Jump to content


Photo

Extra Security Validation Issues (Need Help)


  • Please log in to reply
No replies to this topic

#1 Saizuchi

Saizuchi
  • New Members
  • Pip
  • Newbie
  • 1 posts
  • LocationDayton, Ohio

Posted 29 April 2006 - 07:35 AM

I am trying to run a double security validation for an extremely cautious customer who wants a simple to read php coded validation script that:

[o] 1. Requires User to Submit to Database Values & Emails Site Owners the Information everytime before login. (Complete)
[o] 2. Requires User to Register Information. (Complete)
[x] 3. Requires User to Login. (Incomplete/Buggy)

Site Example:
[a href=\"http://p6.hostingprod.com/@idealrealtyusa.com/\" target=\"_blank\"]http://p6.hostingprod.com/@idealrealtyusa.com/[/a]

access.php
<?
if(empty($_SESSION[EmailID]))
{
    header("location:login.php");
    
    exit();
} else {
    if(empty($_SESSION[AgentID]))
    {
        header("location:validate.php");

        exit();
    }
}

?>

validate.php
<?
require_once("conn.php");


if(isset($_POST[s1]))
{
    $q1 = "select * from re2_agents where email = '$_POST[em]' and password = '$_POST[ps]' ";
    $r1 = mysql_query($q1) or die(mysql_error());

    if(mysql_num_rows($r1) == '1')
    {
        //ok
        $a1 = mysql_fetch_array($r1);

        $_SESSION[AgentID] = $a1[AgentID];
        $_SESSION[username] = $al[username];
        $_SESSION[MaxOffers] = $a1[offers];
        $_SESSION[AccountStatus] = $a1[AccountStatus];
        $_SESSION[AccountType] = $a1[AccountType];
        $_SESSION[AccountExpireDate] = $a1[ExpDate];

        header("location:index.php");
        exit();
    }
    else
    {
        $error = "<font face=verdana color=red size=2><b>Invalid Email/Password!</b></font>";
    }

}


//get the templates
require_once("includes.php");
require_once("templates/HeaderTemplate.php");
require_once("templates/LoginTemplate.php");
require_once("templates/FooterTemplate.php");

?>

AuthTemplate.php
<form method=post action="login.php" name=eform onsubmit="return CheckEmail();">
<table align=center width=300>
<caption align=center>
    <font face=verdana size=2><b>Email Confirmation</b></font><br>
    <?=$error?></caption>
<tr>
    <td align=right>Email:</td>
    <td><input type=text name=email></td>
</tr>

<tr>
    <td align=right>Phone:</td>
    <td><input type=text name=phone></td>
</tr>

<tr>
    <td align=right>First Name:</td>
    <td><input type=text name=FirstName></td>
</tr>

<tr>
    <td align=right>Last Name:</td>
    <td><input type=text name=LastName></td>
</tr>

<tr>
    <td>&nbsp;</td>
    <td><input type=submit name=sa value="Submit"></td>
</tr>

</table>
</form>

<div align="center">All entries are case sensative.</div>

LoginTemplate.php
<form method=post action="validate.php" name=lform onsubmit="return CheckLogin();">
<table align=center width=300>
<caption align=center>
    <font face=verdana size=2><b>Login</b></font><br>
    <?=$error?></caption>
<tr>
    <td align=right>Email:</td>
    <td><input type=text name=em></td>
</tr>

<tr>
    <td align=right>Password:</td>
    <td><input type=password name=ps></td>
</tr>

<tr>
    <td>&nbsp;</td>
    <td><input type=submit name=s1 value="Submit"></td>
</tr>

<tr>
    <td colspan=2 style="padding-top:20" align=center><a class=BlackLink href="r1.php">New User?</a> | <a class=BlackLink href="forgot.php">Forgot your password?</a></td>
</tr>

</table>
</form>

<div align="center">All entries are case sensative.</div>

login.php
<?
require_once("conn.php");


if(isset($_POST[sa]))
{

    $qp = "insert into re2_authorize set 
                        EmailID = '',
                        email = '$_POST[email]',
                        phone = '$_POST[phone]',
                        FirstName = '$_POST[FirstName]',
                        LastName = '$_POST[LastName]' ";
    mysql_query($qp) or die(mysql_error());
    
    $q1 = "select * from re2_authorize where email = '$_POST[email]'";
    $r1 = mysql_query($q1) or die(mysql_error());
    
            //send an email
        $to = "agents@idealrealtyusa.com";
        $subject = "New Visitor $_POST[FirstName] $_POST[LastName]";
        $message = "$_POST[FirstName] $_POST[LastName] has visited the site.\n\nInformation:\nName: $_POST[FirstName] $_POST[LastName]\nEmail: $_POST[email]\nTelephone: $_POST[phone]\n\nHave a great day!";

        $headers = "MIME-Version: 1.0\n"; 
        $headers .= "Content-type: text/plain; charset=iso-8859-1\n";
        $headers .= "Content-Transfer-Encoding: 8bit\n"; 
        $headers .= "From: $_SERVER[HTTP_POST] <$aset[ContactEmail]>\n"; 
        $headers .= "X-Priority: 1\n"; 
        $headers .= "X-MSMail-Priority: High\n"; 
        $headers .= "X-Mailer: PHP/" . phpversion()."\n"; 

        mail($to, $subject, $message, $headers);

    if(mysql_num_rows($r1) == '1')
    {
        //ok
        $a1 = mysql_fetch_array($r1);

        $_SESSION[EmailID] = $a1[EmailID];
        $_SESSION[Email] = $a1[email];
        $_SESSION[Phone] = $a1[phone];
        $_SESSION[FirstName] = $al[FirstName];
        $_SESSION[LastName] = $al[LastName];

        header("location:validate.php");
        exit();
    }
    else
    {
        header("location:validate.php");
    }

}


//get the templates
require_once("includes.php");
require_once("templates/HeaderTemplate.php");
require_once("templates/AuthTemplate.php");
require_once("templates/FooterTemplate.php");

?>

Sample Locked Page: advanced.php
<?
require_once("conn.php");

if(isset($_POST[s1]))
{
    if(!empty($_POST[cat]))
    {
        $CatInfo = explode("|", $_POST[cat]);

        $c = $CatInfo[0];
        
        if($CatInfo[1] > '0')
        {
            $s = $CatInfo[1];
        }
    }

    if(!empty($_POST[search_country]))
    {
        $search_country = $_POST[search_country];
    }

    if(!empty($_POST[search_state]))
    {
        $state = $_POST[search_state];
    }

    if(!empty($_POST[search_city]))
    {
        $search_city = $_POST[search_city];
    }

    if(!empty($_POST[search_PropertyType]))
    {
        $search_PropertyType = $_POST[search_PropertyType];
    }

    if(!empty($_POST[MinPrice]))
    {
        $min = $_POST[MinPrice];
    }

    if(!empty($_POST[MaxPrice]))
    {
        $max = $_POST[MaxPrice];
    }

    if(!empty($_POST[MinRooms]))
    {
        $rooms1 = $_POST[MinRooms];
    }

    if(!empty($_POST[MaxRooms]))
    {
        $rooms2 = $_POST[MaxRooms];
    }

    if(!empty($_POST[MinBath]))
    {
        $bath1 = $_POST[MinBath];
    }

    if(!empty($_POST[MaxBath]))
    {
        $bath2 = $_POST[MaxBath];
    }

    if(!empty($_POST[AgentID]))
    {
        $agent = $_POST[AgentID];
    }

    if(!empty($_POST[old]))
    {
        $before = $_POST[old];
    }

    if(!empty($_POST[NearSchool]))
    {
        $school = $_POST[NearSchool];
    }

    if(!empty($_POST[NearTransit]))
    {
        $transit = $_POST[NearTransit];
    }

    if(!empty($_POST[NearPark]))
    {
        $park = $_POST[NearPark];
    }

    if(!empty($_POST[OceanView]))
    {
        $ocean_view = $_POST[OceanView];
    }

    if(!empty($_POST[LakeView]))
    {
        $lake_view = $_POST[LakeView];
    }

    if(!empty($_POST[MountainView]))
    {
        $mountain_view = $_POST[MountainView];
    }

    if(!empty($_POST[OceanWaterfront]))
    {
        $ocean_waterfront = $_POST[OceanWaterfront];
    }

    if(!empty($_POST[LakeWaterfront]))
    {
        $lake_waterfront = $_POST[LakeWaterfront];
    }

    if(!empty($_POST[RiverWaterfront]))
    {
        $river_waterfront = $_POST[RiverWaterfront];
    }

    $url = "search.php?c=$c&s=$s&search_country=$_POST[search_country]&search_state=$_POST[search_state]&search_city=$_POST[search_city]&search_PropertyType=$_POST[search_PropertyType]&min=$min&max=$max&rooms1=$rooms1&rooms2=$rooms2&bath1=$bath1&bath2=$bath2&AgentID=$agent&before=$before&school=$school&transit=$transit&park=$park&ocean_view=$ocean_view&lake_view=$lake_view&mountain_view=$mountain_view&ocean_waterfront=$ocean_waterfront&lake_waterfront=$lake_waterfront&river_waterfront=$river_waterfront";

    header("location:$url");
    exit();
}

require_once("includes.php");
require_once("access.php");
/*
//create the category menu
$CategoryMenu = "<select name=cat>\n\t<option value=\"\"></option>\n\t";

$q1 = "select * from re2_categories order by CategoryName";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $CategoryMenu .= "<option value=\"$a1[CategoryID]|0\">$a1[CategoryName]</option>\n\t";

        //get the subcategories
        $q2 = "select * from re2_subcategories where CategoryID = '$a1[CategoryID]' order by SubcategoryName ";
        $r2 = mysql_query($q2) or die(mysql_error());
    
        while($a2 = mysql_fetch_array($r2))
        {
            $CategoryMenu .= "<option value=\"$a1[CategoryID]|$a2[SubcategoryID]\">$a1[CategoryName] - $a2[SubcategoryName]</option>\n\t";
        }

    }
}

$CategoryMenu .= "</select>\n";

*/
//create the state menu
$StateMenu = "<select name=search_state>\n\t<option value=\"\">All States</option>\n\t";

$q1 = "select distinct state from re2_listings order by state";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $StateMenu .= "<option value=\"$a1[state]\">$a1[state]</option>\n\t";
    }
}

$StateMenu .= "</select>\n";

//create the city menu
$CityMenu = "<select name=search_city>\n\t<option value=\"\">All Cities</option>\n\t";

$q1 = "select distinct city from re2_listings order by city";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $CityMenu .= "<option value=\"$a1[city]\">$a1[city]</option>\n\t";
    }
}

$CityMenu .= "</select>\n";


//create the country menu
$CountryMenu = "<select name=search_country>\n\t<option value=\"\">All Countries</option>\n\t";

$q1 = "select distinct country from re2_listings order by country";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $CountryMenu .= "<option value=\"$a1[country]\">$a1[country]</option>\n\t";
    }
}

$CountryMenu .= "</select>\n";

//create the PropertyType menu
$TypeMenu = "<select name=search_PropertyType>\n\t<option value=\"\">Any Type</option>\n\t";

$q1 = "select distinct PropertyType from re2_listings order by PropertyType";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $TypeMenu .= "<option value=\"$a1[PropertyType]\">$a1[PropertyType]</option>\n\t";
    }
}

$TypeMenu .= "</select>\n";


//create the Price Minimum menu
$MinPrice = "<select name=min>\n\t<option value=\"\">Minimum</option>\n\t";

$q1 = "select distinct Price from re2_listings order by Price asc";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $prices .= "<option value=\"$a1[Price]\">$ $a1[Price]</option>\n\t";
    }
}

$MinPrice .= $prices."</select>\n";


//create the max price menu
$MaxPrice = "<select name=max>\n\t<option value=\"\">Maximum</option>\n\t";
$MaxPrice .= $prices."</select>\n";

//bedrooms
$MinBed = "<select name=MinRooms>\n\t<option value=\"\">Minimum</option>\n\t";

for($i = '1'; $i <= '20'; $i++)
{
    $bed .= "<option value=\"$i\">$i</option>\n\t";
}

$MinBed .= $bed."</select>\n";

$MaxBed = "<select name=MaxRooms>\n\t<option value=\"\">Minimum</option>\n\t";
$MaxBed .= $bed."</select>\n";

//bathrooms
$MinBath = "<select name=MinBath>\n\t<option value=\"\">Minimum</option>\n\t";

for($i = '1'; $i <= '10'; $i++)
{
    $bath .= "<option value=\"$i\">$i</option>\n\t";
}

$MinBath .= $bath."</select>\n";

$MaxBath = "<select name=MaxBath>\n\t<option value=\"\">Minimum</option>\n\t";
$MaxBath .= $bath."</select>\n";

//agents menu
$q1 = "select AgentID, FirstName, LastName from re2_agents order by FirstName, LastName";
$r1 = mysql_query($q1) or die(mysql_error());

$AgentsMenu = "<select name=AgentID>\n\t<option value=\"\">Any Agent</option>\n\t";

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $AgentsMenu .= "<option value=\"$a1[AgentID]\">$a1[FirstName] $a1[LastName]</option>\n\t";
    }
}

$AgentsMenu .= "</select>\n";

require_once("templates/HeaderTemplate.php");
require_once("templates/AdvancedSearchTemplate.php");

if(!ereg("index.php", $_SERVER[SCRIPT_NAME]))
{
    require_once("templates/FooterTemplate.php");    
}

?>
[b]

[br]
[br]Co-Owner of Akeboshi Network and Creator of Demon.Snow.
[br]Akeboshi.Net Ver.1.0.1.C! Check it out! | View the Akeboshi Network Shop | Release Dates having been paused.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users