Jump to content

Security problems?

darkfreaks

By darkfreaks
in PHP Coding Help

 Share

Recommended Posts

darkfreaks Advanced Member

darkfreaks

Posted
Posted

my signup form and class willl let people signup without verification. and allows blank usernames. anyone know why and how to fix?

 

registerform.php:

 

<?php
/* DO NOT REMOVE */
if (!defined('QUADODO_IN_SYSTEM')) {
exit;
}
/*****************/
?>
<fieldset>
<legend>
	<?php echo REGISTER_LABEL; ?>
</legend>
<form action="register.php<?php if (isset($_GET['code']))) { ?>?code=<?php echo htmlentities($_GET['code']); } ?>" method="post">
	<input type="hidden" name="process" value="true" />
	<input type="hidden" name="random_id" value="<?php echo $random_id; ?>" />
                <input type="hidden" name="ip" value="<?php echo $ip; ?>">
	<table>
		<tr>
			<td>
				<?php echo USERNAME_LABEL; ?>

			</td>
			<td>
				<input type="text" name="username" maxlength="<?php echo $qls->config['max_username']; ?>" />

<?php
$username= $_GET['username'];
if(empty($username)){ echo "Please Insert a Username!";}
?>

			</td>
		</tr>
		<tr>
			<td>
				<?php echo PASSWORD_LABEL; ?>

			</td>
			<td>
				<input type="password" name="password" maxlength="<?php echo $qls->config['max_password']; ?>" />
			</td>
		</tr>
		<tr>
			<td>
				<?php echo PASSWORD_CONFIRM_LABEL; ?>

			</td>
			<td>
				<input type="password" name="password_c" maxlength="<?php echo $qls->config['max_password']; ?>" />
<?php 
$password= $_GET['password'];

if(empty($password)){ echo "Please Insert a Password!";}
?>
			</td>
		</tr>
		<tr>
			<td>
				<?php echo EMAIL_LABEL; ?>

			</td>
			<td>
				<input type="text" name="email" maxlength="100" />
                                        <?php  $email= $_GET['email'];

if(empty($email)){ echo "Please Insert an email!";} ?>
			</td>
		</tr>
		<tr>
			<td>
				<?php echo EMAIL_CONFIRM_LABEL; ?>

			</td>
			<td>
				<input type="text" name="email_c" maxlength="100" />                                     <?php 
$emailconfirm=$_GET['email_c'];
if(empty($emailconfirm)){ echo "Please Insert an email!";} ?>
			</td>
		</tr>
<?php
/* START SECURITY IMAGE */
if ($qls->config['security_image'] == 'yes') {
?>
		<tr>
			<td colspan="2" align="center">
				<img src="security_image.php?id=<?php echo $random_id; ?>" border="0" alt="Security Image" />
			</td>
		</tr>
		<tr>
			<td>
				<?php echo SECURITY_CODE_LABEL; ?>
			</td>
			<td>
				<input type="text" name="security_code" maxlength="8" />
			</td>
		</tr>
<?php
}
/* END SECURITY IMAGE */
?>
		<tr>
			<td>
				 
			</td>
			<td>
				<input type="submit" value="<?php echo REGISTER_SUBMIT_LABEL; ?>" />
			</td>
		</tr>
	</table>
</form>
By Clicking on Submit you agree to <a href="therules.php">The Rules</a> of this site<br>
Your IP has also been recorded
</fieldset>

 

register.php:

<?php
define('QUADODO_IN_SYSTEM', true);
require_once('includes/header2.php');
$qls->Security->check_auth_registration();
?>



<?php
/*** *** *** *** *** ***
* @package Quadodo Login Script
* @file    register.php
* @start   July 25th, 2007
* @author  Douglas Rennehan
* @license http://www.opensource.org/licenses/gpl-license.php
* @version 1.0.1
* @link    http://webhelp.pcriot.com
*** *** *** *** *** ***
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*** *** *** *** *** ***
* Comments are always before the code they are commenting.
*** *** *** *** *** ***/

// Is the user logged in already?
if ($qls->user_info['username'] == '') {
if (isset($_POST['process'])) {
	// Try to register the user
	if ($qls->User->register_user()) {
		switch ($qls->config['activation_type']) {
			default:
			echo REGISTER_SUCCESS_NO_ACTIVATION;
			break;
			case 1:
			echo REGISTER_SUCCESS_USER_ACTIVATION;
			break;
			case 2:
			echo REGISTER_SUCCESS_ADMIN_ACTIVATION;
			break;
		}
	}
	else {
	// Output register error
	echo $qls->User->register_error . REGISTER_TRY_AGAIN;
	}
}
else {
// Get the random id for use in the form
$random_id = $qls->Security->generate_random_id();
require_once('html/register_form.php');
}
}
else {
echo REGISTER_ALREADY_LOGGED;
}
?>

 

Security.php (check_auth function):

 

function check_auth_registration() {
	if ($this->qls->config['auth_registration'] == 0) {
	// See if the code is set
	$code = (isset($_GET['code']) && strlen($_GET['code']) == 40 && preg_match('/^[a-fA-F0-9]{40}$/', $_GET['code'])) ? $this->make_safe($_GET['code']) : false;
	$result = $this->qls->SQL->query("SELECT `used` FROM `{$this->qls->config['sql_prefix']}invitations` WHERE `code`='{$code}'");
	$row = $this->qls->SQL->fetch_array($result);
		if ($row['used'] == 1 || $row['used'] == '') {
		die(REGISTER_CODE_INVALID);
		}
	}
}

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
  • Author
Posted

also i pulled more code from classusers.php

 

<?php
function check_password_code() {
$code = $this->qls->Security->make_safe($_GET['code']);
$result = $this->qls->SQL->select('*',
	'password_requests',
	array('code' =>
		array(
			'=',
			$code
		)
	)
);
$row = $this->qls->SQL->fetch_array($result);
	if ($row['id'] != '' && $row['used'] != 1) {
	return true;
	}
	else {
	return false;
	}
}
?>

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
  • Author
Posted

sorry this is the right user class function not the password one:

 

function check_activated_accounts() {
$groups_result = $this->qls->SQL->query("SELECT * FROM `{$this->qls->config['sql_prefix']}groups` WHERE `expiration_date`<>0");
	// Get the groups and put them into a variable
	while ($groups_row = $this->qls->SQL->fetch_array($groups_result)) {
	// Find the amount of seconds the admin entered
	$in_seconds = time() - ($groups_row['expiration_date'] * 86400);
	$users_result = $this->qls->SQL->query("SELECT * FROM `{$this->qls->config['sql_prefix']}users` WHERE `group_id`={$groups_row['id']} AND `activation_time`<{$in_seconds} AND `active`='yes'");
		while ($users_row = $this->qls->SQL->fetch_array($users_result)) {
		// Un-activate them
		$this->qls->SQL->update('users',
			array(
				'active' => 'no'
			),
			array('id' =>
				array(
					'=',
					$users_row['id']
				)
			)
		);
		}
	}
}

/**
 * Checks the password code via the GET method
 * @return true if valid false if not
 */
function check_password_code() {
$code = $this->qls->Security->make_safe($_GET['code']);
$result = $this->qls->SQL->select('*',
	'password_requests',
	array('code' =>
		array(
			'=',
			$code
		)
	)
);
$row = $this->qls->SQL->fetch_array($result);
	if ($row['id'] != '' && $row['used'] != 1) {
	return true;
	}
	else {
	return false;
	}
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.