My Forum - rewritten

[evillair]

Thanks to those who helped me last time...

 

I decided to re-write the whole thing. The core is all new.

 

Here's the new one: http://www.sentry.dreamhosters.com/

I'm looking for security issues.

 

I have a forum all set up for you to delete also.

 

Notes:

- Word filtering isn't added yet so don't bother testing it.

- Email verification isn't done.

- More options will be added but I wanted to test first.

 

Any help is appreciated!

Thanks

[Mastodont]

\r\n\r\n in displayed post??

 

http://www.sentry.dreamhosters.com/index.php?action=posts&forum=2&id=51

[evillair]

hmmm...ok, I thought I fixed that. Thanks

 

edit, ahh the server setting differs from my localhost, fixed

[LiamProductions]

Text breaks the borders http://www.sentry.dreamhosters.com/index.php?action=posts&forum=1&id=52

 

You might want to fix it.

[LiamProductions]

it has broken the whole of ur page aswell http://www.sentry.dreamhosters.com/index.php?action=sendmessage

[evillair]

Ok thanks, I fixed it temperarely.

 

I'm drawing a blank on how to fix it so text just goes to the next line ???

 

 

[LiamProductions]

Sorry... I did lots of tests. 

[agentsteal]

Admin Access:

You can log in as admin by setting the user cookie to admin.

 

Cross Site Scripting:

There is Cross Site Scripting if the lstvsit cookie contains code.

 

Cross Site Scripting:

There is Cross Site Scripting if the user cookie contains code.

 

DOS:

http://www.sentry.dreamhosters.com/stylechanger.php

 

Insecure Cookie:

You shouldn't put the password in the cookie.

 

Insecure Cookie:

You shouldn't put the username in the cookie.

 

You can log in as any user by setting the user cookie to their username.

[source]

http://www.sentry.dreamhosters.com/index.php?action=posts&forum=1&id=%22%3E

 

 

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE topic_id='\">'' at line 1

[source]

use javascript to check shit == dumb...

on register I was able to register with my email as <script>alert(1);</scritpt> etc. and <marquee>ownd.

[evillair]

use javascript to check shit == dumb...

on register I was able to register with my email as <script>alert(1);</scritpt> etc. and <marquee>ownd.

 

source, I just started learning php a few weeks ago... give me a break. I'm still learning. 

I don't see where I'm using javascript to check "shit" though.

 

I don't see any marquee'ing also, which page?

 

You shouldn't put the username and password into the cookie.

 

I guess I should be using $_SESSIONs for passwords?

 

Thanks, I've got most of the stuff mentioned fixed.

 

[source]

re-read my post... I said "when registering"

 

and uhm... not to start flame war but what does learning php have to do with javascript?

 

 

It's completly unfiltered input (the email when I view the source of the page of my profile.)

 

 

 

[LiamProductions]

I can login to the Admin Account easy.

[evillair]

re-read my post... I said "when registering"

 

and uhm... not to start flame war but what does learning php have to do with javascript?

 

It's completly unfiltered input (the email when I view the source of the page of my profile.)

It doesn't, I'm just trying to learn php and javascript at the same time for this.

But I'm only using JS for the style switcher and to paste text into the text area for bbc code...is that wrong?

 

Ok, I've filtered it out the email now, thanks... Forgot to do that too.

 

I can login to the Admin Account easy.

 

The 'admin' account or the account that has administration access? The 'admin' was just for testing, it has no rights.

If you logged in with administration access then I have a problem.

 

Thanks again for the help

 

A quick question:

- Should I go back to using sessions for passwords?

 

 

 

[dj-kenpo]

"Should I go back to using sessions for passwords?"

 

god yes. in comparison to cookies anyways...

 

md5 the password, store it in the session, and then check on EVERY single page if a db query for the password + md5 of it, matches the session value

[evillair]

"Should I go back to using sessions for passwords?"

 

god yes. in comparison to cookies anyways...

 

md5 the password, store it in the session, and then check on EVERY single page if a db query for the password + md5 of it, matches the session value

 

Ok thanks.

I 'was' using sessions then I switched to cookies. I'll switch back.

[MemphiS]

Thank you for registering

Redirecting you to the login form in 5 seconds.

 

Your account has been created!

Click here to logon!

 

 

I used code in all your inputs:

 

*I havent tested this but here's the code i just wrote up which checks all inputs for the register fields.

 

<?php
if (isset($_POST['submit'])){
$email    = strip_tags(addslashes($_POST['email']));
$user     = strip_tags(addslashes($_POST['username']));
$password = strip_tags(addslashes($_POST['password']));
$realname = strip_tags(addslashes($_POST['realname']));
$location = strip_tags(addslashes($_POST['location']));

// Check username
if (!ctype_alnum($user)){
echo("Invalid Username.");
}elseif (ctype_alnum($user)){

// Check email ~ email check from www.php.net/eregi
if(!eregi("^[a-z]+[a-z0-9_-]*(([.]{1})|([a-z0-9_-]*))[a-z0-9_-]+[@]{1}[a-z0-9_-]+[.](([a-z]{2,3})|([a-z]{3}[.]{1}[a-z]{2}))$",$email)) {
    echo("Invalid Email");
}elseif(eregi("^[a-z]+[a-z0-9_-]*(([.]{1})|([a-z0-9_-]*))[a-z0-9_-]+[@]{1}[a-z0-9_-]+[.](([a-z]{2,3})|([a-z]{3}[.]{1}[a-z]{2}))$",$email)) {

// Check password
if (!ctype_alnum($password)){
echo("Invalid Username.");
}elseif (ctype_alnum($password)){

// Check realname
if (!ctype_alpha($password)){
echo("Invalid Username.");
}elseif (ctype_alpha($password)){

// Check location ~ i suggest making your location like so
/*
<select name='location'>
<option value='Australia'>Australia</option>
<option value='America'>America</option>
<option value='Brittian'>Brittian</option>
<option value='Europe'>Europe</option>
</select>
*/
$locArray = array("Australia","America","Brittian","Europe"); // < Place acceptable "location"'s in the array.
if ( (!ctype_alpha($location)) || (!in_array($locArray)){
echo("The location you have selected is invalid.");
}elseif ((ctype_alpha($location)) && (in_array($locArray)){

// Insert new member into db...

echo("
Thank you for registering<br />
Redirecting you to the login form in 5 seconds.<br />
	<br />
Your account has been created!<br />
Click here to logon!<br />
");
}}}}}
}

 

[evillair]

Thank you very much, I'll check it out 

[evillair]

I just updated the registering inputs checking, if anyone wants to test that feel free.

 

Thanks.

[LiamProductions]

The new Sign Up Filter is good. If its invalid you should make it to say it in the template.

[evillair]

Thanks for checking it out.

 

It should display a error message though...

 

Invalid Characters

Sorry, you can only use: [a-z], [0-9], [-] and [ _ ].

Spaces are not allowed.

 

Please try again.

 

Can I asked what you entered that didn't give you a message?

[LiamProductions]

Yeah i know, Plus if you just put a @ in the email and other fields valid it says Invalid email address.

[evillair]

Oh, my mistake, you meant incorporate the error in the design.

I thought you weren't seeing the messages.

 

It's done now too. I added an agreement form to it also.

 

Thanks again.

[LiamProductions]

Great agreement but i think it should be under the registration box's

[LiamProductions]

Now it looks like you have errors on your pages with the posts on:

 

Warning: Missing argument 2 for get_posts(), called in /home/.pudge/evillair/sentry.dreamhosters.com/posts.php on line 83 and defined in /home/.pudge/evillair/sentry.dreamhosters.com/inc/functions.php on line 175

Warning: Missing argument 3 for get_posts(), called in /home/.pudge/evillair/sentry.dreamhosters.com/posts.php on line 83 and defined in /home/.pudge/evillair/sentry.dreamhosters.com/inc/functions.php on line 175
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1