Jump to content

Extra Security Validation Issues (Need Help)


Saizuchi

Recommended Posts

I am trying to run a double security validation for an extremely cautious customer who wants a simple to read php coded validation script that:

[b][o][/b] 1. Requires User to Submit to Database Values & Emails Site Owners the Information everytime before login. (Complete)
[b][o][/b] 2. Requires User to Register Information. (Complete)
[b][x][/b] 3. Requires User to Login. (Incomplete/Buggy)

Site Example:
[a href=\"http://p6.hostingprod.com/@idealrealtyusa.com/\" target=\"_blank\"]http://p6.hostingprod.com/@idealrealtyusa.com/[/a]

access.php
[code]<?
if(empty($_SESSION[EmailID]))
{
    header("location:login.php");
    
    exit();
} else {
    if(empty($_SESSION[AgentID]))
    {
        header("location:validate.php");

        exit();
    }
}

?>[/code]

validate.php
[code]<?
require_once("conn.php");


if(isset($_POST[s1]))
{
    $q1 = "select * from re2_agents where email = '$_POST[em]' and password = '$_POST[ps]' ";
    $r1 = mysql_query($q1) or die(mysql_error());

    if(mysql_num_rows($r1) == '1')
    {
        //ok
        $a1 = mysql_fetch_array($r1);

        $_SESSION[AgentID] = $a1[AgentID];
        $_SESSION[username] = $al[username];
        $_SESSION[MaxOffers] = $a1[offers];
        $_SESSION[AccountStatus] = $a1[AccountStatus];
        $_SESSION[AccountType] = $a1[AccountType];
        $_SESSION[AccountExpireDate] = $a1[ExpDate];

        header("location:index.php");
        exit();
    }
    else
    {
        $error = "<font face=verdana color=red size=2><b>Invalid Email/Password!</b></font>";
    }

}


//get the templates
require_once("includes.php");
require_once("templates/HeaderTemplate.php");
require_once("templates/LoginTemplate.php");
require_once("templates/FooterTemplate.php");

?>[/code]

AuthTemplate.php
[code]<form method=post action="login.php" name=eform onsubmit="return CheckEmail();">
<table align=center width=300>
<caption align=center>
    <font face=verdana size=2><b>Email Confirmation</b></font><br>
    <?=$error?></caption>
<tr>
    <td align=right>Email:</td>
    <td><input type=text name=email></td>
</tr>

<tr>
    <td align=right>Phone:</td>
    <td><input type=text name=phone></td>
</tr>

<tr>
    <td align=right>First Name:</td>
    <td><input type=text name=FirstName></td>
</tr>

<tr>
    <td align=right>Last Name:</td>
    <td><input type=text name=LastName></td>
</tr>

<tr>
    <td>&nbsp;</td>
    <td><input type=submit name=sa value="Submit"></td>
</tr>

</table>
</form>

<div align="center">All entries are case sensative.</div>[/code]

LoginTemplate.php
[code]<form method=post action="validate.php" name=lform onsubmit="return CheckLogin();">
<table align=center width=300>
<caption align=center>
    <font face=verdana size=2><b>Login</b></font><br>
    <?=$error?></caption>
<tr>
    <td align=right>Email:</td>
    <td><input type=text name=em></td>
</tr>

<tr>
    <td align=right>Password:</td>
    <td><input type=password name=ps></td>
</tr>

<tr>
    <td>&nbsp;</td>
    <td><input type=submit name=s1 value="Submit"></td>
</tr>

<tr>
    <td colspan=2 style="padding-top:20" align=center><a class=BlackLink href="r1.php">New User?</a> | <a class=BlackLink href="forgot.php">Forgot your password?</a></td>
</tr>

</table>
</form>

<div align="center">All entries are case sensative.</div>[/code]

login.php
[code]<?
require_once("conn.php");


if(isset($_POST[sa]))
{

    $qp = "insert into re2_authorize set
                        EmailID = '',
                        email = '$_POST[email]',
                        phone = '$_POST[phone]',
                        FirstName = '$_POST[FirstName]',
                        LastName = '$_POST[LastName]' ";
    mysql_query($qp) or die(mysql_error());
    
    $q1 = "select * from re2_authorize where email = '$_POST[email]'";
    $r1 = mysql_query($q1) or die(mysql_error());
    
            //send an email
        $to = "agents@idealrealtyusa.com";
        $subject = "New Visitor $_POST[FirstName] $_POST[LastName]";
        $message = "$_POST[FirstName] $_POST[LastName] has visited the site.\n\nInformation:\nName: $_POST[FirstName] $_POST[LastName]\nEmail: $_POST[email]\nTelephone: $_POST[phone]\n\nHave a great day!";

        $headers = "MIME-Version: 1.0\n";
        $headers .= "Content-type: text/plain; charset=iso-8859-1\n";
        $headers .= "Content-Transfer-Encoding: 8bit\n";
        $headers .= "From: $_SERVER[HTTP_POST] <$aset[ContactEmail]>\n";
        $headers .= "X-Priority: 1\n";
        $headers .= "X-MSMail-Priority: High\n";
        $headers .= "X-Mailer: PHP/" . phpversion()."\n";

        mail($to, $subject, $message, $headers);

    if(mysql_num_rows($r1) == '1')
    {
        //ok
        $a1 = mysql_fetch_array($r1);

        $_SESSION[EmailID] = $a1[EmailID];
        $_SESSION[Email] = $a1[email];
        $_SESSION[Phone] = $a1[phone];
        $_SESSION[FirstName] = $al[FirstName];
        $_SESSION[LastName] = $al[LastName];

        header("location:validate.php");
        exit();
    }
    else
    {
        header("location:validate.php");
    }

}


//get the templates
require_once("includes.php");
require_once("templates/HeaderTemplate.php");
require_once("templates/AuthTemplate.php");
require_once("templates/FooterTemplate.php");

?>[/code]

Sample Locked Page: advanced.php
[code]<?
require_once("conn.php");

if(isset($_POST[s1]))
{
    if(!empty($_POST[cat]))
    {
        $CatInfo = explode("|", $_POST[cat]);

        $c = $CatInfo[0];
        
        if($CatInfo[1] > '0')
        {
            $s = $CatInfo[1];
        }
    }

    if(!empty($_POST[search_country]))
    {
        $search_country = $_POST[search_country];
    }

    if(!empty($_POST[search_state]))
    {
        $state = $_POST[search_state];
    }

    if(!empty($_POST[search_city]))
    {
        $search_city = $_POST[search_city];
    }

    if(!empty($_POST[search_PropertyType]))
    {
        $search_PropertyType = $_POST[search_PropertyType];
    }

    if(!empty($_POST[MinPrice]))
    {
        $min = $_POST[MinPrice];
    }

    if(!empty($_POST[MaxPrice]))
    {
        $max = $_POST[MaxPrice];
    }

    if(!empty($_POST[MinRooms]))
    {
        $rooms1 = $_POST[MinRooms];
    }

    if(!empty($_POST[MaxRooms]))
    {
        $rooms2 = $_POST[MaxRooms];
    }

    if(!empty($_POST[MinBath]))
    {
        $bath1 = $_POST[MinBath];
    }

    if(!empty($_POST[MaxBath]))
    {
        $bath2 = $_POST[MaxBath];
    }

    if(!empty($_POST[AgentID]))
    {
        $agent = $_POST[AgentID];
    }

    if(!empty($_POST[old]))
    {
        $before = $_POST[old];
    }

    if(!empty($_POST[NearSchool]))
    {
        $school = $_POST[NearSchool];
    }

    if(!empty($_POST[NearTransit]))
    {
        $transit = $_POST[NearTransit];
    }

    if(!empty($_POST[NearPark]))
    {
        $park = $_POST[NearPark];
    }

    if(!empty($_POST[OceanView]))
    {
        $ocean_view = $_POST[OceanView];
    }

    if(!empty($_POST[LakeView]))
    {
        $lake_view = $_POST[LakeView];
    }

    if(!empty($_POST[MountainView]))
    {
        $mountain_view = $_POST[MountainView];
    }

    if(!empty($_POST[OceanWaterfront]))
    {
        $ocean_waterfront = $_POST[OceanWaterfront];
    }

    if(!empty($_POST[LakeWaterfront]))
    {
        $lake_waterfront = $_POST[LakeWaterfront];
    }

    if(!empty($_POST[RiverWaterfront]))
    {
        $river_waterfront = $_POST[RiverWaterfront];
    }

    $url = "search.php?c=$c&s=$s&search_country=$_POST[search_country]&search_state=$_POST[search_state]&search_city=$_POST[search_city]&search_PropertyType=$_POST[search_PropertyType]&min=$min&max=$max&rooms1=$rooms1&rooms2=$rooms2&bath1=$bath1&bath2=$bath2&AgentID=$agent&before=$before&school=$school&transit=$transit&park=$park&ocean_view=$ocean_view&lake_view=$lake_view&mountain_view=$mountain_view&ocean_waterfront=$ocean_waterfront&lake_waterfront=$lake_waterfront&river_waterfront=$river_waterfront";

    header("location:$url");
    exit();
}

require_once("includes.php");
require_once("access.php");
/*
//create the category menu
$CategoryMenu = "<select name=cat>\n\t<option value=\"\"></option>\n\t";

$q1 = "select * from re2_categories order by CategoryName";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $CategoryMenu .= "<option value=\"$a1[CategoryID]|0\">$a1[CategoryName]</option>\n\t";

        //get the subcategories
        $q2 = "select * from re2_subcategories where CategoryID = '$a1[CategoryID]' order by SubcategoryName ";
        $r2 = mysql_query($q2) or die(mysql_error());
    
        while($a2 = mysql_fetch_array($r2))
        {
            $CategoryMenu .= "<option value=\"$a1[CategoryID]|$a2[SubcategoryID]\">$a1[CategoryName] - $a2[SubcategoryName]</option>\n\t";
        }

    }
}

$CategoryMenu .= "</select>\n";

*/
//create the state menu
$StateMenu = "<select name=search_state>\n\t<option value=\"\">All States</option>\n\t";

$q1 = "select distinct state from re2_listings order by state";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $StateMenu .= "<option value=\"$a1[state]\">$a1[state]</option>\n\t";
    }
}

$StateMenu .= "</select>\n";

//create the city menu
$CityMenu = "<select name=search_city>\n\t<option value=\"\">All Cities</option>\n\t";

$q1 = "select distinct city from re2_listings order by city";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $CityMenu .= "<option value=\"$a1[city]\">$a1[city]</option>\n\t";
    }
}

$CityMenu .= "</select>\n";


//create the country menu
$CountryMenu = "<select name=search_country>\n\t<option value=\"\">All Countries</option>\n\t";

$q1 = "select distinct country from re2_listings order by country";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $CountryMenu .= "<option value=\"$a1[country]\">$a1[country]</option>\n\t";
    }
}

$CountryMenu .= "</select>\n";

//create the PropertyType menu
$TypeMenu = "<select name=search_PropertyType>\n\t<option value=\"\">Any Type</option>\n\t";

$q1 = "select distinct PropertyType from re2_listings order by PropertyType";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $TypeMenu .= "<option value=\"$a1[PropertyType]\">$a1[PropertyType]</option>\n\t";
    }
}

$TypeMenu .= "</select>\n";


//create the Price Minimum menu
$MinPrice = "<select name=min>\n\t<option value=\"\">Minimum</option>\n\t";

$q1 = "select distinct Price from re2_listings order by Price asc";
$r1 = mysql_query($q1) or die(mysql_error());

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $prices .= "<option value=\"$a1[Price]\">$ $a1[Price]</option>\n\t";
    }
}

$MinPrice .= $prices."</select>\n";


//create the max price menu
$MaxPrice = "<select name=max>\n\t<option value=\"\">Maximum</option>\n\t";
$MaxPrice .= $prices."</select>\n";

//bedrooms
$MinBed = "<select name=MinRooms>\n\t<option value=\"\">Minimum</option>\n\t";

for($i = '1'; $i <= '20'; $i++)
{
    $bed .= "<option value=\"$i\">$i</option>\n\t";
}

$MinBed .= $bed."</select>\n";

$MaxBed = "<select name=MaxRooms>\n\t<option value=\"\">Minimum</option>\n\t";
$MaxBed .= $bed."</select>\n";

//bathrooms
$MinBath = "<select name=MinBath>\n\t<option value=\"\">Minimum</option>\n\t";

for($i = '1'; $i <= '10'; $i++)
{
    $bath .= "<option value=\"$i\">$i</option>\n\t";
}

$MinBath .= $bath."</select>\n";

$MaxBath = "<select name=MaxBath>\n\t<option value=\"\">Minimum</option>\n\t";
$MaxBath .= $bath."</select>\n";

//agents menu
$q1 = "select AgentID, FirstName, LastName from re2_agents order by FirstName, LastName";
$r1 = mysql_query($q1) or die(mysql_error());

$AgentsMenu = "<select name=AgentID>\n\t<option value=\"\">Any Agent</option>\n\t";

if(mysql_num_rows($r1) > '0')
{
    while($a1 = mysql_fetch_array($r1))
    {
        $AgentsMenu .= "<option value=\"$a1[AgentID]\">$a1[FirstName] $a1[LastName]</option>\n\t";
    }
}

$AgentsMenu .= "</select>\n";

require_once("templates/HeaderTemplate.php");
require_once("templates/AdvancedSearchTemplate.php");

if(!ereg("index.php", $_SERVER[SCRIPT_NAME]))
{
    require_once("templates/FooterTemplate.php");    
}

?>[/code][b]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.