-zA-Z0-9]+$",$displayname)) { $okdisplay="1"; } if($okdisplay != "1") { echo "Your Display Name can contain only letters and numbers! Please <a href=\"javascript:history.go(-1);\">Try again.</a>"; include("include/footer.inc.php"); exit; } if(empty($newsletter)) $newsletter = "no"; $connection = @mysql_connect("$db_host", "$db_user", "$db_pass") or die("Couldn't connect."); $db = @mysql_select_db($db_name, $connection) or die("Couldn't select database."); $sql = "UPDATE $tbl_members SET password = \"$pass1\", email = \"$email\", displayname = \"$displayname\", newsletter = \"$newsletter\" WHERE member_id =\"$member_id\""; $result = @mysql_query($sql,$connection) or die("Couldn't execute update query."); echo "<center>Update successful!<br><br>If you changed your password, you <b>must</b> <a href=\"logout.php\">Login again!</a></center>"; } else { if($auth['login'] == "admin" AND $demo_mode == "yes") { include("include/admin_demo.inc.php"); exit; } ?> <form action="<?echo "$PHP_SELF"; ?>" method="POST"> <table align="center" cellpadding="4" cellspacing="0"> <tr> <td valign="top"> <p>Username:</p> </td> <td valign="top"> <p><b> <?echo $auth['login'] ?></b></p> </td> <td valign="top"> <p><span class="help">Your Username cannot be changed.</span></p> </td> </tr> <tr> <td valign="top"> <p>Password:</p> </td> <td valign="top"> <p><input type="password" name="pass1" maxlength="20" size="20" value="<?echo $auth['password'] ?>"></p> </td> <td valign="top"> <p><span class="help">Your Password may be 3-20 characters, letters and or numbers only.</span></p> </td> </tr> <tr> <td valign="top"> <p>Repeat Password:</p> </td> <td valign="top"> <p><input type="password" name="pass2" maxlength="20" size="20" value="<?echo $auth['password'] ?>"></p> </td> <td valign="top"> <p><span class="help">Please verify your password.</span></p> </td> </tr> <tr> <td valign="top"> <p>Email Address:</p> </td> <td valign="top"> <p><input type="text" name="email" maxlength="125" size="25" value="<?echo $auth['email'] ?>"></p> </td> <td valign="top"> <p><span class="help">Your email address is used to retrieve lost password. It is not displayed to the public.</span></p> </td> </tr> <tr> <td valign="top"> <p>Display Name:</p> </td> <td valign="top"> <p><input type="text" name="displayname" maxlength="25" size="25" value="<?echo $auth['displayname'] ?>"></p> </td> <td valign="top"> <p><span class="help">This is your nickname or the name you want the system to refer to you by.</span></p> </td> </tr> <tr> <td valign="top"> <p> </p> </td> <td width="757" valign="top" colspan="2"> <p><input type="checkbox" name="newsletter" value="yes" checked>Subscribe to Newsletter updates (occasional updates regarding the site).</p> </td> </tr> <tr> <td valign="top"> <p><input type="hidden" name="action" value="update"> <input type="hidden" name="member_id" value="<?echo $auth['member_id'] ?>"></p> </td> <td valign="top"> <p><input type="submit" value="Update!"></p> </html> this bit here input type="hidden" name="action" value="update"> <input type="hidden" name="member_id" value="<?echo $auth['member_id'] ?> is where it finds the users id and changes it!...the big problem wiht this is that cant users change any1ns id by copyin the html code changing the id number and then opening the page up to change anouther users id...how can i stop this?? Quote Link to comment Share on other sites More sharing options...
mpharo Posted April 25, 2007 Share Posted April 25, 2007 well in order to do as you described, one would have to copy the file from you webserver, modify it, then put it back...if people can do this you have more security problems to worry about than this little thing... Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 25, 2007 Author Share Posted April 25, 2007 so what can i do to secure it all together ?? is there a way i can update the users id by doing it other then the way stated??? because at the moment this is a big problem Quote Link to comment Share on other sites More sharing options...
mpharo Posted April 25, 2007 Share Posted April 25, 2007 This is the proper way to do it, if people have access to your webserver and can take files and put them back that needs to be fixed with file permissions and the removal of shared folders as well as users...if anyone had access to any webservers files they can do what they want with the site, basic webserver administration entails removing the ability to take files from the server without proper access restrictions....now just looking at your code, you are executing a query to get a result, you are then taking that result and using it to modify the information for a userid, so if someone were to just take those 2 lines and somehow modify it for a hardcoded value, you can change your page to check if the variable your looking for is initialized and if it is then execute the statement, that way (I dont know how someone would) if someone hard coded a value in your html it is blocked from running on the server side... you would just add something like this... If ($sql[value]){ echo "<input type=\"hidden\" name=\"value\" value=\"$sql[value]\">"; } Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 25, 2007 Author Share Posted April 25, 2007 yes but the problem is im using numbers to allocate sum one with an "id" so say im 001 and anouther user is 002 all they have to do is copy the code (html) and change 002 to 001 and then u can cange 001's password ( hope that makes sence) Quote Link to comment Share on other sites More sharing options...
mpharo Posted April 25, 2007 Share Posted April 25, 2007 but the problem is being able to copy the code, a person would have to directly take the file and modify it then put it back, you need to put restrictions on the files themself to not allow people to do that....a person cant just copy the code modify it and save it, you have to take the index.php file or whatever it is called modify it then save it back... Quote Link to comment Share on other sites More sharing options...
neel_basu Posted April 25, 2007 Share Posted April 25, 2007 To do it easily a Class exists on http://zigmoyd.sourceforge.net/man/ums.php#customize <?php $conn = mysql_connect("localhost", "root", ""); $hld = new customize("php", "test", $conn);//DB_name, Table_name, $conn //Set The Filds to Identify The User Of whom You Want to Customize the Account $hld->set("name", "neel");//DB_Field_name, Existing_Value $set->set("id", "2");//You Can Also Use set() more than one time although this Line //$hld->set("name", "neel");Is Enough To Identify The User if the field is Unique $hld->change("name", "New_name");//Field_name, New_Value //You can add more change("Field_name", "new_value"); $hld->change_password("Password", "new_Password");//Use change_password() instead of change()While Changing Password IF YOU ARE YOU USING HASHED PASSWORDS. $hld->done();//Returns True If Successfully Changed Else Returns False ?> But you need to include some files PLease read this for Installation and Instructions Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 25, 2007 Author Share Posted April 25, 2007 what so best thing to do would be to redesign the whole system? Quote Link to comment Share on other sites More sharing options...
neel_basu Posted April 25, 2007 Share Posted April 25, 2007 If (You are 80% done on this project) { dont_change_it(); } else { its_upon_you(); } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.