|
PHP - Please Help Me Check This Code If It Safe From Hackers Or Spammers
Good day friends, please i am still an upcoming developer please could you help me check if this contact form code is secured from hackers. Thanks
<?php Similar TutorialsCode: [Select] if ($ibforums->input['display1'] == "1"){ // }else{ $std->Error2("You're being Nawty!"); } Ok, this works fine. If they submit anything other then "1" for that input it shows "you're being nawty" but I want it to beable to be anything besides 1 or 0 so I added Code: [Select] if ($ibforums->input['display1'] == "0" OR "1"){ // }else{ $std->Error2("You're being Nawty!"); } and it still let's me submit anything...... i only want my $ibforums->input['display1'] to accept 1 or 0 as a input!!!! I don't want any hackers submitting other input values for this field! any help?! I wasn't sure where to post this so I apologize if this is the wrong forum. I have a php page with over 50 numerical inputs on a form. A lot of the inputs are used to get data out of the mysql database so I want to be safe from sql injection. Is it safe to use a javascript onsubmit function that will not allow the form to be submitted if there is any non numeric data entered by the user? I've already written the function & it works fine but I'm not sure how much protection it gives me. Any feedback welcome. Hi guys, I have been using the same code for years now to include my default page and pull content into my layouts.
I found the code online and its a bit confusing so was just wondering if its still safe to use, and is it all needed nowadays?
or is there a simpler way i could be doing this?
Thanks for any help
<?php
if (isset($_GET['nav']))
{
if (strpos($_GET['nav'], "/"))
{
$direc = substr(str_replace('..', '', $_GET['nav']), 0, strpos($_GET['nav'], "/")) . "/";
$file = substr(strrchr($_GET['nav'], "/"), 1);
if (file_exists($direc.$file.".php"))
{
require($direc.$file.".php");
} else {
require("error.php");
}
} else {
if (file_exists(basename($_GET['nav']).".php"))
{
require(basename($_GET['nav']).".php");
} else {
require("error.php");
}
}
} else {
require("links.php");
}
?>
is this select query code safe from injection?
try {
$stmt = $db->prepare("SELECT * FROM posts WHERE key=$key");
$stmt->execute();
$row = $stmt->fetch();
}
notice there is no bind.
$stmt->bindParam(':key', $key);
the reason i am asking is that i have many $key variable in the query and i do not know how to use bind in a query such as this...
SELECT count(*) FROM posts WHERE MATCH (file) AGAINST
('$key' IN BOOLEAN MODE) OR MATCH (user) AGAINST ('$key' IN BOOLEAN MODE)
the $key is not an array and the $key does not change it's value.
Edited by kalster, 04 January 2015 - 05:52 PM. Hi all I was recently contacted by a friend who is having SPAM issues, basically someone has managed to upload tons of crap files and also inserted eval(base64_decode("ZXJyb3Jfcm..... about 10 times into every PHP page on the server, and doing a search reveals 1001 instances of this eval(base64_decode("ZXJyb3Jfcm..... code. How could this have happened and what measures do we need to take to prevent this? Hi, Just received this email from a random person saying they were able to obtain the username and password for the site admin page from the MySql Database: [07:33:33] [INFO] testing if GET parameter 'id' is dynamic [07:33:34] [INFO] confirming that GET parameter 'id' is dynamic [07:33:35] [INFO] GET parameter 'id' is dynamic [07:33:35] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis [07:33:35] [INFO] testing unescaped numeric injection on GET parameter 'id' [07:33:37] [INFO] confirming unescaped numeric injection on GET parameter 'id' [07:33:37] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis [07:33:37] [INFO] testing for parenthesis on injectable parameter [07:33:40] [INFO] the injectable parameter requires 0 parenthesis [07:33:40] [INFO] testing MySQL [07:33:41] [INFO] confirming MySQL [07:33:41] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1 [07:33:41] [INFO] retrieved: 0 [07:33:51] [INFO] performed 13 queries in 9 seconds [07:33:51] [INFO] the back-end DBMS is MySQL web server operating system: Linux Red Hat web application technology: PHP 5.2.11, Apache 2.2.3 back-end DBMS: MySQL >= 5.0.0 +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + | admin | email | firstname | lastname | password | userid | username | +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + | 1 | blah | blah | blah | blah | 1 | blah | +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + blah MD5 : blah -- I've changed all the details to 'blah' for the purpose of this post. Does anyone know how I can secure my PHP to stock this injection? Thanks, Jack Hi, I need to insert some code into my current form code which will check to see if a username exist and if so will display an echo message. If it does not exist will post the form (assuming everything else is filled in correctly). I have tried some code in a few places but it doesn't work correctly as I get the username message exist no matter what. I think I am inserting the code into the wrong area, so need assistance as to how to incorporate the username check code. $sql="select * from Profile where username = '$username'; $result = mysql_query( $sql, $conn ) or die( "ERR: SQL 1" ); if(mysql_num_rows($result)!=0) { process form } else { echo "That username already exist!"; } the current code of the form <?PHP //session_start(); require_once "formvalidator.php"; $show_form=true; if (!isset($_POST['Submit'])) { $human_number1 = rand(1, 12); $human_number2 = rand(1, 38); $human_answer = $human_number1 + $human_number2; $_SESSION['check_answer'] = $human_answer; } if(isset($_POST['Submit'])) { if (!isset($_SESSION['check_answer'])) { echo "<p>Error: Answer session not set</p>"; } if($_POST['math'] != $_SESSION['check_answer']) { echo "<p>You did not pass the human check.</p>"; exit(); } $validator = new FormValidator(); $validator->addValidation("FirstName","req","Please fill in FirstName"); $validator->addValidation("LastName","req","Please fill in LastName"); $validator->addValidation("UserName","req","Please fill in UserName"); $validator->addValidation("Password","req","Please fill in a Password"); $validator->addValidation("Password2","req","Please re-enter your password"); $validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("email","req","Please fill in Email"); $validator->addValidation("Zip","req","Please fill in your Zip Code"); $validator->addValidation("Security","req","Please fill in your Security Question"); $validator->addValidation("Security2","req","Please fill in your Security Answer"); if($validator->ValidateForm()) { $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("beatthis_beatthis") or die(mysql_error()); $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file $Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } else{ mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body); echo "<h3>Your profile information has been submitted successfully.</h3>"; } mysql_close($con); $show_form=false; } else { echo "<h3 class='ErrorTitle'>Validation Errors:</h3>"; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { echo "<p class='errors'>$inpname : $inp_err</p>\n"; } } } if(true == $show_form) { ?> I am new to PHP. I developed this class, I wonder if there's anything wrong or that I can improve. I could not test it because I'm in school. Thanks in advance. Code: [Select] <? class user { var $userID, $schoolID, $userName, $userPass, $dbHost, $dbUser, $dbName, $dbPass, $dbUserTable; $dbSchoolTable; function dbInfo() { $this->dbHost = 'localhost'; $this->dbUser = ''; $this->dbName = ''; $this->dbPass = ''; $this->dbUserTable = ''; $this->dbSchoolTable = ''; } function registerUser($userName, $userPass) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "INSERT INTO $this->dbUserTable VALUES (NULL, \"$userName\", \"$userPass\")"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $this->userID = mysql_insert_id(); } mysql_close($dbLink); $this->userName = $userName; $this->userPass = $userPass; } function registerSchool($schoolName) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "INSERT INTO $this->dbSchoolTable VALUES (NULL, \"$schoolName\")"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $this->schoolID = mysql_insert_id(); } mysql_close($dbLink); $this->schoolName = $schoolName; } function userLogin() { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "SELECT * FROM $this->dbUserTable WHERE userName = \"$this->userName\" AND userPass = \"$this->userPass\" LIMIT 1"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { while($row = mysql_fetch_array($result)) { session_start(); $_SESSION['userID'] = $row['userID']; session_write_close(); } } mysql_close($dbLink); } function changePass($newPass) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "SELECT * FROM $this->dbUserTable WHERE userName = \"$this->userName\" LIMIT 1"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $query = "UPDATE $this->dbUserTable SET userPass = \"$newPass\" WHERE userName = \"$this->userName\""; $result = mysql_query($query); if(!$result) { echo "Fail"; } else { $this->userPass = $newPass; } } mysql_close($dbLink); } } ?> basically this is a search function <form method="post" action="test1.php"> <input type = "hidden" name="submitted" value ="true" /> <label>TYPE: <select name="field"> <option value = "sid">StudentID</option> <option value = "sname">StudentName</option> </select> </label> <label>WORD: <input type="text" name="searchword" /> </label> <input type="submit" /> </form> ------------- <?php if (isset($_POST['submitted'])){ $con = mysql_connect("localhost","root",""); mysql_select_db("uni", $con); $field= $_POST['field']; $searchword = $_POST['searchword']; $query = "SELECT* FROM student WHERE $field = '$searchword'"; $result = mysqli_query($con,$query) or die ('error data'); //-----------> error line echo"<table>"; echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; while($row = mysqli_fetch_array($result)){ echo "<tr><td>"; echo "$row ['sid']"; echo "</td><td>"; echo "$row ['sname']"; echo "</td></tr>"; } echo"</table>"; } mysql_close($con); ?> NB: the error message "Warning: mysqli_query() expects parameter 1 to be mysqli, resource given in C:\wamp\www\test1.php on line 21 error data" will this code check if value is null Code: [Select] if($_SESSION["cart"] != null) Can someone advise me how to check for malicious PHP code? If I download a script from somewhere, how can I make sure it's not malicious? If bad, maybe it could delete files?? Or send spam? Or EVEN 'send home' code - so that they can track your usage - OK if I consent - not OK if haven't consented and they're doing it sneakily! Sending spam has been a problem when installing Joomla plugins Are there specific commands I should watch out for in PHP scripts? Like send mail or something? I'm sure the baddies would be clever and maybe use IP numbers to send out to instead of domain names? Is there a PHP code checker online? Something that tells you what your PHP script does? Simple things: like tell you if it sends out mail or makes contact outside or deletes files This would be great - it would save a lot of time going through hundreds/thousands of lines of code Thanks OM can someone check if what the problem with my code Code: [Select] $avatar2 = mysql_query("SELECT `users`.`imagelocation' FROM `users` `forum_replies` WHERE `users`.`id`= `forum_replies`.`uid`")or die(mysql_error()); try { $sql = "SELECT StudentID,CourseID FROM student,course WHERE StudentID =" . $_POST['sid'] AND CourseID =".$_POST['cid'] ; //-----> error line $query = mysql_query($sql) or trigger_error('MySQL error: ' . mysql_error()); if (mysql_num_rows($query) > 0) { throw new Exception('StudentID already taken'); } } NB: basicaly im inserting data into a table from another two table field. This is what I have for the form (in short version) along with the text area and submit button. The form shows up OK on the Internet http://www.lakegenevapieco.com/test_product_list.php The problem is when I fill it out & submit it doesn't do two things: 1) It doesn't E-Mail me the information 2) It doesn't say, Thank you for using our mail form. It actually says page not available. Here is the code: <html> <head> <meta http-equiv="Content-Language" content="en-us"> <title>Products to be listed on the web site for the month of</title> </head> <body> Products to be listed on the web site for the month of <select size="1" name="MONTH"> <option selected>PICK MONTH</option> <option>1-JANUARY</option> <option>2-FEBUARY</option> <option>3-MARCH</option> <option>4-APRIL</option> <option>5-MAY</option> <option>6-JUNE</option> <option>7-JULY</option> <option>8-AUGUST</option> <option>9-SEPTEMBER</option> <option>10-OCTOBER</option> <option>11-NOVEMBER</option> <option>12-DECEMBER</option> </select> <select size="1" name="YEAR"> <option selected>PICK YEAR</option> <option>2010</option> <option>2011</option> <option>2012</option> <option>2013</option> <option>2014</option> <option>2015</option> </select></p> <p><input type="checkbox" name="PumpkinSB" value="ON"> Pumpkin Price increase to <input type="text" name="PriceIncreaseTo151" size="20" value="$"></p> <p><input type="checkbox" name="PumpkinWalnutSB" value="ON"> Pumpkin Walnut Price increase to <input type="text" name="PriceIncreaseTo152" size="20" value="$"></p> <p><input type="checkbox" name="RaspberrySB" value="ON"> Raspberry Price increase to <input type="text" name="PriceIncreaseTo153" size="20" value="$"></p> <p> </p> <p> </p> <p> <?php function spamcheck($field) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field=filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if(filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_REQUEST['email'])) {//if "email" is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['email']); if ($mailcheck==FALSE) { echo "Invalid input"; } else {//send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail("myemail@mia.net", "Subject: $subject", $message, "From: $email" ); echo "Thank you for using our mail form"; } } else {//if "email" is not filled out, display the form echo "<form method='post' action='mailform.php'> Email: <input name='email' type='text' /><br /> Subject: <input name='subject' type='text' /><br /> Message:<br /> <textarea name='message' rows='15' cols='40'> </textarea><br /> <input type='submit' /> </form>"; } ?> </p> </form> </body> </html> how to update the record of one table in which condition is that the it should similar to the other table feild only. e.g field of table1 will update only when the feild1 of table1 is equal to field2 of table2 in php?? while im using following command mysql_select_db("db1",$con); $query = "SELECT table2.feild1 , table2.feild1 " . "FROM table2, table1 " . "WHERE table1.feild2 = table2.feild1 "; $data = mysql_query($query) or die(mysql_error()); $sql="UPDATE table2 SET feild2='$_POST[value2]', feild3='$_POST[value3]' WHERE table1.feild2 = $data "; I wish to use the code from the following page that can be used to check if an uploaded image is an animated GIF: http://stackoverflow.com/questions/280658/can-i-detect-animated-gifs-using-php-and-gd Here is the function: function is_ani($filename) { if(!($fh = @fopen($filename, 'rb'))) return false; $count = 0; //an animated gif contains multiple "frames", with each frame having a //header made up of: // * a static 4-byte sequence (\x00\x21\xF9\x04) // * 4 variable bytes // * a static 2-byte sequence (\x00\x2C) // We read through the file til we reach the end of the file, or we've found // at least 2 frame headers while(!feof($fh) && $count < 2) $chunk = fread($fh, 1024 * 100); //read 100kb at a time $count += preg_match_all('#\x00\x21\xF9\x04.{4}\x00\x2C#s', $chunk, $matches); fclose($fh); return $count > 1; } Am I right in saying that there are curly brackets missing after the while line? The indenting indicates that both of the 2 following lines should be included in the while loop, but the lack of curly brackets mean that only the line beginning with $chunk is included in the loop. The code actually seems to work with and without the curly brackets. Does anyone understand this code well enough to know whether or not the curly brackets should be included? Thanks in advance. This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=306339.0 When I log in on my web-site it takes me to a php login-check page This is the error code that I am getting; Quote Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26 This is the php code that i am using; Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="deliverpizza"; // Database name $tbl_name="customer, admin, staff"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_privelage.php"); } else { } ?> I am writing a code using jquery in a php page to check the username availabiltiy,but getting error ie every time username is available is the message i am getting. the code is $(document).ready(function() { $("#username").blur(function() { //remove all the class add the messagebox classes and start fading $("#msgbox").removeClass().addClass('messagebox').text('Checking...').fadeIn("slow"); //check the username exists or not from ajax //$.post("themes/user_availability.php",{ username:$(this).val() } ,function(data) $.post("themes/user_availability.php",{username:$(this).val() } ,function(data) { if(data=="no") //if username not avaiable { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('This User name Already exists').addClass('messageboxerror').fadeTo(900,1); }); } if(data=="yes") { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('Username available to register').addClass('messageboxok').fadeTo(900,1); }); } }); }); }); php file user_availability.php <?php $login=$_POST['username']; $sql="select username from web_payregister where username='$login'"; $result=mysql_query($sql); if(mysql_num_rows($result)>0){ echo "no"; }else{ echo "yes"; } ?> |
|||||||