imperialized Posted March 28, 2008 Share Posted March 28, 2008 Ok, I wrote a shoutbox script, which is viewable by visiting: http://www.imperialized.net/shoutbox/shoutbox.php What my question is, do you see any problems with the functions or the code. Also, how can I better write my next page script? I'm sure there is a better way. <?php session_start(); /** * @author David Lallone * @title Shoutbox * @copyright Imperialized.net 2008 * NOT FOR DISTROBUTIONAL PURPOSES (DO NOT USE WITHOUT PRIOR CONSENT) */ //Set Time & Date for easy display and also for use when posting a shout! date_default_timezone_set('EST'); //Connect to DB include("../sql/db_con.php"); //Check to see if the session is registered $admin = $_SESSION['admin']; //If the logout button was pressed, set session to 0 if($_POST['logout']) { $pass = $_POST['password']; $realpass = "bigmak50"; if($pass == $realpass) { $_SESSION['admin'] = 0; $admin = $_SESSION['admin']; } else { print "Wrong Password"; } } //Login button was pressed, check password then register session if($_POST['admin_login']){ $pass = $_POST['password']; $realpass = "Password Removed For Security Purposes."; if($pass == $realpass) { $_SESSION['admin'] = 1; $admin = $_SESSION['admin']; } else { Print "Wrong password, asshole."; } } //What page are we at? If none, Set $pg = 1 //Also set the $start and $end variables for the pages. $pg = $_GET['page']; if(is_numeric($pg)){ if ($pg == "") { $pg = 1; $start=0; $end=10; } if ($pg == 1){ $start=0; $end=10; } else { $start = $pg * 10 - 9; $end = $pg * 10; } } else { $pg = 1; $start=0; $end=10; } //Count our shots for page usage and display $count_shouts = "Select * from shoutbox"; $count_shouts_query = mysql_query($count_shouts); $tshouts = mysql_num_rows($count_shouts_query); //Set Date & Time $date = date("m-d-Y"); $time = date("g:i a"); //What is the page supposed to do? $action = $_GET['action']; ?> <html> <head> <link href="http://markjmcintosh.com/style.css" rel="stylesheet" type="text/css" media="screen" /> </head> <body bgcolor=#E8E8E8> <? //Ok, We want to delete a SHOUT! if($action == "delshout"){ $admin = $_SESSION['admin']; $id = $_GET['id']; if($admin =! 1) { print "You are not an admin..idiot"; exit; } if($id == "") { print "No shout was selected..idiot"; exit; } $del = "DELETE from shoutbox where id='$id'"; $del_query = mysql_query($del); if(!$del_query) { print "delete failed, sorry!"; } else { print " <SCRIPT LANGUAGE=\"JavaScript\"> window.location=\"shoutbox.php\"; </script>"; } } // SEE IF WE HAVE SET THE COOKIE YET! $name = ""; $website = "http://"; if($_POST['post_shout']){ $ip=$_SERVER['REMOTE_ADDR']; $name = mysql_real_escape_string(htmlspecialchars($_POST['name'])); $website = mysql_real_escape_string(htmlspecialchars($_POST['website'])); $shout = mysql_real_escape_string(htmlspecialchars($_POST['shout'])); $errormsg = ""; if (empty($name)) $errormsg .= "Name is Empty<br>"; if (empty($shout)) $errormsg .= "Shout is empty!"; if($errormsg != "") { echo $errormsg; exit; } else { $add_shout = mysql_query("INSERT INTO `shoutbox` (`name`,`website`,`shout`,`date`,`time`,`ip`) VALUES ('$name','$website','$shout','$date','$time','$ip')"); if(!$add_shout) { print "Failed to add shout!"; exit; } else { print " <SCRIPT LANGUAGE=\"JavaScript\"> window.location=\"shoutbox.php\"; </script> "; } } } // ADMIN LOGIN WAS CLICKED >> DISPLAY PASSWORD FORM if($action == "login"){ ?> <table border=1 cellspacing=0 cellpadding=2 bgcolor=#ffffff width=425 height=200 align=center> <tr> <td width=160 valign=top> <font size=1 color=#cccccc><?php print "$date : $time"; ?></font> <?php print " <form name=\"shoutbox\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\"> <font size=\"1\">Name:</font><br> <input name=\"name\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" size=\"20\" maxlength=\"15\"> <font size=1>Website:</font><br> <input name=\"website\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" size=\"20\" maxlength=\"45\" value=\"http://\"> <font size=1>Shout:</font>"; ?> <a href="shoutbox.php?action=smile" target=_self><font size=1>(smilies)</font></a><br> <?php print " <input name=\"shout\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" maxlength=100 size=20><br> <center><input type=submit name=\"post_shout\" style=\"color: #000000; border: 1; border-color: #000000; background-color: #cccccc; font-size: 8pt; height: 17px; width=50px;\" value=\"::Shout\"> </form> "; ?> </td> <td valign=center width=265> <? print " <form name=\"admin_form\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\"> <input type=\"password\" name=\"password\" STYLE=\"color: #000000; font-family: arial; font-size: 10px; background-color: #cccccc; border: 1px;\" size=\"20\" maxlength=\"10\"><br> <input type=submit name=\"admin_login\" style=\"color: #000000; border: 1px; border-color: #000000; background-color: #cccccc; font-size: 8pt; height: 17px; width=75px;\" value=\"Verify Me!\"> | <input type=submit name=\"logout\" style=\"color: #000000; border: 1px; border-color: #000000; background-color: #cccccc; font-size: 8pt; height: 17px; width=75px;\" value=\"Logout\"> "; exit; } // SMILE LINK WAS CLICKED >> DONT DISPLAY SHOUTBOX INSTEAD SHOW THE SMILIES TABLE! if($action == "smile"){ ?> <table border=1 cellspacing=0 cellpadding=2 bgcolor=#ffffff width=425 height=200 align=center> <tr> <td width=160 valign=top> <center><font size=1 color=#cccccc><?php print "$date : $time"; ?> </center></font> <?php print " <form name=\"shoutbox\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\"> <font size=\"1\">Name:</font><br> <input name=\"name\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" size=\"20\" maxlength=\"15\" value=\"$name\"> <font size=1>Website:</font><br> <input name=\"website\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" size=\"20\" maxlength=\"45\" value=\"$website\"> <font size=1>Shout:</font>"; ?> <a href="shoutbox.php?action=smile" target=_self><font size=1>(smilies)</font></a><br> <?php print " <input name=\"shout\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" maxlength=100 size=20><br> <center><input type=submit name=\"post_shout\" style=\"color: #000000; border: 1; border-color: #000000; background-color: #cccccc; font-size: 10pt; font-weight: bold; height: 17px; width=50px;\" value=\"::Shout\"> </form> <br><br> <a href=shoutbox.php?action=login><img src=spacer.gif width=50 height=50 border=0></a> "; ?> </td> <td valign=top width=265> <?php // Load the Emoticons & Then display them in a table. $smilies = file("emotes_faces.txt"); $smiliesp = file("emotes_pics_add_news.txt"); $csmile=count($smilies); $row = 1; echo "<div width='95%'><table width='100%' valign='top' cellpadding='2' cellspacing='0'><tr><td width='100%' align='center' bgcolor=#000000 border=1 colspan=5><font color=#ffffff size=1>Click the smiley to add it to your post</td></tr><tr>"; //This is the Similey Table for($x=1;$x<count($smilies);$x++) { $trim = htmlspecialchars(trim($smilies[$x]),ENT_QUOTES); if($row == 6){ print "</tr><tr>"; $row = 1; } echo "<td align='left' onclick=\"document.forms['shoutbox'].elements['shout'].value+='$trim'\"><img src=\"emoticons/$smiliesp[$x]\" alt=\"$trim\"></td>"; $row++; } print "</tr>"; echo "</table></div>"; print "<center><font size=1><a href=\"shoutbox.php\">Back to Shouts</a></font></center>"; ?> </td> </tr> </table> <? die(); } ?> <!-- DEFAULT DISPLAY --> <table border=1 cellspacing=0 cellpadding=2 bgcolor=#ffffff width=425 height=200 align=center> <tr> <td width=160 valign=top> <font size=1 color=#cccccc><?php print "$date : $time"; ?></font> <?php print " <form name=\"shoutbox\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\"> <font size=\"1\">Name:</font><br> <input name=\"name\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" size=\"20\" maxlength=\"15\"> <font size=1>Website:</font><br> <input name=\"website\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" size=\"20\" maxlength=\"45\" value=\"http://\"> <font size=1>Shout:</font>"; ?> <a href="shoutbox.php?action=smile" target=_self><font size=1>(smilies)</font></a><br> <?php print " <input name=\"shout\" type=\"text\" STYLE=\"color: #000000; font-family: arial; font-size: 11px; background-color: #cccccc; border: 1px;\" maxlength=100 size=20><br> <center><input type=submit name=\"post_shout\" style=\"color: #000000; border: 1; border-color: #000000; background-color: #cccccc; font-size: 10pt; font-weight: bold; height: 17px; width=50px;\" value=\"::Shout\"> </form><br><br> <a href=shoutbox.php?action=login><img src=spacer.gif width=50 height=50 border=0></a> "; ?> </td> <td valign=top width=265> <table width=100% valign=top border=0 cellspacing=0 cellpadding=0> <tr bgcolor=#cccccc><td><center><font size=1 color=#ffffff><a href=shoutbox.php?page=1>Total Shouts: <?php echo $tshouts; ?></a></font></center></td></tr> <?php $getshouts = "SELECT * FROM shoutbox ORDER BY id DESC LIMIT $start, $end"; $getshouts_query = mysql_query($getshouts); $xrow = 0; ?> <?php while($x = mysql_fetch_array($getshouts_query)){ $id = $x['id']; $name = $x['name']; $website = $x['website']; $shout = $x['shout']; $date = $x['date']; $time = $x['time']; // Add Smilies! $bbcode = file("emotes_faces.txt", FILE_IGNORE_NEW_LINES); $bbreplacements = file("emotes_pics.txt", FILE_IGNORE_NEW_LINES); $shout = str_replace($bbcode, $bbreplacements, $shout); //Remove Slashes $shout = stripslashes($shout); if($xrow == 0){ if($admin == 1) { print "<tr bgcolor=#ffffff><td><font size=2>[<a href=shoutbox.php?id=$id&action=delshout&admin=1>X</a>]</font><a href=\"$website\" target=\"_blank\" alt=\"Posted on $date at $time\" title=\"Posted on $date at $time\"><font size=2><b>$name</b></a>: $shout</font></td></tr>"; $xrow++; } else { print "<tr bgcolor=#ffffff><td><a href=\"$website\" target=\"_blank\" alt=\"Posted on $date at $time\" title=\"Posted on $date at $time\"><font size=2><b>$name</b></a>: $shout</font></td></tr>"; $xrow++; } } else { if($admin == 1){ print "<tr bgcolor=#cccccc><td><font size=2>[<a href=shoutbox.php?id=$id&action=delshout&admin=1>X</a>]</font><a href=\"$website\" target=\"_blank\" alt=\"Posted on $date at $time\" title=\"Posted on $date at $time\"><font size=2><b>$name</b></a>: $shout</font></td></tr>"; $xrow = 0; } else { print "<tr bgcolor=#cccccc><td><a href=\"$website\" target=\"_blank\" alt=\"Posted on $date at $time\" title=\"Posted on $date at $time\"><font size=2><b>$name</b></a>: $shout</font></td></tr>"; $xrow = 0; } } } if($pg == 1){ if($tshouts > 10){ print "<tr bgcolor=#ffffff><td><center><font size=1 color=#ffffff><a href=shoutbox.php?page=2> Next Page (2) </a></font></center></td></tr>"; } } if($pg != 1){ $prev = $pg - 1; $next = $pg + 1; if($tshouts > $end){ print "<br> <tr bgcolor=#cccccc><td><center><font size=1 color=#ffffff><a href=shoutbox.php?page=$prev> Previous ($prev)</a> | <a href=shoutbox.php?page=$next> Next Page ($next) </a></font></center></td></tr> "; } else { print "<tr bgcolor=#cccccc><td><center><font size=1 color=#ffffff><a href=shoutbox.php?page=$prev> Previous ($prev)</a></font></center></td></tr>"; } } print "</table>"; ?> </td> </tr> </table> Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/ Share on other sites More sharing options...
john010117 Posted March 28, 2008 Share Posted March 28, 2008 Use AJAX, for one. Nobody wants to reload the entire page just to make a shout. Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-503659 Share on other sites More sharing options...
imperialized Posted March 29, 2008 Author Share Posted March 29, 2008 Perhaps provide an example or further explain? I know AJAX can be used for pop up windows, but I don't know much about it. Could you please elaborate? Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-503728 Share on other sites More sharing options...
Demonic Posted March 29, 2008 Share Posted March 29, 2008 looks decent, lil sloppy though. Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-503742 Share on other sites More sharing options...
Coreye Posted March 29, 2008 Share Posted March 29, 2008 Agree with the using of ajax... You can also send blank comments and blank usernames. Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-503807 Share on other sites More sharing options...
imdead Posted March 29, 2008 Share Posted March 29, 2008 Chmod > http://www.imperialized.net/shoutbox/ Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-503848 Share on other sites More sharing options...
imperialized Posted March 29, 2008 Author Share Posted March 29, 2008 CHMOD, done. Anyways, you all were talking about this AJAX... I've googled it but am having some trouble understanding it. Could anyone point me in the right direction? /edit: nevermind, I did not realize there was an AJAX forum here. // Does my Next Page & Previous Page code look ok? It looks so boggled and suggestions? Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-504044 Share on other sites More sharing options...
helraizer Posted March 29, 2008 Share Posted March 29, 2008 Back to the Beta Testing side of things, there is a big security flaw (XSS). You haven't protected any of your variabless so people can use executable scripts in the message field. Which could be potentially dangerous. Sam Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-504319 Share on other sites More sharing options...
imperialized Posted March 30, 2008 Author Share Posted March 30, 2008 Weird... for some reason even with htmlspecialchars( it is still printing the <font> and <marquee> erm.. Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-504473 Share on other sites More sharing options...
imperialized Posted March 30, 2008 Author Share Posted March 30, 2008 //couldn't edit my last post for some reason. I got the shoutbox XSS fixed, I think for some reason my code wasnt parsing the htmlspecialchars.. but this issue is resolved Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-504522 Share on other sites More sharing options...
helraizer Posted March 30, 2008 Share Posted March 30, 2008 Full path disclosure http://www.imperialized.net/shoutbox/shoutbox.php?page=1.275 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/imperial/public_html/shoutbox/shoutbox.php on line 283 Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-504600 Share on other sites More sharing options...
imperialized Posted March 31, 2008 Author Share Posted March 31, 2008 Fixed. Changed is_numeric to is_int Problem should be resolved Link to comment https://forums.phpfreaks.com/topic/98365-shoutbox/#findComment-505273 Share on other sites More sharing options...
Recommended Posts