Jump to content

Recommended Posts

This script is a one page database gotcha for login arth

 

can anyone add any more secuity to it please.........

 

please try before re coding cheers....

 

datababse

create database test;
create table gotcha(id int not null primary_key auto_increment,
                            number varchar(100) not null,
                            date int not null);

 

<?php session_start(); // start session.....


// datbase connection..........

$db=mysql_connect("localhost","username","password");
$db_result=mysql_select_db("captcha",$db);

// make sure there a database connection

if(!$db_result){

echo "DATABASE CONNECTION PROBLAM";

die;
}


// post number randomly

$number=mysql_real_escape_string($_POST['number']);


// make number round.

$number=rand(000000,999999);	


// if a number isset........

if(isset($number)){


// post date with database protection.........

$date=mysql_real_escape_string($_POST['date']);	


// date as timestamp 

$date=time();	

// md5 number 

$numbers=MD5($number);

// insert number and date

$query="INSERT INTO sec (number,date) values('$numbers',$date)";
$result=mysql_query($query)or die(mysql_error());	

}

// if post submit from form....

if($_POST['submit']){

// post num as md5

$num=MD5($_POST['num']);

// select num from database.......

$query2="SELECT * FROM sec WHERE number='$num'";

$result2=mysql_query($query2)or die (mysql_error());

// if there is a result of 1

if(mysql_num_rows($result2)==1){


//send them to google if there number is correct....

$v=header("location: http://www.google.com");


// delete num from database.

$delete1="DELETE from sec WHERE number='$num'";

$delete_result1=mysql_query($delete1) or die (mysql_error());


// unset a session cmd

unset($_SESSION['cmd']);


}else{

// delete everthink from databse if the number is wrong........

$delete2="DELETE from sec";

$delete_result2=mysql_query($delete2) or die (mysql_error());


// send them back to the same page.........

header("location: http://simpleforum.ath.cx/gotcha.php");   

// set session cmd

$_SESSION['cmd']="Wrong secuity number try agin please......";

}
}

// if cmd

if($_SESSION['cmd']){

// echo cmd.......

echo $_SESSION['cmd'];
}

// echo v ........

echo $v;

?>

<form method="POST" action=" ">

<br></br>

<?php echo $number; ?>

<br><br>

Secuity number please.....

<br><br>

<input type="text" name="num">

<br><br>

<input  type="submit" name="submit" value="Submit Form">

</form>

 

I see problems right at the beginning and stopped looking through the rest of the code.

<?php
// post number randomly

$number=mysql_real_escape_string($_POST['number']);


// make number round.

$number=rand(000000,999999);	


// if a number isset........

if(isset($number)){

?>

 

That makes no sense. The code first sets $number based upon $_POST['number']

 

Then regardless if there is any value or not it is reset to rand(000000,999999)

 

Then there is this IF statement if(isset($number))

 

But that will ALWAYS be true duve to the random number assigned in the previous step. Seems to be some logic problems here.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.