PHP Sign-Up Script

[stlewis]

Hi All!

 

I've got an issue that has me utterly baffled, and I was hoping that someone here might be able to give me some advice...I've got a web site, http://www.my-linkpage.com, for which I have created a sign-up script.  The sign-up process is very straightforward...

 

1. User fills out form with their information.

2. If the requested user name does not already exist in the database, the user's information is added.

3. The user is sent an email address with instructions for validating their account, (Click here to activate type stuff).

4. User is validated in the system, and can then log in.

 

Everything works, except step 3.  I combine sending the email and adding their information to the database in to one script, but whereas the database inclusion works like a charm, the email doesn't get sent.  The mail() function returns true, so I'm guessing its an issue in my code, but I copied the darned code word for word out of a script I had built that was already working, so I'm totally at a loss.  If someone could take a look at my code and tell me where they think I'm going wrong, I'd appreciate it.

 

Thanks!!

 

<?php

require_once('scripts/connect.php');
require_once('scripts/validation.php');

error_reporting(E_ALL);

     $error_msg="";
if (isset($_POST['submit']))

  {


 //Post Variables: Stripped of all dangerous characters.

 $Name=mysql_real_escape_string($_POST['sName']);
 $Email=mysql_real_escape_string($_POST['uEmail']);
 $UserName=mysql_real_escape_string($_POST['uName']);
 $Password=mysql_real_escape_string($_POST['uPass']);
  
  
     //Input Validation : We've got to make sure they put something in each box.


 $is_name=CheckEmpty($Name);
 $is_email=CheckEmpty($Email);
     $is_user=CheckEmpty($UserName);
 $is_pass=CheckEmpty($Password);


 if (!$is_name||!$is_email||!$is_user||!$is_pass)
   
     {

	   $error_msg="<span style='font-color:red; font-weight:bold;'>Please fill out all fields before submitting your registration.</span>";

	 }

      else
  
      {
	     //No Duplicate UserNames : We've got to connect to the database and make sure that the user name they have selected is not the same as 
         //any other username in the database.

         $verify_sql="SELECT * FROM tbl_users WHERE UserName='$uName'";

         $result=mysql_query($verify_sql);
  
  
                 if (mysql_num_rows($result)!=0)
      
	            {
	  
	                $error_msg="<span style='font-color:red; font-weight:bold;'>That User Name is already taken.  Please enter another one.</span>";
	  
	            } 
	  
             else  //If we're okay, then we need to both add the user to the database *and* send them the email that will allow them to 
                  //confirm their account.
   
               {
	  
	            //Create confirmation hash : MD5 the password

				$confirm_hash=md5($uPass);

				//Send Email
				//Email Headers

	$headers  = 'MIME-Version: 1.0' . "\r\n";
	$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
	$headers .= 'From: admin@my-linkpage.com'. "\r\n";

    //Email address to send the message to:
	$EmailTo=$Email;


	//The Subject Line of the email
	$Subject="Sign Up Details for My-LinkPage.com";

    //Our Message is equal to our content post.
 	$Message="A Message<br />";

				//$Success = mail ($EmailTo,$Subject,$Message,$headers);

		$Success = mail ($EmailTo,$Subject,$Message);
		if ($Success==true)

			  {  
			  
				header("Location: http://www.thoughtsandrambles.com/contact/thankyou.php");

	          }
            else

		      {
			   
			   header("Location: http://www.thoughtsandrambles.com/contact/messagefailed.php");
			   
			  }		    





							//Post to Database.

							//$post_SQL="INSERT INTO tbl_users (UserName,UserPass,UserNick,UserEmail,UserCode) VALUES ('$UserName','$Password','$Name','$Email','$confirm_hash')";
						     
						  
						     $post_success=1;//mysql_query($post_SQL);

							 if ($post_success)

							   {
							     //If everything is posted correctly, we send them to the Thank You page.
							   
							   echo "Normally going to thank you page.";
							   echo "$EmailTo<br />$Subject<br />$Message<br />$headers<br />";
							   
							   
							   }
							   
							 else 

							   {
							   
							   
							   //Will go to failure page after we've tested
							   echo ("Could not add to the database<br />".mysql_error());
							   
							   
							   }
						  
						  
						  
						  
						  
						  
						  }
						  

	  
	           }  
	  
	  
	  



  
     
  
  
  
  }//End ISSet Submit

?>


<html>

<head>

<link rel="stylesheet" type="text/css" href="styles/lenderhomepage.css" media="screen" />

<title>Personal Link Page - Login</title>

</head>


<body>


<div id="pagewrap" style="width:800px; height:600px;">

<h2>Sign Up For An Account</h2>

<p align="left">
Fill out the form below to register for a My-Linkpage.com account.  Once
you've completed the sign-up process, you can start creating your own
links page.  Please note that we require your email in order for you to 
verify your identity and complete the sign up process, and your email 
will not be used for any other purpose.  For more information, please 
view our <a href="http://www.my-linkpage.com/documents/tos.html">terms of service</a>.
</p>

<p><?php echo ($error_msg); ?></p>

<div style="margin-left:auto; margin-right:auto; text-align:center;">
<form name="sign-up" method="post" action="#">
<table>

<tr><td align="right">Your Name:</td><td><input type="text" name="sName" size="40" /></td></tr>
<tr><td align="right">Your Email:</td><td><input type="text" name="uEmail" size="40" /></td></tr>
<tr><td align="right">Select A UserName:</td><td><input type="text" name="uName" size="40" /></td></tr>
<tr><td align="right">Select A Password:</td><td><input type="password" name="uPass" size="40" /></td></tr>
<tr><td align="center" colspan="2"><input type="submit" name="submit" value="Register Now" /></td></tr>
</table>


</form>
</div>


</div>

</body>

</html>

 

[agentsteal]

Cross Site Scripting:

There is Cross Site Scripting if the remember cookie contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain ">code.

 

Full Path Disclosure:

http://www.my-linkpage.com/scripts/connection.class.php

Parse error: syntax error, unexpected ';', expecting '{' in /home/stlewis/public_html/scripts/connection.class.php on line 78

 

PHP Source Code Disclosure:

http://www.my-linkpage.com/scripts/

 

URL Inclusion:

There is a URL Inclusion vulnerability on http://www.my-linkpage.com/scripts/form.html if you search for a URL.

 

User Enumeration:

http://www.my-linkpage.com/~root

 

User Enumeration:

http://www.my-linkpage.com/~stlewis

[clanstyles]

Login with the info:

marquee

marquee

 

See some issues you have?

 

 

[php_tom]

Full Path Disclosure when you try to log in:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'stlewis'@'localhost' (using password: NO) in /home/stlewis/public_html/my-linkpage/login.php on line 60

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/stlewis/public_html/my-linkpage/login.php on line 60

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'stlewis'@'localhost' (using password: NO) in /home/stlewis/public_html/my-linkpage/login.php on line 61

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/stlewis/public_html/my-linkpage/login.php on line 61