redarrow Posted March 14, 2008 Share Posted March 14, 2008 This script is a one page database gotcha for login arth can anyone add any more secuity to it please......... please try before re coding cheers.... datababse create database test; create table gotcha(id int not null primary_key auto_increment, number varchar(100) not null, date int not null); <?php session_start(); // start session..... // datbase connection.......... $db=mysql_connect("localhost","username","password"); $db_result=mysql_select_db("captcha",$db); // make sure there a database connection if(!$db_result){ echo "DATABASE CONNECTION PROBLAM"; die; } // post number randomly $number=mysql_real_escape_string($_POST['number']); // make number round. $number=rand(000000,999999); // if a number isset........ if(isset($number)){ // post date with database protection......... $date=mysql_real_escape_string($_POST['date']); // date as timestamp $date=time(); // md5 number $numbers=MD5($number); // insert number and date $query="INSERT INTO sec (number,date) values('$numbers',$date)"; $result=mysql_query($query)or die(mysql_error()); } // if post submit from form.... if($_POST['submit']){ // post num as md5 $num=MD5($_POST['num']); // select num from database....... $query2="SELECT * FROM sec WHERE number='$num'"; $result2=mysql_query($query2)or die (mysql_error()); // if there is a result of 1 if(mysql_num_rows($result2)==1){ //send them to google if there number is correct.... $v=header("location: http://www.google.com"); // delete num from database. $delete1="DELETE from sec WHERE number='$num'"; $delete_result1=mysql_query($delete1) or die (mysql_error()); // unset a session cmd unset($_SESSION['cmd']); }else{ // delete everthink from databse if the number is wrong........ $delete2="DELETE from sec"; $delete_result2=mysql_query($delete2) or die (mysql_error()); // send them back to the same page......... header("location: http://simpleforum.ath.cx/gotcha.php"); // set session cmd $_SESSION['cmd']="Wrong secuity number try agin please......"; } } // if cmd if($_SESSION['cmd']){ // echo cmd....... echo $_SESSION['cmd']; } // echo v ........ echo $v; ?> <form method="POST" action=" "> <br></br> <?php echo $number; ?> <br><br> Secuity number please..... <br><br> <input type="text" name="num"> <br><br> <input type="submit" name="submit" value="Submit Form"> </form> Quote Link to comment https://forums.phpfreaks.com/topic/96194-database-gotcha-new-code-any-inprovements-welcome/ Share on other sites More sharing options...
Psycho Posted March 14, 2008 Share Posted March 14, 2008 I see problems right at the beginning and stopped looking through the rest of the code. <?php // post number randomly $number=mysql_real_escape_string($_POST['number']); // make number round. $number=rand(000000,999999); // if a number isset........ if(isset($number)){ ?> That makes no sense. The code first sets $number based upon $_POST['number'] Then regardless if there is any value or not it is reset to rand(000000,999999) Then there is this IF statement if(isset($number)) But that will ALWAYS be true duve to the random number assigned in the previous step. Seems to be some logic problems here. Quote Link to comment https://forums.phpfreaks.com/topic/96194-database-gotcha-new-code-any-inprovements-welcome/#findComment-492428 Share on other sites More sharing options...
redarrow Posted March 14, 2008 Author Share Posted March 14, 2008 The code flow is correct becouse number needs posting and the if is there for code flow what you on about......... the code works fine need more secuity m8........ Quote Link to comment https://forums.phpfreaks.com/topic/96194-database-gotcha-new-code-any-inprovements-welcome/#findComment-492434 Share on other sites More sharing options...
redarrow Posted March 14, 2008 Author Share Posted March 14, 2008 the first post for number is for the form not md5 ok Quote Link to comment https://forums.phpfreaks.com/topic/96194-database-gotcha-new-code-any-inprovements-welcome/#findComment-492436 Share on other sites More sharing options...
Psycho Posted March 14, 2008 Share Posted March 14, 2008 the first post for number is for the form not md5 ok But, the value gets overwritten on the very next line of code. So, the line $number=mysql_real_escape_string($_POST['number']); is of no use. Quote Link to comment https://forums.phpfreaks.com/topic/96194-database-gotcha-new-code-any-inprovements-welcome/#findComment-492452 Share on other sites More sharing options...
redarrow Posted March 14, 2008 Author Share Posted March 14, 2008 agree deleted cheers going mad lol........... anythink elese mate............. Quote Link to comment https://forums.phpfreaks.com/topic/96194-database-gotcha-new-code-any-inprovements-welcome/#findComment-492457 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.